sqlcmd usefull command

To open sqlexpress

sqlcmd -S .\SQLEXPRESS

To show all databases

EXP sp_databases

Connect to a local database in C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data;
using System.Data.SqlClient;
using System.Windows;

namespace WpfApplication1
 class DBClass
 private SqlConnection sqlcon;
 private SqlCommand sqlcom;
 public DBClass()
 string executable = System.Reflection.Assembly.GetExecutingAssembly().Location;
 string path = (System.IO.Path.GetDirectoryName(executable));
 AppDomain.CurrentDomain.SetData("DataDirectory", path);
 string sqlCon = @"Data Source=.\SQLEXPRESS;" +
 Integrated Security=True;
 Connect Timeout=30;
 User Instance=True";
 sqlcon = new SqlConnection(sqlCon);
 sqlcom = new SqlCommand();

 public SqlDataReader executeQuery(String query){
 SqlDataReader reader;
 this.sqlcom.CommandText = query;
 this.sqlcom.CommandType = CommandType.Text;
 this.sqlcom.Connection = this.sqlcon;


 reader = this.sqlcom.ExecuteReader();

 return reader;


 public void closeConnection() {

Getting Started with MongoDB

This tutorial provides an introduction to basic database operations using the mongo shell. mongo is a part of the standard MongoDB distribution and provides a full JavaScript environment with a complete access to the JavaScript language and all standard functions as well as a full database interface for MongoDB. See the mongo JavaScript API documentation and the mongo shell JavaScript Method Reference.

The tutorial assumes that you’re running MongoDB on a Linux or OS X operating system and that you have a running database server; MongoDB does support Windows and provides a Windows distribution with identical operation. For instructions on installing MongoDB and starting the database server, see the appropriate installation document.


read from: http://docs.mongodb.org/manual/tutorial/getting-started/

Import an oracle dump file

I used the following command:

imp username/password file=filename fromuser=userwhoexport touser=usertoimport


Finding the physical path of your SQL Server Express Database

Just execute the query:
use model
SELECT physical_name FROM sys.database_files

I use QueryExPlus (http://sourceforge.net/projects/queryexplus/) for working with sql databases.

SQL Injection Attacks by Example

“SQL Injection” is subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.

We’ll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different — and better — approaches. But the fact that we were successful does suggest that we were not entirely misguided.

via SQL Injection Attacks by Example.

A simple Database.php file


class Database

	public $user='my_user';
	public $password='my_password';
	public $db='my_db';
	public $host='localhost';
	public $link;
	public function connect()
		$link = mysql_connect($this->host, $this->user, $this->password);
	public function query ($string)
		return mysql_query($string);
	public function fetchAll($string)
		$query = "select * from `$string`";
		$result = $this -> query($query);
		return $result;

Database is the backbone of a successful web…

Database is the backbone of a successful web application. Consider your database design first, Then consider how you will design the view according to your database schema. You can add some dummy data in your database to see how the data flows. If you can get the flow of data perfectly inside the database, you have got your work 60% done.