Search Results

Search found 32492 results on 1300 pages for 'reporting database'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 849/1300 | < Previous Page | 845 846 847 848 849 850 851 852 853 854 855 856  | Next Page >

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • Django approximate matching of unicode strings with ascii equivalents

    - by c
    I have the following model and instance: class Bashable(models.Model): name = models.CharField(max_length=100) >>> foo = Bashable.objects.create(name=u"piñata") Now I want to be able to search for objects, but using ascii characters rather than unicode, something like this: >>> Bashable.objects.filter(name__lookslike="pinata") Is there a way in Django to do this sort of approximate string matching, using ascii stand-ins for the unicode characters in the database? Here is a related question, but for Apple's Core Data.

    Read the article

  • count and fetch rows in php

    - by Mac Taylor
    hey guys i have a table in my mysql database named (names) now everyone can save their real names now i want to query this table and find out how many times these names used forexample the output should be : Jakob (20) Jenny (17) now this is my own code : list($usernames) =mysql_fetch_row(mysql_query('SELECT name FROM table_user GROUP BY name ORDER BY COUNT(name) DESC LIMIT 50 ')); list($c) =mysql_num_rows(mysql_query('SELECT COUNT(name) FROM table_user GROUP BY name ')); print $usernames.'('.$c.')' is this a correct approach ?!

    Read the article

  • Migrate Liferay 5 -> 5.2

    - by Alex Takitani
    We have a liferay portal running on a hosting company, and We want to bring it to our own structure. So, I've downloaded the excellent bitnami stack and loaded it in our vmware server. I've no experience on liferay whatsoever, all I know its that it uses mysql as database. Is there any docs on how to do it? Tks!

    Read the article

  • In a PHP project, how do you organize and access your helper objects?

    - by Pekka
    How do you organize and manage your helper objects like the database engine, user notification, error handling and so on in a PHP based, object oriented project? Say I have a large PHP CMS. The CMS is organized in various classes. A few examples: the database object user management an API to create/modify/delete items a messaging object to display messages to the end user a context handler that takes you to the right page a navigation bar class that shows buttons a logging object possibly, custom error handling etc. I am dealing with the eternal question, how to best make these objects accessible to each part of the system that needs it. my first apporach, many years ago was to have a $application global that contained initialized instances of these classes. global $application; $application->messageHandler->addMessage("Item successfully inserted"); I then changed over to the Singleton pattern and a factory function: $mh =&factory("messageHandler"); $mh->addMessage("Item successfully inserted"); but I'm not happy with that either. Unit tests and encapsulation become more and more important to me, and in my understanding the logic behind globals/singletons destroys the basic idea of OOP. Then there is of course the possibility of giving each object a number of pointers to the helper objects it needs, probably the very cleanest, resource-saving and testing-friendly way but I have doubts about the maintainability of this in the long run. Most PHP frameworks I have looked into use either the singleton pattern, or functions that access the initialized objects. Both fine approaches, but as I said I'm happy with neither. I would like to broaden my horizon on what is possible here and what others have done. I am looking for examples, additional ideas and pointers towards resources that discuss this from a long-term, real-world perspective. Also, I'm interested to hear about specialized, niche or plain weird approaches to the issue. Bounty I am following the popular vote in awarding the bounty, the answer which is probably also going to give me the most. Thank you for all your answers!

    Read the article

  • How to select all parent objects into DataContext using single LINQ query ?

    - by too
    I am looking for an answer to a specific problem of fetching whole LINQ object hierarchy using single SELECT. At first I was trying to fill as much LINQ objects as possible using LoadOptions, but AFAIK this method allows only single table to be linked in one query using LoadWith. So I have invented a solution to forcibly set all parent objects of entity which of list is to be fetched, although there is a problem of multiple SELECTS going to database - a single query results in two SELECTS with the same parameters in the same LINQ context. For this question I have simplified this query to popular invoice example: public static class Extensions { public static IEnumerable<T> ForEach<T>(this IEnumerable<T> collection, Action<T> func) { foreach(var c in collection) { func(c); } return collection; } } public IEnumerable<Entry> GetResults(AppDataContext context, int CustomerId) { return ( from entry in context.Entries join invoice in context.Invoices on entry.EntryInvoiceId equals invoice.InvoiceId join period in context.Periods on invoice.InvoicePeriodId equals period.PeriodId // LEFT OUTER JOIN, store is not mandatory join store in context.Stores on entry.EntryStoreId equals store.StoreId into condStore from store in condStore.DefaultIfEmpty() where (invoice.InvoiceCustomerId = CustomerId) orderby entry.EntryPrice descending select new { Entry = entry, Invoice = invoice, Period = period, Store = store } ).ForEach(x => { x.Entry.Invoice = Invoice; x.Invoice.Period = Period; x.Entry.Store = Store; } ).Select(x => x.Entry); } When calling this function and traversing through result set, for example: var entries = GetResults(this.Context); int withoutStore = 0; foreach(var k in entries) { if(k.EntryStoreId == null) withoutStore++; } the resulting query to database looks like (single result is fetched): SELECT [t0].[EntryId], [t0].[EntryInvoiceId], [t0].[EntryStoreId], [t0].[EntryProductId], [t0].[EntryQuantity], [t0].[EntryPrice], [t1].[InvoiceId], [t1].[InvoiceCustomerId], [t1].[InvoiceDate], [t1].[InvoicePeriodId], [t2].[PeriodId], [t2].[PeriodName], [t2].[PeriodDateFrom], [t4].[StoreId], [t4].[StoreName] FROM [Entry] AS [t0] INNER JOIN [Invoice] AS [t1] ON [t0].[EntryInvoiceId] = [t1].[InvoiceId] INNER JOIN [Period] AS [t2] ON [t2].[PeriodId] = [t1].[InvoicePeriodId] LEFT OUTER JOIN ( SELECT 1 AS [test], [t3].[StoreId], [t3].[StoreName] FROM [Store] AS [t3] ) AS [t4] ON [t4].[StoreId] = ([t0].[EntryStoreId]) WHERE (([t1].[InvoiceCustomerId]) = @p0) ORDER BY [t0].[InvoicePrice] DESC -- @p0: Input Int (Size = 0; Prec = 0; Scale = 0) [186] -- Context: SqlProvider(Sql2008) Model: AttributedMetaModel Build: 3.5.30729.1 SELECT [t0].[EntryId], [t0].[EntryInvoiceId], [t0].[EntryStoreId], [t0].[EntryProductId], [t0].[EntryQuantity], [t0].[EntryPrice], [t1].[InvoiceId], [t1].[InvoiceCustomerId], [t1].[InvoiceDate], [t1].[InvoicePeriodId], [t2].[PeriodId], [t2].[PeriodName], [t2].[PeriodDateFrom], [t4].[StoreId], [t4].[StoreName] FROM [Entry] AS [t0] INNER JOIN [Invoice] AS [t1] ON [t0].[EntryInvoiceId] = [t1].[InvoiceId] INNER JOIN [Period] AS [t2] ON [t2].[PeriodId] = [t1].[InvoicePeriodId] LEFT OUTER JOIN ( SELECT 1 AS [test], [t3].[StoreId], [t3].[StoreName] FROM [Store] AS [t3] ) AS [t4] ON [t4].[StoreId] = ([t0].[EntryStoreId]) WHERE (([t1].[InvoiceCustomerId]) = @p0) ORDER BY [t0].[InvoicePrice] DESC -- @p0: Input Int (Size = 0; Prec = 0; Scale = 0) [186] -- Context: SqlProvider(Sql2008) Model: AttributedMetaModel Build: 3.5.30729.1 The question is why there are two queries and how can I fetch LINQ objects without such hacks?

    Read the article

  • Best Python IDE for my situation

    - by ChrisC
    I want to write a database app in Python, using SQLite and wxPython. My only "experience" is 1 class on basic C++ console programming and OOP concepts. Which IDE would be best for my situation? In case it matters, I only need my new program to run on Windows, and I do want to make it "portable". Thank you.

    Read the article

  • Calculate time from timezones in php

    - by Ramya
    Hai I have the system with employees having different timezones in their profile. I would like to show the date according to their timezones specified. The GMT time zone values are placed in the database. could you guys help me

    Read the article

  • MySQL ODBC 3.51 Driver UTF-8 encoding

    - by kesava
    Currently I am migrating MSSQL to MYSQL.I am using the MySQL ODBC 3.51 driver to connect to mysql using odbc connectivity.I have telugu language charectors stored in the table.They are not showing properly while using the mysql odbc driver, but they are showing up properly while using the sqlserver odbc driver. Here is my connetion string Driver={MySQL ODBC 3.51 Driver};Server=localhost;Database=dbtest; User=user1;Password=mysql;Option=3;CharSet=utf8; Please suggest a solution to fix this.

    Read the article

  • Change asp message box header / title

    - by Jb Meris
    how can i change the title of my message box here is my code behind: string myStringVariable1 = string.Empty; myStringVariable1 = "Policy Number:" + " " + txtPolNo.Text.ToString() + " " + "with Issuance office:" + " " + dropIssOff.Text.ToString() + " " + "was not found on the database. Please make sure that your inputs are correct."; ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + myStringVariable1 + "');", true);

    Read the article

  • to take values of checkbox in table attributes

    - by mwj
    i have a database patient with 3-4 tables n each table has about 8 attributes.... i have a table medical history which has attribute additional info ... under which i have 5 checkboxes.... all the values entered are taken up except the chekbox values..... plz help

    Read the article

  • How do sites look up addresses from UK postcodes?

    - by ctford
    U.K. that require addresses often ask the user to provide a postcode. The site then offers the user a choice between the addresses that match that postcode. Where do these sites get the data to do this? Are there webservices that match postcodes to addresses? Do sites buy a database of addresses that they then query locally?

    Read the article

  • SQL Compact - Hang on invalid file

    - by eWolf
    I use Linq to Sql Compact with code generated by sqlmetal. When I open an invalid database, like eg an mp3, I can create the DataContext without getting an Exception. But when I query any data or call DatabaseExists, the application hangs. Why is no exception thrown? Is this a known problem?

    Read the article

  • How can one fetch partial objects in NHibernate?

    - by mark
    Dear ladies and sirs. I have an object O with 2 fields - A and B. How can I fetch O from the database so that only the field A is fetched? Of course, my real application has objects with many more fields, but two fields are enough to understand the principal. I am using NHibernate 2.1. Thanks.

    Read the article

  • Linq-to-SQL: how many datacontexts ?

    - by sh00
    I have a SQL Server 2008 database with 300 tables. The application I have to design is an Windows Forms app, .NET 3.5, C#. Which is the best way to work with Linq-to-SQL ? I intend to make a datacontext for each business entity. Is there any problem ? I need to know if this way of working with Linq-to-SQL has any disadvantage or can create performance issues ? Thanks.

    Read the article

  • Is there an automatic way to generate a rollback script when inserting data with LINQ2SQL?

    - by Jedidja
    Let's assume we have a bunch of LINQ2SQL InsertOnSubmit statements against a given DataContext. If the SubmitChanges call is successful, is there any way to automatically generate a list of SQL commands (or even LINQ2SQL statements) that would automatically undo everything that was submitted? It's like executing a rollback even though everything worked as expected. Note: The destination database will either be Oracle or SQL Server, so if there is specific functionality for both databases that will achieve this, I'm happy to use that as well.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 845 846 847 848 849 850 851 852 853 854 855 856  | Next Page >