if you search for ‘ or ” and it breaks your software

, ,

Chances are if you are using a database and your application errors out when you enter ‘ or ” into a field and you get an error this usually means your prone to SQL injection. While SQL injection is very dangerous it’s relatively simple to resolve. Now I say its simple but it could mean lots of re-work for you.

I don’t want to talk about how to prevent and cure SQL injection. But, I want to show a solution to this problem. There are already so many great resources out there on how to resolve this issue.

Really the best quick thing you can do is escape all ” and ‘. PHP has a lot of really useful commands to carry out this like mysql_real_escape_string(deprecated) But, probably the biggest thing that can be done is to use PDO(PHP Data Objects).

 

This sample query

$sql = <<<SQL
SELECT * FROM users WHERE users.id = ‘123’;
SQL;

would turn into something like this

$sql = <<<SQL
SELECT * FROM users WHERE users.id = :user_id
SQL;
$sth = $dbh->prepare($sql);
$sth->execute([‘:user_id’ => ‘1234’]);
$results = $stmt->fetchAll(PDO::FETCH_ASSOC)

 

Some useful links:

  • http://php.net/manual/en/security.database.sql-injection.php
  • https://phpdelusions.net/pdo
  • https://www.w3schools.com/sql/sql_injection.asp

testing emails

, ,

Safe Email Testing Solution

As developers or project staff it’s really hard to come up with a clean and safe email testing solution. You never want to send production emails but, really how do you test them.

I’ve recently found this service https://mailtrap.io/. You just add the email settings in your application however you usually would and all emails generated by your system will just display in your dashboard inside mail trap. Please feel free to check out this amazing service https://mailtrap.io/billing/plans

htop

,

Htop is super easy to use

Linux top is very useful in seeing system processes. The only problem is the general layout and commands are not obvious while its open. For those reasons, I like htop (htop – interactive process viewer). It lists many options on the bottom of the screen and you can press the letter h to get more detailed information. Once in the application, you can press f5 to activate tree view or you can press the period key to change the sorting column. I also use the f4 key a lot to activate the search functionality. HTop is definitely a must-have application

 

In a Debian based Linux distro like Ubuntu, Gnome, Kubuntu and plenty more just run this comment below which will install it because htop is not installed by default.

sudo apt install htop -y;

 

Some resources:

what is the cloud

The cloud just means somebodies elses computer

The cloud is really just a fancy way of saying not my computer. Like Facebook is not hosted on your computer its in the cloud, or in their data warehouse. Cloud software is convenient in so many ways. If the software needs to update we know the computer or server is hosting it and how to support it.