Featured post

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
3 comments

variables - Php script, query ran from value thats passed in -

-

i pretty new @ php, quick note android application calling script, not having users make script lol. there series of checkboxs , when check off ones appends script string builder. trying run query based on value of variable being passed in. this,

   mssql_query("update userdata set browsescript = '".$_request['sqlscript']."'  userdata.username = '".$_request['username']."'");

and says .$_request[''] can grab values pass in.

but time .$_request[''] whole script, want this

mssql_query($_request['sqlscript']);

and thats want run query thats in value, query correct, not return value, think may have type of syntax error or something, said new php. help. not posting whole code because running ok, cant query run. need assistance mssql_query part again.

first of there huge security flaw in doing. should sanitalize , escape variables use in queries example using mysql_real_escape_string or prepared statements.

since importing whole script query, quotes not escaped. need put these functions before variables:

mysql_real_escape_string($_request['your_var']);

using $_request in instead of proper $_get or $_post vulnerable.


Comments

Post a Comment

Popular posts from this blog

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
Read more

ios - Very simple iPhone App crashes on UILabel settext -

-
i have simple application. have button , label in ib. have ibaction onclick calls settext on label. there's outlet label. connected in ib. crashes app first time in simulator. when launch again, sets text. crashes again next time. crashes on actual device. should simple, i'm not sure i'm doing wrong. thanks. in .h file : #import <uikit/uikit.h> @interface untitledviewcontroller : uiviewcontroller { iboutlet uilabel *label; iboutlet uibutton *button; } @property (nonatomic, retain) uilabel *label; -(ibaction) onclick1: (id) sender; @end and in .m: - (ibaction) onclick1: (id) sender { //[label settext:@"hello world!"]; label.text = @"hello world!"; //[button settitle:@"clicked" forstate:uicontrolstatenormal]; } sorry, i'm new site. how crash log , stack? thanks. edit : while answer technically correct, doesn't answer question @ :( sorry < warning - guess > if you're...
Read more

mysql - Why there can be only one TIMESTAMP column with CURRENT_TIMESTAMP in DEFAULT clause? -

-
why there can 1 timestamp column current_timestamp in default or on update clause? create table `foo` ( `productid` int(10) unsigned not null, `addeddate` timestamp not null default current_timestamp, `updateddate` timestamp not null default current_timestamp on update current_timestamp ) engine=innodb; the error results: error code : 1293 incorrect table definition; there can 1 timestamp column current_timestamp in default or on update clause this limitation, due historical, code legacy reasons, has been lifted in recent versions of mysql: changes in mysql 5.6.5 (2012-04-10, milestone 8) previously, @ 1 timestamp column per table automatically initialized or updated current date , time. restriction has been lifted. timestamp column definition can have combination of default current_timestamp , on update current_timestamp clauses. in addition, these clauses can used datetime column definitions. more information, see automati...
Read more