RSS ? Recent Blog Posts

Blogs ยป Archive for April 16th, 2004

European Commission Funds Open Source

by Blane Warrene

The Register is reporting today that the Consortium for Open Source in Public Administration (Cospa) has received 2.6 million in funds toward its total cost of 4 million to disseminate, promote and study open source solutions for European govermental bodies who seek more economical means for their technology programs.

The belief is that overall cost will be less and benefit greater than using proprietary solutions in some cases.

This has been a hotly debated topic in the US with advisory firms and think tanks arguing on both sides of the fence over if closed or open source software is more efficient, more economical and sustainable over the long term.

Regardless if you fall on either side of the argument, activities and organizations like this will certainly bring the proof and truth of open source viability to the surface. This author believes that both closed and open source solutions can co-exist and in some cases can be complimentary for difficult requirements.

I am convinced that one advantage open source has in evolving as a more robust and secure platform is certainly the wide open exposure of source code to the community at large to test and improve.

The story can be found …

Friday, April 16th, 2004 | Posted in Open Source | No Comments »

 

Parameterised SQL Queries

by miseldine

Reading on the forums, this question often arises. How and why should we use parameters in our SQL queries?

First things first. Here’s a parameterised query:

sqlConnection1.Open();
SqlCommand comm = new SqlCommand(”select * from foo where id=@fooId”,sqlConnection1);

// Create a new parameter with the name of the parameter and in this case the value
SqlParameter idParam = new SqlParameter(”@fooId”,1004);

comm.Parameters.Add(idParam);

SqlDataReader dr = comm.ExecuteReader();

Notice, in our SQL statement we place parameters prefixed with “@” where we’d normally enter the raw data. A parameter is then created with the name of this subsitution and the value to be entered.

Advantages

Parametered queries offer several advantages over non-parametered queries. Firstly, they help protect against injection attacks as the way in which SQL parameters are passed prevents the use of apostrophes and hyphens that can be used in such attacks. If coupled with stored procedures too, you can also secure the execution of the procedure with permissions, and any input would need to be in the context of the permission holder.

SQL server will also cache the execution plan of a parameterised query. This means the next time you run the same query, the database will already know how to execute your query in cache, speeding up access.

mySQL and Parameters

But not all …

Friday, April 16th, 2004 | Posted in .NET | 3 Comments »

 

Sponsored Links

April 2004
M T W T F S S
« Mar   May »
 1234
567891011
12131415161718
19202122232425
2627282930  

Subscribe

SitePoint Newsletters

Get all the latest tips by signing up to all of SitePoint’s informative newsletters.

HTML   Plain

SitePoint Blogs

SitePoint Marketplace

Buy, Sell, Trade

Buy and sell Websites, templates, domain names, hosting, graphics and more.

Logo Design, Web page Design and more!

99designs

  • Custom logo designs created ‘just for you’.
  • Pick the design you like best.
  • Only pay if you’re satisfied with the result.

Want More Traffic?

Get up to five quotes from qualified SEO specialists, with no obligation!

Get A Free SEO Quote Now!