Wednesday, 2 July 2014

How to delete duplicate entries from table without deleting single entry in SQL

How to delete duplicate entries  from table without deleting single  entry in SQL


Suppose there are 5 duplicate  entries with same values in [MyTable] table, we have to keep only one entry in the table. 
When we  use the given code then 4 entries will be deleted



set rowcount 4




delete from MyTable where Myid =



set rowcount 0


Posted by at No comments:

Thursday, 29 May 2014

DateTime String Format in C#

Reference:---http://www.csharp-examples.net/string-format-datetime/

Following examples demonstrate how are the format specifiers rewritten to the output.
DateTime date = new DateTime(2004, 9, 5, 21, 3, 2, 123);


----2004-09-05 21:03:02.123---  = 05-Sep-2004 9:03:02 PM

String.Format("{0:y yy yyy yyyy}", date);  // "4 04 004 2004"   year
String.Format("{0:M MM MMM MMMM}", date);  // "9 09 Sep September"  month
String.Format("{0:d dd ddd dddd}", date);  // "5 05 Sun Sunday" day
String.Format("{0:h hh H HH}",     date);  // "9 09 21 21"      hour 12/24
String.Format("{0:m mm}",          date);  // "3 03"            minute
String.Format("{0:s ss}",          date);  // "2 02"            second
String.Format("{0:f ff fff ffff}", date);  // "1 12 123 1230"   sec.fraction
String.Format("{0:F FF FFF FFFF}", date);  // "1 12 123 123"    without zeroes
String.Format("{0:t tt}",          date);  // "P PM"            A.M. or P.M.
String.Format("{0:z zz zzz}",      date);  // "-6 -06 -06:00"   time zone


String.Format("{0:d/M/yyyy HH:mm:ss}", date); // "5/9/2004 21:03:02" 
String.Format("{0:d/M/yyyy HH:mm:ss}", date); // "5.9.2004 21:03:02" 


String.Format("{0:M/d/yyyy}", date);            // "9/5/2004"


String.Format("{0:MM/dd/yyyy}", date);          // "09/05/2004"
// day/month names
String.Format("{0:ddd, MMM d, yyyy}", date);    // "Sun, Sep 5, 2004"
String.Format("{0:dddd, MMMM d, yyyy}", date);  // "Sunday, September 5, 2004"
// two/four digit year
String.Format("{0:MM/dd/yy}", date);            // "09/05/04"
String.Format("{0:MM/dd/yyyy}", date);          // "09/05/2004"

Following examples show usage of standard format specifiers in String.Format method and the resulting output.
String.Format("{0:t}", date);  // "9:03 PM"                         
String.Format("{0:d}", date);  // "9/5/2004"                        
String.Format("{0:T}", date);  // "9:03:02 PM"                      L
String.Format("{0:D}", date);  // "Sunday, September 05, 2004"      
String.Format("{0:f}", date);  // "Sunday, September 05, 2004 9:03 PM" 


String.Format("{0:F}", date);  // "Sunday, September 05, 2004 9:03:02 PM" 


String.Format("{0:g}", date);  // "9/5/2004 9:03 PM"             
String.Format("{0:G}", date);  // "9/5/2004 9:03:02 PM"          
String.Format("{0:m}", date);  // "September 05"                  


String.Format("{0:y}", date);  // "September, 2004"                  


String.Format("{0:r}", date);  // "Sun, 05 Sep 2014 21:03:02 GMT"   
String.Format("{0:s}", date);  // "2004-09-05T21:03:02"             
String.Format("{0:u}", date);  // "2004-09-05 21:03:02Z"
Posted by at No comments:

Tuesday, 29 April 2014

SQL Injection Prevention & Detection Techniques


  • Database Design Best Practices
  • Defensive Coding Best Practices
  • Penetration Testing
  • Static Analysis of Code
  • Safe Development Libraries
  • Proxy Filters

  • Anomaly Based Intrusion Detection
  • Instruction Set Randomization
  • Dynamic Tainting
  • Model-based Checkers
Posted by at No comments:

Wednesday, 23 April 2014

Types of SQL Injection Attacks

1.Tautologies
2.Union Query
3.Piggy-backed Queries
4.Inference
5.Illegal/Logically Incorrect Queries
6.Stored Procedures

7.Alternate Encodings

Type: Tautologies
This type of attack injects SQL tokens to the conditional query statement to be evaluated always true
Example:-
"SELECT * FROM employee WHERE userid =  '112' and password ='aaa' OR '1 '='1”

As the tautology statement (1=1) has been added to the query statement so it is always true

Type: Union Queries
The result of Union Query injection attacks will be a new dataset returned by the database, containing the union of the first (developer intended) and the second (attacker-intended)

Example:-
"SELECT Name, Phone FROM Users WHERE Id= 1 UNION ALL SELECT creditCardNumber, 1 FROM Credit CardTable”

This will join the result of the original query with all the credit card

Type: Piggy-backed Queries
In this attack type, an attacker tries to inject additional queries into the original query.
In this case, attackers are not trying to modify the original intended query; instead, they are trying to include new and distinct queries that “piggy-back” on the original query.

