Matthew Turland

Today I saw the most recent episode of Kitchen Nightmares, which takes place in the city of Metairie in my home state of Louisiana. After the episode, I visited the web site of the featured restaurant. My experience there combined with other similar recent experiences inspired me to write this blog post.

The topic of this post is not new. Let’s face it: once there’s an Oatmeal strip about a topic, chances are it’s been around the block once or twice. However, it seems like the point isn’t being driven home to its intended audience: restaurant owners. So, I’m aiming to present the material at a slightly different angle than I generally see it presented in hopes that it has the intended effect. Feel free to pass the link around to anyone you think is a member of that audience.

Let’s look at a hypothetical scenario. There’s a person, who we’ll call Joe, and he’s coming up on his lunch break at his office job. A few of his coworkers come around, say they’re thinking of dining out for lunch, and invite him to join. The group then tries to decide on a venue. To give them a better idea of their options, Joe pulls up a web site like Google, Google Maps, or Urbanspoon to see what’s nearby. A number of questions need to be answered when considering any individual option.

• What are the restaurant’s hours?
• Is it open for breakfast, lunch, or dinner?
• What type of food is served (e.g. burgers, Chinese, etc.) and how is it priced?
• Where is the restaurant and what are the directions to get there from the office?
• Does the restaurant offer orders for carry-out or delivery?
• How long is the wait time before a customer is served?
• Is a reservation required? If so, how far in advance does it need to be made and can it be done online?
• For more uncommon questions, how can the restaurant be contacted?

How much of this information does your site provide and how easily can potential customers find it? Are different pages of the site clearly named, linked to in a prominent navigation section, and populated with well-organized and relevant information? Are important basics like location, hours, and phone number prominently featured on every page?

Now, information from internet sources isn’t always accurate. Let’s say that the group chooses a restaurant, drives there, and realizes that the restaurant has closed down. They’re no longer near a computer, but with the increasing availability of mobile devices, each has a mobile phone. They use them to search again and review other options. There are several things that might make the group pass up a particular venue at this point.

• Desktop-targeted web sites. While these can be viewable on a mobile phone, they can require a lot of zooming and panning to read and may not display as well in mobile browsers. Offer an alternative minimalistic version of the site for mobile devices.
• Flash animations. Not only can they be large to download over a mobile network, but many mobile phones don’t support them and simply won’t display them. You probably don’t need Flash on your web site to begin with. If you really think you do, only use it on the desktop version; leave it out of the mobile version.
• Menus in PDF format. Like Flash animations, they’re typically larger than a web page and many mobile phones can’t read them without supplemental software. Even with that software, they can be annoying to navigate. PDF files are great for printing and passing around the office, but the ideal situation for mobile phones is having the menu content on an actual web page, preferably one that’s mobile-specific. This also gives search engines additional content to pick up and associate with your restaurant.

How mobile-friendly is your web site? Can all the information it offers be easily consumed by mobile devices as well as desktop computers?

One last parting thought: the end goal of a web site depends on the business it represents. Too often, I see restaurant owners lose sight of what the purpose of their web site should be: to get customers off the site and into the restaurant as quickly as possible. This contrasts with some sites like Facebook or Amazon, where the goal is to keep customers on the site as long as possible.

A restaurant web site can accomplish its goal by enabling prospective customers to get the information about the restaurant that they need and then leave. While it isn’t always feasible to measure, a web site that doesn’t do this effectively can have a very real, negative impact on the bottom line of the restaurant as a business because it is a reflection of that business.

If you own a restaurant and don’t have a web site yet, please keep these things in mind when having one developed. If you already have a web site and it veers from these guidelines, I urge you to consider having it changed. As usage of the internet and mobile devices increases, these guidelines will only become more important.

So by now a lot of people have realized that the Twitter web interface has succumbed to an XSS vulnerability. The JavaScript contained in one particular tweet that’s part of this causes you to retweet it so that it will spread to others and then establishes a modal overlay on your Twitter home page so that mousing over it forces you to continue retweeting it over and over again.

