Search Results

Search found 22358 results on 895 pages for 'django raw query'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 571/895 | < Previous Page | 567 568 569 570 571 572 573 574 575 576 577 578  | Next Page >

  • Why aren't my MySQL Group By Hours vs Half Hours files Not displaying same data?

    - by stogdilla
    I need to be able to display data that I have in 15 minute increments in different display types. I have two queries that are giving me trouble. One shows data by half an hour, the other shows data by hour. The only issue is that the data totals change between queries. It's not counting the data that happens between the time frames, only AT the time frames. Ex: There are 5 things that happen at 7:15am. 2 that happen at 7:30am and 4 that show at 7:00am. The 15 minute view displays all of the data. The half hour view displays the data from 7:00am and from 7:30am but ignores the 7:15am. The hour display only shows the 7:00am data Here are my queries: $query="SELECT * FROM data WHERE startDate='$startDate' and queue='$queue' GROUP BY HOUR(start),floor(minute(start)/30)"; and $query="SELECT * FROM data WHERE startDate='$startDate' and queue='$queue' GROUP BY HOUR(start) "; How can I pull out the data in groups like I have but get all the data included? Is the issue the way the data is stored in the mysql table? Currently I have a column with dates (2010-03-29) and a column with times (00:00) Do I need to convert these into something else?

    Read the article

  • Outputting an HTML entity character from a helper function

    - by morpheous
    I am using Symfony 1.3.2 on Ubuntu. I have written a little helper function (statsfoo) that prints out summary statistics about an item. I am using the helper function in my template like this: // In StatsHelper.php <?php function statsfoo($some_param) { return "<div class=\"sfoo\">&9830; the stats number for item is 42</div>" } //In showStatsSuccess.php <?php use_helper(Stats); <?php echo statsfoo($foobar, ESC_ENTITIES); I tried both ESC_ENTITIES and ESC_RAW. In both instances, the raw number (&9830) was displayed in the page. I want to display the diamond instead. What am I doing wrong and how can I fix this?

    Read the article

  • Using reflection to find all linq2sql tables and ensure they match the database

    - by Jake Stevenson
    I'm trying to use reflection to automatically test that all my linq2sql entities match the test database. I thought I'd do this by getting all the classes that inherit from DataContext from my assembly: var contexttypes = Assembly.GetAssembly(typeof (BaseRepository<,>)).GetTypes().Where( t => t.IsSubclassOf(typeof(DataContext))); foreach (var contexttype in contexttypes) { var context = Activator.CreateInstance(contexttype); var tableProperties = type.GetProperties().Where(t=> t.PropertyType.Name == typeof(ITable<>).Name); foreach (var propertyInfo in tableProperties) { var table = (propertyInfo.GetValue(context, null)); } } So far so good, this loops through each ITable< in each datacontext in the project. If I debug the code, "table" is properly instantiated, and if I expand the results view in the debugger I can see actual data. BUT, I can't figure out how to get my code to actually query that table. I'd really like to just be able to do table.FirstOrDefault() to get the top row out of each table and make sure the SQL fetch doesn't fail. But I cant cast that table to be anything I can query. Any suggestions on how I can make this queryable? Just the ability to call .Count() would be enough for me to ensure the entities don't have anything that doesn't match the table columns.

    Read the article

  • LINQ thinks I need an extra INNER JOIN, but why?

    - by Saurabh Kumar
    I have a LINQ query, which for some reason is generating an extra/duplicatre INNER JOIN. This is causing the query to not return the expected output. If I manually comment that extra JOIN from the generated SQL, then I get seemingly correct output. Can you detect what I might have done i nthis LINQ to have cuased this extra JOIN? Thanks. Here is my approx LINQ var ids = context.Code.Where(predicate); var rs = from r in ids group r by new { r.phonenumbers.person.PersonID} into g let matchcount=g.Select(p => p.phonenumbers.PhoneNum).Distinct().Count() where matchcount ==2 select new { personid = g.Key }; and here is the generated SQL (the duplicate join is [t7]) Declare @p1 VarChar(10)='Home' Declare @p2 VarChar(10)='111' Declare @p3 VarChar(10)='Office' Declare @p4 VarChar(10)='222' Declare @p5 int=2 SELECT [t9].[PersonID] AS [pid] FROM ( SELECT [t3].[PersonID], ( SELECT COUNT(*) FROM ( SELECT DISTINCT [t7].[PhoneValue] FROM [dbo].[Person] AS [t4] INNER JOIN [dbo].[PersonPhoneNumber] AS [t5] ON [t5].[PersonID] = [t4].[PersonID] INNER JOIN [dbo].[CodeMaster] AS [t6] ON [t6].[Code] = [t5].[PhoneType] INNER JOIN [dbo].[PersonPhoneNumber] AS [t7] ON [t7].[PersonID] = [t4].[PersonID] WHERE ([t3].[PersonID] = [t4].[PersonID]) AND ([t6].[Enumeration] = @p0) AND ((([t6].[CodeDescription] = @p1) AND ([t5].[PhoneValue] = @p2)) OR (([t6].[CodeDescription] = @p3) AND ([t5].[PhoneValue] = @p4))) ) AS [t8] ) AS [value] FROM ( SELECT [t0].[PersonID] FROM [dbo].[Person] AS [t0] INNER JOIN [dbo].[PersonPhoneNumber] AS [t1] ON [t1].[PersonID] = [t0].[PersonID] INNER JOIN [dbo].[CodeMaster] AS [t2] ON [t2].[Code] = [t1].[PhoneType] WHERE ([t2].[Enumeration] = @p0) AND ((([t2].[CodeDescription] = @p1) AND ([t1].[PhoneValue] = @p2)) OR (([t2].[CodeDescription] = @p3) AND ([t1].[PhoneValue] = @p4))) GROUP BY [t0].[PersonID] ) AS [t3] ) AS [t9] WHERE [t9].[value] = @p5

    Read the article

  • How to generate unique number of 12 digits?

    - by DanSogaard
    I'm working on an app that sends raw data to zebra printer and print out barcodes. And since every item has its own unique barcode, I need to define a variable that automatically generates unique number of 12 digits long. see example: printBar prnt = new printBar("123456789012"); Is there anyway to define a double variable and pass it to a function that return uniqely 12 digits number and pass it over again to the printBar class?. But how to make sure everytime you access it returns a unique value?. I also thought of another way, since am using MS Access db, I can create a column of AutoNumber datatype and assign it to Random, but you don't get the exact 12 digits required, sometimes it generates a value of 10 digits sometimes more or less.

    Read the article

  • CFfile -- value is not set to the queried data

    - by user494901
    I have this add user form, it also doubles as a edit user form by querying the data and setting the value="#query.xvalue#". If the user exists (eg, you're editing a user, it loads in the users data from the database. When doing this on the <cffile field it does not load in the data, then when the insert goes to insert data it overrights the database values with a blank string (If a user does not input a new file). How do I avoid this? Code: Form: <br/>Digital Copy<br/> <!--- If null, set a default if not, set the default to database default ---> <cfif len(Trim(certificationsList.cprAdultImage)) EQ 0> <cfinput type="file" required="no" name="cprAdultImage" value="" > <cfelse> File Exists: <cfoutput><a href="#certificationsList.cprAdultImage#">View File</a></cfoutput> <cfinput type="file" required="no" name="cprAdultImage" value="#certificationsList.cprAdultImage#"> </cfif> Form Processor: <!--- Has a file been specificed? ---> <cfif not len(Trim(form.cprAdultImage)) EQ 0> <cffile action="upload" filefield="cprAdultImage" destination="#destination#" nameConflict="makeUnique"> <cfinvokeargument name="cprAdultImage" value="#pathOfFile##cffile.serverFile#"> <cfelse> <cfinvokeargument name="cprAdultImage" value=""> </cfif> CFC ARGS: <cfargument name="cprAdultExp" required="NO"> <cfargument name="cprAdultCompany" type="string" required="no"> <cfargument name="cprAdultImage" type="string" required="no"> <cfargument name="cprAdultOnFile" type="boolean" required="no"> Query: UPDATE mod_StudentCertifications SET cprAdultExp='#DateFormat(ARGUMENTS.cprAdultExp, "mm/dd/yyyy")#', cprAdultCompany='#Trim(ARGUMENTS.cprAdultCompany)#', cprAdultImage='#Trim(ARGUMENTS.cprAdultImage)#', cprAdultOnFile='#Trim(ARGUMENTS.cprAdultOnFile)#' INSERT INTO mod_StudentCertifications( cprAdultExp, cprAdultcompany, cprAdultImage, cprAdultOnFile

    Read the article

  • Do database engines other than SQL Server behave this way?

