Simple php sample code for privent SQL injection attacts

<?php

if(isset($_POST[“un”]) && isset($_POST[“pw”])){

mysql_connect(“localhost”,”root”,””);
mysql_select_db(“my_db”);

$username = mysql_real_escape_string($_POST[“un”]);
$password = mysql_real_escape_string($_POST[“pw”]);

$sql = “SELECT * FROM user WHERE id = ‘$username’ AND name = ‘$password’;”;
$result = mysql_query($sql);
if($result){
if(mysql_num_rows($result)>0){
echo “you loged in….”;
}
}

}
?>

Id :

Password :

Advertisements

Mysql with C sharp

dot net commonly use sql server as DBMS. But now it is possible to us Mysql which is open source DBMS commonly use for web developers.

First download latestConnector/Net from http://dev.mysql.com/downloads/connector/net/ link. Install the connector to your pc. This will install the documentation too. You need to add Mysql.Data into the project references before use mysql in your project.

(Solution Explorer -> Your solution -> Your project -> References -> right click -> add reference… -> double click on Mysql.Data)
Now you have to add using MySql.Data.MySqlClient;’ to the top of your source code.
Try to understand following simple code :

string MyConnString = “SERVER=localhost;” + “DATABASE=database;” + “UID=root;” + “PASSWORD=passoword;”;

MySqlConnection connection = newMySqlConnection(MyConnString);

MySqlCommand command = connection.CreateCommand();

MySqlDataReader Reader;

command.CommandText = “select * from tablename”;

connection.Open(); Reader = command.ExecuteReader();

while (Reader.Read()) {

string row = “”;

for (int i = 0; i
row += Reader.GetValue(i).ToString() + ” , “;

System.Console.WriteLine(row);

}

connection.Close();

How to execute php files without loading it

This method will execute the file_handle.php file and return the html result. So we can simply use this to database updates using this (use get method for pass inputs).
<?php
echo “Start”;
echo “end”;
?>
%d bloggers like this: