A leg workout machine for homes.
I call it KneeCruncher.
Wednesday, January 22, 2025
Wednesday, December 4, 2024
Sunday, December 1, 2024
SQL injection flaw and how to fix it at DB itself
One simple example is
Select * from Users where email = '$email' ;
Here $email could be substituted with an "OR" getting a positive result for the condition check.
$email could be ' OR '1'='1 (including the single quotes), making this a valid SQL Statement.
However, In DB we could add a SQL Command template for the SQL statement, and if the template doesn't match then the SQL statement doesn't get executed.
email_value = web_input;
db->connection(""" , '"", 5000);
db->set_statement (" Select * from Users where email = '"+ email_value +" ';");
db->set_valid_template( " select * from Users where email = '%'; ");
// where % represents a value that is added dynamically.
if( db->is_injected() ){
//SQL injection detected
//return error.
} else {
//SQL injection not detected
// continue on here ...
}
Instead of fixing this in a website (backend pages) this could be fixed in the DB parser level itself, making one of the security vulnerabilities fixed.
Or, something like this can be done.
db->check_sql( email_value )
//0 - not sql
//1 - partial sql statement
//2 - full sql statement
Both of these methods wouldn't require a db query to be done.
Friday, November 29, 2024
Monday, July 26, 2021
Power of 2 : Updated
Here is the correct algorithm, basically it wasn't taking 1 as input properly.
#include <iostream>
#include <thread>
#include <chrono>
using namespace std;
uint64_t powerxxx(int x, int n) {
if (n <= 0) {
if (n == 0)
return 1;
else
return 0;
}
int modval = n & 0x01;
if (modval == 1)
n--;
int count = (n >> 1);
int powertwo = x*x;
uint64_t power = 1;
while (count > 0)
{
power *= powertwo;
count--;
}
if (modval == 1)
power *= x;
return power;
}
int main()
{
auto start = std::chrono::system_clock::now();
uint64_t p = pow(3, 33);
auto end = std::chrono::system_clock::now();
std::chrono::duration<long double> diff = end - start;
std::cout << "power = " << p << ": " << diff.count() << " s\n";
start = std::chrono::system_clock::now();
p = powerxxx(3, 33);
end = std::chrono::system_clock::now();
diff = end - start;
std::cout <<"power = "<<p <<": " << diff.count() << " s\n";
return 0;
}
Power of 2 : :)
This is a new algorithm to calculate pow(x, n), where it calculates nth power of x. According to Chrono it is faster than the system pow(x,n).
#include <iostream>
#include <chrono>
using namespace std;
uint64_t powerxxx(int x, int n) {
int count = 0;
int modval = n & 0x01;
if (modval == 1)
n = n - 1;
if (n == 0)
return 1;
else if (n < 0)
return 0;
count = (n >> 1);
int powertwo = x*x;
uint64_t power = 1;
while (count > 0)
{
power *= powertwo;
count--;
}
if (modval == 1)
power *= x;
return power;
}
int main()
{
auto start = std::chrono::system_clock::now();
uint64_t p = pow(3, 33);
auto end = std::chrono::system_clock::now();
std::chrono::duration<double> diff = end - start;
std::cout << "power = " << p << ": " << diff.count() << " s\n";
start = std::chrono::system_clock::now();
p = powerxxx(3, 33);
end = std::chrono::system_clock::now();
diff = end - start;
std::cout <<"power = "<<p <<": " << diff.count() << " s\n";
return 0;
}
Subscribe to:
Posts (Atom)