Dope Wars for Android – First Droid Game

17 May 2012Written by Mike Calvert

I have been writing Android/Java code for some time trying to figure out another language. This is my first official release of a game and it is called Dope Wars for Android. This has been somewhat of a labor of love and has been rewritten many times, I hope you enjoy!

Dope Wars for Android

Here is a link to the game: Dope Wars For Android

While I am not a full time Android developer I will always be learning other languages and I must say this venture in Java was very fun. I can see a lot of the component of MVC in Android design, but I certainly missed my intellisense. Dope Wars for Android is somewhat of a basic game and was priced to be competitive against others who have written similar flavors of the game. If you are looking to play Dope Wars for Android and you want to give it a try, feel free to send me over and critiques and I will gladly take them and implement suggestions.

The road map for Dope Wars for Android includes social integration to share scores as well as other flavors to be more specific, such as nationality and product based games. If there are any questions about Dope Wars for Android feel free to leave me a line on my contact form and I will gladly send you over some details. Here are some screen shots for your viewing pleasure.

Dope Wars for Android – Home Screen

Here you see the current options of the game, including continuing screens that were left off from closing the game as well as a high score system. In the future we will be expanding the high score system to include worldwide scores and submission to social networks. Hopefully these classes created can be used for other game development in the future.

Dope Wars for Android – Buy Screen

How to find your GP Company ID

27 April 2012Written by Mike Calvert

Often times when working with Dynamics GP you will come across something that is asking for a GP company ID. This can either be an integration application, or a registration program for a cool addin, or a number of other pieces that need to connect to your data. GP has three ways to identify a company: Company Name, Database Name and Company ID. All of these luckily can be found in one table in a database. By selecting out of the SY01500 table we can determine how to find your GP company ID. Here is an example query:

How to find your GP Company ID

SELECT CMPNYNAM, INTERID, CMPANYID
FROM DYNAMICS.dbo.SY01500

This will return back the Company Name as CMPNYNAM, the Database name as INTERID and the Company ID as CMPANYID. The company ID will always be an integer, and the test company is usually -1. The InterID is always a three letter word and potentially a number. Example: DYN01, DYN02, etc. The Company Name will be the value that you fill out during setup. These tables are how to find your GP company ID and they will provide additional information about your company if you want to look further by selecting all columns.

While looking for how to find your GP company ID may seem somewhat difficult in GP it is typically best to look directly at SQL. GP does not have a great method for looking up company information and you will likely still be asking yourself how to find your GP company ID. Again, because this information is typically only required for an integraiton or special third party addins it is unlikely that GP will show you how to find your GP company ID anytime soon.

If you are looking for more information on how to find your GP company ID

Check out this excellent SQL posting from Victoria Yudin about how to find your GP company ID in SQL.

Prevent SQL Injection Attack With .NET

19 April 2012Written by Mike Calvert

There has been a large stir recently with how to prevent SQL injection attacks with .NET. Huge rumors are flying about viruses because of the nuclear incident that happened in Iran. Just to be clear, regardless of how secure any site is there is a likelihood that you can be hacked. The best we can do is prevent as much as possible so that it takes someone who is really good to do it. At that point you are dealing with a security expert and likely they will just want you to pay them for the information. Back on to the subject, to solve our security problem we must first ask ourselves, what is a SQL injection? SQL injections are a trick that hackers use to execute malicious SQL scripts on your server.

Our main goal is not to take away functionality, but to prevent SQL injection attacks

Let’s say you have a login form, and you ask for a username and password. You have a text box bound to both fields and when they hit a Login button your form code selects from the user table where user name is equal to the User text box. The SQL might look something like this:

SELECT UserId, UserName,Password FROM Users
WHERE UserName = '" + txtUserName.Text + "'

This is where a hacker can come in and where we need to prevent SQL injection attacks. The user name a hacker would fill out would be something like this:

'; DROP DATABASE myWebApp --

When your code executes it will send a drop database command to your server destroying all of your data. This is likely not the intent of the hacker as they would much rather send a command to validate their password or fetch data but the goal here is to prevent SQL injection. Here are the three big steps to prevent SQL injection attacks:

Three methods to prevent SQL injection attacks with .NET

Validate your data

The first step in a SQL injection attack is to know what the developer is expecting to happen with a field and exploit it. In reverse, the first step to prevent SQL injection attacks is to know what a hacker intends to do with a field and prevent it. This will involve checking that your text received is the right length, scrubbing for invalid characters and make a decent attempt at stripping out dangerous SQL commands or throwing back errors if you find anything.

Use SQL Stored Procedures

Stored procedures are the next great .NET tool, because a parameter passed through a stored procedure command is sent as literal text as opposed to executed with a command. While converting your commands to a stored procedure does not prevent SQL injection attacks it does give you an additional security layer in case the injection makes it through and is targeting specific commands.

Use Parameters with Dynamic SQL

Another way to prevent SQL injection attacks is to embed your input from forms as parameters as opposed to injecting them directly into the statement. This can be done simply by using an @ sign as a parameter in your statement and appending a parameter to your command object. This looks something like this:

SqlDataAdapter saoSqlAdapter = new SqlDataAdapter(
         "SELECT UserName, UserId, Password FROM Users WHERE UserName = @userName",
         connection);
  myCommand.SelectCommand.Parameters.Add("@userName", SqlDbType.VarChar, 50);
  myCommand.SelectCommand.Parameters["@userName"].Value = txtUserName.Text;
  myDataAdapter.Fill(userDataset);

Other methods to prevent SQL injection attacks

After working these three methods you should be able to prevent SQL injection attacks from mostly all attackers, if you need more information on how to prevent SQL injection attacks check out how to prevent sql injection attacks on MSN.

XML to XML – Translating XML with C#

14 April 2012Written by Mike Calvert

Working with XML documents is the new way of EDI in today’s business work. XML to XML provides a way to not only translate data that you want to work with, but also provides a way to store extreme amounts of information in a structured manner. In this article I will discuss how to use XML in two forms, XML to XML or moving one XML document to another XML document and translating it along the way and XML to Object. XML to Objects will be used in the XML to XML process but it will also help with keeping your XML uniform as well.

The most important piece in XML to XML is uniform documents

Starting out with a fresh document is very important in being successful in translation. Here is an example of a simple yet effective XML document:

The first part of XML to XML is to load the document into a XmlDocument file. We do this through instantiating a XmlDocument and calling the Load method targeting our file. The XmlDocument will be used to populate our new document and then write out to finish our XML to XML process.

            XmlDocument xmlJobDoc = new System.Xml.XmlDocument();
            XmlDocument xmlLoadDocument = new System.Xml.XmlDocument();
            XmlNode xmlJobNode;
            XmlAttribute xmlAttribute;
            XmlNode xmlRootNode = xmlLoadDocument.CreateElement("Root");
            xmlJobDoc.Load("JobDefinition.xml");
            for (int i = 0; i < 2; i++)
            {
                xmlJobNode = xmlLoadDocument.CreateElement("TruckRun");
                xmlAttribute = xmlLoadDocument.CreateAttribute("JobNumber");
                xmlAttribute.Value = i.ToString();
                xmlJobNode.Attributes.Append(xmlAttribute);

                xmlJobNode.AppendChild(xmlLoadDocument.ImportNode(xmlJobDoc.DocumentElement,true));
                xmlRootNode.AppendChild(xmlJobNode);
            }
            xmlLoadDocument.AppendChild(xmlRootNode);
            xmlLoadDocument.Save("JobFile.xml");

Xml to Xml utilizing Xml ImportNode Command

This will utilize the Xml to Xml specific command called ImportNode. ImportNode is powerful as it allows you to copy one specific section of an Xml document to another Xml document or use the Xml to Xml functionality as if you were copy and pasting. To finish up the Xml to Xml translation, we utilize the Save method on the Xml document and push the information to the specified file. If you would like to learn more about translating Xml documents from Xml to Xml or other Xml processing capabilities of Microsoft dotNet Framework, check out this MSDN article.

« Older Entries

Dope Wars for Android – First Droid Game