Develop Reference

Error when running query against a calculated SQL model from server script in AppMaker

When trying to perform a query on a SQL calculated (Cloud SQL) model from server script, I get "Error: Unsupported datasource type: SQL" and it points to the line where I call run() on the query object.
I don't see anything in the documentation saying it's not possible to perform that kind of query (I'm not using the keywords property in the SQL query, it's only pure SQL with GROUP BY, LEFT JOIN, SORT BY...).
var moreRecentDocsQ = app.models.more_recent_docs.newQuery(); // `more_recent_docs` is a SQL calculated model
var moreRecentDocs = moreRecentDocsQ.run(); // this throws the error
From front-side, I'm able to retrieve the items of this calculated model without problems (using app.datasources.more_recent_docs.load()).
Anyone facing this issue ?
Thanks for your help

Currently calculated SQL datasource can't be called from Server Script due to a bug. We'll work on the fix.
The only workaround to run arbitrary SQL I can think of is to use Apps Script Jdbc service.
Sorry for the inconvenience.

Oracle Database and .NET (C#) - How to prevent SQL Injections

I'll use a select in asp.net page which i.e:
string name=TexBox1.Text;
string pas=TextBox2.Text;
string c="select * from users where name='"+name+"' and password ='"+pas+"'";
İs there any methods to preventing sql injections.

First, you must validate the input data in your code and then use it like parameters..
because if occurs an unhandled exception and you are returning sensitive data like "connection strings" you are giving usefull information like "Column" and "Table"names and that is dangerous.
Second, add a "Data Access Layer" to handle your code not in "Code Behind". You can use "Store Procedures" and call them from your code, using this way you hide the query of the programming logic and only pass parameters to the store preocedure and he do the job and you only return the error in the case that a exception occurs.
This preventions are the basics in a small application but exists many others way to avoid SQL Injections.

How can I check for a nil="true" value on XML that is passed back from webservice call?

I am receiving xml from a webservice call that contains a nil="true":
<cacheEntry>
<systemFK nil="true"/>
</cacheEntry>
I used the Flex DataService (webservice) wizard to create the service objects for the cacheEntry component. This object will be serialized later on a different webservice call and stored in a database.
I set a breakpoint on the set SystemFK method in the service object. It appears that the value passed in was an empty string!
Allowing this value to be an empty string will cause problems in the webservice implementation in Java on the other side. Since the database value was null it is expecting a null in return, If I avoid setting this value, the serviceObject should send back a null which will make the database happy.
My question is: How can I detect that a nil = true is present in the XML in order to avoid setting this value?

For some reason the ActionScript XML parsers don't know about Booleans. Without seeing the code that got generated for you, my guess is that somehow you're getting the string "true", instead of true, and that's what's causing your problem.
Make changes to the accessors to act as if #nil comes from the XML as a string, and then convert to Boolean manually.

ASP.NET - displaying business layer errors in the presentation layer

Currently in the ASP.NET application I'm developing, basic validations (ie required fields) are being done in the Presentation Layer, using Validators and a ValidationSummary. This is working great for me specifically since the ValidationSummary will display multiple error messages (assuming multiple Validators are set to invalid).
I also have some validations being done in the business layer - due to their complexity (and data service layer reliance) I'd rather not keep them in the presentation layer. However, I'm not sure the best way to send these back to the presentation layer for display to the user. My initial consideration is to send back a List<string> with failed validation messages and then dynamically create a CustomValidator control (since apparently you can only bind one error message to one Validator control) for each error to show in the ValidationSummary when there are any.
I'm assuming I'm not the first one to come across this issue, so I'm wondering if anyone has any suggestions on this.
Thanks!

There are essentially two ways to do this: either by passing back an error code/object from your business layer, or throw out an exception. You can also combine both.
For an example, you can take a look SqlException class. When you send a SQL to SQL Server, it runs a query parser to parse your SQL first. If it sees syntax error, then it will throw out a SqlException and terminate the query. There may be multiple syntax errors in your query. So SqlExeption class has an Errors property that contains a list of errors. You can then enumerate through that list in your presentation layer to format your error message, probably with a CustomValidator.
You can also simply just return the error list without throwing an exception. For example, you can have your function to return a List in case at least one error occurred and return null in case the call was successful. Or you can pass List as an argument into your function. They are all fine, it all depends on which way you feel is more convenient. The advantage of throwing out an exception is it unwinds multiple call frames immediately, so you don’t have to check return value on every level. For example, if function A calls function B , B calls function C, C sees something wrong, then if let C to return an error object (or error code), then B has to have code to check whether C returned an error and pass that error code/value back, A have to check it as well ---- you need to check it on every level. On the other hand, if you just let C to throw an exception, then the code goes straight to the exception handler. You don’t have check return values on every level.

Linq to Sql - Set connection string dynamically based on environment variable

I need to set my connection string for Linq to Sql based on an environment variable. I have a function which will return the connection string from the web.config based on the environment variable, but how do I get Linq to always use this "dynamically created" connection string (preferably without having to specify it every time)?
I know I can specify the connection string using the constructor, but how does that work when using the datacontext in a LinqDataSource?

Use:
MyDataClassesDataContext db = new MyDataClassesDataContext(dynamicConnString);
For a LinqDataSource, intercept the ContextCreating event and create the DataContext manually as above:
protected void LinqDataSource_ContextCreating(object sender, LinqDataSourceContextEventArgs e)
{
e.ObjectInstance = new MyDataClassesDataContext (dynamicConnString);
}
From MSDN:
By default, the LinqDataSource control
creates an instance of the type that
is specified in the ContextTypeName
property. The LinqDataSource control
calls the default constructor of the
data context object to create an
instance of the object. It is possible
that you have to use a non-default
constructor or you have to create an
object that differs from the one
specified in the ContextTypeName
property. In that case, you must
handle the ContextCreating event and
manually create the data context
object.

Open up the LINQ to SQL designer, and open the Properties tab of the designer (the schema itself), expand Connection and set Application Settings to False. Save.
Close that down and open up your DataContext designer file (dbml_name.designer.cs) and alter the DataContext constructor. You will immediately notice how your connection string decided to jump in here as you turned off application wide settings. So the part to focus on here is altering the base() inheritor. Renaming ConnString” below to suit your own. I also noticed a DatabaseAttribute on the class which I don’t think plays a big part and has any implications on the connection settings. You will also need a reference to System.Configuration:
public dbDataContext() : base(ConfigurationManager.ConnectionStrings["MyConnString"].ConnectionString, mappingSource)
Open the App.config or Web.config featured in the project where your LINQ to SQL classes reside, and rename the connection string to what you defined as “MyConnString“.
You now must Cut the entire entry with name change and Paste it into either the App.config or Web.config of the application which is to access the data, such as a web application, Silverlight, WPF, WCF etc. It is important that you alter the configuration file of the calling application which is to access the data, as the ConfigurationManager defined in your LINQ to SQL classes will look for the .config file from where the calling application is executing from, no matter where your LINQ to SQL classes have been Defined. As you can see, it works a little differently from before.
Now Right Click and open the Properties on your DAL or project containing your LINQ to SQL classes and remove the connection string “Application Setting” reference on the Settings tab.
Rebuild. You’re all done, now just do a Find in Files check for perhaps your database name that you know was featured in the connection string to check for any stragglers, there shouldn’t be any.

The DataContext class has a constructor that takes in a connection string.

you can change the connection string dynamically if you will implement the OnCreated() function. This function is a partial function and it can be implemented in seperate file other than where you dbml exists.
for detail please see this article
http://aspilham.blogspot.com/2011/01/how-do-i-set-connection-string-in-linq.html