    - by Yishai
    I have a stored procedure that goes something like this (pseudo code) storedprocedure param1, param2, param3, param4 begin if (param4 = 'Y') begin select * from SOME_VIEW order by somecolumn end else if (param1 is null) begin select * from SOME_VIEW where (param2 is null or param2 = SOME_VIEW.Somecolumn2) and (param3 is null or param3 = SOME_VIEW.SomeColumn3) order by somecolumn end else select somethingcompletelydifferent end All ran well for a long time. Suddenly, the query started running forever if param4 was 'Y'. Changing the code to this: storedprocedure param1, param2, param3, param4 begin if (param4 = 'Y') begin set param2 = null set param3 = null end if (param1 is null) begin select * from SOME_VIEW where (param2 is null or param2 = SOME_VIEW.Somecolumn2) and (param3 is null or param3 = SOME_VIEW.SomeColumn3) order by somecolumn end else select somethingcompletelydifferent And it runs again within expected parameters (15 seconds or so for 40,000+ records). This is with SQL Server 2005. The gist of my question is this particular "feature" specific to SQL Server, or is this a common feature among RDBMS' in general that: Queries that ran fine for two years just stop working as the data grows. The "new" execution plan destroys the ability of the database server to execute the query even though a logically equivalent alternative runs just fine? This may seem like a rant against SQL Server, and I suppose to some degree it is, but I really do want to know if others experience this kind of reality with Oracle, DB2 or any other RDBMS. Although I have some experience with others, I have only seen this kind of volume and complexity on SQL Server, so I'm curious if others with large complex databases have similar experience in other products.

    Read the article

  • Interesting LinqToSql behaviour

    - by Ben Robinson
    We have a database table that stores the location of some wave files plus related meta data. There is a foreign key (employeeid) on the table that links to an employee table. However not all wav files relate to an employee, for these records employeeid is null. We are using LinqToSQl to access the database, the query to pull out all non employee related wav file records is as follows: var results = from Wavs in db.WaveFiles where Wavs.employeeid == null; Except this returns no records, despite the fact that there are records where employeeid is null. On profiling sql server i discovered the reason no records are returned is because LinqToSQl is turning it into SQL that looks very much like: SELECT Field1, Field2 //etc FROM WaveFiles WHERE 1=0 Obviously this returns no rows. However if I go into the DBML designer and remove the association and save. All of a sudden the exact same LINQ query turns into SELECT Field1, Field2 //etc FROM WaveFiles WHERE EmployeeID IS NULL I.e. if there is an association then LinqToSql assumes that all records have a value for the foreign key (even though it is nullable and the property appears as a nullable int on the WaveFile entity) and as such deliverately constructs a where clause that will return no records. Does anyone know if there is a way to keep the association in LinqToSQL but stop this behaviour. A workaround i can think of quickly is to have a calculated field called IsSystemFile and set it to 1 if employeeid is null and 0 otherwise. However this seems like a bit of a hack to work around strange behaviour of LinqToSQl and i would rather do something in the DBML file or define something on the foreign key constraint that will prevent this behaviour.

    Read the article

  • Ideas for building vulnerabilities into your site?

    - by Jaco Pretorius
    I'm trying to create a programming challenge that would require developers to hack into the MVC site I create. The idea is obviously to teach them about preventing these types of attacks. The current idea I have is to build multiple vulnerabilities into the site - but the second vulnerability would require the first to be completed, etc. So I was thinking the first could be a sql injection attack, the second would require a modified GET request, etc. Exploiting the final vulnerability would reveal a specific piece of information which is proof that you have completed the entire challenge. This will not be deployed on a public site - it's simply a learning tool for developers at my company. I'm not looking for MVC-specific vulnerabilities - I'm simply using MVC because it allows me to work with the 'raw' HTML. Any ideas on the different vulnerabilities I can use?

    Read the article

  • Efficiently Serving Dynamic Content in Google App Engine

    - by awegawef
    My app on google app engine returns content items (just text) and comments on them. It works like this (pseudo-ish code): query: get keys of latest content #query to datastore for each item in content if item_dict in memcache: use item_dict else: build_item_dict(item) #by fetching from datastore store item_dict in memcache send all item_dicts to template Sorry if the code isn't understandable. I get all of the content dictionaries and send them to the template, which uses them to create the webpage. My problem is that if the memcache has expired, for each item I want to display, I have to (1) lookup item in memcache, (2) since no memcache exists I must fetch item from the datastore, and (3) store the item in memcache. These calls build up quickly. I don't set an expire time for the entries to the memcache, so this really only happens once in the morning, but the webpage takes long enough to load (~1 sec) that the browser reports it as not existing. Regularly, my webpages take about 50ms to load. This approach works decently for frequent visits, but it has its flaws as shown above. How can I remedy this? The entries are dynamic enough that I don't think it would be in my best interest to cache my initial request. Thanks in advance

    Read the article

  • Mac OSX: Passing a file from user process to kernel module.

    - by Inso Reiges
    Hello, I need to pass a link to file from a user process to the OSX kernel driver. By link i mean anything that uniquely identifies a file on the local filesystem. I need that link to do I/O on that file in kernel. The most obvious solution seems to pass a file name and use a VFS vnode lookup. However i noticed, that Apple Disk Images helper process passes a raw data array for image-path property to driver when attaching a disk image file: <2f 56 6f 6c 75 6d 65 73 2f 73 74 6f 72 61 67 65 2f 74 65 73 74 32 2e 64 6d 67> What is that diskimages-helper passes to the kernel driver? Some serialized type perhaps? If yes, what type is it and how can i use it?

    Read the article

  • Mac OSX: Passing a link to file from user process to kernel module.

    - by Inso Reiges
    Hello, I need to pass a link to file from a user process to the OSX kernel driver. By link i mean anything that uniquely identifies a file on the local filesystem. I need that link to do I/O on that file in kernel. The most obvious solution seems to pass a file name and use a VFS vnode lookup. However i noticed, that Apple Disk Images helper process passes a raw data array for image-path property to driver when attaching a disk image file: <2f 56 6f 6c 75 6d 65 73 2f 73 74 6f 72 61 67 65 2f 74 65 73 74 32 2e 64 6d 67> What is that diskimages-helper passes to the kernel driver? Some serialized type perhaps? If yes, what type is it and how can i use it?

    Read the article

  • C# Socket ReceiveAll

    - by rielz
    Hey there! I am trying to capture ip packets in c#. Everything is working fine, except that i only get outgoing packets. My Code: using (Socket sock = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP)) { sock.Bind(new IPEndPoint(LOCALHOST, 0)); sock.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, true); sock.IOControl(IOControlCode.ReceiveAll, BitConverter.GetBytes(1), null); while (true) { byte[] buffer = new byte[sock.ReceiveBufferSize]; int count = sock.Receive(buffer); // ... } } Does anyone have an idea? :( Doesnt find any solutions at Google, ... Thank you in advance.

    Read the article

  • SQL Server 2005 - Building a WHERE clause

    - by user336786
    Hello, I have a stored procedure that is dynamically building a query. The where clause associated with this query is based on filter values selected by a user. No matter what I do though, the where clause does not seem to get set. -- Dynamically build the WHERE clause based on the filters DECLARE @whereClause as nvarchar(1024) IF (@hasSpouse > -1) BEGIN IF (@hasSpouse = 0) SET @whereClause='p.[HasSpouse]=0' ELSE SET @whereClause='(p.[HasSpouse]=1 OR p.[HasSpouse] IS NULL)' END -- Dynamically add the next filter if necessary IF (@isVegan > -1) BEGIN IF (LEN(@whereClause) > 0) BEGIN SET @whereClause = @whereClause + ' AND ' END IF (@isVegan = 0) SET @whereClause = @whereClause + 'c.[IsVegan]=0' ELSE SET @whereClause = @whereClause + '(c.[IsVegan]=1 OR c.[IsVegan] IS NULL)' END PRINT @whereClause The @whereClause never prints anything. In turn, the LEN(@whereClause) is always NULL. The @isVegan and @hasSpouse values are passed into the stored procedure. The values are what I expected. What am I doing wrong? Why is the @whereClause never being set? Thank you for your help! Thank you!

    Read the article

  • Sending file over socket

    - by johannix
    I'm have a problem sending data as a file from one end of a socket to the other. What's happening is that both the server and client are trying to read the file so the file never gets sent. I was wondering how to have the client block until the server's completed reading the file sent from the client. I have this working with raw packets using send and recv, but figured this was a cleaner solution... Client: connects to server creating socket connection creates a file on socket and sends data waits for file from server Server: waits for file from client Complete interraction: client sends data to server server sends data to client

    Read the article

  • How to avoid hard-coded credentials in Sharepoint webpart?

