|
You are of course entirely right. I'd read the code and my brain screamed "this is so wrong" so loudly that I overlooked the parameters...
|
|
|
|
|
Never use SQL in your production code. Always use stored procedures and pass in parameters where necessary. This is one of the ways hackers use to SQL inject your code.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
You can use parameters without stored procedures.
|
|
|
|
|
That wasn't the point I was making. It was about avoiding SQL injection and using stored procedures instead of passing SQL over the wire in your code.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
Dominic Burford wrote: That wasn't the point I was making.
Well, certainly seemed like that.
Dominic Burford wrote: It was about avoiding SQL injection
That's unrelated to Stored Procedures.
Dominic Burford wrote: and using stored procedures instead of passing SQL over the wire in your code.
Well, if your application server isn't on the same network as the database, you're having much bigger problems.
|
|
|
|
|
Like many developers, we use third-party providers for our hosting requirements. This includes our application and database. They are hosted independently on separate Azure instances (and in separate geographic regions). Having the two hosted on separate servers is neither unusual nor a problem.
Using a stored procedure to initiate a CRUD operation allows you to reduce the likelihood of a SQL injection attack as you are not passing raw SQL statements over the wire from the application to the database.
Don't just take my word for it, this is the advice given by many articles for reducing the problem.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
People who say "never" and "always" tend to be wrong a lot.
|
|
|
|
|
Not in this case.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
Member 14629409 wrote: visual basic 2008...
Mind Bleach! Send me Mind Bleach!!!!
Will Rogers never met me.
|
|
|
|
|
|
Not half as tough as England will be playing!
The All Blacks are on fire this year ...
And we barely scraped through.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
We were not very good at all Paul hopefully WG will have a hard word before the South Africa game - a wins a win though we had Warburton sent off in 2011 and France beat us
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
There is a bloody great big frog getting an earful for the red card that cost them the match. Japan match was a real grind for the first 50 minutes before the weight of SA took its toll.
Looking forward to seeing the Kiwis give the dammed poms a hard time.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
Cymru am byth!
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
I'm Welsh and would love them to win but they won't unless they shape up.
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
We played much better than Wales, as even Wales coach admitted, but in the end with the two missed penalties and that red card (Our guy must be brainless to do something like this at all, let alone in a world cup) and a bit of technical errors in front of Wales line, we did no make it. Anyway, it was a nice game, and I enjoyed watching it.
|
|
|
|
|
Being from the US and not following rugby, how are the Scots doing? My great grandmother was from there.
|
|
|
|
|
|
I just spent over an hour fixing some custom DateTime TextBox that only worked if the system clock was in a specific Dutch format (both CurrentCulture and CurrentUICulture had to match)
I'm sure it all works at the customer (for now), but as a developer I prefer having my OS in English because it's more Googleable.
And I REALLY don't know what to make of this
smtp.Send(mail)
For n = 1 To 10
Thread.Sleep(500)
Application.DoEvents()
Next I wanted to apply the boy scout rule, but that's a full time job
There's new work (and a new customer) in it for me though.
Probably a new web or mobile application hosted in Azure
|
|
|
|
|
Application.DoEvents() is used to keep a Winforms GUI responsive, otherwise in a tight loop it will freeze.
Agree with you on the English Windows version, just can't stand Windows Dutch translation
|
|
|
|
|
I know what DoEvents does, but why would you need it in the first place?
And in a loop?
With a Thread.Sleep?
I should add that the class in which it is used is not even a Form.
|
|
|
|
|
My bet is that the SMTP method runs asynchronously and they wanted to make sure it goes through before the code goes on.
Could be worse, I've inherited a code base that crashes when compiled in release build, works only in debug build. Thankfully, I am rid of it now.
|
|
|
|
|
Then he should put that send mail call in an async method and prevent user from sending another mail or closing the program before it's done.
|
|
|
|
|
I suppose that's kinda the point of the loop in the first place: To prevent the user from doing anything else in the meantime.
|
|
|
|
|
Yes but user should be still allowed to do stuffs such as clicking on menus or continue typing. Using async method gives user smooth experience. While using thread.sleep and window.doevents continuously wont be smooth, I believe.
|
|
|
|