Sumedh Meshram

A Personal Blog

Encapsulation

  • Encapsulation is a procedure of covering up of the data & functions into a single unit called as class 
  • An encapsulated object is often called an abstract data type. 
  • Encapsulation can protect your data from accidental corruption. 
  • Rather than defining the data in the form of public, we can declare those fields as private.

Code Example :

public class School
{
	private string Schooldepartname;
	public string SchoolDepartname
	{
		get
		{
			return Schooldepartname;
		}
		set
		{
			Schooldepartname =value;
		}
	}
}
public class Departmentmain
{
	public static int Main(string[] args)
	{
		School d= new School();
		d.SchoolDepartname="Communication";
		Console.WriteLine("The Dept. Name is :{0}",d.SchoolDepartname);
		return 0;
	}
}

 

Output:

The Dept. Name is : Communication

Benefits of Encapsulation :

  • In Encapsulation fields of a class can be read-only or can be write-only.
  • A class can have control over in its fields.
  • A class can change data type of its fields anytime but users of this class do not need to change any code.

From the above we can see the use of Encapsulation by using properties. The property has two accessor get and set. The get accessor returns the value of the some property field. The set accessor sets the value of the some property field with the contents of "value". Properties can be made read-only. This is accomplished by having only a get accessor in the property implementation.

SQL Injection attack by Example and how to prevent it in asp.net:

Today we will be learning about the SQL injection attack and ways to prevent this attack using simple coding practices. Using simple practices you can keep your database away from SQL injection attack. Many databases in today's world are prone to SQL Injection attack. This attack is often used by attackers to attack the database which means it can gain access to database and manipulate the database. This attack can be more dangerous if account, through which you are accessing the database, has all privileges to access database then attacker can delete the tables or even database itself.

What is SQL Injection attack?

Example 1:-

Consider a simple functionality which you have on your website where you use username in the SQL query to get details of user and based on result you proceed.

String Query = “select * from User_master where User_name ='"+ txtUsername.Text;

Now in textbox txtUsername you pass following value as "'; drop table User_master - -"

Now your Query will be like below

select * from User_master where User_name = ''; drop table User_master - -'

 

Now what this above code does it executes two statements in first statement it Executes the statement

select * from User_master where User_name = ''

 

After that semicolon (;) is there which tells SQL that it is end of first statement then after that it executes the second statement. drop table User_master and drops the table Note that:- Even if semicolon is not there it will take two as different statements as SQL it self can not identify SQL statement and Parameter you have to tell him which is query and which is parameter

Ways to prevent SQL injection attack

Below are some of the common coding practices which can be used to prevent the SQL Injection attack and make your application database secure. Use validation for input values: - You can check for User input inside the textboxes and validate them according to the expected value so no other value will be inserted into the database. In below example database expects only Numeric value so we have use a RegularExpressionValidator which will allow only numeric value to be entered inside the textBox

<asp:TextBox ID="txtid" runat="server"></asp:TextBox></span>
        <asp:RegularExpressionValidator ID="regExp" runat="server" ErrorMessage="*" ValidationExpression="^(-)?\d+(\.\d\d)?$"
            ControlToValidate="txtid"></asp:RegularExpressionValidator>

 

Use of Parameterized Query: Another way of preventing SQL Injection is using Parameterized Query, where you pass the required. As we pass parameter differently to Query it is not vulnerable to SQL Injection attack. AS SQL distinguishes between Parameter and Query.

SqlConnection conn = new SqlConnection(connectionString)
        DataSet ds = new DataSet();
        SqlDataAdapter da= new SqlDataAdapter("SELECT * FROM User_master WHERE au_id = @u_id", conn);                
        da.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);
        da.SelectCommand.Parameters["@au_id"].Value = txtUsername.Text;
        da.Fill(ds);

 

Use of Stored Procedure: Another way of preventing SQL Injection is using Stored Procedure, where you pass the required parameters with values to the stored procedure which is defined for the stored procedure. As to stored procedure you pass value stored procedure takes it as Parameter so there is no risk of Database attack.

