Search Results

Search found 33012 results on 1321 pages for 'method injection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 13/1321 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Is this sufficient to prevent query injection while using SQL Server?

    - by Derek Adair
    Hi, I have recently taken on a project in which I need to integrate with PHP/SQL Server. I am looking for the quickest and easiest function to prevent SQL injection on SQL Server as I prefer MySQL and do not anticipate many more SQL Server related projects. Is this function sufficient? $someVal = mssql_escape($_POST['someVal']); $query = "INSERT INTO tblName SET field = $someVal"; mssql_execute($query); function mssql_escape($str) { return str_replace("'", "''", $str); } If not, what additional steps should I take?

    Read the article

  • Login code sample which has been hacked via SQL Injection, although mysql_real_escape_string...

    - by artmania
    Hi friends, I use CodeIgniter, and having trouble with hacking :( is it possible to make SQL Injection to the login code below: function process_login() { $username = mysql_real_escape_string($this->input->post('username')); $password = mysql_real_escape_string(MD5($this->input->post('password'))); //Check user table $query = $this->db->getwhere('users', array('username'=>$username, 'password'=>$password)); if ($query->num_rows() > 0) { // success login data Am I using the mysql_real_escape_string wrong? or what? Appreciate helps!

    Read the article

  • C# dependency injection - how to you inject a dependency without source?

    - by Phil Harris
    Hi, I am trying to get started with some simple dependency injection using C# and i've run up against an issue that I can't seem to come up with an answer for. I have a class that was written by another department for which I don't have the source in my project. I wanted to inject an object of this type though a constructor using an interface, but of course, i can't change the injected objects implementation to implement the interface to achieve polymorphism when casting the object to the interface type. Every academic example I have ever seen of this technique has the classes uses classes which are declared in the project itself. How would I go about injecting my dependency without the source being available in the project? I hope that makes sense, thanks.

    Read the article

  • Are PDO prepared statements sufficient to prevent SQL injection?

    - by Mark Biek
    Let's say I have code like this: $dbh = new PDO("blahblah"); $stmt = $dbh->prepare('SELECT * FROM users where username = :username'); $stmt->execute( array(':username' => $_REQUEST['username']) ); The PDO documentation says The parameters to prepared statements don't need to be quoted; the driver handles it for you. Is that truly all I need to do to avoid SQL injections? Is it really that easy? You can assume MySQL if it makes a difference. Also, I'm really only curious about the use of prepared statements against SQL injection. In this context, I don't care about XSS or other possible vulnerabilities.

    Read the article

  • C# - Copy dlls to the exe output directory when using dependency injection with no references?

    - by NotDan
    I have a C# solution that I am using dependency injection to resolve references between dlls. I have an exe project and some other dll projects that are not referenced by the exe (It uses the dlls through the IoC container). The project settings are the default, visual studio settings where it builds each dll in it's own folder. Since the exe doesn't reference the dlls, they never get copied to the output directory of the exe and don't get found by the IoC framework. How do you handle this? Do you build them all in the same directory? Use post build copy commands? Or something else?

    Read the article

  • What is the business case for a dependency injection (DI) framework?

    - by kalkie
    At my company we want to start using a dependency injection (DI) framework for managing our dependencies. I have some difficulty with explaining the business value of such a framework. Currently I have come up with these reasons. Less source code, delete all the builder patterns in the code. Increase in flexibility. Easier to switch dependencies. Better separation of concern. The framework is responsible for creating instances instead of our code. Has anybody else had to persuade management? How did you do that? What reasons did you use?

    Read the article

  • Does Java support dynamic method invocation?

    - by eSKay
    class A { void F() { System.out.println("a"); }} class B extends A { void F() { System.out.println("b"); }} public class X { public static void main(String[] args) { A objA = new B(); objA.F(); } } Here, F() is being invoked dynamically, isn't it? This article says ... the Java bytecode doesn’t support dynamic method invocation. There are three supported invocations modes : invokestatic, invokespecial, invokeinterface or invokevirtual. These modes allows to call methods with known signature. We talk of strongly typed language. This allows to to make some checks directly at compile time. On the other side, the dynamic languages use dynamic types. So we can call a method unknown at the compile time, but that’s completely impossible with the Java bytecode. What am I missing?

