A Mysql injection is attack tried by site visitors/users to get/damage data in databases by taking benefit from poor programming of websites.An injection attack occurs when a visitor to your site types something into a form input with the purpose of changing the outcome of your MySQL query. For example, at a login screen someone may try this type of attack to gain access to a secure area of the website.

If your query to check the username and password entered by the user was this:

“SELECT * FROM users WHERE username = ‘”.$_POST['username'].”‘ AND password = ‘”.$_POST['password'].”‘”

Someone could login by using any username and for the password they would type ‘ OR ”=” which would be placed into your MySQL query changing it to be:

“SELECT * FROM users WHERE username = ‘anyuser’ AND password = ” OR ”=””

As you can see, MySQL injection attacks can be pretty serious depending on the information the person has access to once they are logged in. It is very important for you to secure your site against injection attacks. Luckily, PHP can aid you in preventing injection attacks.

MySQL will then return all the rows in the table and then, depending on your script’s logic, you will probably log them in because there was a match. Now, in most cases, people have magic_quotes_gpc turned on (it’s the PHP default) which will add backslashes to escape all ‘ (single-quote), ” (double quote), (backslash) and NULL characters. This is not foolproof though because there are other characters that should be escaped to be safe.

Preventing Mysql/PHP injections:-

There are php mysql functions to prevent such type of things:
into your queries. One of The function is mysql_real_escape_string().

use Like :- $value = “‘” . mysql_real_escape_string($value) . “‘”;

For integer values dont forgot to use intval() function

Tags: CMS(Content management System), Drupal, Hacking, Linux, Mysql, Mysql injection, PHP, Programming, Programming Technologies, RDBMS/DBMS SQL, Web technologies by admin
No Comments »

Many times in ASP or dot net we may need to connect to a mysql database.For making a connection to mysql database we need to install mysql connector for windows which you can download from:-

http://dev.mysql.com/get/Downloads/Connector-ODBC/5.1/mysql-connector-odbc-5.1.5-win32.msi/from/pick?file=Downloads/Connector-ODBC/5.1/mysql-connector-odbc-5.1.5-win32.msi&mirror=pick&file=Downloads/Connector-ODBC/5.1/mysql-connector-odbc-5.1.5-win32.msi&mirror=pick

After downloading this connector just install it.and follow the instructions at mysql site:-
http://dev.mysql.com/doc/refman/5.0/en/connector-odbc-configuration-dsn-windows.html

So all is done…

enjoy mysql databases in ASP code file now

Tags: ASP Dot Net, CMS(Content management System), Dot Net Nuke(DNN), Drupal, Mysql, PHP, Programming, Programming Technologies, SQL Server by admin
No Comments »

First of all you should know  how you can add users in mysql databases:-

• Using CREATE USER and/or GRANT commands
• Inserting a new record into the mysql.user table

First let’s see how to use the CREATE USER command:-

     CREATE USER user [IDENTIFIED BY [PASSWORD] ‘password‘]

e.g

mysql>CREATE USER ‘myuser’@‘localhost’ IDENTIFIED BY ‘mypassword’;

Once user added in databases you need to provide privileges to that user.You can use like:-

mysql>GRANT SELECT,INSERT,UPDATE,DELETE ON *.* TO ‘myuser‘@‘localhost’;
or mysql>GRANT ALL ON *.* TO ‘myuser’@‘localhost’;

Another way for creating users in mysql is just enter directoly in user table of mysql and make few entries:-

mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('some_pass'),
     'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
or
mysql> INSERT INTO user (Host,User,Password) VALUES('localhost','usename','pass');
mysql> FLUSH PRIVILEGES;

Tags: Dot Net Nuke(DNN), Drupal, Linux, Mysql, SQL Server by admin
1 Comment »

URL reqriting is Simple Rewriting Your URLS (links) Also Redirecting Them To Known URLS.e.g you’ll make the link : view_my_profile.html –> Is Redirected to function.php?op=3
so instead of the link “function.php?op=3″ Which isn’t enough describing itself we’ll make the link “view_my_profile.html” Which is very describtive.Why using mod_reqrite?. Now see if your site has more than 10,000 Links (Dynamic Website) , do you think we would make 10,000 html files ??

=>Of course Not , and here’s the Use Of Mod-Rewrite. We can achive dynamic pages from code and rewrite their URL using this module.

