Why using jQuery from Google's AJAX API

Intro

Hi, Dear visitor.
As you noticed huge amount of web resources using jQuery directly from Google's Ajax API.
In the next article i will explain the advantages of such tactics as additional to Web FrondEnd Optimization, Frontend Optimization will not be covered in current article, but i will write about this in one of my next articles, pehaps it gonna happen at 30 or 31 Sept. 2011

How to use it?

It is very easy, just include into end of template (before ) before body closes next line.

There also available other popular frameworks such as mootools, prototype, scriptaculous, jqueryUI and others to find a link take a look at: Google's Ajax API
Now Let's we move to the next step...

Why it is preferred way to include jQuery from Google's AJAX API ?

So why would you ask. The answer is in advantages of such tactic.
1) Loading time... 1.1) The loading time may be slightly increased for a lot of visitors of your website, as a lot of website's using google's jquery the visitor may come to you with already cached jQuery, so that he dont need to load it again and his browser knows about this.
1.2) You servers may not be fast enough to load jQuery as fast as google or in bounch of images and data it is loading jquery lib a long time. 1.3) Separating domains to load page elements from also speed incresing. i will cover this aspect in next articles.

What means // rather than http:// or https:// and why do you use it like that?

Double slash ahead rather than exactly defined protocol means that linked element will be server from automacally matched protocol, such as if visitor currently visiting your website on HTTPS, the file will be included as https and not causing problem as serving from http while loading through https. http and https web optimization to not bug your pages will also be covered in next article.
Overall i can say this will bug your page and tell visitor that it is not compatible with secure protocol or something like that, depens on visitor's browser.

TableSorter Month/Year sorter (Custom Sorting)

Hi all, as usual i have a post for today:)
Yesterday forced to code my own sorter for jquery tablesorter. (http://tablesorter.com)
I have pulled statistics data by date, in this case it was a format Month Abrv. Year such as Apr 2011, Mar 2011.
This sorter can be applied to any of month/year string.
you will need to just replace values the sorter replacing by integers.
and now take a close look at the code:
(this code should cme before you call tablesorter)

      $.tablesorter.addParser({ 
          id: 'months', 
          is: function(s) { 
              return false; 
          }, 
          format: function(s) {
              tmp = s.split(' ');
                            // This line modified by Harel Seligmann - Supporting cross year sorting.
                            // Thanks to Harel for his contribution.     
                            s = tmp[1] + tmp[0].replace(/Jan/, "00").replace(/Feb/, "01").replace(/Mar/, "02").replace(/Apr/, "03").replace(/May/, "04").replace(/Jun/, "05").replace(/Jul/, "06").replace(/Aug/, "07").replace(/Sep/, "08").replace(/Oct/, "09").replace(/Nov/, "10").replace(/Dec/, "11");
              return s;
          }, 
          type: 'digit' 
      });

Now all you need to sort by April 2011, is to replace month names from Apr to April, if you have a string like Apr-2011, so replace in split s.split(' '); to s.split('-');

You can have any month/year format to sort it by.

In current sorter im sorting only months as i poll data per 1 year (2011, 2012, 2013,etc...).

After doing this you are able to call your new sorting method as next:

   $("#tablesorter").tablesorter({
   sortList: [[0,1]], // default sort definition
   widgets: ['zebra'], // theme
   headers: // force sort types
    {
     0 : { sorter: "months" }, //your new sorter name
     1 : { sorter: "currency" },
     2 : { sorter: "currency" },
     3 : { sorter: "currency" }
    }
   }).tablesorterPager({container: $("#pager"), size: 15}); // pager extension

You can tune the parser for you need and post into comments, i will update the post so.

Feel free to ask for other explanations/solutions.

Local file inclusion and Null Byte prevention and it's consequences

As you may know or not know, there is a vulnerability called Local File Inclusion, that is used for a close time to gain shell access and even server control.
How does Local File Inclusion works?


imagine you are dynamically including a part of page, in PHP it may looks as next:

include($_GET['file']);
//this one validated as even remote inclusion

ok, you got it, you going to jail the directory to:

include(dirname(__FILE__).'/'.$_GET['file']); 
// jailed, but now Local File Inclusion present in script.

in 2 previous example we are able to do www.evil.host/script.php?file=../../etc/passwd
and get access to the passwd file of linux systems, the problem that it is almost in all systems locked, but there is a lot of other useful files to view this way.

