SQL Injection Attacks by Example

“SQL Injection” is subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.

We’ll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different — and better — approaches. But the fact that we were successful does suggest that we were not entirely misguided.

via SQL Injection Attacks by Example.

Access To MySQL

Access to MySQL is a small program that will convert Microsoft Access Databases to MySQL.

Wizard interface.

Transfer data directly from one server to another.

Create a dump file.

Select tables to transfer.

Select fields to transfer.

Transfer password protected databases.

Supports both shared security and user-level security.

Optional transfer of indexes.

Optional transfer of records.

Optional transfer of default values in field definitions.

Identifies and transfers auto number field types.

Command line interface.

Easy install, uninstall and upgrade.

via Access To MySQL.

A simple Database.php file


class Database

	public $user='my_user';
	public $password='my_password';
	public $db='my_db';
	public $host='localhost';
	public $link;
	public function connect()
		$link = mysql_connect($this->host, $this->user, $this->password);
	public function query ($string)
		return mysql_query($string);
	public function fetchAll($string)
		$query = "select * from `$string`";
		$result = $this -> query($query);
		return $result;

InnoDB slow? – PHPBuilder.com

MyISAM’s advantage is speed and the support of the FULLTEXT search capability. InnoDB sacrifices some speed in favor of transactions support.

via InnoDB slow? – PHPBuilder.com.