=>well simply This is Very very useful for search Engines to correctly index Your website and gather keywords, we’ll talk about this in details in “Search Engine Optimization Tips”

How to Enable Mod_rewrite:-
how to configure mod_reqrite to work  It Depends On Your Operating System (Server’s Software) .

• For Linux It’s Supported By Default (in Most Of The Servers) - ModRewrite Is An Apache Module You Don’t Have To Setup Anything And We wont Go On How To Install The Mod-Rewrite On Your Linux Server Cause It’s little Advanced And Complicated.However you can have mod_rewrite module loaded in apache.
• For windows : A lot of developers think that it’s not supported by windows server but infact it is.I’ll Describe How You Can Set it Up On windows (Assuming That You Have IIS installed On Your PC/Server).But If You Haven’t Then You Can Refer To This Post: showthread.php?t=1 (http://www.phpegypt.net/forum/showthread.php?t=1)
  • For Windows XP / 2003 Server
    • You Must Download The Files From ( http://www.iismods.com/download.htm ) also I Attached It to This Post .. [It's Free Released under the GNU General Public License (v2)](May be this link is not working sometimes.)
    • Place It Somewhere on your H.D.D let’s Say “c:\mod_rewrite”
    • Goto Control Panel -> Administrative Tools -> Internet Information Services
    • You’ll Find Your Computer name And bet ween 2 Brackets (localhost) Click it -> open “Web Sites” -> “Default Website”.
    • Right click on “Default Website” Choose “properties”.
    • You’ll Find Many Tabs At The Top Click “ISAPI Filters”.
    • Click Add, Enter “MOD_REWRITE” As The filert name And For The executable Click “Browse” And Choose The file “c:\mod_rewrite\mod_rewrite.dll” or just choose The file “mod_rewrite.dll” Which You Extracted In The Desired Folder.
    • Now Click “Ok” ,Mod Rewrite Should Appear In The List now With Empty Status , and Filername = “MOD_REWRITE” and priority *unknown*..
    • Now You’re Ready To Run The MOD_REWRITE, Click Start->Run
    • Enter the following “iisreset” and click O.K It’ll Perform 4 Quick Operations (restart the iis server) And The window Will Close After That You’re Ready To Test Your ModRewriteNow Assuming That Everything Goes Right.
• Apache/Wamp PHP based:-
  • For apache windows WAMP server you can turn the mod_rewrite extension on by
    • Right clicking on wamp icon click on mod_rewrite.
    • Restart wamp server.
• Apache Linux/Windows Without WAMP:-

  • RewriteRule Source Destintion [options]

    Description:

    RewriteRule: Syntax Keyword That Must Exist Before Any Rule

    Source: The Source Link That Will Appear In Browser & For Users

    Destintion: The Translated (Replaced) Link That Will Appear To The Server.

    [options]: Some Extra Options That Can Be Left Empty

    e.g. [L] To make This Rule The Last And Server Shouldn’t Continue Fetching Rules After it . . . And many Other Options That Will Come Later

    Now Let’s Make Our First Example:

    RewriteRule ^helloworld.html index.php?module=hello

  • Now You Can Play Around With URLs Like :

    RewriteRule ^contactus.html index.php?oper=contactus

    RewriteRule ^aboutus.html index.php?mod=about

    RewriteRule ^login.html index.php?do=login

    .

    .

    .

    etc.

    * Just Remember

    Your .htaccess (apache) should be looking like this :

    RewriteEngine On

    RewriteRule ^login.html index.php?do=login

    Or your mod_rewrite.ini (IIS with mod_rewrite FILTER):

    Debug 0 # This Line Isn’t Important

    Reload 500 # This Line Isn’t Important

    RewriteRule ^login.html index.php?do=login

=>In Windows Your Rules Will be Written In The file “c:\mod_rewrite\mod_rewrite.ini” And In Linux (Apache) Rules Will be written in “.htaccess” (A File That Will/May be located on the root of your website).

So Configuring PHP on iss server is simple..!

