Simple php sample code for privent SQL injection attacts

if(isset($_POST["un"]) && isset($_POST["pw"])){

mysql_connect("localhost","root","");
mysql_select_db("my_db");

$username = mysql_real_escape_string($_POST["un"]);
$password = mysql_real_escape_string($_POST["pw"]);

$sql = "SELECT * FROM user WHERE id = '$username' AND name = '$password';";
$result = mysql_query($sql);
if($result){
if(mysql_num_rows($result)>0){
echo "you loged in....";
}
}

}
?>

Id :

Password :

Mysql with C sharp

dot net commonly use sql server as DBMS. But now it is possible to us Mysql which is open source DBMS commonly use for web developers.

First download latestConnector/Net from http://dev.mysql.com/downloads/connector/net/ link. Install the connector to your pc. This will install the documentation too. You need to add Mysql.Data into the project references before use mysql in your project.

(Solution Explorer -> Your solution -> Your project -> References -> right click -> add reference... -> double click on Mysql.Data)

Now you have to add 'using MySql.Data.MySqlClient;' to the top of your source code.

Try to understand following simple code :

string MyConnString = "SERVER=localhost;" + "DATABASE=database;" + "UID=root;" + "PASSWORD=passoword;";

MySqlConnection connection = newMySqlConnection(MyConnString);

MySqlCommand command = connection.CreateCommand();

MySqlDataReader Reader;

command.CommandText = "select * from tablename";

connection.Open(); Reader = command.ExecuteReader();

while (Reader.Read()) {

string row = "";

for (int i = 0; i <>
row += Reader.GetValue(i).ToString() + " , ";

System.Console.WriteLine(row);

}

connection.Close();

This method will execute the file_handle.php file and return the html result. So we can simply use this to database updates using this (use get method for pass inputs).

echo "Start";

$result = file("http://localhost/testing/file_handle.php");

echo "end";

?>

How to disable autorun in Windows XP

Start ---> Run ---> gpedit.msc

(Left Pane) Computerer Configuration ---> Administrative Templates ---> System

(Right Pane) Set "Turn off autoplay" to "Enabled"

Php function for search from a file

If you have the start and end points, you can get the content of that two points. (as a example if the start and end point are and then u can get the content of these tags using this function. eg: content)

","",$contents);
$t = my_strip("abc","xyz",$contents);

echo $t;
?>


aaa.txt
=====
ntbfjkb n jABCjergnv
fvb j njrbn ntbfjkb n jegnb ef
g45yyyXYZtrgjrgbXYZk oi iABCyji oni jij

output
=====
jergnv fvb j njrbn ntbfjkb n jegnb ef g45yyy

sample code for undestand php file handling functions

$comment = $_POST["txtcomment"];

if ($comment!=""){

$date=date('l dS \of F Y h:i:s A');

$massage = $date.": ".$comment."\n";

$file=fopen("comment.txt","a+") or exit("Unable to open file!");

fwrite($file,$massage) or die("Could not write to file");

fclose($file);

echo "Massage sent!";

}

?>

This will write the massage to the comment.txt file.

javascript mail validation (check)

var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;

if (!filter.test(txtEmail.value)) {

alert('Please provide a valid email address');

txtEmail.focus();

return false;

}

use this javascript function to validate email addresses.

3. Recommendation of DBMSs for some organizations

· Small boutique with 4 people accessing the system at most – Ms Office Access

Reasons: Ease of using. Better to select than selecting free DBMSs, because they are complex than Access and need skilled administrator for maintain. It may be costly. Access is simple and cheaper than Oracle and Ms SQL server, and have low hardware requirement than other DBMSs. Access can only use on windows OSs. However in Sri Lanka, supply of windows skill and Access skill are very high than other OSs and DBMSs.

· Medium size organization with 5 branches and the HO in Colombo, and 50 users accessing the system – Ms SQL Server

Reasons: Ms SQL server much reliable than Ms Access and Ms Access can only maintain about 2GB user data, when Ms SQL server can handle much larger data. The organization maybe unable to spend much cost for have much featured DBMS which better than Ms SQL server low editions. In Sri Lanka, supply of Ms SQL server skill is high. So, selecting Oracle may not reasonable, because Oracle database administrators may ask high salary than Ms SQL server administrator, because of the low supply of skill relative to high demand. Easier to use than other complex DBMSs and Ms SQL server is well reputed than MySQL and PostgreSQL. There is an opinion that open source DBMS is not much secured. Ms SQL server can only use on windows OSs. However in Sri Lanka, supply of windows and Ms SQL server skills are good than other OSs and DBMSs.

· Large multi-national organization with 20 county sites and 500 people accessing the system – Oracle

Reasons: Much reliable than Ms SQL server over concurrent users (and high availability). It is well reputed, popular DBMS, and it is recommended to use Oracle for deployment of massive data warehouses. Can use on any OS, can connect to other DBMS, and have many features.

· High security governmental organization with 200 people accessing system – In house developed DBMS

Reasons: Using outsiders developed DBMS is not always secured. Because of the software developers of outside DBMS know the strengths and weaknesses of their DBMS. So perhaps there may have some possibilities of getting access the customer’s system by the outsiders. In this case having DBMS from the market is not suitable for high security governmental organization. Therefore develop a DBMS by using inside software developers, is the most secured option. However the inside software developers need to use unique data type or advance technologies for protect the system from outsiders.

I'm guessing the target markets of some DBMSs 2009

i. Oracle – Target market is middle-tier and top-tier (large) customers which use any kind of OS. High percentage of UNIX and Linux top-tier customers are using Oracle. Windows top-tier customers also use Oracle.

ii. Ms SQL Server – For any customers who uses windows OSs. But mainly got high demand from middle-tier customers. It is easy to use by windows users and they are much familiar with the Ms SQL Server.

iii. Ms Office Access – For bottom-tier (small) customers who uses windows OS. Develop for basic use data management.

iv. MySQL – For any middle and top-tier customers of using any OS. But got high demand in open source OS users and also some demand from web developers (WAMP, LAMP).

v. PostgreSQL – For any middle and top-tier customers of using any OS. But got demand in open source OS users. Still not much familiar with other platform users rather than open source programmers.

vi. Caché – Target market of Caché is middle and top customers. Notable customers of this DBMS are many US hospitals, who run their Electronic Medical Record systems using Caché and financial institutions.

vii. Objectivity/DB – For top-tier customers like government, security, complex manufacturing, commercial services, science, and engineering organizations.

About several object DBMSs

i. Caché – Caché is an object database management system which is developed by InterSystems Corporation. First release date is October 2008. The company claims this is the world’s fastest object database. It is also application development tool.

ii. Objectivity/DB – Objectivity/DB is a commercial object database management system produced by Objectivity, Inc. It allows applications to make standard C++, Java, Python or Smalltalk objects persistent. First release date is 1990. Generally used in data intensive or real-time applications that manipulate highly complex, inter-related data.

About several relational DBMSs

i. Oracle - Oracle is a top relational database management system which is developed by Oracle Corporation. It is written in C. First release date is November 1979. It also has object-relational features. PL/SQL, SQL languages are can use.

ii. Microsoft SQL Server - Ms SQL Server is a relational database management system which is developed by Microsoft Corporation. It is only supports Ms Windows’s operating systems. Its primary query languages are ANSI, SQL, and T-SQL. First release date is 1989.

iii. Microsoft Office Access - This is a member of the Ms Office suite of applications which is developed by Microsoft and is included in the Professional and higher versions for Windows and sold separately. It is a relational database management system. First release date is 1992.

iv. MySQL - MySQL is a relational database management system which is developed by MySQL AB and Sun Microsystems. It is written in C, C++. First release date is November 1996. It is open source program.

v. PostgreSQL - PostgreSQL is an object-relational database management system. It is controlled by a global community of developers and companies (PostgreSQL Global Development Group). It is written in C. First release date is June 1989.