Search Results

Search found 23955 results on 959 pages for 'insert query'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 538/959 | < Previous Page | 534 535 536 537 538 539 540 541 542 543 544 545  | Next Page >

  • PHP -- automatic SQL injection protection?

    - by ashgromnies
    I took over maintenance of a PHP app recently and I'm not super familiar with PHP but some of the things I've been seeing on the site are making me nervous that it could be vulnerable to a SQL injection attack. For example, see how this code for logging into the administrative section works: $password = md5(HASH_SALT . $_POST['loginPass']); $query = "SELECT * FROM `administrators` WHERE `active`='1' AND `email`='{$_POST['loginEmail']}' AND `password`='{$password}'"; $userInfo = db_fetch_array(db_query($query)); if($userInfo['id']) { $_SESSION['adminLoggedIn'] = true; // user is logged in, other junk happens here, not important The creators of the site made a special db_query method and db_fetch_array method, shown here: function db_query($qstring,$print=0) { return @mysql(DB_NAME,$qstring); } function db_fetch_array($qhandle) { return @mysql_fetch_array($qhandle); } Now, this makes me think I should be able to do some sort of SQL injection attack with an email address like: ' OR 'x'='x' LIMIT 1; and some random password. When I use that on the command line, I get an administrative user back, but when I try it in the application, I get an invalid username/password error, like I should. Could there be some sort of global PHP configuration they have enabled to block these attacks? Where would that be configured? Here is the PHP --version information: # php --version PHP 5.2.12 (cli) (built: Feb 28 2010 15:59:21) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies with the ionCube PHP Loader v3.3.14, Copyright (c) 2002-2010, by ionCube Ltd., and with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

    Read the article

  • How to validate Login Details using Google apps API ?

    - by Pari
    Hi, I am using below code to to create Contact Service and to Validate login Details: ContactsService obj_ContactService = new ContactsService(""); obj_ContactService.setUserCredentials(userEmail, password); But even if user enters invalid detail above code does not throw any exception. User get verified only when i call "Insert" query after adding whole contact details. But in my application i want to notify user immediately after user enters login details. Thanx

    Read the article

  • What is wrong with this trigger in mysql?

    - by Jimit
    Hi all, Below is trigger that I need to create but It is not getting created.Please any buddy can explain me what is wrong with this trigger ? Help me please. DELIMITER $$ CREATE TRIGGER property_history_update AFTER UPDATE ON `properties` FOR EACH ROW BEGIN IF OLD.ListPrice != NEW.ListPrice THEN INSERT INTO `property_history` SET ListingKey=OLD.ListingKey,ListPrice = NEW.ListPrice, ListingStatus = OLD.ListingStatus,LastUpdatedTime = NEW.LocalLastModifiedOn; END IF; END$$ DELIMITER ;

