Monthly Archives: September 2010

3 posts

Batch update your Web.config to workaround ASP.NET security vulnerability

[UPDATE]: There is no need for using this tool to update your web applications, because Microsoft has released the official ASP.NET security fix through Windows Update: http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx You may have already known the newly discovered ASP.NET security vulnerability, and the suggested workaround is to modify your Web.config file until Microsoft releases a security path, as mentioned in Scott’s blog: http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx. I hope you have already updated your application according to the workaround. However, what if […]

The request filtering module is configured to deny a request that exceeds the request content length

I have a file upload Web application running perfectly fine on IIS 6 server, but when I migrated it to an IIS 7 server, when I try to upload a large file, it throws an error saying: The request filtering module is configured to deny a request that exceeds the request content length. It puzzled me because I have this setting in my Web.config file: <httpRuntime maxRequestLength=”2097151″ executionTimeout=”7200″ /> This setting should allow me to […]

How to pass value to parameter in a parameterized query with IN clause

Take a look at the following MS SQL query: SELECT MT.MeetingTypeName, COUNT(DISTINCT(A.MemberId)) AS AttendanceTotal FROM MeetingAttendance AS MA INNER JOIN MeetingType AS MT ON MA.MeetingTypeId = MT.MeetingTypeId WHERE (MA.MeetingDate = @meetingDate) AND (MT.MeetingTypeId IN (1,2,3)) What if the IN clause in the above query needs to be dynamic? Can you use a parameter for the IN clause like this? SELECT MT.MeetingTypeName, COUNT(DISTINCT(A.MemberId)) AS AttendanceTotal FROM MeetingAttendance AS MA INNER JOIN MeetingType AS MT ON MA.MeetingTypeId […]