I had a hard time running multiple UPDATE commands on an MSAccess database. Even the latest version choke on the following error.
Thursday, November 17, 2011
Thursday, October 06, 2011
PHP security tips
When programming in PHP please pay attention to the following tips. PHP code examples below try to make it impossible to make a mistake by hiding default (non-secure) variables and securing the data on the fly. When you get used to it, you will be able to smell insecure code.
Must be escaped: dataXSS ?>
Validating input
Don’t use values from $_REQUEST ($_GET, $_POST) directly assuming they contain data of the necessary data type. Validation or casting is required. For example intval($_REQUEST['id']) will make sure you have an integer. Using a dedicated class for reading URL/Form parameters will allow you to unset($_REQUEST) completely making sure you (or any other developer) is using casting or validation. For example:
class Request {
protected $data = array();
function __construct($other = NULL) {
$this->data = $other ?: $_REQUEST;
if (!$other) unset($_REQUEST);
}
function getInt($name) {
return intval($this->data[$name]);
}
function getTrim($name) {
return trim($this->data[$name]);
}
…
}
$r = new Request();
echo $r->getInt('id'); // 15
echo $_REQUEST['id']; // NULL
Note that once you created an instance of the Request class you can't use $_REQUEST anymore, which is good. Request could be made a singleton in order to be able to access it from multiple controllers.
Escape output
In order to prevent XSS you need to use htmlspecialchars() on every dynamic value which may come from the database, user input or web-service. Similarly to the example above it is recommended to close the possibility of using the values without escaping. For example the following View class (from MVC) doesn't allow accessing query results directly:
class View {
protected $file;
protected $caller;
function __construct($file, $controller) {
$this->file = $file;
$this->caller = $controller;
}
function render() {
$file = 'template/'.$this->file;
ob_start();
require($file);
$content = ob_get_clean();
return $content;
}
function __call($func, array $args) {
$method = array($this->caller, $func);
return call_user_func_array($method, $args);
}
function __get($var) {
return htmlspecialchars($this->caller->$var);
}
}
$c = new Controller();
$c->dataXSS = '';
echo new View('output.phtml', $c);
// ---- output.phtml
Test View Controller
Note that in the template we can access data from the controller directly like this: dataXSS ?>, but this data will be processed with htmlspecialchars() invisibly for you.
Friday, September 23, 2011
Friend Share idea for Android
An Android (and other platforms including PC) app to share MP3 and other files QUICKLY among friends and people around them. The main aspect is that sharing happens without connection to the Internet – device to device.
Upon downloading user has to specify his nickname so that he can be identified among other friends in the vicinity. An application will start searching for the same app running on other devices around you. WiFi works in a radius about 100 meters so your friends have to be close to be able to connect. Shown devices will be shown in the list sorted by the signal strength which roughly corresponds to the distance to them in the real life.
Selecting a person allows to see files which they have shared (and maybe a currently playing MP3 file). Files can be downloaded by clicking on the download icon on the right (see the Android call-log app).
Two shared folders for friends, for non-friends.
Make friends function which asks to gently hit both phones (with gyro sensors) to confirm friending.
Update: I have found out with amazement that such software already exists: http://bu.mp/. Are they reading my mind or the idea is just so obvious simple?
Upon downloading user has to specify his nickname so that he can be identified among other friends in the vicinity. An application will start searching for the same app running on other devices around you. WiFi works in a radius about 100 meters so your friends have to be close to be able to connect. Shown devices will be shown in the list sorted by the signal strength which roughly corresponds to the distance to them in the real life.
Selecting a person allows to see files which they have shared (and maybe a currently playing MP3 file). Files can be downloaded by clicking on the download icon on the right (see the Android call-log app).
Two shared folders for friends, for non-friends.
Make friends function which asks to gently hit both phones (with gyro sensors) to confirm friending.
Update: I have found out with amazement that such software already exists: http://bu.mp/. Are they reading my mind or the idea is just so obvious simple?
Wednesday, August 10, 2011
Route Frankfurt -> Le Grau du Roi
Strangely the route Frankfurt -> Le Grau du Roi (1000 km) toll costs less than the route Le Grau du Roi -> Nice (300 km).
- Frankfurt -> LGDR: 31.40 EUR
- LGDR -> Nice and back: 44.30 EUR
- LGDR -> Frankfurt: 37.10 EUR
Wednesday, July 20, 2011
NL visit 2011
In relation to the previous post, some things we have seen and some things we missed.