    Read the article

  • Java and junit: derivative of polynomial method testing issue

    - by Curtis
    Hello all, im trying to finish up my junit testing for finding the derivative of a polynomial method and im having some trouble making it work. here is the method: public Polynomial derivative() { MyDouble a = new MyDouble(0); MyDouble b = this.a.add(this.a); MyDouble c = this.b; Polynomial poly = new Polynomial (a, b, c); return poly; } and here is the junit test: public void testDerivative() { MyDouble a = new MyDouble(2), b = new MyDouble(4), c = new MyDouble(8); MyDouble d = new MyDouble(0), e = new MyDouble(4), f = new MyDouble(4); Polynomial p1 = new Polynomial(a, b, c); Polynomial p2 = new Polynomial(d,e,f); assertTrue(p1.derivative().equals(p2)); } im not too sure why it isnt working...ive gone over it again and again and i know im missing something. thank you all for any help given, appreciate it

    Read the article

  • Injection with google guice does not work anymore after obfuscation with proguard

    - by sme
    Has anyone ever tried to combine the use of google guice with obfuscation (in particular proguard)? The obfuscated version of my code does not work with google guice as guice complains about missing type parameters. This information seems to be erased by the transformation step that proguard does, even when the relevant classes are excluded from the obfuscation. The stack trace looks like this: com.google.inject.CreationException: Guice creation errors: 1) Cannot inject a Provider that has no type parameter while locating com.google.inject.Provider for parameter 0 at de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel.setPasswordPanelProvider(SourceFile:499) at de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel.setPasswordPanelProvider(SourceFile:499) while locating de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel for parameter 0 at de.repower.lvs.client.admin.user.administration.b.k.setParentPanel(SourceFile:65) at de.repower.lvs.client.admin.user.administration.b.k.setParentPanel(SourceFile:65) at de.repower.lvs.client.admin.user.administration.o.a(SourceFile:38) 2) Cannot inject a Provider that has no type parameter while locating com.google.inject.Provider for parameter 0 at de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel.setWindTurbineAccessGroupProvider(SourceFile:509) at de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel.setWindTurbineAccessGroupProvider(SourceFile:509) while locating de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel for parameter 0 at de.repower.lvs.client.admin.user.administration.b.k.setParentPanel(SourceFile:65) at de.repower.lvs.client.admin.user.administration.b.k.setParentPanel(SourceFile:65) at de.repower.lvs.client.admin.user.administration.o.a(SourceFile:38) 2 errors at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:354) at com.google.inject.InjectorBuilder.initializeStatically(InjectorBuilder.java:152) at com.google.inject.InjectorBuilder.build(InjectorBuilder.java:105) at com.google.inject.Guice.createInjector(Guice.java:92) at com.google.inject.Guice.createInjector(Guice.java:69) at com.google.inject.Guice.createInjector(Guice.java:59) I tried to create a small example (without using guice) that seems to reproduce the problem: package de.repower.common; import java.lang.reflect.Method; import java.lang.reflect.ParameterizedType; import java.lang.reflect.Type; class SomeClass<S> { } public class ParameterizedTypeTest { public void someMethod(SomeClass<Integer> param) { System.out.println("value: " + param); System.setProperty("my.dummmy.property", "hallo"); } private static void checkParameterizedMethod(ParameterizedTypeTest testObject) { System.out.println("checking parameterized method ..."); Method[] methods = testObject.getClass().getMethods(); for (Method method : methods) { if (method.getName().equals("someMethod")) { System.out.println("Found method " + method.getName()); Type[] types = method.getGenericParameterTypes(); Type parameterType = types[0]; if (parameterType instanceof ParameterizedType) { Type parameterizedType = ((ParameterizedType) parameterType).getActualTypeArguments()[0]; System.out.println("Parameter: " + parameterizedType); System.out.println("Class: " + ((Class) parameterizedType).getName()); } else { System.out.println("Failed: type ist not instance of ParameterizedType"); } } } } public static void main(String[] args) { System.out.println("Starting ..."); try { ParameterizedTypeTest someInstance = new