if you search for ‘ or ” and it breaks your software

, ,

Chances are if you are using a database and your application errors out when you enter ‘ or ” into a field and you get an error this usually means your prone to SQL injection. While SQL injection is very dangerous it’s relatively simple to resolve. Now I say its simple but it could mean lots of re-work for you.

I don’t want to talk about how to prevent and cure SQL injection. But, I want to show a solution to this problem. There are already so many great resources out there on how to resolve this issue.

Really the best quick thing you can do is escape all ” and ‘. PHP has a lot of really useful commands to carry out this like mysql_real_escape_string(deprecated) But, probably the biggest thing that can be done is to use PDO(PHP Data Objects).

 

This sample query

$sql = <<<SQL
SELECT * FROM users WHERE users.id = ‘123’;
SQL;

would turn into something like this

$sql = <<<SQL
SELECT * FROM users WHERE users.id = :user_id
SQL;
$sth = $dbh->prepare($sql);
$sth->execute([‘:user_id’ => ‘1234’]);
$results = $stmt->fetchAll(PDO::FETCH_ASSOC)

 

Some useful links:

  • http://php.net/manual/en/security.database.sql-injection.php
  • https://phpdelusions.net/pdo
  • https://www.w3schools.com/sql/sql_injection.asp

testing emails

, ,

Safe Email Testing Solution

As developers or project staff it’s really hard to come up with a clean and safe email testing solution. You never want to send production emails but, really how do you test them.

I’ve recently found this service https://mailtrap.io/. You just add the email settings in your application however you usually would and all emails generated by your system will just display in your dashboard inside mail trap. Please feel free to check out this amazing service https://mailtrap.io/billing/plans

htop

,

Htop is super easy to use

Linux top is very useful in seeing system processes. The only problem is the general layout and commands are not obvious while its open. For those reasons, I like htop (htop – interactive process viewer). It lists many options on the bottom of the screen and you can press the letter h to get more detailed information. Once in the application, you can press f5 to activate tree view or you can press the period key to change the sorting column. I also use the f4 key a lot to activate the search functionality. HTop is definitely a must-have application

 

In a Debian based Linux distro like Ubuntu, Gnome, Kubuntu and plenty more just run this comment below which will install it because htop is not installed by default.

sudo apt install htop -y;

 

Some resources:

Timesaving tips for programming
To save time, lots of people will say they have code repositories where they can easily pop in what they need. That’s not always true or the most functional way to program. I have put together a few things that I use almost daily to help save minutes here and there.

to me, notes could be:

  • searchable
  • be able to track revisions
  • be easy to use

for those reasons, I like to use a self-hosted wiki called DokuWiki, it’s free and powerful with lots of plugins and its super lite and easy to use.

Dokuwiki logo

Software Toolbox, just a few things that I use to help productivity.

phpstorm logo


I have a kind of large toolbox of software and tricks I like to use.
Some software I use A LOT:
  • kruler free on-screen pixel ruler
  • gcolor2 easy on-screen color selector
  • shutter super awesome screenshoting tool
  • PHPStorm as my ide, and a few terminal alias and scripts.

Utilize aliases and scripting when possible.

On my current project, we use Jira, which is great, but all the word we do is in feature branches. The branch name is something like Zach/bug/st-111-i-am-doing-something, and after creating the feature branch we mark the task as in development, assign ourselves, yadda yadda. So, I took an hour and scripted all that stuff. I’m not saving hours at a time by doing that. But, just consider the collective time over years of working on this project, it’ll add up. in my aliases file for my terminal I’ve added a few things that I’ll add below

This file is a little messy but it shows the point:

alias art=”php artisan”
alias codecept=”php vendor/bin/codecept”
# Enable debugger in phpstorm
alias debug=”export XDEBUG_CONFIG=\”idekey=PHPSTORM\””
# copying commands
alias rsync=”rsync -hrltiSmP”
alias dd=”dd status=progress”
alias ai=”sudo apt install -y”
alias au=”sudo apt update”
alias ag=”au && sudo apt dist-upgrade”
alias a=”git add”
alias s=”git status”
alias stat=s
alias d=”git diff”
alias checkout=”git checkout”
alias ..=”cd ..”
alias …=”cd ../..”

Hand travel time

Probably the biggest thing you can do is consider travel time. The distance your Hands move during the workday between your mouse and keyboard. Whether it’s jumping to the mouse or backspace or some other random action. An un-optimized shortcut key like in PHPStorm ctrl alt l, to format text when something like ctrl alt z would be easier for your left hand to quickly reach all the keys.
So, learning and customizing your shortcut keys will probably save you the most time in anything.
After shortcut keys, you’ll need to script what you can. Scripting can include system aliases and quick commands.
Another, for probably most of us, customize your system colors and fonts. The easier you can read code the better. By doing this the system will feel for intuitive and your eyes will be drawn to the different sections of the screen

Reduce backspacing and redundant typing

For all operating systems, you can download system-wide macros. These are even driven events that allow you to tell the computer what to do when you type or do something. Like on my computer I auto replace the lowercase i with a capital one I also replace ~addr with my full address, to show a few basic examples. In coding, you can use this to store common coding fragments or in some cases, you can create most of your code with a few simple keywords

I like to use autokey, but, I’m on Linux for other operating systems you may need to look for a good one. I think for windows you have AutoHotkey

My last and probably biggest tip

Take breaks, your mind needs time to relax and subconsciously process what you’re working on. Sometimes when I’ve tried to fix something for hours the best thing I can do is let the problem sit until the morning and BOOM within minutes I usually get it. It’s like my mind works on the problem all night or something. When you’re tired you tend to make a lot of mistakes you would not normally make. I have worked with a lot of people over the years and nobody(with a VERY few minor exceptions) can work great tired.

So while you are working on a problem subconsciously work on another simpler problem if you can/ have the time or just take a nap!

Good luck, let me know what you do to save some time. I’m always looking for more things to do to optimize my work day

what is the cloud

The cloud just means somebodies elses computer

The cloud is really just a fancy way of saying not my computer. Like Facebook is not hosted on your computer its in the cloud, or in their data warehouse. Cloud software is convenient in so many ways. If the software needs to update we know the computer or server is hosting it and how to support it.

Code View

Linux Rename

,

Rename!

there’s a really cool terminal command called “split” if you have to break up a large CSV file, such as something like a million rows, into separate files with 100k rows in each, you can just run something like
split thefile.csv -d –lines=”100000″
-d uses a numeric file increment instead of letters
from what I can tell this method will remove the file extension but you can use another terminal command called “rename” something like this should do it
rename ‘s/&/.csv’ the file* .

Useful links:

  • http://man7.org/linux/man-pages/man1/rename.1.html
  • https://linux.die.net/man/1/split

Implement dependency injection

Quick notes on implementing dependency injection

 

Most if not all PHP frameworks utilize dependency injection. Its allowing PHP to automate supplying function parameters. In my code example below in the class Test the function test requires the User class to be passed in as a parameter. Maybe you’ll want more things like Route or maybe some kind of Registry object. Having decency injection helps reduce redundant code by instantiating the function everywhere needed.

class user {
   public $id = 1;
}

class Test {
   public static function test( User $user ) {
      return $user->id;
   }
}

Here is a VERY basic example of how to implement PHP reflection.

$controller = Test;
$method = test;
$rm = new \ReflectionMethod($controller, $method);
$parameters = [];
foreach ($rm->getParameters() as $inc => $parameter) {
// Quick example getting the parameters and
// which class that parameter location is looking for
$class_name = $parameter->getType()->getName();
// Instatiate the new class
$parameters[] = new $class_name;
}
//Call the controller and method with the parameters you were expecting
call_user_func_array([$controller, $method], $parameters);

The idea is that PHP will use reflection to look at the method you are trying to call and figure out what parameters are expected. My example is simple, you can do a lot more. The idea is to present in note style form a starting point and to present the idea in a functional way.

 

Here are a few links for reference: