.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Anti Injection Snippet

Posted By:      Posted Date: October 25, 2010    Points: 0   Category :ASP.Net

Within the code behind, where do we insert the following anti injection snippet:

Public Function strLong(ByVal pstrText As String) As String

        Dim strTemp As String = Nothing
        Dim lngI As Long = 0
        strTemp = ""
        For lngI = 1 To Strings.Len(pstrText)
            If Strings.InStr(1, "1234567890", Strings.Mid(pstrText, lngI, 1)) > 0 Then
                strTemp = strTemp & Strings.Mid(pstrText, lngI, 1)
            End If
        Return Strings.Left(strTemp, 20)
    End Function


Here is the code behind as follows:


Imports System.Web.DynamicData

Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
        Dim visibleTables As System.Collections.IList = MetaModel.Default.Visi

View Complete Post

More Related Resource Links

ASP.NET, HTML, JavaScript Snippet Support (VS 2010 and .NET 4.0 Series)

This post covers another useful improvement in VS 2010 - HTML/ASP.NET/JavaScript snippet support. Snippets allow you to be more productive within source view by allowing you to create chunks of code and markup that you can quickly apply and use in your application with a minimum of character typing.

Visual Studio has supported the concept of "snippets" for VB and C# in previous releases - but not for HTML, ASP.NET markup and JavaScript. With VS 2010 we now support snippets for these content types as well.

SQL Injection Walkthrough / Tutorial

SQL Injection is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

Test Run: Fault Injection Testing with TestApi


Fault injection testing is the process of deliberately inserting an error into an application to determine whether it deals with the error properly. We'll explain how you can introduce faults into .NET applications at run time using the Managed Code Fault Injection APIs of the TestApi library

James McCaffrey

MSDN Magazine August 2010

Inside Microsoft patterns & practices: Dependency Injection in Libraries


This article discusses how to write a library or framework that uses the Dependency Injection pattern and how the change in focus affects the usage of the pattern.

Chris Tavares

MSDN Magazine November 2009

Entity Framework: Anti-Patterns To Avoid In N-Tier Applications


Danny Simmons explores some anti-patterns you should look out for when building n-tier applications with the Entity Framework.

Daniel Simmons

MSDN Magazine June 2009

PIAB And WCF: Integrating the Policy Injection Application Block with WCF Services


Using the PIAB you can enhance WCF services with policies such as validation, performance monitoring, authorization and caching without having to change a line of code.

Hugh Ang and David San Filippo

MSDN Magazine February 2008

Design Patterns: Dependency Injection


Today there is a greater focus than ever on reusing existing components and wiring together disparate components to form a cohesive architecture. But this wiring can quickly become a daunting task because as application size and complexity increase, so do dependencies.

Griffin Caprio

MSDN Magazine September 2005

Data Security: Stop SQL Injection Attacks Before They Stop You


To execute a SQL injection attack, a hacker writes a Web page that captures text in a textbox to be used to execute a query against a database. The hacker enters a malformed SQL statement into the textbox that causes the back-end database to perform operations the owners did not intend it to perform, like making unauthorized updates. This article explains how you can protect against the all too common SQL injection attack in your own database. The steps covered include data validation, proper exception handing, and much more.

Paul Litwin

MSDN Magazine September 2004

ISAPI Filters: Designing SiteSentry, an Anti-Scraping Filter for IIS


The Microsoft Internet API for IIS, ISAPI, sits between the client and the Web server. Therefore, you can access the HTTP data stream before IIS gets to see it. The project in this article takes advantage of the ISAPI architecture to create a filter that monitors access to a Web site to determine if visits are from typical users or from automated processes designed to pilfer information from your site. The author tracks the regularity of visits to the site to determine the likely source. Once the determination is made, the app either redirects the user or continues to track information about those hits.

Rodney Bennett

MSDN Magazine October 2001

sql Injection



In a Text field whatever I will enter after less than "<" symbol will disappear.

 So I am just replacing this symbol with a space, please let me know if there is any other desired output we need here.




UserControl, CustomControl Design Time Support errors IOC, Dependency Injection, MVP

  Hi, is there a way to completely disable design time support for CustomControl, and UserControl ? I have about 30 UserControls and 10 CustomControls in my WinForms app, which contains some Dependency Injections and IOC stuff in constructors and Load handlers. I have lots of large UserControls containing smaller UserControls (CompositeView). All my UI code is pretty dynamic and the only thing i need to do at design time is to drag&drop containers in other containers (UserControls). And now i have a hard time doing this, because i have to wrap all constructors and Load Handlers in CurrentProccess!="devenv"... and when I'm Implementing some new View interface (which consist lots of properties) in UserControl all those properties by default throw NotImplementedException and i don't always need to implement them immediately but still i need to be able to run this code for testing. Besides, then i have to clean up designer generated class because it adds unnecessary null value property initializations, and then it way add some other ____ code, and so on.... Imagine UserControl with 10-15 nested UserControls, and then i try to open it in Form Designer and get ObjectReference NULL exception (for IOC) or some NotSupported NotImplemented exceptions (for properties) without adequate CallStack available! There is a CallStack but there is no trace in it to my Code (

Injection attacks

How do we protect our site fomr SQL Injection attacks, among other security  practices?

