Sybase SQL not same as Microsoft SQL

I’ve always heard that Sybase SQL Server was essentially the same as Microsoft SQL Server. I’ve even read about developers authoring applications against MSSQL and then deploying to Sybase SQL.

Well, this week I started on my first project with Sybase SQL Server and was amazed at how different they are. Sybase SQL doesn’t support “TOP” syntax and all SQL identifiers (table and field names) are case sensitive. So a query on “SELECT * FROM Documents” will fail if the table is name “DOCUMENTS”. That’s just what I ran into in the first few days.. I’m sure there will be more surprises to come.

So if there are others out there who assumed the two were compatible due to their common root and other community fodder, you are now forewarned.

New PrimalScript Release: CFMX7, CSS, and Double-Extensions and more!

Sapien put out a nice update to their IDE, PrimalScript with a few big additions.

  • ColdFusion MX 7. The PrimalSense files have been updated with all of the new CFMX7 syntax.
  • CSS. PrimalScript now gives PrimalSense on CSS files–it lists a drop-down of all valid CSS property names (use the toolbar button or CTRL-Space).
  • Double-Extensions. This is generic for all server-side code, but is really geared towards CF developers as it’s primarily a CF pratice. PrimalScript now recognizes files that have two extensions and treats the file based on the type of the first extension, not the last. So if you want to protect your css files via CF but still want PrimalScript help while editing them, you can use a name like “site.css.cfm” and PrimalScript will recognize the “.css.cfm” double-extension and treate the file as a CSS file. This is espeically useful for Fusebox developers who use double-extensions for their controller files such as “fusebox.xml.cfm” and “circuit.xml.cfm”.

If you haven’t checked out PrimalScript for CFML and AS development, we’d strongly suggest trying it out.

Where’s responsible security reporting?

While I totally agree that once a company fails to respond to a security problem reported privately the problem should be reported publically, it’s horrible when that report greatly compounds the problem. That hapenned recently with ThinkTank‘s disclosure of PayMaxx‘s major security problem.

PayMaxx developers unfortunately did a stupid thing–they didn’t check that a person viewing a W-2 or other payroll related record is accessing the record they are allowed to; they only check if the user is logged in. That certainly is a major problem and unfortunately is too common (I’ve found this problem myself in e-commerce sites I used and reported it to the site owners–who both fixed the problem within 24 hours in the instances where I found it).

The ThinkTank report went much further than disclosing the nature of the problem and reported specific login information for a test account which allowed anyone to log-in and exploit the problem. Before this, only customers could exploit the problem. After ThinkTank’s disclosure, anyone can exploit the problem. They made the problem significantly worse.

Shame on you ThinkTank. If you agree, tell them.

CustomTag: HiddenDiv toggles content visibility

Recently I had to display a lot of text in a page but didn’t want it all initially displayed–I wanted to toggle some of it based on user interaction. I wrapped the functionality in a custom tag for easy reuse.

This is toggled text content.

tag and provides a

tag with a link to display the content. The link
can act as either a display once or a toggle. When the hidden
div is diplayed once the link text is hidden. When the hidden
div is a toggle, the link text is toggled between two alternate

-> showText Text to display initially and when the content
is hidden. Default "(show)".

-> hideText Text to display when the content is displayed
and toggle is set to yes. Default "(hide)".

-> toggle True if the link toggles the content display
and false if it displays once and stays on.

All other attributes are passed along to the content div. The
text div has a class of "hiddenDivText" which can be used
for styling.

Only tested in IE6 and Firefox based browsers. Should work
in other standards compliant browsers. If it doesn't work
in your target browser, modify the getElement function.

var hiddenDivShowText = new Array();
var hiddenDivHideText = new Array();

function toggleHiddenDiv(index) {

var textDiv = getElement('hiddenDivLabelDiv_' + index);
var contentDiv = getElement('hiddenDivContent_' + index);
var textSpan = getElement('hiddenDivLabelSpan_' + index);

var display = ( != 'block');

textSpan.firstChild.nodeValue = (display ?
hiddenDivHideText :
)[index]; = 'none'; = display ? 'block' : 'none';

return false;

function getElement(id) {
return document.getElementById(id);




Look Ma, No Computer!

I had a great time at my first MAX presentation. About fifteen minutes before I was to present my video card fried. As a Macromedia technician worked on my computer to see if it was something easily remedied, I frantically looked for other options. Another presenter loaned me his laptop and my tack manager had a copy of the presentation, so we loaded up the laptop and I was good to go. When I turned the laptop on back at the session, I was presented with a very unwelcome sight–the login screen. I didn’t have the password.

So, I gave my first presentation with no slides, no examples, and no demonstrations. I was very surprised that only a handfull of people left the room, and noticed very confused looks on the people that came in late. Luckily the topic is more more conceptual than hands-on and based on questions from the attendees it seemed that the presentation went about as well as can be expected.

Near the end my track manager and some Macromedia techs came in with another backup computer and we set it up to help highlight the things that needed visuals for explanation and to show the URL where the presentation can be downloaded.

Integrating ColdFusion with Microsoft Office: Breezo and examples.

For the second session I was able to get a loaner computer from Macromedia far enough in advance to set it up and make sure all required software was installed and the examples ran through correctly.