₦airaland Forum

pasted this s*#@ on a friend's website(http://www.abcdef.com/index.php?) pazzword's field to login /*after registering as a user.*/

**********'; DROP table pazzworde--&ALL went=>*************************************

Submit and Got it.

Yinksey: but what are the real steps to take to prevent this dreadful attack

If I don't know what your key looks like,
It may take me months to crack your lock {no matter how i try to interpret your URL}.
But if I have the least idea of how your key looks like,
it's a matter of minutes and your lock's busted.

That's what happens when people use factory-made locks like magic_" "

PHP answers: www.php.net/manual/en/security.magicquotes.why.php

didadavid: Have you heard of magic quotes? With magic quotes you are saved. If you want I can paste the code for you.

Don't paste it yet. Let's look @ how magical your " " could bend injections.

Came across magic_" " from lYnDaDoTcOm BtB & the abstraction was too easy to get.

Even PHP stopped magic_quotes() further development in recent versions.

I quote this from; www.php.net/manual/en/security.magicquotes.why.php

"There is no reason to use magic quotes
because they are no longer a supported
part of PHP. However, they did exist and
did help a few beginners blissfully and
unknowingly write better (more secure)
code. But, when dealing with code that
relies upon this behavior it's better to
update the code instead of turning
magic quotes on. So why did this feature
exist? Simple, to help prevent SQL
Injection. Today developers are better
aware of security and end up using
database specific escaping mechanisms
and/or prepared statements instead of
relying upon features like magical
quotes."

Yinksey: When u are using PDO Extension with php to deal with mysql, you dont need to worry about sql injection.

Let's not go too far. Let's look at the connection method from your beloved pdo class.

public PDO::__construct() ( string $dsn [, string $username
[, string $password [, array $driver_options ]]] )

From above, I have three revealed variables to play with; $dns, $username, $password.

I won't need to inject. All I need do is to {die mysql connection} from $dns.

That's iff pdo is used as a template class or not instantiated

pasted this s*#@ on a friend's website(http://www.abcdef.com/index.php?) username's field

SELECT*FROM "Bleep.self::$users." WHERE id={$id};
Definitely, $id = 0

Submit and Got it.

Slyr0x: How do you mean?

//Have you successfully injected via data fields or "?" edit before?

if (true){
then post a light comment about it;
}
else{ ignore_thread();
}

A lot of database driven websites are designed without the consideration of SQL injection; a technique where someone could actually (legally or illegally) query the database of a particular database driven website via form text fields or URL manipulations to retrieve data.

Feel free to share your experience and knowledge and if you are a Database/SQL guru who's not comfortable with releasing a whole lot of information to novices, then you can comment transparently in encryption.

Ajibel: and qBasic and Assembly

I wasn't taught Assembly language in school and many schools even in Europe don't. If you were taught AL, good for you.

BASIC is meant and recommended for freshers/beginners in programming.

House, please where can one submit a hardcopy CV in Lagos? #UBA

Davo93: Didn't get you right, do you mean i can still go ahead ignoring the FORTRAN? Or i have to start with it?

Learn FORTRAN and Pascal

sputos: For those who have done their phone call interview. dont relax and believe it is easy. i am not saying this to scare you but just to get you prepared for the subsequent tests. the personality test is just about u and make sure ur answers best fit what is required of a customer care officer. i feel the CBT is the main test for the job. You all should try and practice henceforth on Malvis Beacon on your typing speed and accuracy. on the multi-tasking, u should be able to pick out useful points(name, phone numbers, address, serial number, issue of complain e.t.c) by typing them in a required space said in less than 2mins. wish u luck

Thanks man

chrischyna: I have tried several times to forward my CV & application letter for the AKS-NNPC/MPN & KPL/IBM Graduate Assistance Programme to the given e-mail address (i.e. info@gapng.com) but all the delivery messages I got indicated "failure delivery". Pls, whoever knows the solution to this challenge should respond to me so as to help me out of this problem. Thanks.

The error is a permanent one. It says; "the user's mail folder is FULL". I will advise you to send the hard copy to the specified address instead.

Davo93: I sincerely commend you guys for your contributions here most especially the visionier of this thread (Javanian). Kudos! I must also add that coming here as a novice and reading from the first post to this point has re-awakened the passion for programming in me. I hope to start with the details i have got here soon as i have to put one or two things in place first.

In the mean time, i am amazed no one has mentioned 'FORTRAN' because this is what we are been taught here in school. I guess its due to the fact it is outdated. I'm very happy and do hope to find you guruz around when i finally start to put me through.

Bravo!

FORTRAN and Pascal are basically learner's tools. With FORTRAN, you'll learn code syntax easily. This same syntax is adopted by C/C++, Java, C#, VB and many modern compilers/ HLL. That's the reason why it's recommended for CSC undergraduates in programming courses.

Pascal prepares you for C++. It introduces you to procedural concept of programming, statement blocks, functions. Even OOP (with Object Pascal) is also introduced in some school.

