Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reports from the MySQL Users Conference

Posted by Zonk on from the dolphin-party dept.

Eh-Wire writes "OnLamp is reporting on the MySQL Users Conference that is currently underway. Among the highlights are the announcement that the code for MySQL 5.0 is now complete. Axmark and Widenius suggest that squashing bugs is the key behind the success of MySQL. Michael Tiemann from Red Hat and the OSI delivered a keynote on "Defining Open Source". He suggests that Microsoft's "shared source license" has been a complete failure at the design level."

75 of 109 comments (clear)

  1. MySQL's New Slogan by Anonymous Coward · · Score: 5, Funny

    "We're catchin' up!"

  2. ...Reports from the MySQL Users Conference by waldoiverson · · Score: 4, Funny

    i don't think i've ever seen MySQL output a report like this...must have been a weird query.

  3. Squashing Bugs Good? by mwkaufman · · Score: 5, Funny

    Who knew? Maybe Microsoft should follow this brilliant business plan.

    1. Re:Squashing Bugs Good? by EnronHaliburton2004 · · Score: 1

      Why start now?

      They make billions of dollars a year without squashing bugs. Squashing bugs would only lead to the financial decline of Microsoft.

      --
      94% of Repubs and 21% of Dems voted to renew the Patriot Act
  4. Objection, redundant by Tackhead · · Score: 5, Funny
    > Microsoft's "shared source license" has been a complete failure at the design level.

    Due to the rising cost of energy, ink, and/or toner, we urge all authors to reduce their word count wherever possible. For instance, the string ('s "shared source license") in the preceding article is redundant and may be eliminated.

    Thank you for your co-operation.
    - The Management

  5. From the Article by DarkHelmet · · Score: 4, Interesting
    "MySQL 5.0 is code complete"

    So does this mean they're still doing bugfixes? Or they're doing testing? Or it's going to come out any moment?

    Or does it mean that they're no longer implementing new features, which means they're in beta. If that's the case, we knew that much already.

    --
    /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
    1. Re:From the Article by Surt · · Score: 2, Informative

      Traditionally code complete means all features implemented, alpha testing can begin.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
    2. Re:From the Article by tokie · · Score: 1

      I'm fine with MySQL 4.1. with all the Unicode support and other

    3. Re:From the Article by gleam · · Score: 1

      In their case they're claiming 5.0 is "beta" not alpha.. 5.0.0/1/2 were all alpha, 3 and 4 are beta. At least that's my memory.

      It was a good conference. Very nice to see the number of attendees double in just a year.

      --
      this .sig is not a .sig.
  6. Mysql needs to Improve by RedElf · · Score: 4, Interesting
    It still has a long way to go, over the last weekend I spent several hours trying to recover data from a backup (mysqldump) because of dataloss due to mysql database corruption on server version 4.0.20.

    Sure it seems ok if you want to run a small, fast, dynamic website that doesn't contain any real valueable data.

    For serious data needs, in my projects I'll choose Sql-Server over mysql any day of every week. I'm not saying Sql-server is the best choice, but its ahead of mysql when it comes to data integrity.

    --
    You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads!
    1. Re:Mysql needs to Improve by Anonymous Coward · · Score: 1, Interesting

      tried postgresql?

    2. Re:Mysql needs to Improve by eakerin · · Score: 3, Informative

      Data corruption has nothing to do with data integrity.

      Data corruption is caused by either a software bug, or hardware problems, and it's a problem with the data as it's layed out in the database's backing file. This type of failure can happen with any RDBMS. I've personally had it happen a few times with MSSQL server. All times were easily repaired with either a re-index of the table, or a partial table restore.

      Data integrity is the database ensuring that when you want to have an entry in another table for each row in a table, that you do.

    3. Re:Mysql needs to Improve by poot_rootbeer · · Score: 1, Funny

      To sum up parent's comment:

      If you need high availability but not strong data integrity, choose MySQL.

      If you need strong data integrity but not high availability, choose MS SQL Server.

    4. Re:Mysql needs to Improve by superpulpsicle · · Score: 2, Interesting

      While people mark that as Funny. Most people/companies/mission-critical-places still choose Oracle over MS SQL and MySQL. I really would like to see MySQL 5.0 compete and actually topple oracle in the market place.

