MySQL: Querying and Using Form Data

Size: px
Start display at page:

Download "MySQL: Querying and Using Form Data"

Transcription

1 MySQL: Querying and Using Form Data CISC 282 November 15, 2017 Preparing Data $mysqli >real_escape_string($datavalue); Requires a $mysqli object Functional version mysqli_real_escape_string( ) does not Escapes (manages) MySQL special characters e.g., \n, ', " Returns the prepared string Does not prevent injection attacks We'll see how to do that shortly 2

2 Introduction to Querying Must query the database using MySQLi to get data MySQLi returns a mysqli_result object The object can access the data in several forms Data is typically fetched one row at a time Ask repeatedly until no more rows remain Enumerate through the data Why is this method used? Query results may contain millions of entries Far too large to store in a single data structure 3 Some mysqli_result Methods Function fetch_assoc() fetch_row() fetch_array( $resulttype = MYSQLI_BOTH) fetch_object() free() or close() Return Value An associative array containing a row's value(s) An array with numeric indicies containing a row's value(s) An associative array, an array with numeric indicies, or a combination of both, containing a row's value(s) An object with properties named after a row's attribute(s) and containing a row's value(s) Frees the memory used for the mysqli_result object once all the rows have been fetched 4

3 Query Basics if ($result = $mysqli >query("mysqlquery")) { while ($row = $result >fetch_type()) {... $result >free(); MySQLQuery is formatted like any other query on the MySQL command line Returns a mysqli_result object if there was no error Returns FALSE otherwise 5 Query Basics if ($result = $mysqli >query("mysqlquery")) { while ($row = $result >fetch_type()) {... $result >free(); Double-quotes are generally used for MySQLQuery Provide interpreted strings e.g., "SELECT $attr1, $attr2 FROM $tablename;" Naturally allows single-quotes around string values e.g., "SELECT * FROM shows WHERE name LIKE '$var';" 6

4 Prepared Statements A different approach to executing queries Create a query with the basic structure e.g., keywords, constants Prepare the statement for execution Bind the values in the query to variables e.g., form data Execute the statement Bind the results from the query to variables Alternative to fetching data in arrays 7 Prepared Statements Why use this approach instead of query? Can easily execute same query with different values e.g., inserting multiple rows into the same table Maintains data types Using query requires and returns strings Binding keeps the type Especially useful for return values Prevents MySQL injection attacks the query function simply executes its argument Could include something malicious Preparing executes one statement with specific values 8

5 Using Prepared Statements $resultvarname = NULL; if ($stmt = $mysqli >prepare("select attr1, FROM tablename WHERE predattr=?")) { $stmt >bind_param("s", $predattrvarname); $stmt >execute(); $stmt >bind_result($attr1varname); while ($stmt >fetch()) { $stmt >close(); 9 prepare if ($stmt = $mysqli >prepare("select attr1, FROM tablename WHERE predattr=?")) Argument is a statement including question marks These will be replaced later on Return value is a mysqli_stmt object FALSE if there was an error Check $mysqli >errno and $mysqli >error 10

6 bind_param $stmt >bind_param("type1 ", $predattrvarname, ); First argument is a string list of types s for strings, i for integers, etc. Lists the types of the values in the rest of the arguments Remaining arguments are variables containing values These are bound to the?s in the statement in order Return value is TRUE if successful FALSE if there was an error Check $stmt >errno and $stmt >error 11 execute and bind_result $stmt >execute(); $stmt >bind_result($attr1varname,...); execute returns TRUE/FALSE if success/failure bind_result arguments are variables to contain values These are bound to the attributes in the statement in order bind_result returns TRUE/FALSE if success/failure 12

7 fetch and close while ($stmt >fetch()) { $stmt >close(); fetch sets the values for the bound result variables Returns TRUE if successful, FALSE on error and NULL if no data remains close returns TRUE/FALSE if success/failure 13

Development Technologies. Agenda: phpmyadmin 2/20/2016. phpmyadmin MySQLi. Before you can put your data into a table, that table should exist.

Development Technologies. Agenda: phpmyadmin 2/20/2016. phpmyadmin MySQLi. Before you can put your data into a table, that table should exist. CIT 736: Internet and Web Development Technologies Lecture 10 Dr. Lupiana, DM FCIM, Institute of Finance Management Semester 1, 2016 Agenda: phpmyadmin MySQLi phpmyadmin Before you can put your data into

More information

CHAPTER 10. Connecting to Databases within PHP

CHAPTER 10. Connecting to Databases within PHP CHAPTER 10 Connecting to Databases within PHP CHAPTER OBJECTIVES Get a connection to a MySQL database from within PHP Use a particular database Send a query to the database Parse the query results Check

More information

Lecture 13: MySQL and PHP. Monday, March 26, 2018

Lecture 13: MySQL and PHP. Monday, March 26, 2018 Lecture 13: MySQL and PHP Monday, March 26, 2018 MySQL The Old Way In older versions of PHP, we typically used functions that started with mysql_ that did not belong to a class For example: o o o o mysql_connect()

More information

CSCI-UA: Database Design & Web Implementation. Professor Evan Sandhaus

CSCI-UA: Database Design & Web Implementation. Professor Evan Sandhaus CSCI-UA:0060-02 Database Design & Web Implementation Professor Evan Sandhaus sandhaus@cs.nyu.edu evan@nytimes.com Lecture #28: This is the end - the only end my friends. Database Design and Web Implementation

More information

CSC 405 Computer Security. Web Security

CSC 405 Computer Security. Web Security CSC 405 Computer Security Web Security Alexandros Kapravelos akaprav@ncsu.edu (Derived from slides by Giovanni Vigna and Adam Doupe) 1 source: https://xkcd.com/327/ 2 source: https://xkcd.com/327/ 3 source:

More information

COMP284 Scripting Languages Lecture 13: PHP (Part 5) Handouts

COMP284 Scripting Languages Lecture 13: PHP (Part 5) Handouts COMP284 Scripting Languages Lecture 13: PHP (Part 5) Handouts Ullrich Hustadt Department of Computer Science School of Electrical Engineering, Electronics, and Computer Science University of Liverpool

More information

CSCE 548 Building Secure Software SQL Injection Attack

CSCE 548 Building Secure Software SQL Injection Attack CSCE 548 Building Secure Software SQL Injection Attack Professor Lisa Luo Spring 2018 Previous class DirtyCOW is a special type of race condition problem It is related to memory mapping We learned how

More information

School of Information and Computer Technology Sirindhorn International Institute of Technology Thammasat University

School of Information and Computer Technology Sirindhorn International Institute of Technology Thammasat University School of Information and Computer Technology Sirindhorn International Institute of Technology Thammasat University ITS331 Information Technology Laboratory I Laboratory #8: PHP & Form Processing II Objective:

More information

Server-side web security (part 2 - attacks and defences)

Server-side web security (part 2 - attacks and defences) Server-side web security (part 2 - attacks and defences) Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Basic injections $query = "SELECT name, lastname,

More information

Chapters 10 & 11 PHP AND MYSQL

Chapters 10 & 11 PHP AND MYSQL Chapters 10 & 11 PHP AND MYSQL Getting Started The database for a Web app would be created before accessing it from the web. Complete the design and create the tables independently. Use phpmyadmin, for

More information

This lecture. PHP tags

This lecture. PHP tags This lecture Databases I This covers the (absolute) basics of and how to connect to a database using MDB2. (GF Royle 2006-8, N Spadaccini 2008) I 1 / 24 (GF Royle 2006-8, N Spadaccini 2008) I 2 / 24 What

More information

Databases PHP I. (GF Royle, N Spadaccini ) PHP I 1 / 24

Databases PHP I. (GF Royle, N Spadaccini ) PHP I 1 / 24 Databases PHP I (GF Royle, N Spadaccini 2006-2010) PHP I 1 / 24 This lecture This covers the (absolute) basics of PHP and how to connect to a database using MDB2. (GF Royle, N Spadaccini 2006-2010) PHP

More information

Chapter 7 PHP Files & MySQL Databases

Chapter 7 PHP Files & MySQL Databases Chapter 7 PHP Files & MySQL Databases At the end of the previous chapter, a simple calendar was displayed with an appointment. This demonstrated again how forms can be used to pass data from one page to

More information

Overview of MySQL Structure and Syntax [2]

Overview of MySQL Structure and Syntax [2] PHP PHP MySQL Database Overview of MySQL Structure and Syntax [2] MySQL is a relational database system, which basically means that it can store bits of information in separate areas and link those areas

More information

MySQL: Access Via PHP

MySQL: Access Via PHP MySQL: Access Via PHP CISC 282 November 15, 2017 phpmyadmin: Login http://cisc282.caslab. queensu.ca/phpmyadmin/ Use your NetID and CISC 282 password to log in 2 phpmyadmin: Select DB Clicking on this

More information

A SQL Injection : Internal Investigation of Injection, Detection and Prevention of SQL Injection Attacks

A SQL Injection : Internal Investigation of Injection, Detection and Prevention of SQL Injection Attacks A SQL Injection : Internal Investigation of Injection, Detection and Prevention of SQL Injection Attacks Abhay K. Kolhe Faculty, Dept. Of Computer Engineering MPSTME, NMIMS Mumbai, India Pratik Adhikari

More information

SQL Injection Attack Lab

SQL Injection Attack Lab SEED Labs SQL Injection Attack Lab 1 SQL Injection Attack Lab Copyright 2006-2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation

More information

I n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:

I n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures: This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web

More information

A1 (Part 2): Injection SQL Injection

A1 (Part 2): Injection SQL Injection A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Firewall Firewall Accounts

More information

Options. Real SQL Programming 1. Stored Procedures. Embedded SQL

Options. Real SQL Programming 1. Stored Procedures. Embedded SQL Real 1 Options We have seen only how SQL is used at the generic query interface an environment where we sit at a terminal and ask queries of a database. Reality is almost always different: conventional

More information

PHP Querying. Lecture 21. Robb T. Koether. Hampden-Sydney College. Fri, Mar 2, 2018

PHP Querying. Lecture 21. Robb T. Koether. Hampden-Sydney College. Fri, Mar 2, 2018 PHP Querying Lecture 21 Robb T. Koether Hampden-Sydney College Fri, Mar 2, 2018 Robb T. Koether (Hampden-Sydney College) PHP Querying Fri, Mar 2, 2018 1 / 32 1 Connect to the Database 2 Querying the Database

More information

Prepared Statement. Always be prepared

Prepared Statement. Always be prepared Prepared Statement Always be prepared The problem with ordinary Statement The ordinary Statement was open to SQL injections if fed malicious data. What would the proper response to that be? Filter all

More information

2017 Politecnico di Torino 1

2017 Politecnico di Torino 1 SQL for the applications Call Level Interface Requests are sent to the DBMS through functions of the host language solution based on predefined interfaces API, Application Programming Interface SQL instructions

More information

2017 Politecnico di Torino 1

2017 Politecnico di Torino 1 SQL for the applications Call Level Interface Requests are sent to the DBMS through functions of the host language solution based on predefined interfaces API, Application Programming Interface SQL instructions

More information

Professional PHP for working with MySQL

Professional PHP for working with MySQL Chapter 19 Professional PHP for working with MySQL PDO (PHP Data Objects) Pros Is included with PHP 5.1 and later and available for 5.0. Provides an object-oriented interface. Provides a consistent interface

More information

Objectives. Chapter 10. Developing Object-Oriented PHP. Introduction to Object-Oriented Programming

Objectives. Chapter 10. Developing Object-Oriented PHP. Introduction to Object-Oriented Programming Chapter 10 Developing Object-Oriented PHP PHP Programming with MySQL 2 nd Edition Objectives In this chapter, you will: Study object-oriented programming concepts Use objects in PHP scripts Declare data

More information

Comp 519: Web Programming Autumn 2015

Comp 519: Web Programming Autumn 2015 Comp 519: Web Programming Autumn 2015 Advanced SQL and PHP Advanced queries Querying more than one table Searching tables to find information Aliasing tables PHP functions for using query results Using

More information

Database-Connection Libraries. Java Database Connectivity PHP

Database-Connection Libraries. Java Database Connectivity PHP Database-Connection Libraries Call-Level Interface Java Database Connectivity PHP 1 An Aside: SQL Injection SQL queries are often constructed by programs. These queries may take constants from user input.

More information

WEB SECURITY: SQL INJECTION

WEB SECURITY: SQL INJECTION WEB SECURITY: SQL INJECTION CMSC 414 FEB 15 2018 A very basic web architecture Client Server A very basic web architecture Client Server A very basic web architecture Client Server A very basic web architecture

More information

CSE361 Web Security. Attacks against the server-side of web applications. Nick Nikiforakis

CSE361 Web Security. Attacks against the server-side of web applications. Nick Nikiforakis CSE361 Web Security Attacks against the server-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Threat model In these scenarios: The server is benign The client is malicious The client

More information

Database Programming with PL/SQL

Database Programming with PL/SQL Database Programming with PL/SQL 12-1 Objectives This lesson covers the following objectives: Recall the stages through which all SQL statements pass Describe the reasons for using dynamic SQL to create

More information

php works 2006 in Toronto Lukas Kahwe Smith

php works 2006 in Toronto Lukas Kahwe Smith Building Portable Database Applications php works 2006 in Toronto Lukas Kahwe Smith smith@pooteeweet.org Agenda: Overview Introduction ext/pdo PEAR::MDB2 ORM and ActiveRecord SQL Syntax Result Sets High

More information

SQL User Defined Code. Kathleen Durant CS 3200

SQL User Defined Code. Kathleen Durant CS 3200 SQL User Defined Code Kathleen Durant CS 3200 1 User Session Objects Literals Text single quoted strings Numbers Database objects: databases, tables, fields, procedures and functions Can set a default

More information

Web Security. Attacks on Servers 11/6/2017 1

Web Security. Attacks on Servers 11/6/2017 1 Web Security Attacks on Servers 11/6/2017 1 Server side Scripting Javascript code is executed on the client side on a user s web browser Server side code is executed on the server side. The server side

More information

SQL Injection SPRING 2018: GANG WANG

SQL Injection SPRING 2018: GANG WANG SQL Injection SPRING 2018: GANG WANG SQL Injection Another reason to validate user input data Slides credit to Neil Daswani and Adam Doupé 2 3 http://xkcd.com/327/ Produce More Secure Code Operating system

More information

Databases and MySQL: The Basics

Databases and MySQL: The Basics Databases and MySQL: The Basics CISC 282 November 8, 2017 Definitions Database "Collection of related facts" (Pat Martin, CISC 332) Organized data set Used for large quantities of information Relational

More information

Database Systems Fundamentals

Database Systems Fundamentals Database Systems Fundamentals Using PHP Language Arman Malekzade Amirkabir University of Technology (Tehran Polytechnic) Notice: The class is held under the supervision of Dr.Shiri github.com/arman-malekzade

More information

Server side scripting and databases

Server side scripting and databases Example table Server side scripting and databases student How Web Applications interact with server side databases - part 2 student kuid lastname money char char int student table Connecting and using

More information

CSC Web Programming. Introduction to SQL

CSC Web Programming. Introduction to SQL CSC 242 - Web Programming Introduction to SQL SQL Statements Data Definition Language CREATE ALTER DROP Data Manipulation Language INSERT UPDATE DELETE Data Query Language SELECT SQL statements end with

More information

Chapter 10: MySQL & PHP. PHP and MySQL CIS 86 Mission College

Chapter 10: MySQL & PHP. PHP and MySQL CIS 86 Mission College Chapter 10: MySQL & PHP PHP and MySQL CIS 86 Mission College Tonight s agenda Drop the class? Login file Connecting to a MySQL database Object-oriented PHP Executing a query Fetching a result Fetching

More information

Database-Connection Libraries

Database-Connection Libraries Database-Connection Libraries CALL-LEVEL INTERFACE JAVA DATABASE CONNECTIVITY PHP PEAR/DB 1 An Aside: SQL Injection SQL queries are often constructed by programs. These queries may take constants from

More information

Caffeinated Crash Course in PHP

Caffeinated Crash Course in PHP Caffeinated Crash Course in PHP SIPB IAP 2009 Instructor: Steve Levine (MIT '11) http://sipb-iap.scripts.mit.edu/2009/cccphp/ sipb-iap-caffeinatedphp@mit.edu (or, just sjlevine@mit.edu) Slide 1 About This

More information

This lab will introduce you to MySQL. Begin by logging into the class web server via SSH Secure Shell Client

This lab will introduce you to MySQL. Begin by logging into the class web server via SSH Secure Shell Client Lab 2.0 - MySQL CISC3140, Fall 2011 DUE: Oct. 6th (Part 1 only) Part 1 1. Getting started This lab will introduce you to MySQL. Begin by logging into the class web server via SSH Secure Shell Client host

More information

PHP and MySQL Programming

PHP and MySQL Programming PHP and MySQL Programming Course PHP - 5 Days - Instructor-led - Hands on Introduction PHP and MySQL are two of today s most popular, open-source tools for server-side web programming. In this five day,

More information

A Crash Course in PDO

A Crash Course in PDO PDO (PHP Data Objects) provides a vendor-neutral method of accessing a database through PHP. This means that, once you have established a connection to the specific database, the methods used to access

More information

Introduction to C++ Introduction. Structure of a C++ Program. Structure of a C++ Program. C++ widely-used general-purpose programming language

Introduction to C++ Introduction. Structure of a C++ Program. Structure of a C++ Program. C++ widely-used general-purpose programming language Introduction C++ widely-used general-purpose programming language procedural and object-oriented support strong support created by Bjarne Stroustrup starting in 1979 based on C Introduction to C++ also

More information

Introduction to C++ with content from

Introduction to C++ with content from Introduction to C++ with content from www.cplusplus.com 2 Introduction C++ widely-used general-purpose programming language procedural and object-oriented support strong support created by Bjarne Stroustrup

More information

SQL: Data Sub Language

SQL: Data Sub Language SQL: Data Sub Language SQL used with regular Language SQL used to deal with the database Stores/Updates data Retrieves data Regular language deals with other aspects of the program: Makes beautiful web

More information

Crate Shell. Release

Crate Shell. Release Crate Shell Release Jul 10, 2017 Contents 1 Installation & Usage 3 1.1 Limitations................................................ 5 2 Command Line Arguments 7 2.1 Example Usage..............................................

More information

Computer Science 21b (Spring Term, 2015) Structure and Interpretation of Computer Programs. Lexical addressing

Computer Science 21b (Spring Term, 2015) Structure and Interpretation of Computer Programs. Lexical addressing Computer Science 21b (Spring Term, 2015) Structure and Interpretation of Computer Programs Lexical addressing The difference between a interpreter and a compiler is really two points on a spectrum of possible

More information

The SPL Programming Language Reference Manual

The SPL Programming Language Reference Manual The SPL Programming Language Reference Manual Leonidas Fegaras University of Texas at Arlington Arlington, TX 76019 fegaras@cse.uta.edu February 27, 2018 1 Introduction The SPL language is a Small Programming

More information

Web Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le

Web Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le Web Security Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le Topics Web Architecture Parameter Tampering Local File Inclusion SQL Injection XSS Web Architecture Web Request Structure Web Request Structure

More information

Daniel Pittman October 17, 2011

Daniel Pittman October 17, 2011 Daniel Pittman October 17, 2011 SELECT target-list FROM relation-list WHERE qualification target-list A list of attributes of relations in relation-list relation-list A list of relation names qualification

More information

pysqlw Documentation Release plausibility

pysqlw Documentation Release plausibility pysqlw Documentation Release 1.3.0 plausibility January 26, 2013 CONTENTS 1 Documentation 3 1.1 Usage................................................... 3 1.2 pysqlw wrappers.............................................

More information

PHP INTERVIEW QUESTION-ANSWERS

PHP INTERVIEW QUESTION-ANSWERS 1. What is PHP? PHP (recursive acronym for PHP: Hypertext Preprocessor) is the most widely used open source scripting language, majorly used for web-development and application development and can be embedded

More information

XQ: An XML Query Language Language Reference Manual

XQ: An XML Query Language Language Reference Manual XQ: An XML Query Language Language Reference Manual Kin Ng kn2006@columbia.edu 1. Introduction XQ is a query language for XML documents. This language enables programmers to express queries in a few simple

More information

Read this before starting!

Read this before starting! Portion of test Points possible Written: 60 Code Modification: 20 Debug/Coding: 20 Total: 100 Points missed Points correct Student's Name: East Tennessee State University Department of Computer and Information

More information

A Brief Introduction to Scheme (II)

A Brief Introduction to Scheme (II) A Brief Introduction to Scheme (II) Philip W. L. Fong pwlfong@cs.uregina.ca Department of Computer Science University of Regina Regina, Saskatchewan, Canada Lists Scheme II p.1/29 Lists Aggregate data

More information

PERL DATABASE ACCESS

PERL DATABASE ACCESS http://www.tutialspoint.com/perl/perl_database.htm PERL DATABASE ACCESS Copyright tutialspoint.com This tutial will teach you how to access a database inside your Perl script. Starting from Perl 5 it has

More information

CSCI/CMPE Object-Oriented Programming in Java JDBC. Dongchul Kim. Department of Computer Science University of Texas Rio Grande Valley

CSCI/CMPE Object-Oriented Programming in Java JDBC. Dongchul Kim. Department of Computer Science University of Texas Rio Grande Valley CSCI/CMPE 3326 Object-Oriented Programming in Java JDBC Dongchul Kim Department of Computer Science University of Texas Rio Grande Valley Introduction to Database Management Systems Storing data in traditional

More information

A Crash Course in Perl5

A Crash Course in Perl5 z e e g e e s o f t w a r e A Crash Course in Perl5 Part 8: Database access in Perl Zeegee Software Inc. http://www.zeegee.com/ Terms and Conditions These slides are Copyright 2008 by Zeegee Software Inc.

