eCommerce, web & Android app development for Exmouth

Why choose New Media Aid?
Bespoke web app developers, Android app developers and ecommerce website developers for Exmouth, Devon. Our low cost cutting-edge app development team is only 163 miles away from Exmouth. The development cost of a bespoke Android app, web app or ecommerce website for organisations in Devon will usually be between £2,000 and £5,000.

We develop cutting-edge, custom-made, mobile-friendly web apps, e-commerce websites and Android apps for companies in Devon. Web, ecommerce and Android app developers you can trust to deliver modern, mobile-friendly web apps or websites as well as bespoke Android apps and ecommerce solutions only 163 miles from Exmouth.


Useful web app developers term of the day: Parameterized Queries

Parameterized queries are a way of executing SQL statements in a secure and efficient manner. They are also known as prepared statements or parameter binding.

In a parameterized query, placeholders are used in the SQL statement where the actual values will be inserted at execution time. These placeholders can be identified by various symbols, such as a question mark (?), a dollar sign ($), or a colon (:).

For example, consider the following SQL statement to retrieve data from a database table:

sql
SELECT * FROM users WHERE username = 'alice' AND password = 'mypassword';

This statement has hard-coded values for the username and password, which can be susceptible to SQL injection attacks. To make it a parameterized query, we can replace the values with placeholders:

sql
SELECT * FROM users WHERE username = ? AND password = ?;

Here, the question marks serve as placeholders for the username and password values. When the query is executed, the actual values are provided as parameters to the query. For example, in Python, we can execute this query using the execute() method of a database cursor object:

lua
cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", ('alice', 'mypassword'))

This way, the actual values are provided separately from the SQL statement, making it less prone to SQL injection attacks. Additionally, parameterized queries can be cached and reused multiple times with different parameter values, which can improve performance.

Parameterized queries are a powerful technique in database programming that help prevent SQL injection attacks and improve query performance. In this article, we'll dive into how parameterized queries work and why you should use them in your database applications.

First, let's define what a parameterized query is. A parameterized query is a SQL statement that uses placeholders for input values, rather than including the values directly in the SQL statement. For example, instead of writing a SQL statement like this:

sql
SELECT * FROM users WHERE username = 'johnsmith' AND password = 'password123';

we would write a parameterized query like this:

sql
SELECT * FROM users WHERE username = ? AND password = ?;

In this example, the "?" characters are placeholders for the input values. When we execute the query, we would provide the actual values to be used in place of the placeholders.

So how does this work? When we prepare a parameterized query, the database engine compiles the query and creates a query plan that includes the placeholders. When we execute the query, we provide the actual values for the placeholders, and the database engine substitutes the placeholders with the actual values before executing the query.

The benefits of parameterized queries are many. First and foremost, parameterized queries help prevent SQL injection attacks. SQL injection is a type of attack where an attacker attempts to inject malicious SQL code into a database query. By using placeholders for input values, parameterized queries make it much harder for attackers to inject malicious code into our queries.

Parameterized queries also improve query performance. When we use a parameterized query, the database engine only needs to compile the query once, regardless of how many times we execute it with different input values. This means that the database engine can reuse the query plan, which saves time and resources.

Another benefit of parameterized queries is that they make our code more readable and maintainable. By separating the SQL statement from the input values, we can see exactly what the query is doing without being distracted by the input values. This makes it easier to debug and modify our queries as needed.

Let's take a look at an example of a parameterized query in action. Suppose we have a table of products and we want to find all products that have a price less than a certain amount. We could write a parameterized query like this:

sql
SELECT * FROM products WHERE price < ?;

When we execute the query, we would provide the maximum price as the input value for the placeholder. For example, if we wanted to find all products with a price less than $50, we would execute the query like this:

sql
SELECT * FROM products WHERE price < 50;

By using a parameterized query, we've made our code more secure, more efficient, and more maintainable.

In summary, parameterized queries are a powerful tool in database programming that help prevent SQL injection attacks, improve query performance, and make our code more readable and maintainable. By using placeholders for input values, we can separate the SQL statement from the input values, which makes our code more secure and easier to work with. If you're not already using parameterized queries in your database applications, now is a great time to start!



Crimes reported in Exmouth
Our custom app development prices are criminally low, but not as criminal as these events recently reported in Exmouth.

What's with the crime stats?
We thought we would show you some Exmouth crimes reported in Jan 2024 to highlight how external cloud-based API data can be integrated within apps.

bicycle theft
  • Bus/coach Station (Under investigation)
burglary
  • Long Lane (Under investigation)
criminal damage arson
  • Marley Road (Under investigation)
  • Nicholas Way (Under investigation)
  • Stewart Close (Unable to prosecute suspect)
  • Barnfield Avenue (Under investigation)
  • The Strand (Under investigation)
drugs
  • Meeting Street (Under investigation)
other theft
  • Madagascar Close (Under investigation)
  • High Street (Investigation complete; no suspect identified)
  • Market Street (Investigation complete; no suspect identified)
  • Shopping Area (Under investigation)
  • Manchester Road (Investigation complete; no suspect identified)
public order
  • The Strand (Under investigation)
  • Mount Pleasant Avenue (Under investigation)
  • Shopping Area (Under investigation)
  • Pankhurst Close (Unable to prosecute suspect)
  • Cleveland Place (Further investigation is not in the public interest)
shoplifting
  • Parking Area (Awaiting court outcome)
  • Market Street (Investigation complete; no suspect identified)
  • Bus/coach Station (Under investigation)
vehicle crime
  • Cheriswood Avenue (Investigation complete; no suspect identified)
  • Jubilee Drive (Under investigation)
  • Cleveland Place (Investigation complete; no suspect identified)
  • Parking Area (Investigation complete; no suspect identified)
violent crime
  • Cleveland Place (Unable to prosecute suspect)
  • Pankhurst Close (Unable to prosecute suspect)
  • Rolle Street (Investigation complete; no suspect identified)
  • Winston Road (Under investigation)
  • Nicholas Way (Under investigation)
other crime
  • Brixington Drive (Awaiting court outcome)
  • Parking Area (Under investigation)
  • Poplar Close (Under investigation)
  • Tennyson Way (Under investigation)
  • Ryll Grove (Under investigation)
We are only 163 miles from Exmouth