Don't ever use string concatenation (or a StringBuilder) to create SQL commands.
An example is this:
string sql = "SELECT * FROM Products WHERE Category=" + cat;
There are a lot of reasons why not to do this:
1. Strings inside the command text needs to be enclosed between ' and '. You can have a problem when the value of cat contains a ' itself. You can avoid this by doubling all single quotes inside the cat string, but it still is not recommended.
2. SQL Injection attacks!!! Don't be tricked by this one, it's easy to avoid. Think of a string cat that contains the following value: 1;
DROP TABLE Products; ---- is the comment operator in T-SQL.
So, the resulting command is this:
SELECT * FROM Products WHERE Category=1; DROP TABLE Products; --
The result: the Products table is droppe. Thus, pretty simple to do if the cat value comes from the querystring or from a form input.
How to avoid this:
1. Always connect with the least privileges needed to do the job. Don't ever ever connect to the database as "sa" or another db owner with full access to the underlying database.
2. Don't use string concat, but use parameterized commands instead, like this:
string query = "SELECT * FROM Products WHERE Category=@Category";
SqlCommand cmd = new SqlCommand(query, conn);
cmd.Parameters.Add("@Category", SqlDbType.NVarChar, 50);
cmd.Parameters["@Category"].Value = cat;
//...This will make sure the anomalities with quotes are solved for you, as well as avoid basic injections and perform checkings for the input length of the strings (+ type checking etc).
3. Even better, use a stored procedure with parameters on the server and call it using SqlCommand. The idea is the same, but the SQL command with params itself is stored on the server.
This allows better performance and even better security.
Happy Browsing!
Relax..
Wednesday, August 20, 2008
Thursday, August 7, 2008
Internet Explorer 8 Beta 1
IE 8 Beta Information
Internet Explorer 8 takes the Web experience beyond the page and introduces a new way to seamlessly experience the power of the Web whether you are a Web developer writing to standards, or an end user discovering a new online service. This beta release is available to everyone, but is primarily for Web developers and designers to test the new tools, layout engine, and programming enhancements.When not developing your web site, you can click the Emulate IE7 button in the command bar to browse the web like you did in IE7.
This article discusses a beta release of a Microsoft product. The information in this article is provided as-is in http://support.microsoft.com/kb/952030 .
Happy Browsing !
Relax
Internet Explorer 8 takes the Web experience beyond the page and introduces a new way to seamlessly experience the power of the Web whether you are a Web developer writing to standards, or an end user discovering a new online service. This beta release is available to everyone, but is primarily for Web developers and designers to test the new tools, layout engine, and programming enhancements.When not developing your web site, you can click the Emulate IE7 button in the command bar to browse the web like you did in IE7.
- SYMPTOMS
You may experience one of the following issues when you use the Beta 1 version of Microsoft Internet Explorer 8:
Misaligned Web page layout
Overlapping text or images - CAUSE
These issues occur because Internet Explorer 8 Beta 1 displays Web pages using its latest "Standards mode" by default, whereas most current Web pages are created and tested to work with Internet Explorer 7 Standards mode. - RESOLUTION
To resolve these issues, Web site owners and administrators can add a meta-tag that tells Internet Explorer 8 to display an entire site or a specific page like Internet Explorer 7. That is, the meta-tag causes Internet Explorer to render pages in either Internet Explorer 7 Standards (Strict) mode or in Internet Explorer 5 (Quirks) mode, based on the Doctype element declaration.Note Adding the Internet Explorer 7 compatibility tag should address most display issues. However, browser detection may also have to be updated on your site. To learn more, visit the following Microsoft Web site:
http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/DevelopersExisting.htm (http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/DevelopersExisting.htm)
This article discusses a beta release of a Microsoft product. The information in this article is provided as-is in http://support.microsoft.com/kb/952030 .
Happy Browsing !
Relax
Tuesday, June 24, 2008
GO GREEN – Say NO to Plastics!
Did you know?
Some where between 500 billion to 1 trillion plastic bags are consumed world wide each year!
Let us STOP this!
GO GREEN – Say NO to Plastics!
>> Next time you go shopping, carry your own jute / cloth / eco-friendly bag!
>> Minimize usage of plastic items like plastic plants, plastic plates / cups / spoons / forks
Say NO to Plastics!
Some where between 500 billion to 1 trillion plastic bags are consumed world wide each year!
Let us STOP this!
GO GREEN – Say NO to Plastics!
>> Next time you go shopping, carry your own jute / cloth / eco-friendly bag!
>> Minimize usage of plastic items like plastic plants, plastic plates / cups / spoons / forks
Say NO to Plastics!
Tuesday, May 20, 2008
Friday, May 9, 2008
Cool Notepad Options !!!
Use it as a log book:
You can use notepad as a log book. To do this, you need to open Notepad, type .LOG in the first line, save the file and close it. The next time you open the file, the current date and time will be displayed there. Every time you open this file the file will have a time stamp along with text on it. Well you can use this to make daily notes or use it as a dairy.
Change header and footer:
You can also get rid of the default header and footer of Notepad. To do this:Click on file -> page setup Remove the characters in the header and footer text boxes Write whatever you want.
And here are some notepad loops...
Trick No.1
open notepad
type “bush hid the facts” without quotation marks
don’t press “enter” save the file
close notepad
open the file again
See what happens!
Trick No.2
Bill fed the goats
open notepad
type “Bill fed the goats” without quotation marks
don’t press “enter” save the file
close notepad
open the file again
See what happens!
Trick No.3
Haro ooo ooo oooon
open notepad
type “Haro ooo ooo oooon” without quotation marks
don’t press “enter” save the file
close notepad
open the file again
See what happens!
That’s it for today… If I’ll find any more cool notepad tricks, I’ll update this post.
You can use notepad as a log book. To do this, you need to open Notepad, type .LOG in the first line, save the file and close it. The next time you open the file, the current date and time will be displayed there. Every time you open this file the file will have a time stamp along with text on it. Well you can use this to make daily notes or use it as a dairy.
Change header and footer:
You can also get rid of the default header and footer of Notepad. To do this:Click on file -> page setup Remove the characters in the header and footer text boxes Write whatever you want.
And here are some notepad loops...
Trick No.1
open notepad
type “bush hid the facts” without quotation marks
don’t press “enter” save the file
close notepad
open the file again
See what happens!
Trick No.2
Bill fed the goats
open notepad
type “Bill fed the goats” without quotation marks
don’t press “enter” save the file
close notepad
open the file again
See what happens!
Trick No.3
Haro ooo ooo oooon
open notepad
type “Haro ooo ooo oooon” without quotation marks
don’t press “enter” save the file
close notepad
open the file again
See what happens!
That’s it for today… If I’ll find any more cool notepad tricks, I’ll update this post.
Tuesday, April 29, 2008
Stress, Strain, Problems??? BE COOL!!!
Discover the 90/10 Principle. It will change your life (at least the way you react to situations). What is this principle? 10% of life is made up of what happens to you. 90% of life is decided by how you react. What does this mean? We really have no control over 10% of what happens to us. We cannot stop the car from breaking down. The plane will be late arriving, which throws our whole schedule off. A driver may cut us off in traffic. We have no control over this 10%. The other 90% is different. You determine the other 90%.
How? ……….By your reaction. You cannot control a red light. but you can control your reaction. Don't let people fool you; YOU can control how you react. Let's use an example. You are eating breakfast with your family. Your daughter knocks over a cup of coffee onto your business shirt. You have no control over what just happened. What happens next will be determined by how you react. You curse.
You harshly scold your daughter for knocking the cup over. She breaks down in tears. After scolding her, you turn to your spouse and criticize her for placing the cup too close to the edge of the table. A short verbal battle follows. You storm upstairs and change your shirt. Back downstairs, you find your daughter has been too busy crying to finish breakfast and get ready for school. She misses the bus. Your spouse must leave immediately for work. You rush to the car and drive your daughter to school. Because you are late, you drive 40 miles an hour in a 30 mph speed limit.
After a 15-minute delay and throwing $60 traffic fine away, you arrive at school. Your daughter runs into the building without saying goodbye. After arriving at the office 20 minutes late, you find you forgot your briefcase. Your day has started terrible. As it continues, it seems to get worse and worse. You look forward to coming home. When you arrive home, you find small wedge in your relationship with your spouse and daughter.
Why? …. Because of how you reacted in the morning. Why did you have a bad day?
A) Did the coffee cause it?
B) Did your daughter cause it?
C) Did the policeman cause it?
D) Did you cause it?
The answer is "D".
You had no control over what happened with the coffee. How you reacted in those 5 seconds is what caused your bad day.
Here is what could have and should have happened. Coffee splashes over you. Your daughter is about to cry. You gently say, "Its ok honey, you just need to be more careful next time". Grabbing a towel you rush upstairs. After grabbing a new shirt and your briefcase, you come back down in time to look through the window and see your child getting on the bus. She turns and waves. You arrive 5 minutes early and cheerfully greet the staff. Your boss comments on how good the day you are having.
Notice the difference? Two different scenarios. Both started the same. Both ended different. Why? Because of how you REACTED. You really do not have any control over 10% of what happens. The other 90% was determined by your reaction.
Here are some ways to apply the 90/10 principle. If someone says something negative about you, don't be a sponge. Let the attack roll off like water on glass. You don't have to let the negative comment affect you! React properly and it will not ruin your day. A wrong reaction could result in losing a friend, being fired, getting stressed out etc.
