New Years Resolutions 2012

01/2/2012

Everyone has new years resolutions and apparently 90% of people fail at their resolutions by the end of February of that year, and a further 90% of the remaining 10% fail by the end of the said year. So what’s the point? Makes us feel better about ourselves.

Nettuts posted a great article titled 10 New Year’s Resolutions Every Web Developer Should Make which I have stolen borrowed for my 2012 resolutions. Of course Health and Fitness goes without saying as the default resolution for most units, but this is a focus on my work and what I want to achieve this year.

Learn a New Language, Framework, Or Methodology

Objective C and JavaScript. Both these languages I know a bit about ( I know more about JS than ObjC ) but I plan to make them my core new focus for 2012. I plan to build and release my first iOS app natively in Objective C ( I’m not interested in android in the slightest ).

I already know a fair bit about JavaScript, but as always there is plenty more I could learn. HTML5 and Canvas are very exciting tools and I want to exploit them as much as possible this year.

Working in an environment like Clemenger, that wants to push the boundaries and create award-winning work, will make learning new tech fun, easy and best of all, I’ll get paid to do it!.

 

Get Better At What You Know

I already have a fair few notches in my dev belt. This year I will hone my skills in WordPress, Zend, jQuery and CCS3 Animation. I will also  blog more code, best practices and share tips and tricks.

Use Better Programming Practices

Code commenting. I’m shocking at it! I’ll sit down for a day writing line after line of code, object after object, method after method. I of course know what it all does, and I know any decent dev worth they salt could work out quite quickly what’s going on. But that is not efficient and on large projects I even lose my place and have to go back and work it all out.

I have to get better and code commenting. Zend Studio makes it a breeze to create PHPDoc comments and I will ‘resolute’ in making my code more readable to the dev team.

Engage the Community

This is one that I’ve meant to do for years. I have a whole bunch of little code libraries that I have built and refined over the years. One of which extends the basic data types of PHP into lovely objects with simply methods for manipulation and public properties for info such as length.

I have started my github account (here) which I will upload code to soon!

Take a Break

I have a beautiful family; two little boys (5, 2.5 at time of writing) and an amazing wife. This year I will take a break from work for a holiday, turn off during the weekends where possible and leave work at work. Sometimes it’s a good idea to just take a step back and look at what’s really important.

FZ8

2012 I will be off my motorcycle restrictions, 19th June to be exact. Bring on the FZ8 and the good times!

No Comments

Cross-Site Scripting (XSS) and how to protect yourself against them

12/30/2011

xss tech radar articleTech Radar has put together a rather simple, but good starting point on what XSS is and how simple it is to avoid it. Worth a read!

Using a good framework such as Zend or Code Igniter helps  . These hardened PHP frameworks have developed security modules for some time and will be better than anything you can come up with in a day.

With Zend, make sure you grab everything using the getParam method in your controller like so;

$this->getRequest()->getParam('yourVar');

This will escape and remove most nasty information from user supplied data. But not everything. Make sure you sanitize the data based on what you expect to receive. If it’s a username, make sure that all non Alphanumeric are removed, same with the password. Phone numbers should only be numbers etc.

PHP’s Filter function is extremely powerful and should be in any good developers arsenal of well understood techniques.  Here is a list of available filters and sanitizers for you to play with;

Sanitize

FILTER_SANITIZE_EMAIL
FILTER_SANITIZE_ENCODED
FILTER_SANITIZE_MAGIC_QUOTES
FILTER_SANITIZE_NUMBER_FLOAT
FILTER_SANITIZE_NUMBER_INT
FILTER_SANITIZE_SPECIAL_CHARS
FILTER_SANITIZE_FULL_SPECIAL_CHARS
FILTER_SANITIZE_STRING
FILTER_SANITIZE_STRIPPED
FILTER_SANITIZE_URL
FILTER_UNSAFE_RAW

Validate

FILTER_VALIDATE_BOOLEAN
FILTER_VALIDATE_EMAIL
FILTER_VALIDATE_FLOAT
FILTER_VALIDATE_INT
FILTER_VALIDATE_IP
FILTER_VALIDATE_REGEXP
FILTER_VALIDATE_URL

If you are google-inept, here is the page on PHP filters

No Comments