In an article in ZDNet UK, Florian Müller describes the new debate on SWPATs, which will soon start in the EU.

This time the debate around software patents in Europe is going to be ‘bigger and more complex’ according to an anti-patent campaigner.

Pro-patent companies and lobby groups are getting ready for the European Commission’s next attempt to change the law around patents.

Last year, the directive on the patentability of computer implemented inventions, commonly known as the software patent directive, was rejected by the European Parliament.

But the debate around software patents has now reopened, with the EC’s launch of a public consultation into how the patent system should be changed. Although this consultation does not mention software patents directly, there are fears that the …

The New York City PHP Conference and Expo 2006 today opened it's call for papers. All you in the community out there, I will probably be attending this conference, so if you're in the area, be sure to stay tuned. If you are a MySQL user with some cool ideas or projects (especially ones featuring MySQL 5's newest features), please submit a presentation proposal highlighting your area of expertise. I'll be doing the same.

Some nifty ideas I think might be great presentation material:

• Exploring the mysqli API interface -- How to migrate and use the newest MySQL 5 features
• Encapsulating MySQL Data Access using Object Oriented programming practices (including PDO for PHP5)
• Demonstrating PHP5/MySQL5 simple AJAX applications

Just some thoughts. Let me know your ideas, …

I’ve never used database columns that embedded defined valid values within the schema definition. Within MySQL there are 2 definitions, ENUM and SET. There are a few reasons why, but first an explanation of these data types.

In summary, using the MySQL Sample Database.

CREATE TABLE film (
film_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
...
rating ENUM('G','PG','PG-13','R','NC-17') DEFAULT 'G',
special_features SET('Trailers','Commentaries','Deleted Scenes','Behind the Scenes') DEFAULT NULL,
PRIMARY KEY (film_id)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;


So from this, the following commands allow you to inspect this information via mysql.

…

Previously I wrote about the manual search and how it had been fixed. Now I think it’s time for polish. Most of the basic keyword searches work but not all of them. The syntax keyword searches should always be spot on.

mysql.com/select syntax

Works great but the less common syntax searches fail

mysql.com/grant syntax

There really is no excuse for the syntax searches failing. These are the sections that people need the most on quick reference. I noticed tha recently the keyword searches that do work put me into the correct page and not just the search results with that page at the top. I love this! I just needs to work for every syntax search.

While I’m on the subject of manual search I would like to request a few features. Migration to newer versions isn’t as simple as just …

Chris has written a compelling piece about how the use of addslashes() for string escaping in MySQL queries can lead to SQL injection through the abuse of multibyte character sets. In his example he relies on addslashes() to convert an invalid multibyte sequence into a valid one, which also has an embedded ' that is not escaped. And in an ironic twist, the function intended to protect against SQL injection is used to actually trigger it.

The problem demonstrated, actually goes a bit further, which even makes the prescribed escaping mechanism, mysql_real_escape_string() prone to the same kind of issues affecting addslashes(). The main advantage of the mysql_real_escape_string() over addslashes() lies in the fact that it takes character set into account and thus is able to determine how to properly escape the data. For example, if GBK character set is being used, it will not …

As part of my next conference presentation Overcoming the Challenges of Establishing Service and Support Channels I’ve been struggling to find with my professional sources, any quality organisations that provide full support for a technology stack, for example a LAMP stack, or a Java Servlet stack.

Restricted to searching via online, I’ve been impressed by what I’ve found at Spike Source www.spikesource.com. An organisation with an experienced CEO, well known in the Java Industry. They certainly have all the buzz words covered in their product information.

Benefits of their SpikeSource Core Stack.

• Fully tested and certified
• Installs in minutes with integrated …

Last month, I discussed Google's XSS Vulnerability and provided an example that demonstrates it. I was hoping to highlight why character encoding consistency is important, but apparently the addslashes() versus mysql_real_escape_string() debate continues. Demonstrating Google's XSS vulnerability was pretty easy. Demonstrating an SQL injection attack that is immune to addslashes() is a bit more involved, but still pretty straightforward.

In GBK, 0xbf27 is not a valid multi-byte character, but 0xbf5c is. Interpreted as single-byte characters, 0xbf27 is 0xbf (¿) followed by 0x27 ('), and 0xbf5c is 0xbf (¿) followed …

Our favorite anti-open source article, "Winning the Linux Wars", suggested that Microsoft partners should be "Playing the R&D card" by emphasizing that "Microsoft invests north of $6 billion a year on R&D. There is nobody in the Linux world that does that."

Well, Merck (MRK) invests about $4 billion a year in R&D. Bristol-Meyers (BMY) $669 million. Eli Lilly & Co. (LLY) $2.7 billion. Pfizer (PFE) $1.8 billion. Sanofi-Aventis (SNY) a whopping $10.2 billion, or nearly half of its $20.5 billion in revenues. Together, that's about $19.5 billion a year in research and development.

Apparently, though, that's not enough. This Friday (January 20, 2006), The Wall Street Journal's "Science Journal" ran article entitled "In Switch, Scientists Share Data to Develop useful Drug Therapies" which pointed …

It's LCA time again, in the opinion of people like Ramsus and Linus among the best conferences in the world. It's the conference put on by LinuxAustralia, but this year it's held in Dunedin (New Zealand) at the University of Otago.

Brian Aker (MySQL Director of Architecture) will be there too (courtesy of the MySQL community department), as will Stewart Smith (MySQL Cluster developer - also serving on the board of Linux Australia).

We were fortunate enough to all be accepted for talks in the program. Great!
It should be lots of fun, I've been to Adelaide (2004) and Brisbane (2002) also. Note that it is a yearly event, I …

Ronald brings up an interesting point about compatibility between MySQL versions.

While some of the options are a bit harder to automatically fall back (Views/triggers/stored procedures), it's worth noting the compatibility feature that was introduced in the mysqldump bundled with 4.1:

mysqldump --compatible=name

from the help output:
Change the dump to be compatible with a given mode. By default tables are dumped in a format optimized for MySQL. Legal modes are: ansi, mysql323, mysql40, postgresql, oracle, mssql, db2, maxdb, no_key_options, no_table_options, no_field_options. One can use several modes separated by commas. Note: Requires MySQL server version 4.1.0 or higher. This option is ignored with earlier server versions.