While I tried to deflect how you perform SQL Injection attacks against a MySQL procedure, my students requested that I post examples of what to do to avoid SQL injection, and what not to do to invite attacks. The best practice to avoid SQL injection attacks is too always bind inputs to data types, and avoid providing completely dynamic WHERE clauses.

Here’s the correct way to dynamically generate a result from a MySQL Stored Procedure:

CREATE PROCEDURE hello (IN pv_input VARCHAR(50))
BEGIN
  SELECT sample_id
  ,      sample_name
  FROM   sample
  WHERE  sample_name = pv_input;
END;
$$

A call to this hello procedure will only return the row or rows where the pv_input value matches the sample_name column value. Any attempt to exploit it like the one below fails.

CALL …

Have you ever wondered what was in those .frm files littered throughout your data directory? Better still, have you encountered a situation where your data is either missing (was deleted) or damaged and all you have is the .frm files but don't know the structure of the table? Well, wonder no more!

The MySQL Utilities Team is pleased to announce the newest utility - the .frm reader (mysqlfrm). This utility is designed to read .frm files and produce a facsimile of the CREATE statement for the table or view.

That's Impossible! How Can That Work?
It works by making a copy of the .frm file(s) and launching a new, read-only instance of your existing server. The server need not be running but you are required to provide an open port for the new instance with the --port option.

The utility will launch the cloned server without reading your configuration file (--no-defaults). The utility also makes some …

The MySQL Utilities Team is pleased to announce a major advancement of MySQL Utilities. It is now available as a separate download!

That's right. If you want to use MySQL Utilities without installing MySQL Workbench, you can do that now.

The Utilities release-1.3.0 has been built for Windows Installer, RPM archive, and .tar/.zip. We have also made downloads for source only if you want to use Utilities to develop your own utilities or install the product in custom location. We plan to add other repositories in the future.

Is that it? Well, not quite. We have also included a new utility - the .frm Reader. See the blog, "New Utility: .frm Reader" for more information.

If you'd like to try out the new download, visit the MySQL Workbench download page:

http://dev.mysql.com/downloads/tools/utilities/ …

The MySQL Utilities Team is pleased to announce our latest release, version 1.2.1. This release contains many quality improvements and enhancements to the HA and Replication utilities. The following lists some of the most significant improvements.

• Improved transaction gathering algorithm for failover
  • Skips slaves that are already caught up
  • Ensures all transactions in the relay logs on the slaves are executed first
• External scripts in mysqlfailover and mysqlrpladmin now receive the old and new master information
• Improved demote master handling for switchover
• Improved connection error handling
• Quoting of tables and database names has been improved
• Login-path feature now reads port and socket

The utilities team continues to focus on improving usability, making features easier to use, and …

Tokutek Technical Lead, Gerry Narvaja, among list of experts at free event hosted by SkySQL and MariaDB

read more

I mentioned in a recent post (and another recent, related post) I was going to try Visual Studio 2012 Express (as opposed to VS 2010 Express) for building MySQL 5.6 and MariaDB 10.0. on Windows.

I followed the exact same steps, but MySQL 5.6.10 would not build without fatal errors in 2012 (whereas it worked fine with VS 2010). Unfortunately, the fail errors were not too descriptive, so not quite sure what to do yet to fix it. Here is a brief snippet for those interested:

...
Done Building Project "C:\...\bld\sql\udf_example.vcxproj" (default targets).
Done Building Project "C:\...\bld\ALL_BUILD.vcxproj" (default targets) -- FAILED.
Done Building Project "c:\...\bld\package.vcxproj" (default targets) -- FAILED.
...
Build FAILED.
...

"c:\mysql\mysql-5.6.10\bld\package.vcxproj" (default target) (1) -> …

Problem: You've a large table (or two) in a database on a partition that's running out of space, and you want to see if you can move that table to another drive.

Solution: Well, several actually. No silver bullet, but several options, some with conditions and some that require preparation. Let's look at some background information first.

How MySQL Stores Data 

OK, that's somewhat of an ambitious heading for an incidental paragraph or two, so to tone it back a bit, I'll summarise briefly.

• The data directory is where MySQL stores databases, and it's set by the datadir server option. Each database is stored in a subdirectory of the data directory. You can also save a considerable amount of space without moving data around, by …

It is an industry norm, supported by analyst researches that blogs are the best informal medium to share the information.  This unique medium provides readers with increased leverage in negotiating the hard turns in their technological lives. Log Buffer makes that leverage more powerful.

Oracle:

Alan Gardner is deploying Cloudera Impala on EC2 with Example Live Demo.

If you want to follow the real news and insight into the online learning revolution, then e-Literate has always been the blog to follow.

Tuula Fai wants to do things, and when he cannot he reverts to a little help.

…

I didn’t have time to answer all of the questions during Wednesday’s MySQL webinar, “5 Percona Toolkit Tools That Could Save Your Day,” but as promised, here are all of the questions and my answers. (A recording is available here.)

Q: One of the links to download the Percona Toolkit for MySQL (percona.com/get/percona-toolkit.tgz) doesn’t work!

A: You’re right, I made a typo, the correct link is percona.com/get/percona-toolkit.tar.gz. The other links are correct.

Q: Can you run pt-query-digest on an output of the slow log on a Windows …

MariaDB 5.5 is now inside of OpenBSD, the free, functional & secure OS. The work started a few weeks ago, and now you can get MariaDB via the ports tree. And yes, it will replace the current MySQL 5.1 that ships in the next release.