Posts Tagged with "good practices"

I am quite sure that most of web developers know what the SQL injection is, and nowdays it seems that even junior developers know basics on how to protect web applications against this type of hacker attack. However, I often see web developers underestimate the level of potential threat. Some web developers think: "We are too small to be interesting for hackers", but they forget that security wholes in their applications can be used to attack other resources, systems and users.

In this post I am not going to show how to attack web applications using an SQL injection, but I'd like to show why SQL injection is dangerous and also how to protect against SQL injection.

If you are looking for a method to trim leading and trailing white spaces in all elements of a PHP array, you could use the following code:

<?php
// custom function to trim value
function _trim(&$value) 
{
    $value = trim($value);    
}

$data = array('  a  ',' b',' c   d ');
array_walk($data,"_trim");

var_dump($data);

/*
Output:
array (size=3)
  0 => string 'a' (length=1)
  1 => string 'b' (length=1)
  2 => string 'c   d' (length=5)

*/

This works, but might look a little long. If you want a shorter solution, here it is:

Being a web developer, I personally like short solutions, and when I code, I try to write as less code as possible. At the same time the code has to be readable for other developers without using comments.

If you want to combine create/update function into one, MySQL offers you a very useful statement : INSERT ... ON DUPLICATE KEY UPDATE.

You might also would like to read a related article How to recognize a good programmer.

Just a few thoughts...

I cannot remember how many various job interviews I have passed in my professional career. Maybe fifteen, or twenty, or maybe more. Some of them were successful, some of them not. However, very rarely I have met a really good recruitment process. Whether in Eastern Europe or in Canada – I noticed that everywhere.

Sometimes it was just a waste of my time when, for example, the potential employer declared something like: "Actually, we are looking for a specialist with a slightly different skills set" or "Unfortunately, we are limited with our budget and cannot offer you the salary that you are seeking. How about a salary 20% less than you are making now?". Seriously?!! Guys, you were aware about my salary expectations before you asked me to come for the in-person interview!

Keep in mind that for every such interview candidate should make some time to prepare, leave early from the current job (or come in later), and maybe even take a day off. Also, potential employers are spending their time too! So, why should they both waste time if a short phone call may help to figure out whether it makes sense to meet or not?!