Geeks With Blogs
Geeks with Blogs, the #1 blog community for IT Pros
PhilSando
@philsando
  • philsando Why am I dealing with returning sqldatareader bugs in the enterprise framework 5 DAAB? Cant MS fix this shit b4 release http://bit.ly/cxSVWo about 1100 days ago
  • philsando Working on some DAL stuff across many MSSQL and Oracle DB Servers ... Joy :0) about 1142 days ago
  • philsando got hit off my motorbike by a car and just had to take a 12km walk to work.. the joy about 1162 days ago
  • philsando is trying to find a way to loop through dynamically created web controls, inputting their values into an mssql database #dotnet #in about 1192 days ago
  • philsando is trying to find a way to loop through dynamically created web controls, inputting their values into an mssql database #dotnet about 1192 days ago
Archives
Phil Sando January 2010 Entries
Stopping SQL Injection Attacks
make sure all queries are parameterised like this: sql = ("select * from contacts where contactid = @id") Dim cmd As SqlCommand = New SqlCommand(sql, conn) cmd.Parameters.Add("@id", SqlDbType.VarChar) cmd.Parameters("@id").Value = id I also include a usercontrol which checks the querystring for bad terms: The list is long but this snippet should give you the gist of it: Dim querystringvar As String = Request.QueryString.ToString If InStr(querystringvar, "drop") Then Response.Redirect("/errors/... ......

Posted On Friday, January 29, 2010 12:39 PM

Working with SqlCommand Parameters

Here is the code you need to start adding parameters to your sql commands:

Add parameter then add value:

Dim cmd As SqlCommand = New SqlCommand(s,c)
cmd.Parameters.Add("@id", SqlDbType.Int)
cmd.Parameters("@id").Value = foo

or

Add parameter with value:

command.Parameters.AddWithValue("@id", foo)

Posted On Wednesday, January 27, 2010 8:21 AM

Visual Studio 2008 SP1 / SQL Server 2008 Frustrations (The Solution)
The solution to the problem I was having in my post earlier this morning: A lurking instance of "Visual C# 2008" was installed on my machine and not updated to SP1 level. After replacing this with the current version (from http://www.microsoft.com/ex... and re-running the test, SQL server 2008 is now installing ok. A useful blog post from msdn on this subject can be found here: http://bit.ly/483su6 ......

Posted On Friday, January 22, 2010 1:49 AM

Visual Studio 2008 SP1 / SQL Server 2008 Frustrations
Well this morning I've been trying to mirror the office's development environment onto an offline laptop. Correct me if I am wrong, but version ".0.30729.1 SP" includes the service pack 1 update (dont get me started on the mission of creating a full version of the installer/downloader to run offline) . So when I try to setup a new SQL Server 2008 instance why do I fail the test "Previous releases of Microsoft Visual Studio 2008" ... Most support web sites suggest re-installing SP1, which I have done ......

Posted On Friday, January 22, 2010 1:14 AM

Welcome ... I guess
My name is Phil, im from the UK. Currently I'm going through a career change, working in South Africa as a Junior asp.net developer. For the most part I will be coding in VB rather than C# as that is what the organisation I'm working for use. My own background is in web publishing, content management and taxonomies where I have around 10 years experience working in London, Liverpool, New York and South Africa for many high profile clients such as; Save the Children Her Majesty's Court Service The ......

Posted On Thursday, January 21, 2010 4:43 AM

Copyright © PhilSando | Powered by: GeeksWithBlogs.net | Join free


Geeks With Blogs Content Categories ASP.Net SQL Server Apple Google SharePoint Windows Visual Studio Team Foundation Server Agile Office Design Patterns Web Azure
Brand New Posts on Geeks with Blogs 0