Oh! Ye who hast been scrapped!

Today’s going to be an interesting article for those of you who take an interest in cars.

The Governmental People released a list of all the cars they’ve scrapped through the Vehicle Scrappage Scheme. Today I intend to go through the top 5 cars scrapped, to celebrate the hunks of junk we all stuck it to.

  1. Ford Fiesta – 13,622 Scrapped
    So, Britain’s officially best-selling car is hitting the scrapheaps in their tens of thousands.
    Something leads me to suspect that they are either Mk4 or Mk5 Fiestas, because let’s face it. Nobody really wants one anymore.
  2. Nissan Micra – 11,808 Scrapped
    This car deserves nothing more. Most likely scrapped was the Mk2
  3. Vauxhall Corsa – 10,453 Scrapped
    If I had the choice, I’d take the Corsa C over the Corsa B any day, which is why I suspect that the Corsa B was worse off in those figures
  4. Volkswagen Polo – 8,432 Scrapped
    I’m sorry, but the Polo has nothing going for it. I bet you most of those were either Typ 6Ns or Typ 9Ns.
  5. Vauxhall Astra – 8,066 Scrapped
    I suspect 3rd or 4th Gen. These cars were simply terrible

That’s it. I’m going back to work, and I suggest you do the same before someone catches you.
I’ll do a proper post sometime soon

How to look good in your Prius

Now. This IS unusual. I haven’t talked about the one thing I talk about all of the time normally on my blog. No, it’s not looking good, it’s cars. Here we go…

It is a common stereotype: Prius drivers are boring people who ought to be locked up in old people homes for making the horrendous mistake of buying themselves a prius in the first place. Not so anymore, as I have some simple tips to help you look good whilst prancing around in your prius (Note: these tips may or may not affect your oh-so-sought-for gas mileage – YOU HAVE BEEN WARNED! Oh, and these tips are not guaranteed to work…):

  1. Wear an awesome hat and pair of glasses like you stole it. If you look like a normal person in a Prius, you’re doing it wrong. Ramp up the macho and wear a friggin’ awesome cowboy hat and an awesome pair of shades! When you get out, people will imagine you’re leaving a really awesome muscle car. They will (or they might).
  2. Drive it like you stole it. If you drive your Prius by the book, coasting wherever possible to save fuel and recharge the batteries, people will loathe you (Because they want to get past you and look better than you). The Prius has the advantage over similar vehicles in its class because pedal to the metal equals both the petrol and electric engine give you all they’ve got. MORE POWER!
  3. Paint it like you stole it. What good is it wearing you silly hat and your silly glasses and driving it like a silly little kid who ought to be on public transport when nobody notices your silent blur (silent unless you’ve got your foot planted) whizzing past them? Give yourself an epic white/blue two tone and rock that motherf*cker!
  4. Park it like you stole it. You have your clothes, your speed and your two tone. Now what? Go find an executive’s parking space and park in it of course! People will eventually catch on that the rich kids are spending their money on new Prii (Yes, that is the official plural for Prius) and will view you as a cool pioneer in Prius awesomeness.

There you go. You now know how to look good in your Prius, so don your hat, your glasses, give it a frikkin’ awesome paint-do and race it down to the exec’s space and walk away like a badass.

Be a proud Priuser.

I’m ill as unexpected, please leave a message

I don’t like being ill, nor do many other people I know of.

However, to be ill is to be relieved of normal duties for a period of time, which can be used to recuperate and recharge. This recuperation and recharging is very important for a person akin to myself as you need all the energy you can get.

What else is very important is to know that you are not the only one that’s ill.

The crisis of the storage space – part two.

If your windows machine has run for twenty days straight without crashing or otherwise needing a restart, then congratulations!

It also means I should share with you a little secret. Windows uptime = disk space used for the page file, etc. A restart will significantly cut hard disk usage (4GB in my case :)) and allow you to continue working.

I would write more but I simply couldn’t be bothered. Believe it or not I have a life.

Using MySQL with PHP

Today I shall discuss a subject that took me ages to get my head around. It took me an incredibly long time to understand how to access SQL data within PHP.

Hence why I wish to make it easier for anyone else who is struggling to understand it.

To begin with you need a MySQL database (and a table to help speed things up). This post assumes you know how to do this for brevity’s sake. Now you need to access the database from within PHP:

This example is written in the procedural style. The object oriented style is written differently!

<?php
$db = new mysqli('server','user','password','database');

$people = $db->query("SELECT * FROM people WHERE gender='female'");
while($person = $people->fetch_assoc()) {
echo $person['name'].'<br />';
}

This code fetches all the names of people in the table 'people' who are female. Let me explain:

$db is how the script accesses the server. You can have more than one server instance. For example, I may have one accessing a database on an old server, to be moved to a database on a new server, or another database on the same server. new mysqli creates a new instance of server access. 'server' is the server address, which in most cases is either localhost or 127.0.0.1. 'user' is the username of a user who has permission to view the tables on the server. 'password' is obvious. It is the password of the aforementioned user. 'database' is the name of the database that this script uses.

I, for example may use
$db = new mysqli('localhost','ben','12345','friends');

Next is $people. This contains the query to be sent to the server to get all the records in the table 'people'. $db->query tells the server to query the database instance $db with the query to be mentioned next.

