p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   BOOK: Beginning ASP.NET 2.0 and Databases (http://p2p.wrox.com/forumdisplay.php?f=276)
-   -   Ho can i name the database dynamicly (http://p2p.wrox.com/showthread.php?t=72099)

bex January 6th, 2009 08:15 AM

Ho can i name the database dynamicly
 
Hi I need to create a database that takes the name from the textbox so far i have this one
Code:

Dim conn AsNew SqlConnection(ConfigurationManager.ConnectionStrings("test").ConnectionString)
conn.Open()
 
Dim Cmd AsNew SqlCommand("Create Table TestTable(ID Int,Name Varchar(50))", conn)
Cmd.CommandType = CommandType.Text
Cmd.ExecuteNonQuery()
conn.Close()

this will create a table called TestTable i need to change the TextTable Dynamicly depending on woat is in the text box


thanks

dparsons January 6th, 2009 10:38 AM

Well which do you need to do: create a database or create a table?

In any event you would want to do something like this:

vb Code:
Dim Cmd AsNew SqlCommand("Create Table " & textbox1.Text & " (ID Int,Name Varchar(50))", conn)


Obviously by doing things this way you open yourself up all sorts of SQL Injection attacks so sanitize accordingly.

hth.
-Doug

bex January 6th, 2009 11:56 AM

I Need to create tables The controll is going to be used only by the administrator is that still a potential security risk?
one more thing How can i insert a value into the table?
something like this
Code:



Dim Cmd AsNew SqlCommand("Create Table " & textbox1.Text & " (ID Int,Name Varchar(50))", Insert Into " & textbox1.text & "),conn)


dparsons January 6th, 2009 12:04 PM

Any time you are working with Dynamic SQL there is the potential that something will go wrong, regardless if the only people using the tool are administrators!

If you want to continue using the same methodology that you are currently using I would probably do something like this:

vb Code:
Dim SQL as String
SQL = "CREATE TABLE " & textbox1.Text & " (ID Int,Name Varchar(50));"
SQL += "INSERT INTO " & textbox1.Text & "(ID, Name) VALUES(1, 'Name');"

Dim Cmd AsNew SqlCommand(SQL, conn)

What exactly are you doing that requires this type of functionality?

hth
-Doug

bex January 6th, 2009 12:24 PM

I was asked by my employer to build a project that he needed to create new tables from the browser and then assign to the users so they can retrive the data from those tables depending on what was assignet to them by the administrator.

Next thing i am going to ask you is gonna be how to assign spesific tables to spesific users

dparsons January 6th, 2009 12:33 PM

Hmmm. There is a myriad of ways to assign permissions to tables, how you do it is going to be up to you but this sounds like the making of a management nightmare. Since there is a 1:1 correlation between users and tables, you will have to create a table for every single user and, depending on how many potential users you have, the management of said tables becomes unwieldy. I would probably use a single database table for all users and then filter the data coming out of said table based on a given user.

I can not honestly think of a good secnario where I would want each website user to have their own single table in my database.

hth.
-Doug

bex January 6th, 2009 01:25 PM

yes i do agree but this is an intranet application whith max user 20 so the users are employees,what he wants is when an employee logs in he/she would see a costumised page pulling data from those tables the administrator will create.

dparsons January 6th, 2009 01:46 PM

Why not use a single table? It would be more effecient and less of a management nightmare. Plus, it would be much easier to do it that way then to try and maintain that X user has rights to Y table.

bex January 13th, 2009 08:36 AM

Hi i need to search the entier DatabaseFor spesific Column name and pull the data into a listbox.

abramengolas February 3rd, 2009 12:04 PM

Question
 
[:)]how to connect VB with Access via odbc?


All times are GMT -4. The time now is 04:20 AM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.