Random writings on running, software & product development, business and anything else

Tag: sql

Review of The Art of SQL

Starting with a small negative. This book frustrated me at times. There is no shortage of great (and essential) information from start to finish, but the constant ‘battle’ references, and over explanation on non essential points drove me crazy. eg. In the discussion of atomicity, an extra couple of sentences on its 5th century Greek origins is a distraction. That aside, this is the best practical SQL/Relation model book I have read. Chapter 6, ‘The Nine Situations’ is perfect to make yourself look at data situations in different ways, and the different ways of handling them. I had not thought of breaking them down like this. Don’t even think of reading this book unless you have a number of years of RDBMS experience & some failure, as you will be left behind. Even experienced database developers will be challenged, and may have to come back to a topic later (like I did a number of times), for it to make its point. An almost brilliant book.

Readability 3 from 5
Subject Depth 5 from 5

Authors Stephane Faroult & Peter Robson
Publisher O’Reilly
Year 2006
Pages 367
ISBN 0596008945

XSS and SQL Injection PHP Code Scanner

From XSS News comes a link to an application called Pixy. It is a java app that takes PHP code and warns of potential cross site scripting and/or SQL injection vulnerabilities.

There is plenty of documentation, with good explanations of what Pixy can and cannot achieve. For example you cannoy throw it a directory of code, and have it find problems. If your PHP code has multiple entry points, then it needs to be run once for each of these.

A web version is available to do XSS test on single pieces of PHP code. There is a requirement to have Perl installed on your system for the download version.

© 2024 Ernie Leseberg

Theme by Anders NorenUp ↑