Linux Database

SQL Injection: Whitelist validation vs. blacklist validation

Whitelist validation refers to data validation techniques such as checking the data type, data length, input range, nature of data by its format (for e.g. phone number will be ten digits separated by hyphens satisfying the format nnn-nnn-nnnn). Regular expressions may be used for format validation in inputs.

Blacklist validation refers to rejecting data based on a know bad list filter. This is not a powerful solution as the list of possible exclusions will be many and it is difficult to implement all possible scenarios. Blacklist validation should be used in conjunction with whitelist validation but in cases where whitelist validation cannot be applied at least blacklist validation should be implemented.


SQL Injection: Database Code Security in Programming

Dynamic SQL (concatenated sql string) is a coding practice where by the queries are built in the program and sent to SQL Server for execution. This can allow the code to be injected into the dynamic queries causing a damage to the database.

A good alternative is to use parameterised queries where placeholders are set for the variables. The possibility of queries getting infected with injected code is completely removed with parameterized queries.

In addition to parameterized queries, it is alway a best practice to sanitize the input parameters before using them in queries.

Also the data input should be encoded appropriately especially in case of dynamic sql usage and to apply appropriate encoding when extracted from the database to avoid cross-site script execution.


Mysql: Test database

Ever wondered why there is a “test” database in the list of tables when you install MySQL.

This is to allow users to practice MySQL commands or execute complex queries on the database.

“test” database is accessible to everyone who has access to MySQL in your localhost and hence is not advisable if you were to use it for your development. Continue Reading…


windows command prompt mysql start stop

To start MySQL service from Windows command prompt

c:\mysql\bin> net start mysql

To stop MySQL service from Windows command prompt

c:\mysql\bin> net stop mysql


MySQL vs. PostgreSQL – Comparison

There had often been talks and some times flame wars when there had been comparison between MySQL and PostgreSQL. Each database has its own strength and weaknesses. As an initiative, I thought to do a little research on this topic and to list down the common points gathered in a tabular format. Continue Reading…


MySQL database optimisation series – Right MySQL Data type

Numeric Data type in MySQL

Choosing the right data type can create significant improvement in application performance.

Many programmers/developers who opt to choose MySQL as the backend for their operations often fail miserably in choosing the most efficient data types. Continue Reading…


phpMyAdmin – visual interface for MySQL on Windows/Linux

phpMyAdmin is a web based interface to MySQL which is written using PHP for Administration of databases. Visual interface provided is intuitive and it saves time for the developers. (ver 3.1.1 is the recommended version as of this writing which runs on PHP 5/MySQL 5)

Step 1: First we need to check MySQL is installed by issuing the following command
[root@user Desktop]# which mysql

If you get …
then, it is an indication that MySQL is installed in your machine. Continue Reading…

Kurinchi Calendar
September 2018
« Oct