Experts Exchange EE News June 2009

Having trouble viewing this newsletter? View our web version to see it in your browser.

June 24, 2009 >>

What's New at Experts Exchange
Features, Geniuses and Kudos

PHP - Prevent SQL Injection
André Bolinhas wrote an Article on a nasty problem

Stepping Up To The Plate
Okay, we'll back off Twitter-bashing

More News and Notes
It's a search engine... it's a decision helper...

Nata's Corner
Shopping for an iPhone

New Certificates
New certificate holders, through June 20

What's New at Experts Exchange

back to top

New for Corporate Accounts: Experts Exchange has begun accepting purchase orders and checks for corporate accounts; you no longer need a credit card to connect your company to the site. Accounts start at one license; for more information, contact the Corporate Accounts team.

New Geniuses:

Ray_Paseur is the most recent member of Experts Exchange to achieve his second Genius certificate, this one in PHP and Databases. Joining him are first timers at reaching 1,000,000 points: Zyloch in JavaScript, apache09 in Outlook Groupware Software, cxr in PHP Scripting Language, and tbsgadi in Microsoft Access Database. Congratulations to all!


  • Sometime this week, the lowest ranking member of the Hall of Fame will have over 3,000,000 points.
  • angelIII has earned 12,000,000 points in the MS SQL Server zone.
  • jkr became the seventh member of EE to go over 12,000,000 points in his career.
  • ozo, who ranks 12th in the Hall of Fame, has earned 4,000,000 points in the Perl Programming Language zone; also at 4,000,000 points in a single zone is oBdA, in Windows 2003 Server.
  • matthewspatrick has gone over the 8,000,000 point level overall.
  • garycase has earned 6,000,000 points since joining Experts Exchange.

Mark Wills Kudos: Some people know how to get to us; Page Editor and Zone Advisor mark_wills is one of them. A couple of weeks ago, he was forced to suffer the cruel and unusual punishment for all of his sins by spending two days, with pay, driving around in a red Ferrari California (that's our boy at left), along with a Maserati Granturismo and a Maserati Quattroporte. Unfortunately, he was not allowed to take one home with him, but he still gets points for not bragging about it too much. We will confess to be slightly disappointed that there is no orange X on the side of one of the cars, though.

DennisPost got answers from wabashdbw to his question about formatting an Excel cell, but after it was closed, got even more assistance from rorya and imnorie, moving him to post in Community Support: "Both imnorie and rorya add very useful information just after the question was closed. I think they should get 250 points each for their information and dedication."

RHWeston got his Exchange server running, but email wasn't flowing in or out until he got some help from shadowless and alanhardisty, who got him up and running in a little over a day. The result: "Thanks for all the great help and follow up. This one incident has saved me more than the cost of my membership so it is well worth while."

Normally, most of the praise we see is something posted on the site, but itsmevic took a few minutes to send the office an email about RobSampson: "I'd like to recognize Rob Sampson, he has unselfishly provided his time and knowledge again and again and is the reason I keep coming back to use your service. His patience and expertise are without a doubt just a few of his shining qualities. I would hope you recognize this member, because he is truly a valuable asset to Experts-Exchange."

Work smarter. Work faster. Work better.

Put the world's best technology Experts to work for you today.

For individuals, upgrade to Premium Services.

  • Receive professional help for your IT problems
  • Save time to use on other projects or tasks
  • Improve your IT knowledge through interaction

For organizations, create a Corporate Account. In addition to Premium Service features, Corporate Accounts also...

  • Make it easy for your organization to pay for your access
  • Save you 42% or more off the standard monthly rate
  • Enable your account administrator to manages licenses
  • Allow you to pay by purchase order

Upgrade to Premium Services.
Learn More about Corporate Accounts

To make sure you get the next issue of our newsletter, please add the email address to your address book for a better viewing experience.

Tips From the Moderators

back to top

Lately, we have seen a ton of requests that ask us to check on the status of another member's open questions -- meaning, usually, that the member we are checking has a habit of abandoning them.

The best thing you should do, if you think someone is abandoning questions, is to get involved in the Cleanup program; AnnieMod is always looking for good people.

The other request we're seeing a lot of is when someone objects to the way an Asker wants to close his question -- but the way the Asker is closing it gets the objecting Expert the points.

We don't mind the objection if the Asker's action is wrong -- but please, read what the Asker is doing before you get all puffed up about it.

