Learning the hard way of not using good coding practices

I learned a lesson today of

  1. Dangers of working live
  2. Dangers of not having regular MySQL Backups
  3. Dangers of not validating code before it's written

I was creating a tool that would allow me to edit blog posts through the CMS, and with this I ran a MySQL Query containing an UPDATE statement.
But I forgot to add WHERE `x`='y' and yeah. It replaced all of my blogs with the properties of one blog post, text, URLs Stubs, HTML. The full lot.

I only have a backup of the first two blog posts, the full post I did about moving the site over to CodeIgniter - that is gone. Shame! It could be much worse, I think if I was running a much larger production then I would have taken steps to avoid it, I knew it was a possibility and it has happened in the past but only on test data.

My current hosting provider doesn't have a tool that allows me to create automatic backups. If I was hosting the site on my own solution then it would make it much easier to 1. work in a developement mode and 2. run automatic backups including SQL dumps and store the data in a secure vault.

~S Gergus

The site is being moved to CodeIgniter

Currently, this site is run on a custom home-made "Framework" API. It's loosely MVC, because I don't really edit the front-end and back-end concurrently that often.

It's recently been pointed out to me that it's not ideal to do this, for obvious security and performance reasons. Full frameworks often feature unrivialled security practices and have incredible PHP performance numbers for the functionality that they come with. So I decided to use on for this site. It looks better in terms of ability; Being able to properly use a framework is in itself a skill.

With all the frameworks available, I decided to use CodeIgniter. It's incredibly powerful and full featured, and is structured really well internally - with little configuration and simple and clean documentation. I did use Codeigniter a while ago, but it's changed greatly since then.

So yeah, you can check the progress of this particular project over on the development site here. It mirrors this site in terms of looks - but is a completely different project with it's own database etc.