Simon Willison’s Weblog

Subscribe

August 2002

Aug. 17, 2002

PHP immune to SQL injection attacks

An interesting thread on SitePoint about SQL injection attacks. One of the points brought up is that PHP is by default virtually immune to injection attacks thanks to magic quotes (discussed here yesterday).

Working on my blog

If I don’t post much today it’s because I’m hard at work on the new database driven version of this blog. I’m hoping to open souce it so I’m trying to design it to be as easy to customise and modify as possible, which means plugin support, themes and an extensible API. At the moment it will only work with mySQL but I’m trying to keep the data access routines abstracted away so they can be easily replaced with code for other databases or even a flat file or XML storage system.

CSS image rollovers

CSS Image Rollovers describes a brilliantly simple technique for creating the effect of an image rollover using only one image and no javascript. The effect works by creating a gif with a transparent background, then using a :hover pseudo class to change the background colour of the the containing area. Pretty straight forward so far, but the clever part is that by making the transparent part of the gif an interesting shape (placing it around the outline of a shape in the image for example) you can give the impression of displaying a different image entirely.

Today’s pleasant surprise

Today’s pleasant surprise—while surfing around the Wireplay forums I came across a link to alliedassault.co.uk, a community site for Medal of Honour: Allied Assault. Imagine my surprise when I realised the news section was coded by me! It uses a news script I wrote over a year ago and never got around to finishing—I released it to a few people and it seems Reality ended up using it on the site. It’s great to see code you’ve written being used after you’ve all but forgotten about it—the site also uses my ssLinks link management script, the sequel to which I am working on now.

Netscape Google?

Sam Buchanan: The Netscape Google mystery. A user complains of a non functional web appli ation, and when asked what browser they are using replies “Netscape Google”. Sam suspects that this is because Google is their home page and they type URLs straight in to the Google search box. I wouldn’t be surprised if he was right—I have seen several people (including an Aunt of mine) do this in the past. Sam’s summary rings particularly true:

[... 127 words]

Aug. 18, 2002

The Lessig debate

I watched Laurence Lessig’s OSCON keynote the other day (an 8.4MB Flash file courtesy of Leonard Lin). A transcript of the session is also available. It was an excellent presentation and really opened my eyes to the issues facing intellectual property in the United States. It also appears to have raised some hackles—Dave Winer took offence to the implication that developers had not done anything about the problem, and Doc Searls has responded to Dave’s criticism with some interesting background information on Lessig.

Off down to Exeter

I’m off down to Exeter to see my girlfriend this afternoon, then we’re heading off to the Reading Festival on Wednesday. Updates will be scarce for the next few days.

Aug. 30, 2002

Back from Reading

Back from Reading. 3,200 emails (I forgot to unsubscribe from some mailing lists). <sigh>

DevShed stuff

DevShed have published two useful new articles—MySQL Connectivity With Python and Understanding SQL Joins. They also now provide nice looking printer-friendly PDF versions of articles, which appear to be dynamically generated. Having found this article on Google I suspect they are using HTMLDOC to create the PDFs.

Mozilla pie menus

I’ve installed a brand new shiny copy of Mozilla 1.1, and thrown in the new Pie Menus addon for good measure. The new build seems a fair bit speedier than the 1.1 alpha version I was using before, but other than that and some funky new icons I haven’t spotted many differences. Pie Menus are interesting (and have already been discussed at length on Mozillazine, Blogzilla and Slashdot) but don’t seem as useful as mouse gestures, although they have a much shallower learning curve.

Marquee in Mozilla

News to me: Mozilla supports the <marquee> element (marquee test page)! Support was added a couple of months ago in light of the fact that nearly 30% of top 150 sites in China use the marquee element. Bug 156979 contains a fascinating discussion of this issue and why the decision was made to implement this controversial extension to the standards. Hogarth has a page detailing a way of disabling the behaviour of the element in your own Mozilla installation.

Opera 7, coming soon

Coming soon: Opera 7:

[... 55 words]

DOM-Drag

youngpup’s DOM-drag is a cross browser library for creating draggable interfaces in DHTML. I had previously been looking at using Glen Murphy’s dragdiv for this kind of thing but DOM-Drag looks like a more mature implementation.

Sanity

BT lose.

Zeldman gems

Two gems from Jeffrey Zeldman: Show, don’t sell and Table Layouts, Revisited. An extract from the former:

[... 91 words]

Trackback roundup

Plenty of action on the TrackBack front. Michel V is adding TrackBack support to b2, Moveable Type have released a standalone Perl implementation of TrackBack under the Artistic license, MetaFilter have added TrackBack support and Matt Kingston has published a full blown Homebrew TrackBack Tutorial for people who want to roll TrackBack support in to their own home grown blogs. Yet another thing to add to the todo list...

Phil says goodbye to the popups

Phil Ringnalda has done the decent thing and rid himself of comment popups (the comments attached to his post make interesting reading). I haven’t got round to doing this yet, which is especially silly considering I open my own comments links in new tabs to avoid the popups myself. The main problem I have is that I want people to permalink to each entry within the context of the day it was posted—comments without a popup would need each entry to have its own comments page which could lead to people linking to the wrong place. My options so far are either to trust people to link to the permalink rather than the entry comments page or to go with a “show comments on the page” feature, possibly using a hidden div or even an external comment loader script as demonstrated by kryogenix a few weeks ago.

Some stuff

A few other things I read today:

More stuff

And some more...

Aug. 31, 2002

RDF is dead

Peter provides an interesting perspective:

[... 80 words]

External link icons in CSS

Stuart has put together a nice demonstration of how Mozilla’s CSS3 selectors can be used to automatically add icons to external links, in response to Mark Pilgrim’s guide to achieving the same effect using Moveable Type macros.

How the wayback machine works

How the Wayback Machine Works is a must read for anyone geeky enough to be interested in cheap clustered databases on a huge scale. The interview includes some fascinating details on the cost effectiveness of Linux clusters:

[... 132 words]

ICANN schmicann

IMS/ISC out of the ICANN Running, apparently because their proposal didn’t include enough block diagrams. ICANNWatch have some great conspiracy theories as to the real reason.

PHP generated PDFs

R&OS PDF PHP classes (via tidak ada). This is the most useful PHP library I’ve seen in a long time. It allows dynamic generation of PDF files without needing any additional modules installed on the server (although GD is required if you want to add images to your PDFs). It is extremely easy to use and has an impressive set of features, including PDF drawing tools, built in page number support and excellent documentation. On the topic of PDFs, Yes You Can advocates their use for presentations and touches on a method of generating them using Python.

Semantic web 1-2-3

The Semantic Web: 1-2-3 is an invaluable collection of links to semantic web resources, compiled by Morbus Iff. Morbis is the author of Amphetadesk, an excellent news aggregator which was reviewed favourably by Ben Hammersley in the Gaurdian just the other day.

Vim guide

Free book: Vi IMproved.

File naming conventions

What Do I Know is hosting an interesting discussion on File Naming and Organization Methods for helping manage web development clients.

30 days to becoming an Opera Lover

Tim Luoma: 30 Days to becoming an Opera Lover. Advocacy doesn’t get much more serious than this :) The series has reached day 5 and so far Tim has covered reasons you should try Opera, how to install it and touched on customisation. I’ve been meaning to write a Mozilla advocacy/tutorial piece for some time now and I am sorely tempted to steal Tim’s format (which he himself borrowed from Mark Pilgrim).

2002 » August

MTWTFSS
   1234
567891011
12131415161718
19202122232425
262728293031