星期四, 7月 22, 2010

常用css

/*-------歸零-------*/
/* CSS Document */
/* Normalizes margin, padding */
body, div, dl, dt, dd, ul, ol, li, h1, h2, h3, h4, h5, h6, pre, form, fieldset, input, p, blockquote, th, td
{ margin : 0; padding : 0; }

/* Normalizes font-size for headers */
h1,h2,h3,h4,h5,h6 { font-size : 100%; }

/* Removes list-style from lists */
ol,ul { list-style : none; }

/* Normalizes font-style and font-weight to normal */
address, caption, cite, code, dfn, em, strong, th, var
{ font-style : normal; font-weight : normal; }

/* Removes list-style from lists */
table { border-collapse : collapse; border-spacing : 0; }

/* Removes border from fieldset and img */
fieldset,img { border : 0; }

/* Left-aligns text in caption and th */
caption, { text-align : left; }

/* Removes quotation marks from q */
q:before, q:after { content :''; }



/*-------包覆類-------*/
#wrp{

}

#wrapper{

}

#contentWrapper{

}



/*------- 頁首類-------*/
#header{

}

#header h1{

}

#header #logo, #header .logo{

}

#banner{

}



/*------- 選單導覽類-------*/
#mainNav{

}

#subNav{

}



/*------- 內文類-------*/
#intro{

}


#about{

}


#newsRelease{

}


#summary{

}


#primary{

}


#secondary{

}


#content{

}



/*------- 零件類-------*/
#calendar{

}



/*-------商品類-------*/

#productList{

}

#orderForm{

}



/*------- 頁尾類-------*/
#footer{

}



/*-------排版類-------*/
#column_one{

}

#column_two{

}

#column_three{

}

星期三, 7月 07, 2010

ASP.NET 使用 App_code 內的 Control

在頁面上方加入下面代碼即可
<%@ Register Assembly="_code" Namespace="A" TagPrefix="abc" %>

ASP.NET 增加 App_code 的目錄

在 Web.config 內增加


<configuration>
    <system.web>
      <compilation>
         <codeSubDirectories>
           <add directoryName="View"/>
         </codeSubDirectories>
      </compilation>
   </system.web>
</configuration>

CSS Style 及 JS Style 對照表

CSS Properties to JavaScript Reference

CSS Properties To JavaScript Reference Conversion

CSS Property JavaScript Reference
background background
background-attachment backgroundAttachment
background-color backgroundColor
background-image backgroundImage
background-position backgroundPosition
background-repeat backgroundRepeat
border border
border-bottom borderBottom
border-bottom-color borderBottomColor
border-bottom-style borderBottomStyle
border-bottom-width borderBottomWidth
border-color borderColor
border-left borderLeft
border-left-color borderLeftColor
border-left-style borderLeftStyle
border-left-width borderLeftWidth
border-right borderRight
border-right-color borderRightColor
border-right-style borderRightStyle
border-right-width borderRightWidth
border-style borderStyle
border-top borderTop
border-top-color borderTopColor
border-top-style borderTopStyle
border-top-width borderTopWidth
border-width borderWidth
clear clear
clip clip
color color
cursor cursor
display display
filter filter
font font
font-family fontFamily
font-size fontSize
font-variant fontVariant
font-weight fontWeight
height height
left left
letter-spacing letterSpacing
line-height lineHeight
list-style listStyle
list-style-image listStyleImage
list-style-position listStylePosition
list-style-type listStyleType
margin margin
margin-bottom marginBottom
margin-left marginLeft
margin-right marginRight
margin-top marginTop
overflow overflow
padding padding
padding-bottom paddingBottom
padding-left paddingLeft
padding-right paddingRight
padding-top paddingTop
page-break-after pageBreakAfter
page-break-before pageBreakBefore
position position
float styleFloat
text-align textAlign
text-decoration textDecoration
text-decoration: blink textDecorationBlink
text-decoration: line-through textDecorationLineThrough
text-decoration: none textDecorationNone
text-decoration: overline textDecorationOverline
text-decoration: underline textDecorationUnderline
text-indent textIndent
text-transform textTransform
top top
vertical-align verticalAlign
visibility visibility
width width
z-index zIndex

Usage

Internet Explorer

document.all.div_id.style.JS_property_reference = "new_CSS_property_value";



Older Netscape's (4.7 and earlier)

document.div_id.JS_property_reference = "new_CSS_property_value";



Netscape 6.0+ and Opera (and other Mozilla)

document.getElementById(div_id).style.JS_property_reference = "new_CSS_property_value";

Note the use of parentheses instead of square brackets in newer Mozilla's "getElementById()" reference.



星期二, 7月 06, 2010

我的 SQL injection 講稿

SQL injection,Injection 即為 "注入" 的意思SQL 指令被注入功擊Code會如何?
SQL injection 常常發生於類似的代碼 String statement = "SELECT * FROM userinfo WHERE id = " + a_variable + ";"此例,a_variable 是一個 string,當 a_variable = “;DROP” 時組 合起變 statement 即變成SELECT * FROM userinfo WHERE id=1;DROP sss -- TABLE users

注意 ;DROP 的位置
一個指令被切成左右兩個指令,每個指令有正確的結尾符號 ( ; ) 因此是正確的 SQL 指令。一個指令分成兩個卻在同一個命令列中即稱為 "綜合指令" (Batch SQL Statement)

那麼要如何防止 Batch SQL Statement 的產生?

Answer:
我們可以利用 SQL Server 本身的除錯功能
如 果框起來如何? 如
SELECT * FROM userinfo WHERE id='1;DROP' TABLE users;
還有沒有其它的方法?

我們來 Youtube 看一個實際的 Hacking 體驗
http://www.youtube.com/watch?v=jMQ2wdOmMIA&playnext_from=TL&videos=709J1SkZFj0

實際案例:
Data Access Layer 安全漏洞

假如有一個函數 CommentsTop()
他有兩個參數
OrderID - int
Id - string
在此例 Id 是數字,很明顯地,Id 用 String,後面的碼沒寫好的話,就可能發生 SQL Injection


如何寫出沒有 SQL Injection 問題的 Code:
http://msdn.microsoft.com/en-us/library/ff648339.aspx


進階

交易 Transaction
模組化 ADO.NET Wrapper Library
元件設計 - ViewState, PostData, Session

恩考方向
ASP.NET 最常見的 SQL 使用方式為 ADO.NET
為 什麼會有 ADO.NET? (關於 SQL Statement)
提示:ADO.NET 前身,ODBC
ADO.NET 能做什麼,不能做什麼? (效能,安全,可利用性如何平衡)


.NET 3.5 LINQ 如何利用 Strong-Typing 又能取出資料,並 Join 兩個 Table

public static FuncIQueryable> RecentPostTopicList_query = System.Data.Linq.CompiledQuery.Compile(
(EruruDataContext context, Eruru.Data.DAL.AspnetUsers user, int maxResult) =>
context.EruruPost.Where(x => x.UserId == user.UserId && x.PostTypeId == PostLogic.BLOG_POST_TYPE_ID)
.OrderByDescending(x => x.PublishedDate)
.Take(maxResult)
.Select(x => new { PostId = x.PostId, UserName = user.UserName, Title = x.Title, PublishedDate = x.PublishedDate })
.Cast()
);


public static FuncIQueryable> RandomPostTopicList_query = System.Data.Linq.CompiledQuery.Compile(
(EruruDataContext context, Eruru.Data.DAL.EruruArea area, int maxResult) =>
from posts in
(from r in context.EruruPost
where r.AreaId == area.AreaId && r.PostTypeId == PostLogic.BLOG_POST_TYPE_ID
orderby EruruDataContext.Default.Random()
select r).Take(maxResult)
join user in context.AspnetUsers on posts.UserId equals user.UserId into temppostuser
from postuser in temppostuser.DefaultIfEmpty()
select (object)new { PostId = posts.PostId, UserName = postuser.UserName, Title = posts.Title }
);