How to use PDO and Parameter Binding

Parameter binding is essential for protecting your web application from SQL-injection. Pretty much all data which is going to be used in SQL statement needs binding. Binding simply saying is just a way to tell engine that a particular piece of data is a string, number, character and so on. By doing this special characters like quotes and double quotes, semi-colons, etc. won’t be interpreted as commands by the database.

Example:

public function dbSelect($table, $fieldname=null, $id=null)        {
$this->conn();
$sql = "SELECT * FROM `$table` WHERE `$fieldname`=:id";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':id', $id);
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}

Continue reading “How to use PDO and Parameter Binding”

How to Get XML From Database – Simple Perl Script

Although Perl is relatively old programming language and there should be plenty of reference available online – I still find it challenging to write something new in Perl because of it’s unusual syntax and many ways of doing the same thing.
Here is a simple script to get XML from database.
Continue reading “How to Get XML From Database – Simple Perl Script”

Why and How to Write a Website Proposal

If you are reading this post probably you already know how proposal might be important, if not then it’s definitely worth repeating: bad or even worse no proposal at all could be not only a deal breaker but a could turn into a nightmare for you (price is too low, client’s expectations too high and so on). And having a proposal makes a beginner freelancer look more professional – that’s always a good selling point.

Continue reading “Why and How to Write a Website Proposal”

Quotes and Perl Script

Recently I encountered problem that some characters weren’t displayed correctly on a web page generated by CGI script – when I ran it in unix console I got following message:

Some character(s) could not be converted into client’s character set. Unconverted bytes were changed to question marks (‘?’)

It appeared all I needed to do is to explicitly set the character set when I create Sybase instance with DBSETLCHARSET:

$dbh = new Sybase::DBlib $user, $pwd, $server, DBSETLCHARSET('UTF-8');