PHP - Prevent SQL Injection

back to top

André Bolinhas had to jump through quite a few hoops to get his article on preventing SQL injection on PHP pages, but in the end, the Page Editors determined it to be worthy of EE-Approved status.

For additional information on Articles and making sure your masterpiece is up to EE's publishing standards, check out the Article Guidelines and Article Tips zone.

SQL injection vulnerabilities have been described as one of the most serious threats for Web applications. Web applications that are vulnerable to SQL injection may allow an attacker to gain complete access to their underlying databases.

Because these databases often contain sensitive consumer or user information, the resulting security violations can include identity theft, loss of confidential information, and fraud. In some cases, attackers can even use an SQL injection vulnerability to take control of and corrupt the system that hosts the Web application.

SQL injection refers to a class of code-injection attacks in which data provided by the user is included in an SQL query in such a way that part of the user's input is treated as SQL code.By lever-aging these vulnerabilities, an attacker can submit SQL commands directly to the database. These attacks are a serious threat to any Web application that receives input from users and incorporates it into SQL queries to an underlying database.

Read the full article.

Stepping Up To The Plate

back to top

An editor by trade, a writer by avocation and an Expert by some cosmic practical joke, ericpete puts together the newsletter for Experts Exchange.

We've been ripping on Twitter for a while -- in part because we think it's a glorified Ponzi scheme, and in part because we didn't think of it first -- but never let it be said that we're not fair.

There have been some instances in which Twitter has shown that it does have some redeeming qualities. For example, for decades the White House has been at the mercy of the editors at big city news organizations and the various wire services about what information is suitable for publication. Enter Twitter and Barack Obama, and now the White House can announce those appointments of someone as the new assistant director to the undersecretary for wheat germ affairs in the department of agriculture on Twitter, and there's an outside chance someone will actually hear about it. Open government is good (it's our money, after all).

We can imagine it of being of value to fantasy football league players as well. You create a #pigskinwannabes group, and you can share all the little rumors about whether Tom Brady, recovering from an injury all last year, will let his marriage to Gisele Bündchen keep him from leading the Patriots back to the Super Bowl. (Gotcha on the link, didn't we... ) The point is that a group of otherwise disconnected people can share information of communal interest -- as long as it's done in 140 characters or less.

But Twitter showed its true potential last week as what has passed for political stability in Iran started to crumble. The news media -- all protestations by lifelong journalists, reporters and editors notwithstanding -- is dominated by very narrow perspectives. There are only a few reporters -- when you compare them to the general population -- embedded in military units, and fewer still with access to what's really going on in China or North Korea or even Washington DC. That's not a sin, but it is the reality. So no matter how much one TV crew or reporter tries, the story is going to be told based on what they see and know.

Twitter has, in the Iran situation, changed that, even if the US state department suggested it. Anyone who can get to the Internet can post, and while 140 characters can't provide a lot in the way of analysis, it's plenty when hundreds of people are providing raw information in 140 character bursts. Like zooming in on a Google map, the details make the whole picture more clear.

Now, one can always invoke a kind of sociological universality to the chaos in Iran, and argue that one riot looks pretty much like the rest -- the Los Angeles police department would probably agree at this point -- but that's like saying that there's no difference between a sore ankle and a torn Achilles tendon. Iran is different; and to its credit, by deciding to forego scheduled maintenance for a little while, Twitter has stepped up to the plate where other companies (hear that, Google? Yahoo? Microsoft?) wouldn't. Of course, with no revenue stream to worry about, Twitter didn't have much to lose -- but they walked the walk.

<Slightly off-topic>
Because everyone else is publishing it, we're going to do it too: Austin Heap, one of those 20-something guys who fixes enough things to get by, has published instructions for setting up a proxy server for Iranians to post. There's probably a Nobel Peace prize for the person who can figure one out for North Korea. And in the spirit of "Me, too", we don't want to let it pass that both Google and Facebook have added Farsi (Persian) to the lists of languages they support, while Michigan congressman Pete Hoekstra had his own take.
</Slightly off-topic>

More News and Notes

back to top

It's a search engine... it's a decision helper... it's two, two two things in one: Amid an advertising campaign that is costing enough to balance the budgets of several states, Microsoft launched Bing, its revamped search system, and did manage to see a little increase in its share of the market. Somewhere, some marketer is writing a speech for Steve Ballmer claiming 20 per cent growth in market share in ONLY A WEEK, neglecting to note that the increase is from around ten per cent to a whopping twelve per cent. Having already blown all its money, Microsoft is opting to shell out bling for Bing. We just wonder if Bing will be a bang in China.

