Search Results

Search found 17627 results on 706 pages for 'hierarchical query'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 591/706 | < Previous Page | 587 588 589 590 591 592 593 594 595 596 597 598  | Next Page >

  • Are there any security vulnerabilities in this PHP code?

    - by skorned
    Hi. I just got a site to manage, but am not too sure about the code the previous guy wrote. I'm pasting the login procedure below, could you have a look and tell me if there are any security vulnerabilities? At first glance, it seems like one could get in through SQL injection or manipulating cookies and the ?m= parameter. define ( 'CURRENT_TIME', time ()); / / Current time. define ( 'ONLINE_TIME_MIN', (CURRENT_TIME - BOTNET_TIMEOUT)); / / Minimum time for the status of "Online". define ( 'DEFAULT_LANGUAGE', 'en'); / / Default language. define ( 'THEME_PATH', 'theme'); / / folder for the theme. / / HTTP requests. define ( 'QUERY_SCRIPT', basename ($ _SERVER [ 'PHP_SELF'])); define ( 'QUERY_SCRIPT_HTML', QUERY_SCRIPT); define ( 'QUERY_VAR_MODULE', 'm'); / / variable contains the current module. define ( 'QUERY_STRING_BLANK', QUERY_SCRIPT. '? m ='); / / An empty query string. define ( 'QUERY_STRING_BLANK_HTML', QUERY_SCRIPT_HTML. '? m ='); / / Empty query string in HTML. define ( 'CP_HTTP_ROOT', str_replace ( '\ \', '/', (! empty ($ _SERVER [ 'SCRIPT_NAME'])? dirname ($ _SERVER [ 'SCRIPT_NAME']):'/'))); / / root of CP. / / The session cookie. define ( 'COOKIE_USER', 'p'); / / Username in the cookies. define ( 'COOKIE_PASS', 'u'); / / user password in the cookies. define ( 'COOKIE_LIVETIME', CURRENT_TIME + 2592000) / / Lifetime cookies. define ( 'COOKIE_SESSION', 'ref'); / / variable to store the session. define ( 'SESSION_LIVETIME', CURRENT_TIME + 1300) / / Lifetime of the session. ////////////////////////////////////////////////// ///////////////////////////// / / Initialize. ////////////////////////////////////////////////// ///////////////////////////// / / Connect to the database. if (! ConnectToDB ()) die (mysql_error_ex ()); / / Connecting topic. require_once (THEME_PATH. '/ index.php'); / / Manage login. if (! empty ($ _GET [QUERY_VAR_MODULE])) ( / / Login form. if (strcmp ($ _GET [QUERY_VAR_MODULE], 'login') === 0) ( UnlockSessionAndDestroyAllCokies (); if (isset ($ _POST [ 'user']) & & isset ($ _POST [ 'pass'])) ( $ user = $ _POST [ 'user']; $ pass = md5 ($ _POST [ 'pass']); / / Check login. if (@ mysql_query ( "SELECT id FROM cp_users WHERE name = '". addslashes ($ user). "' AND pass = '". addslashes ($ pass). "' AND flag_enabled = '1 'LIMIT 1") & & @ mysql_affected_rows () == 1) ( if (isset ($ _POST [ 'remember']) & & $ _POST [ 'remember'] == 1) ( setcookie (COOKIE_USER, md5 ($ user), COOKIE_LIVETIME, CP_HTTP_ROOT); setcookie (COOKIE_PASS, $ pass, COOKIE_LIVETIME, CP_HTTP_ROOT); ) LockSession (); $ _SESSION [ 'Name'] = $ user; $ _SESSION [ 'Pass'] = $ pass; / / UnlockSession (); header ( 'Location:'. QUERY_STRING_BLANK. 'home'); ) else ShowLoginForm (true); die (); ) ShowLoginForm (false); die (); ) / / Output if (strcmp ($ _GET [ 'm'], 'logout') === 0) ( UnlockSessionAndDestroyAllCokies (); header ( 'Location:'. QUERY_STRING_BLANK. 'login'); die (); ) ) ////////////////////////////////////////////////// ///////////////////////////// / / Check the login data. ////////////////////////////////////////////////// ///////////////////////////// $ logined = 0, / / flag means, we zalogininy. / / Log in session. LockSession (); if (! empty ($ _SESSION [ 'name']) & &! empty ($ _SESSION [ 'pass'])) ( if (($ r = @ mysql_query ( "SELECT * FROM cp_users WHERE name = '". addslashes ($ _SESSION [' name'])."' AND pass = ' ". addslashes ($ _SESSION [' pass']). " 'AND flag_enabled = '1' LIMIT 1 ")))$ logined = @ mysql_affected_rows (); ) / / Login through cookies. if ($ logined! == 1 & &! empty ($ _COOKIE [COOKIE_USER]) & &! empty ($ _COOKIE [COOKIE_PASS])) ( if (($ r = @ mysql_query ( "SELECT * FROM cp_users WHERE MD5 (name )='". addslashes ($ _COOKIE [COOKIE_USER ])."' AND pass = '". addslashes ($ _COOKIE [COOKIE_PASS]). " 'AND flag_enabled = '1' LIMIT 1 ")))$ logined = @ mysql_affected_rows (); ) / / Unable to login. if ($ logined! == 1) ( UnlockSessionAndDestroyAllCokies (); header ( 'Location:'. QUERY_STRING_BLANK. 'login'); die (); ) / / Get the user data. $ _USER_DATA = @ Mysql_fetch_assoc ($ r); if ($ _USER_DATA === false) die (mysql_error_ex ()); $ _SESSION [ 'Name'] = $ _USER_DATA [ 'name']; $ _SESSION [ 'Pass'] = $ _USER_DATA [ 'pass']; / / Connecting language. if (@ strlen ($ _USER_DATA [ 'language'])! = 2 | |! SafePath ($ _USER_DATA [ 'language']) | |! file_exists ( 'system / lng .'.$_ USER_DATA [' language '].' . php'))$_ USER_DATA [ 'language'] = DEFAULT_LANGUAGE; require_once ( 'system / lng .'.$_ USER_DATA [' language'].'. php '); UnlockSession ();

