types->MMDocumentTypes.xml

find “PHP_MySQL” change parameter
winfileextension ->add ‘ctp,thtml’ after ‘php,php3,php4,php5′ parameter look
like this “php,php3,php4,php5,ctp,thtml”

macfileextension->add ‘ctp,thtml’ after ‘php,php3,php4,php5′ parameter look
like this “php,php3,php4,php5,ctp,thtml”

open Extensions.txt in configuration folder
find “All Documents” add “CTP,THTML” before “All Documents”
save it.

Enjoy

.htaccess or search engine friendly URL

.htaccess is the filename of a special configuration file that provides a number of directives (commands) for controlling and configuring the Apache Web Server, and also to control its many modules like mod_rewrite (for htaccess rewrite), mod_alias (for htaccess redirects), and mod_ssl.

Htaccess allows for decentralized management of configuration when placed inside the web tree. Htaccess is sometimes called: “HyperText Access”because one of the main functions of Htaccess files are to control access of HTTP (HyperText Transfer Protocol), which we know as the WWW. Htaccess is a very ancient configuration file, and is also one of the most powerful configuration files you will ever come across.

The Apache Web server provides a feature called .htaccess file, which provides commands to control a Web site. This file is simply a text file containing Apache directives. Those directives apply to the documents in the directory where the file is located, and to all subdirectories under it as well. Other .htaccess files in subdirectories may change or nullify the effects of those in parent directories.

You have to be careful when editing .htaccess files, as a small mistake can make your Web site stop working. You should immediately test the site to be sure it works.

.htacce mostly uses for the extension hidding for example if websites are running on php and developer are not want to display .php extension then it is useful to use .htaccess file and make it as directory structure or you can also display as .html or .hml

.htm or .html file are search engine friendly so it is useful for SEO working

Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:

RewriteEngine On RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} somefolder RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

The .htaccess file should be placed in the folder where you need to force HTTPS.

Here are the most notable and useful .htaccess examples…

Custom error pages

The most common errors are 404 (Not Found) and 500 (Internal Server Error). Design your custom Web pages for these errors (you aren’t limited to these errors, you can create an error page for each and every error). Add the following commands to your .htaccess file…

Redirects

You can use .htaccess file to redirect any request for a specific page to a new page…

Server-side redirects are very useful for shortening affiliate links. Your visitors won’t be turned off by long links that are obviously affiliate links. For example, to create a redirect at the URL:

Redirecting domain.com to www.domain.com

If search engines find both www and non-www links from other sites to your site, they may treat http://domain.com and http://www.domain.com as two different websites with the same content. This means that your site can be penalized for duplicate content.

Many experts recommend to set up a 301 redirect (permanent redirect) from YourSite.com to www.domain.com…

Replace “domain.com” with your real domain name.

The .htaccess file is very obscure and extremely useful when used properly. The above htaccess examples cover only a few possible uses of this powerful tool. For more information, see…

http://httpd.apache.org/docs/1.3/howto/htaccess.html

Purpose: To describe how to perform a basic installation of

SQL Server 2005.

Version Information: Although this document addresses

SQL Server 2005

Developer Edition, the instructions are very similar or the

same for other editions

of SQL Server 2005.

Important Notes: Before installing SQL Server 2005,

SQL Server 2000 databases
should be backed up (if they are required), and the SQL Server 2000

software should be completely un-installed through the Control Panel,

UNLESS there is a technical requirement for it to exist on the same machine.

Although SQL Server 2000 and 2005 can exist side by side on the

same machine, they have to be installed as separate named instances.

This document does not attempt to address the details of SQL

Server named instances – if in doubt, consult the DBA for the project for which the installation is being performed.

Should a user require SQL Server 2000 AFTER SQL Server 2005

has been installed, it can be installed as a separate named instance,

however a check should be made to ensure that any critical applications

that require SQL Server 2000 are capable of

supporting named instances – not all are.

For most installations, if installing on standard 32 bit Windows XP

Professional, click on the x86-based operating systems option.

4. Read the terms and conditions of the license agreement

and click the check box to accept them:

Click on the Install button and wait whilst the system

components are configured. This may take 10-20 seconds.

7. Wait for a few seconds for the following screen

to appear, and then click on Next:

Note that the components selected in the screen shot above

are the most common components that will be needed

for most developers and development DBAs. However,

if another component such as Analysis Services is needed,

it can be added easily afterwards by re-inserting the installation

DVD and re-running the setup program.

Click on the Advanced button to open up further options.

IMPORTANT NOTE

As a general rule it is not necessary to change the default installation

path or the Developer Edition installation, unless your

organisation has a standard which is different. If in doubt,

check an existing PC or server at your site.

Click on Next.

IMPORTANT NOTE

If the Default instance radio button is disabled, this probably means

that there is another, default instance of SQL Server 2000 or SQL

Server 2005 already installed on this machine. In this case,

consult the DBA for the project as it may not be necessary or

desirable to re-install the database components.

Click on Next.

The first step will change the Windows account under which

the SQL Server service executes to the Local System account.

In a production environment or certain development environments,

it may be desirable to change this to a domain user account,

but this is not usually necessary for local developer installations.

Note that the service account settings can be changed through the

Services applet in the Control Panel at any point after installation,

however SQL Server will require re-starting in order for these

changes to take effect.

Click on Next.

14. Change Authentication Mode to Mixed Mode and set a password

for the sa logon. The user’s NT logon name could be used as an initial

password, but note that whatever is used, it should NOT be the same

for each machine as the sa account gives sysadmin privileges to

any user who uses it:

15. Keep the default collation settings, UNLESS the DBA for the project

specifies that they should be changed. Be aware that certain

applications require non-default settings:

16. Select Error Reporting and Usage options – it does not matter what

these are set to, as they are completely at your discretion:

18. The Setup Progress screen will appear, inform

ing you of installation progress:

This step ususally takes 10-30 minutes, but requires no user

intervention – so now’s a

good time to take a break and make some coffee.

If you only want the database server to be accessible from the machine

on which it is installed, click on Finish.
SQL Server 2005

installation is now complete.

However, if you wish the database server to be accessible from

other machines, click on the Surface Area Configuration tool link.

Click on the Remote Connections node in the left hand tree pane,

then click on Local and remote connections.
By default, TCP/IP

only is selected and is usually sufficient in most development environments,

but if you suspect that you may need SQL Server 2005 to host legacy

applications which require support for the named pipes SQL Server

communication protocol, click on “Using TCP/IP and Named Pipes”.

If in doubt, consult the DBA for the project.

In addition, if you wish this installation of SQL Server to automatically

announce itself on the network to automatic database server directory queries,

click on the SQL Server Browser Service, set the Startup type to ‘Automatic”,

click on “Apply”, then click on the Start button.

Click on OK, and then close the “Help Protect Your SQL Server” screen.
Finally, click on the Finish button

on the “Completing Microsoft SQL Server 2005 Setup” screen.

SQL Server 2005 setup is now complete. Top of Page
]]> http://laxmanparmar.wordpress.com/2009/03/27/installing-sql-server/feed/ 0 laxman parmar Insert the DVD into the DVD drive The SQL Server installation screen appears Click on Server components, tools, Books online and samples Read and accept the terms and conditions of the license agreement The Installing Prerequisites screen Prerequisites are installed Welcome to the Microsoft SQL Server Installation Wizard The System Configuration Check screen Fill in the Registration Information details Select the components to install Feature selection Select the Default instance Select the radio button Use the built-in System account Change Authentication Mode to Mixed Mode and set a password for the sa logon Error Reporting and Usage options The SQL Server pre-installation screen Keep the default collation settings, unless you have a reason to change them SQL Server setup progress SQL Server setup has finished Completing Microsoft SQL Server 2005 Setup The Help Protect Your SQL Server screen will appear SQL Server 2005 Surface Area Configuration http://laxmanparmar.wordpress.com/2009/03/06/sql-injection/ http://laxmanparmar.wordpress.com/2009/03/06/sql-injection/#comments Fri, 06 Mar 2009 04:51:21 +0000 laxmanparmar http://laxmanparmar.wordpress.com/2009/03/06/sql-injection/ ]]> sql injection

SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn’t properly filter out dangerous characters. This can allow an attacker to not only steal data from your database, but also modify and delete it. Certain SQL Servers such as Microsoft SQL Server contain Stored and Extended Procedures (database server functions). If an attacker can obtain access to these Procedures it may be possible to compromise the entire machine. Attackers commonly insert single qoutes into a URL’s query string, or into a forms input field to test for SQL Injection. If an attacker receives an error message like the one below there is a good chance that the application is vulnerable to SQL Injectio

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.SQL injection attacks are also known as SQL insertion attacks

Forms of SQL injection vulnerabilities

Incorrectly filtered escape characters

This form of SQL injection occurs when user input is not filtered for escape characters and is then passed into a SQL statement. This results in the potential manipulation of the statements performed on the database by the end user of the application.

The following line of code illustrates this vulnerability:

statement = "SELECT * FROM users WHERE name = '" + userName + "';"

This SQL code is designed to pull up the records of the specified username from its table of users.
 However,if the "userName" variable is crafted in a specific way by a malicious user,
 the SQL statement may do more than the code author intended. For example, setting the "userName" variable as

a' or 't'='t

renders this SQL statement by the parent language:

   SELECT * FROM users WHERE name = 'a' OR 't'='t';

If this code were to be used in an authentication procedure then this example could be used to force
the selection of a valid username because the evaluation of 't'='t' is always true.

While most SQL Server implementations allow multiple statements to
be executed with one call, some SQL APIs such as php's mysql_query do
not allow this for security reasons. This prevents hackers from injecting entirely
separate queries,but doesn't stop them from modifying queries. The following
value of "userName" in the statement belowwould cause the deletion of the "users" table as well as
the selection of all data from the "data" table (in essence revealing the information of every user):

a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%

This input renders the final SQL statement as follows:

SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM DATA WHERE name LIKE '%';

Incorrect type handling

This form of SQL injection occurs when a user supplied field is not strongly typed or
is not checked for type constraints.

This could take place when a numeric field is to be used in a SQL statement,

but the programmer makes no checks to validate that the user supplied input is numeric. For example:

statement := "SELECT * FROM data WHERE id = " + a_variable + ";"

It is clear from this statement that the author intended a_variable to be a number correlating to the "id" field.

However, if it is in fact a string then the end user may manipulate the statement as they choose,
thereby bypassing the need for escape characters.

For example, setting a_variable to

1;DROP TABLE users

will drop (delete) the "users" table from the database, since the SQL would be rendered as follows:

SELECT * FROM DATA WHERE id=1;DROP TABLE users;

Magic String

The magic string is a simple string of SQL used primarily at login pages. The magic string is

'OR''='

When used at a login page, you will be logged in as the user on top of the SQL table.

Vulnerabilities inside the database server

Sometimes vulnerabilities can exist within the database server software itself, as was the case with the
MySQL server’s mysql_real_escape_string() function. This would allow an attacker to perform
a successful SQL injection attack based on bad Unicode characters even if the user’s input is being escaped

Blind SQL Injection

Blind SQL Injection is used when a web application is vulnerable to SQL injection but the results
of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays
data but will display differently depending on the results of a logical statement injected into the legitimate SQL
statement called for that page. This type of attack can become time-intensive because a new statement must be
crafted for each bit recovered. There are several tools that can automate these attacks once the location of the
vulnerability and the target information has been established.

Conditional Responses

One type of blind SQL injection forces the database to evaluate a logical statement on an ordinary application screen.

SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND 1=1

will result in a normal page while

SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND 1=2

will likely give a different result if the page is vulnerable to a SQL injection. An injection like this will prove that
a blind SQL injection is possible, leaving the attacker to devise statements that evaluate to true or false depending on
the contents of a field in another table.

Conditional Errors

This type of blind SQL injection causes a SQL error by forcing the database to evaluate a statement that causes an error
if the WHERE statement is true. For example,

SELECT 1/0 FROM users WHERE username='Ralph'

the division by zero will only be evaluated and result in an error if user Ralph exists.

Time Delays

Time Delays are a type of blind SQL injection that cause the SQL engine to execute a long running query or a time
delay statement depending on the logic injected. The attacker can then measure the time the page takes to load to
determine if the injected statement is true.

Preventing SQL Injection

To protect against SQL injection, user input must not directly be embedded in SQL statements.
Instead, parameterized statements must be used (preferred), or user input must be carefully escaped or filtered.

Using Parameterized Statements

In some programming languages such as Java and .NET parameterized statements can be used
that work with parameters (sometimes called placeholders or bind variables)
instead of embedding user input in the statement. In many cases, the SQL statement is fixed. The user input is

then assigned (bound) to a parameter.
This is an example using Java and the JDBC API:

PreparedStatement prep = conn.prepareStatement
("SELECT * FROM USERS WHERE USERNAME=? AND PASSWORD=?");
prep.setString(1, username);
prep.setString(2, password);

Similarly, in C#:

using (SqlCommand myCommand = new SqlCommand("SELECT * FROM USERS
WHERE USERNAME=@username AND PASSWORD=HASHBYTES('SHA1', @password)", myConnection))

    {
        myCommand.Parameters.AddWithValue("@username", user);
        myCommand.Parameters.AddWithValue("@password", pass);

        myConnection.Open();
        SqlDataReader myReader = myCommand.ExecuteReader())

        ...................
    }

In PHP version 5 and above, you have multiple choices for using parameterized statements.

The easiest is to use the PDO database layer:

$db = new PDO('pgsql:dbname=database');

$stmt = $db->prepare("SELECT priv FROM testUsers
WHERE username=:username AND password=:password");
$stmt->bindParam(':username', $user);

$stmt->bindParam(':password', $pass);
$stmt->execute();

Alternatively, you could use a vendor-specific method. For example in MySQL 4.1 and above with the mysqli extension. Example

$db = new mysqli("localhost", "user", "pass", "database");

$stmt = $db -> prepare("SELECT priv FROM testUsers
WHERE username=? AND password=?");
$stmt -> bind_param("ss", $user, $pass);

$stmt -> execute();

In ColdFusion, the CFQUERYPARAM statement is useful in conjunction with the CFQUERY
statement to nullify the effect of SQL code passed within the CFQUERYPARAM value as part of the SQL clause.
An example is below.

<cfquery name="Recordset1" datasource="cafetownsend">
SELECT *
FROM COMMENTS
WHERE COMMENT_ID =<cfqueryparam value="#URL.COMMENT_ID#"
cfsqltype="cf_sql_numeric">

</cfquery>

Enforcing the Use of Parameterized Statements

There are two ways to ensure an application is not vulnerable to SQL injection: using code reviews
(which is a manual process), and enforcing the use of parameterized statements. Enforcing the use of parameterized statements means that
SQL statements with embedded user input are rejected at runtime. Currently only the H2 Database Engine supports this feature.

Using Escaping

A straight-forward, though error-prone way to prevent injections is to escape dangerous characters.
One of the reasons for it being error prone is that it is a type of blacklist which is less
robust than a whitelist. For instance, every occurrence of a single quote (') in a parameter must be replaced by two
single quotes ('') to form a valid SQL string literal. In PHP, for example,
it is usual to escape parameters using the function mysql_real_escape_string before sending the SQL query:

$query = sprintf("SELECT * FROM Users
where UserName='%s' and Password='%s'",
                  mysql_real_escape_string($Username),
                  mysql_real_escape_string($Password));

mysql_query($query);

Here is an example of a custom escaping based sql injection filter. It doesn’t rely on built in escaping functions:

<?php
$title = $_POST['title']; // user input from site

$description = $_POST['description']; // user input from site

// define the cleaner

$dirtystuff = array("\"", "\\", "/", "*", "'", "=", "-", "#", ";", "<", ">", "+", "%");

// clean user input (if it finds any of the values above, it will replace
it with whatever is in the quotes - in this example, it replaces the value with nothing)

$title = str_replace($dirtystuff, "", $title); // works!

$description = str_replace($dirtystuff, "", $description); // works!

// input: I\ "like/ green<** veg'et=a-bles> ;and< pizza**

// output: I like green vegetables and pizza

// input: a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%
// output: aDROP TABLE users SELECT FROM data WHERE name LIKE 

?>

This sort of escaping is error-prone as it relies on the programmer to escape every parameter.

Also, if the escape function (either custom or built-in in the language) fails to handle a special character correctly, an injection is still possible.

Consistency is your friend
I’m sure you name your class files consistently so you can probably skip this section. Apparently, since you’re reading this, you do not have any rhyme or reason for your class file names. It doesn’t really matter what it is as long as it’s consistent and predictable. For example, EpiCode contains a models directory which contains all of the PHP class files. The file names follow the pattern ClassName.php. I know that class A is defined in models/A.php.

What can __autoload() do for you?
Did you know that PHP will call __autoload() if you try to call a function which is not yet defined? You simply have to define it and let it know where to find the class file. Let’s use my example of placing all class definitions inside a models directory with the filename being the same as the class name. Your __autoload() function may look something like this.
view plaincopy to clipboardprint?

1. function __autoload($className)
2. {
3. require_once “./models/{$className}.php”;
4. }
5.
6. // Instantiate class A without including it and __autoload() will do so on your behalf
7. $ClassA = new A();

function __autoload($className)
{
require_once “./models/{$className}.php”;
}

// Instantiate class A without including it and __autoload() will do so on your behalf
$ClassA = new A();

Make your code less ugly
If you can’t spare an extra function call here or there then __autoload() may not be for you. Though I would begin to question your reasoning. The upside is that your code could become significantly cleaner and more maintainable. The upside of easy to read code often trumps everything else.

1. Make a Folder in C drive rename it as “abc” without quotes.
2. Now open Command Prompt from Start Menu.
3. Type “attrib +s +h C:\abc” without quotes and press enter.
4. This command will Make your folder invisble and it can not be seen even in hidden files and folders
5. To make it visible again type “attrib -s -h C:\abc”
6. You can lock any other folder also by changing the location C:\abc to address of your folder.

