 |
|
Apologies for the shouting but this is important.
When answering a question please:
- Read the question carefully
- Understand that English isn't everyone's first language so be lenient of bad spelling and grammar
- If a question is poorly phrased then either ask for clarification, ignore it, or mark it down. Insults are not welcome
- If the question is inappropriate then click the 'vote to remove message' button
Insults, slap-downs and sarcasm aren't welcome. Let's work to help developers, not make them feel stupid.
cheers,
Chris Maunder
The Code Project Co-founder
Microsoft C++ MVP
|
|
|
|
|
For those new to message boards please try to follow a few simple rules when posting your question.- Choose the correct forum for your message. Posting a VB.NET question in the C++ forum will end in tears.
- Be specific! Don't ask "can someone send me the code to create an application that does 'X'. Pinpoint exactly what it is you need help with.
- Keep the subject line brief, but descriptive. eg "File Serialization problem"
- Keep the question as brief as possible. If you have to include code, include the smallest snippet of code you can.
- Be careful when including code that you haven't made a typo. Typing mistakes can become the focal point instead of the actual question you asked.
- Do not remove or empty a message if others have replied. Keep the thread intact and available for others to search and read. If your problem was answered then edit your message and add "[Solved]" to the subject line of the original post, and cast an approval vote to the one or several answers that really helped you.
- If you are posting source code with your question, place it inside <pre></pre> tags. We advise you also check the "Encode "<" (and other HTML) characters when pasting" checkbox before pasting anything inside the PRE block, and make sure "Use HTML in this post" check box is checked.
- Be courteous and DON'T SHOUT. Everyone here helps because they enjoy helping others, not because it's their job.
- Please do not post links to your question into an unrelated forum such as the lounge. It will be deleted. Likewise, do not post the same question in more than one forum.
- Do not be abusive, offensive, inappropriate or harass anyone on the boards. Doing so will get you kicked off and banned. Play nice.
- If you have a school or university assignment, assume that your teacher or lecturer is also reading these forums.
- No advertising or soliciting.
- We reserve the right to move your posts to a more appropriate forum or to delete anything deemed inappropriate or illegal.
cheers,
Chris Maunder
The Code Project Co-founder
Microsoft C++ MVP
|
|
|
|
|
I'm trying to determine if the following SQL query represents someone trying to pull information (regardless of what the information is - title, ID, message etc) from all the forum users' unread PMs:
SHOW COLUMNS FROM mybb_users LIKE 'unreadpms'
Is this the case, and why/why not?
|
|
|
|
|
Might be the case, but since it is far from being a valid SQL statement, I would not even worry if this person was sitting behind my machine using SQL Management Studio.
Not even if the other screen would show the MSDN page explaining the syntax for a SELECT statement.
Bastard Programmer from Hell 
If you can't read my code, try converting it here[^]
|
|
|
|
|
Excuse my writing of the statement, it's probably my fault it's not formatted correctly, I'm not that familiar with SQL, I'm just trying to determine if there's a security/privacy issue of someone possibly accessing unread PMs of the forum users.
I suppose another way of saying this, is the query a generic query you'd expect in a mybb forum database, or could it possibly be used to list (maybe not the contents but like a directory or list of PMs that they can then pick out which take their interest) unread PMs that could then be read manually?
|
|
|
|
|
Member 12662448 wrote: I'm just trying to determine if there's a security/privacy issue of someone possibly accessing unread PMs of the forum users.
Yes, by looking at the queries. The query itself won't be showing intent. It may be malicious, it may just be a dev that is testing. Problem is that you do not know the origin.
The fact that you are looking at them implies to me that you do not trust the security of the database, to which I'd have to agree. Instead of looking at a logbook who was in your house, one should be checking the lock and which users have keys. If you are confident about the lock and keys, then it makes little sense to go ask the person who entered the house what their intent is.
If the data is saved in a readable format, then yes, anyone with access to the table could read it. It does not matter what data it is - goes for (read) PM's as well as other tables.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
SHOW COLUMNS FROM is to get Information about the table structure and not to query data from a table. Detailed information about it you can find i.e. here:MySQL :: MySQL 5.7 Reference Manual :: 14.7.5.5 SHOW COLUMNS Syntax[^]
I assume you like to query data from the table. For this you Need to do something like this:
SELECT title, ID, message, etc...
FROM mybb_users
WHERE Status = 'unreadpms'
In the above I used Status, which you need to replace with the fieldname you are using to store the Information 'unreadpms'.
I hope it helps.
|
|
|
|
|
I suppose what I'm trying to say is, is it trying to access unread PMs in some way?
I understand it might not be pulling the data directly from the PMs verbatim, but in displaying the table structure, would it be showing a list of unread PMs that, say, someone could then access?
|
|
|
|
|
Not sure, whether I get your point. Do you mean something like"Return all PM's which never have been accessed/read by an SQL- SELECT"?
|
|
|
|
|
I am sharing online http://taodanit.com/database-design-and-implementation/
|
|
|
|
|
|
Richard Deeming wrote: It looks like somebody is trying to find and exploit a SQL Injection vulnerability in your site:
I don't see anything in there to escape the current command executed.
You could still be correct, in line with post #2; if the connection-string is exposed, anyone could use that to issue commands. It would be something used to explore the database, which could still be valid use -
More questions; is there a table with that name? Have there been other commands from the same source? Could it have been generated by a tool? (Ever seen what traffic SQLSMS causes?) 
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Hi there,
as the title already say, I'm searching for the right database for my use case which should work with the following data:
- 2 key/value "tables"
One which holds a string as key and a normal number as value, the second table should hold also a string as key and a string as value.
The first table should hold billions of string/number values, the second one should hold millions of string/string values. So there should be stored a huge amount of data.
The only operations I need to do are the following
- constantly add new entries in both tables
- before adding a new entry, check if the key (string) is already stored
- search for entries which share the same key in both tables. In a relational DB I would execute this statement (select * from tab1, tab2, where tab1.key = tab2.key) -> This search should be as fast as possible.
I'm experienced in any kind of relational DB like oracle, mssql, mysql, postgresql....
As key/value database I only used redis so far.
I think my use case is not good for relational databases. Some NoSQL databases meight be a better choice. Redis is not good as it is an in memory DB with data size limits of the physically memory. As I'm using lot of data I need something else.
Which database would you recommend in my case?
I'm excited to hear your suggestions.
Thank you for your help and have a nice day,
Kogs
|
|
|
|
|
|
Thanks for your suggestion.
I did some research and it looks that SQLite can handle big data very well. So this could work for me.
Nevertheless I think simple key/values store databases meight be faster. But I can also be wrong as I don't have much experience with NoSQL DBs.
|
|
|
|
|
Quote: I think my use case is not good for relational databases
Why you are thinking a relational db is wrong here? For me it looks like a rdb fits very good.
For example:
Quote: before adding a new entry, check if the key (string) is already stored
For this you can define the key as Primary or at least Unique. So, before insert you do not Need to check whether it is allready in. Simply insert, the db will tell you then, whether it was allready in. The Advantages: No multiply checks for unique values(one from you explicit, one from DB while checking constraints) and last but not least, no race condition.
[Edit]
One Thing more, MS SQL with its "Clusterd Index" fits Performance whise perfect for key/value pair.
There is only one Thing: "billions of string/number values" looks like you can not go for the free Version because of restricted db size.
modified 28-Jul-16 2:45am.
|
|
|
|
|
Thanks for your answer.
I just thought that a key/values store meight be a better solution. They are usually designed to be fast with key/values... But I'm not very experienced with NoSQL DBs, so I meight be wrong with this.
If I use a relational db I know how to use PK. For the first table I still need to read it first, because if the key already exists, I also need to update the value of this entry. For the second table it would work just to let the DB check the constraint if the entry already exists or not.
MS SQL is not my first choice, because I also want it to work on Linux systems as well.
|
|
|
|
|
Some points to consider:
- are your keys case-sensitive? In MS SQL, string comparison is normally not case-sensitive, while with postgres or Oracle it is.
- what is the relation ship between the two tables? Do I understand you correctly that there are keys which exist in Table1 only, and other keys which exist in Table2 only?
- do you need some kind of reporting? I.e. how many different keys can be found for a value for keys exiting in both or only one table. Complex aggregation queries work fastest in MS SQL or Oracle, while mysql copes with simple aggregations only (but with two tables, that should still be ok).
