Drive-by coding or scripting: Not using Object Oriented techniques while coding/scripting in order to decrease complexity and increase development speed. On the long term, this results in significant extra work.

Basically, the above is my definition of ‘drive-by coding’. I just thought of this, and was curiously surprised when my (granted, very superficial) Google search didn’t come up with web sites mentioning it. So I decided to update my blog (it’s about time…) with the definition.

I thought of it when I was scripting a simple task list for my school project in PHP. I didn’t use OOP-techniques, but just placed the PHP code between the HTML. Although it’s generally faster for smaller things, it isn’t a best prectice – obviously. But it does decrease the time needed to script something, as well as the complexity. So, in very small things, I do it. Because of the speed increase, yet not a gooed practice, I thought of ‘drive-by coding’ to name this technique. I think it’s rather fitting.

Like I said, this usually only works for small things. As your program gets bigger and you work on it more often, drive-by coding will only decrease speed and increase the complexity of your program. Furthermore, most frequently used programming languages don’t even allow you to code this way (for example, Java). But PHP does.

This is the end of a rather small and useless post. But I’m curious to see if the name catches on. We’ll see in, four, five years? So go and use it!

So, what is Cufon?

As you see the heading right above here, this is an example of what Cufon does. Basically it has taken the text between the <h2>heading</h2> and ‘replaced’ it with JavaScript-generated images of the text in the desired font. This is very handy if you want to use a non-standard font for your headings, for example. And the best thing: if the browser doesn’t support it, or has JavaScript disabled, the visitor will just see the header in the regular font!

How does it work?

Cufon actually has two parts:

1. The font generator, which converts fonts through SVG and VML to JSON;
2. The rendering engine; the JavaScript code that shows the font.

The generator

You can find the generator here, where you can select TrueType – TTF, OpenType – OTF, Printer Font Binary – PFB en PostScript fonts from your own computer to convert. After you’ve set the appropriate options, it gives you a .js file containing the font information, which you can then use.

The renderer

The renderer is nothing more than a simple (well, simple… you know what I mean) JavaScript file. You can find it here.
If you have the font and the renderer files, you can put everything together.

Putting it together

If you have the .js file of your favorite font, and the renderer .js file, then you’re ready to put it all together! This small example shows how this is done:

< !DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
        <script src="cufon-yui.js" type="text/javascript"></script>
        <script src="Vegur_300.font.js" type="text/javascript"></script>
        <script type="text/javascript">
            Cufon.replace('h1');
        </script>
    </meta></head>
    <body>
        <h1>This text will be shown in Vegur.</h1>
    </body>
</html>

And that is all! Good luck experimenting!

References

1. Cufon home page
2. Cufon font generator
3. Cufon renderer JavaScript file

The Waterfall model, a non-agile development methodology

For a long time, sequential software development was prevalent. One of these methods is known as the Waterfall model (see the image on the left). The Waterfall model originated in the manufacturing and construction industries, where after-the-fact changes were costly to say the least.

A Waterfall has several blocks, as you can see in the picture. Every ‘block’ has its own specialists who work on it. When one is completed, the work is handed down to the next block, making going back impossible (down, not up). So requirements were not allowed to be altered after the design started, and the design could not be altered when the implementation started.

As you can imagine, this form a very rigid and un-agile software development model. This may have worked fifteen years ago, but the world has sped up since then, and software development needs to change along with it.

Scrum, or SCRUM

Scrum (sometimes written capitalized SCRUM) is an agile software development methodology that has been used in large corporations such as Microsoft, IBM, Google and Crowd Control Productions (CCP) in their development of the MMO Eve Online (click here to see a presentation of CCP about Scrum and Eve on EVE Fanfest 2009).
Although considered ‘new’ by some people, Scrum was actually introduced by Hirotaka Takeuchi and Ikujiro Nonaka in 1986. In 1991, DeGrace and Stahl named this approach Scrum, after a rugby term where the whole team “tries to go to the distance as a unit, passing the ball back and forth”.

A graphical representation of the Scrum process

So, what is so agile about it and why is it more usable than the Waterfall model?
People are divided into teams (one or more) of 5 to 9 people, which will be working together for at least one “sprint”; a period of one to four weeks where a predetermined amount of features are developed. These features are taken from the ‘product backlog’; a list of prioritized items that need to be implemented in the software. This backlog is created by the Product Owner, which may be the customer, and prioritized by the Product Owner as well.
It is important to note that the team is represented by people from all relevant specialties. This may include programmers, testers, database specialists, and others.
At the beginning of a sprint cycle, the team will select the items from the product backlog it thinks can complete in the time set for the sprint (typically one to four weeks in length). These items become the ‘sprint backlog’, and contain a list of things that need to be done in a high level way. For example, so-called ‘user stories’ can be used for this. Simply put, this is a small description of the feature: “As a user, I would like to be able to send private messages to other users”, or “As an administrator, I would like to be able to ban spammers”. These user stories can not be changed during the sprint, but they can be changed before or after. The user stories are expanded into tasks, which typically take 1 to maximal 16 hours to implement.

Every day, there is a ‘daily scrum’, which is a short meeting (typically limited to 15 minutes) where every team member answers three questions:

1. Wat have you done yesterday?
2. What are you going to do today?
3. Are you running into any problems?

The Scrum Master is the ‘manager’ of the team, and is responsible for making sure the team performs optimally. This includes solving any problems team members might encounter, which can be anything from a broken calculator to customer service for a supplier not returning their calls.

When the sprint is over, there is a ‘potentially shippable product’ (e.g. the software builds and runs), and a demo is held to showcase the work done during the sprint. Then, new items can be picked from the product backlog and the next sprint can commence.

Tip of the iceberg

I think Scrum is a promising way to develop software, especially to add features or update existing software. It’s too bad you need a whole team to implement it, though, but perhaps I will use a slightly modified version on my one person projects. It is only a framework, after all.

The information in this blog post is only the tip of the proverbial iceberg. There is so much more the Scrum, that it would take me ages to type a blog post on it. If you’re interested in reading more about Scrum, I suggest you take a look at the following web sites.

• Mountain Goat Software
• The Wikipedia page about Scrum
• The Scrum Alliance

What are namespaces and why are they convenient?

‘Namespaces’ are default in almost every other (OOP) language, such as C++ and C#. They separate classes and other objects (such as methods) in logical units, mostly to avoid name collisions. A program (or web site, as is probably the case in php) may use several frameworks and libraries. These may hold methods and/or classes that are named the same, for example a class named Date. Prior to php 5.3, this would lead to the well known error “Could not redeclare class Date in file/name.php on line no“. This, of course, could be a problem when you want to use multiple frameworks and/or third-party libraries.

The problem of name colissions was dealt with before by using something called ‘poor man’s namespacing’, which has been used in, for example, the Zend Framework. This looks something like this:

< ?php
class Zend_Search_Lucene_Analysis_Analyzer_Common_TextNum_CaseInsensitive extends Zend_Search_Lucene_Analysis_Analyzer_Common_TextNum
{
	public function __construct()
	{
		$this->addFilter(new Zend_Search_Lucene_Analysis_TokenFilter_LowerCase());
	}
}

This of course is not very handy all the time. So, how do namespaces solve this problem?

Namespaces in php 5.3

A namespace in php can be thought of as an extra layer around (part of) your code. Every class en method name within it is unique and does not conflict with classes or methods with the same name in other namespaces.

To declare a namespace in php, use the keyword ‘namespace’ on the first line of your file. Your classes and methods you define below it. All code within that file will be in that namespace. Let’s look at an example on how to use namespaces:

< ?php
namespace MichielvdVelde\Core;
 
class Database
{
	public function __construct()
	{
	}
}

The class Database will now reside in the namespace MichielvdVelde\Core. If you were to make another namespace, which also holds a class named Database, this would be fine.

So, how do you use classes within a namespace? This is really kind of simple. There are two method.

Method one

Add the namespace to the declaration of the class. Like this:

< ?php
require_once 'MichielvdVelde/Core.php';
 
$db = new MichielvdVelde\Core\Database();

But this method is not really an improvement over poor man's namespacing. Therefore, there is a second method.

Method two

By using the 'use' keyward, you cam import namespaces in your code. This more closely resembles namespacing as implemented in other languages such as C++ and C#.

< ?php
require_once 'MichielvdVelde/Core.php';
 
use MichielvdVelde\Core as CORE;
 
$db= new CORE\Database();

As you can see, this is more aliasing than really importing. But still, this method is very useful.

Gotcha's

Functions are also part of namespaces

When defining functions in files with the 'namespace' keyword at the top, thsey are also part of that namespace.

< ?php
namespace MichielvdVelde\Core;
 
function getDatabase()
{
}

< ?php
require_once 'MichielvdVelde/Core.php';
 
getDatabase(); // Geeft E_FATAL error: Undefined function getDatabase()
 
use MichielvdVelde\Core as CORE;
 
CORE\getDatabase(); // This does work

Autoload changes

Autoload on Windows does not use the \ very well. You may need to change your autoload function for this:

< ?php
function __autoload($className)
{
	$className = str_replace('\\', DIRECTORY_SEPARATOR, $className) . '.php';
	require $className;
}
 
$db = new MichielveVelde\Core\Database();

Also note that you need to define __autoload within the global scope. If you define it within a namespace, php won't find it. If you do want to use the autolaod function from within a namespace, use the spl_autoload_register function:

spl_autoload_register('MichielvdVelde\\Core\\Autoloader');

Conclusion

PHP 5.3 introduces support for namespaces which will be very handy in organizing and cleaning up your code. Although it may take some time for web hosters to support php 5.3, you can experiment with it by installing the latest version of XAMPP on your omputer, which has php 5.3 included.

The Mac, the Macbook, the iPod, the iPhone, and now the iPad – God save us; Apple is taking over the world!
First of all, Apple claims it’s intention is not to compete with the personal computer and Microsoft’s operating system Windows. But we all know this is bullshit. Apple is on a Quest for World Wide Dominance and you know it! Just like the New World Order conspiracy theories, Apple is silently building a strong user base by snooping off market shares from a lot of markets!

Take over the world, while you still can

It began with the computer; the Apple Mac. But that wasn’t enough. It wasn’t enough that software developers are practically forced to write software for both Windows and Mac, no sir. Everyone calls Microsoft restrictive in their policies regarding Windows, but that is nothing compared to Apple’s stance. You couldn’t even run Mac on an ordinary pc – apparently the standardized Von Neumann architecture as implemented since the advent of the microcomputer in 1981 from IBM isn’t good enough for them (why a PowerPC CPU instead of an Intel/AMD CPU that is compatible with the rest of the world?).

Since then, Apple has showed laptops (such as the Macbook Air, an ‘ultra-thin’ laptop without even a dvd drive), MP3 and Media players (the whole iPod range, from the original iPod to ther iPod video and what not), mobile phones (the iPhone, which is more restrictive than a 18th century corset), and now the iPad – a real Apple table computer!
First of all; who would ever want to have a tablet computer? Okay, web designers maybe. But Regular Rick isn’t interested in them – at least when they’re not working in Atlantis, the city of the Ancients (Stargate Atlantis reference, if you saw it, you know what I mean).
Second, it is the TWENTY-FIRST CENTURY for crying out loud! What in God’s name was Apple thinking when they DIDN’T IMPLEMENT MULTITASKING?! As with the iPhone, where multitasking is also noticeably absent, the iPad also does not have multitasking. I can not wrap my mind around this; in a world of two, four, six or even eight core processors, the Apple hardware doesn’t even support basic multitasking – something that was possible from very early in Windows. This, in my eyes, is an idiotic decision, both from a hardware and a marketing standpoint.

Marketing: follow the hype

The iPad has Apple’s own 1GHz CPU implemented. This ARM-based processor operates at 1 Gigahertz, which is ‘quite high’ (the only other 1GHz ARM-processor is implemented in Google’s Nexus One smart phone). This tells me the iPad is not meant as a full blown computer, because even simple laptops have dual core processors these days. I guess Apple wanted to keep the costs down on the hardware (so they could charge more for the design).

The iPad is in my opinion a ridiculous addition to the Apple fleet of hardware. Things that consumers take for granted these days are not implemented, there are extreme limitations to what you can run on it (as with the iPhone, you can only download and install apps from the Apple Store, meaning Apple decides what will and what will not run on somebody’s iPad. Although jail-breaking is probably in the iPad’s future.

Basic flaws of the iPad:

• No multitasking
• No camera
• No Flash
• Not even a single USB port, no HDMI or other display ports
• Once again Apple controls the customer by determining which apps the customer can or can not run, through their App Store

So…?

So the iPad will be the next big thing.

Addition
Don’t get me wrong; I think Apple is great. The only thing I really dislike is the amount of control Apple holds over its customers, with only allowing certified applications to run – and even then, only one at a time (this is true for the mobile platforms of the iPhone and iPad). Another big objection of mine is they charge ridiculous prices for what I consider to be sub standard hardware (in terms of speed etc), just because ‘it looks nice’. But i have to applaud Apple too; the customers buy it completely. Hail Apple’s marketing strategy – the design is a one-time expense, hardware costs need to be spent with every unit.

When I was an MIT undergraduate in 1965, we all shared a computer that took up half a building and cost tens of millions of dollars. The computer in my pocket today is a million times cheaper and a thousand times more powerful. That’s a billion-fold increase in the amount of computation per dollar since I was a student.

Also, keep in mind Moore’s Law, which claims that the amount of transistors on CPU’s doubles every 18 to 24 months. Until now, this law has been true, and according to experts, will remain true for some time.
So, let’s look at some predictions made by several futurists, shall we? Let’s take a look at the next decade.

The decade according to Jack Uldrich

These are some of the predictions done by Jack Uldridge, who manages the web site Jump the Curve. He is a known futurist, author and speaker, hired by lots and lots of companies to speak at conferences and such. For more info about him, was well as hit – very interesting – blog posts, go to his web site.

Among others, Jack predicts the cost of sequencing an individual’s genome will drop to $1,000 or lower. This allows Average Joe to have his genome sequenced and will lead to personalized medical treatment and medicine based on the patient’s genes.
Furthermore, he predicts doctors will be able to operate people over the internet using robots. This will allow a specialist to operate a patient in another country without having to gly that specialist over, which is expensive. Also, brain-neural interfaces will be introduced leading to a myriad of possibilities.

To 2020; what lies on the horizon, if it were up to Ray Kurzweil

Ray Kurzweil, a ‘top futurist’, has done some predictions about the next decade as well. Let’s take a look at what the next decade has in store for us according to this man, shall we?

Memory devices will be in our clothing, and the meaning of ‘smartphone’ will transform. Instead of looking at a tiny screen, images will be projected directly on our retinas, providing an image as large as our field of view. We can expect information about things around us to be displayed on this, essentially implementing augmented reality. The Internet will make sure we can see the latest information on our screens, as well as new forms of advertising, such as floating ads in mid-air, streamed through the Internet by companies such as Google (the part about floating ads I added, but it isn’t a far stretch). We’ll watch movies and read books in this new virtual playground.
Renewable energy will take a dive and solar power costs will decrease, making it a viable – and affordable – means of producing clean energy. Other than that, our ‘software’, our base DNA, will be able to be ‘updated’; to live longer, and to reduce or remove decease and cancer.

Stay sober

Now, such wild predictions have been done for decades. Remember the ‘a fully functional humanoid robot in every household by the year 2000′? That hasn’t happened, an I suspect many of the things mentioned above will not, or to a lesser degree, happen as well. But is is important to keep in mind the technological singularity; technological advances happen quicker and quicker, and maybe in 2020 I look back at this post (assuming it still exists somewhere) and look at the ignorance of these futurists; who knows.
The next decade will without a doubt be an interesting one, with lots and lots of futuristic discoveries and new technologies emerging. To close, here are five of my predictions for the next decade:

1. Google will grow even larger;
2. We will still use fossil fuels for at least 50% of energy production, and most cars will still run on them;
3. Exciting new technologies to increase the welfare of entire counties, and even the world – for example, fields of solar panels to produce clean energy – will still not happen because of the bureaucracy and ‘budgetary constraints’;
4. Kids will still run around with guns and education will not be available for everyone;
5. And maybe one positive point; experimental UCAV’s (Unmanned Combat Areal Vehicles) will reduce the casualties of war (mostly for the United States though).

Maybe it’s a bleak view, but I’d love to be proven wrong.

What are your predictions for the decade? Comment and share your vision!

So, how cán this be done? Obviously you all know those bulky Head-Up-Displays (HUD’s) with built-in monitors so you are in a semi-real world. Some even provide head tracking so you can look around. But this still isn’t really real. So, how do we create a virtual world that approaches our consensus reality? A very interesting book series, called Netforce Explorers, sketches a novel approach to this; someone with an implant can ‘plug in’ to the Net, which is nothing more than a realistically looking world within the computer.
Although the idea of a ‘brain implant’ may scare some people away from it, this actually is really intriguing idea; the central nervous system is connected directly to the computer to provide direct neural input, bypassing the ‘real’ senses of the body.

The reason I started this post is to show you the following video. The man you see on it is Ray Kurzweil, “Inventor, Author, Futurist”. Enjoy his views on virtual reality in the future.

Required software
Before we can actually start, we need some software. We need two pieces of software. Well, we actually need one, but to use it, we need another.
You may or may not be familiar with Python. Python is a multi-purpose scripting language where even you can script in. From entire programs to dedicated scripts for data processing, it’s possible.
“So, where can I find this Python?” you ask? Well, we’ll go to python.org. Please make sure you download the 2.x.x version of Python (I am using version 2.6.4)! The newer version, in the 3.x.x range, will not work with the next piece of software we’ll need.
Install Python and go to the directory where you installed it.

The second piece of software we need it actually written in Python. It is called the Volatility Memory Forensics Framework. This software is capable of analyzing the RAM dump we made earlier. You can find the software on volatilesystems.com. Download the newest version (I am using version 1.3 beta in this post). Download, unpack and remember where you’ve unpacked it.

So, to sum up, we need the following two pieces of software, in order:

1. Python for Windows
2. Volatility Memory Forensics Framework

Download and install these two components according to the instructions above.

Step One: the command prompt and setting it up
Yes, a young person’s nightmare; the command prompt. For the older – or crazier – people among you, you are most likely quite familiar with the command prompt.

To open one, simply press the Start button, and whether or not you’re on an OS higher than XP, click “Execute…”. If you have a search field, don’t. Then type the command cmd. This will open a command prompt for you.
Now we only need to set it up. We need to add a path to the cmd’s path string. For this, you need the directory you installed Python in. For me, this is D:\Program Files\Python 2.6.4. Type in the following (change the path to Python with your own path):

This will add your Python’s install path to the paths of the command prompt. For experienced cmd/DOS people, you can of course do this in your sleep.

Now, go to the folder you unpacked Volatility in. For me, this is C:\Users\Michiel\Desktop\Volatility-1.3_Beta. I do this with the following command:

Now, you are in the folder you unpacked Volatility to. We are now ready to start for real.

Step Two: Dissect that dump!
Now you are ready to start for real. Yes – this time I mean it. If you’ve been smart enough to read the Readme.txt file that came along with Volatility, you know what is possible.

For now, we’ll just print out a list of processes that were running when the RAM dump was made. My dump is located at D:\ram.dmp. I type in the following:

This gives me a list of all running processes, as demonstrated in this image (note that it may take a while – depending on the size of your RAM dump – before any results show up):

These processes were running when I made the dump. You can for example compare the list with the list your task manager process list, to find ‘hidden’ processes that might indicate malicious behavior.

Of course the Volatility Memory Forensics Framework can do lots and lots more. You can find a list of all its options in the readme file that accompanied it. For this example’s sake, we’ll show off one more:

This produces a list of all network connections that were active when the dump was made (this, also, may take a while):

Final words
And then some final words. The Volatility Framework is of course (almost) infinity more feature rich than shown in this how-to. I encourage you to walk through the readme file, it will provide you with a list of features.
I wish you much excitement when scavenging through your own memory dumps with Volatility. In the next how-to – I have no idea when it will come, though – I will write a piece about scanning for viruses within your dump.

Hope to see you later and don’t forget to leave a comment if you liked it! See ya!

On many web sites, visitors can register themselves, for example to be able to post on the forums or place comments. These users have to fill in a password, that allows only them to log in with that specific name on that specific user account.
But, how is this password stored? There are basically three methods, ranging from dumbest to smartest:

1. Clear text, the password directly into the database or other storage medium;
2. Encrypted, the password encrypted with an algorithm (e.g. AES), with a key;
3. Hashed; a one-way hash (e.g. MD5, SHA1).

As you might suspect, storing the password as clear text is the most idiotic thing you can do! Imagine a hacker breaks into your database; he instantly has all passwords for all users on your web site. Is that what you want? I think not.

