esn studio

Last week, I posted a demo video on SQL injection. If you would like to know what you should do to your web application to prevent SQL injection, please read this article Security Corner: SQL Injection, which was published in php|architect.

SQL injection is usually caused by user inputs and therefore washing your input and escaping your output help protect your web application from such attacks.

Technorati Tags: programming, sql, mysql, php, sql injection, web development

The followings are some of my favourite web 2.0 startups I came across today.

Check out KillerStartups.com for many more web 2.0 startups websites.

Technorati Tags: web, web 2.0, www, startups, web design

Hitwise weblog told us that those aged 55+ represents the largest share of UK Internet visits.

“Those aged 55+ represented 22.0% of UK visits to all categories of websites in the four weeks to 12th May 2007, up 54% since 2005 and 40% since 2006. This compares to 23.5% of Internet visits from 35-44 year olds”, says Heather Hopkins.

Which websites do they frequent? Here’s the answer.

Among the top categories visited by those aged 55+, Search Engines, Adult and Shopping & Classifieds are the favourites, and are consistent with the most visited categories overall.

It was an interesting figure. I have always thought 20-35 year olds would dominate the market because people in that age group are more computer literature and web savvy. What did you think? Were you surprised to learn that people of aged 55 and above are the largest group of online visitors?

Source: 54% Increase put Silver Surfers at cusp of being largest group online

Always wondered how SQL Injection works? Check out the following demo video.

Technorati Tags: sql injection, sql, hacking, database, application security

I have been reading articles on how to optimise MySQL databases and queries and here are a few tips I have learnt and would like to share with you:

1. Proper use of indexes improve performance
2. Do not perform calculations on an index (eg: if you have an index for a column called salary, do not perform calculation such as salary * 2 > 10000)
3. “LOAD DATA INFILE” is the fastest way to insert data into MySQL database (20 times faster than normal inserts)
4. Use INSERT LOW PRIORITY or INSERT DELAYED if you want to delay inserts from happening until the table is free
5. Use TRUNCATE TABLE rather than DELETE FROM if you are deleting an entire table (DELETE FROM delete row by row, whereas TRUNCATE TABLE deletes all at once)
6. Always use EXPLAIN to examine if your select query is efficient
7. Use OPTIMIZE TABLE to reclaim unused space (Note: Table will be locked during optimisation, so only do it during low traffic time)
8. Better to have 10 quick queries than 1 slow one
9. Use caching to reduce database load
10. Normalize tables to ensure data consistency
11. Use persistent connections
12. Don’t query columns you don’t need, avoid using SELECT * FROM
13. MySQL can search on prefix of indexes (ie: If you have index INDEX (a,b), you don’t need an index on (a))
14. Don’t use HAVING when you can use WHERE
15. Use numeric values (rather than alphabetical values) when performing a join

Other resources:

• Optimizing MySQL: Queries and Indexes
• Optimizing and Tuning Your MySQL Database
• Tip for optimizing large MySQL database queries
• Four Ways to Optimize Your MySQL Database
• MySQL Presentations: Optimizing MySQL

Technorati Tags: optimising, fine tuning, mysql, database, query, optimisiation, sql, databases, php