Still, the not-so-new "decision engine" did get a reaction from Google, which trumpted features it has had for some time. The people from also launched their site, prompting a whole new cottage industry: comparing search engines.

Pediatric chiropractors filing protests: For all the money California throws away on education -- it ranks 13th in per capita spending but 28th in per pupil spending -- maybe the Governator is on to something: digital textbooks. It can't hurt; textbooks cost a fortune ($65 for an algebra book), and the companies that provide them spend a lot of money convincing schools and districts to buy new ones all the time. California ranks 48th in pupil-teacher ratio (but pays five per cent better than any other state)* and only the District of Columbia (home to that OTHER big government), Mississippi and Alabama have consistently worse test scores than California students do**. So the idea of giving kids a Kindle that can be electronically updated every fall would save a pile of money, take up less space, and would keep from hurting our children.
**Source: US Census Bureau

Sites of the week: We came across HEMA a few years ago, but were reminded of it last week. Be patient; there's always room for whimsy. (Thanks, Susan!) Also, guessing games.

Just don't enter her in the National Spelling Bee: An Iowa girl is the best texter in the US ("it feels aswm"), which, given her daily output of 500 or so messages (does a 15-year-old really have that much to say?), means that her phone must use up some power, comparatively. Good thing the folks at Stanford have found a material that might replace silicon. Because of the way electrons work, the medium would, in fact, be the message.

And in a related story, there's an old joke about being able to tell when a lawyer is lying (his lips are moving); it should have been no surprise when executives from the Big Phone Companies all denied fixing prices for text messaging. Good thing Kate Moore's parents are paying for unlimited texts.

We can't use the slugline that one of the Moderators suggested, but it has to do with Microsoft telling the EU "[Insert two letters here]": Are we the only ones who think it's downright hilarious that Microsoft, in complying with the European Union's demand that Internet Explorer be unbundled from its operating system so that users can make a choice, decided that rather than ship future versions of Windows with IE, Firefox, Opera, Safari, Chrome and any other browser that comes along (what's the word they use for that trashy pre-installed software that comes on a new PC?), it would sell Windows 7 with no browser at all. Given Microsoft's decidedly cavalier attitude towards W3C standards, it could be a stroke of (pardon the oxymoron) marketing genius.

Coolest. Mission. Ever.: NASA is going to crash a rocket into the moon. Deliberately. For Robert Heinlein fans, October 8 is going to be a kick.

Yanking the chain of the Deniers: Yep. May was warmer than usual. And speaking of yanking chains, 16-year-old Matthew Beighey, apparently an Air Cadet award winner, was charged with tapping into his high school's computer system and making it impossible for teachers to enter grades.

One way to beat the competition: Back in our newspaper days, there was one grocery store chain that would advertise items at cost (or even below) knowing that it could keep up the practice in one store -- losing money on the item -- for a long time, which forced the locally-owned guys to match the price or risk going broke. The practice seems to have been effective for Google, which still isn't telling anyone how much of a sinkhole YouTube is: a billion-videos-a-day sinkhole.

City lights: If you've never been there, Bozeman, Montana is a nice town -- the countryside is really quite beautiful. However, if you're thinking of going to work for the city, be prepared to hand over your Facebook, MySpace, YouTube, Google and Yahoo passwords.

Signs of the Apocalypse: The Chinese government has backed down on requiring its Green Dam censoring software to be installed on computers. Or not. And we promise, no jokes about a dam full of holes, and no "toldyaso" comments toward US companies that want to do business with China. Also, the IRS wants to repeal a tax, and something truly unnerving: DoubleClick's ad counter.

Nata's Corner

back to top

Nata's PictureI'm not one to buy into hype... but I do want an iPhone. No, really. I've never had anything made by Apple (my other half has an iTouch, but that's it, and I can't convince him to get me one of these, so this seems like a nice compromise). The latest version -- the 3G S -- went on sale Friday, and AT&T (yes, we all know that the editor doesn't like them) is making it easier for iPhone customers to upgrade, but since we just renewed our contract, he might decide to wait a little while for the price to come down. Then again, if even some of these add-ons become available, he might just change his mind.