"SELECT * FROM people WHERE gender='female'" is the sql query. It is sent to the server to make it ‘do’ stuff. SELECT tells the database to fetch records from the server. ‘*’ tells the database to fetch all the columns, for example name, address, date of birth, gender, etc. FROM people tells the server to fetch all columns of information from the table called 'people'. WHERE gender='female' tells the server to fetch all columns of all records that match the WHERE clause, which in this case is records where the specified gender is female.

'while($person = $people->fetch_assoc())' Is the start of what PHP does with the data. $people is only a query, and it doesn’t contain any information. $person = $people->fetch_assoc() creates a new ‘person’ object which contains the data of the first record associated with the query contained in $people. You may have noticed that only the first record is selected, but the next records are selected when the while statement loops back, and so on until there are no more records left to process. Simple, right? 😉

After the while statement, there is then echo $person['name'].'<br />'; inside two curly braces. The curly braces define what code the while statement runs each time it loops. echo tells the script to print some stuff to the browser. Remember that the browser does not get to see any of this code, and so this line will be the first line sent to the browser. $person['name'] contains the content in the ‘name’ column of the record being currently processed. It can be changed to other names, such as $person['address'], $person['date_of_birth'], $person['gender'], etc. and it will echo different things. the dot in between the variable and <br /> tells the script to join something on. <br /> tells the browser to create a new line. Without this line, all the names would be printed in one long line.

The output of this could be:

Janet
Michelle
Emily
Susan

Changing the $person['name'] variable to $person['gender'] would be guaranteed to display:

female
female
female
female

This is because of the WHERE clause I wrote about earlier.

Of course, questions are welcome in the comments, which will be answered and included in this post!

The crisis of the storage space

I have run out of hard disk space on my computer.

I have run out of hard disk space on my other computer

I have run out of space on all of my external storage devices, including the SD and CF cards for my camera

I have run out of space on my current phone, my old phone and my school-tied iPad

I have even run out on my Raspberry Pis.

In case you haven’t noticed, I’m running a little short on storage space.

This isn’t the first time it has happened, and I doubt it will be the last, but I’m damn well sure that it is a problem.

So how does one go about solving it then? Well, I started by uninstalling everything I didn’t use, regardless of whether I needed it or not. I went on to remove old documents I didn’t need any more (which I really, really hate doing), before clearing out system temp files and removing update backups.

It is about this time I deem it ripe to rebuild a computer. This requires a backup of my documents, which, well, I can’t exactly do.

Oh dear sweet mother of all things holy in and out of the computer world.

In case you hadn’t noticed, I’m not feeling too good about this.

I will keep you updated.

With faithful regards,

Me.

Hardening WordPress plugins

I write code.

Yes, most of you know this, but what most of you don’t know is:

I didn’t write secure code, until now.

Let me explain: It is no good building a website for a client and going “Hey! Here’s a new site I’ve built you. It’s super secure!”, when you haven’t given one thought the people on the dark side (of the planet and of the force), and allowed for SQL injection attacks.

SQL injection attacks are where people ‘inject’ code into your site. Imagine this scenario:

A good person goes onto the website and enters ‘Josh’ into a box called ‘username’.

The PHP for this database query looks as so:

$age= $_POST['username'];
$db->query("SELECT name FROM people WHERE username='".$username."'");

This code inserts $username into the mysql query. The query that is sent to the database looks as follows:

SELECT name FROM people WHERE username='Josh';

So what happens if someone injects SQL into this query?

Say Mr Baddie comes along and enters Josh'; DELETE FROM people into the ‘username’ box, the query sent to the database will be:

SELECT name FROM people WHERE age='Josh'; DELETE FROM people;' Note the apostrophe at the end!

Or

SELECT name FROM people WHERE age='Josh';
DELETE FROM people;'

A lovely list of people with the username Josh will be returned. Before promptly deleting everything from the table ‘people’.

Oh Dear. I hope someone remembered to take a backup of that database.

Once people have been observed throwing insult-ridden shouts across the office at each other, blaming each other for the incident; and the boss has been to throw his own insults; and the site has been down for a week; and the head office has held a conference call to throw their own insults, it is finally time to sit down and work out what went wrong and how it can be prevented in the future.

Option 1: Delete the site and pretend none of this ever happened.

Option 2: Use different users for fetching and writing data to the database.

Option 3: ‘Sanitise’ the code to prevent SQL injection attacks.

I suggest Option 1 if you want a 100% guarantee that this will never happen again, but a compromise is required for those who don’t want to/can’t take it that far.

I suggest Option 2 & 3 for the near best you can get. I will explain Option 3 only.

The process of sanitisation not only protects against code injection, it also protects against the good guys potentially accidentally breaking your server.

There are different ways of sanitising user input for each language. I will demonstrate how to sanitise input for a mysql database through php.

It’s a function called mysqli_real_escape_string

So, instead of putting the given input straight into the sensitive belly of the database, I need to sanitise it.

Here’s the code instead.

$age = $db->real_escape_string($_POST['username']);
$db->query('SELECT name FROM people WHERE age=".$username');

So when Mr Baddie inputs Josh'; DELETE FROM people into the ‘username’ box, the content is sanitised and the day is saved.

The End.