Sorry, but it’s been busy lately. You know how it is. I’ve recently had to do some work looking into how Unicode works and how to use it in PHP. Interesting stuff, certainly I think that all the guys I work with could do with reading this one. Internationalisation is important for big (successful) products – and isn’t that what everyone wants to write?
Software Development
MySQL and AUTO_INCREMENT
So, MySQL has this lovely feature – you can have a column which will default to the next integer value when you insert some data. You don’t need to set it, it just takes the next value itself.
Unsurprising, the column that is auto incrementing has to be part of a PRIMARY KEY. I mean, that’s what makes the auto increment useful.
However, sometimes I find it can be necessary to have the auto incrementing column as a secondary column in a composite Primary Key. For example, if I have two columns, ‘msg’ and ‘thread’ that are the Primary Key, and I run:
Insert into myTable (thread, text ) values ( 1, 'Andy' );
Insert into myTable (thread, text ) values ( 2, 'Fred' );
Three times, then I would expect to see:
| thread | msg | Text | ----------------------- | 1 | 1 | Andy | | 1 | 2 | Andy | | 1 | 3 | Andy | | 2 | 1 | Fred | | 2 | 2 | Fred | | 2 | 3 | Fred |
What I was getting recently was different. First, I couldn’t have a secondary column in a primary key that was auto incrementing. Odd, I was sure I’d done it that way before. So I tried using a separate key for my composite. That worked, but the data I was getting now was:
| thread | msg | Text | ----------------------- | 1 | 1 | Andy | | 1 | 3 | Andy | | 1 | 5 | Andy | | 2 | 2 | Fred | | 2 | 4 | Fred | | 2 | 6 | Fred |
Not what I wanted. Anyway, to cut a long story short, I figured out the problem – table engines. When I’d build composite primary keys using auto increment, it was on a MyISAM table type (or table engine, as I believe the new parlance is). I’ve now got the latest version of MySQL, and it seems to be defaulting to INNODB table engines. INNODB, while adding cool stuff like transaction support, won’t allow auto increment on a secondary column in a primary key.
So, there you go, hopefully someone will find that a useful thing to know. Just change your table type, and that’ll fix it.
Shell Execute and Java
I found that Windows’ ShellExecute (in the Win32 API) could be very useful, especially in the noddy VB6 applications I keep being asked to write.
Anyway, I was looking at doing something similar in Java.
This only works in Windows – but basically, you rely on the Windows performing it’s default action…
import java.lang.*;
public class OpenDocument {
public static void main (String [] Args ) {
System.out.println("Main:");
Process oProcess;
String cmd[] = { "cmd" , "/c", "start" , "C:\Java\OpenDocument\Hamlet.doc"};
try {
oProcess = Runtime.getRuntime().exec( cmd );
} catch ( Exception e ) {
System.out.println(e.toString());
}
}
}
In this case, the programme ‘starts’ a word document – that is, it opens up Word and loads in the document. This is done via the command prompt. Nuff said.
Neat idea to make login more secure
Key and mouse loggers are devices that do just that – log the keys a user presses, or the xy position of a mouse. This can also capture passwords, or options selected from web pages with the mouse if used instead of passwords.
So, here is a neat idea – scramble the buttons you need to input for each session.
If you own the box, you have mouse clicks, yes, but are you recording them? And are you also recording information about what’s being written to the display?Here’s something encouraging: my bank, Shinsei (www.shinseibank.com), requires an account number, card PIN and password for authentication to their on-line banking. They offer the option (in fact, it used to be the only option) of using the “secure input keypad” when entering your PIN. This pops up a new window with buttons from zero to nine that you click with the mouse. Even better, the buttons are placed randomly every time.
I was pretty surprised to see this coming from a bank, though they are well known for having very good IT guys.
Posted by: Curt Sampson at April 4, 2005 08:35 PM
The logout problem, and back buttoning to Login…
A guy I work with asked an interesting question today – how do you deal with users hitting the back button in their browser to take them into an application that they’ve logged out of?
I found an article at JavaWorld that gives an interesting, albeit slight confusing, approach. I made some notes based on that here, and offer some slight improvements.
To state the problem – a user (Alice) logs in to a website, does whatever, and logs out. Another user (Eve) comes along an presses the back button; the web application should not show any of the pages from the Alice’s session (or indeed, the site) until the next correct login is given. Continue reading “The logout problem, and back buttoning to Login…”
Stuff I didn't know about MAILTO this morning…
…and probably don’t want to know now. You can pass a subject, cc, bcc, body, etc..
<a href="mailto:name@domain.com,john@doe.com?cc=sales@
here.com&bcc=admin@there.com&subject=Complaint
&body=Dear sir.%0AI have a complaint to make">Mail us!</a>
From SSI Developer
How to really, really hack people off
Found a bit of a hack for Javascript – namely a way to inundate a user with windows – using MAILTO:
Consider this code:
<script>
var i;
for (i=0; i<5; i++) {
window.location='mailto:example@example.com';
}
</script>
You see what I mean? Worse might be
<script>
var i;
i = window.location;
window.location='mailto:andy@novolocus.com';
window.location = i;
</script>
Recursion is great, huh?
And an example is this link: Click with care
Pop-up blockers don’t seem to catch this one. Yum.
I know some people will say that this is correct functionality – the browsers is doing what we tell it too with the code. However, that’s true of browser pop-up windows – and we have to block them.
I don’t think that Javascript’s Window.location should be allowed to go to a MAILTO:.
Firefox plugin installer code
If you’re nerdy enough to care, here’s the code to install a new search plugin…
// Firefox plugin installer code
function addEngine(name,ext)
{
if ((typeof window.sidebar == "object") && (typeof
window.sidebar.addSearchEngine == "function"))
{
window.sidebar.addSearchEngine(
"http://www.example.com/searching/"+name+".src",
"http://www.example.com/searching/"+name+"."+ext,
name,
"" );
}
else
{
errorMsg(name,ext,"");
}
}
More on Javascript in the Link bar
So I was telling one of my friends about Javascript in the IE Links bar. Turns out that there is a name for these – Favlets – and a website. So much for my great discovery…
Anyway, it seems that mostly they’re being used to do things Firefox does by default.
Eval is Evil
Just read an article on Sitepoint about PHP’s Eval function, and basically, how it is evil.
Eval let’s you ‘run’ a string, as if it were code. Sounds useful, but I can’t say that I’ve ever found a situation where it is a good idea. Quite apart from the security risk highlighted – which is really more a question of user input validation – it seems to me that if you’re writing a programme, you should know what it is supposed to do up front.
If you already know what it is supposed to do, why would you need an eval function at all? Why not just programme it that way. Sure, I can see how eval might be a useful ‘shortcut’, but it just isn’t elegant
Andy Burns' Blog 