Speaking of the iPhone, I saw something last week about Microsoft deciding to stop paying for its employees' cell phones -- even if the only reason the employee has a cell phone is for Microsoft business -- which makes all the more interesting what MSN has to say about the cell phone market.

Just because I want one, though, that doesn't mean I'll get it (although I did see one of WalMart's $99 iPhones last Thursday). For one thing, AT&T wants to milk me for at least six more months on my existing contract before they'll give me a discount on the phone -- but they'll be happy to upgrade me to the required iPhone plan today. Who knows. Maybe I'll just get the new Blackberry.

I spend a lot of my time reading about data breaches, security and malware, so I thought I would pass along the link to a webcast featuring Sophos titled "Top Tips To Keep Data Under Your Control". You have to be registered to participate, but it looks pretty interesting. Also, Tolomir, one of the Zone Advisors, passed along a report on how not only can malware make your computer part of a botnet, but that the bad guys will even sell access to it.

Finally, Adobe has decided to join Microsoft in giving everyone an excuse to take long lunches on the second Tuesday of the month, as it will start releasing patches quarterly. Of course, the bad guys have figured out how to use that to their advantage too. The patches haven't stopped people from falling for spear-phishing, though.

New Certificates

back to top
Expert In Topic Area Certified
ragi0017.NET Framework 3.x versionsMaster
tbsgadiAccess Coding/MacrosGuru
pteranodon72Access Coding/MacrosMaster
snusgubbenActive DirectoryGuru
debuggerauActive DirectoryMaster
dariusgActive DirectoryWizard
hc0904pcdActive Server Pages (ASP)Master
rbudjAdobe DreamweaverMaster
Philip_SparkAdobe PhotoshopMaster
rpggamergirlAnti-Spam Email SoftwareMaster
Ray_PaseurAsynchronous Javascript and XML (AJAX)Master
csharppC# Programming LanguageMaster
HarryNSC# Programming LanguageMaster
mrjoltcolaC# Programming LanguageMaster
renazonseCascading Style Sheets (CSS)Master
thehagmanCascading Style Sheets (CSS)Master
v2MediaCascading Style Sheets (CSS)Master
3nerdsCisco PIX FirewallMaster
Jay_GridleyCisco PIX FirewallMaster
azadisaryevColdFusion StudioGuru
burrcmComputer Hard DrivesMaster
torimarComputer Hard DrivesMaster
dariusgComputer ServersMaster
simsjrgComputer ServersMaster
CallandorComputer Sound CardsMaster
mrjoltcolaDatabases MiscellaneousMaster
Geert_GruwezDelphi ProgrammingSage
alanhardistyExchange Email ServerMaster
DaveHoweExchange Email ServerMaster
EndureKonaExchange Email ServerMaster
leegclystvaleExchange Email ServerMaster
shadowlesssExchange Email ServerMaster
Rajith_EnchiparambilExchange Email ServerSage
whatboyExperts-Exchange LoungeMaster
hankknightHypertext Markup Language (HTML)Master
qwertyHypertext Markup Language (HTML)Master
x_comHypertext Markup Language (HTML)Master
CEHJJava Server Pages (JSP)Guru
gibu_georgeJava Server Pages (JSP)Master
fosiul01Linux AdministrationGuru
ai_ja_naiLinux AdministrationMaster
torimarLinux SetupMaster
legalsrlMcAfee Anti-Virus SoftwareGuru
tbsgadiMicrosoft Access DatabaseGenius
jmoss111Microsoft Access DatabaseWizard
matthewspatrickMicrosoft ApplicationsGuru
peakpeakMicrosoft ApplicationsMaster
peter57rMicrosoft ApplicationsMaster
tbsgadiMicrosoft ApplicationsMaster
jaime_olivaresMicrosoft DevelopmentMaster
folderolMicrosoft Excel Spreadsheet SoftwareWizard