    Read the article

  • Get company name in android using new API's

    - by HellBoy
    Currently I am getting company name using following code public class ContactsDemo extends Activity { /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); Cursor cursor = getContentResolver().query(Contacts.Organizations.CONTENT_URI, null, null, null, null); //ContactsContract.CommonDataKinds. if(cursor!=null){ System.out.println(cursor.getString(cursor.getColumnIndex (Contacts.Organizations.COMPANY))); }}} but I don't want to use deprected API's. & in new API's there is no CONTENT_URI in Organisation class. How to get company name using new API.

    Read the article

  • linq to sql update data

    - by pranay
    can i update my employee record as given in below function or i have to make query of employee collection first and than i update data public int updateEmployee(App3_EMPLOYEE employee) { DBContextDataContext db = new DBContextDataContext(); db.App3_EMPLOYEEs.Attach(employee); db.SubmitChanges(); return employee.PKEY; } or i have to do this public int updateEmployee(App3_EMPLOYEE employee) { DBContextDataContext db = new DBContextDataContext(); App3_EMPLOYEE emp = db.App3_EMPLOYEEs.Single(e => e.PKEY == employee.PKEY); db.App3_EMPLOYEEs.Attach(employee,emp); db.SubmitChanges(); return employee.PKEY; } But i dont want to use second option is there any efficient way to update data

    Read the article

  • MySQL Integer vs DateTime index

    - by David Kuridža
    Let me start by saying I have looked at many similar questions asked, but all of them relate to Timestamp and DateTime field type without indexing. At least that is my understanding. As we all know, there are certain advantages when it comes to DateTime. Putting them aside for a minute, and assuming table's engine is InnoDB with 10+ million records, which query would perform faster when criteria is based on: DateTime with index int with index In other words, it is better to store date and time as DateTime or UNIX timestamp in int? Keep in mind there is no need for any built-in MySQL functions to be used.

    Read the article

  • Set to null a parent record so that children are removed: howto?

    - by EugeneP
    How to delete a child row (on delete cascade ?) when setting a null value on a parent? Here's the db design. table A [id, b_id_1, b_id_2] table B [id, other fields...] b_id_1 and b_id_2 can be NULL if any of them is null, it means NO B records for corresponding FK (there are 2 of them) so (b_id_1,b_id_2) can be (null,null), (100, null), (null, 100_or_any_other_number) etc How in one SQL query both set b_id_1 or b_id_2 to null and delete all rows from B that have this id? What FK design should be applied to the 2 tables? what foreign keys should be added? A - B (FK_1: A.b_id_1 references B.id, FK_2: A.b_id_2 references B.id) and also B-A (FK_3: B.id references A.b_id_1, FK_4: B.id references A.b_id_2) ? But again, setting an A's b_id_1 or A's b_id_2 to null - will it remove any of B's records? I don't think so. So how to do that?

    Read the article

  • I want to exchange the Value of a column in two different rows in Microsoft SQL server

    - by Silmaril89
    Hi, I want to do the following two SQL Queries in Microsoft SQL SERVER UPDATE Partnerships SET sortOrder = 2 WHERE sortOrder = 1; UPDATE Partnerships SET sortOrder = 1 WHERE sortOrder = 2; The only problem is, I don't allow for sortOrder to contain the same value, it is a unique key. How could I get around this, because the first query violates the unique key rule and terminates? Or will I have to get rid of the unique key rule I have? Thanks!

    Read the article

  • Archiving rows dynamically

    - by Serge
    I was wondering what would be the best solution to dynamically archive rows. For instance when a user marks a task as completed, that task needs to be archived yet still accessible. What would be the best practices for achieving this? Should I just leave it all in the same table and leave out completed tasks from the queries? I'm afraid that over time the table will become huge (1,000,000 rows in a year or less). Or should I create another table ie task_archive and query that row whenever data is needed from it? I know similar questions have been asked before but most of them where about archiving thousands of rows simultaneously, I just need to know what would be the best method (and why) to archive 1 row at a time once it's been marked completed

    Read the article

  • select row from table and substitute a field with one from another column if it exists

    - by EarthMind
    I'm trying construct a PostgreSQL query that does the following but so far my efforts have been in vain. Problem: There are two tables: A and B. I'd like to select all columns from table A (having columns: id, name, description) and substitute the "A.name" column with the value of the column "B.title" from table B (having columns: id, table_A_id title, langcode) where B.table_A_id is 5 and B.langcode is "nl" (if there are any rows). My attempts: SELECT A.name, case when exists(select title from B where table_A_id = 5 and langcode= 'nl') then B.title else A.name END FROM A, B WHERE A.id = 5 and B.table_A_id = 5 and B.langcode = 'nl' -- second try: SELECT COALESCE(B.title, A.name) as name from A, B where A.id = 5 and B.table_A_id = 5 and exists(select title from B where table_A_id = 5 and langcode= 'nl') I've tried using a CASE and COALESCE() but failed due to my inexperience with both concepts. Thanks in advance.

    Read the article

  • Most efficient way to maintain a 'set' in SQL Server?

    - by SEVEN YEAR LIBERAL ARTS DEGREE
    I have ~2 million rows or so of data, each row with an artificial PK, and two Id fields (so: PK, ID1, ID2). I have a unique constraint (and index) on ID1+ID2. I get two sorts of updates, both with a distinct ID1 per update. 100-1000 rows of all-new data (ID1 is new) 100-1000 rows of largely, but not necessarily completely overlapping data (ID1 already exists, maybe new ID1+ID2 pairs) What's the most efficient way to maintain this 'set'? Here are the options as I see them: Delete all the rows with ID1, insert all the new rows (yikes) Query all the existing rows from the set of new data ID1+ID2, only insert the new rows Insert all the new rows, ignore inserts that trigger unique constraint violations Any thoughts?

    Read the article

  • Discard unprintable characters returned in server's XML response

    - by Penang
    While trying to use the Bing API to search, I am getting characters that are not printable and do not seem to hold any extra information. The goal is to save the XML (UTF-8) response as a text file to be parsed later. My code currently looks something like this: URL url = new URL(queryURL); BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream())); BufferedWriter out = new BufferedWriter(new FileWriter(query+"-"+saveResultAs)); String str = in.readLine(); out.write(str); in.close(); out.close(); When I send the contents of 'str' to console it looks something like this: and here's a what the newly created local XML file looks like: What should I be doing to convert the UTF-8 text so that str does not have the extra characters?

    Read the article

  • Passing URIs as URL arguments in Drupal 6

    - by wynz
    I'm running into problems trying to pass absolute URIs as parameters with clean URLs enabled. I've got hook_menu() set up like this: function mymodule_menu() { return array( 'page/%' = array( 'title' = 'DBpedia Display Test', 'page callback' = 'mymodule_dbpedia_display', 'page arguments' = array(1), ), ); } and in the page callback: function mymodule_dbpedia_display($uri) { // Make an HTTP request for this URI // and then render some things return $output; } What I'm hoping to do is somehow pass full URIs (e.g. "http://dbpedia.org/resource/Coffee") to my page callback. I've tried a few things and nothing's worked so far... http://mysite.com/page/http%3A%2F%2Fdbpedia.org%2Fresource%2FCoffee Completely breaks Drupal's rewriting http://mysite.com/page/?uri=http%3A%2F%2Fdbpedia.org%2Fresource%2FCoffee Gives a 404 http://mysite.com/page/http://dbpedia.org/resource/Coffee Returns just "http:", which makes sense I could probably use $_GET to pull out the whole query string, but I guess I'm hoping for a more 'Drupal' solution. Any suggestions?

    Read the article

  • How do I declare a C# Web User Control but stop it from initializing?

    - by Scott Stafford
    I have a C#/ASP.NET .aspx page that declares two controls that each represents the content of one tab. I want a query string argument (e.g., ?tab=1) to determine which of the two controls is activated. My problem is, they both go through the initialization events and populate their child controls, wasting CPU resources and slowing the response time. Is it possible to deactivate them somehow so they don't go through any initialization? My .aspx page looks like this: <% if (TabId == 0) { %> <my:usercontroltabone id="ctrl1" runat="server" /> <% } else if (TabId == 1) { %> <my:usercontroltabtwo id="ctrl2" runat="server" /> <% } %> And that part works fine. I assumed the that <%'s would have meant the control wouldn't actually be declared and so wouldn't initialize, but that isn't so...

    Read the article

  • Fulltext search not returning expected results

    - by Puneet
    I am experimenting with SQL Server full text search. I have a simple Categories table with Id as the primary key: CREATE TABLE [dbo].[Category]( [Id] [int] IDENTITY(1,1) NOT NULL, [CategoryName] [varchar](100) NOT NULL, ) My Query is: SELECT * FROM FREETEXTTABLE (Category, CategoryName, 'music') AS F INNER JOIN Category C ON F.[Key] = C.Id ORDER BY F.Rank DESC This returns me several records with the word music in them, but it does NOT return any record with word ‘musical’. Although, it can be said that the string being searched is not very big and using the LIKE operator will resolve it. I would like to use fulltext search because this simple example is going to be extended to include other tables and fileds.

    Read the article

  • Open Source PHP search engine

    - by Ravi Gupta
    I am looking for an open source search engine plugin written in php for my website(eCommerce). Before anybody answer that I have a doubt regarding the search engine. Usually search engine crawl web pages, create indexes and then use them while looking for contents. But will the same model work for eCommerce websites? Yeah, it can crawl products pages, index them but don't you think it would be better if it crawls the database directly and index the products stored in the database? And when a user search for any product, it will simply give us the rows of the table which matches the user query? May be what I am asking is a stupid question but I am new to web development, so kindly help me to understand the concept. I have looked at a search engine called Sphider but didn't get what all I have to do to make it work with an eCommerce website.

    Read the article

  • SQL question - Cursor or not?

    - by grady
    Hi, I have a query which returns 2+ rows. In those results is a column which we can call columnX for now. Lets look at those example results: columnX 100 86 85 70 null null I get 6 rows for example, some of them are null, some of them are not null. Now I want to go through those results and stop as soon as I find a row which is < null. How can I do that? Thanks in advance :-)

    Read the article

  • Reporting Services URL parameter problems

    - by GxG
    I have an URL to a location on the server where it can find teh report. The report works just fine if i manually refresh it. I tried using rc:ClearSession=TRUE and i also tried sending a random parameter, but the report is still not being refreshed. Any ideas? The main scenario: User eneters the page(with a grid view) User clicks on Export User sees the Report User deletes an entry from the page - grid view User clicks on Export again User sees the exact same report P.S. : The report query returns the data that should be displayed but the report returns the previous data.

    Read the article

  • Extending appengine's db.Property with caching

    - by Noio
    I'm looking to implement a property class for appengine, very similar to the existing db.ReferenceProperty. I am implementing my own version because I want some other default return values. My question is, how do I make the property remember its returned value, so that the datastore query is only performed the first time the property is fetched? What I had is below, and it does not work. I read that the Property classes do not belong to the instances, but to the model definition, so I guess that the return value is not cached for each instance, but overwritten on the model every time. Where should I store this _resolved variable? class PageProperty(db.Property): data_type = Page def get_value_for_datastore(self, model_instance): page = super(PageProperty, self).get_value_for_datastore(model_instance) self._resolved = page return page.key().name() def make_value_from_datastore(self, value): if not hasattr(self, '_resolved'): self._resolved = Page.get_by_name(value) return self._resolved

    Read the article

  • Checking exception before using GETITEMBYID()

    - by ps123
    Hello, I am getting item by getiembyid...but I want to check before using it that whether item exist or not...I don't want to use query as main purpose of using Getitembyid is performance.....any idea how to achieve this... itemid = Response.QueryString["loc"]; SPList mylist = myweb.GetList(SPUrlUtility.CombineUrl(myweb.ServerRelativeUrl, "/Lists/Location")); //now id itemid does not exist it throws exception...so i want to check before using following statement that itemid exist...I know i can check throw SPQuery but as i said above because of performance issue only i m using itemid.... SPListItem myitem = mylist.GetItemById(Convert.ToInt32(itemid)); Any idea how to achieve this?

    Read the article

  • mysql twitter/facebook like status feed

    - by barjonah
    Hi, I have two tables. One named status like this... user_id | status --------+----------- 1 | random status from user 1 2 | random status from user 2 3 | random message from user 3 4 | staus from user 4 1 | second status for user1 etc... and another named users_following like this... user_id | is_following --------+----------- 1 | 2 1 | 3 2 | 1 3 | 2 meaning that user 1 is following both users 2 and 3 etc... So, let's say I chose user 1. What is the best query (performance wise) to show the status updates of users that user 1 is following, in this case users 2 and 3 currently I have something like SELECT * from status WHERE user_id IN(SELECT is_following FROM users_following WHERE user_id='1') LIMIT 0,5 but I don't think this is good for performance if a user was following thousands+ of users

    Read the article

  • Converting Informix 'Perform' screens to a Windows-based application

    - by Lunthita
    For the past several years we have slowly built an Access-based front end to access our InformixSE database (unix). Our Sun server will be shut down in a couple of months and I'm looking for a relatively inexpensive solution for porting over the remainder of our old ".per" screens to a Windows-based solution. And even for the screens that have been reprogrammed, there's nothing that beats being able to query any field on the screen like you could with those simple-to-get-up-and-running Informix "Perform" screens. Does anyone have experience with a solution?