How do you react if someone cuts you off in traffic? Do you lose your temper? Pound on the steering wheel? A friend of mine had the steering wheel fall off) Do you curse? Does your blood pressure skyrocket? Do you try and bump them? WHO CARES if you arrive ten seconds later at work? Why let the cars ruin your drive? Remember the 90/10 principle, and do not worry about it. You are told you lost your job. Why lose sleep and get irritated? It will work out. Use your worrying energy and time into finding another job. The plane is late; it is going to mangle your schedule for the day. Why take outpour frustration on the flight attendant? She has no control over what is going on. Use your time to study, get to know the other passenger. Why get stressed out? It will just make things worse.
Now you know the 90-10 principle. Apply it and you will be amazed at the results.
Very few know and apply this principle. The result? Millions of people are suffering from undeserved stress, trials, problems and heartache. We all must understand and apply the 90/10 principle.
It CAN change your life!!!
Enjoy….
How? ……….By your reaction. You cannot control a red light. but you can control your reaction. Don't let people fool you; YOU can control how you react. Let's use an example. You are eating breakfast with your family. Your daughter knocks over a cup of coffee onto your business shirt. You have no control over what just happened. What happens next will be determined by how you react. You curse.
You harshly scold your daughter for knocking the cup over. She breaks down in tears. After scolding her, you turn to your spouse and criticize her for placing the cup too close to the edge of the table. A short verbal battle follows. You storm upstairs and change your shirt. Back downstairs, you find your daughter has been too busy crying to finish breakfast and get ready for school. She misses the bus. Your spouse must leave immediately for work. You rush to the car and drive your daughter to school. Because you are late, you drive 40 miles an hour in a 30 mph speed limit.
After a 15-minute delay and throwing $60 traffic fine away, you arrive at school. Your daughter runs into the building without saying goodbye. After arriving at the office 20 minutes late, you find you forgot your briefcase. Your day has started terrible. As it continues, it seems to get worse and worse. You look forward to coming home. When you arrive home, you find small wedge in your relationship with your spouse and daughter.
Why? …. Because of how you reacted in the morning. Why did you have a bad day?
A) Did the coffee cause it?
B) Did your daughter cause it?
C) Did the policeman cause it?
D) Did you cause it?
The answer is "D".
You had no control over what happened with the coffee. How you reacted in those 5 seconds is what caused your bad day.
Here is what could have and should have happened. Coffee splashes over you. Your daughter is about to cry. You gently say, "Its ok honey, you just need to be more careful next time". Grabbing a towel you rush upstairs. After grabbing a new shirt and your briefcase, you come back down in time to look through the window and see your child getting on the bus. She turns and waves. You arrive 5 minutes early and cheerfully greet the staff. Your boss comments on how good the day you are having.
Notice the difference? Two different scenarios. Both started the same. Both ended different. Why? Because of how you REACTED. You really do not have any control over 10% of what happens. The other 90% was determined by your reaction.
Here are some ways to apply the 90/10 principle. If someone says something negative about you, don't be a sponge. Let the attack roll off like water on glass. You don't have to let the negative comment affect you! React properly and it will not ruin your day. A wrong reaction could result in losing a friend, being fired, getting stressed out etc.
How do you react if someone cuts you off in traffic? Do you lose your temper? Pound on the steering wheel? A friend of mine had the steering wheel fall off) Do you curse? Does your blood pressure skyrocket? Do you try and bump them? WHO CARES if you arrive ten seconds later at work? Why let the cars ruin your drive? Remember the 90/10 principle, and do not worry about it. You are told you lost your job. Why lose sleep and get irritated? It will work out. Use your worrying energy and time into finding another job. The plane is late; it is going to mangle your schedule for the day. Why take outpour frustration on the flight attendant? She has no control over what is going on. Use your time to study, get to know the other passenger. Why get stressed out? It will just make things worse.
Now you know the 90-10 principle. Apply it and you will be amazed at the results.
Very few know and apply this principle. The result? Millions of people are suffering from undeserved stress, trials, problems and heartache. We all must understand and apply the 90/10 principle.
It CAN change your life!!!
Enjoy….
Wednesday, April 23, 2008
Attention Kannadiga's
Hi Bangalorians,
I thought writing this blog because, When ever I visited any Shops, Malls in Bangalore, the Bangalore people used to talk in English with shop keepers, with sales person , with auto drivers and even with even their children even knowing Kannada!!!.
Is that really makes sense???
Yes!!! If kannadigas won’t talk and support Kannada, why others will do? Even knowing the Kannada we feel overconfident to talk in English every where.
We are from Karnataka and this is our mother tong. My dear friends please fell proud to talk in Kannada and teach Kannada to your children and save Kannada and Karnataka.
I thought writing this blog because, When ever I visited any Shops, Malls in Bangalore, the Bangalore people used to talk in English with shop keepers, with sales person , with auto drivers and even with even their children even knowing Kannada!!!.
Is that really makes sense???
Yes!!! If kannadigas won’t talk and support Kannada, why others will do? Even knowing the Kannada we feel overconfident to talk in English every where.
We are from Karnataka and this is our mother tong. My dear friends please fell proud to talk in Kannada and teach Kannada to your children and save Kannada and Karnataka.
Subscribe to:
Posts (Atom)