Tag Archives: mysql

A potentially dangerous Request.Form value was detected from the client

Have you ever experience the following error in ASP .NET?

A potentially dangerous Request.Form value was detected from the client 

Then you are one like me. Then you should now that one of the values of your elements (<inputs> or <button> or <textarea>) has html elements on it. Example is bellow:

<input type=’text’ name=’content’ value='<script language=”javascript”>alert(“Hello World!”);</script>’/>

Then you should also know that this error is persisting because the values given above might be an XSS attack. If you are sure that you want to accept this type of values on your dabatase you may explicitly remove this validation by adding this tag to your page’s masterpage or 1st line of tag.

validateRequest=”false”

If you are on ASP .NET MVC you can add this to your model, assuming that your model has the content variable.

[AllowHtml]
public string content = String.Empty;

Thanks hope it help you allot. Also if you are not familiar with XSS attacks, I will try to make an article for that so you can create your own script that is hack-able, be able to prevent it, and know what are it’s crons.

God Bless!

Don’t Ever use Inline Database in MSSQL SP and Query

Hi there!

I have been modifying a source code from my work and it has been a little difficult to test the system in multiple instances of database. This is due the previous developers of the said source code used Inline Query Codes and Connection Strings. In addition to that this Inline Queries and even their Stored Procedure use Inline Database, an example is [Database1].[dbo].[tbl_tableName] which should not be in practice if it is using the same database on the whole coding system.

This kind of practice limits the system to use different database name. For an instance you have a web server that serves both Development and Production Environment. You have a project that needs to have Dev and Prod on the said server. If this practice is used you are limited to one Environment at a time nevertheless you modify each script to change that inline database name. So its better to use [dbo].[tbl_tableName]  than [Database1].[dbo].[tbl_tableName] 

Thanks,

Thomie

System : San Carlos Alumni Homecoming Registration System

San Carlos Alumni Homecoming Registration System

San Carlos Alumni Homecoming Registration System

This is a system that I have developed for a seminary, San Carlos Seminary, at Guadalupe here at Manila. I was given this privilege by my classmate, Eissa Bedural, who has a brother, Kuya Edric Bedural, studying at the said seminary.

System features

  1. Automatic Installation of Database Server
  2. Backup Database
  3. Remote Control View of Registration
  4. Summary Registrants
  5. ID Printing
  6. Transport to MS Excel
  7. Room Management

PHP: Just got into mysql_insert_id() is very useful.

Long ago I have been programming with PHP but I am having problem in getting the inserted key for the new record that I have just inserted to my database.

 

My turn around was to query the same data that I have inserted. Recently, it just to  my head if there is a function on the net that perform the said task. And poof there it is. mysql_insert_id();

Usage

1. Perform an insert query. ea. INSERT INTO name(`name`) VALUES(‘NAME’)

2. Use the function to get the primary-auto-increment key. $id = mysql_insert_id();

Thats it you have get the key of your inserted record.

 

Hope it help you.