ACT Framework SDK Table Schema (column lists)

Filed under: General — chad @ 10:35 am on March 31, 2011

I was doing an Act integration project and needed this information, but it was not readily available.  So here ya go.  Leave comment if it helps you out!

Tablename,Columnname,Displayname,OLEDBNAME,ALIASNAME,Physical Datatype,Is Custom,Is Primary Field,Min Column Length,Is Allow Blanks,Length,Decimal Precision,Default Access,Default Value
TBL_CONTACT,BUSINESS_LINE1,Address 1,Address 1,ADDRESS_1,NVARCHAR,0,1,,1,256,,FULL ACCESS (2),
TBL_CONTACT,BUSINESS_LINE2,Address 2,Address 2,ADDRESS_2,NVARCHAR,0,1,,1,256,,FULL ACCESS (2),
TBL_CONTACT,BUSINESS_LINE3,Address 3,Address 3,ADDRESS_3,NVARCHAR,0,1,,1,256,,FULL ACCESS (2),

(more…)

Quick Tip: Clean Up Your URLs

Filed under: Programming — Adam @ 2:49 pm on May 9, 2008

One of the most common questions that I get from web developers is “How do I get clean URLs without all the question marks and symbols?” The solution is not as hard as you may think, it just takes a little knowledge of the apache function mod_rewrite. In this quick tip I’ll show you one way that mod_rewrite can help you with your URLs.

By default mod_rewrite may be installed but not enabled. To fix this, create a new file called .htaccess with the following line of code:

RewriteEngine On

You’ll want to save that file in your root directory (the base directory where all your files are). After you do that, we are ready to start the rewriting process.

For our example, let’s say the URL we have is http://www.domain.com/index.php?action=view&page=home

That’s a pretty long and nasty URL and search engines don’t look highly upon it either. But the good news is we can fix it by jumping back into our .htaccess file and adding the following code:

RewriteEngine On
RewriteRule ^/(.*)/(.*).html$ /index.php?action=$1&page=$2

Now, this gives us a URL of: http://www.domain.com/view/home.html. It’s more likely that the user will remember this URL and as mentioned before, search engines prefer URLs this way.

If you curious as to what the symbols in the .htaccess file mean, let me try to break it down for you a little bit:

  • The caret (^) signifies the start of an URL, under the current directory. This directory is whatever directory the .htaccess file is in.
  • The dollar sign ($) signifies the end of the string to be matched. You should add this in to stop your rules matching the first part of longer URLs.

There are many more possibilities and functions of mod_rewrite, but I’ll save that for another day. For now, this has been a quick tip.

Common Security Flaws with PHP Sites

Filed under: PHP — Adam @ 2:12 pm on

PHP is a great language; it allows people to create large web sites and web applications in a reasonable amount of time. However, many programmers cut corners when it comes to the security of a web site. In this article, I’ll go over some of the security blunders that are commonplace with PHP programmers.

Non-Validated User Input
Some programmers assume that the user’s input can be trusted all the time. They express this by allowing the raw value of an input to be used without any type of validation or checking method

$month = $_GET['month'];
$year = $_GET['year'];

exec(“cal $month $year”, $result);
foreach ($result as $r) { print “$r <br/>”; }

You never want to just blindly use the raw input from the user. A good general rule of thumb is to anticipate that all user input will be malicious, because sometimes it will be. With this example we’re loading two GET variables and executing the cal command. How is this dangerous? Well, all someone has to do is put “; rm –rf *” as the year and all your precious files will be deleted.

The proper way to fix this is to ensure the input you receive is what you expect it to be. Javascript validation is not recommended because it can be easily ignored and worked around. So, in order to properly sanitize these inputs we need to ensure that the month is indeed a 2 digit number and that year is a 4 digit year. Here’s an example of how we would do so:

if (!preg_match(“/^[0-9]{1,2}$/”, $month)) die(“Bad month, please re-enter.”);
if (!preg_match(“/^[0-9]{4}$/”, $year)) die(“Bad year, please re-enter.”);

SQL Injection Vulnerabilities
Just like with the above example, non-validated user input can cause problems with more than just your php files. With non-validated data a user could either gain access to secure areas (even as an administrator) or worse, delete your entire database.

Let’s say we’re trying to login to an account and this is our SQL statement:

SELECT user_id FROM users WHERE name = ‘$username’ AND pass = ‘$password’;

If someone is attempting to bypass your system of checking the username and password all they’d really have to do is put this as their password:

‘ OR ‘1’=’1

Now the new query would be:

SELECT user_id FROM users where name=’admin’ AND pass=’password’ OR ‘1’=’1’;

Now the user has access to your administrative section on your website and can cause some serious harm. But fear not, there is a very simple way to ensure that this doesn’t happen to you, by escaping dangerous characters with a simple:

$username = addslashes($_POST[‘username’]);

Sessions

Session ID hijacking can be a problem with sites built in PHP. The tracking component uses a unique ID for each user’s session, but if this ID is index by Google or accidentally sent in a link to someone else, then another user could hijack that person’s session. Session ID cannot be completely prevented, but you can lock down what a person would be able to do.

One important tip I can’t recommend enough is requesting password confirmation when changing information on a web site. So if someone hijacks a session, they can’t change any vital information without first knowing the hijacked user’s password. So putting extra account validation on stuff like address changes, security questions, and password change requests is a must.

Another problem with sessions is that some people store passwords, in plain text, as a session variable. This is bad because if someone hijacks your session they can get your password. The best way to fight this is to generate a hash based on the password.

$_SESSION[‘password’] = md5(‘password’);

If($_SESSION[‘password’] == md5($password) {
echo “passwords validated”;
}

That’s all the security tips I have right now, hopefully these tips will help you when you’re developing an application.

Embarrassing for all Programmers

Filed under: General — chad @ 6:34 am on September 30, 2007

I was in a meeting Friday with this super nice lady that had a small e-commerce website and some other informational pages.  It was a typical Friday afternoon and I thought was going to be a typical meeting.  Boy was I wrong.

The lady came to us very frustrated and upset.  I would have been the same.  She was very professional and kept her cool even though you could tell her web project had taken a toll on her.  She just wanted to get it done and move on.

She walked us through her website and store and I immediately started to see why she was not happy.  Then she told me it took 2 years to get to this point.  I was flat out embarrassed for all programmers in the world.  This was just not cool.  I would have felt behind if it took us more than 5 months…

She had spent countless hours in meetings with her web team and they could/would only seem to get a fraction of what she was saying.  It was horrible and I felt really bad for the lady.

The company is here in Louisville, KY, but I will not mention their name.  I have never heard of them, but there are small web type companies popping up all over (and usually disappearing quite quickly).

I wanted to apologise for the company myself, but I was not sure what went on.  So I bit my tongue and moved through the meeting.  I just really felt yucky after that.  How could a company/programmer let someone down that badly?  I was just embarrassed for all programmers.  This company definitely gave us a bad name.

Or did they?  I had just met the lady and she seemed very organized and nice.  I am only speculating that she was this organized and nice previously…  Just to give the other web company some credit, we get clients in sometimes who seem to have it all together, but constantly change their mind and make changes to the project.  She had let out a few comments about not knowing what she wanted and needed changes.

I can only speculate what happened in this situation but this is normal for clients to want changes and we don’t like it, but it is part of the beast of web development.  We are nice guys here at Media Marketers, but we have a limit on how nice we are going to be before it costs you.  We understand things change and the site will change once we get into a project, but constant changes are not good.

And we get some clients who know what they want or aren’t that picky about their site.  Those are great to.  Everyone seems to be very happy with those projects and they go very smoothly.

Anyhow, I just wonder if the web company she was working with just got fed up after 2 years of changes or something.  Or are they just incompetent?  That, I am sure, I will never know.  I would bet it is a little of both.  Put an incompetent web developer in front of someone who doesn’t quite know what they want and you are looking at a mess!

We will get her all squared away (if we get the project) and I will let you know how it turns out.

As always, feel free to drop me a line at the office.

Chad Rainey
Senior Web Developer
Media Marketers, Inc.

Web Standards Aren’t Necessary and Hurt Your Website

Filed under: Web Standards — chad @ 10:05 am on September 15, 2007

What is up with “web standards” today?  There seems to be two movements, there are die hard web standards guys and ones who don’t really care about them.  Who is right and who is wrong?

What are web standards anyway (for the nubes)?  Web standards (in a nutshell) are a systematic method to develop a web page using common methods that are generally accepted by a governing body.  Basically, how you code the site to be viewed on a web browser.

There are basically two major ways to code a website (layout a website).  The old tables method or CSS.  Both have their pros and cons.  Let’s take a look at the pros and cons of each (IMHO of course):

Tables:

Pros

  • Wide browser support
  • Many web developers know how already
  • Very fast and easy to lay out
  • Consistent look in all browsers
  • Complicated web design layouts can be accommodated easily

Cons

  • Accessibility stinks (for the handicap)
  • Tables do not flow logically in the source code (left to right instead of top to bottom)
  • Code is large and hard to navigate with nested tables
  • Sometimes more difficult to change the site in the future (depends on how much of a change)
  • No caching of page structure

CSS:

Pros

  • Accessibility is great
  • Flows top to bottom
  • Structure is cached on the browser (if done in a CSS file)
  • Somewhat easy to update the website in the future
  • Smaller code

Cons

  • Browser inconsistency
  • Hard to find someone who completely understands it
  • Complicated designs are a nightmare
  • Takes several times longer to complete layout
  • Did I mention browser inconsistency?
  • Is usually done wrong (again, hard to find someone who understands it)

I am sure I missed some, but this is a high level article and I do not want to go too deep.

As you can see, both have advantages and disadvantages.  Let’s take a look at why you would choose one over the other.

First off there is cost.  CSS layout will take much longer and will cost you more.  How much longer you ask?  In my experience, about 8 – 10 times longer.  So if you take a small website with 2 page layouts and do them in tables, it would take approximately 1 – 2 hours to slice and layout.  With CSS, it will take approximately 8 – 16 hours.  That is a significant time and cost increase.

