Moving from static to dynamic pages in web applications has two routes: Flat files and databases. Being that I had a C background I was unimpressed by databases, but I was intrigued by them at the same time because I didn’t understand their purpose in applications. I had very little experience with databases and would have to learn them on my own, since it was midterm at school and no one I trusted knew was able to handle PHP well enough to teach me how to make PHP handle databases. I found my way, but did a lot of stupid shit along the road.
Flat files had shown to be useful, but made it nearly impossible to update values and deleting was just as irritating. I had set my eyes on converting my blog from flat files to databases in late 2003, mainly hoping to be able to open the door up wide enough to be able to actually turn this into some money.
Building static sites has no issues. In fact it was simple enough that I was able to make a cool grand in August. September was a pain, only about three hundred. Each month that passed seemed to have more and more people asking for dynamic sites, and I didnt know how to do much beyond outputting a user and some other information that I had generated along the way, nothing along the lines of performance made it very nice to use, but it was definitely functional. My Swallowbush blog file was more than twelve pages long, and I was finally getting hit. Loading my page started taking longer and longer. Something was going to break, and it sure as shit wasn’t going to be me.
One morning I was sent an email from a reader saying that my blog was totally fucked up and I needed to straighten shit out or she was going to be dropping my site link. I hit the home page and was amazed; it was taking more than ten seconds to load the page. The issue was my file, and how I created it. Sure it worked, but it was definitely not the best I had done. My C experience was really fucking things up; I needed to learn to code PHP for what it was.
MySQL, NOT YOURS!
By far the quickest way to learn MySQL is to dive in, so I did. The first few things I read lead me to realize that I had been completely out in left field in regards to what databases could do, and why they existed, but I needed to get myself into the swing of things with PHP and MySQL as quick as I could. October of 2003 I learned to connect to a MySQL database, and December of 2003 I had someone use an SQLInjection attack to screw up my site.
SQL is a very finicky language for communication with a database, and although It’s a label given to all the different flavors of SQL, it is indeed multiple languages. MSSQL(Microsoft) and PLSQL(Oracle) and just about every other database type is paired with its own SQL language. The languages are set up in such a way to allow you the utmost control over your requests (Queries) from the database, and because of that you have to work harder, as a programmer, to keep things secure. SQLInjection is a method of, as it sounds; inserting SQL into SQL, and it usually works because a programmer doesn’t know what he is doing or having a lapse in attention. It can result in any possible command being executed on a database meaning it can be, in worst cases, truncated! All of your hard work for nothing, because some douche thought it would be cute to break into your site and give you a bullshit post of #nTRUNCATE TABLE_BLOG;#. If you name your table like that and that statement gets input, It’s all over. All of your data is gone from that table.
And that’s what happened to me… back in the day