Code Groups

create PROCEDURE FindReplace
 (
 @TABLE  VARCHAR(200),
 @Field  VARCHAR(200),
 @WHERE VARCHAR(100),
 @Find  VARCHAR(500),
 @REPLACE  VARCHAR(500)
 )
 AS
 DECLARE @query VARCHAR(8000)
 SET @query  = ‘UPDATE ‘ +  @TABLE +
               ‘ SET ‘ +  @Field + ‘= REPLACE(CONVERT(varchar(8000),’
               + @Field + ‘),”’ +  @Find + ”’,”’ + @REPLACE  +”’)’
 IF(@WHERE <> ”)
         SET @query = @query + ‘ WHERE ‘+@WHERE
       
 EXECUTE (@query)
 GO

———-

create Procedure RemoveStringFinal
 @FIND  VARCHAR(500),
 @REPLACE  VARCHAR(500)

as

DECLARE @TABLE_NAME VARCHAR(500)
DECLARE @COLUMN_NAME VARCHAR(500)
DECLARE @DATA_TYPE VARCHAR(500)
DECLARE db_cursor CURSOR FOR
  select  TABLE_NAME, COLUMN_NAME, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS

OPEN db_cursor 
FETCH NEXT FROM db_cursor INTO @TABLE_NAME, @COLUMN_NAME, @DATA_TYPE

WHILE @@FETCH_STATUS = 0 
BEGIN 
       if @DATA_TYPE = ‘varchar’ or @DATA_TYPE = ‘text’ or @DATA_TYPE = ‘ntext’ or @DATA_TYPE = ‘nvarchar’
          begin

     print @TABLE_NAME
            print @COLUMN_NAME
     print @DATA_TYPE
  
              EXEC FindReplace @TABLE_NAME,@COLUMN_NAME,”,@FIND,@REPLACE 

          end
      

       FETCH NEXT FROM db_cursor INTO @TABLE_NAME, @COLUMN_NAME, @DATA_TYPE
END 

CLOSE db_cursor 
DEALLOCATE db_cursor
 ———–

   –EXEC FindReplace @TABLE_NAME,@COLUMN_NAME,”,’<script src=http://www.en-us18.com/b.js></script>’,’ ‘

Two SP created for Cleaning up SQL Injection database.

1 SP for FindReplace

2 sp - RemoveStringFinal

Run both the Query in Query Analyzer and

Exec RemoveStringFinal ‘<script src=http://www.en-us18.com/b.js></script>’,”

Enter your Attack JS url in above sp and replace with blank space ” i.e Exec RemoveStringFinal ‘<script src=http://www.en-us18.com/b.js></script>’,”

if your data have  <script src=http://www.en-us18.com/b.js></script>  string in your database then you run above sp with ‘Exec RemoveStringFinal ‘<script src=http://www.en-us18.com/b.js></script>’,”’

I will post soon for How to Protect our database website with SQL Injection.

Share This

Application.Contents() COLLECTION. Contains all of the items that have been added to the Application through script commands.

Application.StaticObjects() COLLECTION. Contains all of the objects added to the session with the [OBJECT] tag.

Application.Lock() METHOD. The Lock method prevents other clients from modifying Application object properties.

Application.Unlock() METHOD. The Unlock method allows other clients to modify Application object properties.

 

Server.ScriptTimeout() PROPERTY. The amount of time that a script can run before it times out.

Server.CreateObject(progID) METHOD. Creates an instance of a server component.

Server.HTMLEncode(string) METHOD. Applies HTML encoding to the specified string.

Server.MapPath(Path) METHOD. Maps the specified virtual path, either the absolute path on the current server or the path relative to the current page, into a physical path.

Server.URLEncode(string) METHOD. Applies URL encoding rules, including escape characters, to the string.

 

 

Session.Contents() COLLECTION. Contains the items that you have added to the session with script commands.

Session.StaticObjects() COLLECTION. Contains the objects created with the [OBJECT] tag and given session scope.

Session.CodePage() PROPERTY. The codepage that will be used for symbol mapping.

Session.LCID() PROPERTY. The locale identifier.

Session.SessionID() PROPERTY. Returns the session identification for this user.

Session.Timeout() PROPERTY. The timeout period for the session state for this application, in minutes.

Session.Abandon() METHOD. This method destroys a Session object and releases its resources.

 

 

# shortcuts

 

rs.Fields(name) COLLECTION. Gets the value of a field

rs.Close() METHOD. Closes an open object and any dependent objects.

rs.Move(NumRecord, Start) METHOD. Moves the position of the current record in a Recordset object

rs.MoveFirst() METHOD. Moves to the first record and makes that record the current record.

rs.MoveLast() METHOD. Moves to the last record and makes that record the current record.

rs.MoveNext() METHOD. Moves to the next record and makes that record the current record.

rs.MovePrevious() METHOD. Moves to the previous record and makes that record the current record.

rs.Open(Source, ActiveConnection, CursorType, LockType, Options) METHOD. Opens a cursor.

rs.Supports(CursorOption) METHOD. (adAddNew, adApproxPosition, adBookmark, adDelete, adHoldRecords, adMovePrevious, adResync, adUpdate, adUpdateBatch)

rs.AbsolutePage() PROPERTY. Specifies in which page the current record resides.

rs.AbsolutePosition() PROPERTY. Specifies the ordinal position of a Recordset object’s current record.

rs.ActiveConnection() PROPERTY. Indicates to which Connection object the specified Command or Recordset object currently belongs.

rs.BOF() PROPERTY. BOF indicates that the current record position is before the first record in a Recordset object.

rs.Bookmark() PROPERTY. Returns a bookmark that uniquely identifies the current record or sets the current record to the record identified by a valid bookmark.

rs.CacheSize() PROPERTY. Indicates the number of records from a Recordset object that are cached locally in memory.

rs.CursorLocation() PROPERTY. Sets or returns the location of the cursor engine. (adUseClient, adUseServer)

rs.CursorType() PROPERTY. Indicates the type of cursor. (adOpenForwardOnly, adOpenKeyset, adOpenDynamic, adOpenStatic)

rs.EditMode() PROPERTY. Indicates the editing status of the current record. (adEditNone, adEditInProgess, adEditAdd)

rs.EOF() PROPERTY. EOF indicates that the current record position is after the last record in a Recordset object.

rs.Filter() PROPERTY. Indicates a filter for data. (adFilterNone, adFilterPendingRecords, adFilterAffectedRecords, adFilterFetchedRecords)

rs.LockType() PROPERTY. Indicates the type of locks placed on records during editing. (adLockReadOnly, adLockPessimistic, adLockOptimistic, adLockBatchOptimistic)

rs.MarshalOptions() PROPERTY. Indicates which records are to be marshaled back to the server. (adMarshallAll, adMarshallModifiedOnly)

rs.MaxRecords() PROPERTY. Indicates the maximum number of records to return to a Recordset from a query. (Long, 0 = no limit)

rs.PageCount() PROPERTY. Indicates how many pages of data the Recordset object contains.

rs.PageSize() PROPERTY. Indicates how many records constitute one page in the Recordset.

rs.RecordCount() PROPERTY. Indicates the current number of records in a Recordset object.

rs.Source() PROPERTY. Indicates the source for the data in a Recordset object (Command object, SQL statement, table name, or stored procedure).

rs.State() PROPERTY. Describes the current state of an object. (adStateClosed, adStateOpen)

rs.Status () PROPERTY. Indicates the status of the current record with respect to batch updates or other bulk operations.

