colocated at C7 Data Centers
administered by Anavi Design
Berkeley Data Systems, creators of Mozy Online Backup, will be holding its second semiannual coding deathmatch on Saturday, April 14. Billed as a “thinly disguised recruiting effort to find the best local engineers,” the competition is open to all Utah residents.
The previous deathmatch saw over 100 participants and was a success both for the 8 finalists who received prize money, and for BDS who hired 4 new engineers in the process.
Are your apps sufficiently protected against SQL injection? Do you currently validate and sanitize all types (strings, numbers) and methods (forms, cookies, query strings) of user input before using it in a database query? If not, it’s only a matter of time before serious pwnage…
This article is good primer for newbies and reminder for gurus…
SQL Injection Attacks by Example
If you aren’t already using prepared statements, now’s as good a time as any to start:
Since SQLite comes bundled with PHP 5, I thought I’d post this for those interested.
SQLite currently does not support ALTER TABLE statements. This can make developing/modifying an app a bit cumbersome, since modifying a table requires creating a temp table and copying data back and forth. To this end, I’ve created a PHP wrapper for SQLite that does the dirty work for you and supports all types of ALTER TABLE statements. The source is in the public domain, so you may use it however you like.
Documentation:
http://code.jenseng.com/db/
Source:
http://code.jenseng.com/db/sql.txt
I will be releasing an optimized version with cleaner code, more comments, and additional functionality (such as RENAME TABLE) in a few weeks.
