Asia’s Largest Open Source Conference! In Chennai INDIA

Asia’s largest conference on open source, to be held from 19th-21st September, 2010 at Chennai, India (more:

OSI Days 2010 is the 7th and latest conference in the rich legacy established by the Linux Asia series of conference in India. Organised by the Forum for Open Source Initiatives in India (FOSII) and the Linux for You magazine (part of the EFY Group), OSI Days serves as the focal point for the convergence of the Open Source Community and Industry in Asia.

The conference is targeted at the Policy & Decision makers in a technological ecosystem – Government, Academicians, CXOs, SMEs, Developers and hardcore hackers. OSI Days 2010 will bring together over 3000 of the finest people in the open source domain together to discuss and confer on varied and relevant topics including:

  • Mobile: App Development, Game Development, Android, iPhone, Symbian & Others
  • IT Managers / Business: Legal, Community Management, Best Practices, Marketing Strategies, Open Web / Standardization, Business Models
  • Cloud Computing: Tools and Platforms, Cloudnomics, Cloud for Dummies & Others
  • Government: Applications, eGovernance , Case Study, Legal
  • Hardware: Infrastructure Management, Security, Semi Embedded Devices, Parallelization, Grid, Multi Core, Multi Threading, Virtualization & Others
  • PHP: PHP 5 & 6, PHP Security, Frameworks, Architecture / QA & Best Practices
  • Ruby on Rails
  • Drupal: Best Practices, Module Development, Theme Development, Scaling/ Management/ Performance & Others
  • Databases: MySQL, NoSQL, CouchDB, PostgreSQL, Ingres, SQLite & Others
  • Java Script
  • Developer / Tools & Techniques

(For details: please See the conference schedule at:

The Call for Papers are open for the conference till June 15th (more: We invite you to come join us in promoting open source technologies and projects by participating at the confernce as speakers and contributing to the knowledge and wisdom at OSI Days 2010.

For any clarifications,
Dhiraj Khare
OSI Days 2010

Schedule at a Glance












Panel Discussions

FOSS for Everyone






Mobile Application Development


Zend Certification Training

FOSS Awards







Panel Discussions

IT Dev Web



Panel Discussions

IT Implementer












IT Dev Mob


Open Source Databases

CXO Summit




Open Source Databases

How to set different port no for MySql database in Magento

How to set different port no for mysql database in Magento

Open the Configuration file where you setup database properties, i.e app/etc/local.xml

Just Replace the PORTNO in below xml with your port number.











Many different SQL Injections variations

SQL Injections variations from my collection..


‘ or 0=0 –

” or 0=0 –

or 0=0 –

‘ or 0=0 #

” or 0=0 #

or 0=0 #

‘ or ‘x’=’x

” or “x”=”x

‘) or (’x’=’x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

” or “a”=”a

‘) or (’a’=’a

“) or (”a”=”a

hi” or “a”=”a

hi” or 1=1 –

hi’ or 1=1 –

hi’ or ‘a’=’a

hi’) or (’a’=’a

hi”) or (”a”=”a

Sql Injection PHP MySql example

What is SQL Injection

SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

SQL Injection Example

Below is a sample string that has been gathered from a normal user and a bad user trying to use SQL Injection. We asked the users for their login, which will be used to run a SELECT statement to get their information.

MySQL & PHP Code:

// a good user's name
$name = "timmy";
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "<br />";

// user input that uses SQL Injection
$name_bad = "' OR 1'"; 

// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";

// display what the new query will look like, with injection
echo "Injection: " . $query_bad;


Normal: SELECT * FROM customers WHERE username = ‘timmy’
Injection: SELECT * FROM customers WHERE username = ” OR 1”

The normal query is no problem, as our MySQL statement will just select everything from customers that has a username equal to timmy.

However, the injection attack has actually made our query behave differently than we intended. By using a single quote (‘) they have ended the string part of our MySQL query

  • username = ‘ ‘

and then added on to our WHERE statement with an OR clause of 1 (always true).

  • username = ‘ ‘ OR 1

This OR clause of 1 will always be true and so every single entry in the “customers” table would be selected by this statement!

More Serious SQL Injection Attacks

Although the above example displayed a situation where an attacker could possibly get access to a lot of information they shouldn’t have, the attacks can be a lot worse. For example an attacker could empty out a table by executing a DELETE statement.

MySQL & PHP Code:

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

// our MySQL query builder really should check for injection
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";

// the new evil injection query would include a DELETE statement
echo "Injection: " . $query_evil;


SELECT * FROM customers WHERE username = ‘ ‘; DELETE FROM customers WHERE 1 or username = ‘ ‘

If you were run this query, then the injected DELETE statement would completely empty your “customers” table. Now that you know this is a problem, how can you prevent it?

Injection Prevention -mysql_real_escape_string()

Lucky for you, this problem has been known for a while and PHP has a specially-made function to prevent these attacks. All you need to do is use the mouthful of a function mysql_real_escape_string.

What mysql_real_escape_string does is take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(‘) a user might enter with a MySQL-safe substitute, an escaped quote \’.

Lets try out this function on our two previous injection attacks and see how it works.

