Why Indian students are disliked abroad?
August 21st, 2010 | 
Author: It was the first day of a school in USA and a new Indian student named Chandrasekhar Subramanian entered the fourth grade.
The teacher said, “Let’s begin by reviewing some American History. Who said ‘Give me Liberty , or give me Death’?”
She saw a sea of blank faces, except for Chandrasekhar, who had his hand up:?’Patrick Henry, 1775′he said.
‘Very good! Who said ‘Government of the People, by the People, for the People, shall not perish from the Earth?”
Again, no response except from Chandrasekhar. ‘Abraham Lincoln, 1863′ said Chandrasekhar.
The teacher snapped at the class, ‘Class, you should be ashamed. Chandrasekhar, who is new to our country, knows more about our history than you do.’
She heard a loud whisper: ‘F*** the Indians,’
‘Who said that?’ she demanded. Chandrasekhar put his hand up. ‘General Custer, 1862.’
At that point, a student in the back said, ‘I’m gonna puke.’
The teacher glares around and asks ‘All right! Now, who said that?’ Again, Chandrasekhar says, ‘George Bush to the Japanese Prime Minister, 1991.’
Now furious, another student yells, ‘Oh yeah? Suck this!’
Chandrasekhar jumps out of his chair waving his hand and shouts to the teacher, ‘Bill Clinton, to Monica Lewinsky, 1997′
Now with almost mob hysteria someone said ‘You little shit. If you say anything else, I’ll kill you.’ Chandrasekhar frantically yells at the top of his voice, ‘ Michael Jackson to the child witnesses testifying against him, 2004.’
The teacher fainted. And as the class gathered around the teacher on the floor, someone said, ‘Oh shit, we’re screwed!’ And Chandrasekhar said quietly, ‘I think it was Lehmann Brothers, November 4th, 2008′.
Source: http://www.facebook.com/note.php?note_id=442066614415&id=537001362
Posted in 
Tags: 
वो कहती है
वो कहती है
सुनो जाना, मुहब्बत मोम का घर है,
तपेशी बदगुमानी की, कही पिघला न दे इसको,
मैं कहता हूँ कि जिस दिल में, ज़रा भी बदगुमानी हो,
वहां कुछ और हो तो हो, मोहब्बत हो नहीं सकती,
वो कहती है,
सदा ऐसे ही, क्या तुम मुझको चाहोगे,
कि मैं इसमें कमी बिलकुल गंवारा कर नहीं सकती,
मैं कहता हूँ मुहब्बत क्या है,ये तुमने सिखाया है,
मुझे तुमसे मुहब्बत के सिवा कुछ भी नहीं आता,
वो कहती है,
जुदाई से बहुत डरता है मेरा दिल,
कि खुद को तुमसे हट कर देखना, मुमकिन नहीं है अब,
मैं कहता हूँ यही खाद्शे, बहुत मुझको सताते है,
मगर सच है मुहब्बत में, जुदाई साथ चलती है,
वो कहती है,
बताओ क्या, मेरे बिन जी सकोगे तुम,
मेरी बातें, मेरी यादें, मेरी आंखें भुला दोगे,
मैं कहता हूँ कभी इस बात पर सोचा नहीं मेने,
अगर इक पल को भी सोचूं तो सांसे रुकने लगती है,
वो कहती है,
तुम्हे मुझसे, मुहब्बत इस कदर क्यूँ है,
कि मैं एक आम सी लड़की, तुम्हे क्यूँ खास लगती हूँ,
मैं कहता हूँ, कभी खुद को मेरी आँखों से तुम देखो,
मेरी दीवानगी क्यूँ है, ये खुद ही जान जाओगी,
वो कहती है,
मुझे वारिफ्तगी से देखते क्यूँ हो,
कि मैं खुद को बहुत ही कीमती महसूस करती हूँ,
मैं कहता हूँ मताए जाँ, बहुत अनमोल होती है,
तुम्हे जब देखता हूँ, ज़िन्दगी महसूस करता हूँ,
वो कहती है,
मुझे अलफ़ाज़ के जुगनू नहीं मिलते,
तुम्हे बतला सकूँ दिल में मेरे कितनी मुहब्बत है,
मैं कहता हूँ मुहब्बत तो निगाहों से छलकती है,
तुम्हारी ख़ामोशी मुझसे, तुम्हारी बात करती है,
वो कहती है,
बताओ ना, किसे खोने से डरते हो,
बताओ कौन है वो जिसको ये मौसम बुलाते हैं,
मैं कहता हूँ ये मेरी शायरी है आइना दिल का,
ज़रा देखो, बताओ क्या तुम्हे इसमें नज़र आया,
वो कहती है,
कि आतिफ जी, बहुत बाते बनाते हो,
मगर सच है, कि ये बातें बहुत ही शाद रखते हैं,
मैं कहता हूँ, ये सब बाते, फ़साने, एक बहाना है,
कि पल कुछ जिंदगानी के,तुम्हारे साथ कट जाये,
फिर उसके बाद ख़ामोशी का दिलकश रक्स होता है,
निगाहें भूलती हैं और लब खामोश रहते हैं,
Recover GRUB After Windows Installation
You will need a Live CD to recover GRUB after windows installation. I assume that you are going to recover an UBUNTU Box. Boot the Live CD and go to the terminal. And continue by entering:
$ sudo fdisk -l
This will ask your password, just enter it and press enter key. It will give you output like this:
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 102400 7 HPFS/NTFS
Partition 1 does not end on cylinder boundary.
/dev/sda2 13 6768 54256640 7 HPFS/NTFS
/dev/sda3 6768 38913 258207585 f W95 Ext’d (LBA)
/dev/sda5 6768 9318 20480000 83 Linux
/dev/sda6 22372 38913 132873583+ 7 HPFS/NTFS
/dev/sda7 9319 22371 104848191 7 HPFS/NTFS
Now i will mount Linux (sda5 here), i have no external boot partition as you can see.(IF YOU HAVE external one, do not forget to mount it! )
$sudo mount /dev/sda5 /mnt
$sudo mount --bind /dev /mnt/dev
$sudo mount --bind /proc /mnt/proc
Now chroot into the enviroment we made :
$sudo chroot /mnt
After chrooting, you do not need to add sudo before your commands because from now, you will run commands as root.
You may want to edit /etc/default/grub file to fit your system (timeout options etc)
#nano -w /etc/default/grub
Play with the options if you want.(But do not forget to give grub-update command if you saved it 
)
Now install/recover Grub2 via :
#grub-install /dev/sda
command.However you may get errors with that code like me.If so please use this command :
#grub-install --recheck /dev/sda
Now you can exit the chroot, umount the system and reboot your box :
#exit
$sudo umount /mnt/dev
$sudo umount /mnt/proc
$sudo umount /mnt
$sudo reboot
Source: http://www.ubuntu-inside.me/2009/06/howto-recover-grub2-after-windows.html
Trace Mobile Number Location & Operator in India
Several times we need to trace the mobile number’s location and operator for various reasons.
If you are one of them then this tool will help you.
Just click HERE.
