You searched for the word(s): userid:22199

More Search Options

RSS Available

• Re: Avoid SQL Injection attacks

  A couple of points here. First, escaping strings is not fail-safe: with some databases, it can be circumvented by feeding in badly-formed Unicode data in an appropriate encoding. Second, stored procedures are not a magic bullet and introduce problems of their own, most notably maintainability. (See the blog entry " Stored procedures are bad, m'kay " by Frans Bouma for a fuller discussion.) I've seen stored procedures that themselves perform string concatenation and then feed the

  Posted to FAQ - Frequently Asked Questions (Forum) by jammycakes on 8/20/2008

• Re: Avoid SQL Injection attacks

  [quote user="imbrod"]The issue here is that we should use parameters so that we don't have to check anything[/quote] Using parameterised queries doesn't excuse you from checking anything. You need to both validate your data and use parametrised queries. It's called "defence in depth."

  Posted to FAQ - Frequently Asked Questions (Forum) by jammycakes on 8/13/2008

• Re: Avoid SQL Injection attacks

  [quote user="imbrod"] How about concatenating strings for INSERT, UPDATE or DELETE? How do I use parametrized "query" in that case? Same way as SELECT? [/quote] Exactly the same way. Use SqlCommand.Parameters.Add(new SqlParameter(...)) as before.

  Posted to FAQ - Frequently Asked Questions (Forum) by jammycakes on 8/11/2008

• Re: would you buy cms Shopping Cart in c# or vb?

  I wouldn't base my decision on whether it's written in C# or VB.NET: there's no real difference in performance to speak of between the two languages. It's only a matter for consideration if you want to modify the source code yourself, and then the question is which one you know best.

  Posted to Getting Started (Forum) by jammycakes on 8/8/2008

• Re: Number of projects in a solution

  In practice, no more than you strictly need. I tend to favour putting all your business logic and database access code into a single project, and having a separate project for each kind of presentation layer that you need, e.g. one for your web application, one for your unit tests, and one each for any scheduled tasks or Windows services that you may need to write. Beyond that, if you don't need to compile or deploy different parts of your application separately, it doesn't make a lot of

  Posted to Architecture (Forum) by jammycakes on 8/8/2008

• Re: Filering domain name or name of website from a URL

  Fails on: https://www.asp.net/Foo.aspx => empty string www.asp.net/Foo.aspx => p.net wwwasp.net/Foo.aspx => .net http://wwwasp.net => sp.net //asp.net => net

  Posted to Architecture (Forum) by jammycakes on 8/8/2008

• Re: Avoid SQL Injection attacks

  Unfortunately I don't think there's an equivalent function built in to JavaScript but if you do a Google search for "Hebrew dates in JavaScript" or something you should find some scripts that may be of some help.

  Posted to FAQ - Frequently Asked Questions (Forum) by jammycakes on 8/8/2008

• Re: Problems To Converta DataColumn from String do Double

  Have you checked the language of the login that is connecting to the database? In the Object Explorer in SQL Server Management Studio, go to your database, then "Security" then "Logins" then right-click on the login you are using, click "Properties" and check what is set under "Default language."

  Posted to Localization (Forum) by jammycakes on 8/8/2008

• Re: Avoid SQL Injection attacks

  More specifically, you can format Hebrew dates and times like this: string NowInHebrew() { CultureInfo hebrew = CultureInfo.CreateSpecificCulture( "he" ); hebrew.DateTimeFormat.Calendar = new HebrewCalendar(); return DateTime.Now.ToString(hebrew); }

  Posted to FAQ - Frequently Asked Questions (Forum) by jammycakes on 8/7/2008

• Re: Avoid SQL Injection attacks

  System.Globalization.HebrewCalendar .

  Posted to FAQ - Frequently Asked Questions (Forum) by jammycakes on 8/7/2008