coding without a clue

grouch · #1 (**permalink**) 03-08-2007, 02:20 AM

I'm going to be rich. For mental anguish, suffering, induced paranoia and trauma, my lawyers will get in line with all the others going after Jon's mountains of gold.

(Ok, this is barely on-topic for this forum, but I have to squawk about it somewhere. Also, it's about what will hopefully become the basis of the new journal software and so any suggestions or help from Hotrodders.com members should come out here.)

I broke everything about 'journals_test' (http://www.crankshaftcoalition.com/f...&page=11&pp=10) while trying to eliminate places where SQL injection attacks could take place. Jon is the one who mentioned such attacks and is thus responsible for my paranoia and suffering resulting from a Google search to find out how those happen. It's amazing how many trivial ways attackers can take over databases through "web apps".

The latest breakage took a marathon of head-banging to fix. My idiotic, Frankensteinian mess kept naming all uploaded photos by the journal ID, saving them in the wrong place, not updating the photos table in the database, and being smug about it by not reporting any error at all. After a day, 2 all-nighters, and creating 32 broken or empty test journals, it remains smug, but functions as it should. (The worst was caused by the differences between MySQL's LAST_INSERT_ID and PostgreSQL's currval('[sequence name]').)

Things that are working:
- multiple journals per user
- a summary entry for each journal, with 1 photo
- a table of contents per journal, with thumbnails
- 0 to 6 photos per entry, with thumbnails
- paging of journal summaries
- sorting by journalid, userid, date, entries, views, etc.

Things still broken:
-- adding an entry
-- editing an entry
-- formatting user input

As soon as those work again, I'll upload the whole mess to the Crankshaft Coalition thread linked above. A limited test of it will then be set up on my own website.

Feedback and help are welcome.

Back to breaking things...

Rambo_The_Dog · #2 (**permalink**) 03-08-2007, 08:50 AM

I'm a SQLServer/windows/web programmer - don't know MySql at all...seems a lot of your problems could have been solved using a transaction space to manage inserts/updates across tables...also I'd guess you aren't using RI to inforce relationships? - otherwise you should have gotten an error...but again I come from SQL Server background and maybe MySql isn't as robust?

grouch · #3 (**permalink**) 03-08-2007, 05:31 PM

None of your assumptions have anything whatsoever to do with the problems described. That includes the rather bizarre notion of "robust" applying to MS SQLS. You might want to think about why Microsoft prohibits publication of benchmark comparisons, to the point of legal threats.

I think this thread is already dead, which means I should not have started it in the first place.

Rambo_The_Dog · #4 (**permalink**) 03-08-2007, 07:26 PM

Quote:

Originally Posted by grouch

None of your assumptions have anything whatsoever to do with the problems described. That includes the rather bizarre notion of "robust" applying to MS SQLS. You might want to think about why Microsoft prohibits publication of benchmark comparisons, to the point of legal threats.

I think this thread is already dead, which means I should not have started it in the first place.

It wasn't my intent to 'belittle' my sql - I have never researched it or used it - but you obviously have an bias against MS products which I've used for over 11 years and made tons-o-money programming against...maybe you are someone who thinks programmers shouldn't make a living?

Asking someone for their help or opinion and then telling me that my "None of your assumptions have anything whatsoever to do with the problems described..." is not only wrong based on your description of the problem it's disrespectful and belligerent - I doubt I'll take any time to answer another of your posts...

grouch · #5 (**permalink**) 03-09-2007, 06:56 PM

Ok, these allegations require a response.

Quote: