Today's Quote

Leadership is action, not position. ~Donald H. McGannon
Find more freelance jobs
Theory of Automata [Solutions]
Ahmad Shahwaiz

Theory of Automata's solutions have been uploaded in this post.
Click Here to get Automata's Solutions!

Category:   Leave a Comment
Mysql - SQL injection prevention
Ahmad Shahwaiz

MySQL - sql injection prevention



If you have ever taken raw user input and inserted it into a MySQL database there's a chance that you have left yourself wide open for a security issue known as SQL Injection. This lesson will teach you how to help prevent this from happening and help you secure your scripts and MySQL statements.


what is sql injection?


SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

sql injection example



Below is a sample string that has been gathered from a normal user and a bad user trying to use SQL Injection. We asked the users for their login, which will be used to run a SELECT statement to get their information.

MySQL & PHP Code:

// a good user's name
$name = "timmy"; 
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "
";

// user input that uses SQL Injection
$name_bad = "' OR 1'"; 

// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";

// display what the new query will look like, with injection
echo "Injection: " . $query_bad;

Display:

Normal: SELECT * FROM customers WHERE username = 'timmy'
Injection: SELECT * FROM customers WHERE username = '' OR 1''
The normal query is no problem, as our MySQL statement will just select everything from customers that has a username equal to timmy.
However, the injection attack has actually made our query behave differently than we intended. By using a single quote (') they have ended the string part of our MySQL query
  • username = ' '
and then added on to our WHERE statement with an OR clause of 1 (always true).
  • username = ' ' OR 1
This OR clause of 1 will always be true and so every single entry in the "customers" table would be selected by this statement!

more serious sql injection attacks

Although the above example displayed a situation where an attacker could possibly get access to a lot of information they shouldn't have, the attacks can be a lot worse. For example an attacker could empty out a table by executing aDELETE statement.

MySQL & PHP Code:

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

// our MySQL query builder really should check for injection
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";

// the new evil injection query would include a DELETE statement
echo "Injection: " . $query_evil;

Display:

SELECT * FROM customers WHERE username = ' '; DELETE FROM customers WHERE 1 or username = ' '
If you were run this query, then the injected DELETE statement would completely empty your "customers" table. Now that you know this is a problem, how can you prevent it?

injection prevention - mysql_real_escape_string()

Lucky for you, this problem has been known for a while and PHP has a specially-made function to prevent these attacks. All you need to do is use the mouthful of a function mysql_real_escape_string.
What mysql_real_escape_string does is take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(') a user might enter with a MySQL-safe substitute, an escaped quote \'.
Lets try out this function on our two previous injection attacks and see how it works.

MySQL & PHP Code:

//NOTE: you must be connected to the database to use this function!
// connect to MySQL

$name_bad = "' OR 1'"; 

$name_bad = mysql_real_escape_string($name_bad);

$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Escaped Bad Injection: 
" . $query_bad . "
";


$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

$name_evil = mysql_real_escape_string($name_evil);

$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
echo "Escaped Evil Injection: 
" . $query_evil;

Display:

Escaped Bad Injection:
SELECT * FROM customers WHERE username = '\' OR 1\''
Escaped Evil Injection:
SELECT * FROM customers WHERE username = '\'; DELETE FROM customers WHERE 1 or username = \''
Notice that those evil quotes have been escaped with a backslash \, preventing the injection attack. Now all these queries will do is try to find a username that is just completely ridiculous:
  • Bad: \' OR 1\'
  • Evil: \'; DELETE FROM customers WHERE 1 or username = \'
And I don't think we have to worry about those silly usernames getting access to our MySQL database. So please do use the handy mysql_real_escape_string()function to help prevent SQL Injection attacks on your websites. You have no excuse not to use it after reading this lesson!

Category:   Leave a Comment
JavaScript
Ahmad Shahwaiz

//------------------------------------------------------------------------
// This file depends on:
// http://gmail.google.com/gmail?view=page&name=browser
//------------------------------------------------------------------------

//------------------------------------------------------------------------
// Some browser detection logic.
// Once http://gmail.google.com/gmail?view=page&name=browser has these
// variables as *global* these definitions can be deleted.
//------------------------------------------------------------------------
var agt = navigator.userAgent.toLowerCase();
var is_op = (agt.indexOf("opera") != -1);
var is_ie = (agt.indexOf("msie") != -1) && document.all && !is_op;
var is_ie5 = (agt.indexOf("msie 5") != -1) && document.all && !is_op;

//------------------------------------------------------------------------
// Communication with server
//------------------------------------------------------------------------

function CreateXmlHttpReq(handler) {
var xmlhttp = null;
if (is_ie) {
// Guaranteed to be ie5 or ie6
var control = (is_ie5) ? "Microsoft.XMLHTTP" : "Msxml2.XMLHTTP";

try {
xmlhttp = new ActiveXObject(control);
xmlhttp.onreadystatechange = handler;
} catch (ex) {
// TODO: better help message
alert("You need to enable active scripting and activeX controls");
}

} else {

// Mozilla
xmlhttp = new XMLHttpRequest();
xmlhttp.onload = handler;
xmlhttp.onerror = handler;

}

return xmlhttp;
}

// XMLHttp send POST request
function XmlHttpPOST(xmlhttp, url, data) {
try {
xmlhttp.open("POST", url, true);
xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xmlhttp.send(data);

} catch (ex) {
// do nothing
}
}

// XMLHttp send GEt request
function XmlHttpGET(xmlhttp, url) {
try {
xmlhttp.open("GET", url, true);
xmlhttp.send(null);

} catch (ex) {
// do nothing
}
}

Category:   Leave a Comment
MindFreakShahwaiz
Ahmad Shahwaiz


This is a Mind reader software...
Similar to www.peteranswers.com having same criteria..
It tells about answers you give him!
For Example: If you ask about your name then it will tell your name...
Its 100% true you just have to give it time!
First of all Request, then Question him!
after it, it will show you the desired results!
Click here ----> MindFreakShahwaiz.exe to download the Software!
Thankx! Keep visiting! :-)

Category: ,   1 Comment
Love and Sorrow...Felt By All God's Creatures
Ahmad Shahwaiz



Swallows: Here his wife is injured and the 


condition is fatal. 




She was hit by a car as she swooped low 


across the road. 



Here he brought her food and attended to her 

with love  and

 compassion.

He brought her food again but was shocked 

to find her dead.

 He tried to move her....a rarely-seen effort 

for swallows!

Aware that his sweetheart is dead and will 

never come back 

to him again,

He cries with adoring love.

He stood beside her, saddened of her death.

Finally aware that she would never return to 

him, he

Stood beside her body with sadness and 

sorrow.

Millions of people cried after watching this 

picture in America and Europe and even in 

Pakistan. It is too said that the Photographer 

sold these pictures for a nominal fee to the 

most famous newspaper in France. All 

copies of that Newspaper were sold out on 

the day these pictures were  published and 

many of us think that animals don't have a 

brain or feelings... 


Category:   2 Comments
International Scores
Ahmad Shahwaiz

International Scores: "Get the latest scores of all the international cricket matches from Cricinfo.

  Leave a Comment
Free Web2SMS Service for my visitors
Ahmad Shahwaiz




Note: After Agreeing... Click the "Send Free Sms" button and then Click the dialog box where you will give the Security code and press ENTER thats it!!

Category:   8 Comments
« Previous Entries