mrwarejr
asked on
Using text file to query SQL2005 db using vb.net
I'm writing an app in vb.net to read a text file containing an sql query.
I've tried accessing it directly
Public sqlfirstDbScript As String = "C:\scripts\First_db_scrip t.sql"
Dim commandFirstdbscript As New SqlClient.SqlCommand("EXEC sp_configure 'clr enabled', 1 RECONFIGURE", sqlconnection)
commandFirstdbscript.Comma ndType = CommandType.Text
commandFirstdbscript.Comma ndText = sqlfirstDbScript
commandFirstdbscript.Execu teNonQuery ()
But I get error in syntax near "\"
I have also tried using a StreamReader
Dim StreamfirstText As StreamReader
StreamfirstText = File.OpenText(sqlfirstDbSc ript)
'sqlstringStreamfirstText. Read()
Dim sqlstring As String = StreamfirstText.ReadToEnd
I've tried accessing it directly
Public sqlfirstDbScript As String = "C:\scripts\First_db_scrip
Dim commandFirstdbscript As New SqlClient.SqlCommand("EXEC
commandFirstdbscript.Comma
commandFirstdbscript.Comma
commandFirstdbscript.Execu
But I get error in syntax near "\"
I have also tried using a StreamReader
Dim StreamfirstText As StreamReader
StreamfirstText = File.OpenText(sqlfirstDbSc
'sqlstringStreamfirstText.
Dim sqlstring As String = StreamfirstText.ReadToEnd
ASKER
The query runs fine from QueryAnalyzer. I understand about the 'injection' attack. Here's the process.
Database Primary-A is the main db for a web app.
Nightly a database backup set NewDb-B.bak the transferred to the server containing updated data for Primary-A. NewDb-B is from another Corporate app. There are to sql scripts that must be run to create storedprocs needed by the application that will actually process and update the records. These must added nightly since the NewDB.bak that is transferred doesn't contin them.
They are pretty long so I didn't want to tspend the time of breaking down each line to put it into a string.
Database Primary-A is the main db for a web app.
Nightly a database backup set NewDb-B.bak the transferred to the server containing updated data for Primary-A. NewDb-B is from another Corporate app. There are to sql scripts that must be run to create storedprocs needed by the application that will actually process and update the records. These must added nightly since the NewDB.bak that is transferred doesn't contin them.
They are pretty long so I didn't want to tspend the time of breaking down each line to put it into a string.
ASKER
I should have added. The app I'm currently will
1. unzip the downloaded file <--works
2. Restore it to the SqlServer instance <--works
3. Add a user <--works
4. Run 2 sql scripts to create sp's <---Busted part
5. Run update program
1. unzip the downloaded file <--works
2. Restore it to the SqlServer instance <--works
3. Add a user <--works
4. Run 2 sql scripts to create sp's <---Busted part
5. Run update program
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You know you are opening yourself up for whats generally termed an 'injection' attack here. Someone could put 'TRUNCATE TABLE ImportantTable' in the text file and run it.