    5. Re:Mysql needs to Improve by eh2o · · Score: 1

      data corruption can also be caused by lack of sufficient features.

      case in point, journaled vs. non-journaled filesystems, or the RDBMS equivalent which is write-ahead-logging (e.g., postgres).

    6. Re:Mysql needs to Improve by bluGill · · Score: 3, Insightful

      If you are looking for an Oracle replacement try postgresql. Depending on what your needs are it might be better than Oracle, though if you needs are typical of what a business wants Oracle is likely better. Being open source (and more free than MySQL is, as the license is BSD) people do hack it to add weird things to their database.

      There are a number of open source databases. MySQL gets the press. That does not mean it is best for your purpose, so you really should examine them all yourself.

      Which is best is partially a matter of opinion. Mine is that between sqlite on the low end and postgresql on the high end there isn't much room for more general purpose SQL databases. Of course there are others, I'm not going to list them all because I'll forget at least one if I try.

    7. Re:Mysql needs to Improve by eh2o · · Score: 1

      i think you meant to say "performance" not "availablity"...

      and fwiw mysql is only high performance in read-mostly non-transactional environments.

    8. Re:Mysql needs to Improve by dheltzel · · Score: 1
      If you need high availability but not strong data integrity, choose MySQL.

      If you need strong data integrity but not high availability, choose MS SQL Server.

      And if you need both, choose Oracle or Postgresql, depending on whether low price or enterprise-grade support is more important to you.

    9. Re:Mysql needs to Improve by TexVex · · Score: 4, Informative
      Data integrity is the database ensuring that when you want to have an entry in another table for each row in a table, that you do.
      That's referential integrity. For example, if your database enforces referential integrity between an accounts payable and a payable entities table, if you delete a payable entity then all associated payables records would be cascade-deleted along with it.

      And, as an aside, generally if you're going to maintain a record-for-record relationship between two tables, you might as well combine them into a single table.

      Data integrity is making sure your data is complete and accurate. The database can assist with this by the enforcement of rules when entering, deleting, and updating information. Extending the above example, you might preserve data integrity by disallowing deletion of a record from the payable entities table when there is a non-zero balance on that account or there has been activity on that account in the past three years.
      --
      Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
    10. Re:Mysql needs to Improve by Michalson · · Score: 4, Insightful

      Your perception of "data integrity" seems very limited, either that or you don't a thing and you're just bullshitting based on your knowledge of "data integrity" in other fields.

      In the professional world of databases data integrity is ensured by the ACID compliance of the database. In your post though you only seem to understand the C in ACID, "Consistency". The problem is that out of the box MySQL will often fail the Atomicity and Durability requirements of ACID (and doesn't even attempt I). That means the database or a table can be left in a corrupt, unrecoverable state if interrupted by any number of things (you don't just lose the latest additions, you lose everything, forcing you to restore from a hard backup as grandparent did).

      To properly understand this, look at another area where ACID is used. If you are using a disk formatted with FAT32 or ext2 and your computer crashes, you'll end up being forced to run scandisk/e2fsck, which has to go over the entire disk structure looking for errors. In many cases the errors it finds (due to an operation being interrupted leaving the disk in a corrupt state) are not recoverable and if left unchanged will mess things up even more. So you get little chunks of the disk (CHK files when using scandisk) that the system has no idea what to do with (databases are far more interconnected, making one unrecognizable element break the whole thing). On the other hand more modern disk systems (NTFS and ext3) borrow methods from the database world, resulting in a disk system that is ACID compliant. When the system crashes or is rebooted by a power failure, it doesn't spend 20 minutes checking the disk for errors it won't even be able properly fix, it just uses it's Durability feature to "instantly" restore the disk to the last good state (on a standard ext3 formatted 7200rpm drive "instantly" is less then 2 seconds).

      The only way to make MySQL ACID compliant (and thus durable enough to store information that's actually important) is to use InnoDB tables instead of MySQL's fast default MyISAM tables. Even then, by InnoDB's own documentation, its particular form of ACID compliance is heavily dependent on how and when the OS writes to disk - you can still end up with unrecoverable InnoDB tables if the system crashes, making InnoDB more a device for its transactional programming capabilities and row level locking then it's long term data integrity features (A, C and I). With real world databases a crash simply means you lose the latest changes, not the whole table (to be redundent, the D in ACID, Durability).

    11. Re:Mysql needs to Improve by gumbi+west · · Score: 1
      Do you mean where they write, about how even oracle looses data sometimes But that you can always recover if you have a backup and your binary log?

      I've screwed up my DBs many times with my own stupid mistakes, and the backup and binary log have always come to the rescue and worked far faster than I expected. In general, if you loose one transaction and can't fix the table yourself, I'd say you should ask the expert in your environment for some help, or at least admit to your own shortcomings to your management.

    12. Re:Mysql needs to Improve by LnxAddct · · Score: 1

      If you want to replace Oracle, another post recommended Postgres, I am recommending Ingres. Ingres and Postgres come from similar lineage except Ingres was comercial, built up to be extremely robust and for many years was Oracle's biggest competition and even today still has more databases deployed then all open source databases together (or so claimed one review I read while researching database alternatives myself). Once CA bought Ingres, development slowed down greatly after 1994, however a decade later they released it as open source, and over the past year new life has been breathed into it. It is still the closest open source databse you'll get compared to Oracle. In fact, in many regards it is better. The one down fall is documentation, but you can always buy support from CA. In all honesty though, if Oracle does what you want, why not keep it? Sure its expensive, but its worth it and very capable. If you arent using it to its full potential then switch, otherwise keep it. Your money is better in Larry Ellis's pockets then in Bill Gate's.
      Regards,
      Steve

    13. Re:Mysql needs to Improve by Cyno · · Score: 1

      Okay, so which GPL database passes this LSD test?

      And what's the I stand for?

    14. Re:Mysql needs to Improve by Michalson · · Score: 2, Informative

      I = Isolation
      Basically it means that when multiple users are performing operations on the database they should not be able to screw each other up (for example if two users execute an UPDATE on a table, they should not overlap and produce crazy results).

      To be technical MySQL does perform the basics of isolation - individual operations are properly isolated from one another by way of ugly full table locking (this is why MySQL [the default MyISAM tables] does so poorly at concurrent inserts and other write operations). However to properly fufill the requirements of isolation you need to actually be able to do entire human operations in isolation. For example executing a series of SELECT/INSERT/UPDATE/DELETE operations (that together do an actual job) knowing that the data won't change right in the middle. These are called transactions, and you'll need to switch to InnoDB tables to get them (InnoDB also has row level locking).

      As for other databases that pass that ACID test, well basically all of them do. MySQL is the exception to the rule, owing mainly to the fact that it's more of a fast selecting engine with database like features, instead of a stripped down database built for speed. Off the top of my head SapDB is GPL (and ACID of course), though all of the other big open source databases I can think of are under some other more free licence (Firebird [ACID], Postgre [ACID], SQLite [ACID!])

    15. Re:Mysql needs to Improve by gumbi+west · · Score: 2, Insightful

      To be fair, you would have to include MySQL in that list since you cau use the InnoDB tables as well. Also, if you lock all the tables you are using with MyISAM tables you can get isolation... just not so nice for other users.

  7. well.. by quark007 · · Score: 3, Insightful

    >> He suggests that Microsoft's "shared source license" has been a complete failure at the design level." I agree with what Tiemann says..but to an extent. MySql an JBOSS are now commercial companies who employ team of developers to develop the code much like a proprietory software. The real value in open source is the amount of feedback you get from the developers which in turn improves the quality. Microsoft with its license is trying to just that. And it would succeed..(just like JBoss and MySql have).

    --
    - Sh!t
  8. AND NOW... by waldoiverson · · Score: 1, Funny

    MySQL 5.0, now with 3 full revisions more than MySQL 2.0

  9. MySql 5.1 by 514CK3R · · Score: 3, Funny
    Among the highlights are the announcement that the code for MySQL 5.0 is now complete.
    So that means we should expect 5.1 to come out next week as planned?
  10. I wonder if they're seeing any patent issues... by tcopeland · · Score: 1

    ...after all, the recent PostgreSQL 8.0.2 release included a cache management algorithm replacement due to a patent.