How to use injection for workflows

I want to inject some instances and values into a workflow using Unity. It seems that the only way to do this is to define InArgument properties on the workflow and assign values to those arguments on the workflow instance prior to running the workflow. For example: <Activity mc:Ignorable="sap" x:Class="WorkflowConsoleApplication1.Workflow1" xmlns="http://schemas.microsoft.com/netfx/2009/xaml/activities" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:mv="clr-namespace:Microsoft.VisualBasic;assembly=System" xmlns:mva="clr-namespace:Microsoft.VisualBasic.Activities;assembly=System.Activities" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:s1="clr-namespace:System;assembly=System" xmlns:s2="clr-namespace:System;assembly=System.Xml" xmlns:s3="clr-namespace:System;assembly=System.Core" xmlns:s4="clr-namespace:System;assembly=System.ServiceModel" xmlns:sa="clr-namespace:System.Activities;assembly=System.Activities" xmlns:sad="clr-namespace:System.Activities.Debugger;assembly=System.Activities" xmlns:sap="http://schemas.microsoft.com/netfx/2009/xaml/activities/presentation" xmlns:scg="clr-namespace:System.Collections.Generic;assembly=System" xmlns:scg1="clr-namespace:System.Collections.Gene

create a sql server 2005 new login for SQL Injection prevention

    Hi All,  Thank you for advance. Our database affected with SQL Injection. so We need to create a sql server 2005 new login for SQL Injection prevention User can perform, access tables with select,update and delete queryaccess views, functions and stored procperform cursor     what are the permissions given for that login account?

Dynamic method creation using code snippet

Hello, I am looking to map a method from php to .NET. There are various methods I am targeting, and most don't satisfy a one method-to-one method conversion; alot of the mapping really requires a few lines of logic thrown in, and not just "this .NET function call for this php function call." Anyway, I've defined the mappings as strings, and all I need to do is plug them into a dynamic method that will create, run the code, and return the appropriate value. I do not want to create an assembly in the process, which I think leaves CodeDomProvider out of it. And I don't want to generate my code in IL, which I think leaves MethodBuilder and DynamicMethod out of the running. Can anyone lead me in the right direction here? Is there a way to do what I am asking?   Thanks!

ASP.NET MVC 3 P1 Filter Injection

Hello!I've read through Brad Wilson's article series "ASP.NET MVC 3 Service Location" (http://bradwilson.typepad.com/blog/2010/07/service-location-pt4-filters.html) and tried to get filter injection work with Unity without success (Stack Trace: http://www.aspkoll.se/code/Index.asp?id=625).Feels like I have searched for all relevant keywords I can think of but have not found any other article that takes up the subject so the question is, how do I solve it with the filter injection? Can also add that the code is exactly the same as Brad Wilson's and I use the newest version of Unity.Thanks,Timmie

On SQL Injection Attack Surprises

In a recent thread Erland Sommarskog has pointed out that even nchar(10) text input is big enough for an SQL injection attack. Demo follows: /************* WARNING **************** * THIS IS AN SQL INJECTION DEMO - DON'T RUN IT ON PRODUCTION * EXECUTE IT AT YOUR OWN RISK ***************************************/ USE tempdb; GO /**** DISCLAIMER - DEMO CODE ONLY - DON'T USE IT PRODUCTION ****/ CREATE PROC sprocSQLInjectionAttackDemo @input nchar(10) AS BEGIN DECLARE @SQL nvarchar(max) SET @SQL = ' SELECT Color FROM AdventureWorks2008.Production.Product'+CHAR(10)+ ' WHERE Color like '+@input PRINT @SQL EXEC (@SQL) END GO -- Test SQL injection stored procedure DECLARE @input nchar(10)= '''''SHUTDOWN' EXEC sprocSQLInjectionAttackDemo @input GO /* SELECT Color FROM AdventureWorks2008.Production.Product WHERE Color like ''SHUTDOWN (0 row(s) affected) The SHUTDOWN statement cannot be executed within a transaction or by a stored procedure. Msg 0, Level 11, State 0, Line 0 A severe error occurred on the current command. The results, if any, should be discarded. */ Do you have an SQL Injection surprise story/script? If script, just cripple it to make it harmless.   Kalman Toth, SQL Server & Business Intelligence Training; SQL 2008 GRAND SLAM
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend