Mokka mit Schlag » Software Development

Is anyone aware of work on fundamentally safe database APIs for server side programs that completely avoid the possibility of SQL injection? What I envision is a somewhat limited API that does not execute raw SQL statements or provide any facility to do so. Instead you’d set up something like this:

Statement s = database.getSelectStatement();
s.setTable("customers");
s.addField("email");
s.addField("telephone");
s.addCondition(
  new EqualsCondition("id", "p17")
);
ResultSet r = s.execute();

The library would turn this into the usual SQL statement

SELECT email, telephone FROM customers WHERE id = "p17"

The library could verify the individual parts of the query before submitting it to the database. If you passed a string like "id = \"p17\" OR true; DELETE * FROM customers; SELECT * FROM customers WHERE " to EqualsCondition() it would throw an exception.
(more…)

I’ve upgraded the WordPress engine on this site to the latest version, 2.1.3. Initial results look positive, but holler (preferably via e-mail) if you notice anything going wrong.
(more…)

What if any tools are available for reading HTML, finding missing width and height attributes on img elements, and filling in the relevant values? So far all I’ve found is this Perl Script from Randal Schwartz circa 1999 and this Perl script based on ImageMagik from Marc Merlins. I haven’t been able to resolve the dependencies for Schwartz’s script yet. Merlins’ runs, but is not XHTML savvy. That may be easy to fix though.

BBEdit almost does this, but it replaces existing height and width attributes too, including ones you’ve deliberately set to a different size. I only want to fill in missing height and width attributes, not change existing ones.

I’d love to find a simple open source GUI tool that could pull this off for an entire site.

I’ve been avoiding comment on the whole Sierra/Locke/etc. dust-up lately. Most of the commentary seems pretty on-the-mark, but a few usually sensible people are starting to overreact and call for self-censorship. Once the mainstream media gets hold of this next week, expect the customary cast of Congressional idiots to elevate that to calls for government mandated censorship. However the problem has been blown way out of proportion. There’s one thing that I think needs to be said that hasn’t been said yet to put this whole sordid mess in its proper perspective:

Death threats are no big deal.
(more…)

Proper use of the abbr and acronym elements is good for accessibility and good for conversational style writing. No longer do you have to write phrases that grate on the ear such as, “Many problems are much easier to solve with a native Extensible Markup Language (XML) database and XQuery than with a relational database and Structured Query Language (SQL).” Instead, you just assume 99% of your audience knows what you’re talking about, and instead you write:

Many problems are much easier to solve with a native <abbr title="Extensible Markup Language">XML</abbr> database and XQuery than with a relational database and <abbr title="Structured Query Language">SQL</abbr>.

However, there are two problems with this:
(more…)

I’m busy at Software Development 2007 this week. Consequently I have limited time to update the various web sites or answer e-mail. I’ll feed in content as I can. All four sites (Cafe au Lait, Cafe con Leche, The Cafes, and Mokka mit Schlag) should return to a more normal publishing schedule next week.

P.S. Birding BoF is Thursday morning at 6:30 A.M, not Wednesday at 6:00 as erroneously printed in the catalog. My apologies to everyone who showed in the lobby this morning at 6:00.