    Read the article

  • Problems Enforcing Referential Integrity on SQL Server Tables

    - by SidC
    Hello All, I have a SQL Server 2005 database comprised of Customer, Quote, QuoteDetail tables. I want/need to enforce referential integrity such that when an insert is made on quotedetail, the quote and customer tables are also affected. I have tried my best to set up primary/foreign keys on my tables but need some help. Here's the scripts for my tables as they stand now (please don't laugh): Customers: USE [Diel_inventory] GO /****** Object: Table [dbo].[Customers] Script Date: 05/08/2010 03:39:04 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[Customers]( [pkCustID] [int] IDENTITY(1,1) NOT NULL, [CompanyName] [nvarchar](50) NULL, [Address] [nvarchar](50) NULL, [City] [nvarchar](50) NULL, [State] [nvarchar](2) NULL, [ZipCode] [nvarchar](5) NULL, [OfficePhone] [nvarchar](12) NULL, [OfficeFAX] [nvarchar](12) NULL, [Email] [nvarchar](50) NULL, [PrimaryContactName] [nvarchar](50) NULL, CONSTRAINT [PK_Customers] PRIMARY KEY CLUSTERED ([pkCustID] ASC)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] Quotes: USE [Diel_inventory] GO /****** Object: Table [dbo].[Quotes] Script Date: 05/08/2010 03:30:46 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[Quotes]( [pkQuoteID] [int] IDENTITY(1,1) NOT NULL, [fkCustomerID] [int] NOT NULL, [QuoteDate] [timestamp] NOT NULL, [NeedbyDate] [datetime] NULL, [QuoteAmt] [decimal](6, 2) NOT NULL, [QuoteApproved] [bit] NOT NULL, [fkOrderID] [int] NOT NULL, CONSTRAINT [PK_Bids] PRIMARY KEY CLUSTERED ( [pkQuoteID] ASC)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] GO ALTER TABLE [dbo].[Quotes] WITH CHECK ADD CONSTRAINT [fkCustomerID] FOREIGN KEY([fkCustomerID]) REFERENCES [dbo].[Customers] ([pkCustID]) GO ALTER TABLE [dbo].[Quotes] CHECK CONSTRAINT [fkCustomerID] QuoteDetail: USE [Diel_inventory] GO /****** Object: Table [dbo].[QuoteDetail] Script Date: 05/08/2010 03:31:58 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[QuoteDetail]( [ID] [int] IDENTITY(1,1) NOT NULL, [fkQuoteID] [int] NOT NULL, [fkCustomerID] [int] NOT NULL, [fkPartID] [int] NULL, [PartNumber1] [float] NOT NULL, [Qty1] [int] NOT NULL, [PartNumber2] [float] NULL, [Qty2] [int] NULL, [PartNumber3] [float] NULL, [Qty3] [int] NULL, [PartNumber4] [float] NULL, [Qty4] [int] NULL, [PartNumber5] [float] NULL, [Qty5] [int] NULL, [PartNumber6] [float] NULL, [Qty6] [int] NULL, [PartNumber7] [float] NULL, [Qty7] [int] NULL, [PartNumber8] [float] NULL, [Qty8] [int] NULL, [PartNumber9] [float] NULL, [Qty9] [int] NULL, [PartNumber10] [float] NULL, [Qty10] [int] NULL, [PartNumber11] [float] NULL, [Qty11] [int] NULL, [PartNumber12] [float] NULL, [Qty12] [int] NULL, [PartNumber13] [float] NULL, [Qty13] [int] NULL, [PartNumber14] [float] NULL, [Qty14] [int] NULL, [PartNumber15] [float] NULL, [Qty15] [int] NULL, [PartNumber16] [float] NULL, [Qty16] [int] NULL, [PartNumber17] [float] NULL, [Qty17] [int] NULL, [PartNumber18] [float] NULL, [Qty18] [int] NULL, [PartNumber19] [float] NULL, [Qty19] [int] NULL, [PartNumber20] [float] NULL, [Qty20] [int] NULL, CONSTRAINT [PK_QuoteDetail] PRIMARY KEY CLUSTERED ( [ID] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] GO ALTER TABLE [dbo].[QuoteDetail] WITH CHECK ADD CONSTRAINT [FK_QuoteDetail_Customers] FOREIGN KEY ([fkCustomerID]) REFERENCES [dbo].[Customers] ([pkCustID]) GO ALTER TABLE [dbo].[QuoteDetail] CHECK CONSTRAINT [FK_QuoteDetail_Customers] GO ALTER TABLE [dbo].[QuoteDetail] WITH CHECK ADD CONSTRAINT [FK_QuoteDetail_PartList] FOREIGN KEY ([fkPartID]) REFERENCES [dbo].[PartList] ([RecID]) GO ALTER TABLE [dbo].[QuoteDetail] CHECK CONSTRAINT [FK_QuoteDetail_PartList] GO ALTER TABLE [dbo].[QuoteDetail] WITH CHECK ADD CONSTRAINT [FK_QuoteDetail_Quotes] FOREIGN KEY([fkQuoteID]) REFERENCES [dbo].[Quotes] ([pkQuoteID]) GO ALTER TABLE [dbo].[QuoteDetail] CHECK CONSTRAINT [FK_QuoteDetail_Quotes] Your advice/guidance on how to set these up so that customer ID in Customers is the same as in Quotes (referential integrity) and that CustomerID is inserted on Quotes and Customers when an insert is made to QuoteDetial would be much appreciated. Thanks, Sid

    Read the article

  • MYSQL JOIN WHERE ISSUES - need some kind of if condition

    - by Breezer
    Hi Well this will be hard to explain but ill do my best The thing is i have 4 tables all with a specific column to relate to eachother. 1 table with users(agent_users) , 1 with working hours(agent_pers), 1 with sold items(agent_stat),1 with project(agent_pro) the user and the project table is irrelevant in the issue at hand but to give you a better understanding why certain tables is included in my query i decided to still mention them =) The thing is that I use 2 pages to insert data to the working hour and the sold items during that time tables, then i have a third page to summarize everything for current month, the query for that is as following: SELECT *, SUM(sv_p_kom),SUM(sv_p_gick),SUM(sv_p_lunch) FROM (( agent_users LEFT JOIN agent_pers ON agent_users.sv_aid = agent_pers.sv_p_uid) LEFT JOIN agent_stat ON agent_pers.sv_p_uid = agent_stat.sv_s_uid) LEFT JOIN agent_pro ON agent_pers.sv_p_pid=agent_pro.p_id WHERE MONTH(agent_pers.sv_p_datum) =7 GROUP BY sv_aname so the problem is now that i dont want sold items from previous months to get included in the data received, i know i could solve that by simple adding in the WHERE part MONTH(agent_stat.sv_s_datum) =7 but then if no items been sold that month no data at all will show up not the time or anything. Any aid on how i could solve this is greatly appreciated. if there's something that's not so clear dont hesitate to ask and ill try my best to answer. after all my english isn't the best out there :P regards breezer

    Read the article

  • All symbols after & stripped

    - by user300413
    My query: mysql::getInstance()->update('requests', array('response' => mysql_real_escape_string($_POST['status'])), array('secret' => $_POST['secret'])); ?> If i wand to add string with "&" symbol, all symbols after "&" stripped. Example: string: !"?;%:?*()_+!@#$%^&*()_+ in database i see only: !"?;%:?*()_+!@#$%^ How to fix this? update function, if anyone need: function update($table, $updateList, $whereConditions) { $updateQuery = ''; foreach ($updateList as $key => $newValue) { if (!is_numeric($newValue)) { $newValue = "'" . $newValue . "'"; } if (strlen($updateQuery) == 0) { $updateQuery .= '`' . $key . '` = ' . $newValue; } else { $updateQuery .= ', `' . $key . '` = ' . $newValue; } } return $this->query('UPDATE ' . $table . ' SET ' . $updateQuery . $this->buildWhereClause($whereConditions)); }

    Read the article

  • Inserting checkbox values

    - by rabeea
    hey i have registration form that has checkboxes along with other fields. i cant insert the selected checkbox values into the data base. i have made one field in the database for storing all checked values. this is the code for checkbox part in the form: Websites, IT and Software Writing and Content <pre><input type="checkbox" name="expertise[]" value="Design and Media"> Design and Media <input type="checkbox" name="expertise[]" value="Data entry and Admin"> Data entry and Admin </pre> <pre><input type="checkbox" name="expertise[]" value="Engineering and Skills"> Engineering and Science <input type="checkbox" name="expertise[]" value="Seles and Marketing"> Sales and Marketing </pre> <pre><input type="checkbox" name="expertise[]" value="Business and Accounting"> Business and Accounting <input type="checkbox" name="expertise[]" value="Others"> Others </pre> and this is the corresponding php code for inserting data $checkusername=mysql_query("SELECT * FROM freelancer WHERE fusername='{$_POST['username']}'"); if (mysql_num_rows($checkusername)==1) { echo "username already exist"; } else { $query = "insert into freelancer(ffname,flname,fgender,femail,fusername,fpwd,fphone,fadd,facc,facc_name,fbank_details,fcity,fcountry,fexpertise,fprofile,fskills,fhourly_rate,fresume) values ('".$_POST['first_name']."','".$_POST['last_name']."','".$_POST['gender']."','".$_POST['email']."','".$_POST['username']."','".$_POST['password']."','".$_POST['phone']."','".$_POST['address']."','".$_POST['acc_num']."','".$_POST['acc_name']."','".$_POST['bank']."','".$_POST['city']."','".$_POST['country']."','".implode(',',$_POST['expertise'])."','".$_POST['profile']."','".$_POST['skills']."','".$_POST['rate']."','".$_POST['resume']."')"; $result = ($query) or die (mysql_error()); this code inserts data for all fields but the checkbox value field remains empty???

    Read the article

  • window form: Adding Emoticons

    - by Emaad Ali
    Hi, i am trying to develop a window form using c# with asp.net 3.5 framework. in that form i want to insert emoticons as we found in yahoo, hotmail etc messenger. can anyone tell me how i can implement that thing as it is done in messenger. please help me.

    Read the article

  • Adding rows to an array in PHP

    - by ChuckO
    I have loaded an associative array of records from a MySQL database table. The array consists of 1 to 7 rows representing one week of entries, which might not have been entered for each day. How can I insert blank rows into the array for the missing days so that I can easily display the data in a table? I don't need to update the database with the blanks.

    Read the article

  • Handling apostrophes, php and pgsql

    - by running4surival
    For my forms, I'm using pg_escape_string on every field before I insert them into the database. So I get something like firstname='O''reilly'. But when I try to print that out, I get O''reily, 2 apostrophes. Shouldn't it only 1 apostrophe, O'reilly? This isnt a debugging problem, im just wondering if you have firstname='O''reilly', how do you print that so it is just O'reilly instead of O''reilly?

    Read the article

  • Copy recordset data into multiple sheets to avoid problem of maximum rows limit in Excel VBA

    - by Sam
    I am developing reporting application in Excel/vba 2003. VBA code sends search query to database and gets the data through recordset. It will then be copied to one of excel sheet. The rertrieved data looks like as shown below. ProductID--|---DateProcessed--|----State----- 1................|.. 1/1/2010..............|.....Picked Up 1................|.. 1/1/2010..............|.....Forward To Approver 1................|.. 1/2/2010..............|.....Approver Picked Up 1................|.. 1/3/2010..............|.....Approval Completed 2................|.. 1/1/2010..............|.....Picked Up 3................|.. 1/2/2010..............|.....Picked Up 3................|.. 1/2/2010..............|.....Forward To Approver The problem is data retrieved from search query is so huge that it goes above the excel row limit (65536 rows in excel 2003). So I want to split this data into two excel sheets. While spliting the data I want to ensure that the data for same product shoud remain in one sheet. For example, if the last record in the above result set is 65537th record then I also want to move all records for product 3 into new sheet. So sheet1 will contain records for product id 1 and 2 with total records = 65534. Sheet 2 will cotain records for product id 3 - with total records = 2. How can I acheive this in vba? If it is not possible, is there any alternative solution ? Thanks in Advance !

    Read the article

  • Doctrine2 - relationship

    - by Filip Golonka
    I'm developing an application, which is looking for optimal route and timetable in public transport. I have some experience about Doctrine1, but it's my first time with Doctrine2. There is soem new fields to describe relations (mappedBy and inversedBy) and also some new ways of mapping. I have following code: $query = $this->em->createQuery("SELECT partial cls.{stop}, partial t.{arriveTime, departureTime} FROM \Entities\Timetable t JOIN t.ride r JOIN t.carrierLineStop cls WHERE t.departureTime>=:time AND r.idCarrierLine=:carrierLine AND (cls.idStop=:firstStop OR cls.idStop=:lastStop)"); $query->setParameters(array( 'time' => $time, 'carrierLine' => $path->getLine(), 'firstStop' => $path->getFirstStop(), 'lastStop' => $path->getLastStop() )); When I try to execute that script I've got an error: [Semantical Error] line 0, col 24 near '}, partial t.{arriveTime,': Error: There is no mapped field named 'stop' on class Entities\CarrierLineStop. Mapping files: Entities\CarrierLineStop: type: entity table: carrier_line_stop fields: idCarrierLineStop: id: true type: integer unsigned: false nullable: false column: id_carrier_line_stop generator: strategy: IDENTITY nextStop: type: integer unsigned: false nullable: true column: next_stop manyToOne: idCarrierLine: targetEntity: Entities\CarrierLine cascade: { } mappedBy: null inversedBy: null joinColumns: id_carrier_line: referencedColumnName: id_carrier_line orphanRemoval: false stop: column: id_stop targetEntity: Entities\Stop cascade: { } mappedBy: null inversedBy: carrierLineStop joinColumns: id_stop: referencedColumnName: id_stop orphanRemoval: false lifecycleCallbacks: { } - Entities\Stop: type: entity table: stop fields: idStop: id: true type: integer unsigned: false nullable: false column: id_stop generator: strategy: IDENTITY name: type: string length: 45 fixed: false nullable: true miejscowosc: type: string length: 45 fixed: false nullable: true latitude: type: decimal nullable: true longitude: type: decimal nullable: true oneToMany: carrierLineStop: targetEntity: Entities\CarrierLineStop cascade: { } mappedBy: stop inversedBy: null joinColumns: id_stop: referencedColumnName: id_stop orphanRemoval: false lifecycleCallbacks: { } I have no idea about where the problem is...

