Stuck in my mind, can’t move hands, just starring at the screen and getting horrified what could happen if this state continues on…
Fail to get inspired by people around me. How they try to engage me. Hate their good meaning cheer up words that all will be fine…
I know, this is just a temporary state, but a state that has been going on the last couple of years…
Information overflow…
I’m currently working on a project that uses MongoDB (yes, that’s the awesome NoSQL database everyone talks about). Now, my favorites language of choice (CFML) and especially my favorite open source CFML engine OpenBD, has support for MongoDB built in which makes it a snap to use for any ColdFusion developer.
MongoDB’s query syntax is quite different then the SQL you might got used to. A good overview how to find (select) records with MongoDB can be found at SQL to Mongo Mapping Chart. In short, the MongoDB find() syntax is close to the “chained” commands you might know from the likes of JQuery. Important to remember is that 99% of the time everything you pass to MongoDB is a JSON structure and has a JSON like syntax.
Since OpenBD is using the Java Driver and we apply a CFML tag for it, the query syntax differs slightly from the one you would enter in a mongo shell. Please find below some examples.
<cfset myarray = MongoCollectionfind(
datasource="mongosource",
collection="users",
query={}
)>
The above MongoCollectionfind() will return an Array with all records of the Collection and all fields.
It’s a common practice not to return all fields as in a “SELECT column1, column2 FROM…”. With MongoCollectionfind() you would do something like:
<cfset myarray = MongoCollectionfind(
datasource="mongosource",
collection="users",
query={},
fields={email:true,firstname:true}
)>
Again the MongoCollectionfind() would return an Array with all records, but this time only with the columns “email” and “firstname”. Note: The unique value of “_id” is always returned!
Of course, returning all records is 99% of the time not wanted. MongoDB has a very sophisticated approach to finding records. As you can see from the SQL to MongoDB map. Ok, now let’s find user by his eMail address.
<cfset myarray = MongoCollectionfind(
datasource="mongosource",
collection="users",
query=({email:"nitai@openbd.com"}),
fields={email:true,firstname:true}
)>
To find the user with his eMail address AND his first name you would do:
<cfset myarray = MongoCollectionfind(
datasource="mongosource",
collection="users",
query=({email:"nitai@openbd.com",firstname:"nitai"}),
fields={email:true,firstname:true}
)>
The same find() as above but this time with OR would be:
<cfset myarray = MongoCollectionfind(
datasource="mongosource",
collection="users",
query=( { $or : [ { email : "nitai@openbd.com" } , { first_name : "nitai" } ] } ),
fields={email:true,firstname:true}
)>
As you can see form the examples above, working with OpenBD and the MongoDB syntax is straight forward and easy. Hope this helps.
Unfortunately, I’ve had to learn a thing or two about server intrusion, .htaccess being hacked, backdoors and more in the last days. Well, one could say it is a good education… In any case, one of the major issues I was confronted with, is that on one PHP based server (with WordPress) the .htaccess file was manipulated. The hack wasn’t obvious, since it was targeted to any user coming to the site from a search engine and then being redirected to some (random) russian site.
Now, removing the .htaccess file, editing it or changing the file permission did not help, as the file itself was being reset to the hacked version every 30 minutes or so. It was obvious that someone was able to upload a backdoor to the server and calling the file remotely. The question was now, how to find the infected file or uploaded on in order to close the hole?
Luckily, the people at R-FX Network made the malware script available (under the GPL open source license), that lets you scan your server for any malware and infected files. It uses many different scans to find any malware. I especially like, that users can send their infected files to them and they then update the scanner engine. Very effective method to keep your server secure.
In my case, the malware script quickly found the file in question, which was then quarantined. Since then, the WordPress blog worked again. Needless to say, just running this script wont secure your server. You need to have a firewall in place, update your server regularly, read your logs and so on.
If you want to read more about the difference way of hack and how to protect the server I’ve found this blog post from Unmask Parasites very valuable. Also, they have a video of Matt Cutts talking about malware.
I just went trough some issues with a PHP5 installation on some of our WordPress servers. To spare you of the details, why I had to do that, I simply post the solutions here (strange enough searching for these issues online gives you “trillions” of results, but no solution…).
1. Removing PHP5 and re-installing
When you are in need to remove and re-install PHP5, you should use the “–purge” parameter like; “apt-get –purge remove php5″. Now, while this seams to work and when you re-install PHP5 it strangely gives you feedback of “Not replacing deleted config file /etc/php5/apache2/php.ini” during re-installation.
In short, the re-installation does NOT install a php.ini file. While this might not be a issue for some, it was in my case. Luckily, there are some default php.ini files that one can copy. Depending on your server they might be in different places (mine were at /usr/share/php5). So, all there was to do is to copy the file with: “cp /usr/share/php5/php.ini-production /etc/php5/apache2/php.ini”.
2. Your PHP installation appears to be missing the MySQL extension which is required by WordPress
While the above might not be major issue, the message I received from our WordPress installation of “Your PHP installation appears to be missing the MySQL extension which is required by WordPress” was worrying. Nothing that I tried, re-installing PHP5, enabling modules, checking Apache and MySQL solved it. Also, searching for this online, did not help at all, since almost every entry simply tells you to re-install php5.
Ok, so how did I get it solved? After hours of hours the solution is too simple. All I had to do, was to explicitly, enable the extension in the php.ini file with:
extension=mysql.so
extension=mysqli.so
Saved the file, restarted Apache and finally I got the MySQL parameters in the PHP Info page and all blogs worked again. One would think that the apt-get installation routine would do this automatically since I was using “apt-get install php5-mysql”, but alas as I found out the hard way, this is not so.
Hope this helps someone out there.
I actually never indulge in conversations why one programming language is better then another, because what is right to you, does not automatically mean, it is right for someone else. So, for me ColdFusion, or as we call the language itself – CFML, works very well.
Nevertheless, in this post I like to clear up some confusion that has been around. I can see where the confusion comes from as Coldfusion has gone from Allaire to Macromedia and is now “in the hands” of Adobe.
In any case, here are some reasons why CFML is still worth for you to learn.
If you are in for writing less code and building your next web application the fast way, then I simply urge you to give CFML a try. I’m certain that you will get your project done in half the time then in another language. There is simply nothing to loose for you!
Migrating one of my customers the other day, bought up an ugly error when I had to create 2000 directories on one go. The error was:
Cannot run program "chmod": java.io.IOException: error=24, Too many open files
While, “too many open files” usually means one can raise the limit of open files under Linux (check out ulimit -a) it unfortunately did not help in this situation. I even rebooted the whole server and made sure that no other service was running, except Java that is. Still no success.
I then looked at my code in the CFML (Coldfusion) template. In order to create the directories I used a simply:
<cfinclude action="create" directory="..." mode="775">
Normal code, right? Well, as it turns out, I simply had to remove the “mode” part in order to overcome this error. Not sure, why this caused a “too many open files” error, but it worked in my situation. I can only imagine that the server tried to put all 2000 directories into memory and then write them in one go (I have a high value for the open files limit set and 12GB RAM).
In any case, hope this helps someone out here.
As a developer of web applications you (should) know that your users will not always enter the data you expect in a form field. When you post the form with a normal submit, then the browser will take care of the encoding for you, but what about AJAX calls? Say, you need to grab a form value and need to pass it on in a AJAX call, then you need to take care of the encoding.
Javascript gives you 3 functions to encode your values. These are escape(), escapeURI() and encodeURIComponent(). Now, probably like a lot of others, I have only known about the escape() function and used to use that function to encode my URL values. Until the other day, when I had to preserve a “+” and a “/” in a value. Apparently, there is a fundamental difference between them.
escape:
In all browsers that support JavaScript, you can use the escape function. This function works as follows: digits, Latin letters and the characters + – * / . _ @ remain unchanged; all other characters in the original string are replaced by escape-sequences %XX, where XX is the ASCII code of the original character.
escapeURI & encodeURIComponent
In addition to escape, modern browsers support two more functions for URL-encoding: encodeURI and encodeURIComponent. These functions are similar to escape, except that they leave intact some characters that escape encodes (e.g. apostrophe, tilde, parentheses); moreover, encodeURIComponent encodes some characters (+ / @) that escape leaves intact. Unlike escape, that produces %uXXXX, encodeURI and encodeURIComponent will encode the capital Cyrillic letter A as %D0%90, and the euro sign (€) as %E2%82%AC.
I’ve found this and simply had to share it. This outlines a lot what an entrepreneur has to do. Have fun building businesses, I sure have 
Thinking of a way to quickly search & replace data in a MySQL column got me to this solution:
update table set column = replace(column,'thistext','thattext')
With this method I was quickly able to change millions of records today. Quick and easy.