Why i mentioned Null Byte Poisoning in the head of the post...
we go to jail this even more, to strict to file extension

include(dirname(__FILE__).'/'.$_GET['file'].'.php');

last example looks perfect protection against any inclusion type, but not all good, we left Local Inclusion with a help of null by poisoning that works as follows:
www.evil.host/script.php?file=../../etc/passwd%00
the %00 is a null byte, after this the string will be terminated and .php will get thrown away
We can get access to potentially dangerous files to access from outside.

How To Prevent?

//do this, but before filter you $_GET['file'] also implement in additional to usual verification next:
$_GET['file'] = stripcslashes( str_replace( chr(0), '', $_GET['file'] ) );
include( dirname(__FILE__).'/'.$_GET['file'].'.php' );

Now you will become protected against remote/local file inclusions using even null byte poisoning.
First: chr(0) is a null byte, getting stripped and then stripCslashes, char C is a special strip that strips "C" like \n, \r ..., octal and hexadecimal representations.
Very Important to know the consequences of such attacks if the hole is not locked, to read about this please follow and read Gaining Shell Access via Local File Inclusion Vulnerabilities in Brian Haddock's Blog.

I will describe Remote file inclusion, how to implement and how to prevent next time.

MySQL Stored Procedures or How BTREE index improves performance on Temporary tables

Hi all, today i gonna tell you that i am sorry for poor english:)

I have met the next problem while using Stored Procedures.

The problem i had is stored procedure i've coded, after a bit of additional change fetched ~110k rows and stored all this info in a temporary table.

CREATE TEMPORARY TABLE tmp_revenues
SELECT SUM(commision)*provider.rv AS revenue, transaction.status
FROM transactions
LEFT JOIN provider ON (provider.name=transactions.provider)
AND transaction.date BETWEE date_start AND date_end
ORDER BY transactions.status

and a few more temp tables that stored information how to count each channel, provider and first counted providers then channels, so when i drove in trouble my Stored Procedure begun executed for about 3 minutes o.O.
Yes, i sat like O.O
I decided break such and joins into a simple queries (NOTE: That was not only query) and so on, i've done it like
after creating temporary tables ->

CREATE INDEX ix_tmp_rev ON tmp_revenues USING BTREE (status, provider, channel, date)

as those fields was necessary for me.
how does this work....
Temporary tables are created with ENGINE=MEMORY by default, so you should specify index type (USING BTREE) as BTREE default on ENGINE=MyISAM, but not MEMORY.

The only index types MEMORY supports is HASH by default and BTREE.
HASH is hashing values of any length and then quickly looking up, this type of index is bad for range comparisons. even impossible, cause MySQL will scan whole table.
BTREE indexing not hashed, so allowing us to apply range comparison. In my Case i used it as i have a range comparison by DATE field.
So we done CREATE INDEX index_name ON table_name USING INDEX_TYPE (field_names to index)
this little trick of breaking complicated queries into simple and implementing proper index did reduce my statistics Stored Procedure to execution time of 2-4secs depends on SQL Server load at the moment of execution.

I also removed few duplicated indexes on TRANSACTIONS table, DB designer with no experience did...
That also boosted performance!

Have fun with it.
Proper indexing have a lot of benefits.

 

 

JavaScript TableSorter + Pager (Cuts data on sort)

The beginning of the story.

TableSorter is a sorting plugin coded with javascript.
This enables you to sort almost any data inside table without loading your database to make an "ORDER BY column DESC".
In additional you can install official pagination plugin called Pager. Last enables you to also paginate resulted data without querying db again and again for every page, but stores data hidden from user inside browser.

The Problem:
I have met with a problem using tablesorter with pager plugin.
After i initialized tablesorter with its pagination plugin, my data got cut on sorting.
The problem found quick and fast.
I have used next code to initialize

$(document).ready(function(){
$.tablesorter.defaults.widgets = ['zebra'];
$('#tablesort_dg').tablesorter({sortList: [[2,1]]}).tablesorterPager({container: $("#pager_b")}).trigger('update');
});

The main problem of sorting is covered under .trigger('update');
When you press on header to sort table, it calls update again and then data gets cut!
Be aware.

If this didn't help you, remove all additional command leave only initialization with pager initialization and then start adding command by command to find the one causing problem.

Sincerely,
Ruskevych Valentin