News

PHP 7.1 continues down the road towards strict data typing which introduced a couple of very serious bugs, particularly concerning the initializing of arrays. It seems PHP is no longer performing an implicit type cast if a variable had been initialized to a string, like $x='', and subsequently converted to an array with $x[]='sdf'. Unfortunately, only a warning is posted to the log, but the value is truncated so $x[0] only contains "s". This caused a lot of problems and will surely doom many legacy PHP applications, where management might just decide to rewrite them in Java rather than perform the 7.1 upgrade. One of the big reasons why PHP is better, quicker and simpler than other languages is because of its support for loosely typed variables (in addition to being primarily a functional language at its core). It's a shame to see PHP losing sight of its original vision and taking it one step closer to redundancy. However, the application is now noticeably faster running PHP 7.1 with MariaDB 10.2 on the backend.

The application is once again fully supporting PostgreSQL up to version 10.4 which introduced lots of performance improvements and features. As MySQL and MariaDB continue to move further into the corporate world with the introduction of complex features that really only make sense for large businesses, it's no wonder that interest in PostgreSQL is surging. Fortunately, PostgreSQL now includes some of the more interesting MySQL extensions, like GROUP_CONCAT and UPSERT, but also implements very strict data typing that is not required with MySQL, particularly concerning dates and integers.

MySQL introduced a new JSON data type in version 5.7.8 and a new method of extracting the individual data elements using object notation directly in the SQL statement. You can now include object notation JSON references in your Ad Hoc Reports, including filters. Just be sure to create an alias for these columns and strip-out the double-quotes. Here is an example document->>'$.customer.first_name' as customer_first_name where the ">>" automatically removes the quotes. However JSON objects usually contain arrays and you may not know how many elements are in an array, so it is probably better to write a stored procedure to loop through the entire JSON object to produce a columnar report and then call that stored procedure instead of a SQL statement for your Ad Hoc Report.

Cross-Site Request Forgery (CSRF) has become a common attack vector so two layers of prevention have been added to the framework: Synchronizer Tokens and Source Origin Identification. Tokens work on both GET and POST requests but only POST requests will check the source origin. Also source origin checking will not work if the web host is behind a proxy server and will block all changes. However, the framework has not been tested as a backend to a proxy server and most likely there would be other problems operating the site behind a proxy and is not recommended. Please see the Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet for more information.

Ad Hoc Report authors have had the option of specifying that a particular report be "Download Only", which instead of displaying the report in the browser, immediately downloads the report as a plain text file to the user's computer. However the application was still caching the report internally and using almost as much memory as when marked-up with html, occasionally resulting in a blank page or truncated file. With this release, the "Download Only" feature will now stream the report directly from the database to the browser, using very little memory and therefore supporting really large reports of 30M or more. The downside is that those column properties concerned with formatting, headings and sorting will not be applied and you will need to build those options into the SQL statement instead. This change makes the "Download Only" feature more like a true data dump rather than a report. Note that the file extension will be xls, for easy opening in Excel with a double-click, but is actually just a tab-delimited plain text file.

After you run an Ad Hoc Report from the Reports menu, you now have the option to email that version of the report to one or more recipients by clicking a new link in the left side panel of the report page. The report can be embedded in the body of the email as an html table or attached as an Excel compatible spreadsheet or both. The email can be sent once or sent repeatedly at a regularly scheduled time every hour, day, week or month (there are many more options available). Only those users having a profile with "Schedule Events" privileges can email reports.