More information

Python in 10 (50) minutes

Python in 10 (50) minutes Python in 10 (50) minutes https://www.stavros.io/tutorials/python/ Python for Microcontrollers Getting started with MicroPython Donald Norris, McGrawHill (2017) Python is strongly typed (i.e. types are

More information

Injection vulnerabilities: command injection and SQL injection

Injection vulnerabilities: command injection and SQL injection Injection vulnerabilities: command injection and SQL injection Questões de Segurança em Engenharia de Software (QSES) Departamento de Ciência de Computadores Faculdade de Ciências da Universidade do Porto

More information

Web Application Development (WAD) V th Sem BBAITM (Unit 4) By: Binit Patel

Web Application Development (WAD) V th Sem BBAITM (Unit 4) By: Binit Patel Web Application Development (WAD) V th Sem BBAITM (Unit 4) By: Binit Patel Working with Forms: A very popular way to make a web site interactive is using HTML based forms by the site. Using HTML forms,

More information

NCSS: Databases and SQL

NCSS: Databases and SQL NCSS: Databases and SQL Tim Dawborn Lecture 1, January, 2016 Motivation SQLite SELECT WHERE JOIN Tips 2 Outline 1 Motivation 2 SQLite 3 Searching for Data 4 Filtering Results 5 Joining multiple tables

More information

INTRODUCTION TO DATABASES IN PYTHON. Creating Databases and Tables

INTRODUCTION TO DATABASES IN PYTHON. Creating Databases and Tables INTRODUCTION TO DATABASES IN PYTHON Creating Databases and Tables Creating Databases Varies by the database type Databases like PostgreSQL and MySQL have command line tools to initialize the database With

More information

JME Language Reference Manual

JME Language Reference Manual JME Language Reference Manual 1 Introduction JME (pronounced jay+me) is a lightweight language that allows programmers to easily perform statistic computations on tabular data as part of data analysis.

More information

Draft. Students Table. FName LName StudentID College Year. Justin Ennen Science Senior. Dan Bass Management Junior

Draft. Students Table. FName LName StudentID College Year. Justin Ennen Science Senior. Dan Bass Management Junior Chapter 6 Introduction to SQL 6.1 What is a SQL? When would I use it? SQL stands for Structured Query Language. It is a language used mainly for talking to database servers. It s main feature divisions

More information

! Quick review of ! normalization! referential integrity ! Basic MySQL ! Other types of DBs

! Quick review of ! normalization! referential integrity ! Basic MySQL ! Other types of DBs CS 418/518 Web Programming Spring 2014 MySQL Dr. Michele Weigle http://www.cs.odu.edu/~mweigle/cs418-s14/ Outline! Assigned Reading! Chapter 3 "Using PHP5 with MySQL"! Chapter 10 "Building Databases"!

More information

CSC 564: SQL Injection Attack Programming Project

CSC 564: SQL Injection Attack Programming Project 1 CSC 564: SQL Injection Attack Programming Project Sections copyright 2006-2016 Wenliang Du, Syracuse University. Portions of this document were partially funded by the National Science Foundation under

More information

CS61A Notes Week 13: Interpreters

CS61A Notes Week 13: Interpreters CS61A Notes Week 13: Interpreters Read-Eval Loop Unlike Python, the result of evaluating an expression is not automatically printed. Instead, Logo complains if the value of any top-level expression is

More information

CISC 110 Day 1. Hardware, Algorithms, and Programming

CISC 110 Day 1. Hardware, Algorithms, and Programming CISC 110 Day 1 Hardware, Algorithms, and Programming Outline Structure of Digital Computers Programming Concepts Output Statements Variables and Assignment Statements Data Types String and Numeric Operations

More information

Copyright Bitdefender 2015 / 12/15/2015 2

Copyright Bitdefender 2015 /  12/15/2015 2 Copyright Bitdefender 2015 / www.bitdefender.com 12/15/2015 2 http://ww.cs.ubbcluj.ro:80/~raul/ss/index.php?id=7&page=contact Protocol Server name / IP Port Path Query string (GET data) - - - - Copyright

More information

LAMP Apps. Overview. Learning Outcomes: At the completion of the lab you should be able to:

LAMP Apps. Overview. Learning Outcomes: At the completion of the lab you should be able to: LAMP Apps Overview This lab walks you through using Linux, Apache, MySQL and PHP (LAMP) to create simple, yet very powerful PHP applications connected to a MySQL database. For developers using Windows,

More information

CSE413 Midterm. Question Max Points Total 100

CSE413 Midterm. Question Max Points Total 100 CSE413 Midterm 05 November 2007 Name Student ID Answer all questions; show your work. You may use: 1. The Scheme language definition. 2. One 8.5 * 11 piece of paper with handwritten notes Other items,

More information

bash Execution Control COMP2101 Winter 2019

bash Execution Control COMP2101 Winter 2019 bash Execution Control COMP2101 Winter 2019 Bash Execution Control Scripts commonly can evaluate situations and make simple decisions about actions to take Simple evaluations and actions can be accomplished

More information

Scheme in Scheme: The Metacircular Evaluator Eval and Apply

Scheme in Scheme: The Metacircular Evaluator Eval and Apply Scheme in Scheme: The Metacircular Evaluator Eval and Apply CS21b: Structure and Interpretation of Computer Programs Brandeis University Spring Term, 2015 The metacircular evaluator is A rendition of Scheme,

More information

Spring 2018 Discussion 7: March 21, Introduction. 2 Primitives

Spring 2018 Discussion 7: March 21, Introduction. 2 Primitives CS 61A Scheme Spring 2018 Discussion 7: March 21, 2018 1 Introduction In the next part of the course, we will be working with the Scheme programming language. In addition to learning how to write Scheme

More information

Wentworth Institute of Technology COMP570 Database Applications Fall 2014 Derbinsky. SQL Programming. Lecture 8. SQL Programming

Wentworth Institute of Technology COMP570 Database Applications Fall 2014 Derbinsky. SQL Programming. Lecture 8. SQL Programming Lecture 8 1 Outline Context General Approaches Typical Programming Sequence Examples 2 Database Design and Implementation Process Normalization 3 SQL via API Embedded SQL SQLJ General Approaches DB Programming

More information

CSE 127: Computer Security SQL Injection. Vector Li

CSE 127: Computer Security SQL Injection. Vector Li CSE 127: Computer Security SQL Injection Vector Li November 14, 2017 A Magic Trick The functional specification only allowed seeing one user s posts at a time Current user s posts on view.php without

More information

General Coding Standards

General Coding Standards Rick Cox rick@rescomp.berkeley.edu A description of general standards for all code generated by ResComp employees (including non-programmers), intended to make maintaince, reuse, upgrades, and trainig

More information

Variables, Constants, and Data Types

Variables, Constants, and Data Types Variables, Constants, and Data Types Strings and Escape Characters Primitive Data Types Variables, Initialization, and Assignment Constants Reading for this lecture: Dawson, Chapter 2 http://introcs.cs.princeton.edu/python/12types

More information

Data Collections. Welcome to the Fourth Dimension (and beyond) Martin Phillips Ladybridge Systems Ltd. International Spectrum Conference, 2014

Data Collections. Welcome to the Fourth Dimension (and beyond) Martin Phillips Ladybridge Systems Ltd. International Spectrum Conference, 2014 Data Collections Welcome to the Fourth Dimension (and beyond) International Spectrum Conference, 2014 Martin Phillips Ladybridge Systems Ltd Multivalue Are we at its limits? We all understand the power

More information

Use of PHP for DB Connection. Middle and Information Tier. Middle and Information Tier

Use of PHP for DB Connection. Middle and Information Tier. Middle and Information Tier Use of PHP for DB Connection 1 2 Middle and Information Tier PHP: built in library functions for interfacing with the mysql database management system $id = mysqli_connect(string hostname, string username,

More information

Read this before starting!

Read this before starting! Portion of test Points possible Written: 60 Code Modification: 20 Debug/Coding: 20 Total: 100 Points missed Points correct Student's Name: East Tennessee State University Department of Computer and Information

More information

Fall 2017 Discussion 7: October 25, 2017 Solutions. 1 Introduction. 2 Primitives

Fall 2017 Discussion 7: October 25, 2017 Solutions. 1 Introduction. 2 Primitives CS 6A Scheme Fall 207 Discussion 7: October 25, 207 Solutions Introduction In the next part of the course, we will be working with the Scheme programming language. In addition to learning how to write

More information

PYTHON. Values and Variables

PYTHON. Values and Variables December 13 2017 Naveen Sagayaselvaraj PYTHON Values and Variables Overview Integer Values Variables and Assignment Identifiers Floating-point Types User Input The eval Function Controlling the print Function

More information

Retrieving Query Results

Retrieving Query Results Using PHP with MySQL Retrieving Query Results The preceding section of this chapter demonstrates how to execute simple queries on a MySQL database. A simple query, as I m calling it, could be defined as

More information

Use of PHP for DB Connection. Middle and Information Tier

Use of PHP for DB Connection. Middle and Information Tier Client: UI HTML, JavaScript, CSS, XML Use of PHP for DB Connection Middle Get all books with keyword web programming PHP Format the output, i.e., data returned from the DB SQL DB Query Access/MySQL 1 2

More information

Project 2 Interpreter for Snail. 2 The Snail Programming Language

Project 2 Interpreter for Snail. 2 The Snail Programming Language CSCI 2400 Models of Computation Project 2 Interpreter for Snail 1 Overview In this assignment you will use the parser generator yacc to construct an interpreter for a language called Snail containing the

More information

Assorted Topics Stored Procedures and Triggers Pg 1

Assorted Topics Stored Procedures and Triggers Pg 1 Assorted Topics Stored Procedures and Triggers Pg 1 Stored Procedures and Triggers Ray Lockwood Points: A Stored Procedure is a user-written program stored in the database. A Trigger is a stored procedure

More information

CSE 127 Computer Security

CSE 127 Computer Security CSE 127 Computer Security Fall 2015 Web Security I: SQL injection Stefan Savage The Web creates new problems Web sites are programs Partially implemented in browser» Javascript, Java, Flash Partially implemented

More information

Networks and Web for Health Informatics (HINF 6220) Tutorial 13 : PHP 29 Oct 2015

Networks and Web for Health Informatics (HINF 6220) Tutorial 13 : PHP 29 Oct 2015 Networks and Web for Health Informatics (HINF 6220) Tutorial 13 : PHP 29 Oct 2015 PHP Arrays o Arrays are single variables that store multiple values at the same time! o Consider having a list of values

More information

Technology White Paper of SQL Injection Attacks and Prevention

Technology White Paper of SQL Injection Attacks and Prevention Technology White Paper of SQL Injection Attacks and Prevention Keywords: SQL injection, SQL statement, feature identification Abstract: SQL injection attacks are common attacks that exploit database vulnerabilities.

More information

CS201- Introduction to Programming Current Quizzes

CS201- Introduction to Programming Current Quizzes CS201- Introduction to Programming Current Quizzes Q.1 char name [] = Hello World ; In the above statement, a memory of characters will be allocated 13 11 12 (Ans) Q.2 A function is a block of statements

More information

Security Assessment of PHP Web Applications from

Security Assessment of PHP Web Applications from Security Assessment of PHP Web Applications from SQL Injection Attacks 1 Atiqur Rahman, 2 Md. Mahbubul Islam and 3 Abhijit Chakraborty 1 Department of Computer Science & Engineering, University of Chittagong,

More information

4th year. more than 9 years. more than 6 years

4th year. more than 9 years. more than 6 years 4th year more than 9 years more than 6 years Apache (recommended) IIS MySQL (recommended) Oracle Client Webserver www.xyz.de Webpage (Output) Output Call MySQL-Database Dataexchange PHP Hello World

More information

Syntactic Sugar: Using the Metacircular Evaluator to Implement the Language You Want

Syntactic Sugar: Using the Metacircular Evaluator to Implement the Language You Want Computer Science 21b (Spring Term, 2017) Structure and Interpretation of Computer Programs Syntactic Sugar: Using the Metacircular Evaluator to Implement the Language You Want Here is one of the big ideas

More information

Project 2: Scheme Interpreter

Project 2: Scheme Interpreter Project 2: Scheme Interpreter CSC 4101, Fall 2017 Due: 12 November 2017 For this project, you will implement a simple Scheme interpreter in C++ or Java. Your interpreter should be able to handle the same

More information

Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion

Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion IN5290 Ethical Hacking Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion Universitetet i Oslo Laszlo Erdödi Lecture Overview What is SQL injection

More information