I've got an interview this morning and the potential employer describes the contract to my recruiter like this:
SQL injection remediation
Retrofit for existing web services
Almost entirely backend
I want to bounce off, whoever is willing to contribute this am, my thoughts and ask for any additional things that you might see which would constitute a healthy addition to the conversation.
First off, Prepared Statements - being able to prevent SQL Injection by running your SQL w/o any data attached to it and binding your incoming criteria using positional or named placeholders.
Asking about their current database configuration. There's a lot of .NET mentioned, so I'm assuming they're using a SQL database. Do they have some Stored Procedures in place? Is there an approach that allows for a "retrofit" that accommodates already existing code / infrastructure so you're not having to reinvent the wheel?
I know enough about PDO to appreciate the Database Abstraction Layer and the Prepared Statements, but what else would I want to be sensitive to, given the job description, as far as what they mention in terms of "retrofitting?"
The phrase "web services" was mentioned. I don't know if that's a generic term to describe already existing web structure or they're referring to an API that's communicating via XML (https://www.tutorialspoint.com/webservices/what_are_web_services.htm
). What kind of situation would that …