It's better you learn it the professional way.

yourmajesty247: I USED THIS CODE BEFORE BUT NOW IM USING DIS CODE TO GET 4gigs for two month at 1500 NAIRA. THE CODE IS *440*161#

Tried it some weeks ago but didn't work.

Are you sure?

shosky1794: How do you guys cope with this Airtel? I'll say it's the crappiest network i've ever seen. Mtel would sure have done better if it were to still be 'alive'. Just wasted my money on it.
We really need that MTN back.

If you see what I do with my Airtel, you'll describe it in two words SPEED and AFFORDABLE.

cannonnier: Can a mobile application run on a computer, and vice versa.

A mobile app would have to be designed, modeled, coded, tested, run and debugged on a computer (PC) before it can now be test-run on the mobile device of which it was designed to run on.

I guess your "vice versa" meant if a computer program could run on a mobile device.
The answer is YES.
The programs you run on your Windows8 PC can as well run on a mobile device that SUPPORTS Windows8. Don't expect a .exe program from your PC to run on your iphone 5 iOS or your android jelly bean OS cos it won't work.

Hey guyz, please any info about when the next recruitment process will take place?
Is the application only done from their online job application portal <nimcjobs@gmail.com>?

Thanks

ekwah: There should be a thread on which people can ask for help.

Has anyone done any project on image pattern recognition before?
I need suggestions on algorithms that you used that worked. I spent
the last few weeks jumping from one paper to another and what I currently have
isn't working... I want to be able to identify images that are drawn on a phone screen for example.

e.g If I draw "A", the system should be able to recognize that what I have drawn is an "A" and not B.

Please help me if you've done something similar before. Thanks!

Sun Microsystems have done so much in predefined class component. The free JDK comes with some powerful API. You should play with some of them.

The class component of what you'll need for this particular project should be included in the commercial version. Check it out.

BUT If you are good in vectors and metrix then you should be able to build classes that can scan pixelated images and assign the value to a character.

judy56: When starting programming learning, you may start from simple programming languages, such as C#, C++ or VB. Then, you can learn a more complicated one, such as Java.

Lol... Did you say C++ is simple and Java is complicated?

Have you ever asked yourself why Java dont use pointers?

Have you tried reading a well documented C++ codes before? I mean well documented.

PLEASE NEVER YOU CATEGORISE CPP AS A JUST SIMPLE LANGUAGE

obaxlove: So pple like us who don't knw any insider can not get job wit etisalat right? This is becoming unbearable! We r suppose to be helping each oda here but the way pple protect information is annoying. It will be good if sometin important is done becos nairaland was not founded for this.

Be optimistic. That was what I was told by a staff. So I'm telling you the same.

Congratulations to those that made it to the Computer Based Test phase. Wish you guyz the very best. #Success

nekede11: Breaking news,but good 4 u guys,senate hav endorse 3000 nimc employee's sack.the sack cut across d states + fct,it s as a result of forge of certificates,abscent 4rm work,and d issue of minimum entry into nimc,which hnd & bsc.dose dat hav below hnd and bsc were sack also.but d upper chamber plead 4 reinstate 90+ of d layoff employee,dat this 90+ concluded their hnd and bsc as of last yr.but those sacked arrangemnt s dat,they will b discharge wit 1yr salary.4 nw nimc has less dan 2000 employee,so dis s more room 4 u guys.ur hope wil nt b n vain.am a passer_ by.but decide 2 drop d info.GOD HAVE ENLARGE U GUYS COAST.GUDLUCK

Chairman, thanks for the good news. How true is your source? Really wanna get more info on nimc

I've missed so much already! Everyone seems to have an unshared insider. And I even have an Experience Center close to ma crib.

I MUST make sure I have an insider TODAY!

@oliwaseunojo please who did you address your cover letter to?

nwaribe: Somebody should pls help me. I got a link for the etisalat personality test but the email address they sent the mail to does not open in another device EXCEPT my phone. Pls should I just go ahead and do the test on my phone?.

Have you tried accessing it from a PC browser? Well, if your phone is smart enough, then go ahead and do it.

muut2: Online, but d test has been written some r already in training while some r waiting for interview invitation. Where have u been

I'm new to NL. Your information was helpful. Thanks man.

Hey guyz, please where did you submit your CV?

.

.

young-dude:
pls sincere answer is required

..

if i root etisalat tecno p3, will the sim2 start browsing?

I bought a tecno android device and when I got home, I discovered I get 100mb from my etisalat line every month, and my sim2 works perfectly with other network data and voice. What I'll suggest is a complete OS reinstallation to get rid of the etisalat software that's already embedded in it.

I haven't tried it before, like I said earlier, it's only a suggestion.

@sealteam66 OOP is the simplest programming concept I've ever worked with. I started OOP with C++ back then in school, it was very interesting especially the class inheretance and polymorphism.

Java simplifies it.

Lol... I bet you, 1 week is too very much to get the full knowledge of it.

Which language to learn is not as important as the programming concept of which you intend on using. You can learn Java, C++,PHP syntax within a week, but that's not all. You need to learn a programming concept.

I prefer Object Oriented but I started with Component based programming.

With PHP, you can apply Procedural or Object oriented programming concept. It's very easy and fast.