    --
    The Army reading list
    1. Re:I wonder if they're seeing any patent issues... by wheezl · · Score: 1

      nah, with MySQL you handle all of the cache mangement in your application.

      --
      -- oh.... so..... sleeeeeepy.
  11. Great, no bugs, ... SQL Injection? Crap by crowemojo · · Score: 2, Informative

    It's great that bugs are fixed, but how about investing more in user education, so that people at least realize that they could have every patch imaginable installed but still be owned by SQL injection, a problem with whoever wrote their webpage or app that interfaces with the SQL server and not the SQL server it self.

    MySQL is a lot better about it then MSSQL due to the lack of comments, but disastrous things can still be done with this.

    For those that are curious, more info on SQL injection can be found here and here.

  12. People give MySQL too much crap... by Anonymous Coward · · Score: 5, Interesting

    Really, it sort of annoys me. We use MySQL in a live, production environment. We have tables with close to five billion rows in them. MySQL has only given us a problem once. A table was mysteriously corrupted about two years ago. The fix? I opened up a HEX editor and repaired the damage. Restarted MySQL, ran some checks with the included tools, and we were all done. Quicker than pulling tapes, let me tell you.

    I am really tired of all the hate around here. Every other comment is "If you're serious you will use Postgres because it has feature x, y, and z which make it a better product and you will suffer the consequences if you use MySQL because it's a bad thing for bad people because they don't like penguins and hot grits and bacon shit!"

    Actually, it's not that bad... but it's damn near.

    1. Re:People give MySQL too much crap... by prog99 · · Score: 3, Interesting

      You think hacking a table with a hex editor is good?

      Think I'll stick with known good backups , glad I'm not working with your prod environment.

    2. Re:People give MySQL too much crap... by vadim_t · · Score: 4, Interesting

      Well, it might just be me, but I definitely don't look forward to hex editing databases when the thing goes down and the whole company grinds to a halt.

      Now, I will readily say that mySQL has its uses. If you're simply aiming to logging data it works well. IIRC, that's what it was designed for in the beginning.

      But it's still quite far from being a good database. Doing crap like silently ignoring things it doesn't like is one of the things that makes sure I'll never use it for anything important.

    3. Re:People give MySQL too much crap... by Anonymous Coward · · Score: 5, Informative

      When the number of items on the "gotchas" list for MySQL (http://sql-info.de/mysql/gotchas.html) is less than or equal to the same list for PostgreSQL (http://sql-info.de/postgresql/postgres-gotchas.ht ml) I'll consider using MySQL.

    4. Re:People give MySQL too much crap... by linuxhansl · · Score: 1

      Most of the gotchas are non-existant when you run MySQL in STRICT or TRADITIONAL compliance mode (this is new with 5.0)

    5. Re:People give MySQL too much crap... by snorklewacker · · Score: 3, Informative

      Dude, MySQL doesn't support foreign keys. At all. Though it's good at ignoring them. It doesn't even have VIEWS, mmkay?

      There's reasons for the hate, and a lot of it has to do with MySQL AB flogging their mediocre system as the sine qua non of OSS databases, to the point of openly disparaging things like transactions at the time when MySQL didn't support those.

      And you thought using a hex editor was acceptable. Wow.

      --
      I am no longer wasting my time with slashdot
    6. Re:People give MySQL too much crap... by poot_rootbeer · · Score: 1

      A table was mysteriously corrupted about two years ago. The fix? I opened up a HEX editor and repaired the damage.

      Oh, is that all it took? A knowledge of precisely which data had been corrupted, and enough familiarity with the internals of the data file format to find and correct it without breaking anything else?

      I'm glad it worked out for you. That time.

    7. Re:People give MySQL too much crap... by leperkuhn · · Score: 1

      myisam doesn't support foreign keys. innodb, which has been included in the binary distribution for the past few years, does. yes, you have to explicitly say the table should be innodb, which isn't really a major issue.

      --
      http://www.rustyrazorblade.com
    8. Re:People give MySQL too much crap... by Anonymous Coward · · Score: 2, Informative

      yes, you have to explicitly say the table should be innodb, which isn't really a major issue.

      Actually, yes, it is a major issue. If you ask for an innodb table, and for some reason it's not available (e.g. innodb isn't compiled in, common in hosting environments), then MySQL will go ahead and create a myisam table without warning you. The result? Your foreign keys, which "work just fine" under MySQL, are simply ignored.

    9. Re:People give MySQL too much crap... by Jibber · · Score: 1

      Most of the gotchas are non-existant when you run MySQL with a brain larger than that of a legume in your head as well.

      Most of the problems pointed out should never hit the database engine and if they do, you get what you deserve.

      I've worked at more than a few multi-nationals and if queries ever hit the database engine that generated errors or inconsistancies, you'd be back, hard at work, rewriting your interface (be it Cobol or PowerHouse, or C)

      We had worse problems trying to migrate to SAP at Nortel on an HP Emerald running Oracle, all kinds of weird failures with no error messages but the reports would never be consistant.

      Buyer beware! You get what you pay for and that includes the quality and knowledge of your backend programmers. If you are relying on the database engine itself to stop bad input, you have larger problems than your DB choice.

      Just my $0.02.

    10. Re:People give MySQL too much crap... by jesterzog · · Score: 2, Interesting

      Most of the problems pointed out should never hit the database engine and if they do, you get what you deserve.

      Of course they shouldn't hit the database engine. When they do, however, I'd like to know about it rather than have the database engine silently determine the semantics of something that's supposed to be undefined.

      It sounds as if MySQL 5 has dealt with a large amount of this criticism, now, which is good.

    11. Re:People give MySQL too much crap... by Jibber · · Score: 1

      That's a fair enough response, but stuff like that should still be found on your dev testing and if not then through QA testing.

      If you aren't doing QA testing, well.....

    12. Re:People give MySQL too much crap... by alyandon · · Score: 1, Interesting

      Most of the problems pointed out should never hit the database engine and if they do, you get what you deserve.

      That is the typical "It's always the application's fault instead of MySql's fault for not properly enforcing rules to guarantee consistency of data" response I've come to expect from the hoardes of MySql apologists.

    13. Re:People give MySQL too much crap... by snorklewacker · · Score: 3, Insightful

      > Most of the gotchas are non-existant when you run MySQL with a brain larger than that of a legume in your head as well.

      This is the same tired old argument old-style MacOS zealots always pulled when called on the lack of memory protection: "properly written apps don't crash".

      The whole fucking PURPOSE of integrity constraints is to protect your data from stupid mistakes. Databases are designed with improperly written apps in mind. That's why the database manages the data, and the apps don't.

      Yes, if a schema is designed by morons, then you don't have much recourse. If a database ENGINE is designed by morons, then everyone downstream is screwed.

      --
      I am no longer wasting my time with slashdot
    14. Re:People give MySQL too much crap... by jadavis · · Score: 1

      Most of the problems pointed out should never hit the database engine and if they do, you get what you deserve.

      What if you're programming application A, and application B has a bug and issues a strange query, producing inconsistent results? Application A will mysteriously fail and it will be very difficult to track down the bug because it's not in your application. Is that what you deserve?

      The "application's fault" paradigm of MySQL only makes sense when a single application is accessing the database. And even then, having the application do consistency checking is very expensive in terms of performance and developer time. Plus, it's already been solved at the database level by every other RDBMS.

      --
      Social scientists are inspired by theories; scientists are humbled by facts.
  13. Unfortunately for me... by bogaboga · · Score: 1
    Unfortunately for me, though I know that the real database is the engine that does the work, my appreciation of a database only comes when I can in very specific and short iterations, install one just like I used to install JET with the access frontend. In fact most people refer to the Access frontend as the database forgetting that the database is JET. Question is: When will MySQL slap a functional (read programmable) front end to MySQL?

    I know there are many frontends available (KEXI, PHPMYADMIN, SQLNAVIGATOR etc) but none is as flexible and functional as Access from M$. This is where the competition lies.

    1. Re:Unfortunately for me... by Arimus · · Score: 1

      Excuse me for saying this but cobblers.

