Month: July 2016

PHP Prepared Statements

Posted on by Mario

Print

Somehow for web developers, doing a query can be more complicated if it should face a large amount of data since you may have to repeat the same query for several times. Therefore, if you would like to input a large amount of database into your query, you can try using prepared statements to optimize your query process and prevent hacker from corrupting your database through SQL injection method. Besides, in order to execute the same (or similar) SQL statement repeatedly with high efficiency, a prepared statement is the best feature for it which it basically works like this:

  1. Prepare: An SQL statement template is created and sent to the database. Certain values are left unspecified, called parameters (labeled “?”). Example: INSERT INTO MyGuests VALUES(?,?,?)
  2. The query optimization on the SQL statement template are parsed, compiled, and performed by the database which in the end the result will be stored without the need to execute it.
  3. Execute: In the future, the application binds the values to the parameters, and the database executes the statement. The application may execute the statement as many times as it wants with different values.

There are two main advantages that prepared statements can offer when it is compared to executing SQL statements directly:

  • This technique will be suitable if you wish to reduce parsing time since you only need to make the preparation on the query once.
  • As you need send only the parameters each time and not the whole query, bound parameters will minimize bandwidth to the server.
  • Because parameter values, which are transmitted later using a different protocol, need not be correctly escaped, prepared statements are very useful against SQL injections. Besides, SQL injection cannot occur if the original statements template is not derived from external input.

Prepared Statements in MySQLi

The following example uses prepared statements and bound parameters in MySQLi:

Example (MySQLi with Prepared Statements)

<?php
$servername = “localhost”;
$username = “username”;
$password = “password”;
$dbname = “myDB”;

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
die(“Connection failed: ” . $conn->connect_error);
}

// prepare and bind
$stmt = $conn->prepare(“INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)”);
$stmt->bind_param(“sss”, $firstname, $lastname, $email);

// set parameters and execute
$firstname = “John”

$lastname = “Doe”;
$email = “john@example.com”;
$stmt->execute();

$firstname = “Mary”;
$lastname = “Moe”;
$email = “mary@example.com”;
$stmt->execute();

$firstname = “Julie”;
$lastname = “Dooley”;
$email = “julie@example.com”;
$stmt->execute();

echo “New records created successfully”;

$stmt->close();
$conn->close();
?>

Code lines to explain from the example above:

“INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)”

We insert a question mark (?) in our SQL where we want to substitute in an integer, string, double or blob value.

Then, have a look at the bind_param() function:

$stmt->bind_param(“sss”, $firstname, $lastname, $email);

This function binds the parameters to the SQL query and tells the database what the parameters are. The “sss” argument lists the types of data that the parameters are. The s character tells mysql that the parameter is a string.

The argument may be one of four types:

  • i-integer
  • d-double
  • s-string
  • b-BLOB

We must have one of these for each parameter. By telling mysql what type of data to expect, we minimize the risk of SQL injections.

Prepared Statements in PDO

The following example uses prepared statements and bound parameters in PDO:

Example (PDO with Prepared Statements)

<?php
$servername = “localhost”;
$username = “username”;
$password = “password”;
$dbname = “myDBPDO”;

try {
    $conn = new PDO(“mysql:host=$servername;dbname=$dbname”, $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 // prepare sql and bind parameters
    $stmt = $conn->prepare(“INSERT INTO MyGuests (firstname, lastname, email) 
    VALUES (:firstname, :lastname, :email)”);
    $stmt->bindParam(‘:firstname’, $firstname);
    $stmt->bindParam(‘:lastname’, $lastname);
    $stmt->bindParam(‘:email’, $email);

    // insert a row
    $firstname = “John”;
    $lastname = “Doe”;
    $email = “john@example.com”;
    $stmt->execute();

    // insert another row
    $firstname = “Mary”;
    $lastname = “Moe”;
    $email = “mary@example.com”;
    $stmt->execute();

// insert another row
    $firstname = “Julie”;
    $lastname = “Dooley”;
    $email = “julie@example.com”;
    $stmt->execute();

    echo “New records created successfully”;
    }
catch(PDOException $e)
    {
    echo “Error: ” . $e->getMessage();
    }
$conn = null;
?>

3 Ways on How to Know If Your SEO Firm is Hurting You

Posted on by Mario

3 Ways on How to Know If Your SEO Firm is Hurting You.jpg

As a web developer, you may not know how to make your website gets the first place on Google rank. Therefore, hiring SEO agency is such a good idea in order to leverage your website page rank. However, you need to know that not every SEO agency will produce you with better result. In fact, in some cases, hiring SEO agencies will somehow make your traffic drops. This is because; some of SEO firm is hurting your web rather than helping them. Below are some signs that telling if your SEO firm is hurting you

  1. They have nothing to show

A good SEO agency will come with something to show you. It is not all about the sudden results or a rise in rankings. Instead, the agency should be able to show you the actual SEO practices they are doing which can be seen after four or five months from a contract. Furthermore, you need to know that you can’t expect a significant SEO result in its early progress.

If you have no idea about what a SEO agency might provide in the first few weeks or months of a contract:

  • An SEO audit of your site
  • An analysis of your site’s link profile
  • Optimized content on your site
  • Articles with links to your site that are being or have been published on other sites.

The above points are some of the examples that prove your SEO agency are doing something.

  1. They Never Ask You for Anything

Another sign that your SEO agency is doing nothing are that they never ask you for the listed stuff below:

  • Editor or admin access to your CMS
  • View or admin access to Google Analytics
  • Access to Google Webmaster Tools
  • Access to social accounts
  • A list of target keywords
  • Past audits/penalties/work

If they never ask for any of these, it could be because they are only adding link backs from their vast network of spam sites. Since, they don’t need access, and there’s a chance that they are potentially performing harmful actions.

  1. You Start Ranking for the Wrong Keywords

When you start having a SEO agency to help with your rank, you should already know what your target keywords are.  Moreover, you can also figure out from your Google Analytics how your longtail keywords are driving traffic and/or ranking in the SERPs. To determine analytics on this, navigate to Acquisition → Keywords → Organic.

See if there is any change happens significantly to your organic keywords, there must be a reason if you begin gaining traffic from the wrong keywords. Or, the most problematic one is if you stop ranking for previously high ranking keywords. Moreover, a good goal in growing your traffic is to earn targeted traffic, if the traffic comes from wrong queries, then your SEO agency is doing indiscriminate work.

10 Terminal Shortcuts Developers Need to Know

Posted on by Mario

10 terminal shorcuts that every developers should know

There is plenty of web development software that a developer can try to help them work efficiently. However, knowing some of keywords combination will come in handy when it comes to fasten your work process. Below are 20 keyboard shortcuts on OS X that will make life easier if you’re working in terminal.

  • Option/Alt+Left or Right

Have you ever wondered what shortcut that allows you to move the cursor between separate words in a command line. Use option and the left arrow to move back and use option with the right arrow to move forward down the line.

  • Escape + T

You can use the combination keywords of Escape + T to swap the two words that appear immediately before the cursor.

  • Control + R

The combination of Control + R will locate a previously used command in Terminal since it will open up [(reverse-i-search)`’:] and allow you to find a previously used commands that you may need to access again.

  • Control + C

To abort the current application and kill what’s currently running, you can use Control and C.

  • Control + U

If you have worked until the end of a line and realize the whole line is wrong, don’t worry since you can clear the entirety of the line before the cursor by using control and U to delete it all.

  • Control + K

Control K works oppositely and produces the opposite effect from Control and U. This will clear the line that appears after the cursor which is helpful when you need to change or delete the latter half of a line.

  • Command + K

If you are looking for a combination button to delete everything you’re working on, the Command + K combination will clear it all or you can also use Control and L or by typing “clear” into terminal.

  • Control + Z

Control + Z is highly recommended when it comes to suspend what you are currently running in the background. This action will help to execute the last command entered. Bear in mind to try entering Sudo before, if you run into permission issues.

  • History + a Number

If you happen to lose track of a command you type earlier, you can type “history” into Terminal to retrieve a history of your commands or you can simply type a space then a number after history. Therefore, “history 5” will show you the last five commands you typed.

  • Escape + B

Try using an alternate way of moving the cursor back by one word through the combination of Escape + B, like you would do using the option and left arrow shortcut.