परीक्षा
इतिहास परीक्षा थी उस दिन डर से हृदय धड़कता था,
जबसे जागा सुबह तभी से बाया नयन फड़कता था,
जो उत्तर मैंने याद किये उसमे भी आधे याद हुवे,
वो भी स्कूल पहुँचने तक यादों में ही बर्बाद हुवे,
जो सीट दिखाई दी खाली उस पर जाकर मैं बैठा,
था एक निरीक्षक कमरे में वो आया झल्लाया ऐंठा,
रे रे तेरा ध्यान किधर तू क्यों कर के आया देरी है,
तू यहाँ कहा पर आ बैठा उठ जा यह कुर्सी मेरी है,
मैं उचका एक उचक्के सा, मुझमे सीटों में मैच हुआ,
चकरा टकरा कर कहीं एक कुर्सी द्वारा ही कैच हुआ,
पर्चे पर मेरी नजर पड़ी तो सारा बदन पसीना था,
फिर भी पर्चे से डरा नहीं वो मेरा ही तो सीना था,
पर्चे के बरगद पर मैंने बस कलम कुल्हाड़ा दे मारा,
घंटे भर के भीतर ही कर डाला प्रश्नों का वारा न्यारा,
बाबर था अकबर का बेटा जो वायुयान से आया था,
उसने ही तो हिंद महासागर को अमरीका से मंगवाया था,
गौतम जो जाकर बुध हुए वो गाँधी जी के चेले थे,
दोनों ही बचपन में नेहरु के संग आंख मिचोनी खेले थे,
होटल का मेनेजर था अशोक, जो ताजमहल में रहता था,
ओ अंग्रेजो भारत छोड़ो, वो लाल किले से कहता था,
सबको झांसा दे जाती थी ऐसी थी झाँसी की रानी,
अक्सर अशोक के होटल में खाया करती थी बिरयानी,
ऐसे ही चुन चुन कर मैंने प्रश्नों के पापड़ बेल दिए,
उत्तर के ऊँचे पहाड़ को टीचर की ओर धकेल दिए,
टीचर जी बेचारे इतनी ऊँचाई कैसे चढ़ पाते,
लाचार पुराने चश्मे से इतिहास नया क्या पढ़ पाते,
ऐसे ही मेरे इतिहासों का भूगोल हुआ,
ऐसे में फिर होना क्या था?
मेरा तो नंबर गोल हुआ…
Rahul and Parul
Parul, a 25-year old workaholic who is working in a software firm. Parul’s came to office at 9 or 10 in the morning and left at 11 or 12 at night. Even on weekends she would come down to office. She had no social life, no friends. The only people she use to be with were her project mates. But there was no assurance that she would be having her lunch or tea with them. Basically she was all a loner. There was no love life in her life and she had no time for love. All her time was devoted to work.
Rahul, use to be a workaholic like Parul 2 years back. But now things had changed. He was no more workaholic but still he use to stay in office. Office had become home for him.
One night while Parul was all alone and working at the office a mail popped up in her mailbox. The name of the sender was Rahul Mehra. She had not met him, never heard about him. Just out of curiosity she checked his mail. The content of the mail was
Hi Parul,
I see you every night sitting in the office till very late. Don’t you have friends? Don’t you feel like talking to your roommate? You should not sit very late in the office. this is a genuine advice from me.
Thanks and Regards,
Rahul Mehra
After reading the mail, Parul was very angry on the sender. She simply deleted the mail and said to herself “who is he to give me any advice?” She again got back to her work. After that night, every night Rahul would keep sending her mails and Parul would simply delete them without even reading the content of the mail. But one fine night the subject line attracted her and she had to open the mail. The subject line of the mail was “Hi Gorgeous”
Hi Gorgeous,
Yes today you are looking very gorgeous in this red saree. I know you don’t read my mails as you don’t like the advices I give you. So today I wont give you any advice, I will just say that I am love with you. You know you are very beautiful and if you take care of yourself many men will fall in love with you. I am sure someday you will also fall in love with me. And then we will go out for a date. Oh before I end the mail I must tell you that the best thing about is that smile. Or is it those intense which needs some sleep at the moment. Take care dear.
Love you.
Rahul Mehra.
After reading the mail she was shocked. A person she had never met, never seen, never spoke to was saying that he was in love with her. She started thinking was this always in his mind. How did he get her id? Where had he seen her? Many questions like this came in her mind. Finally she thought of giving a warning and replied to his mail.
Hi Rahul,
I don’t want to spoil your career but if you don’t stop sending me mails I will raise an ASHI against you. I hope you know what ASHI is. If not let me tell you it’s an Anti-Sexual Harassment Policy. The way you have written the mail comes under this policy. I don’t know you and you don’t know me so you don’t have the right to write such a mail to me.
Thanks and Regards,
Parul Jain
After this mail, the mails from Rahul stopped coming in Parul’s inbox. She thought that finally Rahul has got scared and wont be mailing her again. After several nights, Parul was resting on her chair and her eyes closed. When she opened her eyes she saw Rahul’s mail in her mailbox.
Hi Gorgeous,
With your closed eyes you were dreaming about me, right? Oh sorry for not sending any mails in the last few days. I was a little busy. I am sure you would have missed me a lot. One more thing before I forget I want to say that I am not scared of ASHI. An ASHI cant be a reason to stop loving you.
Love you.
Rahul Mehra
Parul was twisting her hair and putting them behind her ears. At that moment itself another mail came from Rahul, Now stop playing with your hair and leave the office. It is very late. Love you. Rahul Mehra Parul was shocked as to how did this person know what she was doing on her desk. She got up to check whether anyone was there in her floor but could find only empty cubicles. She thought maybe he made a wild guess and decided to leave the office. before leaving she saw another mail from Rahul.
Hi Parul,
Searching for me??? You have started falling in love with me.
Love you.
Rahul Mehra
Parul was shocked and scared to hell. She simply switched off her machine and ran outside the office. in the next few days she would not open any mails sent by Rahul. One night a mail with subject line “Don’t be scared of me” came to her mailbox. First she thought to ignore the mail then she thought lets see what has Rahul written this time.
Hi Parul,
Don’t be scared of me. I can say that you are scared of me because of the way you ran out from the office the last time you read my mail. I know few minutes back you had gone to have coffee. You are thinking how I know this because I can feel you around me. Only once you also start feeling me you will know that I am near to you. Very near. Just sitting next to you. I will wait for the night when you start having the same feelings for me.
Will always love you.
Rahul Mehra
Now Parul started thinking was Rahul really in love with her? What he was saying was it true? But how could he know so much about her? How could he say what she was doing and what not? Parul thought lets give a try and see whether Rahul is always in love with her or not. From that night she also started replying to his mail.
Hi Parul,
Do you feel bad if I call you gorgeous?
Love you.
Rahul Mehra
Parul’s reply:
Yes Rahul. I don’t like this word. You can address me as Parul, isn’t it short and simple. and I love my name a lot.
Thanks and Regards,
Parul Jain
Rahul’s reply:
Point noted Parul. But when I am happy, excited I would call you with some special name at that time. Tomorrow you have your certification so all the best for that.
Love you.
Parul was again shocked as to how does he know about her certification. She had never told him. She replied
Rahul,
Who is the person who is giving you details about me? I had not told you about my certification how do you know it?
Thanks and regards,
Parul Jain
Rahul replied back to her
I know it because I in front of you. Cant you see me? Cant you feel me close to you? I also know that after 3 days you have your appraisal. Now this you have not told anyone. Just your PM knows about it. Do you think your PM will give me all these details?
Love you.
Rahul Mehra
Parul not sure of the answer. She knew her PM would not have told Rahul all this but how did Rahul know so much about her was a mystery for her. Finally she thought she will talk to her PM, Rohan. Next day, she went to her PM’s desk.
Parul: “Hi Rohan. I wanted to ask you something”.
Rohan: “Sure Parul. Are you having any issues?”
Parul: “No. actually I wanted to know about a person named Rahul Mehra.”
Rohan was shocked on hearing that name.
Rohan: “How did you come across this name. Has anyone told you about him?”
Parul: “No one has said anything to me about him. Few days back he started sending me e-mails. First I ignored but then he would give such details which I did just few minutes back. He even knows my appraisal date.”
Rohan: “Are you sure you got mails from Rahul Mehra only?”
Parul: “Yes very much. But why do you looked shock?”
Rohan: “Because Rahul Mehra died 2 years back. He use to sit at the same place where you are sitting. How can a dead person send mails to you.”
Parul: “Now don’t try to scare me that a ghost is sending a mail.”
Rohan: “I am not saying that a ghost is sending you a mail, maybe there could be someone named Rahul Mehra. I am just saying that in our project there use to be a guy named Rahul Mehra who is dead now. BTW you can try finding his name in the telephone directory. Maybe someone told you about him and because of work stress you started imagining that he is sending you mails.”
Parul: “I am not imagining anything. He has really send me a mail. I can show you in my mailbox.”
Rohan: “Okay Parul I believe you but still I think you should take a break and go home.”
Parul did a search on telephone directory for a name with Rahul Mehra and page returned no records. She again checked the mail id and employee number details. She did a search many times that day by putting various combinations but the search page displayed the same message “No matches found for the given search criteria”. She could not believe that someone could hack the system and send mails to her from a non-existing id. She attached the mails sent by Rahul and sent it to Rohan as a proof that she was not dreaming. On seeing the attached mails even Rohan was in shock. He came to Parul’s desk.
Rohan: “I think by mistake his id has not been deleted and someone who knows about it is playing with it.”
Parul: “But I checked the details on telephone directory there are no records available for this id.”
Rohan: “Talk to the CCD people and see what they have to say.”
She called up the CCD people. They took control over her system and looked at the mail sent by Rahul Mehra. The mail was sent from the same computer which Parul was using. The time stamp at which the mails were sent Parul had logged in. Also there was no evidence that a remote desktop connection was made or mail was sent through web mail. Even the CCD people were clueless as to how a mail has been sent from a non-existing id and from Parul’s system itself. There were no viruses or torjans or any other kind of threats on Parul’s system. Her anti-virus was upto date. The whole day was gone in finding a loophole as to how did Parul get such a mail in her mailbox. Parul was tierd from the day’s happening and so she decided to leave early from the office that day. The next day when Parul came back, she saw a mail from Rahul Mehra. She didn’t know whether she should delete that mail or read that mail. She was scared to open the mail. Somehow she gained some courage and opened the mail. The context of the mail was:
Hi Parul,
Good to see that you left the office early tonight. I know Rohan told you about my death. I was also a workaholic like you. I would sit late in the office, even when no one was around me. I just being at office. I had no friends, no social life. Even on weekends I would use to come to office. I missed all the fun in my life. Even my death happened at office while I was working. My dead body was found by the house keeping guy and the security guard at the reception. I took a lot of work stress which my conscious mind could not bear that day. I ignored all the health problems I was having. And finally on that night (20. 10. 07, 11:24 PM) all these reasons became responsible for my death. Now you know why I am not scared of ASHI. But yes if I was alive then also I wont be scared of ASHI because I have really fallen in love with you but we cant be together until your death. Now the choice is yours whether you will kill yourself on your own or whether I need to do the honors. Waiting for your death.
Love you always.
Rahul Mehra
Parul was not ready to believe that a ghost was sending her mails. She replied back to his mail
So Rahul do you think I am some foolish girl who will believe in your story. Maybe you are smart but I am also stupid to believe that a ghost is sending me mails. Your story is nice but I am not ready to believe this non-sense. You want to kill me then go ahead and kill me. I know you are someone who can hack system very smartly. I will make sure to try finding you.
Thanks and Regards,
Parul Jain
Just after this mail her extn started ringing. She picked up the phone and at the other end the voice said.
“Hello Parul, this is Rahul Mehra who has been sending you the mails. So you think I am not dead. So can real person make your PC blink?”
Parul’s PC started blinking.
“Rahul these all are childish tricks. Now the light above me will be start flickering. Don’t bother me and find some other dumb girl. Suddenly Parul felt something crawling over her feet. It was an earth worm moving on her feet. Then the floor tile below her started cracking and she felt like someone was pulling her leg; pulling her down; pulling her inside the tiles. She also felt that her hands are tied.
Rahul at the other end said: “So Parul could a real person do all this. Or could spiders start moving your body? So you wish to die and I will fulfill your wish. I love you and I will fulfill all your wishes.”
Parul didn’t believe in ghosts but what was happening with her was not normal. The spiders moving on her face and when she was trying to move her hands to remove them she was not able to move her hand. Someone was tickling her on her stomach but she could not see anyone. Finally Parul had to believe that Rahul was a ghost.
