Skip to content
Carl Victor Fontanos
Carl Victor Fontanos

Carl Victor Fontanos

Software Engineer

I build web applications and share what I learn along the way.

© 2026

Security

10 tutorials

Step-by-step programming tutorials on PHP, JavaScript, Laravel, WordPress and more.

PHP Intermediate

Your LIKE Search Has a Wildcard Injection Bug

Prepared statements stop SQL injection - but % and _ sail straight through into LIKE patterns, letting users dump whole tables or run pathological scans. The fix is three characters of escaping.

2 min 396
JavaScript Beginner

Stop Using Math.random() for IDs: crypto.randomUUID()

Math.random-based IDs collide more than you think and are predictable by design. The browser ships a real UUID generator and a cryptographic random source - both one-liners.

2 min 3,018
PHP Advanced

The Timing Attack Hiding in Your Token Comparison

Comparing secrets with === leaks how many leading characters matched, one microsecond at a time. hash_equals exists for exactly this, and knowing when to use it is the whole trick.

2 min 1,326