Tech.It.2.Me->{By.Anton.Perez} » Database

StumbleUpon database failure error

anton — Tue, 12 Aug 2008 20:54:10 +0000

It seems StumbleUpon has recently been getting the “slashdot” effect:

What’s with the username-password info? And the ton of arrays?

Microsoft virtual launch

anton — Wed, 27 Feb 2008 04:09:53 +0000

You can check out the virtual launch for Visual Studio 2008, SQL Server 2008 and Windows Server 2008 here.

You never know…Steve Ballmer may have another “developers, developers, developers” sweaty-armpit-speech. And why it’s called Heroes Happen Here, I don’t know. It’s worth looking into though.

Teach yourself programming in ten years

anton — Mon, 07 Jan 2008 22:47:50 +0000

Here’s an interesting article that Peter Norvig wrote about how wanna-be programmers are in such a hurry in becoming a full-fledged “developer,” buying into Teach Yourself in 21 days books and the likes.

I’ve been developing/programming for a while now and to become a developer, a great one, you simply cannot take shortcuts.

Every aspiring or veteran developer should read or re-read Norvig’s Teach Yourself Programming in Ten Years article.

SQL Server Best Practices

anton — Wed, 14 Nov 2007 19:27:54 +0000

For archival purposes, here’s the location of a ton of white papers for best practices or SQL Server on the TechNet site.

Best Practice is a management idea which asserts that there is a technique, method, process, activity, incentive or reward that is more effective at delivering a particular outcome than any other technique, method, process, etc. The idea is that with proper processes, checks, and testing, a desired outcome can be delivered with fewer problems and unforeseen complications. Best practices can also be defined as the most efficient (least amount of effort) and effective (best results) way of accomplishing a task, based on repeatable procedures that have proven themselves over time for large numbers of people.

SQL Injection-proof your integrated SQL search in ASP.NET 2.0

anton — Wed, 31 Oct 2007 21:35:38 +0000

I had forgotten to add SQL Injection prevention logic when I integrated and implemented a SQL search function for my employer’s internal ASP.NET app. So in this post, I’m adding it for archival and sharing purposes.

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.

BTW, here’s an excellent article about SQL Injection on the MSDN site.

1. The first thing you’ll need to do is grab the user’s input from the search textbox; for example:

// Get user search input
string requestString = txtSearch.Text.Trim(null);

2. Next, you’ll need to add logic to see if the user input contains any of the following:

I added something like this:


if ((requestString.Contains(";")) || (requestString.Contains("'")) ||
    (requestString.Contains("--")) || (requestString.Contains("/*")) ||
    (requestString.Contains("*/")) || (requestString.Contains("xp_")))
{
    // Stop processing and notify user
}
else
{
    // Continue processing and show results
}

3. Build/compile your app then test it out. If all goes well, you should not get any errors and your web app’s search function should now be SQL Injection-proof.