SqlConnection conn = new SqlConnection(connectionString)
        DataSet ds = new DataSet();
        SqlDataAdapter da= new SqlDataAdapter("p_get_user_details", conn);   
        da.SelectCommand.CommandType = CommandType.StoredProcedure;
        da.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);
        da.SelectCommand.Parameters["@au_id"].Value = txtUsername.Text;
        da.Fill(ds);

 

Abstraction

Abstraction :

  • Abstraction refers to the act of representing essential features without including the background details or explanations.
  • Abstraction defines way to abstract or hide your data and members from outside world.
  • Classes use the concept of abstraction and are defined as a list of abstract attributes.
  • Simply speaking Abstraction is hiding the complexities of your class or struct or in a generic term Type from outer world.
  • This is achieved by means of access specifiers.
Access Modifier Description (who can access)
Private Only members within the same type.  (default for type members)

Protected

Only derived types or members of the same type.
Internal Only code within the same assembly. Can also be code external to object as long as it is in the same assembly.  (default for types)
Protected internal Either code from derived type or code in the same assembly. Combination of protected OR internal.
Public Any code. No inheritance, external type, or external assembly restrictions.

 

Code Example :

namespace AbstractionExample
{
public abstract class Shape
        {
            private float _area;
            private float _perimeter;

            public float Area
            {
                get
                {
                    return _area;
                }
                set
                {
                    _area = value;
                }
            }
            public float Perimeter
            {
                get
                {
                    return _perimeter;
                }
                set
                {
                    _perimeter = value;
                }
            }
            public abstract void CalculateArea();
            public abstract void CalculatePerimeter();
        }
}


Advantages of abstraction : are the hiding of implementation details, component reuse, extensibility, and testability. When we hide implementation details, we reveal a cleaner, more comprehensible and usable interface to our users. We are separating our interface from our implementation, and this makes component reuse more practical. Many, if not all of the object-oriented concepts we have discussed throughout this document play a role in the abstraction principle. Working together, their end goal is the same, to produce software that is flexible, testable, maintainable, and extensible.

Get Value from Embedded Resource File

In ASP.Net it is better to used embedded resource for setting up the text for controls, message, etc for your web application. Add a App_GlobalResources folder and then add a resource file. Right-click on the resource file, go to properties and set the option as shown below:

Now add a class in your class library as :

using System;
using System.Globalization;
using System.Web;

namespace Common.Helper
{
    public static class ResourceHelper
    {
        const string ResourceBase = "WebUI";

        public static string GetResourceName(string resourceFile, string configKey, bool showWarningOnMissingKey)
        {
            return HttpContext.GetGlobalResourceObject(resourceFile, configKey) as string jQuery152025080017000436783_1326121562716
                           (showWarningOnMissingKey
                                ? string.Format("{0} not found in {1}.resx file", configKey, resourceFile)
                                : configKey);
        }

        public static string GetValue(string key)
        {
            CultureInfo culture = CultureInfo.CurrentCulture;
            //First try to load resource value from App_GlobalResources in case user is localizing control
            object val = HttpContext.GetGlobalResourceObject(ResourceBase, key, culture);
            if (val != null)
            {
                return val.ToString();
            }
            //If no value is found then load it from the embedded resource file (Localization/Resource.resx)
            Type type = HttpContext.Current.ApplicationInstance.GetType();
            if (type.BaseType != null)
            {
                System.Reflection.Assembly assembly = System.Reflection.Assembly.GetAssembly(type.BaseType);
                //string name = assembly.GetName().ToString();
                var myManager = new
                    System.Resources.ResourceManager("Web.UI.App_GlobalResources.WebUI", assembly);
                try
                {
                    return myManager.GetString(key, culture);
                }
                catch (Exception)
                {
                    return string.Format("{0} not found in {1}.resx file", key, "WebUI");
                }
            }
            return string.Format("{0} not found in {1}.resx file", key, "WebUI");
        }
    }
}

If you have a custom controls where you want to read from a resource file: 

txt.Text = ResourceHelper.GetValue(ConfigKey);

Also in you Web pages you can directly use as:

using System;
using System.Collections.Generic;
using System.Web.UI.WebControls;
using Resources;


namespace Web.UI.Reports
{
    public partial class ProspectCallback : System.Web.UI.Page
    {
        #region Page Events
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Page.Master != null)
            {
                var lblPageTitle = (Label)Page.Master.FindControl("lblPageTitle");
                if (lblPageTitle != null)
                {
                    lblPageTitle.Text = WebUI.PageTitle; //WeUI is namespace of resource file.
                }
            }            
        }
       
    }
}

Hope this helps.

Sumedh. 

Select distinct from generic list using linq

If you have a generic list which has a multiple data like

ID  FirstName  LastName  City  State Zip

1   ABC           Z              PN   LA     25341

2   XYZ           R              UI   TG     56742

1   ABC           W             PN   LA     25341

3   UHY           R             HJ    UH    34256

3   UHY           J              HJ    UH    34256 

Now if you want to get select distinct rows on based on ID, then through Linq this can be done easily as :

 

var unique =
    from w in genericList
    group w by w.ID
    into g
        select g.FirstOrDefault();

 

This will be useful where we have the generic list with duplicate data or data with duplicate IDs.

