If you wish to start a blog or already have a blog and have this issue that you keep running out of ideas, I recommend that you consider the tips mentioned below to help you generate ideas for your blog posts.

1. Discuss issues with other people
When you discuss issues in your area of specialization, you get to know problems faced by other people. The moment a discussion starts; you should make mental notes. Once out of that discussion; jot the notes on text editor or a piece of paper. Using these notes you can create a new blog post based on the problems/issues discussed.

2. Research on a common pain point
Identify a pain point in your field of specialization. There could be many such pain points or problems for which people need help or solutions. To give you an example, I belong to the technical field and the pain points that I have identified are code optimization, query optimization, response times, server loads, etc.. So, identify such pain points in your field of specialization as well. Give it a thought or use Google to research. A good source is to visit forums where problems are discussed.

3. Publish solutions to problems that you faced
Build blog post ideas on the basis of the problems that you face in your day to day professional or personal life. I see no harm in publishing solutions to the problems that you dealt with. Creating a post on the basis of your solutions also serves as a repository that you could refer to later when faced with a similar problem. Beware, that you don’t expose information that is a trade secret of your company.

4. Publish analysis on news articles
Analyze news articles in general or in the area of your specialization. Don’t just copy paste articles on your site. This won’t do good to you. Analyze the article and post your understanding, concerns and reviews. A lot of blog authors publish blog articles based on their analysis of news article published on news site.

Please leave behind a comment below if you have more blog post ideas that you wish to share or disagree with some.

Getting a proper web hosting package with your required domain names is little difficult task. You will find a lot of dedicated server hosting companies offer web site design cheap domain names. You need to select the reasonable one.

Keep these practical tips in mind when developing code for your web applications. Examples shown are written in PHP and can be implemented in any language.

1. Prevent SQL Injection attacks
2. Provide additional security with backend validations
3. Validate Combo Box and List Box data
4. Convert HTML code into its entity form
5. Capture errors and show custom error page

1. Prevent SQL Injection attacks
SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web applications.

Login Example:

This example assumes that the two fields to accept username and password are ‘usr’ and ‘pwd’ respectively. You would then use these variables inside a SQL query to validate if the user exists or not. Lets look how. Following is a PHP code (this example can be converted to any web scripting language)

<?php

$usr = $_POST['usr']; // getting the usr variable from $_POST array
$pwd = $_POST['pwd']; // getting the pwd variable from $_POST array

$sql = “SELECT id FROM users WHERE username = ‘” . $usr . “‘ AND password = ‘” . $pwd . “‘”;

$result = mysql_query($sql);

if(mysql_num_rows($result) == 0) {
//we did not find any records, redirecting user to login page
header(“Location: login.php”);
}

//if we reach here, this means that all is ok

… rest of the script

?>

The above example can be hacked if the user enters the password as nothing’ OR 1 = 1

The SQL query thus formed will be:

SELECT id FROM users WHERE usr = ‘anything’ AND password = ‘nothing’ OR 1 = 1

When this query executes, it will fetch all records from the user table.

Solution:

You should escape each variable before you feed it into the SQL query using , like below:

$sql = “SELECT id FROM users WHERE username = ‘” . addslashes($usr) . “‘ AND password = ‘” . addslashes($pwd) . “‘”;

addslashes() – adds escapes special characters including a single quote and double quote. Therefore the query above after using addslashes() will look like this:

SELECT id FROM users WHERE usr = ‘anything’ AND password = ‘nothing\’ OR 1 = 1

In the above example, look at the single quote that has been escaped i.e. ‘nothing\’. This happened because the additional single quote was passed by the user as data and hence got escaped before being sent to SQL. If you observe, this causes a SQL error.

2. Provide additional security with backend validations

Using JS validation is good as it saves user time and a round trip to the server if the data that user has entered is wrong. In addition to providing the front end JS validation, you should also provide for validations at your script level. For all you know the user disabled JS on his/her page and entered bad data.

The rule is, always validate data at the backend.

3. Validate Combo Box and List Box data
Are you asking why is this needed? Sounds stupid right? Why would you want to validate data that is coming off a combo box or a list box? Reason is very simple… you could receive bad data.

Lets take an example of a form with list of countries in a drop box. I could easily crack that script by writing a program that will post data to the form posing as a browser. If I could post data programmatically, I can also pass bad data for a drop box which is not part of the initial list.

4. Convert HTML code into its entity form
You should always encode content provided by users before display. A hacker could easily provide a JavaScript as content and allow other users to display it. If you have not converted HTML code to its entity form before you display it on the browser.

PHP Code:

<?php

echo htmlentities($data); //this will convert < to < and > to $gt, etc.

?>

5. Capture errors and show custom error page
The reason why you should do this is because of two reasons:

a. It looks professional and the user is not lost with the dirty error string on screen.

b. Users don’t get to see sensitive data that could otherwise be exposed to the users. Just imagine if your database connection fails to connect, you would probably get a message stating that could not connect to the database with username and password. This one single error could give a lot of information to an attacker.

I have lately been researching on implementing dotProject for my organization. My evaluation shows that dotProject is a good Project Management tool for consulting and can also help you implement Agile development methodologies. However, I don’t find it suitable for an Internet Company with a release cycle of 2 – 3 days from development to QA to Live (this is because at various stages tasks will have to be created – which as of now is not automated – you will manually have to create them).

The requirement from my company was to use Mantis and provide integration with dotProject. I googled around and found various links leading nowhere and finally got something substantial. However, I did a bit of playing around with the code to get it working perfectly well.

Following are the steps that you will have to follow for integration:

1. You will need the Mantis integration module for DotProject. This is available at the following location
http://www.nuy.info/downloads/index.php?dir=Developments%20by%20Application/DotProject/

Download the latest version; which at the time of this writing is dp-mantis04b.zip

2. Extract the DP_Mantis.X.zip package into your dotProject Installation folder.

3. Open the dotProject_installation_folder/modules/mantis/addissue.php file for editing and follow the steps mentioned below:

3.1 Goto Line 40 (this is the line number for the dp-mantis04.zip file, yours could change as per latest release)

3.2 Edit these lines from:

$prefix = dPgetConfig( ‘mantis_dp_pref’) ;
$mantisprefix = dPgetConfig( ‘mantis_prefix’) ;
$mantis_bug_table = $mantisprefix ;

To

$prefix = dPgetConfig( ‘mantis_dp_pref’) ;
$mantisprefix = dPgetConfig( ‘mantis_prefix’) ;
$mantislink = dPgetConfig( ‘mantis_link’) ;
$mantis_bug_table = $mantisprefix ;

4. Copy dotProject_installation_folder/modules/mantis/docs/mantis/index_dp.php into the document root of your mantis installation

5. Add the contents of dotProject_installation_folder/modules/mantis/docs/mantis/config.txt to dotProject_installation_folder/includes/config.php (inside your Dotproject installation)

6. Activate/enable and show the module using the admin interface.

7. You will now see a Menu option on the top of the screen labeled ‘Mantis’ and a new tab in the Project View labeled ‘Mantis’

8. The next step is to create the userbase on the Mantis system having the same username as that of the dotProject.

9. To raise a bug, go to the Project View and click on tab ‘Mantis’ and click on Add Issue.

10. This will give you a screen to type in the title and description of issue. Once you add an issue the same will be made available through the Mantis Interface.

11. Any change that you make to the status of the issue through Mantis will get reflected to dotProject Project View as well.

Please feel free to post any comments that you might have or ask any question.