12
Aug
It seems StumbleUpon has recently been getting the “slashdot” effect:
What’s with the username-password info? And the ton of arrays?
Archive for the ‘Database’ Category
27
Feb
You can check out the virtual launch for Visual Studio 2008, SQL Server 2008 and Windows Server 2008 here.
You never know…Steve Ballmer may have another “developers, developers, developers” sweaty-armpit-speech. And why it’s called Heroes Happen Here, I don’t know. It’s worth looking into though.
07
Jan
Here’s an interesting article that Peter Norvig wrote about how wanna-be programmers are in such a hurry in becoming a full-fledged “developer,” buying into Teach Yourself <some language> in 21 days books and the likes.
I’ve been developing/programming for a while now and to become a developer, a great one, you simply cannot take shortcuts.
Every aspiring or veteran developer should read or re-read Norvig’s Teach Yourself Programming in Ten Years article.
14
Nov
For archival purposes, here’s the location of a ton of white papers for best practices or SQL Server on the TechNet site.
Best Practice is a management idea which asserts that there is a technique, method, process, activity, incentive or reward that is more effective at delivering a particular outcome than any other technique, method, process, etc. The idea is that with proper processes, checks, and testing, a desired outcome can be delivered with fewer problems and unforeseen complications. Best practices can also be defined as the most efficient (least amount of effort) and effective (best results) way of accomplishing a task, based on repeatable procedures that have proven themselves over time for large numbers of people.
31
Oct
I had forgotten to add SQL Injection prevention logic when I integrated and implemented a SQL search function for my employer’s internal ASP.NET app. So in this post, I’m adding it for archival and sharing purposes.
SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.
BTW, here’s an excellent article about SQL Injection on the MSDN site.
1. The first thing you’ll need to do is grab the user’s input from the search textbox; for example:
// Get user search input string requestString = txtSearch.Text.Trim(null);
2. Next, you’ll need to add logic to see if the user input contains any of the following:
I added something like this:
if ((requestString.Contains(";")) || (requestString.Contains("'")) || (requestString.Contains("--")) || (requestString.Contains("/*")) || (requestString.Contains("*/")) || (requestString.Contains("xp_"))) { // Stop processing and notify user } else { // Continue processing and show results }
3. Build/compile your app then test it out. If all goes well, you should not get any errors and your web app’s search function should now be SQL Injection-proof.