11 Programming Mistakes You Don’t Even Realize You’re Making

Disposing Objects Properly

The ‘using’ syntax doesn’t get nearly the kind of exposure it should, and it’s all to easy to not understand which objects need to be disposed of properly, and for which it doesn’t matter. For example, I bet you realize that SQLConnections should always be closed, and disposed of, but what about StringWriter? It too needs proper attention.

using (StringWriter myStringWriter = new StringWriter())
{
	// . . .
}
using (SqlConnection con = new SqlConnection(myConnectionString))
{
	using (SqlCommand cmd = new SqlCommand(stringSQL, con))
	{
		// . . .
	}
}

Filling Your Database With Bad Data

User input. We love it, we hate it, and most of the time, it defies our expectations in one way or another. Here are some ways you probably aren’t properly taking care of your data:

  • proper capitalization of names
  • trimming leading and trailing spaces or zeros
  • verification of birth-dates : leap years, and improbable ages (a user registering who says they are 110 years old? Or, that they are only 2 years old?)
  • data encoding and decoding, especially for HIPA requirements
  • along the lines of multi-line or rich-textboxes, cleaning up HTML where there shouldn’t be any or removing MS Office meta-data from naive users’ copy-paste operations
  • length restrictions both in your code and on your database – so your FirstName field doesn’t take up VARCHAR(MAX) disk space

Shooting Yourself In The Foot With Lack of Documentation (Or Comments)

Simply put, the proper amount of documentation is near impossible to achieve. While we shouldn’t be writing novels in our code, they should quickly jar our memory when we need to revisit them a few years later. Whether it’s specification documents, contracts, or comments, it’s all to easy to fall short.

Slowing Your Own Server Down With Debug Mode

Debugging is great for us developers, but in production servers, it takes up extra processing power.

<compilation debug="true">

Unnecessary Post Back Operations

While intermediate developers are probably aware of the IsPostBack feature, new ones may not be, causing unnecessary operations – which usually involve database calls

Unusual Circumstances Bypassing Your Data Validation

Did you know that sometimes your submit button’s onclick or onclientclick method can be called even though your validators have errors? It is true! Checking Page.IsValid will save heartache and mysterious bad data.

if (! Page.IsValid)
{
// return to the page - the validators will now show their error messages
return;
}

Sluggish Server Responses Via UpdatePanel

Although it seems like magic, ASP.NET AJAX’s UpdatePanel has some necessary flaws, and it’s important to know them. When UpdatePanel updates asynchronously, it performs a postback by sending the data of everything inside it via HTTP. Now, if you have a lot of data inside your UpdatePanel, this update is going to be very slow.

Crashing Your Own Server With Session Data

If you’re storing a lot of stuff in your Session variables, be warned, this can act like a DOS attack on your server (OWASP, more info). Basically, SessionData takes up memory, and with enough users, it begins to act like a memory leak.

Query Variable Injection

Query variables can be useful, but also terrible, as it exposes data to the user for all-too-easy manipulation any dabbler can play with. SQL injection is also something to watch out for, however the fix for this can be as simple as using ASP.NET’s built-in parametrized queries.

Leaving Document, HTML Files Insecure

By default, IIS only applies your security settings (usually in your web.config file) to ASP and ASPX files, leaving any images, HTML, or other document files open for anyone who has the URL. To fix the problem, special settings can be applied to IIS.

Tying Your Database’s Hands Behind Its Back With Lack Of Keys and Indexes

MS SQL Server, and other servers, have out-of-the-box optimizations that make your queries run surprisingly fast. However, they all depend on the query analyzer being able to pick up on ways to speed up the query. Basically, when you don’t use keys or indexes, the query analyzer doesn’t know what to do with your data, and thus can’t really make any optimizations. As a result, it defaults to the most reliable way of doing things, which is consequentially, the slowest.

Advertisements

Gotcha: Chrome IFrames Don’t Render

While creating a website that needed an IFrame, I ran into a peculiar problem: my IFrame rendered in all the browsers except Google Chrome. But in Chrome, my Iframe doesn’t show up at all.

My code looked like this:

<html>
<head>
</head>
<body>
  <center>Stuff</center>
</body>
</html>

The solution is simple, just flesh out your page a little more, making sure to declare the doctype and title tags, like this :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<title>My Stuff</title>
</head>
<body>
  <center>Stuff</center>
</body>
</html>

SQL Scope_Identity() Gotcha


PROCEDURE [dbo].[SaveInfo]
(
-- ... parameters ...
)
AS
INSERT INTO Table1 ( ... ) Values ( ... )
RETURN SCOPE_IDENTITY()

This code doesn’t quite do what you think it does. If the insertion goes successfully, it returns the ID of the newly inserted row. But if not, what is returned is actually the ID of the last known record. If you are depending on this ID, use transactions for saftey; or alternatively, try-catch.