Archive for January, 2012
The SQL FIELD() Function
Posted by mcgelligot in SQL on January 31, 2012
The FIELD() function is, in a sense, the inverse of ELT() in that ELT will return a string from a specific numbered position in an array of strings, while FIELD() returns the field position that matches (not the same as “contains”) the string listed as the first parameter. Syntax:
SELECT FIELD(‘string_to_match’, ‘string1′, ‘string2′, ‘etc.’)
Here is the field function in action:
SELECT FIELD(‘Scarlet’, ‘Melanie’, ‘Rhett’, ‘Scarlet’, ‘Ashley’, ‘Scarletta’)
This will return “3″. Though 5 contains “Scarlet”, it is not equivalent to “Scarlet”. Had position 5 also been equivalent to “Scarlet” the result would still have been only “3″. Later matches are ignored.
Both FIELD() and ELT() are a kind of test. They can be used when you are looking for one item out of a group of alternatives. The result can be cranked through a series of if/then statements or switch/case to determine a course of action. This is another place where some of the work done by the server can be taken on by the database.
EXPORT_SET() SQL Function, Why?
Posted by mcgelligot in SQL on January 30, 2012
In the course of writing my book on SQL, I had the opportunity to explore a function I had not heard of before, the EXPORT_SET() function. In my investigations about this function, I discovered that I am not the only person dubious about it. The thing is, every explanation I could find for it was nearly word for word the same down to the examples. This was a good indication that the authors were just parroting each other. When I write about a function I try to use it. At least I will go to the mySQL interface and try out a few variations on it. In this way I get a more intimate knowledge than is possible just reading something someone else has written, especially when that something else is incomplete.
My problem with the EXPORT_SET() function is that I was having trouble figuring out what I could do with it. So I investigated this aspect for an hour or two, surfing here and there I found nothing that would explain why you would ever want to use a function that basically returns an array of bits that comprise a number and lists them in reverse order. Obviously someone wrote this function for a vital purpose. I thought the purpose mignt be found in the name. EXPORT is a clue. After thorough investigation I see it has been used to port data between applications. A few thought experiments made me realize it could also be used in security as a means of encrypting data. I am sure there is more to it.
Internet Security: Why Log Out?
Posted by mcgelligot in Security on January 26, 2012
Be Secure...LOG OUT!
You know why it is important to log into your account on your various secure destinations. First, you can’t access your info unless you do! But more importantly no one else can access the info unless he or she can get your user name and password. So your account is safe right?
Wrong, there are devious ways of getting your user name and password. One easy way is through packet sniffing. I am convinced that packet sniffing is a routine operation around hotels, restaurants, etc. I have had my servers broken into TWICE while I was on vacation. Both times it was after I logged into an FTP account. Malware was installed both times and it was alot of work to get things straightened out, not to mention the fact that all that time spent trying to fix the problem put a damper on my vacations.
Well, there is no better learned lessons than those acquired in the school of hard knocks. I put my servers on SSH. That was just the start. I reviewed all php code and forms on the site. I created software to monitor changes to vulnerable pages and severely limited access to website code. Any suspicious onsite changes are logged and I am notified by email. That was two or three years ago, and I have been unassaulted since. However, without taking further precautions, I could still have been vulnerable to attack. In fact we are always vulnerable to attack, even with seemingly secure accounts especially if we go about getting into accounts while using publicly provided internet. Because through packet sniffing (someone watching the flow of traffic on a particular hub) doesn’t always need a password and a user name. They can simply piggy-back their way into your account by mimmicking your authentication process and headers. As long as your account is open a hacker could theoretically operate inside your account. The way to preclude or at least foreshorten this possibility is to LOG OUT!
I presume you are already savy enough to know that you must log out of accounts and close the browser on public computers so the next user can’t access your account.
For the user taking advantage of a “hotspot”, the best policy, especially in a public place is to make sure to have a secure connection (look for the green bar on the Url at the top of the page), know what you want to do when you log into your account, get your business done, and don’t forget to log out.
Google AdSense Does NOT Appear on Kindle Fire
Posted by mcgelligot in Miscellaneous, Statistics on January 25, 2012
I just got a Kindle Fire. I decided that I should take a look at my own websites just to see how they looked on the 7 inch screen. The sites appeared okay, but much to my wondering eyes did NOT appear… well there was no miniature sleigh or eight tiny reindeer, but neither were there any Adsense ads.
What to do? What to do? I could write an application that would change it to a different ad, maybe Chitika, when a Kindle browser shows up. In fact, I probably will do that for one or two of my sites, but so far Kindle web traffic is not high enough to worry about it too much. I have not seen too much traffic thus far from the fire, but it is sure to grow the way the item has been selling. On the other hand it seems to be a device more in tune with selling books, mags, music, and movies. The internet side will probably grow slowly. No doubt the situation can change as well.
In any case, I find Amazon’s approach interesting and also disturbing. Blocking ads on my websites is like stealing content from me. It is amazing how the big boys never play by the rules. The only way I can continue to create content is to get paid for doing so. Meanwhile I am sure the boys at Amazon think they are only tweaking Google.
It’s just one more development to react to.
X and Y Axis Page Layout
Posted by mcgelligot in Content Creation, css on January 25, 2012
The current manifestation of this blog has a column that runs up the right side and overlays the horizontal nav bar at the top. I admittedly like this look. I call it the X and Y axis page layout. This is because, for me, it resembles a cartesian plane with the column representing “y” and the nav bar representing “x”. I think I like it because it makes elegant use of the space available and over the years I have gotten tired of the same-ol’-same-ol’ with page layouts.
In any case, I decided to do a redesign of Learn Chess Rules. I decided to employ this design concept in the simplest manner possible, using something close to primary colors. I wanted to see the format in its essense. I also employed a fixed div at the bottom of the page. I like the effect, but the wife liked the ambiance of the site before I changed it. At this time many of the support pages are still in the old format, the FAQs for example, so you can see the difference.
I originally wrote the Chess Rules site in 1998. My memory has me starting at ten in the evening and working to four in the AM. If so, I was working fast. The redesign and rewrite took me two days.
The internet moves faster than a speeding bullet, and even faster than Superman. When I wrote the site it was all tables. Even though in the rewrite I employed a table here and there, where appropriate, the entire structure hangs on the <div> tag and the CSS behind it.
X and Y Axis at Learn Chess Rules
DCL SQL GRANT and REVOKE
Posted by mcgelligot in SQL on January 21, 2012
SQL is broken up into several sub-languages. One of these is DCL which stands for Data Control Language. What it is really about is designating who has permission to do what on a database. Ultimately, this is a security thing. If we could implicitly trust everyone, we would just grant all power to everyone. In the real world of the anonymous internet this would fall into the category of FAIL.
Thus, SQL gives us the ability to GRANT and REVOKE. Actually, on php myadmin in cpannel, you cannot do this with an SQL command, it is done through a UI when the user is created. Basically GRANT gives permission to do various things, and REVOKE takes those permissions away.
The system works logically in that a user has no permissions unless first granted them. Thus we have no REVOKEs without first, somewhere along the line, having a GRANT. The key to GRANTs is to keep them to a minimum. The less access users have to a database the less likely they are to screw things up. Of course, this must be balanced with the needs of the many, which Spock will tell you, out-weighs the needs of the few, we happy few, we band of brothers. Never thought you would see Spock and Henry V quoted in the same sentence did you? Suffice it to say there is a balance.
For most purposes, REVOKEs are used when an empolyee leaves a company or a user loses status (say a subscription lapses). The syntax for REVOKE follows:
REVOKE privilege
ON object
FROM user or PUBLIC or role
For a GRANT, just replace “REVOKE”.
SQL Nullification: IFNULL(), ISNULL(), NVL(), COALESCE()
Posted by mcgelligot in SQL on January 18, 2012
Okay, let’s get our act together. To find out if a cell is NULL why not just ask…ISNULL? Well, yes, this does work for mySQL. But it isn’t that simple. What if we wanted an easy way to replace the null value with something else? Good idea you say. So the powers that be at mySQL came up with IFNULL(). It looks like this:
SELECT IFNULL(column1, “alternative”) FROM table
So if the expression in column1 turns out to be NULL you can make it something else.
Where it gets a bit confusing is that some applications use ISNULL() the way mySQL uses IFNULL(). And some use a completely different syntax. NVL() is how it looks in Oracle.
But there is another way of doing this available in most applications. It is called COALESCE(). This looks alot like IFNULL (mySQL) but has the added feature that it can take multiple parameters and will in the end return the first one that it finds that is NOT NULL. So you can do something like this:
SELECT COALESCE(column1, column2, etc., “alternative”) FROM table
This will return the first not null param that it runs across. Leave the failsafe for the end.
-
You are currently browsing the archives for January, 2012
Useful Links:
