In a hurry and frustrated? The last thing you need is to have to talk to the stupid robotic voice prompts when you call a company. Although these menus are probably made to direct you into the proper queue by a semi-helpful and friendly voice, you’re already on your last nerve… It would be nice to know how to finagle your way through the menus to get to a real person as quickly as possible.

With a Dial Zero application installed on your phone, you can do just that!

Dial Zero comes on the iPhone, Android, and Blackberry. It’s database currently has over 600 entries to get to a live person including tips from other users for getting what they want out of the company.

If you’re on a desktop, you’re out of luck with Dial Zero for the time being (however, their website says they’re working on it). You can use a directory like GetHuman.

For all of you developers out there working with databases, most of you (especially if you work in the web field) of SQL injection attacks. These attacks “inject” SQL queries via user input forms or URL string queries. The SQL used in these injections are typically very bad and reek havoc upon the sites that depend on these databases. The most common example of an SQL injection is similar to that found in the “Exploits of a Mom” comic strip by xkcd:

The SQL query in the comic strip finishes the current query then deletes (the “DROP” command for most engines) the named table. The loss would be tremendous.

To fight such attacks, many developers (like myself, up to a few months ago) sanitize the hell out of their user input. However, this can be a pretty painstaking operation. Even if you put it all into an easy-to-call function, you still put in the extra system resources to calling the function.

Much of the sanitizing can be replaced, instead, by using statement parameterizing. It’s just a fancy way of saying let the database handle putting in the data. Using the MySQLi class in PHP (for instance), you can parameterize the SQL statement (mysqli::prepare). MySQL takes care of putting the variables into the statement.

Almost any language with database support (and support of prepared statements by the database, of course) supports parameterized statements. Check out Bobby-Tables.com, an online resource to preventing SQL injection. It takes a look how to parameterize statements using different languages (including PHP, dotNet, and Python). It’s a very good work in progress, in my opinion.

Do you know of any good resources or methods for  parameterizing statements or avoiding SQL injection attacks? Let a comment!

Editor's note: This was a guest post by me on my good friend Michael's blog One-Year Tightrope.

David Shea’s The Printable CEO (or PCEO, for short) is probably one of the most revolutionary tools for productivity and organization a small business owner—anyone, really—can have in their toolbox.

The PCEO is a collection of 5 printable worksheets for goal tracking, task tracking, daily planning, planned versus unplanned tracking, and individual task tracking. (More about each after the jump.)

Shea came up with this amazing set of working because he didn’t have the ability to focus on moving his company forward:

[It] comes from the idea that a good CEO should focus primarily on those things that move the company forward; since I can’t afford to hire my own CEO, being able to print one out seemed like the next best thing! :-)

It’s about that simple to use PCEO: print, fill out, conquer. Read on. »