Computer Programming

Yes, a bit specific, but I need to store some links!

Django Rest Tutorial, Inverted

[I hesitate to post this, because it makes me look like I'm a slow learner... but, oh well. I hope someone finds this interesting.]

An Unsafe Version of the PHP Example

This is an unsafe version of the Model PHP Script example. It is more useful for learning PHP. An explanation follows, about what it does, and why it's unsafe.


 * Sample PHP form and database example.
 * This is an *unsafe* example, based on the safe example.

// 1. config variables
$dbhost = 'localhost';
$dbuser = 'mysite';
$dbpass = '12JNdie8Ds3';
$dbname = 'mysite';

// 2. get the value from the form
$x = $_POST['x'];

Model PHP Script Example: writing relatively safe web forms

I just whipped this script up to demonstrate some techniques for writing relatively safe web forms with PHP. This example doesn't strive to look nice or even be easy to understand. It should be a jumping off point for learning some PDO, some htmlspecialchars, some filter_var, and a functional style of composing pages. The last thing - not such a great idea, but it works for really short pages.

This script is written to try and avoid SQL injection attacks, and cross site scripting (XSS).

Code is attached, and below.

A List of SQL Injection Attacks

I was looking at some special logs we keep, and found these attempted SQL injection attacks.

a'or' 1=1--
'or 1=1--
admin' or 'a'='a
admin'or 1=1#
"or "a"="a
'or 1=1/*
'or 1=1\0
') or ('a'='a
'or' '1'='1
a'or' 1=1--
or 'a'='a'
admin' OR 1=1/*
or 1=1--
"or 1=1--
"or 1=1\0
1 or '1'='1'=1
1 or '1'='1' or 1=1
' UNION Select 1,1,1 FROM adm

Python str.split, annoying design.

Even after a year of diddling, I'm still a python newb, and things like str.split(None) are why.

Everyone knows split splits strings on a character (or in the civilized world, a regex). str.split(None) splits on whitespace and then trims leading and trailing whitespace. It's a great feature, but why not call it str.split_whitespace?

'a b'.split(None) returns ['a','b'].

'a,,,b'.split(',') does not return ['a','b']. It returns ['a','','','b'].

Security Logic Simplified into a Cheatsheet

Came up with this comment to help me think through end-user security.

~~~~ /* * Security logic is based roughly on NTFS style allow and deny. * * The logic is as follows, in order: * 1. If a specific role or user is in the deny list, they are denied. * 2. If a specific role or user is in the allow list, they are allowed. * 3. Otherwise, they are denied. * * There are three special values.

AngularJS Directive: Stretchdown - stretches an element to the bottom of the window.

I've made may first directive! OK, not that special, but to me it is. This is one of the more difficult features I've come across in Angular, and I still don't really "get it".

[I didn't "get it" because I used directives as a mixin to implement a UI feature. Directives are really supposed to be for encapsulating HTML into small templates.]

I'm not even going to do a code walkthrough, because I can't really explain it well. The easy part is calculating the height the element should be. The tricky part is implementation.

Chrome Rendering Glitch with Label's Padding in Points (PT), Even Values

I have to learn the Chromium bug reporting system. Found an interesting rendering bug if, on a label, you specify a padding with an even number of points (pt), the rendering is shifted up a little bit, and the border can disappear if it's adjacent to another element.

WordPress: Setting the META Description to part of the page's content

This code puts the first paragraph of the post into the description meta tag. It tries to strip out leading whitespace and any tags. If you insert an image, it should be stripped.

R Database Connection Class in RS (R5 S5)

I'm learning R, and it's been interesting. The weird part is that I don't know stats. Yes, I know standard deviation, mean deviation, and easy stuff, but those are one-liners in the R tutorials. What I know in stats amounts to around 1/4 to 1/2 a page of the R tutorial. So to compensate, I have a stats text from the thrift store, so I'll eventually be less than a total ignoramus about what I'm reading.

One of the twists of what I'm messing with is that all our data is in a database. The normal mode of operation for R users is to load the entire data table into memory and do awesome reporting on it. Where I'm at, for better or worse, is more like a traditional web application with a database back end.

A problem with this is that MySQL lets me have only 16 connections going at the same time. I'm not sure if it's the driver, but I'll assume that. Since RStudio holds the connections, coding a lot of changes eventually leads to a lot of lost database connection handles, and eventually running out of connections.

Installing R Packages Globally (for rApache)

For general instructions, see:

In Ubuntu Linux, the path to the global libraries is: /usr/local/lib/R/site-library/

To install there, you can do install.packages(c('foo'), '/usr/local/lib/R/site-library/')

or take advantage of the built in variable: install.packages(c('foo'),[1])

Check that has the values you need.

You can also use R CMD INSTALL -l /path/to/library foo

CSS Hints for Technoids Who Forgot to Learn CSS

This article has been completely rewritten, and expanded into a book: CSS: An Overview for Software Developers.

This article is obsolete and will go away eventually, and replaced with an excerpt from the book.


The original was written: 2004-11-18 03:16:46 -0700.

Here's a bit of the article:

Dang, but it took me forever to learn CSS. Maybe I should have used a book. Here, I'm going to share with you the hard-found knowledge, presented using technical programmer jargon. (Revised in 2014.)

CSS Stylesheet Switcher Widget

This snippet of code can be modified and used to change the stylesheet on your page. I set it up to work against a layout extracted from Salsa, but it should work on generic pages. It's good for demos, discussions about a layout, trying different colors, etc.

TPCalc for Android

A while back, I made a little program called TPCalc to do one of my favorite mundane activities, which is to determine the best price for toilet paper at

Syndicate content