    - by Bryan
    I am building a Sharepoint web part that will be used by all users, but can only be modified by admins. The web part connects to a web service which needs credentials. I hard coded credentials in the web part's code. query.Credentials = new System.Net.NetworkCredential("username", "password", "domain"); query is an instance of the web service class This may not be a good approach. In regard with security, the source code of the web apart is available to people who are not allowed to see the credentials. In normal ASP.net applications, credentials can be written into web.config and encrypted. A web part doesn't have a .config file associated. There is a application-level .config file for the whole sharepoint site, but I don't want to modify it for a single webpart. I wonder if there is a webpart-specific way to solve the credential problem? Say we provide a WebBrowsable property of that web part so that privileged users can modify credentials. If this is desirable, how should I make the property displayed in a password ("*") rather than in plain text? Thanks.

    Read the article

  • UTF-8 MySQL and Charset, pls help me understand this once and for all!

    - by FFish
    Can someone explain me when I set everything to UTF-8 I keep getting those damn ??? MySQL Server version: 5.1.44 MySQL charset: UTF-8 Unicode (utf8) I create a new database name: utf8test collation: utf8_general_ci MySQL connection collation: utf8_general_ci My SQL looks like this: SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; CREATE TABLE IF NOT EXISTS `test_table` ( `test_id` int(11) NOT NULL, `test_text` text NOT NULL, PRIMARY KEY (`test_id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; INSERT INTO `test_table` (`test_id`, `test_text`) VALUES (1, 'hééélo'), (2, 'wööörld'); My PHP / HTML: <?php $db_conn = mysql_connect("localhost", "root", "") or die("Can't connect to db"); mysql_select_db("utf8test", $db_conn) or die("Can't select db"); // $result = mysql_query("set names 'utf8'"); // this works... why?? $query = "SELECT * FROM test_table"; $result = mysql_query($query); $output = ""; while($row = mysql_fetch_assoc($result)) { $output .= "id: " . $row['test_id'] . " - text: " . $row['test_text'] . "<br />"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html lang="it" xmlns="http://www.w3.org/1999/xhtml" xml:lang="it"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>UTF-8 test</title> </head> <body> <?php echo $output; ?> </body> </html>

    Read the article

  • Count of memory copies in *nix systems between packet at NIC and user application?

    - by Michael_73
    Hi there, This is just a general question relating to some high-performance computing I've been wondering about. A certain low-latency messaging vendor speaks in its supporting documentation about using raw sockets to transfer the data directly from the network device to the user application and in so doing it speaks about reducing the messaging latency even further than it does anyway (in other admittedly carefully thought-out design decisions). My question is therefore to those that grok the networking stacks on Unix or Unix-like systems. How much difference are they likely to be able to realise using this method? Feel free to answer in terms of memory copies, numbers of whales rescued or areas the size of Wales ;) Their messaging is UDP-based, as I understand it, so there's no problem with establishing TCP connections etc. Any other points of interest on this topic would be gratefully thought about! Best wishes, Mike

    Read the article

  • Socket ReceiveAll

    - by rielz
    I am trying to capture ip packets in c#. Everything is working fine, except that i only get outgoing packets. My Code: using (Socket sock = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP)) { sock.Bind(new IPEndPoint(MYADDRESS, 0)); sock.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, true); sock.IOControl(IOControlCode.ReceiveAll, BitConverter.GetBytes(1), null); while (true) { byte[] buffer = new byte[sock.ReceiveBufferSize]; int count = sock.Receive(buffer); // ... } } The problem is definitely my pc! But maybe there is a workaround ...

    Read the article

  • Time order of messages

    - by Aiden Bell
    Read (skimmed enough to get coding) through Erlang Programming and Programming Erlang. One question, which is as simple as it sounds: If you have a process Pid1 on machine m1 and a billion million messages are sent to Pid1, are messages handled in parallel by that process (I get the impression no) and(answered below) is there any guarantee of order when processing messages? ie. Received in order sent? If so, how is clock skew handled in high traffic situations for ordering? Coming from the whole C/Thread pools/Shared State background ... I want to get this concrete. I understand distributing an application, but want to ensure the 'raw bones' are what I expect before building processes and distributing workload. Also, am I right in thinking the whole world is currently flicking through Erlang texts ;)