 

Sumedh

Finding all controls in an ASP.NET Page

This can be done through enumerating all the controls in the control hierarchy:

Add a method in a common class

 

/// <summary>
/// Find the Controls inside a Page
/// </summary>
/// <param name="parent"></param>
/// <returns></returns>
public static IEnumerable<Control> EnumerateControlsRecursive(Control parent)
{
     foreach (Control child in parent.Controls)
     {
            yield return child;
            foreach (Control descendant in EnumerateControlsRecursive(child))
               yield return descendant;
      }
 }

 

Implement this method like this on the PreRender event of a page :

 

 protected override void OnPreRender(EventArgs e)
 {
      foreach (var control in RecursiveHelper.EnumerateControlsRecursive(this))
     {
                
        if (control is TextBox)
           SetTextBoxStyle(control as TextBox);

        if (control is RegularExpressionValidator)
           SetTextBoxEnterValidation(control as RegularExpressionValidator);
      }
 }

 

Then add your method seperately for assigning the common attributes to each control.

 

 private static void SetTextBoxStyle(TextBox textBox)
 {
       textBox.CssClass = "emptyMessageStyle";
 }

 

 

Hope this will help.

Sumedh

Ajax .Net 3.5 Control Toolkit MaskedEditExtender Default to PM

MaskedEditExtender can be set to default to PM.

I modified the code from http://forums.asp.net/t/1339632.aspx

to this

 

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="SoluTest_Mask._Default" %>
 
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="ajaxToolkit" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
 
    <script type="text/javascript">
        //Set the default text to "PM"
        var mee;
        function pageLoad() {
            //Please use your MaskedEditExtender's id or behaviorId.
            mee = $find("MaskedEditExtender3");
 
            //The target textbox control
            var e = mee.get_element();
 
            //Remove the focus event handler
            if (mee._focusHandler) {
                $removeHandler(e, "focus", mee._focusHandler);
            }
            //Add a new focus event handler which inherits from the old one.
            mee._focusHandler = Function.createDelegate(mee, newFocus);
            $addHandler(e, "focus", mee._focusHandler);
        }
        function newFocus() {
            mee._onFocus();
            if ((mee._MaskType == AjaxControlToolkit.MaskedEditType.Time || mee._MaskType == AjaxControlToolkit.MaskedEditType.DateTime) && mee.get_CultureAMPMPlaceholder() != "" && mee._getClearMask() == "") {
                if (mee._AcceptAmPm) {
                    //The original code of default AM/PM text in function _onFocus() is:
                    //this.InsertAMPM(this.get_CultureAMPMPlaceholder().substring(0,1));
 
                   mee.InsertAMPM(meeTueEndCorp.get_CultureFirstLetterPM());
                   mee.setSelectionRange(0, 0);
                }
            }
        }
    </script>
 
</head>
<body>
    <form id="form1" runat="server">
    <asp:ScriptManager ID="ScriptManager1" runat="server">
    </asp:ScriptManager>
    <div>
        <strong>Enter Time (format: <em>99:99:99</em>):</strong>
        <br />
        <asp:TextBox ID="TextBox3" runat="server" Width="130px" Height="16px" />
        <ajaxToolkit:MaskedEditExtender ID="MaskedEditExtender3" runat="server" TargetControlID="TextBox3"
            Mask="99:99:99" MessageValidatorTip="true" OnFocusCssClass="MaskedEditFocus"
            OnInvalidCssClass="MaskedEditError" MaskType="Time" AcceptAMPM="True" ErrorTooltipEnabled="True" />
        <ajaxToolkit:MaskedEditValidator ID="MaskedEditValidator3" runat="server" ControlExtender="MaskedEditExtender3"
            ControlToValidate="TextBox3" IsValidEmpty="False" EmptyValueMessage="Time is required"
            InvalidValueMessage="Time is invalid" Display="Dynamic" TooltipMessage="Input a time"
            EmptyValueBlurredText="*" InvalidValueBlurredMessage="*" />
        <br />
        <em><span style="font-size: 8pt">Tip: Type 'A' or 'P' to switch AM/PM</span></em>
    </div>
    </form>
</body>
</html>

Hope this Help

Sumedh

 

Cheap MLB Jerseys maillot de foot pas cher www.fotballdrakter.org