Sql Injection

Hello friends,



After a long time again now i am going to write something in my blog. Today i am
going to write about Sql injection.

So i will cover this many steps in my this topic

1. Create fear


2. what is Sql Injection


3. Description about Sql Injection


4. If not applied.


5. How to apply.


6. Sample Code

So very quickly we are on the way......................

Create Fear

Thought it seems very simple thing after implementation
but if not implemented then can be very serious problem for our webapplication
or website.



it is very simple and cheap way of hack or access any database.

using sql injection not only hack or access........ modification is very easy to
do in our database.



if I have chance to touch an apple then for whom will I wait ? I will immediately
eat it.

it's like that.

what is Sql Injection

fine.... I tried to create fear so that we try
to achieve it and believe me it's not at all difficult.



Definition: SQL injection is a code injection
technique that exploits a security vulnerability occurring in the database layer
of an application. The vulnerability is present when user input is either incorrectly
filtered for string literal escape characters embedded in SQL statements or user
input is not Bly typed and thereby unexpectedly executed. It is an instance of a
more general class of vulnerabilities that can occur whenever one programming or
scripting language is embedded inside another. SQL injection attacks are also known
as SQL insertion attacks

Continue..............

Nested DataList.. To Create treeview type display

hi ...
Here we have a datalist and in that datalist another datalist for each row...
so it will create output like shown in image at right side..

here is code for that


<%@ Page Language="VB" AutoEventWireup="true" CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<asp:ScriptManager ID="ScriptManager1" runat="server" />
<div>
<asp:DataList ID="DataList1" runat="server" DataKeyField="CenterCode" Style="z-index: 22;
left: 56px; position: absolute; top: 88px">
<ItemTemplate>
<ul>
<li>
<asp:Label ID="CenterNameLabel" runat="server" Text='<%# Eval("CenterName") %>'>
</asp:Label>
<asp:DataList ID="DataList2" runat="server">
<ItemTemplate>
<ul>
<li>
<asp:Label ID="DepartmentNameLabel" runat="server" Text='<%# Eval("DepartmentName") %>'>
</asp:Label></li>
</ul>
</ItemTemplate>
</asp:DataList>
</li>
</ul>
</ItemTemplate>
</asp:DataList>
</div>
</form>
</body>
</html>



now in default.aspx.vb file write this code

Imports System.Data
Partial Class _Default
Inherits System.Web.UI.Page

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim ds As DataSet
Dim obj As New ClsMain

ds = obj.connect("select * from TblCenter")

DataList1.DataSource = ds
DataList1.DataBind()

End Sub



Protected Sub DataList1_ItemDataBound(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.DataListItemEventArgs) Handles DataList1.ItemDataBound

Dim PriceLabel As Label = CType(e.Item.FindControl("CenterNameLabel"), Label)
Dim dl As DataList
dl = CType(e.Item.FindControl("DataList2"), DataList)

Dim ds As DataSet
Dim obj As New ClsMain
Dim i As String = DataList1.DataKeys.Item(0)
ds = obj.connect("SELECT TblDepartment.DepartmentName FROM TblCenter INNER JOIN TblDepartment ON TblCenter.CenterCode = TblDepartment.CenterCode WHERE (TblCenter.CenterName = '" & PriceLabel.Text & "')")

dl.DataSource = ds
dl.DataBind()
End Sub


End Class


All The Best....

Bind Textbox in Tab container using javascript with ajaxtoolkit

hello friends

This is to add javascript for Textbox in Tabcontainer

<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="cc1" %>
<form id="form1" runat="server">
<%@ page language="VB" autoeventwireup="false" codefile="Default.aspx.vb" inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<head runat="server">
<title>Untitled Page</title>
<script language="javascript" type="text/javascript">
function Callme()
{
document.getElementById("TabContainer1_TabPanel1_TextBox2").value=document.getElementById("TabContainer1_TabPanel1_TextBox1").value
}
</script>
</head>
<body>
<asp:scriptmanager id="ScriptManager1" runat="server">
</asp:ScriptManager>
<cc1:tabcontainer id="TabContainer1" runat="server" activetabindex="0">
<cc1:tabpanel id="TabPanel1" runat="server" headertext="TabPanel1">
<contenttemplate>
<asp:textbox id="TextBox1" runat="server"></asp:TextBox>
<asp:textbox id="TextBox2" runat="server"></asp:TextBox>
</contenttemplate>
</cc1:TabPanel>
<cc1:tabpanel id="TabPanel2" runat="server" headertext="TabPanel2">
<contenttemplate>
<%--put another control--%>
</contenttemplate>
</cc1:TabPanel>
</cc1:TabContainer>
</form>
</body> </html>





Partial Class _Default
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)Handles
Me.Load
TextBox1.Attributes.Add("onkeyup", "Callme();")
End Sub
End Class


Hope This will Help
All The Best

.Net Technology- Basics

Hello Friends

First of all let me introduce briefly about .Net

What is .Net and why?

generally we .Net people are called Lazy Programmer.
Because we need not to remember all the methods and properties of each class.
just put .(Period) leaded by class or method a long list of including methods and properties will be displayed.. LOL just choose and implement ...

so we are called lazy programmer..

comparatively in other Technologies this is little bit difficult.