Seen:
Seen:
- Man made crater
- Lighthouse Den Haag
- Katwijk am Zee
- Leiden Marktplatz
- Flowerhouse near grass field
- Erasmusbrug
- Splashtours (on water)
- Overblaak
Not seen:
General impressions: architects are stoned and it's good this way.
Thursday, July 14, 2011
Take List
- Паспорта
- Подтверждение из отеля
- Самоучитель голландского
- МП3 курс голландского
- Плавки
- Лопату большую
- Пасочки
- Плавательные игрушки
- Воздушные змеи
- Книгу про песочные замки
- Памперсы
- Ноутбук с кучей фильмиков
- Включить ГПС при выезде
- Икспериа Арк
- Заехать к доктору
- Полотенца,
- Одежды на 2 дня
- Теплую куртку
- Палатку пляжную
- Простилку
- Очки
- Доску для серфинга
- Кредитку
- Стульчик
- Зарядку для мобилки
- Хорошее настроение
- Шорты
- Фотык (без фоток) и зарядку
- Крем от солнца (дождя?)
- Тапки
- Надувную подушку
- Зубную щетку, пасту
- Бритву и лезвия
- Резиновые сапоги
- Резиновый комбинезон
- Фен
- Карты бумажные (sic!)
- ...
Wednesday, July 13, 2011
Wednesday, July 06, 2011
PHP: Transparent Self-Caching of Objects
When programming PHP I work with objects. Some objects exist only once in memory. Either just because they are instantiated once or by using a Singleton design pattern. Other objects are multiple. In PHP, it being a stateless language, these objects need to be created with every page load. Having too many objects loading every time will slow down your web-site. What comes as a natural solution is caching.
Caching is often thought as an outside operation in regards to the objects. Thus it looks scary, you have to change the way you instantiate objects in your code (in many different places) so that it uses caching. Here I will present a way to implement an internal caching - objects will cache themselves almost seamlessly.
Caching is often thought as an outside operation in regards to the objects. Thus it looks scary, you have to change the way you instantiate objects in your code (in many different places) so that it uses caching. Here I will present a way to implement an internal caching - objects will cache themselves almost seamlessly.
Augmented Reality for Car Drivers
Like I have envisioned in one of the previous posts, there is already AR for car drivers. It's not a full windshield projection monitor, it's just an Android app, but hey, it's just the beginning.
iOnRoad
iOnRoad
Monday, June 27, 2011
How did ancient languages get complicated in the first place
I've heard from my German teacher that Latin and other languages of that time were more "complicated". One can argue that linguists don't operate with such categories as "simple" and "complicated" but you know what I mean. If not - read this post Why is the grammar of old languages so complicated?
Linguists rather speak in terms of "inflectional morphology", "morphological variation", "variation in phonemes"... They even counted these and other language features in each of the languages (2,236 to be precise and 504 in another study) and found out that the older the language - the more "complicated" it is: Babelicious! Bigger languages are also simpler ones and Where on Earth did language begin? And the most complicated language in terms of phonemes variation is !Xu - a language spoken in southern Africa which has 141 phonemes opposed to 44 in English. That correlates with the idea that Homo Sapiens evolved from Africa and confirms what my German teacher said. But
How did ancient languages get complicated in the first place?
Linguists rather speak in terms of "inflectional morphology", "morphological variation", "variation in phonemes"... They even counted these and other language features in each of the languages (2,236 to be precise and 504 in another study) and found out that the older the language - the more "complicated" it is: Babelicious! Bigger languages are also simpler ones and Where on Earth did language begin? And the most complicated language in terms of phonemes variation is !Xu - a language spoken in southern Africa which has 141 phonemes opposed to 44 in English. That correlates with the idea that Homo Sapiens evolved from Africa and confirms what my German teacher said. But
How did ancient languages get complicated in the first place?
Friday, June 17, 2011
Transpose 2D array in PHP
Transposing means swapping columns and rows so that columns become rows and vice versa. When searching for a nice function which I could copy/paste to my code I have found the following comment to the array_map() function (http://de2.php.net/manual/en/function.array-map.php#86743):
Thursday, June 02, 2011
Wednesday, June 01, 2011
I’m looking for someone...
Update: TagMap is that app I was thinking of.
https://www.youtube.com/watch?v=18H5FBoGL3o
Apparently, any idea you have will be turned into business by somebody else.
