The following are five ways to improve queries involving table inserts:

1) use LOAD DATA INFILE when loading data from a text file

This is around 20 times faster than using insert statements.

2) use INSERT statements with multiple VALUES lists to insert several rows at a time

This is many times faster than using separate single-row insert statements. Tuning the bulk_insert_buffer_size variable can also make inserts (to tables that contain rows) even faster.

3) enable concurrent inserts for myisam tables

The concurrent_insert system variable can be set to modify the concurrent-insert processing. By default, the variable is set to 1. If concurrent_inserts is set to 0, concurrent inserts are disabled. If the variable is set to 2, concurrent inserts at the end of the table are allowed even for tables that have deleted rows.

4) use insert delayed

This is useful if you have clients that cannot or need not wait for the insert to complete. This is a common situation when you use MySQL for logging and you also periodically run select and update statements that take a long time to complete. When a client uses insert delayed, the server returns right away, and the row is queued to be inserted when the table is not in use by any other thread. Another benefit of using insert delayed is that inserts from many clients are bundled together and written in one block. This is much faster than performing many separate inserts.

5) lock your tables before inserting (for non-transactional tables)

This benefits performance because the index buffer is flushed to disk only once, after all insert statements have completed. Normally, there would be as many index buffer flushes as there are insert statements. Explicit locking statements are not needed if you can insert all rows with a single insert.

To obtain faster insertions for transactional tables, you should use start transaction and commit instead of lock tables.

WApache doesn’t convert your script directly into an executable, it runs on the combination of a windows app (which uses an embedded IE control) and a stripped down version of apache.

Features

• No Internet Explorer menu, tool bar, or address bar.
• Precise control over placement of windows
• Three types of windows: basic, tool windows, and dialog boxes (modal and modeless)
• Fully customizable drop-down and context menu
• System Tray integration
• Asynchronous data handling
• Works with standard Apache modules like mod_php and mod_perl

screenshot

(this is a screenshot of wapache running phpmyadmin)

How to turn your php script into an executable

1) copy all of your scripts/files into the htdocs directory (make sure that the main file is called index.php)
2) launch bin/wapache.exe
3) you will now see your php script in the application that is running

There is also many options that allow you to configure the app in many different ways. This can be found on line 100 of conf/default.wcf (documentation for this config file can be found here):

<StandardWindow Main>
HorizontalAlign Center
VerticalAlign Middle
Height 60%
Width 60%
3DBorder Off
IconPath "../icons/lightbulb.ico"
</StandardWindow>

This could be used for a demo/trial of a web application. A windows installer could also be used (NSIS works well and is free) to create a fully installable, desktop application.

Since this only relies on the apache web server, it’s also possible to use this with any type of supported scripts.

Download

The latest version of Wapache can be found here

In a recent article I saw today about php/mysql security, called “protecting your php/mysql queries from sql injection”, The following method was described as a safe way to execute mysql queries (preventing what is known as a sql injection attack).

// This is a vulnerable query.
$query = "SELECT * FROM products WHERE name='$productname'";
mysql_query($query);

// This just uses mysql_escape_string
$query = sprintf("SELECT * FROM products WHERE name='%s'",
mysql_real_escape_string($productname));
mysql_query($query);

This will work, with select and insert statements, but will not work with statements such as: LIKE, GRANT, or REVOKE. This is a more secure way of preventing SQL injection attacks.


// This query is more secure
$query = sprintf("SELECT * FROM products WHERE name='%s'",
addcslashes(mysql_real_escape_string($productname),'%_'));
mysql_query($query);


PHP has a built-in command called __HALT_COMPILER__. This command Halts the execution of the compiler. This can be useful to embed data in PHP scripts. Below is an example of a self-extracting php script. When executed, a second php file will be extracted in the same directory called testscript1.php.

<?php

__halt_compiler();H4sICKE9CEcAC3Rlc3RmaWxlMS5waHAAs
7EvyCjg5eLlSk3OyFdQKsnILFYAopLU4hKFtMycVAVDJWteLns7AKhVcUooAAAA

How it works

The file that is extracted is gzipped, base64 encoded, and stored at the end of the the file (right after the __halt_compiler directive). The script uses a custom function called gzdecode to gunzip the file, it is then base64 decoded and written to a file. This is just a simple example to show what is possible with PHP. A more advanced version could use a function to tar and gzip a file so multiple files can be extracted.

The code example from this article can be download here

Introduction

Ruby has become more and more popular over the past couple of years. This month, I decided to start coding a few smaller apps to see if there was something I was missing. The following are a few issues with ruby that I feel need to be changed, before it really becomes a mainstream language.

1) Horrible syntax

It looks like a mix between Visual Basic and Pascal. I can’t imagine coming back to a large project with hundreds of files and functions and trying to keep everything organized. It would be even worse coming back to a project that someone else created.

2) missing/lacking documentation

Most popular languages are documented very well. For instance, you can go to the main php website and find out how to do pretty much anything (in english or almost any other language). Ruby’s documentation is available, but needs a lot of work to help out developers that are learning the language.

3) slow

Ruby is noticeably slower than other interpreted languages. I am not the only one that has seen performance issues. More on this can be found here. Jruby, a pure-Java implementation of the Ruby programming language, might help increase execution speed.