Then there is browser compatibility.  Want your site to look the same in every browser and OS?  Tables seem to have an advantage here since they have been around longer and we know all the ways to get around any problems.  This is not fool proof, but we have learned how to do table layouts that do not break on other browsers.

Then there is speed.  CSS will definitely take the gold.  The code is not as bloated and the CSS file can be cached and the page structure is not downloaded for each page, but only once per website.

Then there is accessibility.  If you are a company with accessibility requirements, then CSS is the best way (tables can be made accessible, but CSS takes the cake).

So, now that you have some basic understanding of the pros and cons.  How do you choose which one to do?  Here are my thoughts.

If you are on a low budget and only a select few will view your website, then I would lean toward tables.  If you have a decent budget and have many diverse people looking at your site, then do CSS.

Like I said before.  Tables can be made accessible if done right and will validate (tables are valid XHTML, remember?).  Again, this is if things are done right.  And with smaller websites, this may be the only way to not blow your budget.

It all depends on your audience.  Develop who will be looking at your site and then make a decision.  I would steer away from web standard Nazis who cram them down your throat.  If your site does not validate, then they will commit suicide for the dishonour.  Definitely steer clear of those guys.  Hey, Google doesn’t even validate…

I tend to take a more real world look at web standards and what they really accomplish and how the Internet has survived so far.  I think standards are needed and I do advocate them.  Moving forward as a web developer will be much smoother if there are some browser agreement and rules.  Right now each browser has it’s own “flavor” of how to display stuff.  This is not cool.

Then there are the handicap.  They deserve a good chance to view the Internet and we should not make it harder for them to do that.  This is a really good thing to do and CSS and web standards definitely helps.

So, what should you do now?  Go join your local web standards group (yeah I need to also) and learn then voice your opinion.  I think most web standards groups are overran by the web standards Nazis right now, but I haven’t personally visited, so that is speculation.

Let your real world voice be heard and bring those Nazis back into reality.  It is not about validation, it is about usability.  Not just for the handicap, but everyone.  If your site is not usable, then throw it away.  What is the point?  I guess it may look good, but who cares.  At least who will care to come back?

Well, you have my take on it.  This is just IMHO.  Post some comments.  Let me know what you think.  Keep them helpful and open minded.  BE REAL!

As for the article title, it got your attention, right?  Yea for marketing.

Chad Rainey
Senior Web Developer
Media Marketers, Inc.

ASP.NET Third Party Controls from Telerik

Filed under: ASP / ASP.NET — chad @ 5:50 pm on September 1, 2007

I was a die-hard classic ASP programmer and decided to dive into the .NET world.  After all, Microsoft has hyped this framework up so much and it is supposed to be so easy.  Can you see the rainbows and lollypops?

I think the biggest thing I was expecting and hoping for was faster and less laborious coding.  Being a professional programmer, time equals profit.  The faster I can code a quality application, the more money I can bring in.  And the company likes that!

So I downloaded the now free Visual Web Developer Express version from Microsoft and loaded it up.  I started going through some tutorials to get up to speed on the Integrated Development Environment (IDE) and caught on pretty quickly.  I have coded many Windows applications in Visual Basic, so this was not much of a learning curve.

Well I have to say I was very disappointed.  All the so called easy controls were not so easy and didn’t get me very far toward a finished application.  I had to code almost everything by hand and I was very frustrated and didn’t see much benefit of the whole .NET framework.  I had already virtually created my classic ASP framework from the years of coding in it.  Take a bit of code here and there and tweak it to get the desired result.

Well, I was determined to finish out a project I designated as ASP.NET so I carried on.  I googled and read blogs about .NET and just couldn’t see the huge benefit.  It would be great for someone just starting to program, but for a seasoned programmer, it wasn’t much help and the time saving was just not there.  I almost scrapped .NET on the project just to get the project done in a timely manner.

Everything changed when I finally came accross Telerik and their ASP.NET controls.  They have some super nice controls that almost take any hand coding out of the picture.  I was now seeing the light and ASP.NET was being redeemed!

These guys at Telerik have it going on and their controls are very advanced, versatile, and have some super cool features such as AJAX built right in.  All you have to do is configure your dataset and set the properties of the control and bam you have an application;  AJAX, very nice looking, and very fast!

I was now very happy and have fallen in love with ASP.NET.  Granted the Telerik controls are not cheap at around $800 per developer head, but it is very worth the expense.  The sheer amount of coolness and time saved is well worth the bucks!

I am now in the process of revamping some of our old ASP applications into ASP.NET.  This will take some time, but it is a venture I am looking forward to.  I may even make a stop down Ruby on Rails street to see what that framework has to offer.  Stay tuned for more ASP.NET, ASP, PHP, and Ruby on Rails adventures!

As always, feel free to drop me a line at the office.

Chad Rainey
Senior Web Developer
Media Marketers, Inc.