how to prevent SQL injection

SQL Injection Attacks and Some Tips
http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx

' UNION SELECT name, type, id FROM sysobjects;--
- the initial apostrophe closes the opening quote in the original SQL statement.
- the two dashes at the end starts a comment, which means that anything left in the original SQL statement is ignored.

SQL Injection
http://en.wikipedia.org/wiki/SQL_injection

' or '1'='1
' or '1'='1' -- '
' or '1'='1' ({ '
' or '1'='1' /* '


If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of '1'='1' is always true.

http://www.wwwcoder.com/main/parentid/258/site/2966/68/default.aspx

PHP mail()

No email was sent

1. check if sendmail server is running

[root]# service sendmail status

Configuring Linux Mail Servers

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch21_:_Configuring_Linux_Mail_Servers#Starting_Sendmail

Prevent Cross Site Scripting

1. HTML and JavaScript
http://www.codeproject.com/KB/web-security/Security_HTML_Injection.aspx

2. PHP: Preventing typical XSS attacks
http://chriscook.me/web-development/php-preventing-typical-xss-attacks/

3.  15 PHP regular expressions for web developers
http://www.catswhocode.com/blog/15-php-regular-expressions-for-web-developers

4. XSS (Cross Site Scripting) Prevention Cheat Sheet
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#Why_Can.27t_I_Just_HTML_Entity_Encode_Untrusted_Data.3F

5. PHP Regular Expression
http://php-regex.blogspot.com/2008/01/introduction-to-regular-expressions-in.html

6. Using Regular Expressions with PHP
http://www.webcheatsheet.com/php/regular_expressions.php

7. Regular Expression Basic Syntax Reference
http://www.regular-expressions.info/reference.html

8. Using a Regular Expression to Match HTML
http://haacked.com/archive/2004/10/25/usingregularexpressionstomatchhtml.aspx

9 Ultimate Regular Expression for HTML tag parsing with PHP
http://kevin.deldycke.com/2007/03/ultimate-regular-expression-for-html-tag-parsing-with-php/


Literal Text:
- The characters that match themselves are called literals

Metacharacter:

• backslash  \  :
• caret  ^  :  at the beginning of a regular expression indicates that it must match the beginning of the string
• dollar sign  $ : match strings that end with the given pattern.
• period or dot  .  : matches any single character except newline (\). e.g. the pattern h.t matches hat, hothit, hut, h7t, etc
• vertical bar or pipe symbol  |  : is used for alternatives in a regular expression.
• question mark  ?   : 
• asterisk or star  *  :
• plus sign  +  :
• square bracket  [   ]  :
• round bracket  (  )  :
• brace  {   } :

If you want to match a literal metacharacter in a pattern, you have to escape it with a backslash.

[agk]    matches any one a, g, or k
[a-z]    matches any one character from a to z
[^z]     matches any character other than z
[\\(\\)] matches ( or ) (in javascript, the escape slash must be escaped!)

.        any character except \n
\w       any word character, same as [a-zA-Z0-9_]
\W       any non-word character
\s       any whitespace character, same as [ \t\n\r\f\v]
\S       any non-whitespace character
\d       any digit
\D       any non-digit

\/       literal /
\\       literal \
\.       literal .
\*       literal *
\+       literal +
\?       literal ?
\|       literal |
\(       literal (
\)       literal )
\[       literal [
\]       literal ]

\-       the - must be escaped inside brackets: [a-z0-9 _.\-\?!]

{n,m}    match previous item n to m times
{n,}     match previous item n or more times
{n}      match exactly n times
?        match zero or once, same as {0,1}, also makes + and * "lazy"
+        match one or more
*        match zero or more

|        or
(x|y)    match x or y, inclusive (all x and y will be replaced)
( )      grouping and reference
\1       reference to first grouping, used in the expression
$1       reference to first grouping, used in the replacement string
$$       literal $ used in the replacement string

^        anchor to the beginning of the string
$        anchor to the end of the string
\b       match a word boundary (does not include the boundary)
\B       match a non word boundary (does not include the boundary) 

q(?=u)   match q only before u (does not match the u)
q(?!u)   match q except before u 

i        case-insensitive search, used like /expression/i
g        global replacement, used like /expression/g 

Enable GD on Linux

1. install
yum install php-gd

2. restart service
/etc/init.d/httpd restart

Install Linux on Window 7 using Virtual Box

1. Download and Install Virtual Box
http://www.virtualbox.org/wiki/Downloads

VirtualBox 4.0.10 for Windows hosts x86/amd64

2. Create New Virtual Machine
Linux Fedora
Memory 1024MB
Hard Disk 8G

3. Start Virtual Machine
Auto Capture keyboard: capture the keyboard every time VM window is activated and unavailable to other applications

Host key to uncapture: Right Ctrl

Problem1: FATAL: NO bootable medium found! System halted.
Solution1:
When you first create a Virtual Machine with VirtualBox, there is no OS installed on the HD image. You have to have the VM mount a bootable ISO image to install the OS from.

Download Fedora disk image, create a folder C:/Fedora
CD/DVD device, select the disk image.

Problem2: GNOME 3 Failed to Load (graphics hardware or driver is not capable of delivering the full GNOME 3 experience.

Install Apache and PHP on Win 7

Install Apache on Windows 7 - how to
http://www.webdevelopersnotes.com/how-do-i/install-apache-windows-7.php


1.Go to the Apache download page.
Click on Win32 Binary without crypto (no mod_ssl) (MSI Installer) file
apache_2.2.14-win32-x86-no_ssl.msi

2. Download and Install

3. Test in browser http://localhost/


MySQL on Windows 7 64 bit – Installation with Apache and PHP
http://www.webdevelopersnotes.com/blog/mysql-windows-7-64bit-installation-with-apache-and-php/

Install PHP on Windows 7
http://www.webdevelopersnotes.com/how-do-i/install-PHP-windows-7.php

How to Install PHP 5.3 on Windows
http://www.sitepoint.com/install-php53-windows/

1. Go to PHP Download Page

which one to choose?

http://www.websiteadministrator.com.au/articles/install_guides/installing_php535_pg2.html

A Thread Safe version should be used if you install PHP as an Apache module. The Non Thread Safe version should be used if you install PHP as a CGI binary.

Download the VC6 builds if you are using the standard Apache.org web server. The VC9 builds should be used for the Apache Lounge binaries or IIS.

Clean Computer

1. Delete Stored Password in Firefox
1) In Firefox click Tools > Options.
2) Click Security at the top.
3) Click the Show Passwords button.
4) Find the web site you wish to remove in the list. Click/highlight it with your mouse.
5) Click Remove and click Close then OK when you are finished.