    Read the article

  • LINQ - Querying a list filtered via a Many-to-Many reltionship

    - by user118190
    Please excuse the context of my question for I did not know how to exactly word it. To not complicate things further, here's my business requirement: "bring me back all the Employees where they belong in Department "X". So when I view this, it will display all of the Employees that belong to this Department. Here's my environment: Silverlight 3 with Entity Framework 1.0 and WCF Data Services 1.0. I am able to load and bind all kinds of lists (simple), no problem. I don't feel that my environment matters and that's why I feel it is a LINQ question more than the technologies. My question is for scenarios where I have 3 tables linked, i.e. entities (collections). For example, I have this in my EDM: Employee--EmployeeProject--Project. Here's the table design from the Database: Employee (table1) ------------- EmployeeID (PK) FirstName other Attributes ... EmployeeProject (table2) ------------- EmployeeProjectID (PK) EmployeeID (FK) ProjectID (FK) AssignedDate other Attributes ... Project (table3) ------------- ProjectID (PK) Name other Attributes ... Here's the EDM design from Entity Framework: ------------------------ Employee (entity1) ------------------------ (Scalar Properties) ------------------- EmployeeID (PK) FirstName other Attributes ... ------------------- (Navigation Properties) ------------------- EmployeeProjects ------------------------ EmployeeProject (entity2) ------------------------ (Scalar Properties) ------------------- EmployeeProjectID (PK) AssignedDate other Attributes ... ------------------- (Navigation Properties) ------------------- Employee Project ------------------------ Project (entity3) ------------------------ (Scalar Properties) ------------------- ProjectID (PK) Name other Attributes ... ------------------- (Navigation Properties) ------------------- EmployeeProjects So far, I have only been able to do: var filteredList = Context.Employees .Where(e => e.EmployeeProjects.Where(ep => ep.Project.Name == "ProjectX")) NOTE: I have updated the syntax of the query after John's post. As you can see, I can only query, the related entity (EmployeeProjects). All I want is being able to filter to Project from the Employee entity. Thanks for any advice.

    Read the article

  • What characters are NOT escaped with a mysqli prepared statement?

    - by barfoon
    Hey everyone, I'm trying to harden some of my PHP code and use mysqli prepared statements to better validate user input and prevent injection attacks. I switched away from mysqli_real_escape_string as it does not escape % and _. However, when I create my query as a mysqli prepared statement, the same flaw is still present. The query pulls a users salt value based on their username. I'd do something similar for passwords and other lookups. Code: $db = new sitedatalayer(); if ($stmt = $db->_conn->prepare("SELECT `salt` FROM admins WHERE `username` LIKE ? LIMIT 1")) { $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($salt); while ($stmt->fetch()) { printf("%s\n", $salt); } $stmt->close(); } else return false; Am I composing the statement correctly? If I am what other characters need to be examined? What other flaws are there? What is best practice for doing these types of selects? Thanks,

    Read the article

  • why save_model method doesn't work in admin.StackedInline?

    - by FurtiveFelon
    Hi all, I have a similar problem as a previously solved problem of mine, except this time solution doesn't seem to work: http://stackoverflow.com/questions/2991365/how-to-auto-insert-the-current-user-when-creating-an-object-in-django-admin Previously i used to override the save_model to stamp the user submitting the article. Now i need to do the same for comments, it doesn't seem to work anymore. Anyone have any ideas? Thanks a lot! Jason

    Read the article

  • Find element all of whose children have a given value

    - by cru3l
    for example, i have this xml <elements> <a> <b>6</b> <b>5</b> <b>6</b> </a> <a> <b>5</b> <b>5</b> <b>6</b> </a> <a> <b>5</b> <b>5</b> <b>5</b> <b>5</b> </a> </elements> i need a xpath query, which must return me parent tag, only if all its children are equal to 5 (a[3] in this case). Something like that //b[text()="5"]/.. but with check of all children's tags. Please note that number of children tags can be different from node to node. It's possible with only xpath query? thanks

    Read the article

  • Why Firebug Sucks At Real Time Html Editing?

    - by David
    Hi, i always like to real-time edit a web page source in the browser and updated as i type, but firebug really sucks, i can't insert scripts in the current page, some times the changes i type aren't updated at all, Is there any robust firefox/chrome extension for that? i try to temporarely edit/add code to an existing web page in the internet, not a local one Thanks

    Read the article

  • Creating a Linq->HQL provider

    - by Mike Q
    Hi all, I have a client application that connects to a server. The server uses hibernate for persistence and querying so it has a set of annotated hibernate objects for persistence. The client sends HQL queries to the server and gets responses back. The client has an auto-generated set of objects that match the server hibernate objects for query results and basic persistence. I would like to support using Linq to query as well as Hql as it makes the queries typesafe and quicker to build (no more typos in HQL string queries). I've looked around at the following but I can't see how to get them to fit with what I have. NHibernate's Linq provider - requires using NHibernate ISession and ISessionFactory, which I don't have LinqExtender - requires a lot of annotations on the objects and extending a base type, too invasive What I really want is something that will generate give me a nice easy to process structure to build the HQL queries from. I've read most of a 15 page article written by one of the C# developers on how to create custom providers and it's pretty fraught, mainly because of the complexity of the expression tree. Can anyone suggest an approach for implementing Linq - HQL translation? Perhaps a library that will the cleanup of the expression tree into something more SQL/HQLish. I would like to support select/from/where/group by/order by/joins. Not too worried about subqueries.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 534 535 536 537 538 539 540 541 542 543 544 545  | Next Page >