InfoQ : Conversation Patterns for Software Professionals

This book includes a set of cut-and-dried techniques for improving your cooperation with the business. The main goal of this publication is to give you two key skills: discovering the business needs and managing the conversation in a way that will enable you to collect precise and useful information.

Download the free 87 page ebook from here – https://www.infoq.com/minibooks/conversation-patterns

 

ASP.NET – Post html/script without setting validateRequest=false

If you are an ASP.NET developer you might have encountered this famous error at least once in lifetime:

Error: A potentially dangerous Request.Form value was detected from the client

This can be easily avoided if you set directive validateRequest=false. But this is not a good approach as this opens the door to  hackers.Here is an alternate way to post HTML tags/script etc. “malicious” contents to server without turning off request validation.

1. In the submit button (or form onSubmit) add a client script click – OnClientClick=”return PreSubmit()

2. Do an “escape” of text using javascript in PreSubmit() function. Like, using jQuery: $(“.FAQEdit”).val(escape($(“.FAQEdit”).val())); here, FAQEdit is my textbox.

3. Now, at the code behind, do an “unescape”. You can use HttpUtility.UrlDecode(FAQEdit.Text) for this purpose.

4. Done! now you are free from the error

 

10 tips on writing reusable code

http://hoskinator.blogspot.in/2006/06/10-tips-on-writing-reusable-code.html

This is a post from 2006 by “hoskinator”, but it is still relevant – not only for Java.

  1. Keep the code DRY
  2. Keep the code follow SRP. Make a class/method do just one thing
  3. Write unit tests
  4. Separate business logic from framework code
  5. Use some abstraction methods like Interface
  6. Keep the code follow Open/Closed principle.
  7. Don’t write code that isn’t needed
  8. Try to reduce coupling
  9. Be more modular
  10. Write code like your code is an External API
 

Safe format to save date/time in SQL Server

Below are safe/general formats which can be used with INSERT/UPDATE statements.

yyyy-mm-dd hh:mm:ss.mmm
yyyy-mm-ddThh:mm:ss.mmm

Delimiters can be / OR – OR space. Examples:

  • 2001-05-21 10:15:50.192
  • 2001-05-21T10:15:50.192
  • 2001-05-21
  • 20010521 10:15:50.192
  • 2001/05/21

SQL example:

UPDATE
    testtable
SET
    testdate = ‘2001-05-21T10:15:50.192’
WHERE
    id = 1   

WARNING: Use this only when you are sure your application IS NOT targeting any other databases (Oracle, MySQL etc.) other than SQL Server.

Please check my previous post as well.

 

How to save date/time from .NET to SQL Server?

Date format exceptions are wired headaches especially when you move your application from one server to another.

So, it is recommended:

  • Always persist date/time information as DateTime type in database
  • Never do custom formatting while passing date time information between different components. Use only .net DateTime types

  • Use custom formatting if required only when information is displayed in UI honoring the current UI culture info.

Below example shows a recommended practice: