SitePoint Sponsor

User Tag List

Page 6 of 8 FirstFirst ... 2345678 LastLast
Results 126 to 150 of 186
  1. #126
    If it aint Dutch it aint much Kilroy's Avatar
    Join Date
    Oct 2003
    Location
    The Netherlands
    Posts
    406
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know if it's in here (can't remember seeing it anyway), but this:

    Code:
    SELECT author, title, description FROM content
    is more preferred than

    Code:
    SELECT * FROM content
    even when you are selecting everything anyway. This is because if you don't, your RDBMS will have to look for the columns first, and then select the content from then, but now, it just selects the content right away, which is slightly faster .

  2. #127
    SitePoint Evangelist Daijoubu's Avatar
    Join Date
    Oct 2002
    Location
    Canada QC
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Even with 20 rows?

    About the server load, you can directly fopen and fread the content of /proc/loadavg intead of executing a external app which can slow things down...
    Speed & scalability in mind...
    If you find my reply helpful, fell free to give me a point

  3. #128
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Kilroy
    I don't know if it's in here (can't remember seeing it anyway), but this:

    Code:
    SELECT author, title, description FROM content
    is more preferred than

    Code:
    SELECT * FROM content
    even when you are selecting everything anyway. This is because if you don't, your RDBMS will have to look for the columns first, and then select the content from then, but now, it just selects the content right away, which is slightly faster .
    That's not the reason why it shouldn't be used. If you SELECT * and expand your table later, you also query rows you don't need.

  4. #129
    If it aint Dutch it aint much Kilroy's Avatar
    Join Date
    Oct 2003
    Location
    The Netherlands
    Posts
    406
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    THat's just another reason not to use it

  5. #130
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not convinced that using the * wildcard is an altogether bad thing. Certainly, it has its limitations, but it does what it does and it is standard SQL.

    You use it when you want to select every column in a table. It works perfectly for that. If you just want to select specific columns, list those specific columns. No big deal.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?

  6. #131
    If it aint Dutch it aint much Kilroy's Avatar
    Join Date
    Oct 2003
    Location
    The Netherlands
    Posts
    406
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know it does what it does, I'm just saying that it is slower (although not always noticeably).

  7. #132
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,220
    Mentioned
    58 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by samsm
    You use it when you want to select every column in a table. It works perfectly for that.
    not if there's a GROUP BY clause

    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  8. #133
    SitePoint Member
    Join Date
    Jul 2004
    Location
    Boston
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Just as a personal style preference....

    I didn't see much about style stuff, but in case anyone may be interested, I came up with this as a style preference.

    I should note I am no php expert, I just found this worked for me. If anyone has comments, please post

    I tend like to do this with my MySQL statements:
    PHP Code:
    $sQuery "\n # <pre>\n".

            
    "\t # comments about statement \n".
            
    "\t SELECT * FROM tblTable1 \n".

            
    "\t # comments about statement \n".
            
    "\t LEFT JOIN tblTable2 \n".
                
    "\t\t USING(FirstID) \n".

            
    "\t # comments about statement \n".
            
    "\t LEFT JOIN tblTable3 \n".
                
    "\t\t USING(SecondID) \n".

            
    "\t # comments about statement \n".
            
    "\t WHERE tblTable1.FirstID = ".$iPassedID."\n".
            
    "\t ORDER BY tblTable1.FirstID \n".

            
    "# </pre> \n"
    Things to mention about my reasoning, the first and last line of the statement are commented out of MySQL but are used if you need a quick echo

    HTML Code:
    #<pre> and #</pre>
    That way if I do a quick echo at the front of my query variable, it looks very readable in the browser. And since I'm placing "\t" and "\n", it even looks ok when you view html source (not to mention how it looks if you need to run the query on the command line.

    Also note that I'm placing a MySQL comment before each major part of the query. Along with that, I attempt to place a tab stroke in the php to keep the "\t" aligned visually in the code.
    ie
    PHP Code:
            // note that I put a tab stroke for the line that has \t
            // and 2 tab strokes for the \t\t line
            
    "\t LEFT JOIN tblTable3 \n".
                
    "\t\t USING(SecondID) \n"
    Thirdly, I prefix my table names with "tbl" and database names with "db". Depending on your styles this can be "tbl_" and "db_". It just helps in those odd moments of late nights and lots of coffee.

    Finally, (for those not used to this) my variables are using a method loosely based on what is called "Hungarian Notation". Even though my variable types are dynamically set, I would like to make sure of what kind of variable it is when I'm knee deep in code.

    So, for strings I prefix it with an 's' (ie $sStringVariable), integers it's an 'i' (ie $iInteger), etc. This is not a perfect solution to every variable but, as long as you have a documentation of what the prefix stands for, it should be fine.

    In closing, note that I have put it all in one variable. This doesn't have to go this way you could to something like:
    PHP Code:
    $sQuery "\n # <pre>\n";
    $sQuery .= "\t # comments about statement \n";
    $sQuery .= "\t SELECT * FROM tblTable1 \n";
    ...
    etc.... 
    But doing so would cause a slight rework of how I placed tabs for the different lines (see above);

    Hope this is useful to someone
    -Ernie
    PS - to mr harry fuecks: love your books, articles, site (phpPatterns). I just wish I new what you know to get my sites going better

  9. #134
    SitePoint Addict lmasi02's Avatar
    Join Date
    Aug 2004
    Location
    Zambia
    Posts
    257
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi
    I am building a site using php and mysql and one need userword an password to view the content, but i've problem of how to prevent on from going straight to the protected pages without being auntheticated. What i need is that when one tries to do that he should be directed to the login page.
    please help
    bye

  10. #135
    SitePoint Enthusiast Adam E's Avatar
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Protected page
    PHP Code:
    session_start();
    if (isset(
    $_SESSION['user'])) {
    header('Location: login.php');
    } else {
    //display page

    Login
    PHP Code:
    session_start();
    if (
    $_REQUEST['username']=='myuser' && $_REQUEST['password']=='mypass') {
    $_SESSION['user'] = 'myuser';
    } else {
    die(
    'invalid username or password');

    .. or something like that
    Adam

  11. #136
    SitePoint Member
    Join Date
    May 2004
    Location
    Copenhagemn, Denmark
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Philip,

    Two things (which might be answered further up or down this huge thread, but anyhow)

    Quote Originally Posted by Philip Toews
    What does assign by reference "do"?
    It means that a function works on the original variable (by reference) - not a copy (by value). So if you change that variable within the function it changes outside too.

    Quote Originally Posted by Philip Toews
    Another stupid question here. Why does converting the variables and using $_GET and $_POST help avoid security problems?

    For example, if the following URL passes the variable $id:
    http://www.site.com?id=1

    How does converting it make any difference?

    If I do this:
    $id = $_GET['id']

    Won't the resulting contents of $id still be whatever was in the address bar when the URL was submitted in the browser?
    The danger of using register_globals lie in instances like this
    PHP Code:
    if ($user_ok
        
    reveal_everything(); 
    Now if $user_ok is open to change from the outside through the url as it is with register_globals on, I could just type in:

    http://mysite.com/secret_page.htm?user_ok=1

    ...and voila! I could pass by the "secutiry". Had I locked down register_globals, such a hoax would not work. The user_ok from my url would only be specifically available as $_GET['user_ok'] and do no harm.

    This is a *very* primitive (and unlikely) example, but it might clarify the problem. Usually security hazards with register_globals are much more subtle, but many older scripts using globals from the url can be extremely open to scams. Particularly open source ones, where everybody can find the basic inner constructs of your code.

    Hope this helps

    Martin

  12. #137
    Fully Sweet Car noddy's Avatar
    Join Date
    Aug 2002
    Location
    Perth, Western Australia
    Posts
    759
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is my favorite few lines of debug code. Allows humans to easily read the contents of an array.

    PHP Code:
    // debug - prints a nice formatted array, only need to pass it the name of the array
    function print_format_array($array_name) {
      echo 
    '<pre>';
      
    ksort($array_name);
      
    print_r($array_name);
      echo 
    '</pre>';
    // end func 

  13. #138
    SitePoint Member
    Join Date
    Dec 2004
    Location
    USA
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Unless you are using a variable in your string, do not use regular " brackets to surround it.
    Example:
    $sVarBad = "this is a bad example, ill explain why in a second.";
    $sVarGood = 'this is a bd example, Ill explain why in a second.';

    Why the second is beter, speed wise: In PHP, if your string is encased with regular quotes, it will search every word for a possible variable to interchange. Why would you want to delay it anymore than needed?

    Why the second is better, security wise: As I just said in my last paragraph, it searches each one of those for a variable to interchange. So if a user malaciously declares a variable, which you shouldnt allow anyways, it could basicly turn this simple one-liner into a buffer overflow. Simply, they could take over your system.

    Any questions/debates?

  14. #139
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When a user declares a variable then I let him do whatever he pleases to do. The variable won't be evaluated when the text is being inserted, so it will still be $whatever . You would have to eval() the text, but of course you know that you shouldn't ever run eval() on user input.
    And about your buffer overflow: PHP takes care of memory management itself, unlike C++.

  15. #140
    SitePoint Member
    Join Date
    Dec 2004
    Location
    USA
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yea, the eval function is something I left out, it would be required. But they always could end the current line and maybe insert an sql statement or whatnot. Or even force it to include a remote file for something such as password stealing.

    -Chase-

  16. #141
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ccm84
    [...] But they always could end the current line and maybe insert an sql statement or whatnot. [...]
    You know, there is actually a reason for functions like addslashes() and mysql_escape_string() .

    Quote Originally Posted by ccm84
    [...] Or even force it to include a remote file for something such as password stealing. [...]
    When you eval() USER INPUT, then yeah, sure. But don't start complaining on this forum when your users abuse the fact that you used eval() on their input.

  17. #142
    SitePoint Enthusiast selfmindead's Avatar
    Join Date
    Nov 2004
    Location
    Las Vegas, NV
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is moreof a format tip, but as a programmer I find that when i create a big application im going to be upgrading and editing and re-developing over and over again, it helps to make versions for separate parts of your code.

    As an example... I created a search engine, I have several different sections of code that come into play when producing results after a search... each individual peices of code are commented before & after. Before i have a good 2 lines describing what the function does... then i create the version number of the code. Whenever i pass by this code during editing, i can add onto the list of "things i want this code to do in the future" then when i eventually add these features i make the code "version 0.2" or "version 2.1" or whatever placement im at.

    This method of coding helps for a few good reasons:
    1) you can separate your code, it makes it alot more neat...
    2) it forces you to know what goes where
    3) why its there
    4) what it does
    5) what variables are used and/or defined.

  18. #143
    SitePoint Enthusiast Sven S.'s Avatar
    Join Date
    May 2005
    Location
    Hamburg, Germany
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I made an interesting discovery today.

    An if-statement like this:
    PHP Code:
    if($val == 1){$req 'yea';}else{$req 'no!';} 
    is slower than (I don't know what to call it) inline-if's:
    PHP Code:
    $req $val 'yea' 'no!'
    My test files:

    PHP Code:
    // File 1 :"inline-if's"
    <?php
    // Start timer
    $mtime microtime ();
    $mtime explode (' '$mtime);
    $mtime $mtime[1] + $mtime[0];
    $starttime $mtime;

    $val 1;
    $req '';

    $req $val 'yea' 'no!';
    $req $val 'yea' 'no!';
    [
    repeat from line 11 to 6478]

    // End timer
    $mtime microtime ();
    $mtime explode (' '$mtime);
    $mtime $mtime[1] + $mtime[0];
    $endtime $mtime;
    $totaltime round (($endtime $starttime), 5);
    echo 
    $totaltime;
    PHP Code:
    // File 2: normal if's
    <?php
    // Start timer
    $mtime microtime ();
    $mtime explode (' '$mtime);
    $mtime $mtime[1] + $mtime[0];
    $starttime $mtime;

    $val 1;
    $req '';

    if(
    $val == 1){$req 'yea';}else{$req 'no!';}
    if(
    $val == 1){$req 'yea';}else{$req 'no!';}
    [
    repeat from line 11 to 6478]

    // End timer
    $mtime microtime ();
    $mtime explode (' '$mtime);
    $mtime $mtime[1] + $mtime[0];
    $endtime $mtime;
    $totaltime round (($endtime $starttime), 5);
    echo 
    $totaltime;
    The average parsing-time of the first file is 0.00614.
    The average parsing-time of the second file is 0.01138.

    I tested this on WinXP SP2, Apache 1.3, PHP 4.3.5, localhost.

    This is not really groundbreaking, but for performance-freaks like me, it is definatly interesting. Plus, the first method is much more readable(especially when you have 5 lines one after another).

  19. #144
    SitePoint Addict
    Join Date
    May 2005
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sven S.
    I made an interesting discovery today.

    An if-statement like this:
    PHP Code:
    if($val == 1){$req 'yea';}else{$req 'no!';} 
    is slower than (I don't know what to call it) inline-if's:
    PHP Code:
    $req $val 'yea' 'no!'
    My test files:

    PHP Code:
    // File 1 :"inline-if's"
    <?php
    // Start timer
    $mtime microtime ();
    $mtime explode (' '$mtime);
    $mtime $mtime[1] + $mtime[0];
    $starttime $mtime;

    $val 1;
    $req '';

    $req $val 'yea' 'no!';
    $req $val 'yea' 'no!';
    [
    repeat from line 11 to 6478]

    // End timer
    $mtime microtime ();
    $mtime explode (' '$mtime);
    $mtime $mtime[1] + $mtime[0];
    $endtime $mtime;
    $totaltime round (($endtime $starttime), 5);
    echo 
    $totaltime;
    PHP Code:
    // File 2: normal if's
    <?php
    // Start timer
    $mtime microtime ();
    $mtime explode (' '$mtime);
    $mtime $mtime[1] + $mtime[0];
    $starttime $mtime;

    $val 1;
    $req '';

    if(
    $val == 1){$req 'yea';}else{$req 'no!';}
    if(
    $val == 1){$req 'yea';}else{$req 'no!';}
    [
    repeat from line 11 to 6478]

    // End timer
    $mtime microtime ();
    $mtime explode (' '$mtime);
    $mtime $mtime[1] + $mtime[0];
    $endtime $mtime;
    $totaltime round (($endtime $starttime), 5);
    echo 
    $totaltime;
    The average parsing-time of the first file is 0.00614.
    The average parsing-time of the second file is 0.01138.

    I tested this on WinXP SP2, Apache 1.3, PHP 4.3.5, localhost.

    This is not really groundbreaking, but for performance-freaks like me, it is definatly interesting. Plus, the first method is much more readable(especially when you have 5 lines one after another).
    I personally find the ternary operator much easier to read for short declarations.

    I doubt there's any 'real' performance difference in normal apps, though, as I generally assume that PHP treats both constructs similarly. 9 times out of 10, though, if you're worried about optimizing an if statement, your algorithm sucks.

  20. #145
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Etnu
    I personally find the ternary operator much easier to read for short declarations.

    I doubt there's any 'real' performance difference in normal apps, though, as I generally assume that PHP treats both constructs similarly. 9 times out of 10, though, if you're worried about optimizing an if statement, your algorithm sucks.
    Or it may just be thorough optimization . And your massive quotes aren't really optimized either .

  21. #146
    SitePoint Member
    Join Date
    Jun 2005
    Location
    South Coast of England
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's a quick coding tip I've learnt the hard way:

    If your foreach loop only seems to execute once even though you know there is more than one item in the array, check that you haven't got too keen with semi-colons:

    PHP Code:
    foreach ($array as $item);
    {
       echo 
    $item;

    This is valid code, but doesn't do what you think it should!

    Possibly a good argument for the alternative braces layout:

    PHP Code:
    foreach ($array as $item) {
       echo 
    $item;

    Hope this saves someone some time
    Last edited by Fonant; Jun 3, 2005 at 06:16. Reason: Changed formatting for code segments
    www.fonant.com - Quality web sites

  22. #147
    SitePoint Zealot
    Join Date
    Jul 2005
    Location
    Venlo, the Netherlands
    Posts
    141
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Something I found very useful.

    You can simple declare $_GET variables in your code, without having to link to a new page with <a href.
    This can come very handy. Lets say you have script A, which displays query results. Next to that you want to show a graph,
    dynamicly created in script B, depending on the query results in combination with a year.
    You could do something like this:

    PHP Code:
    isset($_GET['year']) && is_numeric($_GET['year']) ? $_GET['year'] = $_GET['year'] : $_GET['year'] = date('Y');

    echo 
    '<img src="path.php?year='.$_GET['year'].'">' 
    With this, first you look for a valid variable in the URL. If none set, the current year will automaticly be chosen.
    It makes sense, but one may overlook this possibility

  23. #148
    SitePoint Wizard Dylan B's Avatar
    Join Date
    Jul 2004
    Location
    NYC
    Posts
    1,150
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Fonant
    Here's a quick coding tip I've learnt the hard way:

    If your foreach loop only seems to execute once even though you know there is more than one item in the array, check that you haven't got too keen with semi-colons:

    PHP Code:
    foreach ($array as $item);
    {
       echo 
    $item;

    This is valid code, but doesn't do what you think it should!

    Possibly a good argument for the alternative braces layout:

    PHP Code:
    foreach ($array as $item) {
       echo 
    $item;

    Hope this saves someone some time
    Indeed a decent argument for using the alternate brace layout, but I still find the first one easier to read when matching braces.

  24. #149
    SitePoint Member
    Join Date
    Jul 2005
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tend to always use this function on all data that the user can change, because mysql_real_escape_string adds a slash infront of \x00, \n, \r, \, ', " and \x1a. It also does changes depending on the character set of the mysql database you have.

    Code:
    function purify ($string) {
    
      if (get_magic_quotes_gpc()) {
        $string = stripslashes($string);
      }
      $string = mysql_real_escape_string($string);
      return $string;
    
    }
    Note: this will use the last database connection you have used, or will try and open a connection, else it will bring up an error.

    http://uk.php.net/manual/en/function...ape-string.php
    Last edited by Ethernet-Summit; Aug 2, 2005 at 09:54.

  25. #150
    SitePoint Member
    Join Date
    Oct 2005
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    batch insert text into mysql by using phpmyadmin

    If you have formated text files,(tab delimited, or csv), it is convenient to use phpmyadmin to do batch insert.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •