mysql - sql injection - delete - get text
how can i take a response for table in the _get['ip']?
PHP Codes:
$ip=$_GET["ip"];
#Coded By Fatal -ICQ: fatal1
$sms = $db->query("SELECT * FROM sms", PDO::FETCH_ASSOC);
foreach($sms as $row1){
if($row1['sms'] == $ip){
echo 'sms';
$db->query("DELETE FROM sms WHERE sms='$ip'");
}
}
Database Tables:
-DATABASE
->EXAMPLE
-->TEXT
how can i get text? thx a lot.
See also questions close to this topic
-
Permission error with PHP 8 and Session Handler
Dears, I`m refracting old php code 4 to php 8, but I'm having some errors on Session Control. I implementing a SessionHandlerInterface, but I still having error when execute session write
Warning: file_put_contents(../sessions/sess_fc6a0b26f218654ca0f45493861fdf58): failed to open stream: Arquivo ou diretório inexistente in /home/pedro/htdocs/ypanel/session.controller.php on line 36
Warning: session_write_close(): Failed to write session data using user defined save handler. (session.save_path: ../sessions) in Unknown on line 0I'm using Lampp with Mysql on Debian.
Here my class
<?php header('Content-Type: application/json'); //========================================================================================= ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session')); //========================================================================================= session_save_path("../sessions"); //========================================================================================= error_reporting(2); //========================================================================================= class MySessionHandler implements SessionHandlerInterface { private $savePath; public function open($savePath, $sessionName) { // printf(file_exists($savePath)); // printf(is_dir($this->savePath).' dir'); $this->savePath = $savePath; if (!is_dir($this->savePath)) { chmod($this->savePath,0777); mkdir($this->savePath, 0777,true); } else printf('diretorio ja existe'); return true; } public function close() { return true; } public function read($id) { return (string)@file_get_contents("$this->savePath/sess_$id"); } public function write($id, $data) { return file_put_contents("$this->savePath/sess_$id", $data) === false ? false : true; } public function destroy($id) { $file = "$this->savePath/sess_$id"; if (file_exists($file)) { unlink($file); } return true; } public function gc($maxlifetime) { foreach (glob("$this->savePath/sess_*") as $file) { if (filemtime($file) + $maxlifetime < time() && file_exists($file)) { unlink($file); } } return true; } } $handler = new MySessionHandler(); session_set_save_handler($handler, true); session_start(); ?> -
Executing PowerShell Script from Server Using PHP
I have a PowerShell script hosted on a server. I am calling PowerShell script from Php as below:
<?php header('Content-Type: text/plain'); $csv = file_get_contents('http://domaincom/wp-content/uploads/csv-samples.csv'); echo $csv; shell_exec('pwsh -File http://domaincom/wp-content/uploads/pscript.ps1'); $psPath = "powershell.exe"; $psDIR = "http://domaincom/wp-content/uploads/"; $psScript = "pscript.ps1"; $runScript = $psDIR. $psScript; $runCMD = $psPath." ".$runScript." 2>&1"; echo "\$psPath $psPath <br>"; echo "\$psDIR $psDIR <br>"; echo "\$psScript $psScript <br>"; echo "\$runScript $runScript <br>"; echo "\$runCMD $runCMD <br>"; exec( $runCMD,$out,$ret); echo "<pre>"; print_r($out); print_r($ret); echo "</pre>"; ?>Script executes and I can see csv-samples.csv results in browser, but the powershell script doesn't execute. I get below message in browser:
Site,URL,Category Sitepoint,http://www.sitepoint.com/,Web development Html.it,http://www.html.it/,Web development Wamboo,http://www.wamboo.it/,Web development$psPath powershell.exe <br>$psDIR http://domaincom/wp- content/uploads/ <br>$psScript pscript.ps1 <br>$runScript http://domaincom/wp- content/uploads/pscript.ps1 <br>$runCMD powershell.exe http://domaincom/wp- content/uploads/pscript.ps1 2>&1 <br><pre>Array ( [0] => sh: 1: powershell.exe: not found ) 127</pre>Your help is very much appreciated.
Thank You.
-
mysql select query does not fetch columns
I am trying to log in with php and mysql using the post method, only that when I go to press submit the sql query cannot find the records that exist, and therefore cannot log in this is my code:
<?php session_start(); $hostname=""; $username=""; $password=""; $dbname=""; $conn = new mysqli($hostname,$username, $password, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); ?> <script> console.log("Connection to db failed");</script><? } $username = $_POST["username"]; $password = $_POST["password"]; $sql = "SELECT username, password FROM admin WHERE utente = '$username' AND password = '$password'"; if($result = $conn->query($sql)){ if($result->num_rows > 0) echo 'sei loggato!!!'; else echo 'non sei loggato!!!'; } ?>Could someone tell me what I'm doing wrong? (I did not use prepared statements because it is only a test)
-
Socket.io connection to different mySQL tables, Angular front end
I have an angular app that displays a table of data (mySQL database) and updates whenever anything is added to the database. I feel that I should add I'm very inexperienced, i know angular but trying to learn more about backened operations.
