Search Results

Search found 1303 results on 53 pages for 'injection'.

Page 10/53 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • How can I protect this code from SQL Injection? A bit confused.

    - by Craig Whitley
    I've read various sources but I'm unsure how to implement them into my code. I was wondering if somebody could give me a quick hand with it? Once I've been shown how to do it once in my code I'll be able to pick it up I think! This is from an AJAX autocomplete I found on the net, although I saw something to do with it being vulnerable to SQL Injection due to the '%$queryString%' or something? Any help really appreciated! if ( isset( $_POST['queryString'] ) ) { $queryString = $_POST['queryString']; if ( strlen( $queryString ) > 0 ) { $query = "SELECT game_title, game_id FROM games WHERE game_title LIKE '%$queryString%' || alt LIKE '%$queryString%' LIMIT 10"; $result = mysql_query( $query, $db ) or die( "There is an error in database please contact [email protected]" ); while ( $row = mysql_fetch_array( $result ) ) { $game_id = $row['game_id']; echo '<li onClick="fill(\'' . $row['game_title'] . '\',' . $game_id . ');">' . $row['game_title'] . '</li>'; } } }

    Read the article

  • injection attack (I thought I was protected!) <?php /**/eval(base64_decode( everywhere

    - by Cyprus106
    I've got a fully custom PHP site with a lot of database calls. I just got injection hacked. This little chunk of code below showed up in dozens of my PHP pages. <?php /**/ eval(base64_decode(big string of code.... I've been pretty careful about my SQL calls and such; they're all in this format: $query = sprintf("UPDATE Sales SET `Shipped`='1', `Tracking_Number`='%s' WHERE ID='%s' LIMIT 1 ;", mysql_real_escape_string($trackNo), mysql_real_escape_string($id)); $result = mysql_query($query); mysql_close(); For the record, I rarely use mysql_close() at the end though. That just happened to be the code I grabbed. I can't think of any places where I don't use mysql_real_escape_string(), (although I'm sure there's probably a couple. I'll be grepping soon to find out) There's also no places where users can put in custom HTML or anything. In fact, most of the user-accessible pages, if they use SQL calls at all, are almost inevitably "SELECT * FROM" pages that use a GET or POST, depending. Obviously I need to beef up my security, but I've never had an attack like this and I'm not positive what I should do. I've decided to put limits on all my inputs and go through looking to see if i missed a mysql_real_escape_string somewhere... Anybody else have any suggestions? Also... what does this type of code do? Why is it there?

    Read the article

  • Which pattern to use for logging? Dependency Injection or Service Locator?

    - by andlju
    Consider this scenario. I have some business logic that now and then will be required to write to a log. interface ILogger { void Log(string stuff); } interface IDependency { string GetInfo(); } class MyBusinessObject { private IDependency _dependency; public MyBusinessObject(IDependency dependency) { _dependency = dependency; } public string DoSomething(string input) { // Process input var info = _dependency.GetInfo(); var intermediateResult = PerformInterestingStuff(input, info); if (intermediateResult== "SomethingWeNeedToLog") { // How do I get to the ILogger-interface? } var result = PerformSomethingElse(intermediateResult); return result; } } How would you get the ILogger interface? I see two main possibilities; Pass it using Dependency Injection on the constructor. Get it via a singleton Service Locator. Which method would you prefer, and why? Or is there an even better pattern? Update: Note that I don't need to log ALL method calls. I only want to log a few (rare) events that may or may not occur within my method.

    Read the article

  • What does the Spring framework do? Should I use it? Why or why not?

    - by sangfroid
    So, I'm starting a brand-new project in Java, and am considering using Spring. Why am I considering Spring? Because lots of people tell me I should use Spring! Seriously, any time I've tried to get people to explain what exactly Spring is or what it does, they can never give me a straight answer. I've checked the intros on the SpringSource site, and they're either really complicated or really tutorial-focused, and none of them give me a good idea of why I should be using it, or how it will make my life easier. Sometimes people throw around the term "dependency injection", which just confuses me even more, because I think I have a different understanding of what that term means. Anyway, here's a little about my background and my app : Been developing in Java for a while, doing back-end web development. Yes, I do a ton of unit testing. To facilitate this, I typically make (at least) two versions of a method : one that uses instance variables, and one that only uses variables that are passed in to the method. The one that uses instance variables calls the other one, supplying the instance variables. When it comes time to unit test, I use Mockito to mock up the objects and then make calls to the method that doesn't use instance variables. This is what I've always understood "dependency injection" to be. My app is pretty simple, from a CS perspective. Small project, 1-2 developers to start with. Mostly CRUD-type operations with a a bunch of search thrown in. Basically a bunch of RESTful web services, plus a web front-end and then eventually some mobile clients. I'm thinking of doing the front-end in straight HTML/CSS/JS/JQuery, so no real plans to use JSP. Using Hibernate as an ORM, and Jersey to implement the webservices. I've already started coding, and am really eager to get a demo out there that I can shop around and see if anyone wants to invest. So obviously time is of the essence. I understand Spring has quite the learning curve, plus it looks like it necessitates a whole bunch of XML configuration, which I typically try to avoid like the plague. But if it can make my life easier and (especially) if make it can make development and testing faster, I'm willing to bite the bullet and learn Spring. So please. Educate me. Should I use Spring? Why or why not?

    Read the article

  • Circular dependencies in StructureMap - can they be broken with property injection?

    - by Andy
    Hi, I've got the simplest kind of circular dependency in structuremap - class A relies on class B in its constructor, and class B relies on class A in its constructor. To break the dependency, I made class B take class A as a property, rather than a constructor argument, but structuremap still complains. I've seen circular dependencies broken using this method in other DI frameworks - is this a problem with Structuremap or am I doing something wrong? Edit: I should mention that class B's property is an array of class A instances, wired up like this: x.For<IB>().Singleton().Use<B>().Setter(y => y.ArrayOfA).IsTheDefault();

    Read the article

  • When should I use Dependency Injection and when utility methods?

    - by Roman
    I have a Java EE project with Spring IoC container. I've just found in Utils class static method sendMail(long list of params). I don't know why but I feel that it would look better if we had separate class (Spring bean with singleton scope) which will be responsible for sending email. But I can't find any arguments which can prove my position. So, are there any pros (or cons) in using DI in this (rather general) situation?

    Read the article

  • Dependency Injection with @Inject in Weld (JSR-299 RI). How is the corresponding @Produces found?

    - by Thorbjørn Ravn Andersen
    I have played with the JSR-299 Reference Implementation "Weld" with the purpose of using it in a stand-alone application, and I have had a look at the documentation, and marveled at the magic. My question is how the producer of a given object to be @Inject'ed is found? Either the java compiler produces hints for annotations which is easily found by the classloader, or the complete classpath must be traversed loading all classes to see what they do which sounds highly inefficient to me, or it is a completely different approach. What is the trick?

    Read the article

  • Are any of these SQL Queries open to SQL injection attacks?

    - by Phil
    I have re-written my code after great help from some friendly stack overflow members (big thanks to Martin B and Kev Chadders especially). I would now like to check if my code is still open to SQL Injections after this work. I believe the code is now working as it should, but any blinding errors that you see i'd love to hear about too. My code is now looking like: -code removed-

    Read the article

  • Using IoC and Dependency Injection, how do I wrap an existing implementation with a new layer of imp

    - by Dividnedium
    I'm trying to figure out how this would be done in practice, so as not to violate the Open Closed principle. Say I have a class called HttpFileDownloader that has one function that takes a url and downloads a file returning the html as a string. This class implements an IFileDownloader interface which just has the one function. So all over my code I have references to the IFileDownloader interface and I have my IoC container returning an instance of HttpFileDownloader whenever an IFileDownloader is Resolved. Then after some use, it becomes clear that occasionally the server is too busy at the time and an exception is thrown. I decide that to get around this, I'm going to auto-retry 3 times if I get an exception, and wait 5 seconds in between each retry. So I create HttpFileDownloaderRetrier which has one function that uses HttpFileDownloader in a for loop with max 3 loops, and a 5 second wait between each loop. So that I can test the "retry" and "wait" abilities of the HttpFileDownloadRetrier I have the HttpFileDownloader dependency injected by having the HttpFileDownloaderRetrier constructor take an IFileDownloader. So now I want all Resolving of IFileDownloader to return the HttpFileDownloaderRetrier. But if I do that, then HttpFileDownloadRetrier's IFileDownloader dependency will get an instance of itself and not of HttpFileDownloader. So I can see that I could create a new interface for HttpFileDownloader called IFileDownloaderNoRetry, and change HttpFileDownloader to implement that. But that means I'm changing HttpFileDownloader, which violates Open Closed. Or I could implement a new interface for HttpFileDownloaderRetrier called IFileDownloaderRetrier, and then change all my other code to refer to that instead of IFileDownloader. But again, I'm now violating Open Closed in all my other code. So what am I missing here? How do I wrap an existing implementation (downloading) with a new layer of implementation (retrying and waiting) without changing existing code? Here's some code if it helps: public interface IFileDownloader { string Download(string url); } public class HttpFileDownloader : IFileDownloader { public string Download(string url) { //Cut for brevity - downloads file here returns as string return html; } } public class HttpFileDownloaderRetrier : IFileDownloader { IFileDownloader fileDownloader; public HttpFileDownloaderRetrier(IFileDownloader fileDownloader) { this.fileDownloader = fileDownloader; } public string Download(string url) { Exception lastException = null; //try 3 shots of pulling a bad URL. And wait 5 seconds after each failed attempt. for (int i = 0; i < 3; i++) { try { fileDownloader.Download(url); } catch (Exception ex) { lastException = ex; } Utilities.WaitForXSeconds(5); } throw lastException; } }

    Read the article

  • How do I protect my website from javascript injection attacks when using rich text editors?

    - by VJ
    Hi all I am using the markitup editor to get the value for one of my fields and storing it a sql server 2008 db. Now I guess the problem is people having script tags and javascript in the editor and injecting malicious scripts and I have my validate input turned false. So can anyone suggest me a way to write a custom validation method that maybe checks for script tags and removes them...or just guide me through the steps i need to do ?...also are there other things also that I should be worried about..?

    Read the article

  • Is it possible to use Dependency Injection/IoC on an ASP.NET MVC FilterAttribute ?

    - by Pure.Krome
    Hi folks, I've got a simple custom FilterAttribute which I use decorate various ActionMethods. eg. [AcceptVerbs(HttpVerbs.Get)] [MyCustomFilter] public ActionResult Bar(...) { ... } Now, I wish to add some logging to this CustomFilter Action .. so being a good boy, I'm using DI/IoC ... and as such wish to use this pattern for my custom FilterAttribute. So if i have the following... ILoggingService and wish to add this my custom FilterAttribute .. i'm not sure how. Like, it's easy for me to do the following... public class MyCustomFilterAttribute : FilterAttribute { public MyCustomFilterAttribute(ILoggingService loggingService) { ... } } But the compiler errors saying the attribute which decorates my ActionMethod (listed above...) requires 1 arg .. so i'm just not sure what to do :(

    Read the article

  • When using Dependency Injection with StructureMap how do I chooose among multiple constructors?

    - by Mark Rogers
    I'm trying to get structuremap to build Fluent Nhibernate's SessionSource object for some of my intregration tests. The only problem is that Fluent's concrete implementation of ISessionSource (SessionSource) has 3 constructors: public SessionSource(PersistenceModel model) { Initialize(new Configuration().Configure(), model); } public SessionSource(IDictionary<string, string> properties, PersistenceModel model) { Initialize(new Configuration().AddProperties(properties), model); } public SessionSource(FluentConfiguration config) { configuration = config.Configuration; sessionFactory = config.BuildSessionFactory(); dialect = Dialect.GetDialect(configuration.Properties); } I've tried configuring my ObjectFactory supplying an argument for the first constructor but it seems like it wants to try the second one. How do I configure my ObjectFactory so that I can choose the first constructor or perhaps even another one if I decide to use that?

    Read the article

  • Is this an injection attempt or a normal request?

    - by CheeseConQueso
    In cPanel's Analog Stats statistics module, I've noticed countless requests to connect to the following example: /?x=19&y=15 The numbers are random, but its always setting x and y variables. Another category of mysterious requests: /?id=http://nic.bupt.edu.cn/media/j1.txt?? There are other attempts at injections in the request log that have straight sql written into them as well. Example: /jobs/jobinfo.php?id=-999.9 UNION ALL SELECT 1,(SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM information_schema.tables WHERE table_schema=0x73636363726F6F745F7075626C6963),3,4,5,6,7,8,9,10,11,12,13-- It looks like they are all reaching a 404, but I'm still wondering about the intent behind these. I know this is vague, but maybe someone knows that this is normal while using cPanel & phpMyAdmin services. Also, there was a search box installed on the site which could be the reason. Any suggestions as to what all these are?

    Read the article

  • Does video tag (HTML 5) injection via JavaScript work in any browsers?

