What is the purpose of an in-house code library?

An in-house code library can quicken the development, while also ensuring the robustness of the system. It also makes the overall process less prone to common bugs & errors. Our in-house encrypted code library helps us in:

Further accelerating the PHP’s rapid development
Setting standards for management of files & directories for a project
Preventing common security flaws left by programmers
Dynamic handling of different server configurations
Handling concurrent & nested Ajax calls & jQuery plugins
Maintaining the code and easily making the changes at a later stage
Overriding the known limitations of PHP (For instance, json_encode function of core php returns null in case the passed data contains any non-ascii character. ConvertToJson function of our code-library uses the same function but first converts the passed data to make it web compatible.)

Let’s clarify the benefits of our in-house with an example.

Let’s take the example of user login function. In the function, the query we send to database against the entered username & password will be something like:

Select * from {usertable} where username = '$username' and password='$password'

Here, $username and $password are the values entered by the user. Now, let’s suppose the user entered username & password values both as ' or ''='. Using these values, our query becomes:

Select * from {usertable} where username = '' or ''='' and password ='' or ''=''

This query will fetch the first record from database, which is generally the administrator account; consequently, the user will be able to access the website as the administrator.

Now with our encrypted code library, the PHP code will be something like:

$srch = new SearchBase('{usertable}');

$srch->addCondition('username', '=', $username);

$srch->addCondition('password', '=', $password);

$rs = $srch->getResultset();

In this case the executed query will be:

SELECT * FROM ´{usertable}´ WHERE ´username´ = '{mysql real escaped value of the posted username variable}' and ´password´ = '{mysql real escaped value of the posted password variable}'

Let’s take another code example to explain our code library’s another benefit.

Think of a case when your programmer is asked to join one more table while fetching the results from the record. In general coders will have to brainstorm a lot about where to write the ‘join’ & ‘on’ conditions in the code. With code library the same task can be achieved using the following line anywhere in the code:

$srch->joinTable('{tablename}', 'INNER JOIN', '{on phrase here}');

It is pretty much as simple as writing commands in plain English.

In a nutshell, our in-house code library makes the development process secure, robust, reliable and fast.