SQLitening Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to the SQLitening support forums!

Pages: [1] 2 3 ... 10
 1 
 on: March 20, 2019, 04:42:39 PM 
Started by D. Wilson - Last post by D. Wilson
I have a database with multiple tables (2). I need to load information from both tables my screen. This is my overview on how I am doing it.

1) I open the connection to the Server
2) I open the database
3) I get my record from the first database. There is only 1 record from the first database
4) I close that database
5) I open the second database
6) I retreive the records from from that database. Usually there are multiple records from the second database.
7) I close the connection to the server

I use a page up/page down to retreive the next record.
I am able to do this several times then on the forth (or so ) I get an error -14 Invalid set.

I use different numbers for the returned sets. The server is on the local computer.

Any ideas or insights would be appreciated. Code Examples would be awesome.

 2 
 on: March 08, 2019, 10:06:50 AM 
Started by cj - Last post by cj
https://www.sqlite.org/lang_vacuum.html#vacuuminto

 3 
 on: December 19, 2018, 08:03:06 PM 
Started by D. Wilson - Last post by cj
Quote
Using Sqlitening - What measures should be adopted to prevent SQL Injection attacks. Any thoughts would be appreciated.

This is an old thread from 2015, but these answers were not given.
Today is 12/19/2018.

slExeBind
slSelBind
https://www.sqlitening.planetsquires.com/index.php?topic=9730.msg26326;topicseen#msg26326

Thoughts:
I've wondered who would inject the code in a local network?
If they can inject code they can just as easily write sql statements or delete a database.
If used over the internet the transmits should be encrypted so they shouldn't be able to inject.

I like slExeBind because text can be inserted "as is" without needing to wrap text with $SQ and also wrap embedded $SQ's.

 4 
 on: December 19, 2018, 07:47:03 PM 
Started by cj - Last post by cj
Not sure how I missed slSelBind.
slSelBind was added a long time ago and can prevent SQLite injection
https://sqlitening.planetsquires.com/index.php?topic=3378.0;wap2
Quote
Added the slSelBind function in order to avoid SQL injection and to improve Unicode processing.
Example extracting encrypted text (3-ways)

slexe  "create table if not exists t1(MyKey UNIQUE,MyData)"
slSetProcessMods "K" + SPACE$(32)
slSelBind "select MyData from t1 where MyKey = ?",slBuildBindDat(sKey,"T")
DO WHILE slGetRow
  ? slConvertDat(slf(1),"D")
  ? slfx(1,"D")
  ? slfnx("MyData","D")
LOOP

 5 
 on: December 19, 2018, 07:38:27 PM 
Started by D. Wilson - Last post by cj
Search on name of image or a non-encrypted column
Added slSelBind

THREADED sb AS ISTRINGBUILDERA

#INCLUDE "sqlitening.inc"

FUNCTION PBMAIN () AS LONG

 LOCAL x     AS LONG
 LOCAL sKey  AS STRING

 sb = CLASS "StringBuilderA"

 slopen "junk.db3","C"
 slexe  "drop table if exists t1"
 slexe  "create table if not exists t1(MyKey UNIQUE,MyData)"
 slSetProcessMods "K" + SPACE$(32)
 sKey = "key1"
 slExeBind "insert into t1 values(?,?)",slBuildBindDat(sKey,"T") +_
                                        slBuildBindDat("Heidi","TN")

 IF slGetChangeCount <> 1 THEN ? "Insert error":EXIT FUNCTION
 slSel "select MyData from t1 where MyKey = " + WRAP$(sKey,$SQ,$SQ)

 DO WHILE slGetRow
  AddItem slConvertDat(slf(1),"D")
  AddItem slfx(1,"D")
  AddItem slfnx("MyData","D")
 LOOP

 LOCAL sArray() AS STRING
 slSelAry  "select MyData from t1 where MyKey="+WRAP$(sKey,$SQ,$SQ),sArray(),"D1 Q9c"
 FOR x = 1 TO UBOUND(sArray)
  AddItem sArray(x)
 NEXT

 'This could prevent sql injection
 slSelBind "select MyData from t1 where MyKey = ?",slBuildBindDat(sKey,"T")
 DO WHILE slGetRow
  AddItem slConvertDat(slf(1),"D")
  AddItem slfx(1,"D")
  AddItem slfnx("MyData","D")
 LOOP
 ? sb.string
END FUNCTION

SUB AddItem(s AS STRING)
 sb.add s + $CR
END SUB

 6 
 on: December 19, 2018, 01:35:29 PM 
Started by D. Wilson - Last post by D. Wilson
That was going to be my next question. Do I write/query the database just like normal ? What about blob fields that contain images ?

 7 
 on: December 19, 2018, 01:07:27 PM 
Started by D. Wilson - Last post by cj
Searching on the blob column may not work unless you know the exact value.
It makes more sense to search on the non-encrypted columns such as a key column.
See post #5 (below) which makes more sense.
It shows using slExeBind and slSelBind which may prevent SQL injection

Get equal (=) tests seem to work (with binding), but (< and  >) are not correct.
Notice in this example "Apple" is less than "B", but "Apple" is not returned.
If anyone sees an error in my ways, please post it!
https://www.sqlitening.planetsquires.com/index.php?topic=9579.msg25200#msg25200

Hopefully other products handle this.

#INCLUDE "sqlitening.inc"

FUNCTION PBMAIN () AS LONG
 LOCAL s AS STRING
 slopen "junk.db3","C"
 slexe  "drop table if exists t1"
 slexe  "create table if not exists t1(c1)"
 slSetProcessMods "K" + SPACE$(32)  'set encrypt key
 slExeBind "insert into t1 values(?)",slBuildBindDat("Apple","TN")          'insert encrypted Apple
 slSelBind "select c1 from t1 where c1 < ?",slBuildBindDat("B","TN")        'Apple less than B test
 DO WHILE slGetRow
  s+= slfx(1,"D") + $CR
 LOOP
 ? s
END FUNCTION                   

 8 
 on: December 19, 2018, 03:24:40 AM 
Started by D. Wilson - Last post by Fim
With sqlitenings encryption you can not use SELECT * FROM TEXT WHERE ORD = 'ab??rice'
but you can do that with SQLite's encryption.
Am I right??

/Fim W.

 9 
 on: December 18, 2018, 08:48:53 PM 
Started by D. Wilson - Last post by cj
SQlitening's built-in AES256 Cookbook encryption is used on columns and can be turned on and off.
SQLitening's was written by Greg Turcheson and would not be understood by third-party viewers.

Buying SQLite's AES256 encryption or https://www.zetetic.net/sqlcipher/ encrypt at the database level.
These products may work with some third-party products


 10 
 on: December 18, 2018, 06:34:52 PM 
Started by D. Wilson - Last post by D. Wilson
What are the steps to provide encryption to an sqlite database ??

If I encrypt a database using SQLitening can I open it and decrypt it using third party tools (ie a SQLite Database Viewers)

Any help would be appreciated.

Pages: [1] 2 3 ... 10