Although this story is nearly a month old, I still have enjoyed reading it several times since it’s original publication date exactly one month ago. Anna Jane Grossman guest wrote the “Memory [Forever]” feature. Grossman writes on the invention, near extinction of the Rolodex, and how it’s purpose has been replaced virtually.

From the article:

When I got my first job at a newspaper in 2001, I had a small Rolodex. I got it because everyone around me had one. What’s more, people talked about their Rolodexes. “I think I have her in my Rolodex,” they’d say. Or, “If he leaves, he’s going to take his Rolodex with him.” This, of course, meant that someone’s “contacts” were veeeeery important. Sometimes, people would take a card out of their Rolodex if I needed it, and I’d go copy the information and bring it back to them. There were people who stapled cards onto Rolodex pages and people who hand wrote all the information. Cards could be added or tossed or shared with ease. It was a genius, efficient and highly personal way of staying in touch.

It’s features like this that keep me on Gizmodo… Enjoy!

In a hurry and frustrated? The last thing you need is to have to talk to the stupid robotic voice prompts when you call a company. Although these menus are probably made to direct you into the proper queue by a semi-helpful and friendly voice, you’re already on your last nerve… It would be nice to know how to finagle your way through the menus to get to a real person as quickly as possible.

With a Dial Zero application installed on your phone, you can do just that!

Dial Zero comes on the iPhone, Android, and Blackberry. It’s database currently has over 600 entries to get to a live person including tips from other users for getting what they want out of the company.

If you’re on a desktop, you’re out of luck with Dial Zero for the time being (however, their website says they’re working on it). You can use a directory like GetHuman.

As some of you may already know, I somewhat started doing a radio show at radio.loganbibby.com a few weeks ago. Started it off by doing a music format every night Monday through Thursday, which is extremely difficult even though it was 90% music. So, I went to a talk radio format every Thursday. I’ve missed the last show and will be missing this show due to a few personal things I need to get done (including school).

I will restart the show the second Thursday of May (13th). It will be two hours long with a live air 10p to 12a central with a copy of it on the site available until the next show airs.

The show will cover a lot of the things I cover on the blog: life hacks, do-it-yourself projects, geeky things, etc. It’ll also be more intensive with hardcore topics in the future. I’ll bring guests onto the show for various occasions (especially for the hardcore things, since I enjoy a good debate).

I’m not looking for any sort of fame other than a small subscriber base so I won’t be doing advertising. This will be done completely in my free time and subject to show cancellations for various things. Consider this something like YouTube shows like Ray William Johnson’s =3 or Shawn Dawson’s ShawnDawsonTV.

I’m always looking for topic ideas… Send them to radio[at]loganbibby[dot]com!

For all of you developers out there working with databases, most of you (especially if you work in the web field) of SQL injection attacks. These attacks “inject” SQL queries via user input forms or URL string queries. The SQL used in these injections are typically very bad and reek havoc upon the sites that depend on these databases. The most common example of an SQL injection is similar to that found in the “Exploits of a Mom” comic strip by xkcd:

The SQL query in the comic strip finishes the current query then deletes (the “DROP” command for most engines) the named table. The loss would be tremendous.

To fight such attacks, many developers (like myself, up to a few months ago) sanitize the hell out of their user input. However, this can be a pretty painstaking operation. Even if you put it all into an easy-to-call function, you still put in the extra system resources to calling the function.

Much of the sanitizing can be replaced, instead, by using statement parameterizing. It’s just a fancy way of saying let the database handle putting in the data. Using the MySQLi class in PHP (for instance), you can parameterize the SQL statement (mysqli::prepare). MySQL takes care of putting the variables into the statement.

Almost any language with database support (and support of prepared statements by the database, of course) supports parameterized statements. Check out Bobby-Tables.com, an online resource to preventing SQL injection. It takes a look how to parameterize statements using different languages (including PHP, dotNet, and Python). It’s a very good work in progress, in my opinion.

Do you know of any good resources or methods for  parameterizing statements or avoiding SQL injection attacks? Let a comment!