Tech Sharing Blog

So, you are now the leader of a SQL Server based project and this is your first one, perhaps migrating from Access. Or maybe you have performance problems with your SQL Server and don’t know what to do next. Or maybe you simply want to know of some design guidelines for solutions using SQL Server and designing Database Access Layers (DAL): this article is for you.

Popularity: 1% [?]

Most of the developer who working in MS platform will be used to the javascript window.attachEvent.

But maybe some of you don’t know that window.attachEvent is only working on IE7+ and Opera only. Your coding will hit an javascrpit error when running at IE 6 or any version of firefox.

To resolve this issue, you may need to modify your code as such:

Original Code:

window.attachEvent(“onload”, Page_load);

function Page_load(){
//function code
}

Modify code:

//set page event handlers
if (window.attachEvent) {

//IE and Opera
window.attachEvent(“onload”, Page_load);

} else if (window.addEventListener) {

// IE 6
window.addEventListener(“load”, Page_Unload, false);

} else {

//FireFox
document.addEventListener(“load”, Page_Unload, false);

}

function Page_load(){

//function code

}

Popularity: 1% [?]

There are a lot of web site attacking method now a days, one of the most attacking method that we can easily found is the SQL Injection.

First of all, before you know about the SQL Injection, you may need to know what is SQL. Structured Query Language (‘SQL’) is a textual language used to interact with relational databases.

There are many varieties of SQL; most dialects that are in common use at the moment are loosely based around SQL-92, the most recent ANSI standard. The typical unit of execution of SQL is the ‘query’, which is a collection of statements that typically return a single ‘result set’. SQL statements can modify the structure of databases (using Data Definition Language statements, or ‘DDL’) and manipulate the contents of databases (using Data Manipulation Language statements, or ‘DML’). In this paper, we will be specifically discussing Transact-SQL, the dialect of SQL used by Microsoft SQL Server.

SQL Injection occurs when an attacker is able to insert a series of SQL statement into a ‘query’ by manipulating data input into an application.

The attacker may use the try and error method to study the database table structure and may inject the statement either to read, delete, edit your data in database or more  dangerous is they may take control ovre your database server.

The following PDF file explain the SQL injection in more detail, you may download, study and understanding the most common SQL Injection technique use by the attacker.

Advance SQL Injection (232)

Popularity: 1% [?]

There is always the good way to prevent and verify the using enter data, especially for each text box or text area.

The following is script use the event object to check on the key code that the user enter, return false to prevent user to enter.

Disabled space to be enter in javascript

onKeypress=”if (event.keyCode == 32) event.returnValue = false;”

Sample:

Only allow number and . to be enter in javascript

onkeypress=”if (event.keyCode < 47 || event.keyCode /> 57) event.returnValue = false;”

Sample:

Popularity: 1% [?]

I try to google, call, msn my friend to find out the solution when I stay back in my office until late night yesterday. But still no luck after few hours of trying.

Thinking of gave up when back to office this morning, but one of my friend suddently send me the solution via MSN. That’s the best present I received by today. I’m not sure how many people will looking for this kind of solution, but any way, will post here to share with all and you may take it if you need it.

Basically the idea is that you put all your select, update or delete statment into the variable and use the execute command to execute the whole variable.

My problem:

I have a formula store in a table which is A+B*C+D. My A = 1, B=2, C=3, D=4.

I managed to replace all my variable with the integer using cursor (This maybe not a good solution, but this is not the main discussion in this post)

The finally answer I get is 1+2*3+4. But the bad thing is in the varchar datatype. I only manage to disply 1+2*3+4 but not the answer of 11.

The solution as below:

Declare @MathFomula Varchar(100)

Set @MathFormula = ’1+2*3+4′

Exec(‘SELECT ‘ + @MathFormula  + ‘ AS Result’

Output: 11

* Remember that * and / will calculate at first before + and -

Popularity: 3% [?]

I just found out this usefu function in MSSQL when I try to Google for the solution to replace the null value with something else. So that I no need to do the checking again in my application. The function is call

NULLIF and ISNULL

This 2 functions are actually work opposite with each other.

NULLIF(ColumnName, ValueToCompare) accept 2 parameters, and will return the NULL value if both the expression match.

IFNULL(ColumnName, NewValue) accept 2 parameters, the first parameters is the string that you wish you check with, and the 2nd parameter that you wish to replace with.

Popularity: 3% [?]