Generate SQL Injection attempts report with PHP - sql-injection

I have to generate a report that shows eventual SQL injection attempts.
I've seen many threads about this topic and I have a general understanding of the argument, but I've never done an actual report of the possible attempts.
I was thinking to save the queries that my app executes (through forms and other actions on the website) into a table on the DB and then scan this table and look for specific words (like Union, Drop and the likes) to see if there's something suspicious going on.
This way, I can then show the table and the suspicious activities on an admin panel on the app for a quick check of the activities.
Do you guys think this is a viable solution? What would you recommend to do otherwise?
Thanks.

Related

Inserting data in oracle apex (through a form into a table?)

When programming i usually do everything myself and recycle code when needed so for once i decided to try out a development platform to speed up the process so i picked oracle apex- only to find myself suffering with overchoice
Normally if wanted the user to give me some data id just make a form and the data just ends up on my database, not hard.
this isnt what i want to make, this is just for the sake of an example of the way one usually goes about this
another example
But now in oracle apex i dont even know if this is even the right way of asking end user to input data into a table, what should i do if -for example- i just want to make the user run some calculations and then store the results? Is there something specific that apex already has for this or do i do it myself normally
Any tutorials or the names of the functions i need to use would be helpful
I think maybe what you might want is Report with Form.
Its a setup the Page Wizard can make for you which is essentially exactly what you want. You select the table and columns, then it makes one page with a table of all entries, and you can click on an entry or click to make a new entry, and it opens up a form with the relevant page items which you input or edit, and then save.
Maybe a general APEX guide would be best for you since you are so new to it. Because if you know what is possible, then you might find different solutions to problems you have. I dont have a guide to recommend unfortunatelly, but I am sure you can find plenty on google, just make sure the version is correct, it doesent have to be for your exact version(there is a big difference pre 18 and post 18, less so with 19 and 20)
Yes, APEX can be a bit overwhelming in the beginning. Your question is very generic so it is hard to give you a detailed answer. In general, if you have the data in a single record, then a form is the way to go (easiest is to start with report and from). If you need to modify certain column data after user submit, you can do that in processes or computations before submit.
Feel free to ask a question with your specific business requirement - you're pretty sure to get an answer here.

How to trigger something in Snowflake

I want to trigger some SQL code just before some update in a table or just after the update in a table.
It seems like Triggers are not supported by Snowflake.
Any workaround will be appreciated.
Regards,
Neeraj
triggers are indeed not supported by Snowflake but you can simulate the behaviour by using streams and tasks combination:
https://docs.snowflake.net/manuals/user-guide/streams.html - streams are used to track the tables for changes
https://docs.snowflake.net/manuals/user-guide/tasks-intro.html - tasks are used to execute stored procedures
Snowflake appears to offer some really cool features so it's unfortunate that a basic tool of every dba I know is missing. Triggers are great for enforcing business rules upon the application developers.
I've been thinking about what might help cover all use cases - and I'm currently leaning toward moving all insert/update/delete processes to a Stored Procedures (best practice anyway?) - then build the "trigger" activity directly in the SP. I dislike that this buries the events but I think it will get the job done. I also dislike that the number of SP's could grow out of hand.
Now I need to dig deeper to make sure the capability of column level data detection is an option. and/or can I chain SP's for code reuse. If chaining works, then put the trigger logic in it's own SP.
Work around at best - but need to think outside the box.

Making User Interface smart in eclipse based applications

I am currently developing a desktop application based on eclipse.
Currently the user needs to perform many redundant actions like doing step A in View 1 then doing step B in View 2 then repeat. I am wondering if anybody knows a solution that records/recommends user actions in eclipse based applications.
Maybe based on the history much like the web based solutions.
Any help would be good.
Thanks.
1)
Do you want to record the user clicks (actions)?
If so eclipse provides a Location tracker, so you can analyse the use cases from the field.
OperationHistoryActionHandler
2)
Do you want to have a smarter way the user uses your tool?
Think about using Wizards. in a Wizard you can have a defined number of execution steps. The user does not need to search some button in a view.
With a Wizard a specific execution flow is very clean and good to understand.
3)
As Jonah mentioned you can use cheatsheets as well.
We once did something similar, where we had a rather big user interface that had heaps and heaps and heaps of different functionalities. Our solution was this:
We abstracted all actions into commands. They were all implemented in a way that they can be cascaded, undone, redone etc. See for example IUndoableOperation
The commands had conditions that made it easy to decide if one could combine these commands.
All commands have an ID and can be easily identified
We then continued to integrate our own run configurations. We added a UI that gave the user the option to cascade multiple commands into one big one. For example, A user wanted to create a new file, apply a template, generate some graphs, export them into a given location etc, the user would create a run configuration adding those commands together.
That way we kept the UI comprehensive but gave the expert user the ability to create their own workflow based on what they do every day.
Our users liked that quite a bit.