ParameterizedTypeTest(); checkParameterizedMethod(someInstance); } catch (SecurityException e) { e.printStackTrace(); } } } If you run this code unsbfuscated, the output looks like this: Starting ... checking parameterized method ... Found method someMethod Parameter: class java.lang.Integer Class: java.lang.Integer But running the version obfuscated with proguard yields: Starting ... checking parameterized method ... Found method someMethod Failed: type ist not instance of ParameterizedType These are the options I used for obfuscation: -injars classes_eclipse\methodTest.jar -outjars classes_eclipse\methodTestObfuscated.jar -libraryjars 'C:\Program Files\Java\jre6\lib\rt.jar' -dontskipnonpubliclibraryclasses -dontskipnonpubliclibraryclassmembers -dontshrink -printusage classes_eclipse\shrink.txt -dontoptimize -dontpreverify -verbose -keep class **.ParameterizedTypeTest.class { <fields>; <methods>; } -keep class ** { <fields>; <methods>; } # Keep - Applications. Keep all application classes, along with their 'main' # methods. -keepclasseswithmembers public class * { public static void main(java.lang.String[]); } # Also keep - Enumerations. Keep the special static methods that are required in # enumeration classes. -keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String); } # Also keep - Database drivers. Keep all implementations of java.sql.Driver. -keep class * extends java.sql.Driver # Also keep - Swing UI L&F. Keep all extensions of javax.swing.plaf.ComponentUI, # along with the special 'createUI' method. -keep class * extends javax.swing.plaf.ComponentUI { public static javax.swing.plaf.ComponentUI createUI(javax.swing.JComponent); } # Keep names - Native method names. Keep all native class/method names. -keepclasseswithmembers,allowshrinking class * { native <methods>; } # Keep names - _class method names. Keep all .class method names. This may be # useful for libraries that will be obfuscated again with different obfuscators. -keepclassmembers,allowshrinking class * { java.lang.Class class$(java.lang.String); java.lang.Class class$(java.lang.String,boolean); } Does anyone have an idea of how to solve this (apart from the obvious workaround to put the relevant files into a seperate jar and not obfuscate it)? Best regards, Stefan

    Read the article

  • How to find minimum of nonlinear, multivariate function using Newton's method (code not linear algeb

    - by Norman Ramsey
    I'm trying to do some parameter estimation and want to choose parameter estimates that minimize the square error in a predicted equation over about 30 variables. If the equation were linear, I would just compute the 30 partial derivatives, set them all to zero, and use a linear-equation solver. But unfortunately the equation is nonlinear and so are its derivatives. If the equation were over a single variable, I would just use Newton's method (also known as Newton-Raphson). The Web is rich in examples and code to implement Newton's method for functions of a single variable. Given that I have about 30 variables, how can I program a numeric solution to this problem using Newton's method? I have the equation in closed form and can compute the first and second derivatives, but I don't know quite how to proceed from there. I have found a large number of treatments on the web, but they quickly get into heavy matrix notation. I've found something moderately helpful on Wikipedia, but I'm having trouble translating it into code. Where I'm worried about breaking down is in the matrix algebra and matrix inversions. I can invert a matrix with a linear-equation solver but I'm worried about getting the right rows and columns, avoiding transposition errors, and so on. To be quite concrete: I want to work with tables mapping variables to their values. I can write a function of such a table that returns the square error given such a table as argument. I can also create functions that return a partial derivative with respect to any given variable. I have a reasonable starting estimate for the values in the table, so I'm not worried about convergence. I'm not sure how to write the loop that uses an estimate (table of value for each variable), the function, and a table of partial-derivative functions to produce a new estimate. That last is what I'd like help with. Any direct help or pointers to good sources will be warmly appreciated. Edit: Since I have the first and second derivatives in closed form, I would like to take advantage of them and avoid more slowly converging methods like simplex searches.

    Read the article

  • Java input method for Virtual Keyboad

    - by shekhar
    Hi, I am facing problem in implementing Input method for Virtual Keyboard, currently I am using robot class for sending input to any application from virtual keyboard. but for that I need to create mapping of key-code and unicode, which is not consistent on different keyboard layout, can I directly pass the UNICODE to any application using Input method without worry about mapping between keycode and unicode. any useful link or sample code will be useful. It is simple Java program which is always on top of any application and work as onscreen keyboard. using a mouse while you press any button (key) of the keyboard, the corresponding character will be typed in the application running below. This is working perfectly for English Alphabets. I am facing problem while I am doing for unicode.

    Read the article

  • Objective-C method implementation nuances

    - by altdotnetgeek
    I have just started to develop for the iPhone and am in the process of learning Objective-C. I have seen some code that implements a method in the @implementation side of a class like this: -(void)myMethod; { // method body } What makes this interesting is that there is no mention of myMethod in the @interface for the class. I tried a sample project with this and when I compile I get a warning from XCode that myMethod may not be seen by the calling code. Can anyone tell me what is going on? Thanks!

    Read the article

  • execute javascript method after completing code behind method ?

    - by James123
    I can execute below callback() method after completion of document.getElementById('btnDownload').click(); .This Click is Code behind method. Now it is executing immediatly. I want wait "Click()" process done then Execute callback(); method. function LoadPopup() { // find the popup behavior this._popup = $find('mdlPopup'); // show the popup this._popup.show(); // synchronously run the server side validation ... document.getElementById('btnDownload').click(); callback(); } function callback() { this._popup = $find('mdlPopup'); // hide the popup this._popup.hide(); alert("hi"); }

    Read the article

  • Java method overloading + double dispatch

    - by Max
    Can anybody explain in detail the reason the overloaded method print(Parent parent) is invoked when working with Child instance in my test piece of code? Any pecularities of virtual methods or methods overloading/resolution in Java involved here? Any direct reference to Java Lang Spec? Which term describes this behaviour? Thanks a lot. public class InheritancePlay { public static class Parent { public void doJob(Worker worker) { System.out.println("this is " + this.getClass().getName()); worker.print(this); } } public static class Child extends Parent { } public static class Worker { public void print(Parent parent) { System.out.println("Why this method resolution happens?"); } public void print(Child child) { System.out.println("This is not called"); } } public static void main(String[] args) { Child child = new Child(); Worker worker = new Worker(); child.doJob(worker); } }

    Read the article

  • overriding protected internal with protected!

    - by Asad Butt
    This is an extension for this question asked an hour ago. We cannot modify the access modifiers, when overriding a virtual method in derived class. Consider Control class in System.Web.UI namespace public class Control : IComponent, IDisposable,... { protected internal virtual void CreateChildControls() { } . . } Now Consider This public class someClass : System.Web.UI.Control { // This should not compile but it does protected override void CreateChildControls() { } // This should compile but it does not protected internal override void CreateChildControls() { } } can any body explain this ? Thanks

    Read the article

  • C++ method chaining including class constructor

    - by jena
    Hello, I'm trying to implement method chaining in C++, which turns out to be quite easy if the constructor call of a class is a separate statement, e.g: Foo foo; foo.bar().baz(); But as soon as the constructor call becomes part of the method chain, the compiler complains about expecting ";" in place of "." immediately after the constructor call: Foo foo().bar().baz(); I'm wondering now if this is actually possible in C++. Here is my test class: class Foo { public: Foo() { } Foo& bar() { return *this; } Foo& baz() { return *this; } }; I also found an example for "fluent interfaces" in C++ (http://en.wikipedia.org/wiki/Fluent_interface#C.2B.2B) which seems to be exactly what I'm searching for. However, I get the same compiler error for that code. Thanks in advance for any hint. Best, Jean

    Read the article

  • How can I protect this code from SQL Injection? A bit confused.

    - by Craig Whitley
    I've read various sources but I'm unsure how to implement them into my code. I was wondering if somebody could give me a quick hand with it? Once I've been shown how to do it once in my code I'll be able to pick it up I think! This is from an AJAX autocomplete I found on the net, although I saw something to do with it being vulnerable to SQL Injection due to the '%$queryString%' or something? Any help really appreciated! if ( isset( $_POST['queryString'] ) ) { $queryString = $_POST['queryString']; if ( strlen( $queryString ) > 0 ) { $query = "SELECT game_title, game_id FROM games WHERE game_title LIKE '%$queryString%' || alt LIKE '%$queryString%' LIMIT 10"; $result = mysql_query( $query, $db ) or die( "There is an error in database please contact [email protected]" ); while ( $row = mysql_fetch_array( $result ) ) { $game_id = $row['game_id']; echo '<li onClick="fill(\'' . $row['game_title'] . '\',' . $game_id . ');">' . $row['game_title'] . '</li>'; } } }

    Read the article

  • injection attack (I thought I was protected!) <?php /**/eval(base64_decode( everywhere

    - by Cyprus106
    I've got a fully custom PHP site with a lot of database calls. I just got injection hacked. This little chunk of code below showed up in dozens of my PHP pages. <?php /**/ eval(base64_decode(big string of code.... I've been pretty careful about my SQL calls and such; they're all in this format: $query = sprintf("UPDATE Sales SET `Shipped`='1', `Tracking_Number`='%s' WHERE ID='%s' LIMIT 1 ;", mysql_real_escape_string($trackNo), mysql_real_escape_string($id)); $result = mysql_query($query); mysql_close(); For the record, I rarely use mysql_close() at the end though. That just happened to be the code I grabbed. I can't think of any places where I don't use mysql_real_escape_string(), (although I'm sure there's probably a couple. I'll be grepping soon to find out) There's also no places where users can put in custom HTML or anything. In fact, most of the user-accessible pages, if they use SQL calls at all, are almost inevitably "SELECT * FROM" pages that use a GET or POST, depending. Obviously I need to beef up my security, but I've never had an attack like this and I'm not positive what I should do. I've decided to put limits on all my inputs and go through looking to see if i missed a mysql_real_escape_string somewhere... Anybody else have any suggestions? Also... what does this type of code do? Why is it there?

    Read the article

  • Calling overridden parent method from parent method

    - by Yisroel
    Heres the situation. Component B extends component A and overrides the init method to accept a different parameter. A also has a create method that calls init. If i have an instance of B and i call create, its calling the wrong init - it calls init in B, where i need it to call init in A. I dont want to call super.init() as there may not always be a super. Is there any way to specify to call the init in the parent component?

    Read the article

  • Java method keyword "final" and its use

    - by Lukas Eder
    When I create complex type hierarchies (several levels, several types per level), I like to use the final keyword on methods implementing some interface declaration. An example: interface Garble { int zork(); } interface Gnarf extends Garble { /** * This is the same as calling {@link #zblah(0)} */ int zblah(); int zblah(int defaultZblah); } And then abstract class AbstractGarble implements Garble { @Override public final int zork() { ... } } abstract class AbstractGnarf extends AbstractGarble implements Gnarf { // Here I absolutely want to fix the default behaviour of zblah // No Gnarf shouldn't be allowed to set 1 as the default, for instance @Override public final int zblah() { return zblah(0); } // This method is not implemented here, but in a subclass @Override public abstract int zblah(int defaultZblah); } I do this for several reasons: It helps me develop the type hierarchy. When I add a class to the hierarchy, it is very clear, what methods I have to implement, and what methods I may not override (in case I forgot the details about the hierarchy) I think overriding concrete stuff is bad according to design principles and patterns, such as the template method pattern. I don't want other developers or my users do it. So the final keyword works perfectly for me. My question is: Why is it used so rarely in the wild? Can you show me some examples / reasons where final (in a similar case to mine) would be very bad?

