A Mysql injection is attack tried by site visitors/users to get/damage data in databases by taking benefit from poor programming of websites.An injection attack occurs when a visitor to your site types something into a form input with the purpose of changing the outcome of your MySQL query. For example, at a login screen someone may try this type of attack to gain access to a secure area of the website.
If your query to check the username and password entered by the user was this:
“SELECT * FROM users WHERE username = ‘”.$_POST['username'].”‘ AND password = ‘”.$_POST['password'].”‘”
Someone could login by using any username and for the password they would type ‘ OR ”=” which would be placed into your MySQL query changing it to be:
“SELECT * FROM users WHERE username = ‘anyuser’ AND password = ” OR ”=””
As you can see, MySQL injection attacks can be pretty serious depending on the information the person has access to once they are logged in. It is very important for you to secure your site against injection attacks. Luckily, PHP can aid you in preventing injection attacks.
MySQL will then return all the rows in the table and then, depending on your script’s logic, you will probably log them in because there was a match. Now, in most cases, people have magic_quotes_gpc turned on (it’s the PHP default) which will add backslashes to escape all ‘ (single-quote), ” (double quote), (backslash) and NULL characters. This is not foolproof though because there are other characters that should be escaped to be safe.
Preventing Mysql/PHP injections:-
There are php mysql functions to prevent such type of things:
into your queries. One of The function is mysql_real_escape_string().
use Like :- $value = “‘” . mysql_real_escape_string($value) . “‘”;
For integer values dont forgot to use intval() function
URL reqriting is Simple Rewriting Your URLS (links) Also Redirecting Them To Known URLS.e.g you’ll make the link : view_my_profile.html –> Is Redirected to function.php?op=3
so instead of the link “function.php?op=3″ Which isn’t enough describing itself we’ll make the link “view_my_profile.html” Which is very describtive.Why using mod_reqrite?. Now see if your site has more than 10,000 Links (Dynamic Website) , do you think we would make 10,000 html files ??
=>Of course Not , and here’s the Use Of Mod-Rewrite. We can achive dynamic pages from code and rewrite their URL using this module.
=>well simply This is Very very useful for search Engines to correctly index Your website and gather keywords, we’ll talk about this in details in “Search Engine Optimization Tips”
How to Enable Mod_rewrite:-
how to configure mod_reqrite to work It Depends On Your Operating System (Server’s Software) .
For Linux It’s Supported By Default (in Most Of The Servers) - ModRewrite Is An Apache Module You Don’t Have To Setup Anything And We wont Go On How To Install The Mod-Rewrite On Your Linux Server Cause It’s little Advanced And Complicated.However you can have mod_rewrite module loaded in apache.
For windows : A lot of developers think that it’s not supported by windows server but infact it is.I’ll Describe How You Can Set it Up On windows (Assuming That You Have IIS installed On Your PC/Server).But If You Haven’t Then You Can Refer To This Post: showthread.php?t=1 (http://www.phpegypt.net/forum/showthread.php?t=1)
For Windows XP / 2003 Server
You Must Download The Files From ( http://www.iismods.com/download.htm ) also I Attached It to This Post .. [It's Free Released under the GNU General Public License (v2)](May be this link is not working sometimes.)
Place It Somewhere on your H.D.D let’s Say “c:\mod_rewrite”
Goto Control Panel -> Administrative Tools -> Internet Information Services
You’ll Find Your Computer name And bet ween 2 Brackets (localhost) Click it -> open “Web Sites” -> “Default Website”.
Right click on “Default Website” Choose “properties”.
You’ll Find Many Tabs At The Top Click “ISAPI Filters”.
Click Add, Enter “MOD_REWRITE” As The filert name And For The executable Click “Browse” And Choose The file “c:\mod_rewrite\mod_rewrite.dll” or just choose The file “mod_rewrite.dll” Which You Extracted In The Desired Folder.
Now Click “Ok” ,Mod Rewrite Should Appear In The List now With Empty Status , and Filername = “MOD_REWRITE” and priority *unknown*..
Now You’re Ready To Run The MOD_REWRITE, Click Start->Run
Enter the following “iisreset” and click O.K It’ll Perform 4 Quick Operations (restart the iis server) And The window Will Close After That You’re Ready To Test Your ModRewriteNow Assuming That Everything Goes Right.
Apache/Wamp PHP based:-
For apache windows WAMP server you can turn the mod_rewrite extension on by
Right clicking on wamp icon click on mod_rewrite.
