Thursday, March 17, 2011

Publish C# formatted code in blogspot

To show formatted C# code in my blog from now on i will use the SyntaxHighlighter by Alex Gorbatchev

The quick setup is paste the following text in the blog template before the </head> tag.

<link href='http://alexgorbatchev.com/pub/sh/current/styles/shCore.css' rel='stylesheet' type='text/css'/>
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shThemeRDark.css' rel='stylesheet' type='text/css'/>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCss.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJava.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJScript.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPhp.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPython.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushRuby.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushSql.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushVb.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushXml.js' type='text/javascript'></script>
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPerl.js' type='text/javascript'></script>
<script language='javascript'>
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script>


On posting you should enclose the Html encoded version of your code with <pre class="brush: csharp"> </pre> tags. For encoding in a friendly html format you can use the html encoder

Sanitize input strings against SQL injection using Regex

If SqlParameters cannot be used this is an anti-pattern that will do the job ( C# ):
        public static string Sanitize(this string stringValue)
        {
            if (null == stringValue)
                return stringValue;
            return stringValue
                        .RegexReplace("-{2,}", "-")                 // transforms multiple --- in - use to comment in sql scripts
                        .RegexReplace(@"[*/]+", string.Empty)      // removes / and * used also to comment in sql scripts
                        .RegexReplace(@"(;|\s)(exec|execute|select|insert|update|delete|create|alter|drop|rename|truncate|backup|restore)\s", string.Empty, RegexOptions.IgnoreCase);
        }


        private static string RegexReplace(this string stringValue, string matchPattern, string toReplaceWith)
        {
            return Regex.Replace(stringValue, matchPattern, toReplaceWith);
        }

        private static string RegexReplace(this string stringValue, string matchPattern, string toReplaceWith, RegexOptions regexOptions)
        {
            return Regex.Replace(stringValue, matchPattern, toReplaceWith, regexOptions);
        }

And some tests for input strings ( C# ) ...
        [TestMethod]
        public void OnNullShouldReturnNull()
        {
            Assert.IsNull(RegexExtensions.Sanitize(null));
        }

        [TestMethod]
        public void OnValidStringShouldReturnTheSameString()
        {
            Assert.AreEqual("a", "a".Sanitize());
            Assert.AreEqual("aa", "aa".Sanitize());
            Assert.AreEqual("-", "-".Sanitize());
            Assert.AreEqual("a-", "a-".Sanitize());
            Assert.AreEqual("-a", "-a".Sanitize());
            Assert.AreEqual("-a-", "-a-".Sanitize());
        }

        [TestMethod]
        public void OnMultipleDahsedShouldReturnJustADash()
        {
            Assert.AreEqual("-", "--".Sanitize());
            Assert.AreEqual("a-", "a--".Sanitize());
            Assert.AreEqual("-a", "--a".Sanitize());
            Assert.AreEqual("-", "---".Sanitize());
            Assert.AreEqual("-a-", "----a----".Sanitize());
        }

        [TestMethod]
        public void ShouldRemoveGroupCommentsSymbols()
        {
            Assert.AreEqual(string.Empty, "/".Sanitize());
            Assert.AreEqual(string.Empty, "*".Sanitize());
            Assert.AreEqual(string.Empty, "/**//*/*/".Sanitize());
            Assert.AreEqual("a", "/*a*/".Sanitize()); 
        }

        [TestMethod]
        public void ShouldRemoveSQLKeyWords()
        {
            Assert.AreEqual("eXec", "eXec".Sanitize());
            Assert.AreEqual(string.Empty, ";eXec ".Sanitize());
            Assert.AreEqual(string.Empty, " eXec ".Sanitize());
            Assert.AreEqual("  ", "  eXec  ".Sanitize());
        }