Parul started screaming: “Please stop it. I don’t want to die. Please this is a request.”
People around Parul could not understand why she was shouting; they thought maybe she heard something bad on phone. Things became normal but at the other end Rahul said: “Parul you will have to die whether you wish it or not. You have time till your death so enjoy your life till then.
P.S : Luv can happen to anyone. He/She can be rich,poor, cool,hot,ugly,beautiful,dumb, intelligent….etc etc. Utmost even GHOSTS can feel it!!!!!! so next time beware!!!!!
Source: itznik.wordpress.com
Adhure Khat
Use maine hi likha tha
k lehjay barf ho jayen to phir pighla nahi kartey,
parindey darr k ud jayen to phr lauta nahi kartey,
usy maine he likha tha,
yaqeen uth jaye to shayad kabi wapas nahi ata
hawaon ka koi tufan kabi barish nahi lata,
use maine he likha tha
k shesha toot jaye to kabi phir jud nahi pata,
jo rasty se bhatak jaye wo wapis mud nahi pata,
usy kehna wo adhora khat,
usy maine he likha tha
use kahna k Dewane,
mukammal khat nahi likhty…
—Alisha
Adhi Raat Aur Mein
Chup galiyan band darwaje
Adhi raat aur mein,
Sard hawa ke jhonke lamba rasta
Adhi raat aur mein,
Piche sath gujarne wale mausam ki sadayen
Samne hai ek dard ka sehra
Adhi raat aur mein,
Beete samay ki jheel pe baithe kab se hum
dekh rahe hain chehra apna
Adhi raat aur mein,
kitne dard sahe aur jane kitni baar mare
fir bhi dono ab tak zinda
Adhi raat aur mein…
—Alisha
SQL Injection Prevention
One of the things that most scared me when creating database driven applications with PHP was the thought of someone messing with my database by using SQL injection attacks. I had heard about this from various times before thanks to other sites, but didn’t really know what it meant or what harm it could cause. In this article, I hope to enlighten you.
The content and/or the techniques used in this post may be out of date. Because of this, please take extra care when using the content. If in doubt, please contact an administrator.
Knowledge Required
- Basic knowledge of using SQL databases with PHP.
- Knowledge of how the $_GET or $_POST global array is used in constructing SQL statements.
What is an SQL injection attack?
When you visited a page like http://example.com/page.php?id=101 an SQL statement like the following was constructed.
SELECT * FROM sometable WHERE ID = ‘101′;
As you most likely know, this pulls the record from the database where the ID field is equal to 101. There is nothing insecure about that statement and it will work perfectly fine. You can change the value on the end of the URL to modify the query and pull the new data from the database. Ah, there’s your problem, in that last sentence. The part that said that you could change a value and it would modify the query. Now thats fine if you’re simply changing it to another post number, but what if someone malicious decided to put something else in there? What happens if they replace it with the following text (notice the apostrophe): 114′ ; bad stuff here ‘23? That would then make the query look like the following.
SELECT * FROM sometable WHERE ID = ‘yaywoo’; bad stuff here ‘23′;
Whats happened there is that we’ve closed the string yaywoo by placing an apostrophe there. This allows us to enter any other SQL statements we like (think DROP TABLE). Obviously this is a large problem as we can’t have our users free to delete our tables. The way we prevent this is by running a few “filters” on the string that is passed in through the $_GET array.
How do I prevent them?
Preventing them is actually very simple, all you need to do is to “filter” and validate the input that the user has given us. Remember, you should never trust your users. If you keep that in mind when developing your applications, you’ll be just fine (also assuming you know how to prevent them, which I will get on to). Its annoying how easy it is to prevent them, yet so many people are still coming home to see that their tables have been deleted, or their sites been spammed with lots of new pages or something. If you have just started developing using databases, you’re probably quite familiar with seeing the following type of code.
