Discussion :

[momoh]

Bonjour à tous,
voici mon problème, je suis entraint de créer une petite application web. Mon but avec ma requête paramétrée est d'éviter les injections sql.
Mais le problème c'est que lorsque j'execute mon code il me renvoie toujours l'erreur suivante pour la ligne 69 : Compiler Error Message: BC30205: End of statement expected.

Source Error:



Line 67:
Line 68: Dim solution As String
Line 69: Dim SqlCommand cmd As new SqlCommand ("UPDATE Intervention_Helpdesk SET solution = '"@solution"' , DateIntervention = '"& DateIntervention(ipadress) &"' where nom = '" & nom & "'")
Line 70: Dim Sql As String
Line 71: Dim ipadress As String

Est-ce que quelqu'un peut-il m'aider s'il vous plait?
Bien à vous.
voici mon code si cela peut aider :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
 
<%@ Page Language="VB" %>
<%@ Register TagPrefix="wmx" Namespace="Microsoft.Matrix.Framework.Web.UI" Assembly="Microsoft.Matrix.Framework, Version=0.6.0.0, Culture=neutral, PublicKeyToken=6f763c9966660626" %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>
<%@ import Namespace="System.Web.Mail" %>
<%@ import Namespace="System.IO" %>
<%@ import Namespace="System.DirectoryServices" %>
<%@ import Namespace="System.Configuration" %>
<%@ import Namespace="System.Net" %>
<%@ import Namespace="System" %>
<%@ import Namespace="System.Net.DNS" %>
<%@ import Namespace="System.ComponentModel" %>
<%@ import Namespace="System.Management" %>
<%@ import Namespace="System.Runtime.InteropServices" %>
<%@ import Namespace="System" %>
<%@ import Namespace="ActiveDs" %>
<%@ import Namespace="System.Text" %>
<%@ import Namespace="System.Net.NetworkInformation" %>
<%@ import Namespace="System.Net.Sockets" %>
<script runat="server">
 
    ' Insert page code here
     '
 
     Sub Page_Load()
 
 
 
                   Dim nom As String
 
                   nom = Request.Params("nom")
 
                   response.write("helpdesk for:"& nom)
 
                   SqlDataSourceControl1.ConnectionString="server='(local)'; trusted_connection=true; database='pspintranet'"
 
                   End Sub
 
     Sub Button2_Click(sender As Object, e As EventArgs)
     Dim nom As String
 
     nom = Request.Params("nom")
 
     Dim solution As String
     Dim SqlCommand cmd As new SqlCommand ("UPDATE Intervention_Helpdesk SET solution =  '"@solution"' , DateIntervention = '"& DateIntervention(ipadress) &"' where nom = '" & nom & "'")
     Dim Sql As String
     Dim ipadress As String
     solution = TextBox2.Text
     'Sql = "UPDATE Intervention_Helpdesk SET solution = '"& SQLQuote(solution) &"', DateIntervention = '"& DateIntervention(ipadress) &"' where nom = '" & nom & "'"
      cmd.Parameters.Add("@solution",SqlDbType.VarChar);
      Sql = SqlCommand
     SQLExecuteQueryConnect(Sql, SqlDataSourceControl1.ConnectionString)
     End Sub
 
 
    Function DateIntervention(ipadress As String)
 
    Dim co As ConnectionOptions = New ConnectionOptions()
    Dim i As integer
    Dim strDateIntervention as String
    Dim TestConnection As Boolean
    Dim nom As String
    nom = Request.Params("nom")
 
 
 
 
 
          With co
              .Impersonation = System.Management.ImpersonationLevel.Impersonate
              '* Use next line for XP
              .Authentication = System.Management.AuthenticationLevel.Packet
              '* Use next line for Win prior XP
              '.Authentication = System.Management.AuthenticationLevel.Connect
          End With
 
 
 
          co.Username = "Administrator"
          co.Password = "casarca632"
 
 
 
 
 
          Dim theScope As New ManagementScope("\\" & nom & "\root\cimv2",co)
 
 
 
          Dim theQuery As New System.Management.ObjectQuery("SELECT * From Win32_OperatingSystem ")
          Dim theSearcher As New ManagementObjectSearcher(theScope, theQuery)
 
          Try
 
          Dim theCollectionOfResults As ManagementObjectCollection = theSearcher.Get()
 
 
 
 
 
 
 
 
                  For Each currentResult As ManagementObject In theCollectionOfResults
                      strDateIntervention =  Left(currentResult("LocalDateTime").ToString(),8)
                      Next
 
                      Catch com_ex As System.Runtime.InteropServices.COMException When com_ex.ErrorCode = &H800706BA
                      'Response.write("Machines are unvailable:" & ipadress &"It may be off line or the firewallsettings are preventing the connection")
 
                      Catch ua_ex As System.UnauthorizedAccessException
                     ' Response.write("The Remote PC refused the connection This is most likely due to a permissions issue.")
                      'Catch wmi_ex As Exception When wmi_ex.Exception = Management.ManagementStatus.AccessDenied
                      'Response.write("You do not have sufficient privileges on the remote PC:" & ipadress)
                      Catch ex As Exception
                       If IsNothing(ex.InnerException) Then
                       Response.write("Could not get initial data")
                       Else
                       Response.write("Could not get initial data:" & ex.InnerException.Message)
                       End if
                       End Try
                       return strDateIntervention
 
 
 
                       End Function
 
 
 
         Function SQLExecuteQueryConnect(ByVal sqlQuery As String, sqlConnect as String) As String
 
                Dim a As String
              ' CREER LA CONNEXION
                Dim objConnect As New SqlConnection(sqlConnect)
                objConnect.Open()
 
              ' CREER LA COMMANDE
                Dim objCommand As New SqlCommand(sqlQuery, objConnect)
              ' EXECUTER LA COMMANDE
                a = objCommand.ExecuteNonQuery()
                Return a
 
              End Function
 
 
              Public Function SQLQuote(Chaine As String)
               SQLQuote = "'" & Replace(Chaine,"'","''") & "'"
              End Function
 
 
 
 
 
 
 
 
 
 
 
 
 
</script>
<html>
<head>
</head>
<body>
    <form runat="server">
        <p>
        </p>
        <p>
        </p>
        <p>
        </p>
        <p>
        </p>
        <p>
        </p>
        <p>
        </p>
        <p>
        </p>
        <p>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            &nbsp;&nbsp;&nbsp;
            <asp:TextBox id="TextBox3" runat="server"></asp:TextBox>
            &nbsp;
            <asp:Button id="Button3" runat="server" Text="Troubles"></asp:Button>
        </p>
        <p>
        </p>
        <p>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            <asp:TextBox id="TextBox1" runat="server"></asp:TextBox>
            &nbsp;
            <asp:Button id="Button1" runat="server" Text="Search"></asp:Button>
        </p>
        <p>
        </p>
        <p>
        </p>
        <p>
        </p>
        <p>
        </p>
        <p>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<asp:TextBox id="TextBox2" runat="server" Height="301px" Width="356px"></asp:TextBox>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        </p>
        <p>
        </p>
        <p>
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            &nbsp;
            <asp:Button id="Button2" onclick="Button2_Click" runat="server" Text="Submit"></asp:Button>
            <wmx:SqlDataSourceControl id="SqlDataSourceControl1" runat="server"></wmx:SqlDataSourceControl>
        </p>
        <!-- Insert content here -->
    </form>
</body>
</html>