The STUFF Function is used to replace one string in your data with another string. It deletes a specified length of characters from a string beginning at a specified start position and replaces them with another string beginning at the start position. The STUFF is very useful when you wish to only replace one specific [...]
Published on Website Magazine Blog – 06/25/08
SQL Injection Detection and Defense
Microsoft has released tools to help website developers in their defense against SQL injection on sites that use ASP and ASP.Net technologies. The tools include URLScan 3.0 (which is in beta release) and Microsoft Source Code Analyzer for SQL Injection (MSCASI), available as a Community [...]
SQL Server 2005’s ROW_NUMBER ranking function allows you to accomplish pagination of your selected set of data. You need to determine the row number so that you can select a subset of the data. For instance, you may want to feature 5 articles on your web page. The first article flagged as featured will be [...]
Thanks to Nico from Microsoft for pointing out a method I missed in my initial post. When constructing sql statements dynamically do not concatenate strings. Instead, use parameters when constructing your sql statements dynamically. For more information see – How To: Protect From SQL Injection in ASP.NET.
Microsoft also provides some good guidelines [...]
