Categories
Software Development

Using :nth-child from CSS3

As written is a previous posting about PHPUnit I also wrote the time has come to rewrite an application that is now mainly functional to a object oriented model. As doing standardized unit testing becomes easier and not an one project solution. One of the first goals is to separate the presentation layer from the […]

Categories
Software Development

Starting to stop SQL-injections, part 2

In a previous posting, I gave an example of how to make database queries safer by using parameter binding and basically stopping SQL-injections. The next step is to make the code more readable and maintainable. This doesn’t sound like a priority for secure software development, but readable code is also code that can be verified […]

Categories
Software Development

Starting to stop SQL-injections

In a lot of PHP-examples strings are concatenated before a database query is being executed as below. Some examples advise to use PHP-functions mysql_real_escape_string() and/or addslashes() to make database query safe against SQL-injections. But this isn’t really a solution as when using addslashes() also requires the use of stripslashes() after retrieving data from a database. […]

Categories
Software Development

Cleaning input enough?

Input validation is a known issue, but writing some PHP-code today let me write the following and I’m wondering if I forgot something. It is only to make sure no cleansed variable will enter a switch statement for example. if (isset(_POST[‘action’])) if (strlen(preg_replace(“/[^a-zA-Z0-9-]/i”,””,_POST[‘action’])) == 0) page_action =_POST[‘action’]; else page_action = ”; elsepage_action = ”; switch […]

Categories
Internet, Unix en security

Condensed Perl-code

Bij het opschonen cq herschijven van wat code kwam de volgende regel uit mijn vingers. Deze condensed Perl-code blijkt ook nog redelijk leesbaar te zijn. do domains{lc(1)}++ if /postfix\/qmgr.+ from=<.+\@(.+)>,/; Of het verstandig is moet de toekomst uitwijzen, maar het past nu wel netjes op één regel zonder wrapping. Een ding wat wel langzaam duidelijk […]