Would you like your name and blog/web site featured in the upcoming Dream.In.Code Newsletter? We're looking for original articles to share with all 80,000 members.

We'll be picking one article a month to include in the DIC newsletter. You can write about anything related to the programming world. From interviewing tips, to new technology news, how to implement a technology in an organization, problems to avoid, techniques and best practices, etc.

The newsletter will go out the third Wednesday of every month (this coming Wednesday, April 16).

Keep articles concise and to the point. There's no set length, but it should be informative, interesting, or controversial.

Include a link to your web site, or a short bio about you for readers to click/read.

Post your articles here and I will select one for the upcoming newsletter.

We'll also feature your article on the homepage for discussion and link to it from the newsletter.

Great idea!


I recently wrote about the response to a comment made by Bill Gates last week about the upcoming Windows 7. A lot of sources around the internet we're taking the comment far too seriously.

It's a short entry but it's somewhat controversial.

http://www.marklangenfeld.com/2008/04/07/w...ear-not-likely/

Here's my submission. Chris, you might want to edit a little on the display of links, line breaks or the code display. Because it's written for the newsletter, I hope the mentors cut me some slack for not


/*-----------------------------------------------
Use Format(), don't concatenate
-----------------------------------------------*/
Do you concatenate your SQL statements?

string sSQL = "update BlameLog"
+ " set me = '" + txtBlameDesc.Text + "'"
+ " where user_id = '" + txtUserID.Text + "'";

Oh the horror! The ugliness! Apparently you haven't read
about the exploits of a mom (http://xkcd.org/327/).

Nor have you maintained any applications where you need to
debug an SQL statement. Apparently. Try copying that into
your database editor and run it. Oh you can't? Because
you've got to remove all the idiotic plus signs and figure
out where all the single quotes are and where the double
quotes start and end.

Since you're obviously intent on exposing yourself to
SQL injection attacks and invite maintenance nightmares,
let me show you a better way.

string sSQL = string.Format("update BlameLog set me = '{0}' where user_id = '{1}'", txtBlameDesc.Text, txtUserID.Text);

Now at one glance, you know the structure of the SQL statement.
You can also easily copy the entire statement into your database
editor, make small changes to the parameters and you can run it.

The Format() function can take up to 3 parameters this way.
If you have more, then use this

object[] oaParams = { "up", "orcasquall" };
string sSQL = string.Format("update BlameLog set me = '{0}' where user_id = '{1}'", oaParams);

Dump your parameters into the object array. Then continue
numbering up the format items, so {6} refers to the 7th item.

I still hope you see the error of your ways, and use
proper SQL parameters...


Vincent (aka orcasquall)
http://polymathprogrammer.com/

I had written a short article about 2 weeks back for my college Magazine.
It's called Linux For Dummies???

I've attached a DOC file to this post.
You can also find it here.

 LINUX_FOR_DUMMIES.doc ( 25.5k ) Number of downloads: 31

I wrote a tutorial on my website called Linux in a Nutshell (A Beginner's Guide).

Don't worry about header error on the page, it'll still load. I haven't had time to work that bug out yet.