Example:-
SELECT accounts FROM users WHERE login=‘doe’ AND pass=“0; DROP database webApp

Type: Inference
By this type of attack, intruders change the behavior of a database or application

Blind injection:- Blind SQL Injection is used when a web application is vulnerable to an SQL injection, but the results of the injection are not visible to the attacker.
Information is inferred from the behavior of the page by asking the server true/-false questions. If the injected statement evaluates to true, the site continues to function normally. If the statement valuates to false, although there is no descriptive error message, the page differs significantly from the normally-functioning page.

Timing attacks:- This type of blind SQL injection relies on the database pausing for a specified amount of time, then returning the results, indicating successful SQL query executing.
A timing attack allows an attacker to gain information from a database by observing timing delays in the response of the database. Attackers structure their injected query in the form of an if/then statement, whose branch predicate corresponds to an unknown about the contents of the database. Along one of the branches, the attacker uses a SQL construct that pause the execution for a known amount of time (e.g. the WAITFOR keyword). By measuring the response time of the database, the attacker can infer which branch was taken in his injection and therefore the answer to the injected question

Type: Illegal/Logically Incorrect Queries
This type is used to trigger syntax errors (which would be used to identify injectable parameters), type conversion errors (to deduce the data types of certain columns or extract data from them) or logical errors (which often reveal names of the tables and columns that caused the error), in order for the attacker to gather information about the type and structure of the back end database of a given Web application.
Example:-
" SELECT accounts FROM users WHERE login= AND pass=‘’ AND pin= convert (int,(select top 1 name from sysobjects where xtype=u))”

Type: Stored Procedure
This type of attack using stored procedures
Example:-
" CREATE PROCEDURE DBO.isAuthenticated
@userName varchar2, @pass varchar2, @pin int AS
EXEC("SELECT accounts FROM users WHERE login= ' “ +@userName+ “ ‘and pass=’ “+@password+” ‘and pin=”+@pin);  GO

SELECT accounts FROM users WHERE login='doe' AND pass = ' '; SHUTDOWN; -- AND pin=

Type: Alternate Encodings
This attack type is used in conjunction with other attacks. In other words, alternate encodings do not provide any unique way to attack an application; they are simply an enabling technique that allows attackers to evade detection and prevention techniques and exploit vulnerabilities that might not otherwise be exploitable

SELECT * FROM userTable WHERE” +  “login=‘” + login + “' AND pin=” + pin;

Input pin as “0; declare @a char(20)  select  @a=0x73687574646f776e exec(@a)”

SELECT * FROM userTable WHERE login=‘user' AND pin= 0;declare @a char(20) select @a=0x73687574646f776e exec(@a)”


Posted by at No comments:

SQL Query Injection

What is SQL Injection?
The ability to inject SQL commands into the database engine through an existing application (i.e. Client supplied data passed to an application without appropriate validation) Processed as commands by the database
       Ho w does SQL Injection work?
       Common vulnerable login query

 SELECT * FROM users     WHERE login = 'victor'     AND password = '123'
        (If it returns something then login!)

       ASP/MS SQL Server login syntax
the codes for implementing the same.

Var sql = "SELECT * FROM users
WHERE  login = '" + formusr "' 
 AND password = '" + formpwd + "'"; 
formusr ' or 1=1 – –
formpwd = anything


 Final query would look like this:
SELECT * FROM users WHERE username' or 1=1– – AND password = 'anything'

Intents
Attacks can also be characterized based on the goal, or intent, of the attacker. Therefore, each of the attack type definitions that we provide in Section 4 includes a list of one or more of the attack intents defined in this section.
1) Identifying injectable parameters: The attacker wants to probe a Web application to discover which parameters and user-input fields are vulnerable to SQLIA.
2) Performing database finger-printing: The attacker wants to discover the type and version of database that a Web application is using. Certain types of databases respond differently to different queries and attacks, and this information can be used to “fingerprint” the database. Knowing the type and version of the database used by a Web application allows an attacker to craft database specific attacks.
3) Determining database schema: To correctly extract data from a database, the attacker often needs to know database schema information, such as table names, column names, and column data types. Attacks with this intent are created to collect or infer this kind of information.
4) Extracting data: These types of attacks employ techniques that will extract data values from the database. Depending on the type of the Web application, this information could be sensitive and highly desirable to the attacker. Attacks with this intent are the most common type of SQLIA.
5) Adding or modifying data: The goal of these attacks is to add or change information in a database.
6) Performing denial of service: These attacks are performed to shut down the database of a Web application, thus denying service to other users. Attacks involving locking or dropping database tables also fall under this category.
7) Evading detection: This category refers to certain attack techniques that are employed to avoid auditing and detection by system protection mechanisms.
8) Bypassing authentication: The goal of these types of attacks is to allow the attacker to bypass database and application authentication mechanisms. Bypassing such mechanisms could allow the attacker to assume the rights and privileges associated with another application user.
9) Executing remote commands: These types of attacks attempt to execute arbitrary commands on the database. These commands can be stored procedures or functions available to database users.
10) Performing privilege escalation: These attacks take advantage of implementation errors or logical flaws in the database in order to escalate the privileges of the attacker. As opposed to bypassing authentication attacks, these attacks focus on exploiting the database user privileges.

       Sources of SQL Injection
       1)Injection through user input: In this case, attackers inject SQL commands by providing suitably crafted user input. A Web application can read user input in several ways based on the environment in which the application is deployed. In most SQLIAs that target Web applications, user input typically comes from form submissions that are sent to the Web application via HTTP GET or POST requests [14]. Web  applications are generally able to access the user input contained in these requests as they would access any other variable in the environment.
      2)Injection through cookies: Cookies are files that contain state information generated byWeb applications and stored on the client machine. When a client returns to a Web application, cookies can be used to restore the client’s state information. Since the client has control over the storage of the cookie, a  malicious client could tamper with the cookie’s contents. If a Web application uses the cookie’s contents to build SQL queries, an attacker could easily submit an attack by embedding it in the cookie [8].
      3)Injection through server variables: Server variables are a collection of variables that contain HTTP, network headers, and environmental variables. Web applications use these server variables in a variety of ways, such as logging usage statistics and identifying browsing trends. If these variables are logged to a database without sanitization, this could create an SQL injection vulnerability [30]. Because attackers can forge the values that are placed in HTTP and network headers, they can exploit this vulnerability by placing an SQLIA directly into the headers. When the query to log the server variable is issued to the database, the attack in the forged header is then triggered.
       4)Second-order injection: In second-order injections, attackers seed malicious inputs into a system or database to indirectly trigger an SQLIA when that input is used at a later time. The objective of this kind of attack differs significantly from a regular (i.e., firstorder) injection attack. Second-order injections are not trying to cause the attack to occur when the malicious input initially reaches the database. Instead, attackers rely on knowledge of where the input will be subsequently used and craft their attack so that it occurs during that usage. To clarify, we present a classic example of a second order injection attack (taken from [1]). In the example, a user registers on a website using a seeded user name, such as “admin’ -- ”. The application properly escapes the single quote in the input before storing it in the database, preventing its potentially malicious effect. At this point, the user modifies his or her password, an operation that typically involves (1) checking that the user knows the current password and (2) changing the password if the check is successful. To do this, the Web application might construct an SQL command as follows:

 queryString="UPDATE users SET password=" + newPassword +"’ WHERE userName=’" + userName + "’ AND password=’" + oldPassword + "

         newPassword and oldPassword are the new and old passwords, respectively, and userName is the name of the user currently logged-in (i.e., ‘‘admin’--’’). Therefore, the query string that is sent to the database is (assume that newPassword and oldPas-sword are “newpwd” and“oldpwd”):

         UPDATE users SET password=’newpwd




         WHERE userName=admin--’ AND password=’oldpwd’

         Because “--” is the SQL comment operator, everything after it is ignored by the database. Therefore, the result  of this query is that the database changes the password of the administrator (“admin”) to an attacker-specified value.
       Second-order injections can be especially difficult to detect and prevent because the point of injection is different from the point where the attack actually manifests itself. A developer may properly escape, type-check, and filter input that comes from the user and assume it is safe. Later on, when that data is used in a different context, or to build a different type of query, the previously sanitized input may result in an injection attack.

Posted by at No comments:

Wednesday, 26 March 2014

Ballon Popup Extender Sample in ASP.Net/C#

How to display good POPUP Window in ASP.Net using Ajax?
Most of the ASP.Net application requires showing some POPUP window to user for showing some messages or information. Also in order to create a ToolTips in ASP.Net/C# web application it’s very difficult to achieve for good looking ToolTip. In the newest Ajax Control Toolkit includes an awesome good looking and more functional popup extender called Balloon POPUP Extender. It’s a very light weight and having good look and feel popup, also we can apply custom styles for POPUP. Balloon POPUP Extender can use as ToolTips in ASP.Net application.
Download and Register New AjaxControl Toolkit
For implementing Balloon POPUP Extender in ASP.Net/C# application, we need to download newest Ajax Control Toolkit and register to the Project references. You can download new Ajax Control Toolkit from this link. Right click the ‘References’ under the ASP.Net project from Visual Studio and browse the dll and press OK.
In the ASPX page we need to register this ajax toolkit dll like below mentioned code.
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="ajax" %>
How to implement Balloon POPUP Extender in ASP.Net/C# Application?
After adding and register the Ajax Control Toolkit as mentioned above, we can start to implement the Balloon POPUP Extender. We can implement Balloon POPUP Extender while clicking/on mouse over/on focus of any server controls in ASP.Net. Below mentioned is the codes for implementing the same.
<ajax:BalloonPopupExtender ID="PopupControlExtender2" runat="server" 
TargetControlID="txtUserName"
 BalloonPopupControlID="pnlBalloon" Position="BottomRight" 
BalloonStyle="Cloud"
 BalloonSize="Medium" UseShadow="true" ScrollBars="Auto" 
DisplayOnMouseOver="true"
 DisplayOnFocus="false" DisplayOnClick="true" />
Balloon Popup Extender Sample
Balloon Popup Extender Sample
Balloon Popup Extender Sample



There are some properties are available for Balloon POPUP Extender control and we can adjust the size,color,style and controls of POPUP using these properties. Below are the main properties of Balloon POPUP Extender



TargetControlID – The ID of the control to attach to.



BalloonPopupControlID – The ID of the control to display.



Position – Optional setting specifying where the popup should be positioned relative to the target control. (TopRight, TopLeft, BottomRight, BottomLeft, Auto) Default value is Auto.



OffsetX/OffsetY – The number of pixels to offset the Popup from its default position, as specified by Position. Default value is 0.



BalloonStyle – Optional setting specifying the theme of balloon popup. (Cloud, Rectangle, Custom). Default value is Rectangle.



BalloonSize – Optional setting specifying the size of balloon popup. (Small, Medium and Large). Default value is Small.



CustomCssUrl – This is required if user choose BalloonStyle to Custom. This specifies the url of custom css which will display custom theme.



CustomClassName – This is required if user choose BalloonStyle to Custom. This specifies the name of the css class for the custom theme.



UseShadow – Optional setting specifying whether to display shadow of balloon popup or not.



ScrollBars – Optional setting specifying whether to display scrollbar if contents are overflowing. This property contains 5 options – None, Horizontal, Vertical, Both and Auto. Default value is Auto.



DisplayOnMouseOver – Optional setting specifying whether to display balloon popup on the client onMouseOver event. Default value is false.



DisplayOnFocus – Optional setting specifying whether to display balloon popup on the client onFocus event. Default value is false.



DisplayOnClick – Optional setting specifying whether to display balloon popup on the client onClick event. Default value is true.



Animations – Generic animations for the PopupControlExtender.



                     OnShow – The OnShow animation will be played each time the popup is displayed. The popup will be positioned correctly               but hidden. The animation can use <HideAction Visible=”true” /> to display the popup along with any other visual effects.



                     OnHide – The OnHide animation will be played each time the popup is hidden.


A very simple example for Balloon POPUP Extender in ASP.Net/C# using Ajax



Here we are demonstrating a very simple for implementing Ajax Balloon POPUP Extender  with full downloadable source code.





