PHP: Parse Dates in CSV with inconsistent date formats

A friend was having trouble with a CSV file that she needs to process via PHP before saving to database. The CSV files uploaded to the server have inconsistent date formats such as:

So I prepared a PHP script that lists possible date formats in an array $possible_date_formats and then iterates through the dates […]

Read More

Web Security: How SQL Injection is done

SQL injection is one of the most common website exploits. For us developers to prevent SQL injection attacks, we must first understand how it’s done. Together, let’s review the basics of SQL injection. Remember, let’s use our knowledge on good things only, okay? The scope of this post is only a MySQL injection sample from […]

Read More

Prevent direct access to directories of subdomains

From my hosting platform (e.g. cPanel), I created two subdomains for web apps. The web apps reside in the following directories: /foo/bar/app_one/ /foo/bar/app_two/ And the subdomains I created are accessed through these URLs: http://app_one.bar.domain.com (pointing to /foo/bar/app_one/ directory) http://app_two.bar.domain.com (pointing to /foo/bar/app_two/ directory) For security purpose, I don’t want anyone to access the web app […]

Read More

Laravel 5: activate API token guard and print “Unauthorized” instead of login redirect

In Laravel 5, I wrap my API routes in a route group like this:

Notice that I use auth:api and throttle on my middleware array. auth:api turns on the auth middleware with API token as guard, while throttle activates rate limiter for APIs. To get started with API token authentication, you may read https://gistlog.co/JacobBennett/090369fbab0b31130b51. […]

Read More