    - by JoshNaro
    I'm trying to dynamically spawn a video element on a page using JavaScript. JavaScript <script type="text/javascript"> $(document).ready(function() { var video = $(document.createElement('video')) .attr('id', 'VideoElement') .attr('controls', 'controls') .attr('src', 'videopath.mp4') // Changed 'href' attribute to 'src' .css({ width: 640, height: 360 }); $('#VideoContainer').append(video); }); HTML <body> <div id="VideoContainer"></div> </body> In Firefox I get the video harness, but the actual video doesn't load. In IE8 the video harness doesn't even appear. Is HTML 5 just not supported enough to accomplish this yet? Edit: Got this to work with Artiom's fix. Looks like this works fine with Chrome and Safari. I'm using a codec Firefox doesn't support, so it doesn't work there; although I suspect it will work with a supported codec. IE8 sure enough doesn't work (high five IE).

    Read the article

  • IoC Dependancy injection into Custom HTTP Module - how? (ASP.NET)

    - by Sosh
    Hi, I have a custom HTTP Module. I would like to inject the logger using my IoC framework, so I can log errors in the module. However, of course I don't get a constructor, so can't inject it into that. What's the best way to go about this? If you need the specific IoC container - I'm currently using Windsor, but may soon move to AutoFac. Thanks

    Read the article

  • Passing Services to MainViewModel - SHOULD I use a dependency injection container ?

    - by msfanboy
    Hello, I have this code: public partial class App : Application { protected override void OnStartup(StartupEventArgs e) { base.OnStartup(e); var mainVM = new MainViewModel ( new Service1(), ... new Service10(), ); var window = new MainWindow(); window.DataContext = mainVM; window.Show(); } } I pass all my Services instances to the MainViewModel. Within the MainViewModel I spread those services to other ViewModels via constructor parameter passing. Should I use any DI framework for the services in the App class? If yes whats the benefit of resolving the services instead of just creating the instance manually... ?

    Read the article

  • IValidatableObject vs Single Responsibility

    - by Boris Yankov
    I like the extnesibility point of MVC, allowing view models to implement IValidatableObject, and add custom validation. I try to keep my Controllers lean, having this code be the only validation logic: if (!ModelState.IsValid) return View(loginViewModel); For example a login view model implements IValidatableObject, gets ILoginValidator object via constructor injection: public interface ILoginValidator { bool UserExists(string email); bool IsLoginValid(string userName, string password); } It seems that Ninject, injecting instances in view models isn't really a common practice, may be even an anti-pattern? Is this a good approach? Is there a better one?

    Read the article

  • How do I inject test objects when the real objects are created dynamically?

    - by JW01
    I want to make a class testable using dependency injection. But the class creates multiple objects at runtime, and passes different values to their constructor. Here's a simplified example: public abstract class Validator { private ErrorList errors; public abstract void validate(); public void addError(String text) { errors.add( new ValidationError(text)); } public int getNumErrors() { return errors.count() } } public class AgeValidator extends Validator { public void validate() { addError("first name invalid"); addError("last name invalid"); } } (There are many other subclasses of Validator.) What's the best way to change this, so I can inject a fake object instead of ValidationError? I can create an AbstractValidationErrorFactory, and inject the factory instead. This would work, but it seems like I'll end up creating tons of little factories and factory interfaces, for every dependency of this sort. Is there a better way?

    Read the article

  • Test wordpress sites for SQL Injection on siteurl

    - by Scott B
    I have a client who's wordpress sites have gotten hacked twice by iframe scammers. Each time they've injected iframe code into the content of the sites. This last time, today, they simply changed the siteurl in wp_options to their iframe code. The result was obvious and appeared to simply botch the paths of the scripts that rely on I can't determine if its a password compromise (on FTP or WordPress itself) or a SQL injection to alter siteurl. Since the only thing that was altered is siteurl, I'm thinking perhaps SQL Injection. What are your thoughts? Any way to scan a site for potential SQL injection vulnerabilities? The only active plugins on the site are contact form 7 and google xml sitemaps.

    Read the article

  • Doesn't Spring really support Interface injection at all?

    - by mrCoder
    Hi I know that Spring doesn't supports Interface injection and I've read that many a times. But today as I came across an article about IOC by Martin Fowler (link), it seems using ApplicationContextAware in Spring is some what similar to the Interface injection. when ever Spring' context reference is required in our Spring bean, we'll implement ApplicationContextAware and will implement the setApplicationContext(ApplicationContext context) method, and we'll include the bean in the config file. Is not this the same as Interface injection, where where telling the Spring to inject (or), say, pass the reference of the context into this bean? Or I m missing something here? Thanks for any information! ManiKanta

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >