The following entries were tagged with “soylentred”. They are displayed with the most recent entries first. (1–2)

New Design

Posted in and on Wed, 05th Dec 2007 at 03:50

I've hastily refitted Soylent Red with a brand new visual layout and design that's far better looking than anything you've seen here before. That's because it was designed by someone who actually has an ounce (or more) of design talent. I took the design, "zenlike", from a site called Open Source Web Design. It's by a company called NodeThirtyThree Design, and is covered by a very free, attribution-only Creative Commons licence.

It was surprisingly easy to change the markup of the site to match what the stylesheet expects, though there may still be some rough edges which, let's be honest here, are likely to remain rough for some time. On the plus side I fixed the site search function which had apparently been broken without my knowledge for months. I get the feeling I should be paying a tiny bit more attention to this site than I have been recently.

Comments:
Wed, 05th Dec 2007 (05:37)

Is that a collection of nipples harvested from victims stuck to a warrior's helmet in the picture? p.s. this box I'm typing in is a wee bit small.

by Eoghan
Wed, 05th Dec 2007 (20:05)

That comment just looks weird now that I've changed the image. :)

by Rory
Fri, 07th Dec 2007 (08:10)

is that just a bunch of nipples attached to a bridge?

by Eoghan

mysql_real_escape_string() Requires DB Connection

Posted in , , , and on Tue, 06th Mar 2007 at 23:39

You probably won't have noticed much if anything different about Soylent Red in the last day or so—I think the new URLs are the most visible change—but I did make quite a significant code change yesterday evening. The diff weighed in at over 2000 lines in fact. All of the code worked on my local testing setup, but I had a problem as soon as I tried to post a new entry on the live site. Only the date, the tags and the comment status (open or closed) were saved.

After a bit of wrangling—I had to check in a new copy of the code every time I wanted to test something—I discovered that the problem lay in the use of the mysql_real_escape_string() function, which is used to protect against injection attacks when putting text in a database. It was news to me that this PHP function actually calls an SQL function to do the work for it, so it requires an existing database connection.

After my big code changes there was one part of my code where I happened to try to use the function to create my query before the code to establish a connection to the database server. In this event PHP will try to connect as if calling mysql_connect() with no arguments, and failing that it does the only thing it can do: it throws a warning while returning an empty string. I have my live site set not to display errors, so it looked to be silently failing. Meanwhile my local testing setup never came across the warning because it is always possible to establish a connection (to a server on localhost with no username or password).

I love these bugs that lead to new learning.

Comments:
Wed, 07th Mar 2007 (00:11)

Why not just use addslashes()? Quicker, easier and more portable.

by banshee
Wed, 07th Mar 2007 (02:14)

Very good question. The old code in that function was using addslashes(), but the PHP documentation led me to believe that mysql_real_escape_string() was the correct way to do it. I know they both escape single and double quotes, but I don't know how they differ after that. Since I don't know for certain that there isn't, for example, some obscure Unicode character that would be problematic if not escaped, I prefer to stick to the mysql- function.

The alternative would of course be to do some research. I'll add that to the to do list.

by Rory