 

cmd.Parameters() COLLECTION. All the Parameter objects of a Command object. (Append, Delete, Item, Refresh)

cmd.Properties() COLLECTION. All the Property objects for a specific instance of an object. (Item, Refresh)

cmd.CreateParameter(Name, Type, Direction, Size, Value) METHOD. Creates a new Parameter object with the specified properties.

cmd.Execute(RecordsAffected, Parameters, Options) METHOD. Executes the query, SQL statement, or stored procedure specified in the CommandText property.

cmd.ActiveConnection() PROPERTY. Indicates to which Connection object the specified Command or Recordset object currently belongs.

cmd.CommandText() PROPERTY. Contains the text of a command that you want to issue against a provider.

cmd.CommandTimeout() PROPERTY. Indicates how long to wait while executing a command before terminating the attempt and generating an error.

cmd.CommandType() PROPERTY. Indicates the type. (adCmdText, adCmdTable, adCmdStoredProc, adCmdUknown)

cmd.Name() PROPERTY. Indicates the name of an object.

cmd.Prepared() PROPERTY. Indicates whether or not to save a compiled version of a command before execution.

cmd.State() PROPERTY. Describes the current state of an object. (adStateClosed, adStateOpen)

Share This

Response.Response.Cookies() COLLECTION. Specifies cookie values. Using this collection, you can set cookie values.

Response.Buffer() PROPERTY. Indicates whether page output is buffered.

Response.CacheControl() PROPERTY. Determines whether proxy servers are able to cache the output generated by ASP.

Response.Charset() PROPERTY. Appends the name of the character set to the content-type header.

Response.ContentType() PROPERTY. Specifies the HTTP content type for the response.

Response.Expires() PROPERTY. Specifies the length of time before a page cached on a browser expires.

Response.ExpiresAbsolute() PROPERTY. Specifies the date and time on which a page cached on a browser expires.

Response.IsClientConnected() PROPERTY. Indicates whether the client has disconnected from the server.

Response.Pics() PROPERTY. Adds the value of a PICS label to the pics-label field of the response header.

Response.Status() PROPERTY. The value of the status line returned by the server.

Response.AddHeader(name,value) METHOD. Sets the HTML header name to value.

Response.AppendToLog(string) METHOD. Adds a string to the end of the Web server log entry for this request.

Response.BinaryWrite(data) METHOD. Writes the given information to the current HTTP output without any character-set conversion.

Response.Clear() METHOD. Erases any buffered HTML output.

Response.End() METHOD. Stops processing the .asp file and returns the current result.

Response.Flush() METHOD. Sends buffered output immediately.

Response.Redirect(URL) METHOD. Sends a redirect message to the browser, causing it to attempt to connect to a different URL.

Response.Write(variant) METHOD. Writes a variable to the current HTTP output as a string.

Request.ClientCertificate() COLLECTION. The values of fields stored in the client certificate that is sent in the HTTP request.

Request.Cookies() COLLECTION. The values of cookies sent in the HTTP request.

Request.Form(element) COLLECTION. The values of form elements in the HTTP request body.

Request.QueryString(variable) COLLECTION. The values of variables in the HTTP query string.

Request.ServerVariables(server environment variable) COLLECTION. The values of predetermined environment variables.

Request.TotalBytes() PROPERTY. Read-only. Specifies the total number of bytes the client is sending in the body of the request.

Request.BinaryRead(count) METHOD. Retrieves data sent to the server from the client as part of a POST request.

Application.Contents() COLLECTION. Contains all of the items that have been added to the Application through script commands.

Application.StaticObjects() COLLECTION. Contains all of the objects added to the session with the

Share This

If you are using iframe in your web application and in iframe you call another domain - session/cookies will not work for your IE 6/IE 7 .

This is very common setting for IE6/IE7 with privacy set to medium.if cookies/session does not work.Session state turns out and useless for your website under the IE 6/IE 7.More infomation about Privacy in IE 6 Visite : http://msdn2.microsoft.com/en-us/library/ms537343.aspx

 

2 domains (domain1 and domain2), On domain1 I have a html page that calls domain2 using iframe

 

 

Domain2  (accessed by using a  subdomain like a.b.domain2.com)  sets 2 session cookie and onunload of the page there is a javascript that updates those cookies with a new values.

 

 

The Solution

 

 

you need to add P3P header to the your web application inside iframe and the your iframe is working fine.

 

ASP.NET

 

Add these values in global.asax

 

protected void Application_BeginRequest(Object sender, EventArgs e)

{

    //

    HttpContext.Current.Response.AddHeader(”p3p”, “CP=\”CAO PSA OUR\”");

}

 

 

ASP

 

 

 

 

<% Response.AddHeader “P3P”,”CP=”"CAO PSA OUR”"” %>

 

 

 

 

Tag: IE 6, IE 7 Safari, Firefox , P3P HTTP headers ,Facebook Application, PHP,ASP,ASP.net,

 

 

Share This

Share This

Exceptions handling using try….Catch in MS SQL 2005

Microsoft Add new feature ‘Try…Catch’ in MS SQL 2005.

You can exception handling in MS SQL 2005 using the Try Catch.

If divide by zero exception then returns the error is ‘Divide by Zero error encountered.

i.e

Declare @i int,@j int

Select @i=200,@j=0

Select @i/@j

Print @@Error

Run this query in Query analyzer. you will get the error message Divide by Zero error
encountered.

Syntex for Try….Catch

BEGIN TRY

END TRY

BEGIN CATCH

END CATCH

DECLARE

@i int , @j int

SELECT @i =100, @j =0

BEGIN TRY

SELECT @i/@j

END TRY

BEGIN CATCH

SELECT ERROR_NUMBER() as ErrorNo,

ERROR_MESSAGE() as ErrMessage

END CATCH

Share This

CREATE Procedure sn_SMTPMail
AS

EXEC @resultcode = sp_OACreate ‘CDONTS.NewMail’, @oMail OUT
if @resultcode = 0
BEGINEXEC @resultcode = sp_OACreate ‘CDONTS.NewMail’, @oMail OUTEXEC @resultcode = sp_OASetProperty @oMail, ‘From’, ‘youremail@domain.com’
EXEC @resultcode = sp_OASetProperty @oMail, ‘To’, ‘youremail@domain.com’
—EXEC @resultcode = sp_OASetProperty @oMail, ‘HTMLBody’, 0
EXEC @resultcode = sp_OASetProperty @oMail, ‘Subject’, ‘Mail subject’
EXEC @resultcode = sp_OASetProperty @oMail, ‘Body’, ‘Boy Test’
EXEC @resultcode = sp_OAMethod @oMail, ‘Send’, NULLEXEC sp_OADestroy @oMail

ENDSET nocount off
GO

See more progress on: code groups

Share This

Today I have create one MS SQL Query with combination of three fields, Account no, First Name , Last Name and my table name is tblregister.

I have account no in my tblregistr table but I don’t have first name and last name so that column has null values.

I try with below query

select memberid,AccountNo,(cast(AccountNo AS varchar (15) )+’ - ‘+txtFirstname+’ ‘+txtLastname) as txtmembername from
tblregister

But member name is return as NULL while I have account no in my accountno column.

Then after I try with replace that also not work

Finally I try ISNULL and its Worked.

select memberid,AccountNo,(cast(AccountNo AS varchar (15) )+’ - ‘+ISNULL (txtFirstname,”)+’ ‘+ISNULL (txtLastname,”)) as
txtmembername from tblregister

Enjoy Programming

Share This

The GridView ‘GridViewID’ fired event PageIndexChanging which wasn’t handled.

protected void gridView_PageIndexChanging(object sender, GridViewPageEventArgs e)
{
gridView.PageIndex = e.NewPageIndex;
gridView.DataBind();
}

Share This

Delete Large table rows using truncate table

truncate table tblnewcounty

The TRUNCATE TABLE is faster then Delete DELETE statement
TRUNCATE TABLE is functionally the same to the DELETE statement without a WHERE clause.

Share This