//Connect to the database
$dbh = mysql_connect(‘localhost’, ‘root’, ‘password’);
//Select the database
mysql_select_db(‘content’, $dbh);
//Construct the query
$SQL = “SELECT * FROM sometable WHERE ID = ‘”.$_GET['id'].”‘”;
//Send the query and grab the result set
$result = mysql_query($SQL, $dbh) OR die(mysql_error($dbh));
$items = mysql_fetch_array($result);
//Just show the array quickly
print_r($items);
//Close the connection to the database
mysql_close($dbh);
The problem with this code is that the $_GET value ‘id’ has no filtering or sanitising before it goes into the query, as shown earlier. What we need to do is make sure that the data entered is going to be safe to enter the database. We can do this by using the following few methods.
Using mysql_real_escape_string();
This is the best way to prevent nasty characters entering the database. What this does is search through the string and prepends a backslash to the following: \x00, \n, \r, \, ‘, ” and \x1a. Adding a backslash makes MySQL treat the character after it as a comment and therefore will ignore it. You can use this function like this:
//Database connection has already been made previously.
$id = mysql_real_escape_string($_GET['id']);
//Construct the query
$SQL = “SELECT * FROM sometable WHERE ID = ‘”.$id.”‘”;
//Send the query and close the connection to the database
By always using this, you’re pretty much safe from SQL injection attacks. Theres also one other thing that you need to do. If you are in a situation where say, you added some article text to the database and used mysql_real_escape_string() on it when it was entered, when you grab it out of the database to display again, it will have backslashes in front of all the quotation marks that might be in it. This is pretty annoying to read, so you might want to remove the slashes just before displaying them. You can do this by using a function called stripslashes()
//Database connection has already been made previously.
$id = mysql_real_escape_string($_GET['id']);
//Construct the query
$SQL = “SELECT * FROM sometable WHERE ID = ‘”.$id.”‘”;
//Send the query and fetch the results
$result = mysql_query($SQL);
//Cycle through the posts in the database and echo the titles.
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
//Strip the slashes from the r
esult
$postTitle = stripslashes($row['postTitle']);
echo ‘Post Title: ‘ .$postTitle;
}
//Free the result set from the memory
mysql_free_result($result);
//Close the database
Important note!
There could be a problem with using this function if your host has enabled something called get_magic_quotes_gpc(). What this does is automatically escape quotes and backslashes from all $_POST and $_GET data. This causes a problem, as when you run it through mysql_real_escape_string(), it will cause the backslahes put in by magic quotes to be escaped again. We don’t want this. What we have to do is check if this babysitting function is turned on, and if it is, use the stripslashes() function that we met earlier to remove the slashes added by get_magic_quotes_gpc(). You can do this by using the following code:
//Database connection has already been made previously.
//Grab the data from the $_GET array
$id = $_GET['id'];
//Check to see if magic quotes is enabled, and if it is, strip the slashes added by it.
if (get_magic_quotes_gpc()) { $id = stripslashes($id); }
$id = mysql_real_escape_string($id);
//Construct the query
$SQL = “SELECT * FROM posts WHERE postID = ‘”.$id.”‘”;
//Send the query and fetch the results
$result = mysql_query($SQL);
//Close the database
Numeric validation
Its good practice to check if the type of data being entered is the type of data that you want, this can prevent attacks happening in the first place, before the query is even built. There are certain functions in PHP that can help with this. Ok first example, say that you’re passing the article ID number in to grab the article from the database. It is pretty obvious that you are only ever going to have numeric data being entered, so why not limit the data only to numeric. You can do this by using the following code:
//Database connection has already been made previously.
//Grab the data from the $_GET array
$id = $_GET['id'];
//Check to see if it is not numeric (the ! mark inverts the)
if (!is_numeric($id)) { die(‘Please do not modify the article ID’); }
//Construct the query
$SQL = “SELECT * FROM sometable WHERE ID = ‘”.$id.”‘;”;
//Send the query and fetch the results
$result = mysql_query($SQL);
//Close the database
There are many other validation checks like this. Here are others you can use:
is_ array
is_ bool
is_ callable
is_ double
is_ float
is_ int
is_ integer
is_ long
is_ null
is_ numeric
is_ object
is_ real
is_ resource
is_ scalar
is_ string
isset
After looking at this list, it would have probably been a better choice to use is_integer() rather than is_numeric() as the article ID will never be a decimal number (at least I hope not). It is always a good idea to validate user input like this as well as securing the data.