Restart wamp server.
Apache Linux/Windows Without WAMP:-
RewriteRule SourceDestintion[options]
Description:
RewriteRule:Syntax Keyword That Must Exist Before Any Rule
Source: The Source Link That Will Appear In Browser & For Users
Destintion:The Translated (Replaced) Link That Will Appear To The Server.
[options]: Some Extra Options That Can Be Left Empty
e.g. [L] To make This Rule The Last And Server Shouldn’t Continue Fetching Rules After it . . . And many Other Options That Will Come Later
Your .htaccess (apache) should be looking like this :
RewriteEngine On
RewriteRule ^login.html index.php?do=login
Or your mod_rewrite.ini (IIS with mod_rewrite FILTER):
Debug 0 # This Line Isn’t Important
Reload 500 # This Line Isn’t Important
RewriteRule ^login.html index.php?do=login
=>In Windows Your Rules Will be Written In The file “c:\mod_rewrite\mod_rewrite.ini” And In Linux (Apache) Rules Will be written in “.htaccess” (A File That Will/May be located on the root of your website).
Many times it is needed to get the structure of table in PHP file or drupal module.There may be conditions that you dont have got admin user name and passwords for cpanel/phpmyadmin.In such cases you must have idea how to know the structure using a small PHP code.you can get connection info for mysql from code files or if you are using ftp it is sure that u can run a SQl query from code file.So below is the simple script for getting table info
Simple PHP Mysql
$table_name="node";
$sql=sprintf("SHOW COLUMNS FROM %s",$table_name);
$$rs=mysql_query($sql);
while($col=mysql_fetch_object($rs))
{
print_r($col);
}
Drupal And Mysql
$table_name="node";
$sql=sprintf("SHOW COLUMNS FROM %s",$table_name);
$$rs=db_query($sql);
while($col=db_fetch_object($rs))
{
print_r($col);
}
Once you have checked structure you must be able now to add alter structure of table using same code method:-
mysql_query("ALTER TABLE user_info ADD user_coupon varchar2(50)");
In a typical .Net web application you can change the title of a page on the fly by accessing the Page object’s Title property.
protected void Page_Load(System.Object sender,System.EventArgs e)
{
Page.Title = “My Custom Page Title”;
}
But from within your DotNetNuke module code you do it in a slightly different way. You first type-cast the Page object into a DotNetNuke.Framework.CDefault variable. Then you read and write the Title member on the CDefault object: protected void Page_Load(System.Object sender,System.EventArgs e) { DotNetNuke.Framework.CDefault pageVar= (DotNetNuke.Framework.CDefault)Page; cd.Title.Title = “My Custom Page Title”;//Set page title
titleDiv.innerHTML=”<b>”+cd.Title.Title.toString()+”</b>”;//Display Title of page In a Div at Page } If you compare Page.Title to CDefault.Title you will notice that Page.Title is a public property and CDefault.Title is a public member and you can use this for getting and setting page titles.
Let’s take a look under the hood of the framework. Inside the CDefault source you will find this code:
Public Class CDefault
Inherits DotNetNuke.Framework.PageBase
Public Comment As String = “”
Public Description As String = “”
Public KeyWords As String = “”
Public Copyright As String = “”
Public Generator As String = “”
Public Author As String = “”
Public Shadows Title As String = “”
You will notice that CDefault inherits from DotNetNuke.Framework.PageBase. Let’s take one step further and look at what the PageBase code looks like:
Public MustInherit Class PageBase Inherits System.Web.UI.Page
You can see that PageBase inherits from the System.Web.UI.Page class. What is going on is that CDefault is a descendant of PageBase, and inherently a descendant of the Page class as well. Thus it has all the members and method of those two classes.
However, CDefault defines its own public string called Title which “shadows” the Page.Title property. This essentially hides the Page.Title from Visual Studio’s IntelliSense when you’re viewing the properties and methods of a CDefault object.
Public Shadows Title As String = “”
So when you set CDefault.Title you are actually setting a different variable than Page.Title.
The nice thing about having the CDefault object around is that it exposes several other parts of the page for you to work with besides the title.
Public Description As String = “”
Public KeyWords As String = “”
Public Copyright As String = “”
Public Generator As String = “”
Public Author As String = “”
These members allow you to set the values of meta-data in your page header.
cd.Description = “My Custom Description”;
Note that in the code above, cd is a CDefault object.
Knowing how to set these values can be important for those of you concerned with search engine optimization.
Working With The DotNetNuke Page URL
As you probably already understand, the typical DotNetNuke installation really only has one page, Default.aspx. The Default.aspx page receives the tab id (the id of the page it needs to display) via the query string using URL Rewrite. Inside the SiteURLs.config file in the root folder of your installation there exists the following rule which tells the URL Rewritting Http Module to convert the search engine friendly URL into a URL that passes the tab id to the default.aspx page via the query string:
This is a powerful tool that you can customize in order to make your module more functional.
Just as the DotNetNuke site uses the URL rewriter to reduce the page files down to just one, you can use the URL rewriter to reduce the module instance quantity down to just one. Let me explain.
Let’s say that you have a database table containing 10,000 records, each of which you want to provide individual pages for. Rather than generating 10,000 tabs / pages inside your DotNetNuke installation, you can create a URL rewrite rule like this:
<RewriterRule>
In this rule you tell the URL rewriter to look for a regular expression that matches a request that looks like http://www.yourdomain.com/Products/SomeBrand/ProductName.aspx, where SomeBrand can be anything and ProductName can be anything. Those two “anythings” will be the key to one of the records you wish to display from your database table. The rule rewrites the URL to point to a specific tab (tab 54) on which there exists an instance of your module. This allows you to have a unique URL for each of the 10,000 products in your database, but only one tab within DotNetNuke for displaying them.
Now your module can display whatever it pleases based on the friendly URL that was originally requested! Have your module fetch the brand and item parameters through the query string:
if (Request.QueryString["brand"] != null && Request.QueryString["item"] != null)
{
string path = Request.QueryString["brand"]+ “/” + Request.QueryString["item"];
// now use the path string as a
// key to a record in your database
}
Of course you need to take care not to pass on any old query string data on to your DAL. I usually run the values I get from the query string through some code like this which removes spaces and special characters:
// remove non [A-Za-z0-9] with spaces
myString = Regex.Replace(myString, “[^A-Za-z0-9]“, ” “);
// remove spaces
myString = myString.Replace(” “, ” “).Trim();
For the sake of simplicity you might consider passing the numeric id / key of the item in your database rather than the brand and product name text like the example above. By doing so you can keep your data redundancy low inside your database, and eliminate the chance of two items having the same path in the URL. On the other hand the URL containing only text might be considered more optimized for search engines. This is a trade-off you will have to consider on your own.
Final, here is one note regarding URLs for the Asp.Net beginners reading this. You will probably at some point want to advance the browser to one of the product URLs manually. This can be done using the Response.Redirect() method.
This is probably the most popular of all issues with with FlashVideo module in drupal. What causes this issue is when your FFMPEG installation does not have an MP3 codec installed with that module. If you are using a Linux server, you can easily verify if you FFMPEG is using an MP3 codec by simply typing the following command…
/usr/bin/ffmpeg --help
If it cannot find the FFMPEG binary, then you will need to change the path. Otherwise, you should see some information about your FFMPEG installation. In this information, look for where it says –enable-mp3, or maybe –enable-libmp3lame, or something that has to do with enabling an mp3 codec. If you do not see anything in your configuration that hints that your FFMPEG has an MP3 codec, then this is your problem…
So, here is how to fix it. What you need to do is install the mp3 codec for your ffmpeg binary. There are several articles out there that I would recommend on following to solve this issue. They are as follows.
Now, lets suppose that you DO see an MP3 codec installed in your FFMPEG binary, but still no luck. This is usually caused because in your FFMPEG Command within the FlashVideo Settings, you do not have the right name for the codec. By default, in the FFMPEG Settings within the FlashVideo Settings you will see that the FFMPEG command is set for…
What you will be most concerned with is the little part in this command that says -acodec mp3. The mp3 is the name of the codec that will be performing the mp3 conversion. So, when you called the help for the FFMPEG, you should have seen something that says something like –enable-libmp3lame or –enable-mp3, or maybe even something else that has mp3 in the name. Well, all you have to do now is change the FFMPEG command to reflect the same codec name that is given. So, for example, if your FFMPEG has enabled the libmp3lame codec, your FFMPEG command will look like the following…
Before using ffmpeg on linux system for video conversion we can check ffmpeg in following method.This will generate a thumbnail from one video file and will save in second given location this command can be run on linux command prompt after changing the source and destionations.
