Skip to main content

Posts

Prevent SQL INJECTION in PHP

Use prepared statements and parameterized queries. These are SQL statements that are sent to and analyzed by the database server distinctly from any parameters. This way it is not possible for an invader to insert malicious SQL. You basically have two options to achieve this: Using PDO (for any supported database driver): $stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name'); $stmt->execute(array('name' => $name)); foreach ($stmt as $row) {     // Do something with $row } Using MySQLi (for MySQL): $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $stmt->bind_param('s', $name); // 's' specifies the variable type => 'string' $stmt->execute(); $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) {     // Do something with $row } If you're linking to a database other than MySQL, there is a driver-specific

Return the response from an asynchronous call

Embrace the asynchronous behavior of JavaScript! While some asynchronous actions offer synchronous equivalents (so does "Ajax"), it's usually discouraged to use them, particularly in a browser context. Why is it not good do you ask? JavaScript goes in the UI thread of the browser and any long running process will lock the UI, creating it unresponsive. Moreover, there is an upper limit on the performance time for JavaScript and the browser will ask the user whether to continue the implementation or not. All of this is really not good user experience. The user won't be able to tell whether all is working fine or not. Also, the effect will be not good for users with a slow connection. In the following we will look at three different answers that are all building on top of each other: Promises with async/await (ES2017+, offered in older browsers if you use a transpiler or regenerator) Callbacks (popular in node) Promises with then() (ES2015+, of

What is a NullPointerException? And how to fix it?

When you declare a reference variable (object) you are actually making a pointer to an object. Consider a variable of primitive type int: int x; x = 10; In this sample, the variable x is an int and Java will initialize it to 0 for you. When you allocate it the value of 10 on the next line, your value of 10 is written into the memory location denoted by x. But, when you attempt to declare a reference type, slightly different happens. Take the following code: Integer num; num = new Integer(10); The 1 st declares a variable named num, but it does not truly hold a primitive value yet. In its place, it has a pointer (because the type is Integer which is a reference type). Meanwhile you have not yet said what to point to, Java sets it to null, which means "I am pointing to nothing". In the 2 nd line, the new keyword is used to instantiate (or generate) an object of type Integer and the pointer variable num is allocated to that Integer object.