OpenLampTech No. 147
Validating URL's in Laravel | Hard-coded PHP array indices | SQL Injection and airport security | Silent issues in the Database
Thank you for reading the OpenLampTech newsletter!
If someone awesome shared this newsletter with you and you are not yet subscribed, please use the Subscribe button below and join:
OpenLampTech has sponsorship opportunities for your brand, product, or service in the weekly newsletter. As an independent publication, collaboration is very affordable.
I will be taking a couple of weeks off from publishing OpenLampTech. Life and other important commitments need my attention right now.
I’ll be back in your inbox soon.
Thank you for understanding and most importantly, being a dedicated reader.
Security Tip: Validating (Secure) URLs!
Laravel security expert Stephen Rees-Carter shares sound practices for validating URLs with Laravel's built-in Validator.
User input validation is important for an application's security and URLs should be monitored.
Learn about specific settings for URL input and how to allow what you expect and disallow what you don't.
Side note: Congratulations on Securing Laravel turning 3 this week. Stephen produces a lot of great content and deserves all the best and more. 🎊 👏
[Securing Laravel]
Avoiding Hard-coded Indices in PHP and Laravel
I'm learning a lot by reading and sharing content in OpenLampTech and something that never crossed my mind is the risk of hard-coding array indexes in PHP.
Why?
As is covered in this article, what if the array structure changes?
Or, the 1st element is missing and empty?
Using native PHP functions like current(), reset(), and array_shift() is a more sound option for these situations.
Learn more about the pros and cons in this article.
[Medium]
🚀 Build Your Dream Shopify Store Without Time Constraints – For FREE! 🚀
Are you ready to launch your Shopify store but need more time to gather products, perfect your design, and get everything just right?
Are trial periods just not long enough for you? 💻
With a Shopify Partner's account, I can help!
Build your store with ZERO time limits – at no cost to you! 🎉
I'm now offering onboarding through my Shopify Partner account for DIYers, self-starters, and those who want to set up their store without time constraints or trial periods.
📩 Hit Reply and ask me all about to learn more and get started. FREE until you launch!
PHP is the Best Choice for Long‑Term Business
I first saw this shared in my buddy Reuben Walker's fantastic Symfony Station newsletter.
You don't have to look very far (or hard) to see that PHP is dominant in the web space. Frameworks and CMSs aplenty use PHP as the foundation language.
PHP is solid, stable, and most importantly, lasting.
Bypassing airport security via SQL injection
SQL Injection is a tough one.
It can be easy to miss, leaving a vulnerability in place by less experienced developers. On the other hand, many practices provide some level of mitigation and protection against SQL Injection (parameter binding).
Only if developers use them.
If these are based on factual accounts, and it does seem to be, this type of vulnerability poses a very high risk. Well done on the discovery by those involved.
[ian.sh]
The Death of the Junior Developer
I saw this shared in the Good Tech Things newsletter. There is plenty of sound thought in the newsletter issue and I agree with a good bit of the overall premise: junior developers are going to have a tough go at it with AI's continued advancement.
Within the source article, several parallel comparisons also make sense.
I have been having good luck and results using AI. I don't think AI is going to take over. However, I do think using it (with a guiding hand) has made me way more productive.
I think the biggest advantage for experienced devs/writers/marketers/etc is knowing what to prompt and having an idea of what to expect (somewhat) to QC the results.
[Sourcegraph]
Dev Diary #3: The Sneaky Issue That Was Silently Ruining Our Database
Learning from and even somewhat understanding some of the bugs that creep into application code is an education unto itself.
Something I'm taking away from this accounting is that it may not be the best idea to automate specific things on a page load as this is what ultimately caused the issue described in this article.
[HackerNoon]
The Art of Problem-Solving in Software Engineering:How to Make MySQL Better
This is an online book about MySQL 8 performance. I haven't read it but wanted to share it with the readers of the OpenLampTech newsletter.
[Github]
[#Affiliates and Classifieds] - Your support keeps the OpenLampTech newsletter free for readers
Ultimate Laravel Boilerplate to help other indie hackers deliver their SaaS in hours. Get started with LaraFast today! (affiliate)
Popups, newsletters, and abandoned carts. Use Omnisend with integrated email and SMS campaigns. (affiliate)
Check out the Ecommerce Coffee Break newsletter (and podcast) for the latest in Shopify news. (subscriber incentive)
Thank you for reading. I hope you have a great rest of your week.
Take care.
Josh Otwell
Some links may be affiliate links from which I earn a small commission at no additional cost to you.