    Read the article

  • Cadr of a list involving assoc function

    - by user3619045
    I have looked around on the net and cant find an answer to my query. I would really appreciate if someone could provide a good answer without down rating this post. In Lisp car, cdr are used on data mode like '(whatever here) which makes sense to me. Now, in the book Land of Lisp the author is explaining how to build a text engine and suddenly he uses the following description to make a function. (defun describe-location (location nodes) (cadr (assoc location nodes))) Can I ask why is he doing a cadr on a list and how come it provides a response and not an error? shouldn't it be a data mode i.e with a quote in front of the opening bracket '(whatever here)? and also why is he using assoc as in (assoc location nodes) and not (assoc 'garden *nodes*) Isn't the second correct way to use assoc ? I may be missing the big picture and as such would really appreciate someone explaining these key points please. Many thanks!

    Read the article

  • If I'm projecting with linq and not using a range variable what is the proper syntax?

    - by itchi
    I have a query that sums and aggregates alot of data something like this: var anonType = from x in collection let value = collection.Where(c=>c.Code == "A") select new { sum = value.Sum(v=>v.Amount) }; I find it really weird that I have to declare the range variable x, especially if I'm not using it. So, am I doing something wrong or is there a different format I should be following? Also, keep in mind that anonType has about 15 different properties that are all types of aggregates (sums,counts, etc). So I couldn't do something like: int x = collection.Where(c=>c.Code == "A").Sum(v=>v.Amount);

    Read the article

  • Entity framework Update fails when object is linked to a missing child

    - by McKay
    I’m having trouble updating an objects child when the object has a reference to a nonexising child record. eg. Tables Car and CarColor have a relationship. Car.CarColorId CarColor.CarColorId If I load the car with its color record like so this var result = from x in database.Car.Include("CarColor") where x.CarId = 5 select x; I'll get back the Car object and it’s Color object. Now suppose that some time ago a CarColor had been deleted but the Car record in question still contains the CarColorId value. So when I run the query the Color object is null because the CarColor record didn’t exist. My problem here is that when I attach another Color object that does exist I get a Store update, insert error when saving. Car.Color = newColor Database.SaveChanges(); It’s like the context is trying to delete the nonexisting color. How can I get around this?

    Read the article

  • filter queryset based on list, including None

    - by jujule
    Hi all I dont know if its a django bug or a feature but i have a strange ORM behaviour with MySQL. class Status(models.Model): name = models.CharField(max_length = 50) class Article(models.Model) status = models.ForeignKey(status, blank = True, null=True) filters = Q(status__in =[0, 1,2] ) | Q(status=None) items = Article.objects.filter(filters) this returns Article items but some have other status than requested [0,1,2,None] looking at the sql query : SELECT [..] FROM `app_article` LEFT OUTER JOIN `app_status` ON (`app_article`.`status_id` = `app_status`.`id`) WHERE (`app_article`.`status_id` IN (1, 2) OR `app_status`.`id` IS NULL) ORDER BY [...] the OR app_status.id IS NULL part seems to be the cause. if i change it to OR app_article.status_id IS NULL it works correctly. How to deal with this ? Thanx.

    Read the article

  • Problem with joining to an empty table

    - by Imran Omar Bukhsh
    I use the following query: select * from A LEFT JOIN B on ( A.t_id != B.t_id) to get all the records in A that are not in B. The results are fine except when table B is completely empty, but then I do not get any records, even from table A. Later It wont work yet! CREATE TABLE IF NOT EXISTS T1 ( id int(11) unsigned NOT NULL AUTO_INCREMENT, title varchar(50) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, t_id int(11) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ; -- -- Dumping data for table T1 INSERT INTO T1 (id, title, t_id) VALUES (1, 'apple', 1), (2, 'orange', 2); -- -- Table structure for table T2 CREATE TABLE IF NOT EXISTS T2 ( id int(11) NOT NULL AUTO_INCREMENT, title varchar(50) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, t_id int(11) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ; -- -- Dumping data for table T2 INSERT INTO T2 (id, title, t_id) VALUES (1, 'dad', 2); Now I want to get all records in T1 that do not have a corresponding records in T2 I try SELECT * FROM T1 LEFT OUTER JOIN T2 ON T1.t_id != T2.t_id and it won't work

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 587 588 589 590 591 592 593 594 595 596 597 598  | Next Page >