I had a hunch on how to get around this that turned out to be correct. Go to your Twitter user page (in my case, http://twitter.com/elazar). This JavaScript doesn’t appear to affect that page, allowing you to undo the retweets so you can access your Twitter home page again. Note that this won’t prevent retweets from people you follow from showing up in your feed. The best you can really do about that is help to spread the word about how to fix this situation.

At this point, I would suggest deleting your cookies, logging into Twitter, navigating manually to http://twitter.com/settings/account, changing your password, logging out, and logging in again. It may also be best to use a Twitter client instead of relying on the web interface until it’s fixed. No word from Twitter on this as of yet.

If you have any other comments that may be handy in this situation, please leave them on this blog post.

I ran into an instance recently where I wanted to implement natural sorting of a result set in MySQL. When you’re dealing with numerical strings or strings with a common non-numeric prefix, the common solution of casting the order column to an integer by adding zero to it works fine. However, if neither of the aforementioned conditions is the case, it takes a little more work.

What actually happens when you add zero to a non-numeric column depends on the characters at the beginning of the column value. If the column does not begin with a sequence of one or more numeric characters, then adding zero to that column produces zero. (Ex: “dog” + 0 = 0) If the column does begin with numeric characters, then adding zero to it produces the sequence of numeric characters up to the first non-numeric character in the original value or the end of the value, whichever comes first. (Ex: “12 dogs” + 0 = 12) An example might be the easiest way to illustrate this.

mysql> SELECT name+0<>0, name+0, name
    -> FROM `recommendation`
    -> ORDER BY name+0<>0 DESC, name+0, name;
+-----------+--------+------------------------+
| name+0<>0 | name+0 | name                   |
+-----------+--------+------------------------+
|         1 |      3 | 3 month follow-up      |
|         1 |      6 | 6 month follow-up      |
|         1 |     12 | 12 month follow-up     |
|         0 |      0 | Intervention           |
|         0 |      0 | Observation            |
|         0 |      0 | Specialty Consultation |
+-----------+--------+------------------------+
6 rows in set (0.00 sec)

The first ORDER BY clause checks the string to see if it begins with numeric characters, then places results for those that do first. If you prefer that numeric results appear after non-numeric results, then you can exclude this clause.

The second ORDER BY clause orders the numeric results by casting them to integers and ordering by those integers.

The third clause orders the non-numeric results by the original column value.

And that’s all there is to it. Hope this proves helpful to someone.

So I got the June 2008 issue of php|architect (or volume 7 issue 6 for those of you who track it that way) in recently. Right off, I found the cover article on EAV modeling to be of interest seeing as my current employment is in the medical IT industry and I’d never heard of this technique for storing data. I actually more or less knew what it was, but had never put a name to the face so to speak.

The mental image that came to me when reading about this approach to data modeling was taking the traditional relational table and turning it on its head. Despite what the Wikipedia article on the topic might tout early on, there are disadvantages to using the EAV approach. EAV actually has to circumvent, work around, or reimplement features that most mainstream database servers today provide “for free” to the traditional relational counterparts of EAV in order to get equal functionality. These include native data type validation and data type-specific operations without explicit typecasting (if you’re not separating EAV values by data type), row-level referential integrity, and schema metadata. EAV also adds a dimension of complexity to query construction in an era where storage is becoming cheaper and database technologies are evolving. It may work, but I don’t foresee it scaling very well for larger systems. In short, it seems an attempt to force a square peg into the round hole that are traditional relational database systems.

In a MySQL world, there are alternative approaches for deploying DDL modifications. One is to implement master-slave replication to propagate DDL modifications and load balancing to maintain uptime as changes are propagated from server to server. Another is to use MySQL Proxy to direct queries to servers hosting unmodified schemas and queue DML operations in the binary log while DDL modifications are made. Once DDL is complete, the server goes into “read only” mode while queued DML operations are applied and incoming DML operations received during that time are blocked until the queue is empty. (This may be a potential point of improvement.)

Outside of MySQL, there are document-focused database systems such as Apache Lucene and its current .NET and PHP ports as well as Apache CouchDB. While some of these are still a little early in development, I see them as being more ideal for applications demanding more fluid data storage and hope that the development of similar solutions continues.