Check the Bump.
Buzzwords:
So if such an application would exist, you would put your mobile device on the key-chain and let it hang on your breast (or belly) showing (or blinking) a message saying:
https://www.youtube.com/watch?v=18H5FBoGL3o
Apparently, any idea you have will be turned into business by somebody else.
Check the Bump.
Buzzwords:
- Android app
- Location aware
- Social communication
- Online, Web 2.0
Preamble
Imagine you’re on the business trip (or vacation) in some other city (like Berlin). You’ve done your business (or sightseeing) and have some time until you go to bed. You might feel very lonely in a large (or small) town. There might be people all around you, locals, foreigners and even from the your country (or even city). Imagine an app which would allow you to get connected to some other lonely people out there (some maybe just around the corner).So if such an application would exist, you would put your mobile device on the key-chain and let it hang on your breast (or belly) showing (or blinking) a message saying:
Monday, April 11, 2011
Eco Driving Analytics
Eco Driving Analytics
Isn’t that a cool car? I wish it would be possible to export the data on a USB stick and review / analyze on my own PC. That would be analytics nirvana. :-D
Friday, April 01, 2011
Thursday, March 10, 2011
Почему богатые не делятся деньгами с бедными
Есть много степеней богатства, почти столько-же сколько и людей на свете. Для практичности выделяют более обобщенные уровни. Иногда 3:
- нижший
- средний и
- высший класс.
В данном материале, произведении, обзоре, посте мы будем рассматривать двух конкретных представителей бедных и богатых относительно друг друга, а не в абсолютных величинах. Эта пара может представлять рабочего и директора завода, а может и бомжа в Лондоне получающего десятки фунтов в день и типичного представителя Никарагуа который работает за 1 доллар в день.
Вряд-ли бомжи, как представители низшего уровня богатства, считают себя материально богатыми (про духовное богатство тут речь не идет). Им должно казаться, что почти все другие люди богаче их и могли бы и поделится парой долларов.
Человек имеющий кров на головой, но еле сводящий концы с концами будет же считать, что у него нет свободных средств для подаяния. Если пойти и дальше по социальной лестнице вверх мы дойдем до директора завода, который не считает умесным поделится прибылью с нижестоящими, т.к. ему самому не хватает (на что не хватает не так важно, психологически он не чувствует что обладает "лишними" деньгами).
Таким образом мы начинаем понимать, зачем ТНК пытаются заработать еще больше и не делятся деньгами даже с Никарагуанцами - им самим мало.
Бедные же, в основном, не понимают как такое колличество денег может быть мало. Отсюда непонимание, зависть и революции, хотя есть примеры компаний которые все доходы раздают сотрудникам.
Все, я выговорился.
Friday, March 04, 2011
What is the best?
When you search for something in the area you are not familiar with, often you want to find the best of all options. You can find many results (with Google for example), but you still feel unsure which of the found things is the best (most used, de facto standard, most prominent, has most features, etc.). Maybe you find an answer here, where people like you ask questions and share their knowledge and experiences. If not, ask yourself and benefit from the combined "crowd knowledge".
What is the best... is a Web 2.0 website, where people can ask all kinds of questions beginning with "What is the best ...". While asking, people can propose some options and vote for them. Other people can propose other options and/or vote. The best answer (based on votes) will appear on top.
Interested? The site is not ready yet, it's still under construction. What I'm looking for is your help in organizing information on the site in such a way that it's convenient to use. Maybe you have suggestions or critique? What do you feel about the concept in general?
Some things I have in mind:
- Integrate Facebook login
- Integrate Add-this button
- Allow subscribing to receive mail with new replies.
Rechnung+
Rechnung+ is a web-tool for keeping track of the time spent on some work and making bills for it.
It is completely free for freelancers.
It allows you to enter the time (as interval or duration) which you have spent on any work. You can categorize the work into projects. You can relate your work to a ticket - effectively grouping several work inside one project.
It allows you to make invoices for any subset of the work entered in the system. The calculation of the bills total time and money (taking care of VAT) will be done automatically. The invoices can be printed or saved into PDFs.
A powerful statistical report generator will help you to analyze the work you did by time or money, grouping work by day, week, month or year, comparing selected projects to each other. For every report you generate graphical chart will be generated automatically - visualizing the information and making it easier to perceive.
Subscribe to:
Comments (Atom)