Tags: CMS(Content management System), Drupal, Linux, OUR web, PHP, Programming Technologies, SEO by admin
1 Comment »

Many times it is needed to get the structure of table in PHP file or drupal module.There may be conditions that you dont have got admin user name and passwords for cpanel/phpmyadmin.In such cases you must have idea how to know the structure using a small PHP code.you can get connection info for mysql from code files or if you are using ftp it is sure that u can run a SQl query from code file.So below is the simple script for getting table info

Simple PHP Mysql


$table_name="node";
$sql=sprintf("SHOW COLUMNS FROM %s",$table_name);
$$rs=mysql_query($sql);
while($col=mysql_fetch_object($rs))
{
print_r($col);
}


Drupal And Mysql

$table_name="node";
$sql=sprintf("SHOW COLUMNS FROM %s",$table_name);
$$rs=db_query($sql);
while($col=db_fetch_object($rs))
{
print_r($col);
}

Once you have checked structure you must be able now to add alter structure of table using same code method:-

mysql_query("ALTER TABLE user_info ADD user_coupon varchar2(50)");


Tags: CMS(Content management System), Drupal, Mysql, PHP, Programming, Programming Technologies by admin
No Comments »

This is probably the most popular of all issues with with FlashVideo module in drupal. What causes this issue is when your FFMPEG installation does not have an MP3 codec installed with that module. If you are using a Linux server, you can easily verify if you FFMPEG is using an MP3 codec by simply typing the following command…

If it cannot find the FFMPEG binary, then you will need to change the path. Otherwise, you should see some information about your FFMPEG installation. In this information, look for where it says –enable-mp3, or maybe –enable-libmp3lame, or something that has to do with enabling an mp3 codec. If you do not see anything in your configuration that hints that your FFMPEG has an MP3 codec, then this is your problem…
So, here is how to fix it. What you need to do is install the mp3 codec for your ffmpeg binary. There are several articles out there that I would recommend on following to solve this issue. They are as follows.

• http://blog.gwikzone.org/articles/2006/09/25/flv-encoding-with-ffmpeg
• http://www.travistidwell.com/node/263
  Now, lets suppose that you DO see an MP3 codec installed in your FFMPEG binary, but still no luck. This is usually caused because in your FFMPEG Command within the FlashVideo Settings, you do not have the right name for the codec. By default, in the FFMPEG Settings within the FlashVideo Settings you will see that the FFMPEG command is set for…
  -i @input -f flv -acodec mp3 -ar 22050 -ab 64k -ac 1 @output

  What you will be most concerned with is the little part in this command that says -acodec mp3. The mp3 is the name of the codec that will be performing the mp3 conversion. So, when you called the help for the FFMPEG, you should have seen something that says something like –enable-libmp3lame or –enable-mp3, or maybe even something else that has mp3 in the name. Well, all you have to do now is change the FFMPEG command to reflect the same codec name that is given. So, for example, if your FFMPEG has enabled the libmp3lame codec, your FFMPEG command will look like the following…

  -i @input -f flv -acodec libmp3lame -ar 22050 -ab 64k -ac 1 @output

Before using ffmpeg on linux system for video conversion we can check ffmpeg in following method.This will generate a thumbnail from one video file and will save in second given location this command can be run on linux command prompt after changing the source and destionations.

Example:-

/usr/include/ffmpeg -y -i “/home/dev/public_html/files/4533_4NEW_child.wmv” -vframes 1 -ss “00:00:02″ -an -vcodec mjpeg -f rawvideo -s “200×200″ “/home/dev/public_html/files/flashflv/4533_4NEW_child.jpg”

FLV encoding with ffmpeg

$ ./configure && make && sudo make install

 $ svn export svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg

$ ./configure --enable-mp3lame && make && sudo make install

$ /usr/local/bin/ffmpeg  -i input.mov -ar 22050 -ab 56 -aspect 4:3 \
 -b 200 -r 12 -f flv -s 320x240 -acodec mp3 -ac 1 output.flv

<html>
<head>
<title>Flash FLV Player</title>
</head>
<body>
<h3>My First FLV video</h3>
<object type="application/x-shockwave-flash" width="320" height="260" wmode="transparent" data="flvplayer.swf?file=output.flv&amp;autoStart=false">
<param name="movie" value="flvplayer.swf?file=output.flv&amp;autoStart=false" />
<param name="wmode" value="transparent" />
</object>

</body>
</html>

Tags: CMS(Content management System), Drupal, Linux, Multimedia, PHP by admin
No Comments »