Alexander Andonov (Mordred) has written an articled called The Unexpected SQL Injection for the Web Application Security Consortium:

We will look at several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been used.

The focus of the article is stressing the importance of filtering input and escaping output, as neither is a substitute for the other, but he does so very clearly with specific examples that include queries that use integer values (sans quotes), user-supplied column names, LIMIT clauses, and LIKE clauses. A number of example exploits are supplied for …

I just found this March 2006 white paper on migrating from Oracle to MySQL. Too bad I hadn’t seen this before I gave my talk or started this blog! Go to mysql.com and click on “White Papers” under the “Discover” tab, then search the page for “A Practical Guide to Migrating From Oracle to MySQL”. (Or go directly to http://www.mysql.com/why-mysql/white-papers/ and search for it.)

Good paper on the issues involved that gives tips, references tools and case studies, and has appendices that compare syntaxes, data types, etc. Wish I had found it earlier. Good to keep poking around from time to time, to find things like this.

I've been evaluating the latest version of the MySQL Migration Toolkit to work on migrations from SQLServer 2005 to MySQL 5.1Here are some of the things I found so far:Ease of use: Very simple and fast to get up and running - I was able to get multiple databases migrated from SQLServer to MySQL without any special setup or configuration changes. Gui is straight forward and intuitive.Took a

Have you ever had a question about Innodb internal design or behavior which is not well covered in MySQL manual ? I surely had.
Now you have a great chance to have them answered !

Heikki Tuuri, Creator of Innodb will answer your Questions about Innodb at MySQL Performance Blog.

Please leave your questions as comments to this post by 5th of October and I will pass them to Heikki to reply merging with questions I have myself.

Note: due to Oracle policies Heikki will likely be unable to answer your questions about Innodb new features or timetables.

Entry posted by peter | 44 comments

Add to: …

Keith Murphy has published the 64th edition of Log Buffer, the weekly review of database blogs, on Diamond Notes. Frank Wiles is standing by to do LB#65 next week on his Revolution Systems Blog. Everyone’s doing it, and you can too! Read the Log Buffer guidelines and send me, the LB coordinator, a note [...]

Many Open Source software solutions use database per user (or set of tables per user) which starts to cause problems if it is used on massive scale (blog hosting, forum hosting etc), resulting of hundreds of thousands if not millions of tables per server which can become really inefficient.

It is especially inefficient with Innodb tables both in terms of space (some tables would keep only couple of small rows, but require at least 16K page in Innodb), keeping all tables open in Innodb dictionary and number of other challenges in IO management and recovery. For MyISAM it works better but still overhead can get significant because table_cache can't be made large enough and so a lot of table reopens needs to happen which requires table header modification, which is costly.

Of course if you can simply rewrite software to store multiple users per table it is best way to go, however quite typically this is way too much …

DRBD 8.2.0, released today, includes a much requested new feature, embodied in the new data-integrity-alg configuration option: DRBD protocol level data integrity checksums.

A few months ago, some users alerted us to DRBD replication issues where DRBD supposedly “ate their data”, i.e. corrupted replicated data in transit. Eventually we traced those problems not to DRBD errors, but in fact to network drivers messing up TCP checksums or segmentation. Typically this was related to using either TCP segmentation offloading (TSO) or TCP checksum offloading. However, at the time DRBD had no way of detecting these errors — you would only find out if you switched over to your Secondary, only to find your data not having been replicated properly.

With DRBD 8.2.0, you can check the integrity of replicated data in transit. To that end, …

First, I’d like to thank everyone who’s downloading and testing the latest MySQL 6.0 Alpha release that contains our new Falcon transaction storage engine. For those of you who haven’t yet, let me point out something you may have missed (heck, maybe those of you who’ve already downloaded 6.0 have missed it too…) - the latest release contains the first cut of Falcon tablespaces. We get requests all the time that storage engines support the concept of tablespaces, and with Falcon, you’ve got them now. You can create user-defined tablespaces via DDL, assign your tables/indexes to whichever tablespaces you want via CREATE TABLE, and move objects to different tablespaces with simple ALTER TABLE commands.

I’ve written a quick primer on Falcon tablespaces that will help get you started, so check that out and then …

It always surprised me how little Innodb team seems to think about product usability/ease of use, when it comes to settings, performance management etc.

I could understand many things 5 years ago, like a lot of information being available only in hard to parse SHOW INNODB STATUS output or even uglier hacks with creating tables such as innodb_lock_monitor to get more detailed information free space specified in table comments (which need to be parsed) etc. 5 years ago Heikki was along and he had a lot to do to make things work well so a lot of these things were just done quick and dirty way.

It is however hard for me to understand why so many years later with significantly increased team not only many of these things remain unfixed but things are still done similar way ?

Other the years variables like innodb_thread_concurrency were added with rather complicated history of …

There will be two MySQL representatives on the fifth jubilee edition of OpenFest in Sofia. Yes, there will be MySQL representatives for fifth time in a row

The lecture, which will be most interesting for me is the one about MySQL proxy. Andrey gave us a general vision on the subject a few months ago during the WebTech, and now I hope that Giuseppe Maxia will tell us some more details about it and that he will be ready to answer many questions; we are planning to give him some “hard time” since he is coming here.

The other lecturer will be Domas Mituzas. He is also a MySQL representative, but he will tell more about the creation of Wikipedia, because …