      Access == Desktop solution
      MySQL != Desktop solution

      MySQL is designed to act as a database server and reside away from the client(s) accessing data contained in MySQL. Access is really designed for desktop database solutions and not enterprise grade databases.

      Apart from that MySQL + ODBC Drivers gives you the ability if you feal the need to use access/vba etc as a front end into a MySQL database.
      (Though given you've got API's for MySQL available for C,C++,Perl,PHP, Python et al why anyone would choose Access is beyond me ;) )

      As functional as Access? ? ? ? ?

      Try querying a very large number of records via access - then do the same using MySQL and note the performance difference. Try dealing with large number of relational links in Access and your db will grind...

      --
      --- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
    2. Re:Unfortunately for me... by 0racle · · Score: 1

      I know it sucks. Seriously, when will every database ventor create a seprate product that was made for something completely different to act as a front end to a database? How can a database admin be expected to use SQL, or an application developer be expected to create an application to access and use the data.

      --
      "I use a Mac because I'm just better than you are."
    3. Re:Unfortunately for me... by onlyjoking · · Score: 2, Insightful

      You shouldn't compare MySQL to M$ Access because Access isn't a client-server database. It's a desktop database for work with other desktop/office applications and the closest comparison is the new Java datbase which comes with OpenOffice 2. MySQL should be compared with M$ SQL Server, though it has less features at present, because both are distributed, client-server architectures.

    4. Re:Unfortunately for me... by Bill+Walker · · Score: 1
      Have you ever tried using myODBC? The current iteration is completely worthless. It has all kinds of compatibility problems and behaves unpredictably. Date/Time compatibility with Access is probably the worst.

      I'm no professional, but I'm not entirely inexperienced in these systems. After a week of knocking around on mySQL with an Access front-end, I had to give up and go with MSDE. I'll upgrade to SQL Server once the system's important enough that I don't have justify the cost.

      --
      Please, for the love of God, no more car analogies.
    5. Re:Unfortunately for me... by goonerw · · Score: 1

      MySQL should be compared with M$ SQL Server, though it has less features at present, because both are distributed, client-server architectures. Precisely. SQL Server comes with the Enterprise Manager GUI, MySQL comes with no GUI.

      --
      LOAD ".SIG"
      PRESS PLAY ON TAPE
    6. Re:Unfortunately for me... by soulhuntre · · Score: 1

      with MSDE. I'll upgrade to SQL Server once the system's important enough that I don't have justify the cost

      MSDE is one of the best things MS ever did to help keep its lead in this area. Its a good, strong database engine with minimal licensing issues and total upwards compatability with their bigger tools.

      It also kicks MySQL's butt feature wise= for desktop development.

      --
      --> Fight tyranny and repression.... read /. at -1!
    7. Re:Unfortunately for me... by killjoe · · Score: 1

      It comes with two GUIs. Go look at their download page.

      I prefer sqlyog myself. There is a great free version and a better paid version. I like it much better then the enterprise manager/query analyzer combo from MS. Of course I don't care much for SQL server either but that's another story.

      --
      evil is as evil does
    8. Re:Unfortunately for me... by Arimus · · Score: 1

      Hm, I'm using the ODBC driver at work to interact with MySQL (Actually to a bugzilla database) for reporting and some custom metrics we need with no problems. Same for the Access tables we use when we need to send copies of our Bugzilla data to our subcontractors.

      Then again I'm not really taxing the interactions and so may have missed some the bugs :)

      --
      --- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
  14. currently underway, eh? by donutz · · Score: 4, Funny

    "OnLamp is reporting on the MySQL Users Conference that is currently underway."

    But the conference website says it finished yesterday...

    1. Re:currently underway, eh? by sharkey · · Score: 1

      This one slipped through Zonk's filter, it was supposed to be for subscribers only. It's News from the Mysterious, er, Past.

      --

      --
      "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
    2. Re:currently underway, eh? by Atomizer · · Score: 1

      Jeez, even their conferences aren't ACID compliant!

      (Ducks)

  15. Re:Great, no bugs, ... SQL Injection? Crap by vadim_t · · Score: 1

    That's not a database problem, but an application problem.

    In the Windows world you can do this with ADO, for instance. Simply make EVERYTHING go through a stored procedure, then call it always creating a Command object. For example, in VB:

    Dim cmd As New ADODB.Command
    With cmd
    Set .ActiveConnection = ServerConnection .CommandText = "do_stuff"
    With .Parameters .Append cmd.CreateParameter("foo", adVarChar, adParamInput, 100, Foo) .Append cmd.CreateParameter("bar", adVarChar, adParamInput, 100, Bar)
    End With .Execute
    End With

    Writing from memory here, so something might be wrong. Anyway, ADO will make sure that everything is properly quoted and it's guaranteed that SQL injection won't work.

  16. Re:microsoft by bluGill · · Score: 2, Insightful

    It has been on slashdot before. Shared Source does not mean what you think it does. In fact shared source is so bad that I have to recommend you quit your job if ever told to look at something under that license.

    Shared source licenses cannot touch Samba. It isn't clear if you could touch Samba if you look at code completely unrelated to networking. It is not clear that someone who has ever seen shared source code can ever hack linux. I wouldn't recommend trying, at least not without a lawyer advising you.

    The name shared source was chosen to confuse people who know about open source and make you think it is a variation. The whole idea behind them is different.

  17. Re:Great, no bugs, ... SQL Injection? Crap by eh2o · · Score: 1

    its an app layer problem all right, and one that has become an epidemic amoung the hoards of naive php scripters, but a simple one to fix. db drivers should provide their own string substitution methods that apply proper quoting... (e.g., db::sprintf)... the python db api does an excellent job of providing this.

  18. currently underway? it's over! by Starbreeze · · Score: 1

    Not to be nitpicky... but "currently underway"? I live in Sunnyvale, and that's where a number of my coworkers have been all week. However, it was over yesterday!

  19. Odd Criterion by chromatic · · Score: 1

    You evaluate software based on two lists posted on a web site? If the author had started the PostgreSQL gotchas page first (the one prominently marked "still under progress"), would you post the same comment with the database names reversed?

    --
    how to invest, a novice's guide
    1. Re:Odd Criterion by vadim_t · · Score: 1

      Um, look well at both pages.

      PostgreSQL gotchas are a lot less severe. Most of them result in errors. Some result in bad performance. Only two (date parsing and integer overflow) produce unexpected behavior. Both were fixed.

      MySQL gotchas mostly deal with things the database flatly ignores when they don't fit, resulting sometimes in completely wrong information inserted into the database. I don't know about you, but if I say the column is NOT NULL, I definitely expect the attempts to insert a NULL there to fail.

      Yeah, things seem to be a lot better in mySQL 5. But it's not stable yet, so these gotchas remain in full effect.

  20. God likes Oracle! by EvilStein · · Score: 3, Funny

    The weather here has been *beautiful* for a while. Today, during the MySQL Users Conference right down the street, we basically get the following:

    SPECIAL WEATHER STATEMENT
    NATIONAL WEATHER SERVICE SAN FRANCISCO CA
    344 PM PDT FRI APR 22 2005

    CAZ005>008-065-075-230000-
    -SANTA CLARA COUNTY-
    344 PM PDT FRI APR 22 2005

    STRONG THUNDERSTORMS HAVE DEVELOPED OVER THE EAST BAY THIS
    AFTERNOON.. EXPECT
    STRONG GUSTY WINDS TO 40 MPH...FREQUENT LIGHTNING AND SMALL HAIL WITH THESE STORMS.

    ---

    I'm telling you, the almighty one himself has made his database choice, and it ain't MySQL!

  21. Commercial versus proprietary by jbn-o · · Score: 1

    I think you mean a proprietary license, not a commercial license. The GNU General Public License (one of MySQL's licenses), as well as PostgreSQL and Firebird's licenses are all bases for doing business, hence they are already commercial licenses. Firebird and PostgreSQL are also licensed under a free software licenses--the Mozilla Public License and a variation on the 3-clause BSD license, respectively.

    --
    Digital Citizen
  22. Two words by Obstin8 · · Score: 2, Funny

    Post Gres. Gracias Oops, that was three. Sorry...

  23. Re:Great, no bugs, ... SQL Injection? Crap by F1re · · Score: 1

    You don't need to use stored procs. All you need is to call your queries with bound parameters. Any decent db/app layer should be able to do this.

    --
    ...there is no sig...
  24. Red Has is anti-software? by fathom108 · · Score: 1

    From the article:

    [Tiemann] next cited Bruce Mau's work, "Massive Change,"
    saying that for most of us design is invisible until it fails.

    From Bruce Mau's An Incomplete Manifesto for Growth:

    24. Avoid software. The problem with software is that everyone has it.

    Bruce Mau must be a really clever designer to get his web site to function without software.
  25. SQL Injection is not a MySQL problem... by LFS.Morpheus · · Score: 1
    As my siblings and cousins have said, this has nothing to do with MySQL at all. It's a problem with every DB. People primarily associate this with MySQL because of inexperienced PHP/MySQL scripters. It's the difference between:
    // using an already established mysql resource with mysql_connect...
    mysql_query("UPDATE users SET password = '$pw' WHERE user_id = $user_id");
    vs:
    // using PEAR DB with an already established $dbh handle...
    $dbh->query("UPDATE users SET password = ? WHERE user_id = ?", array($pw, $user_id));
    Like MySQL, PHP also has the stigma of being an insecure scripting language, and this is simply because so many people [try to] pick it up that have no formal background in programming. Admittedy, turning off autoglobals was a big step for increasing 'default' PHP security.
    --
    The space unintentionally left unblank.
  26. Re:Is there a law about grammAr/spelling trolls? by versus · · Score: 1

    a guy's usage of a word :-)

    --
    Brain is my second favorite organ.
  27. Re:Is there a law about grammAr/spelling trolls? by Vryl · · Score: 1

    Truly odd, thou art.

    screamed, bitched, whined and pouted...

    Really?

    I do beg to differ.

    It seems that in your opinion I was SHOUTING AT YOU by pointing out the TRUE IRONY of a post correcting someone's spelling itself containing a SPELLING MYSTACHE (!).

    Rather than have a little laugh at your own silliness, you respond with a post containing another spelling/grammar error [missing Apostrophe of Possession], as well as mischaracterising my original post.

    Tosspot, I say... thou art a tosspot!

    C'est la vie.

  28. Re:Is there a law about grammAr/spelling trolls? by fimbulvetr · · Score: 1

    I give up. Apparently, you don't think your words had anything to do with whining, screaming, bitching and pouting, though I don't think you've looked at them lately.

    So let us lay this out: Asking if a law exists to prevent people (who do not know everything) from trying to help others, correcting a spelling mistake by shouting in caps, correcting my chosen word followed by ridiculing, followed again by correcting my mischosen word.

    Perhaps a little name calling and some shouting is normally how you correct others, maybe you've always corrected people using that method?

    Damn, I hope that's not what you do to your kids.

    With my post:

    (A) I was able to get the point across.
    (B) I was able to a "Thanks" from the original poster.

    You managed to:

    (A) Get your point across.
    (B) (Perhaps unintentionally?) offend someone.
    (C) Get a whimsical laugh at the "irony".

    You do the math.

  29. moron by Vryl · · Score: 1

    A law, like Godwin's Law or thereabouts.

    Humour is lost on you, you twit.

    Try this:
    http://www.advicemeant.com/flame/04psych.shtml#Spe lling

    Though it is not quite what I had in mind. Something like "Spelling flames inevitably contain spelling mistakes" - Vryl's Law.

    Btw, I never said you were wrong. Just a fuckwit for correcting someones spelling, when you can't spell yourself. It was funny.

    Oddly enough, the loose/lose thing drives me mad too, but I have got used to it by now. Eventually, I suppose, your usage of G R A M M *E* R will probably prevail.

    I don't give a flying fuck. The irony of the situation was all that I was trying to bring attention to, tosspot.

  30. MySQL User Conference Blog Aggregation by Squeebee · · Score: 1

    Readers may be interested in the MySQL User Conference 2005 Blog aggregation.

    It is found at http://www.openwin.org/mike/uc2005

    There are about 10 blogs aggregated and an average of 10 posts a day from the conference. Not much, but it lets your get the coles notes version of a bunch of sessions.