I'm using a websocket (socket.io) on a node.js server to achieve this. It works fine but I'd like to add a second unrelated table of data that will appear in a different part of my app. . Should I set up another websocket to achieve this? Or can one websocket interact with 2 different table in the one database.
All of the SQL queries are handled in the backend and look like this.
// Create MySQLEvents const instance = new MySQLEvents(connection, { startAtEnd: true // to record only new binary logs }); await instance.start(); instance.addTrigger({ name: 'Monitor all SQL Statements', expression: 'mydb.*', // listen to database statement: MySQLEvents.STATEMENTS.ALL, onEvent: e => { currentData = e.affectedRows; let newData; switch (e.type) { case "INSERT": database.table('products') .withFields(['id', 'title', 'quantity', 'price']) .sort({id: -1}) .getAll() .then(prods => { data = prods; io.sockets.emit('update', {prods: [...data]}); }) .catch(err => console.log(err)); .....My front end just accepts and displays the incoming data. I'd be unsure of how to add a second socket to it.
Here is my socket.service.ts in angular.
export class SocketService { constructor(private socket: Socket) { } getInitialData() { return this.createObserver('initial'); } getUpdatedData() { return this.createObserver('update'); } private createObserver(event: string) { return this.socket.fromEvent(event); }and here is the component.ts
export class DashboardComponent implements OnInit, OnDestroy { private subs: Subscription[] = []; localData: any[] = []; constructor(private socketService: SocketService) { } ngOnInit() { this.subs.push( this.socketService.getInitialData().subscribe((data: ServerResponse) => { this.localData = data.prods; }) ); this.subs.push( this.socketService.getUpdatedData().subscribe((data: ServerResponse) => { this.localData = data.prods; }) ); } ngOnDestroy() { this.subs.forEach(s => s.unsubscribe()); } } interface ServerResponse { prods: any[]; type?: string; }I just iterate over localData to display the table.
My ideal outcome would be to have the one websocket with multiple endpoints. I just don't know how to handle this with mySQL events.
Similarly if I had 2 completely separate websockets I'm unsure how to handle that on the angular side.
-
JDBC remote acces to mysql db
I've been using a local database for my java projet using wamp and MYSQL, everything worked fine. Recently i set up an AWS EC2 vm on windows server. Wamp and Mysql are installed on it.
i managed to give remote access to apache and mysql so i'm able to acces phpmyadmin, the db and interactif with it from an external computer through a brower using its address : http://15.188.65.36/phpmyadmin/
but when i change what i had before (for my local wamp) which worked fine
public static ResultSet execute(String requete) { Connection connexion; Statement stmt = null; ResultSet res = null; try { connexion = DriverManager.getConnection ("jdbc:mysql://localhost:3306/dbname","user","*********"); stmt = connexion.createStatement(); if(stmt.execute(requete)) { res = stmt.getResultSet(); } } catch (SQLException e) { System.out.println(e.getMessage()); } return res; }for
public static ResultSet execute(String requete) { Connection connexion; Statement stmt = null; ResultSet res = null; try { connexion = DriverManager.getConnection ("jdbc:mysql://15.188.65.36:3306/dbname","user","*********"); stmt = connexion.createStatement(); if(stmt.execute(requete)) { res = stmt.getResultSet(); } } catch (SQLException e) { System.out.println(e.getMessage()); } return res; }It's not working anymore, it seems that it can't connect, i receive this error :
Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.Thanks for helping
-
How do I denormalize an ER-D into reporting views for end users?
Link to ER-D: D2L ER-D Diagram for Competency
We have this data in an oracle database. It will go through IBM Framework Mangers which reflects all of the relationships in the ER-D, as well as add some security. Then it is available to our end users via Cognos, our reporting tool. I've been tasked with de-normalizing the data so that the end users see fewer reporting views/tables. For example, for this specific data set, the user currently sees all 6 competency related tables, along with 2 others (Users and Organizational Units). The goal is to make it easier for the end user by doing the joining together and instead of having 6 (or 8) tables, to have maybe 2 or 3 reporting views. I've never done this before, and assume that in creating the views, because none of them have zero cardinality (as in zero to many, one to zero or many, etc.) they are all inner joins. So first question, are these all inner joins? 2, Do I list columns that I want from each table, and then just join on the keys like this:
select a.Activityid, a.Orgunitid, a.ActivityName, etc. b.Userid, b.LeraningObjectid, etc. from ComptencyActivities a inner join CompetnecyActivityResults b on a.ActivityId = b.ActivityId and a.OrgUnitId = b.OrgUnitid3rd question, how do I figure out how many views to create? Would creating a single reporting view be an awful idea?
Also, I've done my best googling and have found sufficient advice on how to create ER-Ds and to normalize to a certain extent, but I'm having a hard time explaining how to de-normalize the data for reporting so any resources at all would be most appreciated. Thanks so much!
-
How to fetch SQL data using api and use that data in react-native-svg charts? I am having an API that I want to use to fetch data and display
I am fetching some data using an api. Inside that api there are SQL queries that are executed. I have api that will be used to fetch data or execute these queries. I want to know how can I replace my chart's static data with dynamic data that will be fetched from api.
Here is my
TabDashboardDetail.jswhere I am fetching title for all charts based on api data:import React from 'react'; import DefaultScrollView from '../components/default/DefaultScrollView'; import ChartView from '../components/default/ChartView'; import CogniAreaChart from '../components/CogniAreaChart'; import { areaChartData } from '../chartData'; const TabDashboardDetail = ({ navigation, route }) => { const tabsConfig = route.params.tabsConfig; return ( <DefaultScrollView> {tabsConfig.components.map((comp, index) => { return ( <ChartView key={index} title={comp.name}> <CogniAreaChart areaChartData={areaChartData} height={200} /> </ChartView> ); })} </DefaultScrollView> ); }; export default TabDashboardDetail;Here is my
CogniAreaChart.jswhich is chart file that is currently being rendered:/* eslint-disable react-native/no-inline-styles */ import React from 'react'; import { View } from 'react-native'; import { AreaChart, YAxis, XAxis } from 'react-native-svg-charts'; import * as shape from 'd3-shape'; const CogniAreaChart = ({ areaChartData, visibility, ...props }) => { const xAxis = areaChartData.message.map((item) => item[Object.keys(item)[0]]); const areaChartY1 = areaChartData.message.map( (item) => item[Object.keys(item)[1]], ); return ( <View style={{ height: props.height, flexDirection: 'row', }}> <YAxis data={areaChartY1} contentInset={{ marginBottom: 20 }} svg={{ fill: 'grey', fontSize: 12, }} /> <View style={{ flex: 1 }}> <AreaChart style={{ flex: 1 }} data={areaChartY1} contentInset={{ top: 20, bottom: 20 }} curve={shape.curveNatural} svg={{ fill: 'rgba(134, 65, 244, 0.8)' }} /> <XAxis style={{ height: 20 }} data={areaChartY1} formatLabel={(value, index) => xAxis[index]} contentInset={{ left: 30, right: 30 }} svg={{ fill: 'grey', fontSize: 12, rotation: 35, originY: 5, y: 15, }} /> </View> </View> ); }; export default CogniAreaChart;Here is areachartData that is currently being used in
CogniAreaChart.js:export const areaChartData = { message: [ { year: '2018', quantity: 241.01956823922, sales: 74834.12976954, }, { year: '2019', quantity: 288.57247706422, sales: 80022.3050176429, }, ], status: 'success', };I have the API that I will replace with the example if anyone suggests.
-
How do I store an array in a PSQL, where it is passed as a parameter $1 to the db query
I am passing a one-dimensional array of three strings to the function, it looks like this going in:
[ '#masprofundo', '#massensual', '#eclectic' ]The data column is declared thus:
tags TEXT []This is my function:
const query = `INSERT INTO posts (posted_at, message, link, tags) VALUES (TO_TIMESTAMP($1, 'DD/MM/YYYY HH24:MI'), $2, $3, ARRAY [$4]) RETURNING tags;`; const params = [timestamp, message, link, tags];Now, postgres believes I want to insert an array containing one item, which is a string of all the values in my tags array. It looks like this:
{ tags: [ '{"#masprofundo","#massensual","#eclectic"}' ] }What I want to know is, how do I prevent this behaviour, where postGres adds an unnecessary extra layer of quotation marks and parentheses? For further clarification; this is what the row looks like in my terminal.
{"{\"#masprofundo\",\"#massensual\",\"#eclectic\"}"}I have looked at the docs, and tried a dozen variations on ARRAY[$4]. From what I can see, the docs do not elaborate on inserting arrays as variables. Is there some destructuring that needs to happen? The arrays I pass will be of varying size, and sometimes empty.
Any help is much appreciated.
-
is this the proper way of using a prepared statement? and how do we test if our website is safe from hacking
$var = $_GET['id']; $sqlComment = "SELECT comment, commentTime, commenterId FROM comments WHERE commentOn = ? LIMIT 10"; $stmtComment = mysqli_stmt_init($conn); if (mysqli_stmt_prepare($stmtComment, $sqlComment)) { mysqli_stmt_bind_param($stmtComment, "i", $var); mysqli_stmt_execute($stmtComment);and how do I check it if it is safe from sql injection, also is there any more security detail I need to be aware of other than sql injection because I only seem to find sql injection articles/tutorials and not much else
-
php single qoute
Hi i have two parameters name and idLesson as the picture shown below we have two parameters filterd by mysqli_real_escape when i add single qoute to the name var the error of sql shown in the page on the other hand the idLesson not affected by sql injecton
-
SQL Injection: Union Statement over Input Field
I have a data table with first and last name, as additional tax id.
The Input Field uses the last name in order to run the query. The schema is:
SELECT first_name, last_name, steuer_id FROM kunden WHERE last_name LIKE '$name'Could I somehow read out all data tables for this with a sql injection? With UNION or somehow?
The user shall see the full name and id, but his password is also saved in the same table.
