Monthly Archives: February 2009

Mouseover / Mouseout on Nested Elements

Did I mention I’m code-sprinting over the next three days?  Actually, next two days – I just finished my first day today.

What’s code-sprinting?  It’s a trendy term for sitting down with your team, and plowing through code en masse, trying to get as much done as possible.  8 hour days, cookies, coffee, whiteboards, pizza, crashes, bugs, tickets, fixes, etc.  We’re trying to cram 3 weeks of work into 3 days.  Cool.

In case you don’t remember, I’m working on a project called Checkmark (or OLM…still undecided on the name) – a tool for Professors/TAs to receive student code submissions, and to facilitate easy marking and annotating of the submitted code.

So here’s something I learned today while coding:

Say you have some nested DIV’s, and the parent DIV has a mouseout trigger.  Something like this:

<div id="parent" onMouseOut="alert('Mouseout triggered on parent');">
  <div id="child_1">This is some child</div>
  <div id="child_2">This is another child</div>
</div>

As you would expect, the mouseout event will get triggered if you move your mouse over the parent DIV, and then move the mouse back out again.

But it also gets triggered when you move your mouse OVER any of the child DIV’s.

Say what?  That’s right – even though you’re still inside the parent DIV, the mouseout event got triggered.  I found this out today when I was trying to code dropdown menus in Javascript/CSS using Prototype – I could get the dropdown menus to appear find when I clicked on the appropriate button, but they’d disappear again as soon as I put my mouse over any of the sub-elements of the DIV.

So how did I fix this?  I found this example code, and adapted it for my purposes.  This code assumes that you’re using the Prototype Javascript library.

$('some_dropdown').observe('mouseout',
  function(event) {
     //We could probably replace the following with Event.element(event), but oh well.
     var target = $('some_dropdown');
     var mouse_over_element;  //What the mouse is currently over...
     //So let's check to see what the mouse is now over, and assign it to mouse_over_element...
     if( event.toElement ) {
        mouse_over_element = event.toElement;
     }
     else if(event.relatedTarget) {
       mouse_over_element = event.relatedTarget;
     }
     //In the event that the mouse is over something outside the DOM (like an alert window)...
     if(mouse_over_element == null) {
        return;
     }
     //Now we just make sure that what the mouse is currently over is NOT a descendant of
     //the dropdown, and that the target is not the current mouse_over_element (I can't
     //remember which case this covers, but it's important)
     if(!mouse_over_element.descendantOf(target) && target != mouse_over_element) {
        target.hide();
     }
   }
 );

And it works.  Whew!  Just thought I’d share that little snippit.

From GSS to UofT Drama (UCDP) – Part 1

So I took a trip past my old highschool yesterday, and it turns out that there are a bunch of people there interested in coming to the University of Toronto.

And a bunch of them want to take drama.

So I’m going to start recalling my experience going from Grimsby Secondary School to the University College Drama Program (UCDP) at UofT.  I’m going to break it into chunks – so I guess this is part 1.  I’m just going to freeball this, so I’m sorry if this is all over the place.

The drama program at Grimsby Secondary School is extremely physical.  The teachers, Soyka, Rosie, and Ebert, come from a physical tradition of theater originating from a man named Jacques Lecoq.  So, essentially, if you’re going to GSS, you’ve probably got a bit of Lecoq training in you.

And believe it or not, that GSS training is pretty special.  The Lecoq school is in Paris, and so it had to cross quite a distance to get into Grimsby, Ontario.  The theater tradition in Canada, generally speaking, does not involve theater as physical as Lecoq’s – it’s a bit of an anomaly.

So entering the UCDP was a bit of a shock.  The UCDP does not focus physically like GSS – it’s much more broad, and tries to give its students high academic exposure to a myriad of different theater styles.  I say academic exposure, because while you might talk about other styles in academic classes, on the practical level, the theater style at the UCDP is pretty consistent across the board for the first few years.

Let me back up a bit, and get a bit more precise:  I’m going to be talking about the performance practicals at the UCDP, so that means the acting classes.  There are three levels of acting classes:  DRM200, DRM300, and DRM400.  If you make it past auditions, you enter into DRM200 to begin with.

DRM200 is taught by Toronto writer/director Ken Gass – a legend in the Toronto alt theater movement, and the brains behind Factory Theater.

Assisting Ken is Nicky Guadagni, an extremely capable and talented actor, with a very impressive resume.

In, no particular order, this is the type of work we do in DRM200:

  • Classical monologues
  • Canadian monologues
  • Canadian play scenes
  • Shakespeare scenes
  • Improvisation in a realistic universe

When you take DRM200, you also take DRM201 – Voice and Movement.  You have to take this course, simultaneously – there’s no way around it, and I wouldn’t have it any other way.  DRM200 and DRM201 interlace quite nicely, with each class feeding into each other.  DRM201 is really two courses – Voice is one course, Movement is the other.  They each have their own instructor.  In DRM201, you have Cindy Block for Voice and Sallie Lyons for Movement.

Voice is a study of the Linklater approach to voice work, and is focused primarily on freeing the voice.  Freeing it from what, you ask?  Freeing it from the imposed tensions, the habitual stuff we put on it all day.  It’s about finding range, and expressiveness in your voice.  It’s about making people want to listen to you, and to convince them with what you say.

Movement is a whole bunch of stuff:  Laban, Viewpoints, Yoga…DRM201 Movement is mostly concerned with freeing physical tensions in the body.  In DRM201 for me, Sallie corrected by misaligned walk, pointed out some pretty crazy tension in my shoulders, and helped me discover some new muscles in my body.  It’s good stuff.

I’ll talk a bit more about the UCDP in Part 2.  I’ll probably talk about auditions too.

SQL Injection Prevention in PHP – Tip 1

It’s amazing – I’ve been going around, Googling for anything with “index.php?id=”…and that’s really all it takes.  Now, granted, SQL Injection isn’t new, and a lot of the top hits have taken some steps to protect themselves, but if you go deep – like, Google search page 23 deep – you’ll find ones that break if you put a semi-colon after the id # – and if it breaks, it’s vulnerable.

So, here’s my first tip on preventing SQL Injection – when you’re asking for an ID number, make sure it’s a number, and nothing else. Also consider using prepared statements – database wrappers like MDB2 for PHP make this easy.

Check this out – this might be how I would have done it 3 years ago:

<?php
  //Assume we're already connected to a MySQL database...
  $id = $_GET['id'];

  $result = mysql_query('SELECT * from pages where id='.$id);
  if (!$result) {
     die('Invalid query: ' . mysql_error());
  }
  ... //Code to print out my result to the page
?>

I’d do it this way now:

Note: My use of MDB2 might be a little rusty – I haven’t tested this code, and I usually compose RowDataGateway objects with MDB2 to represent my data.  So pay more attention to the structure than the actual syntax.

<?php
  require 'View.php';
  require 'MDB2.php';  //An excellent DB layer from the PEAR libs

  //Code to set $mdb2 as our DB connection variable
  //See http://pear.php.net/package/MDB2 for details
  $id = $_GET['id'];

  try {
    if(!is_int($id)) {
      //ID wasn't an int, it's no good, let's bail
      throw new Exception('Could not recognize the id that you passed');
    }
    //ID was an int, let's see if we can find the record
    $sql = 'SELECT * from pages where id=:id";
    $statement = $mdb2->prepare($sql);
    $statement->bindParam('id', $id);
    $result = $statement->execute();
    if(PEAR::isError($result)) {
      //Uh oh - our result was an error on the PEAR library level
      throw new Exception('There was an error communicating with the database');
    }
    //Insert the database result into the view, render, and die.
    $content = new View('templates/page.tpl', array('page' => $result->fetchOne()));
    $content->render();
    die;
  }
  catch(Exception $e) {
    //We must have caught an exception - put this into our
    //error page template with the error message, render, die.
    $content = new View('templates/error.tpl', array('message' => $e->getMessage()));
    $content->render();
    die;
  }
?>

Yes, it’s quite a bit more code. But I feel safer just looking at it.
Did I miss anything on this? Please post a comment if you  notice that I’ve left a gaping hole.  Learning is good.

Yearly Reading List

Someone recommended a book to me recently, and I told them I’d add it to my “to read” list.

But there’s a little problem:  that list is massive.  Impossibly massive.

Not to mention that some of my year is dedicated to re-reading old favourites.  Call it a tradition, a habit, whatever – each year, I re-read (or try to re-read) the same set of books.  And, every now and then, I’ll read a new book that gets added into that set.

So, here’s the set as it stands:

  • Brave New World by Aldous Huxley
  • One Day in the Life of Ivan Denisovich by Aleksandr Solzhenitsyn
  • Rendezvous with Rama by Arthur C. Clarke
  • The Black Hole by Alan Dean Foster
  • The Man Outside by Wolfgang Borchert
  • The Burglar in the Library by Lawrence Block
  • One Flew Over the Cuckoo’s Nest by Ken Kesey

I’m sure I’m not the only one with yearly reads.  Anyone else?