I think C# has a bug because its being retarted.


using System;
using System.Linq;
using System.Windows.Forms;
namespace Transaction{
public partial class frmInventoryItems:Form {
public frmInventoryItems() {
InitializeComponent();
}
private void buttonRefresh_Click(object sender, EventArgs e) {
TDataContext dContext = new TDataContext();
dContext.InventoryItems InvItems = from i in dContext.InventoryItems select i;
}
}
}


I get an error on the red item, but the green item works just fine. That is impossible, and it is declared right above this line. There's no reason it should give an error. Even when I type a . after the red item I still get the popup list with the fields that belong to it.


The type or namespace name 'dContext' could not be found (are you missing a using directive or an assembly reference?) 13

I think C# has a bug because its being retarted.


Actually the entire problem lies YORU code.

Look at the message:

The type or namespace name 'dContext' could not be found


Your code has a variable named dContext.

So your are attempting to define a NEW Variable "InvItems" of TYPE "dContext.InventoryItems", but we have already determined that dContext is NOT a TYPE!!!!!!

Edited by Admin: Personal comments removed.

Well anyway I wouldnt use LINQ because its just an easy way for someone to hack your program. An example from MSDN


protected void buttonSearch_Click(object sender, EventArgs e)
{
using (NorthwindDataContext context = new NorthwindDataContext())
{
var customers = from c in context.Customers where (
c.ContactName.Contains(textBoxCustomerName.Text.Trim()) &&
c.CompanyName.Contains(textBoxCompanyName.Text.Trim())) select c;
gridViewCustomers.DataSource = customers;
gridViewCustomers.DataBind();
}
}


Using data directly from a text box into a SQL query? LOL can someone say injection hacking? No one MS products always get hacked.

Well anyway I wouldnt use LINQ because its just an easy way for someone to hack your program. An example from MSDN


protected void buttonSearch_Click(object sender, EventArgs e)
{
using (NorthwindDataContext context = new NorthwindDataContext())
{
var customers = from c in context.Customers where (
c.ContactName.Contains(textBoxCustomerName.Text.Trim()) &&
c.CompanyName.Contains(textBoxCompanyName.Text.Trim())) select c;
gridViewCustomers.DataSource = customers;
gridViewCustomers.DataBind();
}
}


There is NO "Using data directly from a text box into a SQL query?"

There is NO[B] susceptability to "injection hacking?"

The simplicity of the above code, combined with the INHERENT safety is a large part of the benefit of LINQ-TO-SQL. (FYI: LINQ itself has NOTHING to do with SQL or any other database!)
You are simply [B](AGAIN) showing your ignorance [three in a row...going for a record?]

"It is never the compiler" :)

the C# compiler has been tested much more than your code has and was written by very bright programmers. When you get to the point that you are blaming the compiler, just stop and blame yourself all over again.

"It is never the compiler" :)


Never, say never...Otherwise I will lose my dream of winning a million dollarys in Wednesday's drawing, and again on Saturday, and again on next Weds.

Anything is possible, but there are some things we just should not count on....

ps: BigEd781...why don't you have private messaging enabled???

You're right, never say never. I say never because I have *almost* come to the point of blaming the compiler, and I had to remind myself that that is probably wrong and it is almost certainly my fault. It was, every time.

I enabled private messages. I didn't know they were disabled by default. thanks.

you guys have made ITT guy to think twice about posting in here.
of course you blame the rest of teh world when you cant figure it out.
this is a normal human behaviour.

this is a normal human behaviour


I hope not !

If I drive my car into a lampost, I don't generally blame the lampost.

Darwen.

If I drive my car into a lampost, I don't generally blame the lampost.


So you probably did not hear of a lady who sued microwave oven manufacturer AND WON because she killed her cat when she attempted to dry it in microwave. Or about some dude who sued car manufacturer AND WON, because he was so dense that he could not distinguish between cruise control and auto-pilot :D

Or maybe these are just urban legends?

So you probably did not hear of a lady who sued microwave oven manufacturer AND WON because she killed her cat when she attempted to dry it in microwave. Or about some dude who sued car manufacturer AND WON, because he was so dense that he could not distinguish between cruise control and auto-pilot


That was exactly my point. Do these people appear to be acting rationally ? They don't to me.

Blaming everyone and everything else for one's own mistakes is irrational behaviour. If it were not the examples you've just given would be considered ordinary.

Or at least I hope so...

Darwen.

So you probably did not hear of a lady who sued microwave oven manufacturer AND WON because she killed her cat when she attempted to dry it in microwave. Or about some dude who sued car manufacturer AND WON, because he was so dense that he could not distinguish between cruise control and auto-pilot :D

Or maybe these are just urban legends?

To the best of my knowledge both are Urban Legends. Although....

1) Do not discount companies who will settle a claim simply because it is cheaper than defending themselves in court. Technically this does not mean that they "Won", but more that it never came to trial, so they did not "Lose" (of course their bank account DID win!)

2) There definately ARE some strange decisions made by the courts (speaking from a USA perspective)....

3) SOme cases which appear "insane" on the surface are "skewed" by the media do gain attention. There may be underling "viable" reasons...

Well anyway I wouldnt use LINQ because its just an easy way for someone to hack your program. An example from MSDN


protected void buttonSearch_Click(object sender, EventArgs e)
{
using (NorthwindDataContext context = new NorthwindDataContext())
{
var customers = from c in context.Customers where (
c.ContactName.Contains(textBoxCustomerName.Text.Trim()) &&
c.CompanyName.Contains(textBoxCompanyName.Text.Trim())) select c;
gridViewCustomers.DataSource = customers;
gridViewCustomers.DataBind();
}
}
Using data directly from a text box into a SQL query? LOL can someone say injection hacking? No one MS products always get hacked.


sql injections can happen anywhere. you can write an SQL statement the same way, you can pass parameters to a sproc the same way. you can shoot your foot off the same way.


poor coding has nothing to do with a language feature. It has to do with the programmer's inability to write good code; or even think for that matter.

Well anyway I wouldnt use LINQ because its just an easy way for someone to hack your program. An example from MSDN


protected void buttonSearch_Click(object sender, EventArgs e)
{
using (NorthwindDataContext context = new NorthwindDataContext())
{
var customers = from c in context.Customers where (
c.ContactName.Contains(textBoxCustomerName.Text.Trim()) &&
c.CompanyName.Contains(textBoxCompanyName.Text.Trim())) select c;
gridViewCustomers.DataSource = customers;
gridViewCustomers.DataBind();
}
}


Using data directly from a text box into a SQL query? LOL can someone say injection hacking? No one MS products always get hacked.

I would suggest you do a little more research into what LINQ actually is before posting about it again.

Never, say never...Otherwise I will lose my dream of winning a million dollarys in Wednesday's drawing, and again on Saturday, and again on next Weds.

Anything is possible, but there are some things we just should not count on....
:D:lol::lol::D I really nearly falling from the chair. Hey you just have won CPUWizard - But dont forget to play:mad: Or how should god do his work :rolleyes:

sql injections can happen anywhere. you can write an SQL statement the same way, you can pass parameters to a sproc the same way. you can shoot your foot off the same way.


1) They can NOT happen "anywhere" they can only occur if you are dynamically building SQL Statements.

Therefore

a) The code you quoted CAN NOT have a SQL Injection Attach Exposure.

b) An application using exclusively stored procedures also CAN NOT BE WRITTEN such that the APPLICATION exposes the database to SQL Injection. [This does NOT preclude errors on the part of the DBA writing the stored procedures, but that is not done in the context of the Application or even (in 99.99% of the cases) in managed code of any language.

they can happen anywhere refers to programmers ability to eff up code where ever they program, and not referring to a specific situation

No this is the C# forum, and the post in question is about LINQ and SQL Injections specifically. What other programmers can do in other situations is not the topic of discussion. And there is NO possibility of SQL Injection with LINQ-TO-SQL.

<snip> I know of many situations where you asserted false statements. </snip>


If I post something false, and become aware of it, it has always been my policy to go back and ANNOTATE the existing information directing the user to the correct information (not editing the thread to destroy integrity of the posts).

If I have missed any, then my apologies, and please feel free to point them out to me (not on this thread) so I can address them.

Negative personal comments are a violation of this site's Acceptable Usage Policy. Please avoid them. Personal issues can be discussed in PMs or elsewhere, but not on the public forums.

Let's get back to the focus of the thread and keep it professional.

Please do not respond publicly to this post. Please stay on topic going forward.

Thanks all.

Brad!
Site Admin