Let’s say you have a user input field that you want the user to type data into which will be later displayed back to the user. You don’t want the user putting in their own html or other things (like javascript tags) because that could cause bad things to happen on your page.
The easiest thing to do is to set the page attribute to not do request validation
<%@ Page Title="" Language="C#" MasterPageFile="~/DefaultNoColumns.master" AutoEventWireup="true" ValidateRequest="false" CodeFile="SponsorInformationEdit.aspx.cs" Inherits="SponsorInformationEdit" %>
Then, store whatever the user types in the textbox including the nasty things like <script …
When you get around to displaying the data back, simply encode it like this:
LabelShortDescription.Text = HttpUtility.HtmlEncode(rec.CompanyDescriptionShort);
Then, if the user put a bold tag in the html, they will get this displayed back:
and no harm will occur.
Introduction
If you’ve started using SqlAzure for your SqlServer with your Azure application, you’ve probably discovered that you get a reasonable number of connection failures. The advice from the Azure team is add retry logic to all your connections to SqlAzure. There is a long discussion posted by the Azure team here.
The key paragraph states the problem as follows:
The Problem
One of the things that SQL Azure does to deliver high availability is it sometimes closes connections. SQL Azure does some pretty cool stuff under the covers to minimize the impact, but this is a key difference in SQL Azure development vs. SQL Server development.
Basically, what this means is that you must be able to deal with connections failing when you call SqlAzure. Something that all of probably should have been doing forever, but because most of the time SqlServer is running on your local LAN and the likelihood if a connection failing was next to zero unless something else was going terribly wrong. Certainly not something we had to do on regular basis. To emphasize that even more, most of the controls built into asp.net that open connections to sqlserver don’t even do this and that’s from Microsoft itself.
The solution proposed in the thread mentioned above basically has you add tons of code to everyplace you access a connection object. Personally, I don’t like that because I have hundreds if not thousands of places I open connections and inserting tens of thousands of lines of extra new untested code is a little scary.
So, what to do?
Fortunately, another team at Microsoft, known as the Windows Server AppFabric Customer Advisory Team published a general purpose solution using Extension Methods and some darn clever coding wrote a great article and published code including azure examples that solves this problem very elegantly without requiring a lot of changes to your existing code base.
In this article I plan on giving an example and publishing a sample project that uses this code with SqlAzure to solve the connection retry problem. My goal here is not to simply restate what they published but to simply have a very simple concrete example of using their library.
(more…)
