We are almost at the end of 2009, and this year there have been some interesting things happening in the world of .Net and Microsoft. There was the release of Silverlight 3, Internet Explorer 8, updates to the AJAX library and toolkit, and just over a month ago we got Windows 7.

I thought I would point out a few new .Net technologies to look out for next year.

• Visual Studio 2010 and ASP.Net 4.0: Microsoft already released beta versions of Visual Studio 2010 that will be running the ASP.Net framework 4.0. They aim to release the newest edition of Visual Studio and ASP.Net 4.0 on 22 March 2010.
• MVC Framework: The first version of this framework has been released in March 2009. Currently MVC 2.0 Beta is available for download. Microsoft has made several changes to this framework since the first release. You should find the latest version available for download in the first half of 2010.
• JQuery: It has taken Microsoft a while to wake up, but it is nice to know that JQuery is being adopted by Visual Studio. JQuery is a Javascript library that has a lot of neat tools in it's bag.  It is very helpful for taking care of mundane tasks like "get that div" or "set that text box value."  It also has a great set of methods for dealing with AJAX.  
• WCF, WF and WPF: ASP.Net is a maturing framework that will continue to move forward, with or without you. The best advice I have is to get on the wagon. Tools and accompanying frameworks are maturing in line, but behind, the .NET framework - your applications should be as well.  The earlier you start, the better. WCF, or known as Windows Communication Framework, is used to abstract the "plumbing" of your application. It can save you hours and hours of coding.
• Silverlight 4.0: Microsoft Silverlight is a web application framework that provides functionalities similar to those in Adobe Flash, integrating multimedia, graphics, animations and interactivity into a single runtime environment. Silverlight 4.0 Beta has been released last month, so do not be surprised to see the latest version available before June 2010.

Ever wondered how to access class properties in another class, that is compiled into another assembly? The only way I figured I could do this, was to use reflection. Reflection provides objects (of type Type) that encapsulate assemblies, modules and types. You can use reflection to dynamically create an instance of a type, bind the type to an existing object, or get the type from an existing object and invoke its methods or access its fields and properties. If you are using attributes in your code, Reflection enables you to access them.

Here is how I did it.

First, remember to reference the reflection namespace in your file.

   1:  using System.Reflection;

You need to add a reference to the assembly, by using the "Add reference", then select the file, from the project you are working from.

You will also have to know the name of the class and first get the type, before you will have to loop through the Type, to access the properties. In my case I know the class I had to access was called "Employee". Once I have this knowledge, all that I still had to do, was find the public properties.

Here is a quick example.

   1:   using System.Reflection;

   2:  // ... code here

   3:   

   4:      Type employeeType = typeof(Employee);

   5:      System.Reflection.PropertyInfo[] properties = employeeType.

   6:              GetProperties();

   7:     

   8:   foreach (System.Reflection.PropertyInfo prop in properties) {

   9:          Response.Write(prop.Name);

  10:      }

  11:   

  12:  // ... code here

I hope this will help you, as it helped me.

Often we need to capitalize the first letters of a word or some text (for example when a user enter their name in caps, we want to format it to title case before saving to the database). Since the string class does not have a method to do this, I looked at another way to change the case. I found the ToTitleCase method of the TextInfo class in System.Globalization namespace that does exactly what we need: capitalizes the first letter of each word in the string.

Here is an example:

   1:  using System.Globalization;

   2:  // more code here

   3:  string siteName = CultureInfo.CurrentCulture.TextInfo

   4:  .ToTitleCase("dascode");

After we execute this line of code, sitename will now be "Dascode".

SQL injections are code injection technique that exploits a security vulnerability occurring in the database layer of an application. This normally happens when user input is not being validated, or errors are not handled, and displayed to a potential hacker. Successful SQL injection attacks will enable malicious users to execute commands in an application's database.

There are several ways to do this, however I am going to show you how to check for a SQL injection using a method that will check the input, and return true or false.

For a test, I created a Console Application.

   1:          private static void Main()

   2:          {

   3:              Console.WriteLine("Please enter text input to check for 
SQL Injection and then press enter.");

   4:              

   5:              string userInput = Console.ReadLine(); 

   6:   

   7:              Console.WriteLine(checkForSQLInjection(userInput));

   8:              Console.ReadLine();

   9:   

  10:          }

The following method will check for possible sql injection input, and return true or false.

   1:   public static string checkForSQLInjection(string userInput)

   2:          {

   3:              bool isSQLInjection = false;

   4:   

   5:              string[] sqlCheckList = { "--",

   6:                                          ";--",

   7:                                          ";",

   8:                                          "/*",

   9:                                          "*/",

  10:                                          "@@",

  11:                                          "@",

  12:                                          "char",

  13:                                          "nchar",

  14:                                          "varchar",

  15:                                          "nvarchar",

  16:                                          "alter",

  17:                                          "begin",

  18:                                          "cast",

  19:                                          "create",

  20:                                          "cursor",

  21:                                          "declare",

  22:                                          "delete",

  23:                                          "drop",

  24:                                          "end",

  25:                                          "exec",

  26:                                          "execute",

  27:                                          "fetch",

  28:                                          "insert",

  29:                                          "kill",

  30:                                          "open",

  31:                                          "select",

  32:                                          "sys",

  33:                                          "sysobjects",

  34:                                          "syscolumns",

  35:                                          "table",

  36:                                          "update"

  37:                                      };

  38:   

  39:              string CheckString = userInput.Replace("'", "''");

  40:         

  41:              for (int i = 0; i <= sqlCheckList.Length - 1; i++)

  42:              {

  43:                  if ((CheckString.IndexOf(sqlCheckList[i],
 StringComparison.OrdinalIgnoreCase) >= 0))

  44:                  {

  45:                      isSQLInjection = true;

  46:                  }

  47:              }

  48:   

  49:              return Convert.ToString(isSQLInjection);

  50:          }

The result for a string that does not contain any thread will return false.

The result for a string that does contain any thread will return true.