Sybase SQL not same as Microsoft SQL

I’ve always heard that Sybase SQL Server was essentially the same as Microsoft SQL Server. I’ve even read about developers authoring applications against MSSQL and then deploying to Sybase SQL.

Well, this week I started on my first project with Sybase SQL Server and was amazed at how different they are. Sybase SQL doesn’t support “TOP” syntax and all SQL identifiers (table and field names) are case sensitive. So a query on “SELECT * FROM Documents” will fail if the table is name “DOCUMENTS”. That’s just what I ran into in the first few days.. I’m sure there will be more surprises to come.

So if there are others out there who assumed the two were compatible due to their common root and other community fodder, you are now forewarned.

New Microsoft Office Integration content in Advanced ColdFusion MX 7 Application Development

I just learned that Advanced ColdFusion MX 7 Application Development is shipping. The sites have not been updated yet, but it is shipping.

Rikomagic MK802 IIIS: mk802 iii
Measy RC11 Air Mouse: RC11
Rikomagic MK808: mk808

This update has a ton of great new content, including a whole chapter on MS Office integration which I was very pleased to contribute. This chapter provides more in depth information and new examples compared to what I’ve discussed in my previous presentations on the topic.

Everyone else is linking to the Amazon page, but it’s much cheaper on Overstock.com. Overstock stinks for research–little info and no reviews–but it’s good for the final purchase. You don’t need research for this book anyways, everyone knows it’s wonderful! :-)

New PrimalScript Release: CFMX7, CSS, and Double-Extensions and more!

Sapien put out a nice update to their IDE, PrimalScript with a few big additions.

  • ColdFusion MX 7. The PrimalSense files have been updated with all of the new CFMX7 syntax.
  • CSS. PrimalScript now gives PrimalSense on CSS files–it lists a drop-down of all valid CSS property names (use the toolbar button or CTRL-Space).
  • Double-Extensions. This is generic for all server-side code, but is really geared towards CF developers as it’s primarily a CF pratice. PrimalScript now recognizes files that have two extensions and treats the file based on the type of the first extension, not the last. So if you want to protect your css files via CF but still want PrimalScript help while editing them, you can use a name like “site.css.cfm” and PrimalScript will recognize the “.css.cfm” double-extension and treate the file as a CSS file. This is espeically useful for Fusebox developers who use double-extensions for their controller files such as “fusebox.xml.cfm” and “circuit.xml.cfm”.

If you haven’t checked out PrimalScript for CFML and AS development, we’d strongly suggest trying it out.

Where’s responsible security reporting?

While I totally agree that once a company fails to respond to a security problem reported privately the problem should be reported publically, it’s horrible when that report greatly compounds the problem. That hapenned recently with ThinkTank‘s disclosure of PayMaxx‘s major security problem.

PayMaxx developers unfortunately did a stupid thing–they didn’t check that a person viewing a W-2 or other payroll related record is accessing the record they are allowed to; they only check if the user is logged in. That certainly is a major problem and unfortunately is too common (I’ve found this problem myself in e-commerce sites I used and reported it to the site owners–who both fixed the problem within 24 hours in the instances where I found it).

The ThinkTank report went much further than disclosing the nature of the problem and reported specific login information for a test account which allowed anyone to log-in and exploit the problem. Before this, only customers could exploit the problem. After ThinkTank’s disclosure, anyone can exploit the problem. They made the problem significantly worse.

Shame on you ThinkTank. If you agree, tell them.

CustomTag: HiddenDiv toggles content visibility

Recently I had to display a lot of text in a page but didn’t want it all initially displayed–I wanted to toggle some of it based on user interaction. I wrapped the functionality in a custom tag for easy reuse.

This is toggled text content.

tag and provides a
separate

tag with a link to display the content. The link
can act as either a display once or a toggle. When the hidden
div is diplayed once the link text is hidden. When the hidden
div is a toggle, the link text is toggled between two alternate
values.

-> showText Text to display initially and when the content
is hidden. Default "(show)".

-> hideText Text to display when the content is displayed
and toggle is set to yes. Default "(hide)".

-> toggle True if the link toggles the content display
and false if it displays once and stays on.

All other attributes are passed along to the content div. The
text div has a class of "hiddenDivText" which can be used
for styling.

Only tested in IE6 and Firefox based browsers. Should work
in other standards compliant browsers. If it doesn't work
in your target browser, modify the getElement function.
--->

var hiddenDivShowText = new Array();
var hiddenDivHideText = new Array();

function toggleHiddenDiv(index) {

var textDiv = getElement('hiddenDivLabelDiv_' + index);
var contentDiv = getElement('hiddenDivContent_' + index);
var textSpan = getElement('hiddenDivLabelSpan_' + index);

var display = (contentDiv.style.display != 'block');

textSpan.firstChild.nodeValue = (display ?
hiddenDivHideText :
hiddenDivShowText
)[index];

textDiv.style.display = 'none';

contentDiv.style.display = display ? 'block' : 'none';

return false;
}

function getElement(id) {
return document.getElementById(id);
}

#js#

hiddenDivShowText.push('#jsStringFormat(attributes.showText)#');
hiddenDivHideText.push('#jsStringFormat(attributes.hideText)#');

#js#