So I started poking around for instructions on installing Oracle XE 10gR2 on my Kubuntu Hardy 64-bit installation recently. I came across this article from Oracle, which seemed like exactly what I wanted. Unfortunately, it assumes that the intended host operating system is 32-bit, which causes issues if you try to install XE through apt as the Oracle article suggests. After following these instructions, I immediately received this error:

W: Failed to fetch http://oss.oracle.com/debian/dists/unstable/Release \ Unable to find expected entry main/binary-amd64/Packages in \ Meta-index file (malformed Release file?)

After that, any apt command issued (related or not) produced this error.

E: The package oracle-xe needs to be reinstalled, but I can't find an \ archive for it.

And finally, when I resorted to using this excellent guide instead, I ran into this problem because of the earlier failed installation.

dpkg: regarding oracle-xe-universal_10.2.0.1-1.1_i386.deb containing \ oracle-xe-universal: oracle-xe-universal conflicts with oracle-xe oracle-xe (version 10.2.0.1-1.0) is present and broken due to failed \ removal or installation.dpkg: error processing oracle-xe-universal_10.2.0.1-1.1_i386.deb \ (--install): conflicting packages - not installing oracle-xe-universalErrors were encountered while processing: oracle-xe-universal_10.2.0.1-1.1_i386.deb

Luckily, I was able to find a solution to purge the failed installation from the system.

dpkg --remove --force-remove-reinstreq oracle-xe-universal

One thing that the Oracle article was useful for was creating a swap file large enough for Oracle to use, as the issue described in the article with not having enough swap space did arise when I initially tried the installation. Beyond that, the non-Oracle guide mentioned earlier worked like a charm and I now have a working XE installation on my system.

Ever since I started working with the jQuery JavaScript library, I’ve loved it. It offers the power to do a lot with only a little code and makes features offered by the JavaScript DOM implementation much easier to access. My interest in web scraping prompted me to consider creating an equivalent of sorts for PHP.

This obviously doesn’t include some features specific to the client-side or any that require evaluating CSS, but it does include many for extracting data from a valid XML or HTML document. I’ve posted my initial work on the concept in an GitHub repository. The code there is commented with docblocks and includes unit tests with over 99% code coverage. Comments and suggestions are welcome.

Recently at work, I was tasked with finding a method to retrieve data from a third-party SQL Server 2000-based system into our own MySQL-based application. It’s worth noting that both system are behind their own firewalls and I was trying to bear security in mind as I did this.

First, I had to actually get into the system with the SQL Server database. For this, I used Citrix GoToAssist. The company behind the software makes their money off of hosting the servers it uses and selling access to them as a service. The client software uses HTTPS for security and to get around firewall configurations. While their software is nice, I’d be interested to see if anyone knows of any OSS equivalents of it.

Once I had access to the system, I needed something akin to phpMyAdmin or Oracle SQL Developer in order to see what resources were available on the SQL Server itself. For that, I found a local copy of EMS SQL Manager already on the system. This wasn’t the most full-fledged product I’d seen for this type of purpose, but it was free, included everything I needed, and did the job in a pinch.

After doing some reconnaisance on the database structure using the information that had been given to me by the third-party vendor, I downloaded the ZIP archive containing the standard build of PHP 5.2 for Windows. Side note: one of the things I like about PHP on Windows is that, for CLI purposes, it only takes decompressing the ZIP archive, tweaking the configuration file to get the settings and extensions you want, and executing the binary to get it up and running.

With my SQL Server experience being dated by about six years, I started throwing PHP code at the system to see what would stick. I noticed that the server was already set up to accept trusted connections, and being that I was running the script on the local system, this made it likely that authentication wouldn’t present any issues, or so I thought.

I created my PDO instance like so:

$db = new PDO('mssql:localhost;dbname=...');

And then attempted to call a particular stored procedure that I’d been told would have some of the data I was looking to extract. I was surprised to get this in response when calling PDO::errorInfo().

Array(    [0] => HY000    [1] => 10007    [2] => Could not find stored procedure ... [10007] (severity 5) [EXEC ...]    [3] => -1    [4] => 5)

Now I had just been in EMS SQL Manager and seen the stored procedure myself, so I knew it was there. I tried using the sa account, but that didn’t seem to work either. After some digging, I found that I had to create an account for the current Windows user on the current network domain in order to make PHP capable of seeing the stored procedure when using a trusted connection. Once I’d created the account and given it access to execute the specific stored procedure I was trying to call, I tried again and PDO::errorInfo then gave me this.