Length Validation
Checking the length of the data is a quick and easy way of telling whether the user is genuine or not and can prevent you sending the query to the database just to receive an error. There are two main ways of doing this task, and it depends on the data type. If you have text data (strings) then you need to check the length of the string (the amount of characters in it), whereas with numbers, you can check whether they are in a certain valid range. To find the length of string you can do the following:
//Database connection has already been made previously.
//Grab the data from the $_GET array
$username = $_GET['username'];
//Get the length of the string
$length = strlen($username);
//Check that the string length is within a valid range (5 to 25 characters, I’m validating a username).
if ($length < 5 || $length > 25) { die(‘Please enter a username between 5 and 25 characters long’); }
//Construct the query
$SQL = “SELECT * FROM users WHERE username = ‘”.$username.”‘”;
//Send the query and fetch the results
$result = mysql_query($SQL);
//Close the database
It is a quicker process to validate numeric input. In this example, I am validating that an article ID is between 1 and 10,000.
//Database connection is present
//Get the id from the $_GET array
$id = $_GET['id'];
//Validate between the ranges 1 and 10,00
if ($id < 1 || $id > 10000) { die(‘Please enter a valid artile ID’) }
//Construct the query
$SQL = “SELECT * FROM sometable WHERE ID = ‘”.$id.”‘”;
//Close the connection to the database
One thing more i want to discuss here is that if you have te take text input do convert following symbols as follows:
|
&
|
&
|
|
<
|
<
|
|
>
|
>
|
|
“
|
"
|
|
‘
|
'
|
|
(
|
(
|
|
)
|
)
|
|
#
|
#
|
|
%
|
%
|
|
+
|
+
|
|
-
|
-
|
|
;
|
;
|
Putting it all together
Ok, so I’m going to oversecure a query to the database that selects an article by using the given article ID. Here is the code.
//Database connection is present
//Make sure that the id is actually given
if (isset($_GET['id']))
{ $id = $_GET['id']; }
else { die(‘Please provide an article ID’); }
//Make sure that its an integer
if (is_integer($id)) { die(‘Please enter a valid article ID’) }
//Validate that its in between the ranges 1 and 10,000
if ($id < 1 || $id > 10000) { die(‘Please enter a valid artile ID’) }
//Construct the query
$SQL = “SELECT * FROM posts WHERE postID = ‘”.$id.”‘”;
//Send the query and close the connection to the database
This next one will validate a username before its entered into the database.
//Database connection is present
//Make sure that the id is actually given
if (isset($_GET['username'])) { $username = $_GET['username']; }
else { die(‘Please provide a username’); }
//Get the length of the username
$length = strlen($username);
//Validate
t < 3 || $length > 20)
{ die(‘Please enter a username between 3 and 20 characters long’) }
//Make sure that its safe to enter the database.
$username = mysql_real_escape_string($username);
//Construct the query
$SQL = “SELECT * FROM username WHERE username = ‘”.$username.”‘”;
//Show the username
echo ‘Username: ‘.stripslashes($username);
Conclusion
A few things to remember about securing data for entering into an SQL query.
Never trust your users
Always validate input and if necessary, output
On a production server, never show the SQL query when an error occurs, this will give the cracker the advantage.
eCafeChat: Posting Scrap Becomes Faster
Scrapbook is one of the most popular features on eCafeChat and a personal favorite of mine. For me, scrapping is the basic way to be in touch with my friends. Now sending and replying a scrap has become much more easier and faster. There is no need to go to the scrapbook of your friend to reply a new scrap. Unfortunately this feature is not available for the mobile browsers as most of the mobile browser do not support this.