Archive for the ‘SQL’ Category

MySQL query that find duplicates…

Tuesday, April 7th, 2009

SELECT `url`, count(*) as `n`
FROM `table_name`
GROUP BY `url`
HAVING `n` > 1
ORDER BY `n` DESC

Grin

Posted in SQL | No Comments »

SQL

Thursday, May 1st, 2008

%2527 trick …
No. zakaj gre pri %2527 Triku ? Če imamo kakšno preverjanje tega kar nam pošlje uporabnik (POST, GET, ..) in iščemo enojni narekovaj, lahko s tem v določenih primerih “pridemo mimo”.

Če spustimo skozi, urldecode za string %2527 dobimo %27 in če gre urldecode še enkrat skozi dobimo enojni narekovaj, dalje pa vemo kako in kaj … Smile .

Še nekaj povezav …
sql injection by Rsnake
sql injection by Justin Shattuck
sql injection by …
MySQL cheat sheets

in pa …
mysql_real_escape_string
mysql-inputoutput-validation

Tags: ,
Posted in SQL | No Comments »