A photograph of Mirza Ghalib (Photo credit: Wikipedia)
The Origins of Pathans
Author: Ahsan Nabi Khan
I used to read old forgotten books in the rubble of our homespun mess. Once I grabbed a book we inherited from our grandfather, “The Pathans” from Sir Olaf Caroe. As I leafed through the pages, my head was raised from a mere shame of creation to a pride of performance. I was more than an object of jokes on sexuality. I was what I am – The lost sheep of Israel.
Pathans, as we see it, are looked down upon as simpletons, yet cunning; below poverty line, yet usurers; full of honour and pride, yet sellers of over-aged daughters; five-time praying people, yet filthy abusers. It seems they are a fit target for anti-Semitic ire, yet another fit to throw as missiles against the Semites. One of the more recent famous jokes about them with regard to three different Eid dates they hold in Peshawar is “The person who fasts on Eid day is Satan, and the person who celebrates Eid on fasting day is Pathan.” And this was the most respectable of the mentionable jokes.
Certainly with this as an added advantage to the general prejudiced provincial societies we hold in the breakable crucible, it is quite unflattering to live everyday in Pakistan, the place which most Pathans call homeland ‘watan’. Army has it, Navy has it, Businesses have it, Labourers, Security Guards, Domestic Servants, Truck and Rickshaw Drivers, Sportsmen, and now even Polititicans have it: The Spirit. As they say, Pathan is not a caste, it is a Spiritual State (Kefiyat). But the way the spirit is imbued in the flesh is another matter. My Name is Khan and I am not a Terrorist. The Pathan is always struggling to disprove himself more than to prove anything else.
One thing is certain of this caste. They are loyal religious simple and brave people. Their simplicity is often exploited by fundamentalist rhetoric; their religiosity is often compounded by intolerance towards their Shiite and Sufi neighbours. Their loyalty earns them respect and position of trust. And their bravery has foiled one of the most notorious militia in the world, Al-Qaeda.
Often Khans are pleasant and lighter in appearance which wins them showbiz presence. And that accounts partially for the reason the community treats them as a heartthrob of entertainment. Whether as a hero in Bollywood film industry or as a funny metaphor in Rickshaw and Truck radio, it is a treat to even think about them. However, as long as inter-marriage and other intricate socializing is concerned, discrimination cannot be beaten by the mere fact that all men are created equal. Being once a high caste proud of its descent from Saladin, the Pathans are oblivious of who they are. As Iqbal once remarked:
Youn to Syed bhi ho, Mirza bhi ho, Afghan bhi ho
Tum subhi kuchh ho batao to musalmaan bhi ho
And more tragically as predicted by Mirza Asad Ullah Khan Ghalib:
Kaaba meray peechhay Kaleesa meray agay
Hota hai shub o roz tamasha meray agay
Mirza Saab is famous for his Israeli roots among the British of the Raj, as Sir Olaf Caroe commented in the book. He had been as is today, an epitome of entertainment in the already disturbed annals of courts. Just like King David once was a musician hired to cast out devils from Prince Saul’s mind with Psalms, Mirza Ghalib was hired to soothe an already ailing sore of the pricklish Raj, and so in some sense are hired Khans in the film industry of India and sports industry of Pakistan: to soothe out an already disturbed mind haunted by devils of doom. But just like David got his hands in the war himself, so do The Pathans get involved in the bloodshed. Had they known, the puppet business of the devil would be soon cast off. But their simplicity buys them problems and cost is incurred to the balance sheet of their country.
