$incfile = sanitize_file_name($_REQUEST["file"]);
include($incfile . ".php");
Without sanitizing the file name an attacker could simple pass http://attacker_site/malicous_page as input and execute whatever code in your server.
$user = sanitize_user("attacker username<script>console.log(document.cookie)</script>");
$user value after sanitize is "attacker username"
Lets say you want to filter a query by two columns, but only certain combinations of those columns. For example, it's OK to have account 60400 with reference JE, but you cannot have account 60400 with reference ED, but you can have account 60500 with reference ED.
select * from schema.table where ...
# 1. Login Azure by admin account
Add-AzureAccount
#
# 2. Select subscription name
$subscriptionName = Get-AzureSubscription | Select -ExpandProperty SubscriptionName
#
# 3. Create storage account
$storageAccountName = $VMName
# here we use VMName to play the storage account name and create...
First off you create the form
@using (Html.BeginForm())
{
@Html.AntiForgeryToken()
}
Action Method
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Test(FormViewModel formData)
{
// ...
}
Script
<script src="https://code.jquery.com/jquery-1.12.4.min.js"&g...
Data Access Object(DAO) design pattern is a standard J2EE design pattern.
In this design pattern data is accessed through classes containing methods to access data from databases or other sources, which are called data access objects. Standard practice assumes that there are POJO classes. DAO can b...
The Bluetooth specification contains several profile specifications. A profile describes how to use and implement a function.
They can depend on each other, here is a basic layout of the most common profile dependencies
All profiles can be found at BT SIG, be aware that different versions might ...
Member names of an anonymous union belong to the scope of the union declaration an must be distinct to all other names of this scope. The example here has the same construction as example Anonymous Members using "struct" but is standard conform.
struct Sample {
union {
int a...
ValueExpression ve = AdfmfJavaUtilities.getValueExpression(<binding>, String.class);
ve.setValue(AdfmfJavaUtilities.getELContext(), <value>);
Here "binding" indicates the EL expression to which the value is to be stored.
"value" is the desired val...
AdfmfContainerUtilities.invokeContainerJavaScriptFunction(AdfmfJavaUtilities.getFeatureId(), <function>, new Object[] {
});
"function" is the desired js function to be invoked
Oracle (11g and above) allows the SQL queries to be cached in the SGA and reused to improve performance. It queries the data from cache rather than database. Subsequent execution of same query is faster because now the data is being pulled from cache.
SELECT /*+ result_cache */ number FROM main_tab...
Achieving multitenancy on database server with multiple databases hosted on it.
Multitenancy is common requirement of enterprise application nowadays and creating connection pool for each database in database server is not recommended. so, what we can do instead is create connection pool with datab...
Another approach to handling asynchrony in Redux is to use action creators. In Flux, action creators are special functions that construct action objects and dispatch them.
myActionCreator(dispatch) {
dispatch({ type: "ASYNC_ACTION_START" });
setTimeout(() => {
dispatch({ typ...
The Python function import_csv_to_dynamodb(table_name, csv_file_name, colunm_names, column_types) below imports a CSV file into a DynamoDB table. Column names and column must be specified. It uses boto. Below is the function as well as a demo (main()) and the CSV file used.
import boto
MY_ACCESS...
REpresentational State Transfer (REST) is an architectural style used for web development, introduced and defined in 2000 by Roy Fielding.
See it on wiki : REST wiki
It's based on HTTP protocol (HTTP on Wiki), HTTP requests (GET, POST, PATCH, DELETE...) / responses codes (404, 400, 200, 201, 500.....