4) lack of libraries

Just searching google for ruby libraries or extensions doesn’t return many results. This also might be because it is a relatively new language compared to much older languages such as Java or PHP.

5) poor unicode support

Although there are Third party libraries that enhance ruby unicode support, it should be built into the language itself.

For most web applications, there are a couple of different options available for storing data on the client (within the web browser).

Flash allows the storage of up to 100 KB/domain without any user security prompts. The data being stored is accessible across the user’s Flash Player instances, loading stored data into Internet Explorer, Firefox, or any other browser that supports it.

Cookies are another option. A cookie stores user data across multiple browsing sessions. They are limited to 4 KB of storage per domain and are a good way to store user data for convenience or tracking. Web browsers contain cookie and privacy management features to wipe away stored cookies and their stored data and therefore have limited utility for continued persistence. Cookies are sent along with every request on a given domain, adding onto every message exchanged between an end-user’s browser and your site, even if the cookie data is only occasionally used.

Firefox has the ability to store an unlimited amount of data using DOM storage (This may be limited in future versions greater than 2.X).

Here is an example of how use DOM storage:

<script type="text/javascript">

function removeItem(key) { //remove an item
storage.removeItem(key)
alert("Key:" +key +" was removed.");
}
</script>


Here are some other options that can be used with the globalStorage object:

• globalStorage[’developer.mozilla.org’] - All web pages within the developer.mozilla.org sub-domain can both read and write data to this storage object.
• globalStorage[’mozilla.org’] - All web pages with the mozilla.org domain can both read and write to this storage object.

A virtual operating system in Ajax is an interesting idea. Although it can’t completely replace a desktop operating system, it can allow you to access your documents and files from anywhere.

Ajaxwindows allows you to do the following:

• Backup your files, music, and pictures with one click.
• Display, edit, and save popular file formats.
• Access your data remotely.

Some cool features

• Firefox and IE support - Both Internet Explorer and Firefox are supported. (An activeX control needs to be downloaded for it to work with IE)
• synchronize desktop wallpaper, IE/firefox favorites, windows startup sounds, windows shutdown sounds, “my documents”, “my pictures”, and outlook express contacts.

  

• Change the Theme/Desktop wallpaper (many built-in themes/wallpaper available).
  
• Store files using your gmail account. This is an interesting feature. An email is sent to your gmail account with the file as an attachment.

  

• The ability to add remove programs/widgets.
  

Conclusion

Overall, I was impressed with ajaxwindows. However, I did did get the following error a few times when I was within Firefox (IE also crashed whenever I tried to logout):

This article will show you how to password protect a directory using the apache web server and a .htaccess file.

.htaccess file

The .htacess file should be in the directory that you would like to protect (everything below this directory will also be password protected).

AuthName “Password Protected Area”
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user

Replace “Password protected Area” with the name of the area that you would like to protect. Also, the path needs to be changed to the path of the .htpasswd file (which will be explained further).

Generating a .htpasswd file

A program comes with apache for generating a .htpasswd file. Here is how it works:

htpasswd [ -c ] [ -m | -d | -s | -p ] passwdfile username
htpasswd -b [ -c ] [ -m | -d | -s | -p ] passwdfile username password
htpasswd -n [ -m | -d | -s | -p ] username
htpasswd -nb [ -m | -d | -s | -p ] username password

A full explanation of htpasswd can be found here

If everything is setup correctly you should see the following prompt when you try to access your newly protected directory (and the username/password combo created with htpasswd should allow access):

1) use a compressor

JSMin is a filter which removes comments and unnecessary whitespace from JavaScript files. It typically reduces filesize by half, resulting in faster downloads. It also encourages a more expressive programming style because it eliminates the download cost of clean, literate self-documentation.

PHP version here

2) Minimize the number of .js files

Each .js file reference on a web page means another http request from a client’s browser. Although it may decrease the readability/maintainability of your code, it is faster to have one larger .js file than multiple smaller ones.

3) use profiler and timer tools

Firebug offers a suite of profiler and timing tools that allows you to see exactly how long your scripts take to execute and gives you the ability to tweak and optimize them.

4) asynchronize your code

Browsers run Javascript code synchronously. This means that when a <script> tag has been found, everything on the page stops until the end script tag has been found. If a script doesn’t finish executing within a certain amount of time, then the user gets a warning that says, “A script on this page is taking a long time to complete.”

example:

function testfunc()
{
var x1="test1";
var x2="test2";

testfunc(); //normal way to execute the function
window.setTimeout(testfunc,0); //asynchronous execution of testfunc()

The setTimeout function takes 2 parameters. The first is the name of the function that will be executed and the second is the number of milliseconds to wait until it is called. Since 0 is used for the second parameter, the function is called immediately (it will be forked in the background and the rest of your page will continue to load). This is useful for functions that take a long time to load.

5) cache DOM variables

Every binding in Javascript is late. This means each time you access a property, variable, or method a look-up is performed. Within the IE DOM, this could mean an extensive search of the element to find the same property over and over again, only to be returned to the JScript engine unchanged from the previous request.

Here is an example of a function that can be optimized:

function buildString()
{
var newElement = document.getElementById("myitem");
newElement.innerHTML = ""; // Clear out the previous
newElement.innerHTML += addHeader();
newElement.innerHTML += addBody();
}

function buildString()
{
var newText = addHeader() + addBody();
document.getElementById(”myitem”).innerHTML = newText;
}