Monday, February 15, 2010

Commonly used Regular Expressions

Here is a list I put together a while back to keep for reference whenever I do validation:

First Name or Last Name




Phone or Mobile


Postcode for Australia


Postcode for the US


Postcode for the UK


Date: Day


Date: Month


Date: Year


CSV File with comma delimited text

There is also an incredibly useful tool that a colleague of mine, Ross Donald, built that had helped me out so much in the past:

Saturday, February 13, 2010

Sitefinity CMS features

Rich Text Editor

In order for the WYSIWYG editor to contain the table editor as follows:

You must edit the [Web Root Folder]\Sitefinity\Admin\ControlTemplates\EditorToolsFile.xml file and add the following tool:

  <tools dockable="false">
    <tool name="InsertTable" />

Page Navigation

For certain properties you only want to navigate to pages within your own sitefinity application, the following property with its attribute definition is the most appropriate for this requirement:

[WebEditor("Telerik.Cms.Web.UI.CmsUrlWebEditor, Telerik.Cms")]
    public string StartingNodeUrl
        get; set;

File System Navigation

Some properties may require selecting a file or folder within within your sitefinity application. The following attribute definition is the most appropriate for this requirement:

[WebEditor("Telerik.FileManager.UrlWebEditor, Telerik.FileManager")]
    public string EndNodeUrl
        get; set;

General URL Navigation

The System.Web General attribute description for a Url type Property is demonstrated below. Sitefinity would detect this and realise that it is a Url type Property, and would therefore allow the selection of a page or file within the sitefinity application:

[Editor(typeof(UITypeEditor), typeof(UITypeEditor)), UrlProperty]
    public string RedirectUrl
        get; set;

Image URL

Some images in sitefinity are stored in libraries and so the standard sitefinity dialog for selecting from either library or file system needs to be used as follows:

[Editor("System.Web.UI.Design.ImageUrlEditor, System.Design",
 typeof(UITypeEditor)), UrlProperty]
    public string ImageUrl
        get; set;

Wednesday, February 10, 2010

Classic ASP - prevent SQL Injection hacks

Typically, a developer would be tempted to write the following to connect to a database.
<%@ Language=VBScript %>
<% option explicit %>
    set cnn = server.CreateObject("ADODB.Connection")

    strSQL = "exec uspSQLInsertString " & customerID & "," & contactID

    dim result
    result = cnn.Execute(strSQL)

    cnn is nothing

This is actually a bad use of ADO which allows a potential security threat using SQL Injection.
A more appropriate use of ADO in Classic ASP is as follows:

<%@ Language=VBScript %>
<% option explicit %>
    set cmd = Server.CreateObject("ADODB.Command") 
    cmd.ActiveConnection = ConnectionString 
    cmd.CommandText = "uspSQLInsertString" 
    cmd.CommandType = adCmdStoredProc
    adDBDate, adParamInput, 6, cdate(Request.Form("hLive"))))

    dim result
    result = cmd.Execute() 

    set cmd = nothing 

This is a more appropriate way using parameterised queries.