ASPX Page


<%@ Page Title="Home Page" Language="C#" MasterPageFile="~/Site.master" 
AutoEventWireup="true"
CodeBehind="Default.aspx.cs" Inherits="BaloonPopup._Default" %>
<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" 
TagPrefix="ajax" %>
<asp:Content ID="HeaderContent" runat="server" 
ContentPlaceHolderID="HeadContent">
</asp:Content>
<asp:Content ID="BodyContent" runat="server" 
ContentPlaceHolderID="MainContent">
<h2>
Welcome to Baloon Popup Extender Sample
</h2>
<p>
For Website/WebApplication creation <a href="http://www.tuvian.com" 
title="aps.net">www.tuvian.com</a>.
</p>
<div>
<ajax:ToolkitScriptManager ID="Scriptmanager1" runat="server">
</ajax:ToolkitScriptManager>
<div style="border: 1px solid gray; padding: 10px; margin: 10px;">
<h3>
Cloud Style Baloon Popup Example</h3>
<br />
<br />
<ajax:BalloonPopupExtender ID="PopupControlExtender2" runat="server" 
TargetControlID="txtUserName"
BalloonPopupControlID="pnlBalloon" Position="BottomRight" BalloonStyle="Cloud"
BalloonSize="Medium" UseShadow="true" ScrollBars="Auto" DisplayOnMouseOver="true"
DisplayOnFocus="false" DisplayOnClick="true" />
UserName :
<asp:TextBox runat="server" ID="txtUserName" />
<asp:Panel runat="server" ID="pnlBalloon">
This is the Cloud Style Ballon Popup</asp:Panel>
</div>
<div style="border: 1px solid gray; padding: 10px; margin: 10px;">
<h3>
Rectangular Baloon Popup Example</h3>
<br />
<br />
<ajax:BalloonPopupExtender ID="Balloonpopupextender1" runat="server" 
TargetControlID="lblShow"
BalloonPopupControlID="pnlRectangularBallon" Position="TopRight" 
BalloonStyle="Rectangle"
BalloonSize="Medium" UseShadow="true" ScrollBars="Auto" 
DisplayOnMouseOver="false"
DisplayOnFocus="false" DisplayOnClick="true" />
<asp:Label runat="server" ID="lblShow" 
Text="Click Here to Show the Rectangular Balloon Popup" />
<asp:Panel runat="server" ID="pnlRectangularBallon">
This is the rectangular ballon popup</asp:Panel>
</div>
<div style="border: 1px solid gray; padding: 10px; margin: 10px;">
<h3>
Custom Style Baloon Popup Example</h3>
<br />
<br />
<ajax:BalloonPopupExtender ID="Balloonpopupextender2" runat="server" 
TargetControlID="txtCustomBallonPopup"
BalloonPopupControlID="pnlCustomBallon" Position="BottomRight" 
BalloonStyle="Custom"
BalloonSize="Medium" UseShadow="true" ScrollBars="Auto" 
DisplayOnMouseOver="true"
CustomCssUrl="Styles/BalloonPopupOvalStyle.css" 
CustomClassName="oval" DisplayOnFocus="false"
DisplayOnClick="true" />
<asp:TextBox runat="server" ID="txtCustomBallonPopup" />
<asp:Panel runat="server" ID="pnlCustomBallon">
This is the Custom Style ballon popup</asp:Panel>
</div>
</div>
</asp:Content>
--------------

                  DOWNLOAD SOURCE CODE FOR BALLOON POPUP EXTENDER EXAMPLE














Posted by



at





No comments:
  


































          

        

          

        

Wednesday, 19 March 2014


          

        










A Computer Trick For you to Access instant things














































1. Accessibility Controls - access.cpl

2. Accessibility Wizard - accwiz

3. Add Hardware Wizard - hdwwiz.cpl

4. Add/Remove Programs - appwiz.cpl

5. Administrative Tools - control admintools

6. Automatic Updates - wuaucpl.cpl

7. Bluetooth Transfer Wizard - fsquirt

8. Calculator - calc

9. Certificate Manager - certmgr.msc

10. Character Map - charmap

11. Check Disk Utility - chkdsk

12. Clipboard Viewer - clipbrd

13. Command Prompt - cmd

14. Component Services - dcomcnfg

15. Computer Management - compmgmt.msc

16. Control Panel - control

17. Date and Time Properties - timedate.cpl

18. DDE Shares - ddeshare

19. Device Manager - devmgmt.msc

20. Direct X Troubleshooter - dxdiag

21. Disk Cleanup Utility - cleanmgr

22. Disk Defragment - dfrg.msc

23. Disk Management - diskmgmt.msc

24. Disk Partition Manager - diskpart

25. Display Properties - control desktop

26. Display Properties - desk.cpl

27. Dr. Watson System Troubleshooting Utility - drwtsn32

28. Driver Verifier Utility - verifier

29. Event Viewer - eventvwr.msc

30. Files and Settings Transfer Tool - migwiz

31. File Signature Verification Tool - sigverif

32. Findfast - findfast.cpl

33. Firefox - firefox

34. Folders Properties - control folders

35. Fonts - control fonts

36. Fonts Folder - fonts

37. Free Cell Card Game - freecell

38. Game Controllers - joy.cpl

39. Group Policy Editor (for xp professional) - gpedit.msc

40. Hearts Card Game - mshearts

41. Help and Support - helpctr

42. HyperTerminal - hypertrm

43. Iexpress Wizard - iexpress

44. Indexing Service - ciadv.msc

45. Internet Connection Wizard - icwconn1

46. Internet Explorer - iexplore

47. Internet Properties - inetcpl.cpl

48. Keyboard Properties - control keyboard

49. Local Security Settings - secpol.msc

50. Local Users and Groups - lusrmgr.msc

51. Logs You Out Of Windows - logoff

52. Malicious Software Removal Tool - mrt

53. Microsoft Chat - winchat

54. Microsoft Movie Maker - moviemk

55. Microsoft Paint - mspaint

56. Microsoft Syncronization Tool - mobsync

57. Minesweeper Game - winmine

58. Mouse Properties - control mouse

59. Mouse Properties - main.cpl

60. Netmeeting - conf

61. Network Connections - control netconnections

62. Network Connections - ncpa.cpl

63. Network Setup Wizard - netsetup.cpl

64. Notepad - notepad

65. Object Packager - packager

66. ODBC Data Source Administrator - odbccp32.cpl

67. On Screen Keyboard - osk

68. Outlook Express - msimn

69. Paint - pbrush

70. Password Properties - password.cpl

71. Performance Monitor - perfmon.msc

72. Performance Monitor - perfmon

73. Phone and Modem Options - telephon.cpl

74. Phone Dialer - dialer

75. Pinball Game - pinball

76. Power Configuration - powercfg.cpl

77. Printers and Faxes - control printers

78. Printers Folder - printers

79. Regional Settings - intl.cpl

80. Registry Editor - regedit

81. Registry Editor - regedit32

82. Remote Access Phonebook - rasphone

83. Remote Desktop - mstsc

84. Removable Storage - ntmsmgr.msc

85. Removable Storage Operator Requests - ntmsoprq.msc

86. Resultant Set of Policy (for xp professional) - rsop.msc

87. Scanners and Cameras - sticpl.cpl

88. Scheduled Tasks - control schedtasks

89. Security Center - wscui.cpl

90. Services - services.msc

91. Shared Folders - fsmgmt.msc

92. Shuts Down Windows - shutdown

93. Sounds and Audio - mmsys.cpl

94. Spider Solitare Card Game - spider

95. SQL Client Configuration - cliconfg

96. System Configuration Editor - sysedit

97. System Configuration Utility - msconfig

98. System Information - msinfo32

99. System Properties - sysdm.cpl

100. Task Manager - taskmgr

101. TCP Tester - tcptest

102. Telnet Client - telnet

103. User Account Management - nusrmgr.cpl

104. Utility Manager - utilman

105. Windows Address Book - wab

106. Windows Address Book Import Utility - wabmig

107. Windows Explorer - explorer










Posted by



at





No comments:
  


































          

        

          

        

Tuesday, 4 March 2014


          

        









XML document Escape characters














Escapes or unescapes an XML file removing traces of offending characters that could be wrongfully interpreted as markup.



The following characters are reserved in XML and must be replaced with their corresponding XML entities:


    

  1. ' is replaced with &apos;
    2. 

  2. " is replaced with &quot;
    3. 

  3. & is replaced with &amp;
    4. 

  4. < is replaced with &lt;
    5. 

  5. > is replaced with &gt;
    6. 




Original CharacterXML entity replacementXML numeric replacement

<                              &lt;                                    &#60;                                    

>                              &gt;                                   &#62;                                    

"                               &quot;                               &#34;                                    

&                              &amp;                               &#38;                                    

'                               &apos;                               &#39;                                    







Examples:-


DataXml TypeIn XML


He said "OK"AttributeattributeName="He said &quot;OK&quot;"


She said "You're right"AttributeattributeName="She said &quot;You&apos;re right&quot;"


Smith&SonsAttributeattributeName="Smith&amp;Sons"


if (age > 3 && age < 8)Element<MyElement>if (age &gt; 3 &amp;&amp; age &lt; 8)</MyElement>


An XML Comment End with -->Comment<!-- An XML Comment End with --&gt; -->


A & BComment<!-- A &amp; B -->
















Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)