    Read the article

  • html code in anchor tag text in c# razor

    - by Tripping
    I am trying to show the rupee sign: ₹ code: &#8377 ; in my anchor tag. I have tried a few things but nothing works ... please help @{ string _text = String.Format("{0} {1} {2} {3} {4}", @Html.DisplayFor(model => model.NoOfBedrooms), "bedroom flat", @Html.DisplayFor(model => model.TransactionTypeDescription), @Html.Raw(&#8377;), @Html.DisplayFor(model => model.Price)); string _rental = ""; if (Model.TransactionType == 2) { _rental = " per month"; } else { _rental = ""; }; string _linkText = _text + _rental; } @Html.ActionLink(_linkText, "Details", "Property", new { id = Model.PropertyId }, null)

    Read the article

  • In MVC framworks (such as Ruby on Rails), does usually Model spell as singular and controller and vi

    - by Jian Lin
    I usually see Ruby on Rails books using script/generate model Story name:string link:string which is a singular Story, while when it is controller script/generate controller Stories index then the Story now is Stories, which is plural. Is this a standard on Ruby on Rails? Is it true in other MVC frameworks too, like CakePHP, Symfony, Django, or TurboGears? I see that in the book Rails Space, the controller is also called User, which is the same as the model name, and it is the only exception I see. Update: also, when scaffold is done on Ruby on Rails, then automatically, the model is singular and the controller and view are both plural.

    Read the article

  • Ridiculously Simple Erlang Question

    - by Aiden Bell
    Read (skimmed enough to get coding) through Erlang Programming and Programming Erlang. One question, which is as simple as it sounds: If you have a process Pid1 on machine m1 and a billion million messages are sent to Pid1, are messages handled in parallel by that process (I get the impression no) and is there any guarantee of order when processing messages? ie. Received in order sent? Coming from the whole C/Thread pools/Shared State background ... I want to get this concrete. I understand distributing an application, but want to ensure the 'raw bones' are what I expect before building processes and distributing workload. Also, am I right in thinking the whole world is currently flicking through Erlang texts ;)

    Read the article

  • Access 2007 not allowing user to delete record in subform

    - by Todd McDermid
    Good day... The root of my issue is that there's no context menu allowing the user to delete a row from a form. The "delete" button on the ribbon is also disabled. In Access 2003, apparently this function was available, but since our recent "upgrade" to 2007 (file is still in MDB format) it's no longer there. Please keep in mind I'm not an Access dev, nor did I create this app - I inherited support for it. ;) Now for the details, and what I've tried. The form in question is a subform on a larger form. I've tried turning "AllowDeletes" on on both forms. I've checked the toolbar and ribbon properties on the forms to see if they loaded some custom stuff, but no. I've tried changing the "record locks" to "on edit", no joy. I examined the query to see if it was "too complicated" to permit a delete - as far as I can tell, it's a very simple two (linked) table join. Compared to another form in this app that does permit row deletes, it has a much more complicated (multi-join, built on queries) query. Is there a resource that would describe the required conditions for allowing deletes? Thanks in advance...

    Read the article

  • PHP -- automatic SQL injection protection?

    - by ashgromnies
    I took over maintenance of a PHP app recently and I'm not super familiar with PHP but some of the things I've been seeing on the site are making me nervous that it could be vulnerable to a SQL injection attack. For example, see how this code for logging into the administrative section works: $password = md5(HASH_SALT . $_POST['loginPass']); $query = "SELECT * FROM `administrators` WHERE `active`='1' AND `email`='{$_POST['loginEmail']}' AND `password`='{$password}'"; $userInfo = db_fetch_array(db_query($query)); if($userInfo['id']) { $_SESSION['adminLoggedIn'] = true; // user is logged in, other junk happens here, not important The creators of the site made a special db_query method and db_fetch_array method, shown here: function db_query($qstring,$print=0) { return @mysql(DB_NAME,$qstring); } function db_fetch_array($qhandle) { return @mysql_fetch_array($qhandle); } Now, this makes me think I should be able to do some sort of SQL injection attack with an email address like: ' OR 'x'='x' LIMIT 1; and some random password. When I use that on the command line, I get an administrative user back, but when I try it in the application, I get an invalid username/password error, like I should. Could there be some sort of global PHP configuration they have enabled to block these attacks? Where would that be configured? Here is the PHP --version information: # php --version PHP 5.2.12 (cli) (built: Feb 28 2010 15:59:21) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies with the ionCube PHP Loader v3.3.14, Copyright (c) 2002-2010, by ionCube Ltd., and with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 567 568 569 570 571 572 573 574 575 576 577 578  | Next Page >