MySQL & PHP Code:

//NOTE: you must be connected to the database to use this function!
// connect to MySQL

$name_bad = "' OR 1'"; 

$name_bad = mysql_real_escape_string($name_bad);

$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

$name_evil = mysql_real_escape_string($name_evil);

$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
echo "Escaped Evil Injection: <br />" . $query_evil;


Escaped Bad Injection:
SELECT * FROM customers WHERE username = ‘\’ OR 1\”
Escaped Evil Injection:
SELECT * FROM customers WHERE username = ‘\’; DELETE FROM customers WHERE 1 or username = \”

Notice that those evil quotes have been escaped with a backslash \, preventing the injection attack. Now all these queries will do is try to find a username that is just completely ridiculous:

  • Bad: \’ OR 1\’
  • Evil: \’; DELETE FROM customers WHERE 1 or username = \’

And I don’t think we have to worry about those silly usernames getting access to our MySQL database. So please do use the handy mysql_real_escape_string() function to help prevent SQL Injection attacks on your websites. You have no excuse not to use it after reading this lesson!

How to generate a query where dynamic column name? – MS SQL

am faced a problem here where is i need to select a query where the column name is dynamic:

table a

col1 | col2
A | Ali
B | Steven
C | Kawan
A | Bayu
B | Cawam
C | didik

how i write a query like below result?

declare @T1 table (col1 varchar(1),col2 varchar(5))
insert into @T1
select 'A','Ali' union all
select 'B','Abu' union all
select 'C','Kawan' union all
select 'A','Bayu' union all
select 'B','Cawam' union all
select 'C','didik'

if object_id('tempdb..#') is not null
	drop table #
select *
into #
from @T1 a
order by col1

alter table # add flag int
declare @i int
set @i = 0
declare @c varchar(10)
set @c = ''
update a set
	@i = case when @c = col1 then @i+1 else 1  end
	,flag = @i
	,@c = col1
from # a

	a= max(case when col1 = 'a' then col2 else '' end)
	,b = max(case when col1 = 'b' then col2 else '' end)
	,c =max( case when col1 = 'c' then col2 else '' end)
from #
group by flag

Slicehost Setup: Ubuntu + Nginx + PHP + MySQL

Running Apache on my 256MB slice was not fun. I kept getting “swap” warnings from slicehost, and some mornings I wake up to find my server hung.

So I decided to re-install fresh and run Nginx with PHP.

Installing Ubuntu (Jaunty), Nginx, PHP, and MySQL is easy following the slicehost guides:

The hard part is getting Nginx to work with PHP — You have to enable PHP-CGI.

There are bunch of tutorials out there on how to achieve this, but the most SIMPLE one is here:

Two small changes:

sbin/start-stop-daemon --quiet --start ....

running PHP_FCGI_CHILDREN at 15 causes the server to overload, but running 5 seems to work fine. Also, the start-stop-daemon is inside the sbin.

Been running this blog and four other sites on this setup for about a week now. It is way snappier than before on Apache.

JTable + MySQL – Java

JTable + MySQL Java. JTable + MySQL. 7 Hours Ago. If in big problem, I want a to add the ResultSet of MySQL in JTable.Table should in Panel. and There should be autosizing of the result.

It’s a very common requirement, and there are a number of good sample solutions on the web (basically you have to loop down the whole column to find the widest entry, then use that size to set the column width).
You may find this useful:

  1. public void packColumns(JTable table) {
  2. DefaultTableColumnModel colModel = (DefaultTableColumnModel) table
  3. .getColumnModel();
  4. for (int cNumber = 0; cNumber < table.getColumnCount(); cNumber++) {
  5. TableColumn col = colModel.getColumn(cNumber);
  6. int width = 0;
  7. // Get width of column header
  8. TableCellRenderer renderer = col.getHeaderRenderer();
  9. if (renderer == null) {
  10. renderer = table.getTableHeader().getDefaultRenderer();
  11. }
  12. Component comp = renderer.getTableCellRendererComponent(table, col
  13. .getHeaderValue(), false, false, 0, 0);
  14. width = comp.getPreferredSize().width;
  15. // Get maximum width of column data
  16. for (int r = 0; r < table.getRowCount(); r++) {
  17. renderer = table.getCellRenderer(r, cNumber);
  18. comp = renderer.getTableCellRendererComponent(table, table
  19. .getValueAt(r, cNumber), false, false, r, cNumber);
  20. width = Math.max(width, comp.getPreferredSize().width);
  21. }
  22. col.setPreferredWidth(width + 2); // Add margin
  23. }
  24. }

Mysql Ajax Table Editor | Squico

Mysql Ajax Table Editor is a very versatile and customizable mysql editor. It is PHP4 and PHP5 compatible and it has incredible join capabilities. This mysql editor has the ability to join on multiple tables and maintain search functionality and best of all it is written with ajax. This makes the script very dynamic and it can be customized to fit almost every application. Things like dynamic forms and user defined actions make it very powerful.

Download MySQL 5.1.39

MySQL Community Edition is a freely downloadable version of the world’s most popular open source database that is supported by an active community of open source developers and enthusiasts.

MySQL delivers enterprise features, including:

  • Partitioning to improve performance and management of very large database environments
  • Row-based/Hybrid Replication for improved replication security
  • Event Scheduler to create and schedule jobs that perform various database tasks
  • XPath Support
  • Dynamic General/Slow Query Log
  • Performance/Load Testing Utility (mysqlslap)
  • Improved! Full Text Search (faster, new dev templates)
  • Improved! Archive engine (better compression, more features)
  • Improved! User session and problem SQL identification
  • Improved! MySQL embedded library (libmysqld)
  • Additional INFORMATION_SCHEMA objects
  • Faster data import operations (parallel file load)
  • ACID Transactions to build reliable and secure business critical applications
  • Stored Procedures to improve developer productivity
  • Triggers to enforce complex business rules at the database level
  • Views to ensure sensitive information is not compromised
  • Information Schema to provide easy access to metadata
  • Pluggable Storage Engine Architecture for maximum flexibility
  • Archive Storage Engine for historical and audit data

This Version