When people notice my mountainous accent, they get surprised to discover I do not know any language of the highlands. English and Urdu being the common conscience of the compulsory homogeneity of Pakistan, the rare languages are a rare treat to listen but treated more as an amusing entertainment than a member of a family of South Asian Languages. Dr. Sarmad Hussain, Center of Language Engineering at University of Engineering and Technology, is fighting to revive the common culture of diverse languages. Our multilingual identity with high intellect, he says is a speciality as old as Buddha and as native as Taxila. The first linguist of the world, Dr. Sarmad maintains, is from Pakistan’s old heritage. I find it not surprising at all, given the interesting works of so many sociolinguists in our society at present. If we count the languages of Pathans, certainly Pashto is not alone: Hindko, Saraiki, Punjabi, Urdu, English, Dari and many that the native people of the mountains themselves know. Linguists are working today to protect this endangered regional sign of ethnic diversity.
Now as far as the common misinformation about Pathans are concerned, there are many. It is obvious their women survive behind the purdah, so the evangelist media hooks up to find the possible corruption behind the purdah. Here it reminds me of an Urdu-speaking politician’s teleconference quotation when he sang out
“Perday mein rehnay do, Purdah na Uthao”
But when we read Quran specially Surah Al-Baqarah, all the criticism on the Semites naturally fits in with Pathans. The story of Taloot, Jaloot and Daood is actually Saul, Goliath and David, in the time of Jeremiah, the ancestor of Afghana, the father of the land that we call Afghanistan. Their arched features remind of the older warrior tribes that they maintain even today, as a mere living relic. With the discovery of archaic Old Testament scriptures and evidence of sacraments ingrained in our traditions, it is a blessing to see the footsteps of the oldest holy saints through our valleys and river banks. Some surviving Hebrew texts on grave stones still witness the cross-roads of the civilizations having the three world religions.
In summary what we see is that the Pathans are the eyes of the world into their origins of the past. They shed life on the leftover trails of the footsteps of our forefathers. They can relate to one of the most ancient stories of who we were and where we came from and what we have become.
Related articles
- Another look at the Y chromosomes of Afghanistan (dienekes.blogspot.com)
What I learnt today?
Related articles
- Zen Cart Mobile (akashchakrawarti.wordpress.com)
- Most Suitable Zen Cart Addons By Using Store Manager For Zen Cart Software (valenciawebdesigner.com)
- There’s More to an E-Commerce Site than Meets the Eye (prweb.com)
cPanel & WHM Glossary
Addon Domain: An additional domain name associated with a cPanel account. Each addon domain is stored in its own directory which website owners can configure. This allows website owners to manage multiple domains from a single cPanel account. Addon domains must be registered with a domain name registrar to work.
Analog: A program that provides information about the visitors to a website in both graphical and statistical views. More information about Analogcan be found at http://www.analog.cx/.
Anonymous FTP: A process whereby visitors without FTP accounts may upload and download files to and from a website<. Although it poses security risks, anonymous FTP can be convenient if the site owner wishes to make files publicly available for downloading. When setting up anonymous FTP, it is important to protect any sensitive information by changing file permissions and directory access permissions.
Apache: A program that receives requests from web browsers. It then responds by “serving” web pages to the browsers; for this reason, it’s called web server software.
Authentication: A process for confirming the identity of someone with whom the server will share sensitive information. On the web, authentication usually involves either a username and password set or a public/private key pair.
AWStats (Advanced Web Statistics): A program that provides information about the visitors to a website in both graphical and statistical views. More information about AWStats can be found at its website: http://awstats.sourceforge.net/.
Bandwidth: The amount of data transferred to and from a server. Every time a visitor views a file (whether it’s a web page, image, video, or audio file), that file has to be transferred to the visitor’s computer. Bandwidth is the total size of all these files transferred to visitors’ computers. Hosting providers often limit a site owner’s bandwidth, as it can affect the performance of the server.
BoxTrapper: An application included with cPanel that filters spam by requiring would-be senders to reply to a verification email (also known as challenge-response verification). Only after the sender is verified through the reply will his or her original email be accepted.
BoxTrapper Blacklist: A list of email addresses from which incoming mail will be automatically blocked by the BoxTrapper application. cPanel automatically sends a configurable warning message upon receipt of mail from a blacklisted address. See also BoxTrapper Ignore List andBoxTrapper Whitelist.
BoxTrapper Ignore List: A list of email addresses from which incoming mail will be blocked. cPanel does not send a warning message upon receipt of mail from an address ignored by the BoxTrapper application. See also BoxTrapper Blacklist and BoxTrapper Whitelist.
BoxTrapper Whitelist: A list of email addresses from which incoming mail will automatically be accepted by the BoxTrapper application. See alsoBoxTrapper Ignore List and BoxTrapper Blacklist.
Build: Formerly, a minor version of cPanel. (These are now referred to as Release Tiers).
Catch-All Address: The email address to which cPanel & WHM routes any email message sent to email accounts which do not exist at a domain. Also known as a Default Address.
CGI (Common Gateway Interface): A protocol that lets a web server communicate with scripts and other software. cPanel’s CGI Center provides an array of CGI scripts that let website owners generate and manage useful features for websites, including a guestbook, clock, hit counter, countdown clock, and banner ads.
CIDR (Classless Inter-Domain Routing): A routing method that assigns each Internet user to a four-part IP address, with each part separated by a decimal, followed by a slash and a number between 0 and 32.
CLI (Command Line Interface): A means of communicating with a computer by typing commands. On Unix systems, this is also often called a shell.
cPAddons: Pieces of software that website owners can install on a website through cPanel. cPAddons provide useful tools to a website. Common examples include bulletin boards, chat programs, and online shopping carts.
DKIM: The replacement for the older DomainKeys protocol. Like DomainKeys, DKIM attempts to verify the origins of email messages.
Default Address: The email address to which cPanel routes any email message sent to email accounts which do not exist at a domain. Also known as a Catch-All Address.
Directory (Folder): A repository for files, analogous to a file folder on a personal computer. In website management, a directory will contain the website’s files.
DNS (Domain Name System): The component of the Internet which acts as a “phone book,” converting human-readable domain names (such aswww.example.com) into computer-readable IP addresses (such as 208.77.188.166, in the case of example.com).
Domain: The name a site owner gives a website, which will appear in the website’s URL and email addresses. Usually seen as example.com, whereexample is meant for the domain name.
FQDN (Fully Qualified Domain Name): A name that uniquely defines a domain’s location. It is usually seen as host.example.com. with a trailing dot. For the purposes of cPanel, including a final dot is not necessary, but the domain name must contain at least 2 dots. FQDNs must be written in lowercase letters.
#FrontPage FrontPage®: A Microsoft® application that allows site owners to edit a web page in WYSIWYG (“what-you-see-is-what-you-get”) format, rather than using raw HTML code and CSS. WHM provides [[AllDocumentation/CpanelDocs.Glossary#FrontPage][FrontPage]] extensions, so site owners can publish their sites using [[AllDocumentation/CpanelDocs.Glossary#FrontPage][FrontPage]], allowing them to skip the FTP process.
FTP (File Transfer Protocol): A method of transferring files from one computer to another. cPanel & WHM comes equipped with an FTP server that can be configured to the website owner’s preference. An FTP client must be installed on the local computer in order to send files to and receive files from the FTP server. Some FTP clients include FileZilla (for Windows®, Linux, and Unix), and Cyberduck (for Mac®).
gzip: A program which compresses files for disk space conservation, minimizing transfer times, and making the transfer of multiple files easier. The compressed files use the filename extension .gz. In Unix and Linux systems, gzip is often used with tar to create a “tarball” file (which ends with.tar.gz).
Home Directory: A cPanel account’s highest-level directory, which contains all the files and directories used by websites managed by the account. Files placed in a home directory are not viewable online unless they reside in the public_html directory or a subdirectory of public_html.
.htaccess: A file that resides in a specific directory, and contains configuration information applying to that directory. The .htaccess file may also contain authentication instructions.
HTML (Hypertext Markup Language): The language in which most pages on the World Wide Web are written.
IMAP (Internet Message Access Protocol): Along with POP3, one of the two most widely used email transfer methods. IMAP synchronizes email account information with the mail server on a regular basis. If a user logs into multiple computers to check email, IMAP will allow the user to see what messages they have viewed, replied to, forwarded, etc. POP3 does not display this information.
Index Page: The page, most often titled index.html, index.htm or index.php, viewed by default when a visitor accesses a directory of a website. If no index page exists for the specified directory, the visitor will see a list of files in that directory, unless indexing is disabled in cPanel.
IP (Internet Protocol) Address: A number that identifies a computer on a network, making it possible for other computers to find and communicate with it.
Key: In cryptography, a key is used to encrypt or decrypt information. Keys are an important part of encryption and security and should be guarded appropriately. A key file is saved with the filename extension .key.
Log: A file, automatically created by the server, that records activities performed by specific programs and applications on the server. For instance, error logs are lists, generated by Apache, of errors that visitors have encountered on a website.
Logaholic: A web analytics program that delivers information about your website’s traffic, keywords, and content. For more information about Logaholic, please visit http://www.logaholic.com.
Mailing List: A list of email addresses which list members can use to communicate. Alternatively, such a list can be used to send email messages to a large group of people. cPanel & WHM uses a program called Mailman for mailing list software. For more information, please see the Mailman website, http://www.list.org.
MX (Mail eXchanger) Entry: A record that specifies where email should be sent for a domain, as it contains the mail server’s IP address. When using an email scanning service or custom mail delivery, the server administrator may need to change the MX record for a domain using the Edit MX Entry feature in WHM.
MySQL: A relational database management tool and server, as well as the type of database it manages. Databases are an integral part of web applications, such as bulletin boards and blogs. cPanel provides an integrated MySQL interface as well as a MySQL database editing tool called phpMyAdmin. WHM lets server administrator manage MySQL database services via the SQL Services section.
Nameserver: A piece of software that obtains DNS information from a physical nameserver, a computer that contains a list of domain names and their corresponding IP addresses. These computers are spread through the Internet and allow visitors to access a domain via its IP address.Nameserver software gathers data about domains over time; therefore, changes to DNS records can take up to a week to reach all the nameservers on the Internet (or “propagate”).
Parked Domain: A second domain that points to a primary domain. When users attempt to access the parked domain, they will see the main website. For example, both http://www.cpanel.net and http://www.cpanel.com go to the same place, as cpanel.com is a parked domain for cpanel.net.
Perl: Known for its ability to process text, Perl is a useful language for web applications. Perl applications are commonly found as .pl, .pm, and .cgifiles and may require Perl modules. Perl modules can be installed from cPanel (using the Perl Modules screen) and in WHM (using the Install a Perl Module screen).
Perl Module: A piece of software written in the Perl language. Modules are common pieces of software that are reused often. For example, rather than writing a set of functions to display calendars, a user can simply use a calendar module.
PHP: A computer scripting language in which many web-based applications are written. PHP applications are commonly found with the filename extensions .php, .php4, or .php5. Some PHP applications require PEAR packages, which can be installed in cPanel through the PHP PEAR Packagesfeature and in WHM through the Module Installers feature.
PHP Package: A piece of software written in the PHP language.
phpMyAdmin: A graphical application that allows server administrators to manipulate and manage MySQL databases over the Internet. Full documentation for phpMyAdmin can be found at its creators’ website: http://www.phpmyadmin.net.
POP3 (Post Office Protocol version 3): Along with IMAP, one of the two most widely used email transfer methods. POP3 simply copies every message in an email account to a local computer, removing it from the mail server. No information is sent back to the email account about message replies, forwarding, etc. If an account owner uses multiple computers to check email, it is advisable to use IMAP instead of POP3.
Proxy: Short for a proxy server. This server receives requests from users and forwards those requests to other servers.
public_html: A subdirectory, located inside the home directory, that contains files that are publicly accessible via HTTP. The www directory is a link topublic_html. Any files and folders inside of public_html are visible over the Internet, unless the website owner specifically protects them with password protection or using the .htaccess file.
Redirect: To send users who access a domain to another domain. For example, a user may reach example.com by typing example2.com. cPanel allows website owners to set up either temporary or permanent redirects. See also domain forwarding.
Referer: A web page which links to a site; also called an “HTTP referer.” This spelling is the industry standard term, though it is based on a misspelling of “referrer.”
Release Tiers: These exist in four types which are, in order from least to most stable, EDGE, CURRENT, RELEASE, and STABLE. Please visit ourdocumentation on cPanel versions and the release process for an in-depth discussion of Release Tiers.
Root: 1) Specific to Unix and Unix-based systems, the system account, used by a system administrator, that carries full privileges for configuring a computer system. Also called “superuser.” 2) The highest level directory in a Unix or Unix-based system, usually notated by a forward slash (/).
Shell: Software that allows a user to interact with a computer. Many Unix shells allow the user to type commands, and are often referred to as CLIs, or command line interfaces.
SMTP (Simple Mail Transfer Protocol): This protocol is the standard for transmitting email messages across the Internet. It is namely used forsending mail to a mail server’s relayer.
Spam: Chiefly, unsolicited email sent in bulk, usually by an automated system. As spam is considered a costly nuisance to the recipient, cPanel includes features like SpamAssassin and BoxTrapper that can cut down on the amount of spam received. Server administrators can use the Tweak Settings screen to enable these services for their users.
#SpamAssassin SpamAssassin: An application which can filter suspected spam. SpamAssassin can be configured to filter spam more or less aggressively, according to the user’s needs. Learn more about SpamAssassin at http://spamassassin.apache.org. Server administrators can use theTweak Settings screen to enable this service for their users.
Spoof: An attack wherein the attacker conceals his identity by appearing as another user through the falsification of data, such as email headers. Enabling SPF makes it more difficult for spammers to spoof a domain.
SSH (Secure Shell Handler): A network protocol that allows a user to log into a remote machine securely. cPanel & WHM can create keys for authenticating a user’s identity during SSH login, and lets users manage SSH keys.
SSL (Secure Sockets Layer)/TLS (Transport Layer Security): TLS is simply the more recent version of SSL. Both are cryptographic schemes that allow for secure interaction between a web browser and a web server. All sensitive data (credit card numbers, login information, etc) that is transmitted over the Internet should be protected by SSL/TLS. Website owners can install an SSL certificate on a website (via the Install a SSL Certificate and Setup the Domain feature) to allow the site to be protected by SSL/TLS.
SSL Certificate: An electronic document (using the filename extension .crt) which binds a public key to an identity consisting of an email address, company, and location. This electronic document is a key piece in an authentication process.
Subdomain: A subsection of a website that exists as a subdirectory in the website owner’s home folder. If the domain were example.com, then the subdomain URL would appear as subdomain.example.com.
URL (Universal Resource Locator): On the web, a URL is a string of characters that identifies the location of a website. Since IP addresses are difficult to remember, URLs are used instead. For example, it is much easier to remember to go to http://www.example.com thanhttp://208.77.188.166. URL is often used synonymously with the terms “URI” and “web address,” although there are technical differences among the three.
Web Disk: A feature of cPanel that lets website owners manipulate web files by dragging and dropping, just as one would on a local computer’s operating system.
Webalizer, The: A program that displays various statistics for a website using tables and graphs. Full documentation for The Webalizer can be found at its creators’ website: http://www.webalizer.com.
Webmail: Any application which allows website owners to access email through a web browser. The main advantage to webmail is the ability to access the email account from any computer connected to the Internet without having to install or configure a specific mail program.
What I learnt today?
zen (Photo credit: mkebbe)
I have started working on a partially developed site in PHP/MySQL with Zen Cart Content Management System. This page covers:
1. How to install Zen Cart
2. How to add new pages to a site constructed using Zen Cart
The following is a brief introductory summary of how to get started using it and creating your own pages. It is by no means exhaustive but is instructive to follow on the links included below.