- What would you do if a key to be added already exists? Update the record or throw an exception?
|
|
|
|
|
Thanks for your reply.
- the keys are all in uppercase in both tables, so a case sensitive match works perfect.
- The first table is the leading data store, the second table is more or less a lookup table. I want to check which entries in the lookup table exists also in the data store table.
- I don't need to search for any values, I need to search only for keys.
- If a key in the first table already exists, I need to update the value (increase the value)
- If a key in the second table already exists, nothing happens, just continue with the next one. But inserting doublicated entries in the secend table are extremly unlikely, so there is no need to check them. It's no problem if for some reason there are really doublicates, to add them twice. But if I use a rdbms and define the key as PK, this check is done automatically.
I will give it a try with a rdbms (not MS SQL because I want it to be available also on Linux systems).
But I'm wondering if a simple NoSQL DB (simple key/value) store meight not be faster in this case. I don't have much experience with NoSQL dbs, but I think they exist for a reason. And I want a really lightning fast solution 
But if you think a normal sql db can be as fast (or faster) than I give it a try.
|
|
|
|
|
Your first point isn't a dealbreaker, it's easy enough to change collation in Sql Server or NLS-settings on an Oracle db.
|
|
|
|
|
Hi,
Im trying to make a ssis to load data from dynamic excel file that store in the folder. i've try every totorial but it still give me the error like this
[Connection manager "Excel Connection Manager"] Error: The connection string format is not valid. It must consist of one or more components of the form X=Y, separated by semicolons. This error occurs when a connection string with zero components is set on database connection manager.
Error: The result of the expression "@[User::FileName]" on property "\Package.Connections[Excel Connection Manager].Properties[ConnectionString]" cannot be written to the property. The expression was evaluated, but cannot be set on the property.
1. DelayValidation is set true.
2. Excel Connection String is set as
Provider=Microsoft.ACE.OLEDB.12.0;Data Source=D:\folde\Data\Book2.xlsx;Extended Properties="EXCEL 12.0 XML;HDR=YES";
that i store in variable
please advice.
thanks,
Vinny
|
|
|
|
|
Does the file "D:\folde\Data\Book2.xlsx" exist?
|
|
|
|
|
|
Just a thought. Maybe the connection string parser is being upset by the = inside the extended properties string.
Can you try without HDR=YES just to see if that is the problem?
Cheers,
Peter
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
its give me another error
Error 3 Microsoft.SqlServer.Dts.Runtime.DtsRuntimeException: The package failed to load due to error 0xC0011008 "Error loading from XML. No further detailed error information can be specified for this problem because no Events object was passed where detailed error information can be stored.". This occurs when CPackage::LoadFromXML fails. ---> System.Runtime.InteropServices.COMException: The package failed to load due to error 0xC0011008 "Error loading from XML. No further detailed error information can be specified for this problem because no Events object was passed where detailed error information can be stored.". This occurs when CPackage::LoadFromXML fails. at Microsoft.SqlServer.Dts.Runtime.Wrapper.IDTSPackagePersist100.LoadPackageFromXML(Object vSource, Boolean vbSourceIsLocation, IDTSEvents100 pEvents) at Microsoft.SqlServer.Dts.Runtime.Package.LoadFromXML(String packageXml, IDTSEvents events) --- End of inner exception stack trace --- at Microsoft.SqlServer.Dts.Runtime.Package.LoadFromXML(String packageXml, IDTSEvents events) at Microsoft.SqlServer.Dts.Runtime.Project.LoadPackage(IProjectStorage storage, Package package, String streamName, IDTSEvents events) at Microsoft.SqlServer.Dts.Runtime.PackageItem.Load(IDTSEvents events) at Microsoft.SqlServer.Dts.Runtime.PackageItem.get_Package() at Microsoft.DataTransformationServices.Project.DataTransformationsProjectBuilder.IncrementalBuildThroughObj(IOutputWindow outputWindow) at Microsoft.DataTransformationServices.Project.DataTransformationsProjectBuilder.BuildIncremental(IOutputWindow outputWindow) 0
but, when i put HDR=YES the error was change. it says neesd new metadata, its seem like i have different format of file. event thought the file was the same.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
