Category Archives: Coding for fun

These are basically posts based on coding for fun

Why mysql_real_escape_string() isn’t enough to stop SQL injection attacks!

Posted on by
1

We have all been there writing PHP code and trusting mysql_real_escape_string(). Alas it seems it is not enough, let us look at the example below ;

$id = “0; DELETE FROM users”;
$id = mysql_real_escape_string($id); // 0; DELETE FROM users
mysql_query(“SELECT * FROM users WHERE id={$id}”);

As you can see above simply using mysql_real_escape_string is not enough because the new output is in the end “0; Delete from users”.

However don’t fret dear reader because there is a solution! Make sure the $id is indeed only a number! This can be done by simply using the code below;

$id = “123; DELETE FROM users”;
$id = (int) $id; // 123
This way any string elements will simply won’t be added the system. Now a question may arise on how to make sure you don’t get injected with attack if the parameter is in fact a string. My answer is simply : USE THE FRICKEN SQL QUOTES! Like below;
$username = "DELETE FROM users";
$username = mysql_real_escape_string($username);
mysql_query(“SELECT * FROM users WHERE username='{$username}' ”);
The quotes will allow some protection.
I hope this helps you all! And please don’t tell newbies that mysql_real_escape_string() is enough! IT IS NOT!
Fork me on GitHub

Getting raw data from a USB mouse in Linux using Python

Posted on by
1

If you are geek your mouth should be watering by now. I will like to thank Oscar Lindberg and his cool Linux friend for this code! I was trying to get multiple-mice movement data. This is the code that got me started. Once I beautify my multiple-mouse code I will be posting it here as well. Without further ado :

mouse = file('/dev/input/mouse0')
while True:
    status, dx, dy = tuple(ord(c) for c in mouse.read(3))

    def to_signed(n):
        return n - ((0x80 & n) << 1)

    dx = to_signed(dx)
    dy = to_signed(dy)
    print "%#02x %d %d" % (status, dx, dy)

I hope this just made your day!

Getting VGA output using VHDL and a Spartan-3AN board

Posted on by
9

Hi there! Have been busy busy and busy! And you know what that means! New Code!

We were given a homework to write a game for the Spartan-3AN board. Our team decided to write a Simon Says game.(http://en.wikipedia.org/wiki/Simon_(game)) I was responsible for writing the VGA output of the program. I must say it was fun!  ( I split the post as there a lot of images in this post )

Continue reading

Mid-rise type quantizer

Posted on by
Reply
A mid-rise type quantizer for my DSP lab course. The question is as below.
Generate a discrete-time sinusoidal signal x[n] with the SinSamples() function implemented in preliminary work of experiment 1, with the parameters: A=3, w=2*pi, ws=2*pi*50, .θ=0, d=2sec. Implement 3-bit midrise type quantizer. Make the reconstruction levels be spaced so as to span the entire amplitude range of the signal. You may use the maximum amplitude of the signal in designing reconstruction levels. Plot original signal, quantized version, and quantization error. Calculate output signal to noise ratio in dB (all signal to noise ratios must be calculated in dB).

Generate a discrete-time sinusoidal signal x[n] with the SinSamples() function implemented in preliminary work of experiment 1, with the parameters: A=3, w=2*pi, ws=2*pi*50, .θ=0, d=2seca) Implement 3-bit midrise type quantizer. Make the reconstruction levels be spaced so as to span the entire amplitude range of the signal. You may use the maximum amplitude of the signal in designing reconstruction levels. Plot original signal, quantized version, and quantization error. Calculate output signal to noise ratio in dB (all signal to noise ratios must be calculated in dB).

A=3;
w=2*pi
w_s=2*pi*50;
d=2;
teta=0;
 
f = w/(2*pi);
T = 1/f;
tmin = 0;
dt = T/100;
dt1 = 1/(w_s/(2*pi));
t = tmin:dt:d;
t1 = tmin:dt1:d;
x = A*sin(w*t+teta);
x1 = A*sin(w*t1+teta);
subplot(3,1,1);
plot(t,x,'r');
hold on
stem(t1,x1);
title('The sampled and original signal');
xlabel(''), ylabel('amplitude');
grid on;
hold on
 
% Quatization part (midrise)
bit=3; %number of bits that will be used
signal=x1; %get the signal
m_max=max(abs(signal)); %find the highest magnitude used
delta=(2*m_max)/(2^bit) ;  %our step size
k_max=(2^bit)/2; %how many levels we have in one side of the quatization graph
for i=1:length(signal)
    for k=0:1:(k_max-1)
        if (((k*delta)<=abs(signal(i)))&&(abs(signal(i))<=((k+1)*delta)))
            if(signal(i)>0)
                new_signal(i)=(0.5+k)*delta;
            elseif(signal(i)<0)
                new_signal(i)=(-0.5-k)*delta;
            elseif(signal(i)==0)    
                new_signal(i)=0;
            end 
        end
 
    end
end
subplot(3,1,2);
stem(t1,new_signal);
xlabel(''), ylabel('amplitude');
grid on;
hold on
 
error=signal-new_signal;
subplot(3,1,3);
stem(t1,error);
xlabel(''), ylabel('amplitude');
grid on;
hold on

And the output is as below;

Plotting and finding the magnitude of a wav file in MATLAB[edited]

Posted on by
3

Edited: Changed code to a more correct version!
The question was;

Load the file sound1.wav(Download from here => SoundWav (176) ) (You would use MATLAB command ‘wavread’ to loadthis file. Use MATLAB help to learn the usage of ‘wavread’). This file contains a portion of speech waveform. Take the first 512 point the signal, plot the waveformand its magnitude spectrum.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

%call it like question_8('sound1.wav')
function question_8(url)
[x,fs]=wavread(url);
new_x=x(1:512);
subplot(2,1,1);
stem(new_x);
title('The sampled sound signal');
xlabel('time'), ylabel('amplitude');
grid on;
hold on
 
 
subplot(2,1,2)
N=(fs/2)*linspace(-1,1,length(x));
stem(N,fftshift(abs(fft(new_x))));
 
title('Sampled signal at frequency-domain');
xlabel('frequency'), ylabel('amplitude');
grid on;
end