Wanting real schema support in MySQL

While upgrading WordPress towards the latest version it also required some database modifications, but there is where I start hating MySQL again and more. I really hope that MySQL will get support for schema’s as PostgreSQL or Oracle has, but it appears that MySQL has painted itself in the corner. And before some will say […]

Starting to stop SQL-injections

In a lot of PHP-examples strings are concatenated before a database query is being executed as below. Some examples advise to use PHP-functions mysql_real_escape_string() and/or addslashes() to make database query safe against SQL-injections. But this isn’t really a solution as when using addslashes() also requires the use of stripslashes() after retrieving data from a database. […]

Cleaning input enough?

Input validation is known issue, but writing some PHP-code today let me write the following and I’m wondering if I forgot something. It is only to make sure no cleansed variable will enter a switch statement for example. if (isset($_POST[‘action’])) if (strlen(preg_replace(“/[^a-zA-Z0-9-]/i”,””,$_POST[‘action’])) == 0) $page_action = $_POST[‘action’]; else $page_action = ”; else $page_action = ”; […]