the singularity of being and nothingness
ColdFusion
Not Getting SQL Injected is a Good Thing
Jul 28th
Some people on the internet are jerks. They like to write scripts that roam the interblog, trying to muck with people's sites for their own gain. A common tactic is SQL injection, and it can suck out loud if you get hit with it.
Over the last week and a half, I've been attacked 5 times by the same malicious code which tries to use SQL injection to modify my database.
Wait, what is SQL injection? Basically, it's when someone takes an "in" to a query you're already running and adds their own SQL into it that executes an additional SQL command on your database. So for example, let's say you have a query that runs based off of a URL parameter, like this: http://css-imagine.com/gallery.cfm?siteID=12. In this method, my page looks to see if the URL parameter "siteID" exists, and if it does, it runs a query that looks for and retrieves information that equals the value of the argument "siteID" (here, it's '12').
What SQL injection would try to do with this, then, is to add some additional SQL to the end of my query string, hoping to find a hole to exploit and execute its own commands.
So how do More >
ColdFusion and Twitter
May 28th
Over the last several months, I've gotten into Twitter ALOT. I find it to not only be fun, but it is also an interesting social experiment. I've been surprised by how many great resources I've come across because of my followers quickly twittering something they think is cool/helpful.
Naturally, the next stage in my relationship with Twitter is to crack into its API to manipulate from my own applications. Turns out this is surprisingly easy to do. All of Twitter's functions are relatively simple and require very little to accomplish what you want to do.
So my case study was the most obvious: post an update to my "status." In ColdFusion, the entire process takes 6 lines. 6 LINES! Here they are, in all their simplistic glory:
<cfset update = "Hey, this is an update to my twitter status"><cfhttp url="http://twitter.com/statuses/update.xml" method="POST" charset="utf-8" username="existdissolve" password="mypassword"> <cfhttpparam name="user" value="existdissolve" type="formfield"> <cfhttpparam name="password" value="mypassword" type="formfield"> <cfhttpparam name="status" value="#update#" type="formfield"></cfhttp>
For this function, you do have to create a basic authentication, which merely requires passing your username and password along with the status message. Very simple, but very cool!
So yeah, that's about it. There's a whole slew of functions in Twitter's API, but hopefully this shows More >
ColdFusion and Technorati – A Quick Example
Dec 16th
Today, a client of mine (deviantmonk.com ) contacted me and requested that I set up a way for Technorati to be updated when posts are created and updated.
Although I have certainly heard of Technorati , until today I had not had any exposure to everything that it does. One feature is that it acts as a blog aggregator of sorts. Admittedly, it has some nice functionality: besides displaying posts from blogs, it also includes comments and is smart enough to get username and avatar information. The downside is that Technorati–like Google and other content aggregators–only update sites as their bots get to them. Obviously, left to itself, this can take some time, and posts which were made yesterday could not appear for several days (or longer).
Fortunately, Technorati has a nice webservice that allows users to ping the server to alert it to changes to the blog content. Admittedly, the update still takes about 10 minutes, but that is still better than the unacceptable alternative…
So anyway, the webservice is extremely simple. I wrapped up the relevant code in a nice ColdFusion function and simply invoked it on the end of my normal post processing. The enitrety of the code is as follows:
<cffunction More >
Webservices in ColdFusion
Sep 18th
Today, for work, my boss asked for me to create a bit of functionality that would allow users to return lists of people from a database who live within [x] miles of an entered zip code. I've never created something like this before, but I've been around long enough to know that this kind of functionality requires gigantic databases of zip codes, trigonometric calculations, etc. simply to return the distance between two zip codes.
Fortunately, others have created such things and have kindly sydicated them as webservices. Webservices are very simple–they are a collection of functions that are remotely accessible to developers. So, if you want to create a search for Amazon books on your website, you hook up to Amazon's book-syndication service, call the appropriate method (like "getBooks()" or something) and use whichever programming language you is using to parse out the information in a usable fashion. Here's the one I'm using:
http://webservices.imacination.com/distance/Distance.jws?wsdl
ColdFusion makes stuff like this ridiculously easy within its "cfinvoke" tag. In about 4 lines of code, you call the method, pass in the method's require arguments, and create a variable for usage later on.
<cfinvoke webservice="http://webservices.imacination.com/distance/Distance.jws?wsdl" method="getDistance" returnvariable="distance">The zip code webservice required two arguments, "fromZip" and More >
