The Code Project

The Code Project is a site that is home to a large community (approaching 2 million members) of .Net Articles (and Web/Scripting, General Reading, ASP.net, C# and more). Article topics range from tutorials in specialized areas of web technologies to custom designed controls. The good news is that there are many very informative articles hosted on CodeProject, and lots of free code, controls and ideas. The only catch is that there is no apparent quality control other than the user-feedback rating section. So be sure to keep an open (and analytical) mind before adopting advice from some random article. That said, I have found lots of good stuff here.

Handy .net Regex app

As I am learning more about regular expressions and I want to use some in my code, I find myself in a bit of a quandry – how can I try out the regular expression that I am using to see if it does what I need it to do (with the .net flavor of Regex).

I found this very useful application (download here). It is a C# demo program for using regular expressions with the .Net framework. Source code is included.

The site also has a good .Net and general Regex reference.

DataReader vs. DataSet

In a 4 Guys article entitled Why I Don’t Use DataSets in My ASP.NET Applications and in a blog post, Scott Mitchell discusses the merits of using DataSets to retrieve data in an ASP.net application (or lack thereof). Here’s the gist of it:

Although DataSets provide many useful builtin functions, they add a large amount of overhead (which will increase the more data is retrieved). Check out A Speed Freak’s Guide to Retrieving Data in ADO.NET for more conclusive numbers backing this up. The increase in performance using a DataReader (or SqlDataReader if you are using Sql Server) more than offsets the loss of functionality. So Scott concludes (though many of his other readers disagree).

Personally, I agree. So far I have exclusively used SqlDataReaders in my development efforts. (Though as soon as I start working more with Web Services, XML and Desktop I will probably start to delve in to DataSet-land).

Update: Scott has posted a new article on 4Guys: More On Why I Don’t Use DataSets in My ASP.NET Applications, responding to 60+ comments that were made on the original article. If anything, he is now even more adamant that DataReader is the only way to go.

Don’t Trust ViewState

In this blog post by Scott Mitchell, Scott gives a review of the issues brought up by this article, discussing ways in which a page’s ViewState in ASP.net could be used to compromise a site. ViewState is encrypted by default (unless you set EnableViewStateMac to false, which you shouldn’t need to do). If a ViewState is posted to a page that did not encrypt it, the server will throw an error. However, if a ViewState is posted to the same page (perhaps with different querystring parameter settings), the page may accept the posted VIewState and use its data:

The point is, don’t trust view state (or the data that is put there by Web controls, such as the DataGrid). That is, if you have important information, such as pricing data, it’s OK if it is placed in view state (such as in a row in a DataGrid), but don’t grab the pricing data to charge by just poking around the view state (as in programmatically accessing the contents of a DataGrid). Instead, if you need to get pricing information (or any other important bit of information) for the final order processing, it is imperative that you requery the database.

You have been warned.

baregrep

Found this nifty tool to perform regular expression searches on file (and I didn’t want to pay $150 for PowerGREP). Google helped me out and led the way to baregrep. Works very fast, easy to use interface, yada yada. You can pay them $25 to get rid of the splash screen, or just use it for free. They also have a good one-page regular expression reference, in case you are in need of a little brush-up.

Update: One shortcoming that I have found is that it doesn’t handle Unicode well. The original reason why I needed this tool was so that I could generate a script from Sql Server of all of my Stored Procedures for a certain project, and then search the script for certain text. I find that in order to do this, after I have first generated the script I then need to go and save it again as ANSI (it was created in unicode). Oh well. I guess I can’t really complain too much, given the price that I paid to obtain the software.