In MS SQL use the following SQL to show all tables in the selected database. This is the equivalent of MySQLs show all tables.
MS SQL queries for show table:
1 | SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = 'BASE TABLE'; |
Using this query syntax you can display all tables in a MS SQL database. Hmmm… I think I like the MySQL way for showing all tables better:
1 | SHOW ALL TABLES; |
Drop me a comment if this helped your or if you feel I missed something, thanks for reading.
I was recently auditing a clients website and was astounded when I was able to access any customers account by disabling JavaScript, using a wild card ‘%’ operator as the username, and guessing passwords. Unfortunately the developer of the customer login used a query that looked like this and did not clean any of the data once received by the server:
1 | SELECT * FROM the_customer_table WHERE the_username LIKE "'.$_POST['the_username_field'].'" AND password="'.$_POST['the_password_field'].'" |
Using the wild card operator it would return any username where the password matched whatever I passed in such as “password”, “happiness”, and some dirty words that I threw in for fun. The exploit could have been very bad actually as certain accounts have gift certificates associated with them. A hacker could have written a simple brute force script in any language and went to town compiling a list of valid accounts and then ordered hundreds to thousands of dollars worth of product. The exploit was patched by altering the query and additional adding an add_slashes() to all POST data for the login.
A proper login query should look like this:
1 2 3 4 5 6 7 8 | $valid=false; $sql = "SELECT the_username,the_password FROM the_customer_table WHERE the_username ="'.mysql_real_escape_string($_POST['the_username_field']).'" LIMIT 1"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if($row['the password']==$_POST['the_password_field']){ $valid=true; } return $valid; |
This will verify first that a valid customer account exists, then it will test the actual password against what was supplied by the end-user. This of course should occur after the POST data has been cleansed against SQL injection hacks and JavaScript hacks. Never use LIKE when you are searching for an exact match either and always use a LIMIT 1 when you are only expecting 1 record to be returned or 1 record to be affected.
FirePHP enables you to log to your Firebug Console using a simple PHP method call. All data is sent via response headers and will not interfere with the content on your page. FirePHP is ideally suited for AJAX development where clean JSON and XML responses are required. Using FirePHP on a production server is a safe and easy way to debug an application without inconveniencing end-users. FirePHP requires PHP 5 on the server, firebug on the client with all three options settings including Net enabled for the site. It can be installed via PEAR or by uploading two classes to your server and referencing them via the include_once() method.
Once the files are uploaded to the server, include them in your script, instantiate the FirePHP class as an object, and call the log() method by passing in two parameters the variable and a title.
1 2 3 | include_once('FirePHPCore/FirePHP.class.php'); $firephp = new FirePHP(); $firephp->log($variable,'Enter an optional title for the second parameter'); |
When you pass an array as a variable to firebug it will display it in a human readable format similar to placing print_r() in between the pre html tags. The most notable security risk to using FirePHP is that anyone with the firephp extension enabled can you use it to see any information you are dumping to the client. My advice is to immediately comment out firebug logging calls once you are finished debugging the application, especially if you are dumping out raw SQL syntax to the client.