    Read the article

  • Does C# allow method overloading, PHP style (__call)?

    - by mr.b
    In PHP, there is a special method named __call($calledMethodName, $arguments), which allows class to catch calls to non-existing methods, and do something about it. Since most of classic languages are strongly typed, compiler won't allow calling a method that does not exist, I'm clear with that part. What I want to accomplish (and I figured this is how I would do it in PHP, but C# is something else) is to proxy calls to a class methods and log each of these calls. Right now, I have code similar to this: class ProxyClass { static logger; public AnotherClass inner { get; private set; } public ProxyClass() { inner = new AnotherClass(); } } class AnotherClass { public void A() {} public void B() {} public void C() {} // ... } // meanwhile, in happyCodeLandia... ProxyClass pc = new ProxyClass(); pc.inner.A(); pc.inner.B(); // ... So, how can I proxy calls to an object instance in extensible way? Extensible, meaning that I don't have to modify ProxyClass whenever AnotherClass changes. In my case, AnotherClass can have any number of methods, so it wouldn't be appropriate to overload or wrap all methods to add logging. I am aware that this might not be the best approach for this kind of problem, so if anyone has idea what approach to use, shoot. Thanks!

    Read the article

  • Django: Overriding the save() method: how do I call the delete() method of a child class

    - by Patti
    The setup = I have this class, Transcript: class Transcript(models.Model): body = models.TextField('Body') doPagination = models.BooleanField('Paginate') numPages = models.PositiveIntegerField('Number of Pages') and this class, TranscriptPages(models.Model): class TranscriptPages(models.Model): transcript = models.ForeignKey(Transcript) order = models.PositiveIntegerField('Order') content = models.TextField('Page Content', null=True, blank=True) The Admin behavior I’m trying to create is to let a user populate Transcript.body with the entire contents of a long document and, if they set Transcript.doPagination = True and save the Transcript admin, I will automatically split the body into n Transcript pages. In the admin, TranscriptPages is a StackedInline of the Transcript Admin. To do this I’m overridding Transcript’s save method: def save(self): if self.doPagination: #do stuff super(Transcript, self).save() else: super(Transcript, self).save() The problem = When Transcript.doPagination is True, I want to manually delete all of the TranscriptPages that reference this Transcript so I can then create them again from scratch. So, I thought this would work: #do stuff TranscriptPages.objects.filter(transcript__id=self.id).delete() super(Transcript, self).save() but when I try I get this error: Exception Type: ValidationError Exception Value: [u'Select a valid choice. That choice is not one of the available choices.'] ... and this is the last thing in the stack trace before the exception is raised: .../django/forms/models.py in save_existing_objects pk_value = form.fields[pk_name].clean(raw_pk_value) Other attempts to fix: t = self.transcriptpages_set.all().delete() (where self = Transcript from the save() method) looping over t (above) and deleting each item individually making a post_save signal on TranscriptPages that calls the delete method Any ideas? How does the Admin do it? UPDATE: Every once in a while as I'm playing around with the code I can get a different error (below), but then it just goes away and I can't replicate it again... until the next random time. Exception Type: MultiValueDictKeyError Exception Value: "Key 'transcriptpages_set-0-id' not found in " Exception Location: .../django/utils/datastructures.py in getitem, line 203 and the last lines from the trace: .../django/forms/models.py in _construct_form form = super(BaseInlineFormSet, self)._construct_form(i, **kwargs) .../django/utils/datastructures.py in getitem pk = self.data[pk_key]

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >