Latest Entries »

Sunday, December 20, 2009

Simple php sample code for privent SQL injection attacts

if(isset($_POST["un"]) && isset($_POST["pw"])){


$username = mysql_real_escape_string($_POST["un"]);
$password = mysql_real_escape_string($_POST["pw"]);

$sql = "SELECT * FROM user WHERE id = '$username' AND name = '$password';";
$result = mysql_query($sql);
echo "you loged in....";


Id :

Password :

Wednesday, December 2, 2009

Mysql with C sharp

dot net commonly use sql server as DBMS. But now it is possible to us Mysql which is open source DBMS commonly use for web developers.
First download latestConnector/Net from link. Install the connector to your pc. This will install the documentation too. You need to add Mysql.Data into the project references before use mysql in your project.
(Solution Explorer -> Your solution -> Your project -> References -> right click -> add reference... -> double click on Mysql.Data)
Now you have to add 'using MySql.Data.MySqlClient;' to the top of your source code.

Try to understand following simple code :

string MyConnString = "SERVER=localhost;" + "DATABASE=database;" + "UID=root;" + "PASSWORD=passoword;";

MySqlConnection connection = newMySqlConnection(MyConnString);

MySqlCommand command = connection.CreateCommand();

MySqlDataReader Reader;

command.CommandText = "select * from tablename";

connection.Open(); Reader = command.ExecuteReader();

while (Reader.Read()) {

string row = "";

for (int i = 0; i <>
row += Reader.GetValue(i).ToString() + " , ";




Tuesday, December 1, 2009

How to execute php files without loading it

This method will execute the file_handle.php file and return the html result. So we can simply use this to database updates using this (use get method for pass inputs).

echo "Start";

$result = file("http://localhost/testing/file_handle.php");

echo "end";