irudykMicrosoft Excel Spreadsheet SoftwareWizard
cool_sathish_333Microsoft Office SuiteMaster
dbruntonMicrosoft Operating SystemsMaster
merowingerMicrosoft Operating SystemsMaster
psantiangeliMicrosoft Operating SystemsMaster
leewMicrosoft Operating SystemsWizard
Corey2Microsoft Visual Basic.NetGuru
jjardineMicrosoft Visual Basic.NetGuru
carlnorrbomMicrosoft Visual Basic.NetMaster
ChloesDadMicrosoft Visual Basic.NetMaster
apeterMicrosoft Visual C#.NetMaster
DanRollinsMicrosoft Visual C++.NetGuru
burrcmMiscellaneous HardwareMaster
ChiefITMiscellaneous NetworkingMaster
harbor235Miscellaneous NetworkingWizard
gwkgMiscellaneous Web DevelopmentMaster
RQuadlingMiscellaneous Web DevelopmentMaster
Expert In Topic Area Certified
oBdAMS DOSWizard
GreatGermMS SharePointGuru
melli111MS SharePointGuru
poortateyMS SharePointMaster
CGLuttrellMS SQL ReportingGuru
TheLearnedOneMS SQL ServerGuru
pssandhuMS SQL ServerMaster
oobaylyMySQL ServerMaster
ccomleyNetwork RoutersMaster
QuoriNetwork Switches & HubsMaster
3nerdsNetworking Hardware FirewallsMaster
FrabbleNetworking Hardware FirewallsMaster
Thomas4019New to Java ProgrammingMaster
mrjoltcolaOracle 10.xGuru
angelIIIOracle 10.xSage
mrjoltcolaOracle 9.xMaster
apache09Outlook Groupware SoftwareGenius
Rajith_EnchiparambilOutlook Groupware SoftwareMaster
Ray_PaseurPHP and DatabasesGenius
Ray_PaseurPHP FrameworksMaster
cxrPHP Scripting LanguageGenius
mostartPHP Scripting LanguageMaster
yodercmPHP Scripting LanguageSage
gatorvipPL / SQLMaster
mrjoltcolaPL / SQLMaster
alexey_gusevPocket PC OtherMaster
guru_samiProgramming for ASP.NETGuru
jaime_olivaresProgramming for ASP.NETGuru
tetorvikProgramming for ASP.NETGuru
AsishRajProgramming for ASP.NETMaster
ddayx10Programming for ASP.NETMaster
jungesProgramming for ASP.NETMaster
mohan_sekarProgramming for ASP.NETMaster
williamcampbellProgramming for ASP.NETMaster
it4sohoQmail Email ServerMaster
abelRegular ExpressionsMaster
TerryAtOpusRegular ExpressionsMaster
ozoRegular ExpressionsSage
andyalderRemovable Backup MediaMaster
Rajith_EnchiparambilSBS Small Business ServerMaster
tigermattSBS Small Business ServerSage
Chris-DentScripting LanguagesGuru
jhoekmanSearch EnginesMaster
KdoSQL Query SyntaxMaster
pcelbaSQL Query SyntaxMaster
RiteshShahSQL Query SyntaxMaster
BrandonGalderisiSQL Query SyntaxSage
ezraaSQL Server 2005Master
pssandhuSQL Server 2005Master
tbsgadiSQL Server 2005Master
matthewspatrickSQL Server 2005Sage
rrjegan17SQL Server 2005Sage
brejkSQL Server 2005Wizard
nmcdermaidSQL Server 2005Wizard
RiteshShahSQL Server 2005Wizard
matthewspatrickSQL Server 2008Master
coreybryantStores & CartsMaster
mtz1of4Thunderbird Email ClientGuru
omarfaridUnix Systems ProgrammingGuru
QlemoVirtual Private Networking (VPN)Guru
tbsgadiVisual Basic ProgrammingMaster
shahprabalVisual StudioMaster
dpk_walWatchguard FirewallSage
PberWindows 2000 Operating SystemMaster
QlemoWindows 2000 Operating SystemMaster
CynepMeHWindows 2003 ServerMaster
garycaseWindows 2003 ServerMaster
Kieran_BurnsWindows 2003 ServerMaster
leegclystvaleWindows 2003 ServerMaster
Raj-GTWindows 2003 ServerMaster
dstewartjrWindows Network SecurityMaster
ParanormasticWindows Server 2008Master
dstewartjrWindows VistaMaster
leewWindows VistaMaster
speshalystWindows XP Operating SystemGuru
lamaslanyWindows XP Operating SystemMaster
unmeshdaveWPF and SilverlightMaster
MASQUERAIDXbox Video Game ConsoleMaster

Copyright © Experts Exchange LLC 2009. All Rights Reserved. Privacy Policy | Unsubscribe