MySQL

12 Things Mango Wishes He'd Known When He Was a PHP N00b.

Posted in MySQL, PHP on June 29, 2009

2


  1. Never use Register Globals.  Ever.  And if you ever even THINK of using Register Globals, and we find out, Mango is going to send someone over to your house to kick your ass.  Are we clear?

    As much as we love working with PHP, Register Globals is something that should be filed under "Monumentally Bad Ideas".  And unfortunately, it's something that, at first glance, appears convenient.  If a user submits a form to a PHP script with Register Globals enabled, the script will create a variable for each form element.  However, keep in mind that this allows your end users to set any variable in your script that they like.  Here is a common mistake that we see:
    if ($logged_in) { secret_functions_allow(); }
    In a situation like this, the author has first run some code to see if the user is logged in or not.  If so, the script will have defined the $logged_in variable.  When the above line of code fires, it will provide the user with some functions only availble to authenticated users.  Innocent enough, yes?  However, to "hack" this, all that a malicious user would need to do is form a URL like http://www.example.com/?logged_in=1.  To turn off Register Globals, add php_flag register_globals off to .htaccess or register_globals = Off to php.ini.  Many administrators ban use of Register Globals entirely, so by developing without it, your script will be more portable.  This is a good thing.

Read more...

Replacing smart quotes, em-dashes, and ellipses with MySQL or PHP

Posted in Joomla, MySQL, PHP on March 5, 2009

13


Alternate title: "Help!  My Quotes Appear as Question Marks or Other Strange Characters!"

The "Smart quotes" feature in Microsoft Office transforms straight quotes into curly quotes.  It also transforms hyphens into em-dashes and three periods into ellipses.  While one might think, "How lovely!  My document looks almost as if I'm educated!" readers of said document may not.  Microsoft, in its infinite wisdom, decided to assign special characters such as the ones I just mentioned to a range of codes above 128.  Problem: these codes were already assigned to other characters, resulting in frustrating incompatibility with non-Microsoft systems.

Keep reading for some PHP and MySQL code to help out with this issue, as well as a Joomla! plugin.

Read more...

I thought of a great way to order results in MySQL

Posted in MySQL on March 6, 2008

0


While writing a Power Search module for my accounting/customer management software, I came up with a great way to order results in MySQL.

The problem was this: some of our accounts are listed under a business name, and some are listed under a person's name.  You couldn't order by `BusinessName`,`LastName` because all the accounts that didn't have a business name listed would appear first in the list.  If you reversed it, all the accounts who had only a business name would appear first in the list.  The solution, fortunately, was beyond simple:

order by CONCAT(`BusinessName`,`LastName`,`FirstName`)

This is equivalent to saying "Sort by BusinessName, if it doesn't exist then sort by LastName, if it doesn't exist then sort by FirstName.  Yay!