1. How to install Zen Cart
1. Firstly install XAMPP or other Windows or Linux based Web Server. Zend also has its own server. I have used XAMPP for Windows based PHPMyadmin and Apache which are included in the same Web Server Pack.
2. Secondly download Zen Cart from http://www.zen-cart.com . It has the latest version as redirected to Sourceforge for download. It also has additional instructions and help files related to download, installation and development. (I downloaded from https://sourceforge.net/projects/zencart/files/latest/download?source=files ). The downloadable file is a Compressed Archive.
3. Extract the compressed archive and save the folder in the htdocs folder of XAMP or your own Web Server’s webroot folder. Rename the folder to something shorter and simpler like zen.
4. Run the Web Server, in our case XAMP executable, and point browser to the localhost address of the zen-cart folder: in our case http://localhost/zen
5. Follow the installation instructions and press install. Meanwhile create a database in PHPMyAdmin by some name similar to zen cart for proper recognizing of Zen related databases. The installation steps will ask you for this database host “localhost”, user, password and database name.
6. The installation may ask you for further listing of the domain for secure financial transactions cURL, but I have not mentioned them since my coding is in-house for practice purposes.
7. Opt for sample Zen projects and see the typical ways Online Shopping Cart works in Sample projects.
8. Rename admin folder to something else and rename zc_install folder as well. This is requirement by zencart for secure admin site.
2. How to add new pages to a site constructed using Zen Cart
Add pages to ‘includes’ folder:
1. includes >> Languages >> English >> HTML_includes : naming convention in this folder is define_PAGENAME.php where you add your page name to PAGENAME . Here is the main html logic included. You can also add php tags here. The global database variable $db can also be used.
2. includes >> modules >> pages : add folder for the name of the page PAGENAME here and include header.php here as is in other folders inside pages folder. every page has its own folder by the name of the page and the folder has header.php and an optional stylesheet.
3. includes >> templates : add templates for style sheets. Alternatively, you can edit the global stylesheet template in includes >> templates >> templates_default >> css >> stylesheet.css
Related articles
- Is a Content Management System Right for Your Website? (phoenixemedia.wordpress.com)
- Most Suitable Zen Cart Addons By Using Store Manager For Zen Cart Software (valenciawebdesigner.com)
- XAMPP: Easily Install A Web Server In Your Windows (maketecheasier.com)
Benny Hinn Ministries – Contact Us – Pastor Benny Hinn – Benny Hinn Ministries
Benny Hinn Ministries – Contact Us – Pastor Benny Hinn – Benny Hinn Ministries.
Contact Us
North America
Benny Hinn Ministries Headquarters
-
P.O. Box 162000
- Irving, TX, 75016-2000
- 800-433-1900
This Is Your Day
-
P.O. Box 162000
- Irving, TX, 75016-2000
- 800-433-1900
- Customer Service:
- Phone: 877-227-6368
- Email: cservice@imail.bennyhinn.org
- Donations & Product Orders:
- Phone: 800-433-1900
- General Correspondence:
- Email:inforequest@imail.bennyhinn.org
- Web-Related Issues:
- E-mail: webhelp@imail.bennyhinn.org
Canada
- P.O. Box 638, Station U
- Toronto, Ontario M8Z 5Y9
- Phone: 905-501-0115
- E-mail:caninfo@imail.bennyhinn.org
Africa
- Private Bag X54335
- Durban 4000, South Africa
- Within South Africa:
Phone: 0315664811
Fax: 0315664817
Outside South Africa:
Phone: 27315664811
Fax: 27315664817 - E-mail:zainfo@imail.bennyhinn.org
Asia
- Philippines
- P.O. Box 4475
- Manila CPO 1084
- Manila, Philippines
- Phone: 632 752 553 6301
- E-mail:phpinfo@imail.bennyhinn.org
- India
- P.O. Box 5505
- Bangalore GPO 560 001
- Karnataka, India
- Phone: 91 80 41233600
- E-mail:indiainfo@imail.bennyhinn.org
- Singapore
- Benny Hinn Ministries Asia
- Changi Airfreight Centre
- P.O. Box 850
- Singapore 918115
Australia-Pacific
- Australia
- P.O. Box 2422
- Mansfield, Qld. 4122
- Phone: 61 (0) 7 33433977
- E-mail:ausinfo@imail.bennyhinn.org
- New Zealand
- P.O. Box 91986
- Victoria Street West
- Auckland 1142
- New Zealand
- Phone: 0800 700 933 (toll free)
Europe
- England
- P.O. Box 30319
- London NW10 7ZP England
- Phone: 44 (0) 208961 1978
- E-mail:eurinfo@imail.bennyhinn.org
- Germany
- PO Box 20 01 59
- 13511 Berlin
- Germany
- E-mail:germanprayer@imail.bennyhinn.org
Middle East
- Cyprus
- P.O.Box 55312
- CY3821 Lemesos
- Cyprus
- Dubai
- Level 41 Emirates Towers
- PO Box 31303
- Dubai, UAE
- farsi@bennyhinn.org
Latin America
- Latin America
- P.O. Box 162000
- Irving , TX ,75016-2000
- United States of America
- Phone: +817-722-2000
I am writing to you as a voter in your district. I urge you to vote “no” on cloture for S. 968, the PROTECT IP Act, on Jan. 24th. The PROTECT IP Act is dangerous, ineffective, and short-sighted. It does not deserve floor consideration. I urge my representative to vote “no” on SOPA, the corresponding House bill.
Over coming days you’ll be hearing from the many businesses, advocacy organizations, and ordinary Americans who oppose this legislation because of the myriad ways in which it will stifle free speech and innovation. We hope you’ll take our concerns to heart and oppose this legislation by voting “no” on cloture.
http://fightforthefuture.org/pipa/
What I learnt today
I learnt today how to update and insert from one table into another
insert into Cat select distinct main_id, '', 1 from SubCat
| **main_id** | **exam_type** | **IsEnable** |
| 1 | 1 | |
| 2 | 1 | |
| 3 | 1 |
After inserting, we updated the table with proper exam codes from table SubCat into the exam_types column of Cat table. The exam codes are taken for the same main_id in both the tables Cat and SubCat.
update dbo.Cat
Set exam_type = dbo.SubCat.exam_code
from dbo.SubCat, dbo.Cat
where dbo.Cat.main_id = dbo.SubCat.main_id
| **main_id** | **exam_type** | **IsEnable** |
| 1 | 70-162 | 1 |
| 2 | LX0-101 | 1 |
| 3 | CICSP | 1 |
What I learned today
Suppose you have found a script like
<script style=”http://www.mysite.com/ur.php”></script>
in the database table. You have found out that it is a malvare code injected into your database table faultyTable in the column column_name appended at the end of the varchar text. Now you need to remove it from the varchar string of your column column_name of table faultyTable. Here is how you execute an SQL script for it.
PROCEDURE PurgeSqlInjectionFromfaultyTable
AS
Begin
Update faultyTable
Set
faultyTable.column_name =Left(faultyTable.column_name,PatIndex(‘%<%’, faultyTable.column_name +’1′)- 1)
End
GO
PatIndex will look for the first character that falls in the range of 0-9, and return it’s character position, which you can use with the LEFT function to extract the correct data. Note that PatIndex is actually using Data + ’1′. This protects us from data where there are no numbers found. If there are no numbers, PatIndex would return 0. In this case, the LEFT function would error because we are using Left(Data, PatIndex - 1). When PatIndex returns 0, we would end up with Left(Data, -1) which returns an error.
There are still ways this can fail. For a full explanation, I encourage you to read:
Extracting numbers with SQL Server
That article shows how to get numbers out of a string. In your case, you want to get alpha characters instead. However, the process is similar enough that you can probably learn something useful out of it.
Courtesy: http://stackoverflow.com/questions/375133/how-do-i-extract-part-of-a-string-in-t-sql
What I have found as the root cause of our Sql Injection backdoor threat is this SQL statement
Query=”SELECT TOP 3 title_id,title,description,posting_date”&_
” FROM MyTable”&_
” WHERE cat_id=1″&_
” ORDER BY posting_Date desc”
This table had caused an encroachment into the title column of a script of hacking turkish site Grim.
I confirmed it from the database.
To correct it, I had to remove the script injected into title column and restructure the query statement to
Query=”SELECT TOP 3 title_id,title,description,posting_date FROM MyTable WHERE cat_id=1 ORDER BY posting_Date desc”
This made the broken string into one whole string and sealed the cracks into sql statement from where the attack could enter.
More secure is to use views and stored procedures and call them to return the same as the query above.
Query = “Select title_id,title,description,posting_date FROM ViewOfTop3Titles”
CREATE PROCEDURE dbo.ViewOfTop3Titles
AS
Begin
– SET NOCOUNT ON added to prevent extra result sets from
– interfering with SELECT statements.
SET NOCOUNT ON;
SELECT TOP 3 title_id,title,description,posting_date FROM MyTable WHERE cat_id=1 ORDER BY posting_Date desc
End
GO
Related articles
- What I learnt today? (ahsannabi.wordpress.com)
- How to Stop SQL Injection (imperva.com)
- SQL Injection Infinitum: Lilupophilupop (infosecurity.us)
What I learnt today
I learned today how a faulty ftp connection can be fixed using active/passive mode on FileZilla. I also learnt why it is best to use a cloud technology to keep a centralized database required for a number of coexisting websites.
We have been using a shared database and ftp server on www.appliedi.net . We have two websites and one connected main database on the server. The site provides domain specific user accounts for ftp users. We used one ftp user account. It sometimes connected and mostly did not today, on January 2nd, 2012. It had worked perfectly fine earlier before Christmas. One of these days the server must be on high load. The support staff suggested us to use active mode server listing. We could not configure active mode. By default it was passive mode on FileZilla. Using the Wizard for Active/Passive and other configurations also did not work. Brainstorming with the junior support staffdid not work out until we asked his manager.
The Manager used www.join.me to remotely connect and control our desktop. We gave him the mouse and keyboard control. He went into Edit>> Settings and clicked FTP. On the Transfer Mode section, he selected Active and checked the option “Allow fall back to other transfer mode on failure”. He also double checked that Active Mode and Passive Mode settings have same default settings. Active Mode IP section opts for asking your operating system for external IP address and Passive Mode option is for “fall back to active mode”.
Hence we saw that the directory listing inside the root folder for all directories became accessible using active mode. He also chose the direct server name instead of the alias that we had set in our web-hosting panel.
However, there are still new issues that we found out using customer support today. One issue is that we are using a single database with multiple sites some of which are on other firm’s FTP servers. This, the support informed, is not supported. They suggested we shifted to same company’s Database and File-Server support. They gave us three options. Two were Shared and Dedicated options that we already knew. But one new efficient option is Cloud Server.
Let me show you the third option on Cloud in detail as below:
| Developer | Small Business | Enterprise |
|
PRICING:
|
$69.95/month
|
$99.95/month
|
$199.95/month
|
||
 |
|
|
|||
|
1 | 1 | 2 | ||
|
1 GB | 1 GB | 2 GB | ||
|
50 GB | 100 GB | 150 GB | ||
|
500 GB | 1000 GB | 1500 GB | ||
|
 |
|
|
||
|
5 | 5 | 5 | ||
|
 |
|
|
||
|
|
|
|
||
|
|
|
|
||
|
|
|
|
||
|
|
|
|
||
|
|
|
|
||
|
|
|
|
||
|
|
|
|
||
|
|
|
|