2 Windows Tricks and Shortcuts
# To boost performance of your PC or to increase RAM virtually,
Right click on My Computer Icon on Desktop
>> Go to Properties
>> Go to Advanced
>> Go to Performance – Settings
>> Go to Advanced
>> Go to Virtual Memory – Change

Keep the initial size same as recommended and maximum size double of it then restart your system.
It will improve speed of windows and you can play some games which require higher RAM.

# To Minimise all the application and running windows press the “Windows + M ” key together.

3 Windows Tricks : Changing Startup and Log-off screens

Startup Screen

1. Create a 320×400 bitmap in the root directory and name it LOGO.SYS
2. You can use LOGOW.SYS file in the Windows directory as a starter

Logoff Screens

1. There are many system file that constitutes Lofoff screen.
2. They are actually bitmaps 320×400 that just have a different extension
3. The hidden file in the root directory LOGO.SYS is the startup logo.
4. There are two files in the Windows directory.
5. LOGOW.SYS is the Wait while Shutting down … screen.
6. LOGOS.SYS is the You may now shut-off or Reboot screen.
7. Make two new image files of your chice in Paint and name it as LOGOW.SYS and LOGOS.SYS and replce the actual windows file by this two.
8. But make sure they should be of the same size

Warning:

You can try these codes at your own responsibility ! We are not responsible for any malfunction and we don’t accept any complaints.

Important:

If you know any other tips & tricks & secrets about GSM mobile or any other mobile which is not listed here then you can comment and add this i am we are add this tricks on our site

Type *#61# and press call – Check call redirection status.

Cancel all redirections: ##002#

*43# to activate call waiting, to deactivate #43#.

If your phone doesn’t have incoming call barring and outgoing call barring, you can try this. For outgoing call barring dial *33*barcode*# and pres OK. To deactivate it dial #33#barcode*#.

On any phone on any network type in **43# to enable conference calls. You can make up to 7 calls at once

If you need to block SMS reception (if you are spammed by someone) just press this code: *35*xxxx*16# xxxx is your Call Barring code (default is 0000). To remove this barring type: #35*xxxx#

If you want to hide/show your phone number when calling, put one of these codes below in front of the number that you are going to call. (*#30# / *#31# or *31# / #31# ) Works on some networks.

Typing *0# or *nm# on the beginning of a txt message gives you detailed delivery report on some networks.. But turn off reports in message settings before.

When the sim card-pin blocked type **042*pin2 old*newpin2*newpin2*

Use Mozilla Firefox instead of IE explorer and keep the cache size to 500 Mb and you can surf faster.

It fetches informating from cache of websites you regular visits so its fast and it download less data compares to IE so very handy for limited download size users.

STEP 1:
DIAL THE CODE
Simply Key *#06# to find your “IMEI” needed for unlocking, this may also be found on the battery of your phone.

STEP 2:
CALL THE NUMBER

*Dial 0906 591 0300
And type your “IMEI” code to obtain your unlock code.

STEP 3:
ENTER THE UNLOCK CODE

Enter the instantly generated unlocking code and your mobile phone/cellular will be unlocked!!

1. The Emergency Number worldwide for Mobile is 112.If you findyourself out of coverage area of your mobile network and there is anemergency, dial 112 and the mobile will search any existing network to establish the emergency number for you, and interestingly this number 112 can be dialed even if the keypad is locked.
2. Have you locked your keys in the car? Does you car have remote keys?
This may come in handy someday. Good reason to own a cell phone: If you lock your keys in the car and the spare keys are at home, call someone at home on their cell phone from your cell phone. Hold your cell phone about a foot from your car door and have the person at your home press the unlock button, holding it near the mobile phone on their end. Your car will unlock. Saves someone from having to drive your
keys to you. Distance is no object. You could be hundreds of miles away, and if you can reach someone who has the other “remote” for your car, you can unlock the doors.
3. Hidden Battery power: Imagine your cell battery is very low , you are expecting an important call and you don’t have a charger. Nokia instrument comes with a reserve battery. To activate, press the keys *3370# Your cell will restart with
this reserve and the instrument will show a 50% increase in battery. This reserve will get charged when you charge your cell next time.
4. How to disable a STOLEN mobile phone?
To check your Mobile phone’s serial number, key in the following digits on your phone:
* # 0 6 #
A 15 digit code will appear on the screen. This number is unique to your handset. Write it down and keep it somewhere safe. when your phone get stolen, you can phone your service provider and give them this code. They will then be able to block your handset so even if the thief changes the
SIM card, your phone will be totally useless. You probably won’t get your phone back, but at least you know that whoever stole it can’t use/sell it either. If everybody does this, there would be no point in people stealing mobile
phones.

How this site
(polls)