This year I plan to create a new version of db4free.net, which should be bigger and better.

One of my ideas is to create a support system where users can (if they want) mark a database as "supportable" and ask for help on query writing. I often have found questions in newsgroup how a query writing problem can be solved, but it's always harder to give help if there is no data that the query is based on. So with db4free.net new, people should be able to upload their data into a supportable database and a group of MySQL experts could help them to solve the problem based on real data.

Another idea is to extend the possibility to specify IP addresses and hosts to allow access to the owner's database(s). At the moment, it's only possible to set one value for the host. In the future version I'd like to give the possibility to specify different hosts or IP addresses, each of …

It's quite a while (exactly, one week - or seven days) ago since I wrote my last article and I was wondering if that was the longest period that I didn't write anything here on my blog. And whooops - this gave me right the idea what I could write about.

I store all my blog articles together with the date in a local MySQL database. Even though the service at blogger.com works fine, it always feels safer if there is a local copy of everything that I write, for the case if ...

So I extracted the ID and the dates, on which I wrote articles into a separate table which looks like this:

mysql> SELECT id, dt
    -> FROM time_periods
    -> LIMIT 10;
+----+------------+
| id | dt         |
+----+------------+
|  1 | 2005-09-26 |
|  2 | 2005-09-27 |
|  3 | 2005-09-27 |
|  4 | 2005-09-27 |
|  5 | 2005-09-30 | …

Hey there!

Just wanted to let you guys in on a great tool that I’ve been using a lot to test and benchmark different drops of MySQL.   Quest Software has done a real nice job with Benchmark Factory in creating a visual tool that easily allows you to run many different TPC and other benchmark tests against MySQL.  It creates the schemas, populates them with data (yep, you can customize how much data you want…), runs the tests, and then gives you nice charts, graphs, and excel spreadsheets of the results.  It’s about as painless as it gets.  If you’re testing out new platforms or different variations of MySQL, you should check it out. 

In an article in ZDNet UK, Florian Müller describes the new debate on SWPATs, which will soon start in the EU.

This time the debate around software patents in Europe is going to be ‘bigger and more complex’ according to an anti-patent campaigner.

Pro-patent companies and lobby groups are getting ready for the European Commission’s next attempt to change the law around patents.

Last year, the directive on the patentability of computer implemented inventions, commonly known as the software patent directive, was rejected by the European Parliament.

But the debate around software patents has now reopened, with the EC’s launch of a public consultation into how the patent system should be changed. Although this consultation does not mention software patents directly, there are fears that the …

The New York City PHP Conference and Expo 2006 today opened it's call for papers. All you in the community out there, I will probably be attending this conference, so if you're in the area, be sure to stay tuned. If you are a MySQL user with some cool ideas or projects (especially ones featuring MySQL 5's newest features), please submit a presentation proposal highlighting your area of expertise. I'll be doing the same.

Some nifty ideas I think might be great presentation material:

• Exploring the mysqli API interface -- How to migrate and use the newest MySQL 5 features
• Encapsulating MySQL Data Access using Object Oriented programming practices (including PDO for PHP5)
• Demonstrating PHP5/MySQL5 simple AJAX applications

Just some thoughts. Let me know your ideas, …

I’ve never used database columns that embedded defined valid values within the schema definition. Within MySQL there are 2 definitions, ENUM and SET. There are a few reasons why, but first an explanation of these data types.

In summary, using the MySQL Sample Database.

CREATE TABLE film (
film_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
...
rating ENUM('G','PG','PG-13','R','NC-17') DEFAULT 'G',
special_features SET('Trailers','Commentaries','Deleted Scenes','Behind the Scenes') DEFAULT NULL,
PRIMARY KEY (film_id)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;


So from this, the following commands allow you to inspect this information via mysql.

…

Previously I wrote about the manual search and how it had been fixed. Now I think it’s time for polish. Most of the basic keyword searches work but not all of them. The syntax keyword searches should always be spot on.

mysql.com/select syntax

Works great but the less common syntax searches fail

mysql.com/grant syntax

There really is no excuse for the syntax searches failing. These are the sections that people need the most on quick reference. I noticed tha recently the keyword searches that do work put me into the correct page and not just the search results with that page at the top. I love this! I just needs to work for every syntax search.

While I’m on the subject of manual search I would like to request a few features. Migration to newer versions isn’t as simple as just …

Chris has written a compelling piece about how the use of addslashes() for string escaping in MySQL queries can lead to SQL injection through the abuse of multibyte character sets. In his example he relies on addslashes() to convert an invalid multibyte sequence into a valid one, which also has an embedded ' that is not escaped. And in an ironic twist, the function intended to protect against SQL injection is used to actually trigger it.

The problem demonstrated, actually goes a bit further, which even makes the prescribed escaping mechanism, mysql_real_escape_string() prone to the same kind of issues affecting addslashes(). The main advantage of the mysql_real_escape_string() over addslashes() lies in the fact that it takes character set into account and thus is able to determine how to properly escape the data. For example, if GBK character set is being used, it will not …

As part of my next conference presentation Overcoming the Challenges of Establishing Service and Support Channels I’ve been struggling to find with my professional sources, any quality organisations that provide full support for a technology stack, for example a LAMP stack, or a Java Servlet stack.

Restricted to searching via online, I’ve been impressed by what I’ve found at Spike Source www.spikesource.com. An organisation with an experienced CEO, well known in the Java Industry. They certainly have all the buzz words covered in their product information.

Benefits of their SpikeSource Core Stack.

• Fully tested and certified
• Installs in minutes with integrated …

Last month, I discussed Google's XSS Vulnerability and provided an example that demonstrates it. I was hoping to highlight why character encoding consistency is important, but apparently the addslashes() versus mysql_real_escape_string() debate continues. Demonstrating Google's XSS vulnerability was pretty easy. Demonstrating an SQL injection attack that is immune to addslashes() is a bit more involved, but still pretty straightforward.

In GBK, 0xbf27 is not a valid multi-byte character, but 0xbf5c is. Interpreted as single-byte characters, 0xbf27 is 0xbf (¿) followed by 0x27 ('), and 0xbf5c is 0xbf (¿) followed …