ADODB wrapper- changes from .NET 1.0 to .NET 1.1 ??

dotNET

I had a hell of a time tracking down a problem that was occurring on a remote web service/web server today and finally came to this. Hopefully, if this helps someone else in the future, then my hours won’t have been totally wasted.

I have a webservice that is required to return a recordset (this is an old app that I wrote a lot about in the past) and has been in production for 9 months with no problems.

Since it had been written and deployed in aspnet 1.0, I just left it alone although all of my later apps were in 1.1. The application had a windows form front end and a web service backend. I finally updated the webserver at my client site to 1.1 and it broke that application.

I tracked down the problem finally to the ADODB wrapper, finally noticing that the ADODB.dll copied to my webservice was from 2/1/02 and the one on my development machine was 4/1/03. That still didn’t do the trick (grumble)

I had originally used some ASP style method for the parameters – since I have to use ADO to deal with the recordset, not ADO.NET which basically worked like this:

Dim oprm As New ADODB.Parameter
oprm = oCMD.Parameters.Item(1) ‘sampleid
oprm.Value = SampleID
Dim oprm2 As New ADODB.Parameter
oprm2 = oCMD.Parameters.Item(2) ‘testenum
oprm2.Value = testenum

Now the application was crapping out at “oCMD.Parameters.Item(1)” telling me that the object variable was not set.

This was working perfectly fine on my development machine against my w2k3, IIS6 and SQL2000 but NO LONGER WORKING on my client’s W2000 server, IIS5 and SQL7.

Finally after a lot of testing, watching sql profiler, and general state of aggravation, I found that this worked:

Dim pid = oCMD.CreateParameter(“sampleid”, ADODB.DataTypeEnum.adInteger, ADODB.ParameterDirectionEnum.adParamInput, 4, SampleID)

oCMD.Parameters.Append(pid)

Dim paramtest = oCMD.CreateParameter(“testenum”, ADODB.DataTypeEnum.adInteger, ADODB.ParameterDirectionEnum.adParamInput, 4, testenum)

oCMD.Parameters.Append(paramtest)

This finally gave me success. I’m sure if I had realized exactly what the problem was I could have found information via google or msdn, but the real problem was pinpointing the problem.

your beta or your life…

Just Rambling

I was thinking this morning that I basically had two options for the day. Go snowshoe up the long trail becasue it’s a nice day and I have been spending way too much time in front of my computer – or figure out how to set up VPC, install the winxp sp2 beta, and figure out how to test all of my apps in that environment. I was cruising the blogs while eating my breakfast and came across this suggestiive post title from Robert Scoble “This weekend, try out XPSP2 and give us feedback”. What an eye opener. Ask my husband who he believes is my favorite charity  — the answer is pretty sad … Molly Stark’s Balcony, here I come…

HTMLEncode and Cross Site Scripting Attacks – User Input is not always coming from the form!

dotNET

One thing to consider when rendering output to the browser is to htmlencode any text that you are sending out to the browser. eg. label.text=htmlencode(mystring). It’s pretty obvious to do this with direct user input – for example a search form where you spit back “Your search for ‘dogs’ resulted in 23 articles”. But consider user input that has been stored in a database. That is STILL user input! Perhaps a user profile where “favorite color” = “<script>alert(‘you are SOL dude’)</script>”. So even though the text is not coming from a form input page, it is coming from your database, you still need to htmlencode.

HTMLEncode is not always going to be the solution, but you should use it by default and then decide not to use it if you have a reason. Here is a post by Jon Box where he has a similar conundrum.

Similarly, the Page object’s ValidateRequest (in ASP.NET 1.1) which is on by default, is not going to be helpful 100% of the time but you also need to be very thoughtful if you are going to turn it off. Here is some more info on that from Don Kiely.

Who’s running the marketing department – 10 year olds?

Vermont

First it was Urban Outfitter’s “voting is for old people” t-shirt, now it’s K-2 snowboard division, Ride Snowboard’s, attempt at a dig on Burton (trade show banners which said “The worst thing about riding a Burton is telling your friend you’re gay.” ) which is not only stupid and insensitive, but it doesn’t even make any sense. Burton is a local business here (with ties to my user group Vermont .NET) and I caught this latest via Roman Rehak’s blog.

Stephen Walther – Software Legend!!!!! Congrats

Community Cheerleading

I just read this on Amy Sorokas’ blog and will just copy & paste cause it’s so cool!!

Stephen Walther was named a Software Legend by Microsoft today in recognition of his contribution to the Microsoft developer community as an author, trainer and developer. Microsoft selected Walther to join the Legends because of his best selling title, ASP.NET Unleashed, which many developers cite as one of the most comprehensive and accessible resources on ASP.NET available.

 

With this honor, Walther joins an impressive class of other Software Legends, including Billy Hollis, Jeffrey Richter, David Chappell, Rocky Lhotka, Alex Homer, Dave Sussman, Juval Lowy, and David Platt.  The Software Legends program was created by Microsoft to recognize authors who have significantly contributed to the developer community and its understanding of the Microsoft .NET Framework.  

 

http://www.samspublishing.com/walther 

Hooray. Congrats to Steve & Ruth. Ruth is Steve’s wife, has been my co-chair on the user group relations committee for INETA  for the past year and is also Steve’s business partner and enabler in so many ways.