I know that you can get the data of a table in a SAP Server with the function RFCDestination.Repository.GetTableMetadata(string tablename). Unfortunately I get an error when I try to execute the command. The weird thing is when I give a exisiting table I get a different error when I try something random as a tablename.
Existing table:
var x = dest.Repository.GetTableMetadata("TFTIT");
Error:
SAP.Middleware.Connector.RfcInvalidStateException: "cannot find TABLE specified by TFTIT"
Random tablename:
var x = dest.Repository.GetTableMetadata("Test123");
Error:
SAP.Middleware.Connector.RfcInvalidStateException: "metadata for TableOnly TEST123 not available: NOT_FOUND: No active nametab exists for TEST123"
I know there is a way to get the data of a table with the help of a function module but I need to use the GetTableMetadata function.
One cannot do so much wrong when calling RfcRepository.GetTableMetadata(string). Does your used user ID has the required RFC authorizations for repository queries as listed in SAP note 460089 (scenario 3)? If yes, this is maybe a bug in the NCo3 library or even in the ABAP backend. Do you use NCo's latest patch level? This is currently NCo 3.0.20.
If not, try updating the library first.
Otherwise I recommend to create an SAP support ticket for the first error message. The second error is normal when the specified table name does not exist.
Alternatively you may also try what happens if calling RfcRepository.GetStructureMetadata(string) for this table instead. The meta data for tables and structures is quite similar and the same remote function modules are used for the DDIC queries. Maybe this works. However, I think in the first place RfcRepository.GetTableMetadata(string) should work here.
I hope this helps.
What is the best way to handle an error that I believe a bot is appending bad information to a URL? Example: https://www.example.org/notes.aspx?id=15032386122&pn=15032386121'A=0
Currently the errors are being sent to an inbox, the page is using the value and throwing an "Input string was not in a correct format.". This is filling up the error inbox with useless emails.
I could check for invalid values and throw a new error type. Then based on the type determine if I should send an email. That seems frivolous and adds extra complexity.
So these days I am trying to work with the TFS API. So far it was good, but all of a sudden.. I want to retrieve specific story's work items and their respective information using a search by ID method to pick the correct story. In order not to miss some important information I am doing SELECT * in my queries. I get the story, I get the Tasks.. But there seems to be problem with few of the fields - namely AreaPath, IterationPath and Type. As a primitive check I've written down some Console prints to check what's good and what's not - so if I uncomment any of the three previously named on execution this exception is thrown: A first chance exception of type 'Microsoft.TeamFoundation.WorkItemTracking.Client.FieldDefinitionNotExistException' occurred in Microsoft.TeamFoundation.WorkItemTracking.Client.dll.
Here is what I am trying to print out:
Console.WriteLine(target.Fields["Title"].Value);
Console.WriteLine(target.Fields["Description"].Value);
Console.WriteLine(int.Parse(target.Fields["Id"].Value.ToString()));
Console.WriteLine(target.Fields["AreaPath"].Value); //Problem 1
Console.WriteLine(target.Fields["IterationPath"].Value); //Problem 2
Console.WriteLine(int.Parse(target.Fields["AreaId"].Value.ToString()));
Console.WriteLine(int.Parse(target.Fields["IterationId"].Value.ToString()));
Console.WriteLine(target.Fields["State"].Value);
Console.WriteLine(target.Fields["Type"].Value.ToString()); //Problem 3
With or without ToString() nothing really changes.
Any suggestions ?
EDIT: They are not null, I've checked while in Debug mode, they all have assigned values.
Use CoreField or builtin getters:
Console.WriteLine(target.Fields[CoreField.Title].Value);
Console.WriteLine(target.Fields[CoreField.AreaPath].Value);
Console.WriteLine(target.State);
Console.WriteLine(target.Type.Name);
I have datareader which reads through 5 names with different values attached to each name.
While debugging i can get to each name using this expression computed by VS:
(new System.Collections.Generic<System.IO.FileInfo>(((School.PackageReader)(reader))._incomingStudents)).Items[0].Name
This above code while debugging gives me values i need like 5 different names when i change Items from 0 to 1 or 2... But when i try to use above code in my .cs file i get errors. Is there anyway to use this in code and get the values?
The error you are receiving is because you did not define the type of Collection you wanted to use.
I assume you are looking for a List, in which case you need to instantiate it this way:
(new System.Collections.Generic.List<System.IO.FileInfo>(((School.PackageReader)(reader))._incomingStudents)).Items[0].Name
Though it doesn't seem like this would be a good case for a List as you are calling a single value in Items[0].Name. BUT that's where your error is coming from.
Consider the following scenario:
http://www.yourdomain.com/Default.aspx?p=2
Now we ofcourse want to check if the querystring parameter p doesnt contain errors.
I now have this setup:
1) Check if p exists
2) Filter out html from p's value
3) htmlencode p's value
4) check if p is integer
5) check if p's integer exists in db
This is how I usual do it, though step 5 is ofcourse a performance hit.
Kind regards,
Mark
My view: Generally a querystring parameter of this kind isn't really "entered" by users but is submitted as a link. So over-complex slow validation isn't really necessary.
So I would just pass this through to the persistence / data layer and handle any errors that come back as a regular 404 Not Found or 500 Internal Server Error depending on the kind of system I'm working with.
If your intent is to use the parameter to retrieve something from the database, why filter out html or encode it? It's not like you're going to store it in the database, or display it on the front end. Just immediately throw it to the DAL if it exists. You're DAL should be smart enough to tell you if it failed to retrieve a record with that ID, or if the ID couldn't be parsed, etc..
If you are going to convert the input to an integer anyway, then steps 2 and 3 are not needed - just use int.TryParse to see what you have. I would encode and test the input for html only if you are expecting a string which you will use in a dynamic sql statement, or will be displaying on your site
What about:
int p = 0;
if(!Int32.TryParse(Request.QueryString["p"], out p))
throw new ArgumentOutOfRangeException("p");
Quite simple. For most data types (integers, decimals, doubles, dates and booleans) there is a very strict format. If the value does not parse under the strict format, it's an error.
Strings sometimes have a strict format, like an email address or a phone number. Those can be validated with a simple regexp. If it conforms, use it, otherwise it's an error.
Most of the time however strings will simply need to be persisted to the DB and later displayed again. In that case no processing is needed, aside from escaping when inserting into DB (unnecessary as well if you used parametrized queries)k, and HTML-encoding when rendering to the display.
This way any and all data is validated, and there is no risk of any injections whatsoever.
The rare exception of a loose format for a string is, well... rare. I can't think of any right now. For that you can afford some more extensive parsing and processing.
Added: Oh, yes, checking whether IDs (or other values) are valid in respect to a DB. You're doing it right, but think if you always need it. Quite often you can put the check into some other query that you have to do anyway. Like when you select data based on the ID, you don't need to explicitly check that it exists - just be ready that your query can return no data.
Sometimes you don't need to use the value at all, then you can simply ignore it.
But, of course, there are other times, like when inserting/updating data, that you indeed need to explicitly check whether the data exists and is valid in the current context.