Avoiding SQL injections using stored procedures and access privileges

8 Feb

In the previous article I showed that the only way to be sure no one messes with your query is to use prepared statements because the statement is precompiled and not alterable afterwards. For people who don’t like to use prepared statements due to the added complexity, or people who worry about the overhead of prepared statements for one time queries there is another solution: stored procedures.

Continue reading

Advertisements

INSERT … ON DUPLICATE KEY UPDATE and UNIQUE KEYs

8 Feb

A useful construct in MySQL when you want to create a new row in case it doesn’t exist yet or update an existing one is:

INSERT ... ON DUPLICATE KEY UPDATE

For example if you have a PRIMARY KEY ‘id’, a UNIQUE KEY ‘u_key’ and a value with no constraints ‘data’ and you want to insert or update ‘data’ referenced by ‘id’, you can write:

INSERT INTO my_table (id, data) VALUES (662606957, 'some data') ON DUPLICATE KEY UPDATE data='some data';

However, this only works as long as you don’t define the UNIQUE KEY as NOT NULL. If you do define it as NOT NULL, it won’t work because it can’t use the default value more than once. In that case you need to supply a unique value for the UNIQUE KEY as well:

INSERT INTO my_table (id, u_key, data) VALUES (662606957, '0x600613', 'some data') ON DUPLICATE KEY UPDATE u_key='0x600613', data='some data';

Memory management in C++ Part 1

23 Jan

While scripting and other high level languages often have one way to manage memory, working with a lower level language gives you the ability to choose how to manage each allocated piece of memory. This can be both a blessing and a curse, as one way is not always the best solution for each case, so choosing the best strategy can become hard. This article tries to give an overview of several techniques.

Continue reading

Shadow mapping for isometric games

14 Dec

General shadow mapping

Shadow mapping is one of the possible methods for rendering the shadows in a 3D scene when using a rasterizer. It uses one extra pass (in the simplest case of one light) to render a shadow map which is used in the color pass to test whether a point falls inside or outside the shadow. The shadow map is basically a depth buffer rendered from the standpoint of the light. This means that it tells us how far the light can reach. If the light can’t see a point because it is obscured (the point’s depth is further than the depth in the map) it lies in the shadow. Continue reading

Avoiding SQL injections

3 Nov

Building (unsafe) queries

You would think that SQL injections are something of the past by now, as they are a well understood and easy to explain exploit. Though in reality a lot of existing and new code is still written without much thought of protecting against them. This is not so surprising as security practices are often presented as something extra rather than being strictly enforced from the start. Additionally web pages and books are seldom up to date given the fast changing nature of software development.
Continue reading

Fixing and avoiding memory leaks in Python

12 Apr

Reference counting

Python uses reference counting for its memory management. This means that it keeps count of how many references your script still has to an object, and when that count becomes zero, the object is deleted.

a = "text"
b = a
a = None
b = None

The string object containing “text” is deleted after the last reference, in this case b, is set to None (or any other value).

The problem of circular references

A problem arises when one object holds a reference to another which has a reference back to the first, either directly or in a chain. This is not so hypothetical, as it often happens in hierarchical or cyclic graph structures. In the following tree structure for example, parent nodes hold references to child nodes, while the child nodes hold references to their parent. Continue reading

Embedding Python, Ruby and Lua compared (part 1)

26 Mar

This is a series of comparisons between the scripting languages I personally have used as an embedded language in a C/C++ program. All have their use depending on the situation. For a game or mobile application for example, Lua is preferred as it is small and fast. It also is best when multiple interpreters are needed. Python and Ruby have a more concise syntax and have more libraries to work with in case that is needed. Their object system is also easier to grasp than the table system used in Lua. In this part I will just concentrate on exporting methods from C to the scripting languages. In a later part I will compare the object systems. Continue reading