Technology Tales

Notes drawn from experiences in consumer and enterprise technology

07:55, 28th February 2022

Good Practices: how to sanitize, validate and escape in PHP

Proper data handling in PHP applications is often neglected even in competitive tech environments, despite being fundamental to building secure and stable software. The core practices involved are sanitising input, validating data and escaping output, each serving a distinct purpose.

Sanitising removes unsafe characters from incoming data before it reaches storage, and PHP offers tools such as htmlentities() with the ENT_QUOTES flag and the filter_var() function for handling common inputs like email addresses, though dedicated libraries such as HTML Purifier offer greater depth. SQL injection risks can be mitigated by using PDO prepared statements rather than embedding user input directly into queries.

Validation, which differs from sanitisation in that it confirms data meets expected criteria rather than cleaning it, can also be handled through filter_var() using flags such as FILTER_VALIDATE_EMAIL, or through more powerful third-party libraries. Finally, escaping output before displaying it to users prevents malicious code from being rendered or executed on a page. Taken together, these practices reduce security vulnerabilities, improve application reliability and represent a professional standard that developers at all levels should apply consistently from the outset of any project.

09:10, 26th February 2022

Show Amount Of Posts, Pages, Categories, Tags, Comments For WordPress Themes

For WordPress versions 2.5 and above, developers can display statistical counts for various content types on the front end of a WordPress theme using a set of built-in functions. The wp_count_posts() function retrieves the number of published posts and pages, while wp_count_terms() handles the counting of categories and tags.

For comments, either get_comment_count() or wp_count_comments() can be used, with both offering the ability to filter by status, such as approved, spam or awaiting moderation. These values can be formatted and displayed as an HTML list, which developers are free to style using CSS classes or IDs to suit their design needs.

09:08, 26th February 2022

Count the number of posts in the custom post type in WordPress

WordPress provides several methods to count posts within custom post types, with WP_Query being a flexible approach that uses parameters such as category_name and post_type to retrieve specific data. This class requires defining these variables in an array, which is then passed to the WP_Query constructor to generate an object that includes the total number of posts found.

Alternatively, wp_count_posts offers a simpler way to count posts based on their status, such as published or drafted, but it does not support filtering by category slugs. The get_posts function can also be used, though it is less efficient for large datasets due to its tendency to load all posts into memory before counting. Each method has distinct use cases, with WP_Query generally preferred for its versatility in handling complex queries involving custom taxonomies and post types.

11:07, 21st February 2022

R Error: Can’t rename columns that don’t exist.

When using both the plyr and dplyr packages in R, a conflict can arise with the rename function, as both packages contain a function of the same name. Because R defaults to the most recently loaded package, using the rename function after loading dplyr last will trigger the error "Can't rename columns that don't exist" if the code was written with the plyr version in mind. The fix is straightforward: by explicitly specifying the package name before the function using the format plyr::rename, R is directed to use the correct version, allowing column renaming to proceed without error.

11:06, 21st February 2022

Avoid loops in R! Really?

A common belief among R programmers is that loops are slow and should always be replaced with vectorised calculations or apply family functions such as sapply. Benchmarking tests comparing vectorised calculations, naive loops and vapply across two tasks, calculating square roots and formatting numbers with paste, reveal a more nuanced picture.

Vectorised calculations remain the fastest option for simple mathematical operations, running more than ten times faster than a loop, but vapply performs notably worse than a naive loop in that same scenario. For more complex functions like paste, the performance gap narrows considerably, with loops taking only around 50% longer than the vectorised approach and vapply performing at roughly the same speed as a loop.

The conclusion drawn is that vectorisation should be used where available, but choosing apply-family functions over loops for the sake of speed alone is not well justified. Instead, the preference for apply family functions is better understood as a matter of coding style and readability rather than performance.

18:52, 18th February 2022

SS64 is a reference guide created by Simon Sheppard that offers syntax examples and documentation for commonly used database and operating system commands. It covers areas including SQL Server and MySQL, and is regularly updated, with recent additions including PowerShell colour options and chmod references.

18:51, 18th February 2022

Gunicorn

A Python-based WSGI HTTP server designed for deploying web applications, this tool is known for its reliability in production environments and ease of use, requiring minimal configuration. It supports multiple frameworks including Django, Flask and FastAPI and offers various worker types to handle different workloads, from synchronous processing to asynchronous handling of I/O-bound tasks. The software is compatible with both WSGI and ASGI standards, allowing integration with a range of application stacks without modification. It provides documentation for deployment options such as Nginx, systemd and Docker, along with community support and resources for troubleshooting and contribution.

18:51, 18th February 2022

Flask is a lightweight WSGI web application framework designed to facilitate rapid development and scalability, relying on dependencies such as Werkzeug, Jinja and Click. Its documentation provides comprehensive guidance on installation, a quick-start guide for initial setup and a detailed tutorial for building applications, alongside sections covering configuration, testing, error handling, deployment and security considerations. Additional resources include API references, explanations of design decisions, extension development practices and information on contributing to the project, with a focus on modular application structures, command-line interfaces and asynchronous capabilities through technologies like Gevent. The framework supports a range of features, from session management and template rendering to handling HTTP methods and deploying to production environments, while also addressing best practices for configuration, logging and application lifecycle management.

16:33, 18th February 2022

MySQL DELETE Query: How to Delete a Row from Table

The MySQL DELETE command is used to remove specific rows from a database table, with the WHERE clause allowing precise filtering to target particular entries. If omitted, all rows in the table are deleted, emphasising the need for caution and prior data backups to prevent irreversible loss. Examples demonstrate deleting individual records by specifying identifiers or multiple entries using the IN clause, highlighting the command's utility in managing obsolete or temporary data while underscoring the critical importance of ensuring data integrity through careful execution and backup practices.

11:06, 18th February 2022

MySQL Change a User Password Command Tutorial

Changing a MySQL or MariaDB user password on Linux, Unix, macOS and Windows systems can be achieved through several command line methods. The primary approach involves logging into the MySQL server as a root or admin user and running an ALTER USER command followed by a FLUSH PRIVILEGES command to reload the grant tables.

For older versions of MySQL, specifically 5.7.5 and earlier, the SET PASSWORD syntax or an UPDATE command targeting the mysql.user table can be used instead. An alternative method involves the mysqladmin command line tool, which allows password changes to be made directly from the shell without needing to enter the MySQL prompt.

It is worth noting that in MySQL 5.7 and later, the Password field in the user table was replaced with authentication_string, and FLUSH PRIVILEGES is not strictly necessary when using account management statements such as ALTER USER, as the server automatically reloads the grant tables in those cases.

  • The content, images, and materials on this website are protected by copyright law and may not be reproduced, distributed, transmitted, displayed, or published in any form without the prior written permission of the copyright holder. All trademarks, logos, and brand names mentioned on this website are the property of their respective owners. Unauthorised use or duplication of these materials may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties.

  • All comments on this website are moderated and should contribute meaningfully to the discussion. We welcome diverse viewpoints expressed respectfully, but reserve the right to remove any comments containing hate speech, profanity, personal attacks, spam, promotional content or other inappropriate material without notice. Please note that comment moderation may take up to 24 hours, and that repeatedly violating these guidelines may result in being banned from future participation.

  • By submitting a comment, you grant us the right to publish and edit it as needed, whilst retaining your ownership of the content. Your email address will never be published or shared, though it is required for moderation purposes.

Copyright © 2007-2026, TechnologyTales.com