An in-house code library can quicken the development, while also ensuring the robustness of the system. It also makes the overall process less prone to common bugs & errors. Our in-house encrypted code library helps us in:
- Further accelerating the PHP’s rapid development
- Setting standards for management of files & directories for a project
- Preventing common security flaws left by programmers
- Dynamic handling of different server configurations
- Handling concurrent & nested Ajax calls & jQuery plugins
- Maintaining the code and easily making the changes at a later stage
- Overriding the known limitations of PHP (For instance, json_encode function of core php returns null in case the passed data contains any non-ascii character. ConvertToJson function of our code-library uses the same function but first converts the passed data to make it web compatible.)
Let’s clarify the benefits of our in-house with an example.
Let’s take the example of user login function. In the function, the query we send to database against the entered username & password will be something like:
Select * from {usertable} where username = '$username' and password='$password'
Here, $username and $password are the values entered by the user. Now, let’s suppose the user entered username & password values both as ' or ''='. Using these values, our query becomes:
Select * from {usertable} where username = '' or ''='' and password ='' or ''=''
This query will fetch the first record from database, which is generally the administrator account; consequently, the user will be able to access the website as the administrator.
Now with our encrypted code library, the PHP code will be something like:
$srch = new SearchBase('{usertable}');
$srch->addCondition('username', '=', $username);
$srch->addCondition('password', '=', $password);
$rs = $srch->getResultset();
In this case the executed query will be:
SELECT * FROM ´{usertable}´ WHERE ´username´ = '{mysql real escaped value of the posted username variable}' and ´password´ = '{mysql real escaped value of the posted password variable}'
Let’s take another code example to explain our code library’s another benefit.
Think of a case when your programmer is asked to join one more table while fetching the results from the record. In general coders will have to brainstorm a lot about where to write the ‘join’ & ‘on’ conditions in the code. With code library the same task can be achieved using the following line anywhere in the code:
$srch->joinTable('{tablename}', 'INNER JOIN', '{on phrase here}');
It is pretty much as simple as writing commands in plain English.
In a nutshell, our in-house code library makes the development process secure, robust, reliable and fast.