Deciding which web app framework to use for an R user

I am a frequent R user (the very first program I turn on everyday when I back to office is RStudio and I spend >50% of time using R to do manipulation, tabulation and visualization of data). Sometimes I need to get involved in the data collection process of various research project, that is I need to develop a database with frontend to facilitate a clerk, or someone with little sense in programming/database to do the data entry job.
Since most of the data collection process involve manually inputting a questionnaire with more than 50 questions (100 - 200 columns when they presented as a spreadsheet), and there are relationship between different questionnaire (e.g. questionnaire A collect information from a shop, and questionnaire B collect information from the staff inside that shop), initially I use Access 2007 for the development. Access 2007 does the job, but only fairly.
My major complain on Access 2007 is as follow:
developing the front-end is painful: after using R for long, I really hate using mouse to drag and drop boxes, and enabling some certain functions of a checkbox
fair/poor multi-user support in my opinion: if I am the only one who use the Access 2007 program, I am fine with it, but things start to change now, we have multi-user logon to add/update/remove data at the same time, since the database is developed by someone else, I always fear that the data may get corrupted
keep "reinventing the wheel": the database developer build the user login module in Access 2007 all by himself, but should this be something of a standard that I can get it from somewhere?
auto-compress the database and the database is VANISHED: yes, I do mean vanished, I tried it once, and it freaks me out, now I backup the access database all the time
In summary, I lost faith in Access 2007 to build a decent database for several staff (at most 20) to do the data entry/query work. So I turn to other options.
I am thinking of something like a "web-based" replace of Access 2007, xataface comes to me at first, but it doesn't seem like a complete solution for me, it can fix some of my problem now, but may not be so for other problems.
Then I googled quite a bit: xataface -> nuBuilder -> Drupal -> Web Application Framework. Since I don't find an exact alternative for Access 2007. I guess Web Application Framework is a way out.
In the Web Application Framework domain, I come across many names: CakePHP, RoR, Django, since I am not exactly a program/database/web developer, and I know nothing about PHP, Python, Ruby. I don't know which one I should choose. Or should I learn the language before go to the framework?
Can anyone enlighten me here? I can provide additional information if needed. Thanks.
Try looking into VFront and nuBuilder. These allow you to build front ends to MySQL databases (i.e. forms, reports, etc.).

How to implement a search system in a database for an iphone application

This is pretty wide question, but I'm hoping to get a push in the right direction (technologies and methodology).
Ok, I have an iphone app (which I am developing) that works with a web service (c#) through http requests. The web service connects to the underlying database, extracts the necessary data depending on the request and feeds it back to the application.
Now, I need to implement a search system in the app. The user searches for some words, and I need to provide the most relevant results. The search must be performed on different tables in the database. Each table can be searched in a number of columns. For example, when searching through the people table I need to search in the first name, lastname, company, and other fields. Other tables have other important columns.
I have so many questions that I don't even know where to start.
How do I make my sql queries to make the search, but still be fast enough. Do I need to make some extra tables with indexed content somehow?
How should I add relevance factor to the results so I can ultimately filter only the most relevant results? For example, if an user searches for Smith, maybe there is a person named Smith or even a Company. They should be displayed before any other content that can have smith in the description.
I know the question is a little vague/wide but I can explain more if somebody desires.
Thank you
This kind of depends on which language/rdbms you are using on your server. You might checkout various DB search solutions like Sphinx which will do all of that indexing for you and provide a simple Search API. Sphinx for example allows you to prioritize columns, define character mappings (ß->s, ä->a) etc.
In the end I have decided to use Lucene. It's a wonderful piece of technology and even if I had some doubts in the beginning, after reading 3/4 of the book called "Lucene in Action" it was clear to me that it had everything I needed (and much more).
I know it's not a fully-functional searching system (with all the elements needed), but merely a library handling the core of a search system. It will need some work to integrate it with my application/webservice/database. I will let you know how it goes :)
Thanks for your input!