Featured post

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
3 comments

sanitize data for SQL with JavaScript -

-

i have bunch of forms have various input elements. want sanitize these on server side (yes, i'm using server-side javascript) use these inputs parameters, , prevent special characters malformed.

before go, "this belongs not in realm of javascript", etc., etc.

i using multi-million licensed software solution, has javascript apparently has no standard functions out of box. so, whatever using, can assure you have never touched or heard of it. , supports server side javascript, because well, language cool.

my first objective sanitize data before goes in database, , love way example how ruby labels foreign data: tainted. , rather have no tainted data. google , copy paste poor regex here , there, , got sad example. however, have function said "well, takes off 70% of possible stuff data , pretty darn sanitize".

basically string these elements should escaped , assume best practices existing wish of mine. 

function sanitize(mystring) { ... ; return mystring }

how can escape symbols '#!? , other special characters , how can them in reverse? aware of javascript escape method, want know if function debugged , public available before re-invent wheel.

i considered: - javascript escape - base64 encoding - regex

i rather ask people have written such functions before.

thanks,

see update below

you're reinventing wheel. whatever you're using talk database should have kind of "prepared statement" concept. in java it's literally preparedstatement class, database access system should have similar. use these you're not building sql statements strings. instance, conceptually:

preparedstatement = prepare("insert mytable (id, name) values (?, ?)") preparedstatement.setfield(0, theid); preparedstatement.setfield(1, thename);

not:

statement = "insert mytable (id, name) values ('" + theid + "', '" + thename + "')"

...which asking injection attacks.

the "prepared statement" concept centralizes escaping database link layer, well-prepared handle it. if tell people you're using access database, they'll able point @ relevant mechanism. see below.

just avoidance of doubt: you're doing escaping on server, right? mean, that's how read it, you've said "i want sanitize these on server side...". in case thinking of doing client-side: you can't. nothing, absolutely nothing, client-side sends can trusted, can faked. must server-side.

update: you've commented you're using rhino in application server. excellent! preparedstatement , let jdbc driver handle you. (for non-java lurkers: rhino javascript java vm. it's brilliant.)


Comments

Post a Comment

Popular posts from this blog

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
Read more

cocoa - Nesting arrays into NSDictionary object (Objective-C) -

-
i define tasks using nsdictionary, i'd save in plist file (i didn't have luck core data far), got stuck @ 2 points: -- when using initwithobjectsandkeys: can change data type number or boolean, using nsdate's numberwithint: , numberwithbool: methods, respectively. can't seem find method change type date though. couldn't find in documentation. -- second problem ran nested arrays. how can add them dictionary? i have uploaded picture here of trying achieve. thank in advance! do mean nsnumber 's +numberwithint: , +numberwithbool: methods, not nsdate ? it's nsnumber defines methods. to convert number date, depends on number is. if it's unix timestamp, [nsdate datewithtimeintervalsince1970:thetimestampinseconds] . as adding nsarray objects dictionary: [yourdictionary setobject:yourarray forkey:@"somekey"]; you'll have post code if need more question isn't clear.
Read more

ios - Very simple iPhone App crashes on UILabel settext -

-
i have simple application. have button , label in ib. have ibaction onclick calls settext on label. there's outlet label. connected in ib. crashes app first time in simulator. when launch again, sets text. crashes again next time. crashes on actual device. should simple, i'm not sure i'm doing wrong. thanks. in .h file : #import <uikit/uikit.h> @interface untitledviewcontroller : uiviewcontroller { iboutlet uilabel *label; iboutlet uibutton *button; } @property (nonatomic, retain) uilabel *label; -(ibaction) onclick1: (id) sender; @end and in .m: - (ibaction) onclick1: (id) sender { //[label settext:@"hello world!"]; label.text = @"hello world!"; //[button settitle:@"clicked" forstate:uicontrolstatenormal]; } sorry, i'm new site. how crash log , stack? thanks. edit : while answer technically correct, doesn't answer question @ :( sorry < warning - guess > if you're
Read more