Hi all!
I'm happy to announce the release of DBD::mysql 4.011, uploaded
late last night. This release fixes the following (per
Changelog):
* Renamed unsafe_bind_type_guessing, fixed some of the logic.
This
can be used to deal with bug 43822
(https://rt.cpan.org/Ticket/Display.html?id=43822)
* Patch from Daniel Frett (daniel Dot frett At ccci Dot org --
Thanks!) to fix
issue of binding sever side integer parameters (server-side
prepare
statements) resulting in corrupt data, bug 42723
(https://rt.cpan.org/Ticket/Display.html?id=42723)
* Updated documentation, cruft cleanup (as always)
One thing I'd like to fix next is building DBD::mysql on Windows.
Anyone who'd like to contribute, I'd be glad to hear …
I have synced the codebase with the 5.1.32 release of MySQL and it appears to work just fine. Sometimes frustrating that Bazaar takes a bizarre amount of time to do a merge.Download link for the source tarball are available from LaunchPad Download.As an experiment, I have built a Mac OS 10.5 installer package (x86 32bit) which I have also placed there. Took a bit of fiddling about to discover how
It is possible to generate SVG graphs directly without requiring access to the Google Chart Servers. Perl provides a wealth of libraries which can create SVG graphs (but most not quite as pretty as the charts which the Google service creates).This could be invaluable for people who want to serve all the information from their own website - for example, SSL encrypted websites - where some 'secured
“Groovy, baby!”, as international man of mystery likes to say.
It seems converting character and text data to utf8 character set is a common task for MySQL, especially during an upgrade. In fact, I had trouble with it during server and WordPress database upgrade for this blog site. I wrote about it in this post, where I explained how to do it step-by-step using a command line tool such as mysql, taking advantage of some nifty code generation trick with information_schema.
One drawback of that method is that it’s a manual process, therefore time-consuming and error-prone.
I spent some time today to cook up a simple Perl script to automate this task. See below. Remember to change MyDatabase to your database name (there are 3 places that need to be changed), and adjust the user name and password accordingly. This …
[Read more]
In Brooks Johnson's blog posting, Database Science: Are MySQL stored procedures
slow?, he mentioned how much slower MySQL's stored procedures
are and then compared it with a small piece of .Net code.
Using Perl, a stored procedure which counts to the same value is
obviously not going to be as fast as bytecode languages with JIT
compilers but it is a lot faster than MySQL's native SQL stored
procedures. These perl stored procedures are able to perform
dynamic SQL using the familiar DBD::mysql driver without any risk
of self-deadlock.
Of course, you can also write stored procedures in Java for many
databases but I haven't yet written the neccessary Type 2 JDBC
driver to perform a in-thread connection back into the database
server to be able to do sophisticated work with MySQL.
…[Read more]
Actually, what I really wanted to blog about before getting carried away with irony yesterday was an old idea on how to force my developers to use placeholders exclusively for SQL queries in applications. As should be apparent from yesterdays blog entry, I am strongly in favour of using placeholders for interpolating values into SQL queries, due to the great reduction in potential bugs (including, but not limited to, SQL injections).
Basically, wrap the database API so that all database access passes through the wrapper. This can usually be achieved, for example by subclassing DBI (for Perl) and returning such subclasses from the application connection pool, or other similar methods. Probably many large web applications already have such wrappers or use APIs that can be patched or extended appropriately.
Now add code that basically bombs out with a big …
[Read more]It is sad to see how 9X% (or should that be 99.X%?) of SQL applications are riddled with SQL injection bugs.
There really is no excuse for this. Nobody writes code like this:
sub stupid_sum {
my ($list) = @_;
my $string = shift @$list;
for (@$list) {
$string .= " + " . $_;
}
my $sum = eval($string);
return $sum;
}
Right? Just because our computers use the Von Neumann architecture, where CPU instructions and data is stored in the same memory, does not mean that we cannot distinguish between code and data (ok, so in TeX we do not, but there is a reason TeX is not pleasant to write applications in).
So when we use …
[Read more]Many, if not all, corporations control and monitor employees web surfing and email activities. Sometimes a company may choose to use automatic configuration script to enable employees’ web connection. This can be verified by:
- Internet Explorer: Tools -> Internet Options-> LAN Settings -> “Use automatic configuration script”;
- Firefox 3: Tools -> Options -> Advanced -> Network -> Settings… -> Automatic proxy configuration URL:
Sometimes you need to know a proxy server name or IP address. For instance, if you use Perl and would like to do an automatic binary install of a module, then you will need to define a proxy for cpan to use. This is the command to do that:
set HTTP_proxy=http://my.proxy.server:8000/
So obviously you need to know a proxy server name or IP address. To find that out, you need to copy the location where the automatic configuration script is …
[Read more]
I'm pleased to announce the release of DBD::drizzle 0.003. In
this release, I've made many changes, particularly those to get
it working with the stock drizzle client library, which is a bit
of a moving target, but that's how it goes with new,
quickly-evolving projects.
Caveat: This is an Alpha release.
I've added back the tests from DBD::mysql and modified them to
work with Drizzle. Some pass just fine, others report 'out of
memory'. I hope to figure this out soon, though this is that last
version where I'll use the client library that comes with
Drizzle. I'll be changing to using Eric Day's improved client
library, libdrizzle, and maybe in the process of changing
to that, will squash these bugs.
The files:
file: $CPAN/authors/id/C/CA/CAPTTOFU/DBD-drizzle-0.003.tar.gz size: 89682 bytes md5: …[Read more]
By Giuseppe Maxia
The Data Charmer, a.k.a. The Wizard, is a free lance database consultant, with a long career in several IT fields. He is well known for his Perl and SQL expertise,although he is proficient in several other languages, such as C++, shell scripts, and Italian.
He has a split personality, one of which lives in virtual space and time, floating around UTC+1. The other (or the others, as there is a dispute about how many they are) is less documented and some people believe it to be fictional. He teaches Creative Biography at the University of Euphoria, CA (also known as Euphoric State).
G.M. Hello, D.C. Thanks for agreeing to be interviewed. I'll start with a question that most people ask. Who are you?
D.C. This is not really a question I'm willing to answer. Besides, the answer would be misleading. In the Internet age, I can be several people at …
[Read more]