Array(    [0] => HY000    [1] => 10007    [2] => Unicode data in a Unicode-only collation or ntext data cannot be sent to clients using DB-Library (such as ISQL) or ODBC version 3.7 or earlier. [10007] (severity 5) [EXEC ...]    [3] => -1    [4] => 5)

Apparently there are issues with the MS SQL stand-alone PHP extension and SQL Servers using unicode collation. Some more digging turned up that the only way to get around this was to use ODBC. Once I did that, I found that I was no longer getting an error when trying to call the stored procedure.

$db = new PDO('odbc:Driver={SQL Server};Server=localhost;Database=...;Trusted_Connection=yes;');

Though I knew of stored procedures conceptually, my previous experience with SQL Server had never included using them. As such, I wasn’t familiar with the syntax and came across something rather strange while trying to troubleshoot it: if the arguments to a stored procedure are surrounded by parentheses in the  query calling that stored procedure, the code silently fails and returns no results.

// $stmt = $db->prepare('EXEC ...(?, ?)'); // Fails silently$stmt = $db->prepare('EXEC ... ?, ?'); // Works as expected

Last on the list of “interesting things I experienced” while on this little trek wasn’t related to the database, but to what was happening when I attempted to push data from the SQL Server machine to our LAMP machine. I was using the PHP serialize() function to encode the data into a string, then using the streams HTTPS wrapper to send it via a POST request to a PHP file on the LAMP machine. This meant I wouldn’t have to poke a hole in the firewall on either side since both were already open to web traffic. When attempting to run the code for this, I got an error on the client side:

PHP Warning:  file_get_contents(): SSL: An existing connection was forcibly closed by the remote host.PHP Warning:  file_get_contents(https://...): failed to open stream: HTTP request failed!

The cause for this wasn’t immediately apparent. Upon checking Apache error logs, I came across this:

PHP Fatal error:  Allowed memory size of 16777216 bytes exhausted (tried to allocate 3381676 bytes)

The actual issue had to do with how much data I was trying to send; it was exceeding the value specified in the memory_limit configuration setting, which as it turned out was set to the recommended value for a significantly older version of PHP. After updating it to a more current recommended value and bouncing Apache, all was well.

Hope the details of my experiences prove helpful to someone else. Thanks to those who provided assistance along the way.

The guys at C7Y really seem to like Phergie. The articles about the Phergie project on C7Y got a brief shout-out in the P3 Podcast for 4/17/08. Thanks for the plug guys! The rest of the podcast was really awesome too. I definitely recommend checking it out.

Part two of the two-part article I wrote for C7Y on experiences gleaned from developing the PHP 5 IRC bot Phergie has been posted. Feel free to leave comments in the article’s forum.

Streams are quite possibly one of the coolest things about PHP. They’re a feature of the core and allow you to do some basic things that might otherwise require a separate extension, which may or may not be available if you’re in a shared hosting environment. Among these things is acting as an HTTP client, which you can do using the HTTP streams wrapper. See Example #1 on that page for a code sample showing how to submit a POST request.

I wrote a small script a while back that’s gained a surprising amount of popularity thanks to a plug from the site that it posts to. The current incarnation of the script uses the cURL extension to send a POST request to paste2.org, the response from which it then parses for the URL corresponding to the code that was originally sent. When I learned that this could be done with streams, I attempted to implement it in that fashion, but ran into strange issues where I would get 404 or 500-level HTTP errors rather than the response I was expecting.

After some digging, it turns out that this is a bug in the 5.2.x branch. The issue has to do with how headers are arranged by the underlying C code. As a result, explicitly specifying a Content-Type header for the operation will result in failure. However, not explicitly specifying the Content-Type header value results in a Notice being output and the correct header value being used automatically, which coincidentally causes the operation to succeed.

The bug has been fixed in the 5.3 and 6 branches and is expected to be fixed in 5.2.6 as well. Hope this workaround proves helpful to anyone who runs into a similar issue.