Once I had a chance to check, what’s inside of such a device. Unfortunately, I haven’t taken any picture during repair process.
Device was brought to me with the words, that computer doesn’t see it and probably someone has plugged USB type B cable into device upside down.
At first I thought about burned voltage regulator or a fuse. However, when I opened the case, I could not find any burned part or any smell. I checked the power lines as much as I could and did not find any fuse, but instantly found 5 to 3.3 volt LDO regulator. The most strange thing I found was that I could not find any connection between USB connector and LDO. The power track on PCB was just going into the innermost layers after ferrite bead and I could not find any way out for it. Also I could not find anything similar to the fuse or protecting diode or transistor.
Connecting USB cable gave 5V at the beginning of power supply net up to the via. On the LDO input there was only couple of tens of millivolts. Checked for shorts and then connected power supply input via after all the filters with LDO input. And it took device alive. LEDs lighted up and blinked in sequence, Windows found new device and started installing driver for it.
I have installed some software from Dearborn website for this device and connected it once again. Checked all the functions are working, as much as I could without diagnostic cable to connect device to my car, and proper LEDs are blinking.
So I came to decision, that when somebody connected USB cable upside down and made reverse polarity power connection, the inner power track or some via did not managed to handle so much short circuit current and gave up. I have connected the power supply via to second part of the power supply line with a piece of copper wire, checked that nothing heats up, assembled the device and returned it to the owner.
Recently I have received the TTP229 based 16 key touchpad, ordered from eBay.
Unfortunately no datasheet was provided with this module, nor could I find one from the internet.
Searching for TTP229 chip datasheet also brought unsatisfying results, since there is no datasheet available for exact chip revision used on module. However datasheets for alternative revisions were avaialble and I have found chip comparison table in some chinese blog.
With this information, I have traced, how chip is connected on the board and how it is configured. By default only 1 group of first 8 buttons works. However, if you solder pinheaders into the holes on the board, you can configure it differently with installing and removing jumpers.
With only 2 additional jumpers installed, all 16 buttons started to work and default active low mode changed into active high. I have written a simple Arduino sketch available at my GitHub repository https://github.com/dmmedia/TTP229B_16keypad to demonstrate how the thing is working. And if you connect via SerialMonitor, you can see the button press and release events sent by the touchpad module and received by Arduino.
My next plans are to rewrite Arduino sketch into a library and start using these modules in my different experiments and projects. Modules are slim and pinheaders can be replaced by solder joints and wires where needed. Keypads can be covered with own design films or laminated paper. And the price for these modules is very low, which makes it worth to just purchase them, than making yourself.
Infinite times it was spread over the internet, that every string parameter that enters SQL query, especially user entered, should be escaped.
And again, and again, you open some critical enterprise grade project and see something like this:
CString sql = "SELECT * FROM categories WHERE category = '" + category + "'";
category is unchecked and unescaped string that comes directly from user input.
Almost every contemporary database API contain escaping either by special method or automated while using prepared statements. But nevertheless, some our colleagues still write unsafe code. I’d suggest that it should be taught at every programming course, just by showing proper database query assembling, not a quick and dirty examples as they are now.