Option two is storing the password as encrypted text. This requires an encryption algorithm, such as Advanced Encryption Standard, and a key. This requires the key to be stored as well, and no matter how good you put it away. On the other hand, it allows you to decrypt the password and use it for verification. And you can give them their original password when they’ve lost it. But this still isn’t the best solution. See option three.

Option three: hashes
The third option is in my opinion, and that of a lot of people who know, hashing. A hash is, according to Wikipedia:

A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the “message”, and the hash value is sometimes called the message digest or simply digest.

So, a hash is a string that is based 0n the original text. This is handy, as it is almost impossible to reverse the hash, so the password is safe. And when you need to check a password, you simply hash the inputted password too and compare.

What kind of hash functions are there? Basicly, the following two are the most used:

1. MD5
2. SHA(1)

MD5
MD5 stands for Message Digest 5, and has been developed by Ron Rivest in 1991 to replace MD4. How can you use it in php?

// Method one
$hash = md5("password");
// Method two
$hash = hash('MD5', "password");

This results in a 32-digits hexadecimal string, for example 5f4dcc3b5aa765d61d8327deb882cf99. This is always the same for the same string. This provides a great method for password saving, because the password can never (or, with extreme difficulty) be reverse-engineered. When you need to check a password, you simply hash that too, and compare the strings.

SHA1
SHA1 is another cryptographic hash function. According to Wikipedia:

The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm.

SHA1 generates a hexadecimal string of 40 characters, instead of the 32 of MD5. SHA1 is considered more secure. Using this in php is not more difficult:

// Method one
$hash = sha1("password");
// Method two
$hash = hash('SHA1', "password");

This generates the has, for example 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8.

This is it for now. I’ll write an article about cracking hash ciphers in the furure, which is mainly brute-forcing. Bye-bye.

$connection = new mysqli('localhost','username','password');

Or, even worse:

mysql_connect('localhost','username','password');

This of course is hopelessly outdated, and with PHP version 6 on the way, will soon be removed from the standard installed libraries. But there is a better, more Object Oriented way to connect to your database, and that is PHP Data Objects.

What is PDO?
According to php.net:

The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver that implements the PDO interface can expose database-specific features as regular extension functions. Note that you cannot perform any database functions using the PDO extension by itself; you must use a database-specific PDO driver to access a database server.

PDO provides a data-access abstraction layer, which means that, regardless of which database you’re using, you use the same functions to issue queries and fetch data. PDO does not provide a database abstraction; it doesn’t rewrite SQL or emulate missing features. You should use a full-blown abstraction layer if you need that facility.

PDO ships with PHP 5.1, and is available as a PECL extension for PHP 5.0; PDO requires the new OO features in the core of PHP 5, and so will not run with earlier versions of PHP.

Connecting to your MySQL database
So, how does one use it? Below is an example for MySQL (other databases might require a slightly different approach):

$connectionString = "mysql:host=localhost;dbname=database";
$pdo = new PDO($connectionString, 'username', 'password');

Now you can use the $pdo variable to do things, e.g.:

Retrieve information from tables

$results = $pdo->query("SELECT * FROM table");
foreach($results as $result)
{
	echo $result['field'] . "<br />\r\n";
}

This is how you can read data from your database tables. Note that you don’t use the while loop and the fetch_num or fetch_assoc (or similar) in this case, but a foreach loop. You can access the field values as you would in an ordinary array.

Queries that don’t return anything: the wrong way to do it
For queries that don’t return anything, for example INSERT and UPDATE queries, PDO provides the exec method. This method returns the amount of rows affected (if any) by the query. Using it is simple:

$pdo->exec("INSERT INTO 'table' (id, value) VALUES ('1','this is the value')");

But this method is susceptible to SQL injections. Therefore, the PDO class gives us another method to insert or alter information in/from the database: prepared statements. A prepared statement is SQL injection safe and the right way to do things, especially if you need to insert or alter user submitted information. Here an example of how to use prepared statements:

$stmt = $pdo->prepare("INSERT INTO table (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);
 
// insert a row
$name = 'one';
$value = 1;
$stmt->execute();

This is a safe way to insert or update data in your database. Of course you can use prepared statements with SELECT queries as well.

The Basics
This provides you with the basics to select, insert and update data from.to your MySQL database. Later I will expand on this subject, and dive into the more complex possibilities of PDO, as wel as how to access other databases than MySQL.

Related Links

• PDO on php.net
• SQL Injection on Wikipedia