Wednesday, July 14, 2004
Verifying input to be passed to a SQL statement in VBScript
This is a very common mistake made when passing user supplied data to a SQL statement in VBScript:
strUserData=request.form("Name")
strSQLData="select Name from UserNames where Name='" & strUserData & '"
If the string in Name contains a single quotation mark it will break the string and possibly returning a sql error or worse be used by someone with bad intentions to corrupt you database or steal information.
One way around this is to make a function that replaces each single quote for double quotes, so that David's would be rendered as David''s, the final string would look like:
Select Name from UserNames where Name='David''s'
The Function would be:
Function Quotes(strInput)
strInput=replace(strInput,"'","''")
End Function
This function can then be included in any page that uses SQL Statements:
strUserData=Quotes(request.form("Name"))
- posted by mlopes @ 2:10 AM 5 comments
Monday, July 12, 2004
Practical differences in code, from HTML to XHTML
The following list summarizes the major code differences between HTML and XHTML:
* Including the processing instruction line (the XML prolog) is recommended, but not required:
* Doctype declaration is required:
* Namespace designation is required:
* Html, head, body, and title elements are required:
* Tags and attributes must be lowercase:
* Attribute values must be quoted:
font-size="large"
* Non-empty tags must be terminated with a closing tag:
text
* Empty tags (e.g., hr, br, img) must incorporate a slash:
* Elements can't overlap—they must nest properly:
text
This isn't a complete list of code differences between HTML and XHTML, but it includes most of the common issues.
- posted by mlopes @ 8:22 AM 0 comments
Wednesday, July 07, 2004
Set up an HTML mailto form without a script
There's a way to set up a Web form so that it doesn't require a back-end script. By using some simple HTML "mailto" code, you can set up the form so that the results are automatically e-mailed to an address you specify.
The code looks like this:
You can copy and paste the HTML code from above into a standard HTML page. To get this form working right away, just change the e-mail address in "mailto:admin@example.com" to the appropriate address for your organization. You can also tweak other settings such as the size of the fields.
One drawback to using this method is that when users hit the Submit button, they will receive from their Web browser a message that requires approval for the e-mail being sent. Some users may get confused or intimidated by that, so you may want to put a short blurb on the Web page that tells users to expect the message from the browser and to approve it when it pops up.
- posted by mlopes @ 2:18 AM 0 comments
Monday, July 05, 2004
Manually resetting AUTOCHK.EXE for a drive
A crash can sometimes cause the dirty bit to be set when there was no data pending to be written, provoking a disk check the next time the system is rebooted. This in turn can cause a disk check to run persistently at each reboot, even when the dirty bit has not been set. If a disk check is running at each reboot regardless of whether or not the system was shut down cleanly, then the problem is no longer the dirty bit per se, but rather the way AUTOCHK.EXE has been configured to run at startup.
There are a few ways to manually override this. The first is to run CHKDSK /F on the drive in question; if it runs successfully, the AUTOCHK.EXE command is cleared and the system will no longer be checked at each reboot. Another way to do it is to edit the Registry directly and remove the AUTOCHK command. To do this, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager in the Registry and look for a REG_MULTI_SZ value with the name BootExecute. Set the value of BootExecute to a null value. This will prevent AUTOCHK from running on next reboot.
On the whole, it's safest to first attempt to use CHKDSK /F on the drive that is being repeatedly checked at startup. Editing BootExecute should only be done if CHKDSK doesn't seem to be working. Running CHKDSK also has the added bonus of manually clearing the dirty bit.
- posted by mlopes @ 4:07 AM 0 comments
Friday, July 02, 2004
Share an Internet Connection With Multiple Computers
Linux offers the ability to act as both firewall and router for
multiple computers. You can easily set this up using iptables.
Execute the following commands on your Linux box. This example assumes
that eth0 is the network interface connected to the cable or DSL modem.
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# modprobe ip_conntrack_ftp
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -P INPUT DROP
Of course, this is greatly simplified; it's just the basics to get you
up and running quickly.
Keep in mind that it doesn't matter what systems you're running on your
network, be it Windows, Macs, or other Linux systems. All you need to
do is tell those clients to use this Linux machine as the gateway.
- posted by mlopes @ 7:26 AM 0 comments
Playing Nice: Reviews of CrossOver Office, WineX 4
Operating Systems
Posted by timothy on Thursday July 01, @03:41PM
from the methadone-clinic dept.
JimLynch writes 'One of the more common questions experienced Linux users get asked by those considering migrating from Windows to Linux is, 'Will my Windows applications run under Linux?' Thanks to the folks at CodeWeavers, the answer to that is yes--for some applications, anyway.' And Dan Dole writes 'Linuxlookup.com staff member Rich reviews Cedega (WineX 4.0), give it a 20/20 score & Editors Choice Award. 'The release of Transgaming's newest version of WineX, renamed Cedega, was met with considerable enthusiasm and interest in the Linux community last week. So much so that their server was inaccessible the day of release. Cedega is claimed to be much improved, offering the ability to play recent games released for Windows 'seamlessly and transparently' under Linux. They provided me with a copy, and I was curious to see if it lived up to the hype.'
Link
- posted by mlopes @ 4:53 AM 0 comments
Thursday, July 01, 2004
Building a Windows boot disk with BartPE
PEBuilder Home Page
Other Tools
- IPChange.exe: This is an IP tool that can reset an IP address without a reboot.
- Factory.exe: This is a Sysprep component that installs drivers after boot. Extract from the Windows Server 2003 install media (\support\tools\deploy.cab) or download the Windows Server 2003 Resource Kit and extract factory.exe from rktools.msi\Cabs.winrk.cab\deploy.cab.
- Netcfg.exe: This is the network configuration tool, and you can get it from the Windows Preinstallation Environment (Windows PE) 1.2, Windows XP SP1 OEM Preinstallation Kit (OPK), or from ERD Commander 2002.
If you don't have access to these files, you can download snetcfg_wxp.exe.
- Plug-ins for Bart's PE Builder
- Bootable Java CD
- PE-Builder Plugins
- Commercial version of BartPE: avast! BART CD
Article
- posted by mlopes @ 9:10 AM 0 comments
Thursday, June 24, 2004
Keep dyndns.org entries updated
DynDNS.org offers a free dynamic DNS service, and a number of clients
exist for Windows, Linux, and Mac OS X. One of the more stable Linux
clients is ez-ipupdate, a great tool that takes the IP address of your
system and sends the data to DynDNS.org to update the DNS record for
your particular host name (as chosen when you sign up).
Unfortunately, ez-ipupdate falls short when you're executing it from a
host that doesn't have the IP address you wish to set. For example,
let's say you have a LAN behind an external firewall appliance and want
to set your DynDNS.org host name to the IP address held by the
firewall.
Because most firewalls use network address translation (NAT), you can
work around this if you have a Web site where you can put a simple PHP
script. Place the following PHP script on a remote server, outside of
the LAN; we'll call it getaddress.php.
On your internal Linux machine, create a script that you'll run hourly
via cron. This script should contain the following:
#!/bin/sh
config="/etc/ez-ipupdate.conf"
current_ip='curl -sf http://externalhost/getaddress.php'
if [ "x$?" != "x0" ]; then
exit $?
fi
old_ip='grep address $config|sed s/address\=//g'
if [ "$current_ip" != "$old_ip" ]; then
perl -pi -e "s/$old_ip/$current_ip/g" $config
/etc/ez-ipupdate
fi
This script executes /etc/ez-ipupdate, which is the configuration file
and the runtime script for ez-ipupdate if the IP address returned by
the PHP script differs from the address currently in the
/etc/ez-ipupdate config file. Running this every hour will update your
DynDNS.org entry if your dynamic IP address changes.
- posted by mlopes @ 3:57 AM 0 comments
Powered by Blogger
