Getting The Sunday And Saturday Of The Current Week In PHP

6 December 2013PHP, Programmingobjects and classesDoug Vanderweide

Here’s a quick little routine to get the Sunday and Saturday — that is, the start and end — timestamps for the current week in PHP.

In other words, given today — Friday — I want to figure out the date / Unix timestamp on which the week began (Sunday, or five days ago) and ends (Saturday, or tomorrow).

The algorithm is the same for all programming languages.

There are 7 days in a week. In C-like languages, such as PHP and JavaScript, they are usually indexed from 0 (Sunday) to 6 (Saturday).
Finding Sunday, therefore, is straightforward: Just subtract the index number of days from today’s date.
Saturday is more complex: We need to subtract whatever today’s index is from 6, and then add that number of days to today’s date.

Let’s take a look at an example: Today is Friday. Therefore, Sunday is 5 (Friday’s index) days previous to today. And Saturday is {6 (Saturday’s index) – 5 (Friday’s index)}, or one day, ahead.

Expressed as math, where today’s index is 5, for Friday:

5 - 5 = 0 // Friday's index - Friday's index = Sunday's index
(6 - 5) + 5 = 6 // (Saturday's index - Friday's index) + Friday's index = Saturday's index

Continue reading →

Apologies: A Server Crash Has Eaten My Media

23 September 2013Best Practices, Business, General, Security, WordPressblogging, eleganceDoug Vanderweide

I’d like to apologize to readers of this blog for a server crash that ate the contents of my wp-content directory recently.

Unfortunately, a lack of vigilance means I didn’t have a local backup of that directory, and my host doesn’t have a backup, either. So most of the images and code downloads are missing.

I plan to fix that as time allows, but time is at a premium. So please bear with me as I do my best to recover. Thanks.

More Than One Way To Skin A Map: New England GiveCamp 2013 Recap

30 April 2013Google Maps API, JavaScript, jQuery, JSON, Programming, WordPress, WordPress PluginsGiveCamp, Google, graphic design, Jim O'Neil, metadata, Microsoft, mobileDoug Vanderweide

Last weekend I was in Cambridge for the fourth annual New England GiveCamp, which brings together tech and design people with nonprofits in need of their help.

Again this year, I was team lead for The Esplanade Association, a nonprofit which cares and advocates for the eponymous park along the Charles River on the Boston side.

Last year, I lead the team that rebuilt the association’s website on a WordPress backend, tossing in some scheduling and form feedback bells and whistles.

This year, TEA was looking for an interactive map of the park. They had an embedded Google Map, but it was, in a word (and a pun), pedestrian: stock icons, little detail in generic infoWindows, etc. Expedient, but hardly exciting.

I took the project because 1. The Esplanade Association is a dream client (see last year’s recap for why) and 2. I’ve done a pile of work in the Google Maps API.

Once again, I was blessed with a team of very skilled, very dedicated and very amenable people to do most of the work: Nate Bates and Will Klein, both experienced JavaScript and Web UX men; and Bryan Phillips, a graphic designer and GiveCamp fixture. My biggest problem last week was coming up with a polite way to to ask them to wait until we were all together at GiveCamp before programming the entire solution.

That enthusiasm and ownership served us well, even allowing us (well, not “us”; Nate) to tackle fixing the website’s CSS to be responsive to screen size, in effect making it mobile.
Continue reading →

New England GiveCamp 2013 This Weekend

25 April 2013API, General, Google Maps API, JavaScript, jQuery, ProgrammingGiveCamp, Google, Jim O'Neil, MicrosoftDoug Vanderweide

I’ll be attending New England GiveCamp 2013 this weekend.

GiveCamp is a way for technical people and designers to donate their time to worthy nonprofits. Organized by Jim O’Neil and Kelley Muir and hosted at Microsoft’s New England Research and Development center on the Massachusetts Institute of Technology campus, New England GiveCamp is in its fourth year.

This year I’ll again be working with The Esplanade Association. Last year, I was the leader of the team that revamped their website. It’s a real pleasure to work with them again.

Over the weekend, we’ll be working on an interactive map, probably built on the Google Maps API, of the Esplanade’s many amenities and features. The fellows assigned to this task are already full of ideas and getting to work, so once again, I’ve been very fortunate to have highly motivated, very capable team members assigned to our task.

It’s probably going to be another hectic, exciting weekend. Can’t wait!

All links in this post on delicious: https://delicious.com/dougvdotcom/new-england-givecamp-2013-this-weekend

Microsoft’s Advice On Avoiding SQL Injection Attacks

9 August 2012Databases, MySQL, Programming, Security, SQL, Stored Procedures, Transact-SQLdata types, elegance, hacking, MicrosoftDoug Vanderweide

Not to kiss my own ass, but Microsoft’s official advice on avoiding SQL injection attacks sounds awfully familiar to readers of this blog:

Sanitize (validate) all inputs: “This helps to ensure that the input is free from characters that cause SQL injection attacks.” It also allows you to fix the form and data type of the user input, which pretty much renders basic script kiddie attacks useless.

Parameters, not strings, as query variables: “Creating dynamic queries using string concatenation potentially allows an attacker to execute an arbitrary query through the application.”

In other words, it’s harder to break this:

@person VARCHAR(20); SELECT * FROM table WHERE person = @person;

than it is to break this:

SELECT * FROM table WHERE person = 'some user string';

Stored procedures, not free-form queries: “Stored procedures by themselves do not remove SQL injection vulnerabilities. They only raise the bar on the attacker by hiding much of the underlying database schema.” That is, the attacker can’t easily find out what columns are in a table, or what type of data is in those columns, if you use a stored procedure.

Minimal permissions: “In general, database applications should be using a low-privileged account that has the minimum permissions required to execute the statements submitted to SQL Server.” As in, create a user in your SQL database whose only permission set is to execute your Web-based stored procedures, and connect to the database server as that user.

Those are the basics. And if you don’t understand how to do them, I’ll be putting together a blog series on how to convert your old string-queried Web applications into one secured with stored procedures and proper permissions.