SitePoint Sponsor

User Tag List

Page 3 of 8 FirstFirst 1234567 ... LastLast
Results 51 to 75 of 186
  1. #51
    purple monkey dishwasher scoates's Avatar
    Join Date
    Nov 2001
    Location
    Montreal
    Posts
    794
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    "marginally" definitely means "marginally" in this case.
    We're talking thousands of variable replacements (double quoted) before you'll notice ANY performace decrease, but you are correct, you do get some miniscule amount of gain from breaking out of quotes to substitute.

    PHP Code:
    <?php

    function microtimeAsDouble()
    {
        
    $nowTime explode(" "microtime());
        return (
    $nowTime[0] + $nowTime[1]);
    }

    // turn on automatic flushing:
    ob_implicit_flush();

    // seed random number generator:
    srand((double)microtime()*10000);

    // set memory limit to 64 megs.
    ini_set('memory_limit''64M');

    // how many?
    $iterations 10000;

    $b "test";

    $startTime microtimeAsDouble();
    for (
    $i=0$i<=$iterations$i++) {
        
    $a '---'$b .'---';
    }
    $singleTime microtimeAsDouble() - $startTime;

    echo 
    "Single: "$singleTime ." seconds.<br /><hr />";


    $startTime microtimeAsDouble();
    for (
    $i=0$i<=$iterations$i++) {
        
    $a "---$b---";
    }
    $doubleTime microtimeAsDouble() - $startTime;

    echo 
    "Double: "$doubleTime ." seconds.<br /><hr />";

    ?>
    for 100,000 iterations, I'm getting (~):
    Code:
    Single: 0.38587403297424 seconds.
    Double: 0.50207698345184 seconds.
    S

  2. #52
    SitePoint Member
    Join Date
    Aug 2002
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Security Factors

    P.S. I did mention that it was only useful for those beginning to code, or high traffic/large sites, yes? marginal may not show up much in benchmarks, and may not be needed on personal websites, but sometimes every little bit helps - it's not do or die, just a tip

    anyway...

    one thing I almost forgot - everyone who writes php should read this - yeah I know, those of you who have been coding php forever are so sick of the document, but it's a great piece for beginning coders who often don't think about security

    http://www.securereality.com.au/studyinscarlet.txt

  3. #53
    purple monkey dishwasher scoates's Avatar
    Join Date
    Nov 2001
    Location
    Montreal
    Posts
    794
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    also str_replace will take arrays as parameters.

    S

  4. #54
    Database Jedi MattR's Avatar
    Join Date
    Jan 2001
    Location
    buried in the database shell (Washington, DC)
    Posts
    1,107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Never, ever use if($foo == "bar") if $foo happens to be a string...ALWAYS ALWAYS ALWAYS use if(strcmp($foo, 'bar')) instead.

    Why?

  5. #55
    SitePoint Member
    Join Date
    Aug 2002
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    From a user added note in the php manual:

    "These comparison operators work based on the context in which they are being used. So if you want to compare two strings, but they both happen to be valid numeric values, you're in line to get burned. The PHP way to compare two strings safely is to use strcmp(). "

    I think that explains it pretty well, better than I could try...sometimes the words just don't come out right...

    strcmp is binary safe
    so "" == 0 is true
    strcmp("",0) != 0
    strcmp returns 0 for = 1 or -1 for 1=
    You can get a lot of the same effect from === which compares type as well as value - but thats not always what you want because you could have problems with casting...

    I guess after contemplation, wouldn't say its better to always use it, but maybe i would say always use it for something like comparing a password. Or anywhere you have mixed type values as strings, php and that loose typecasting and all. I suppose most of the time == or === is good enough. Probably faster...anyone want to do benchmarks on it?

    http://safari.oreilly.com/main.asp?b...ogphp&snode=39

    o'reilly has a bit on it here....I just sacrifice the speed for the strcmp() always because I'm obsessive about things like security, and I don't want things sneaking in....



    anyway: yes, str_replace will take an array, but I leave them seperately - I don't always strip out everything, like extra spaces and all,...and there's a typo in that...sorry...that's what happens when you cut and paste from the wrong cvs file (smacks self...) I fixed it...
    Last edited by auroraeosrose; Aug 28, 2002 at 09:02.

  6. #56
    Database Jedi MattR's Avatar
    Join Date
    Jan 2001
    Location
    buried in the database shell (Washington, DC)
    Posts
    1,107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Assumption: NOT NULL is better than NULL

    You can't necessarily make that assumption as a whole.

    Obviously, there are a few extra "cycles" spent on finding offsets for variable length data (for that matter, you have to compute offsets for fixed length data too), but probably such a small difference, it may not be measurable for most cases. Also, if you are able to improve the cache hit ratio (and/or reduce cache searches) by using fewer pages to store your data, wouldn't that more than offset the "cost" of finding variable length columns on the row?

  7. #57
    SitePoint Member
    Join Date
    Sep 2002
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Red face passing a value from one page to another

    Hello to all,

    I am totally new to PHP so sorry if this is mundane.

    So based on the old way of passing a variable i.e. somepage.php?id=1 how would you now accomplish this same thing with the new way? Would it be something like somepage.php?$_GET('id')

    Help is ALWAYS appreciated!

    Cheers :: filch

  8. #58
    SitePoint Evangelist GeekSupport's Avatar
    Join Date
    May 2002
    Location
    Southern California
    Posts
    408
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: passing a value from one page to another

    Originally posted by filch
    Hello to all,

    I am totally new to PHP so sorry if this is mundane.

    So based on the old way of passing a variable i.e. somepage.php?id=1 how would you now accomplish this same thing with the new way? Would it be something like somepage.php?$_GET('id')

    Help is ALWAYS appreciated!

    Cheers :: filch
    you do not need to change the way you make links. the only change is in the code

    if you had a link which points to ./somepage.php?id=1, the code in somepage.php to grab "id" and its value of "1" is by (below)

    PHP Code:
    <?php
      $id 
    $_GET['id'];

      echo 
    $id;
    ?>
    $id would echo out 1. you don't necessarily have to store $_GET variables to another var, but it's easier for me to use after taking in the form/external data.
    PHP Code:
    <?php
      
    echo $_GET['id'];
    ?>
    (above)would give the same result
    but
    PHP Code:
    <?php
      
    echo $id;
    ?>
    (above) would give you nothing (register globals = off).

    hope that helps a little
    Last edited by GeekSupport; Sep 17, 2002 at 12:36.

  9. #59
    SitePoint Enthusiast Darth Cow's Avatar
    Join Date
    Oct 2002
    Location
    Swarthmore, PA, USA
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Turning register_globals off in code...

    DR_LaRRY_PEpPeR mentions how to turn off magic quotes from PHP code - is there an equivolent way to turn off the evil of register globals with just PHP?

    Thanks

  10. #60
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Turning register_globals off in code...

    Originally posted by Darth Cow
    DR_LaRRY_PEpPeR mentions how to turn off magic quotes from PHP code - is there an equivolent way to turn off the evil of register globals with just PHP?

    Thanks
    PHP_FLAG register_globals OFF in an .htaccess oughta do it.
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  11. #61
    SitePoint Enthusiast Darth Cow's Avatar
    Join Date
    Oct 2002
    Location
    Swarthmore, PA, USA
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Re: Turning register_globals off in code...

    Originally posted by weirdbeardmt
    PHP_FLAG register_globals OFF in an .htaccess oughta do it.
    I was hoping there was a solution just using PHP - I'm honestly not exactly certain how to edit/get to work .htaccess files . I do know I'm running Apache though .

  12. #62
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright, I answered the wrong question so now I'm going back and hopefully posting something more useful.

    You can still use $_SERVER style arrays even if register globals is on. So, simply ignoring registered globals can remove any problem you may have.

    Problems from register globals come when you go to access $is_logged_in and little does your application know that it is being provided by $_GET['is_logged_in] (relatively insecure) rather than $_SESSION['is_logged_in'] (relatively secure).

    So yes, there is an equivalent way to turn off register globals with PHP... just don't use them! Use $_SESSION['is_logged_in'] instead of the registered $is_logged_in and so on throughout your scripts.

    EDIT:
    This should wipe out any variables gloabally registered by the user while leaving the $_GET, $_POST and $_COOKIE arrays in tact.
    PHP Code:
     foreach($_REQUEST as $key => $value)
    {
        if (
    $key == 'key') { break; }
        unset($
    $key);

    Last edited by samsm; Mar 2, 2003 at 00:52.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?

  13. #63
    SitePoint Enthusiast Darth Cow's Avatar
    Join Date
    Oct 2002
    Location
    Swarthmore, PA, USA
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by samsm
    So yes, there is an equivalent way to turn off register globals with PHP... just don't use them! Use $_SESSION['is_logged_in'] instead of the registered $is_logged_in and so on throughout your scripts.
    Well OK, that's what I already try to do . But I just wanted the maximum security anyways, even though I can't edit my PHP config file .

  14. #64
    SitePoint Member
    Join Date
    Oct 2002
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP-MySQL-Apache-Windows Platform Form problems

    Thanks Harry

    Am into my second day of PHP development. Am struggling to parse html forms through my setup - any ideas - for example this file (uploader.html)
    ---------------
    <html>
    <head> <title>File Uploader</title> </head>
    <body>
    <h3>File Upload</h3>
    Select a file to uploadbr>

    <form action="uploader.php" method="post" enctype="multipart/form-data">
    <input type="file" name="file" size=50>
    <br>
    <input type="submit" value="Upload File">
    </form>

    </body>
    </html>
    -------------------
    should allow me to slect a file, parse it through this php script: (uploader.php)
    ------------------
    <?php

    if($file_name !="")
    {
    copy ("C:\\Apache\\htdocs\\$file_name") or die("Could not copy file");
    }
    else
    {
    die("No file specified");
    }
    ?>

    <html>
    <head> <title>Upload complete</title> </head>
    <body>
    <h3>File upload succeeded...</h3>
    <ul>
    <li>Sent: <?php echo "$file_name"; ?>
    <li>Size: <?php echo "$file_size"; ?> bytes
    <li>Type: <?php echo "$file_type"; ?>
    </ul>

    <a href="<?php echo "$file_name" ?>">Click here to view file</a>

    </body>
    </html>
    ----------------------------
    However, I always receive the "No File specified" error. This type of error occurs on all scripts handlign forms -

    any ideas - am I missing something in my php.ini.

    Many thanks and keep up the good coding.

  15. #65
    SitePoint Member
    Join Date
    Oct 2002
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hate waiting for pages or having your views wait? Want to reduce server load and increase page load time on EVERY page? well here is how!
    Use ob_start("ob_gzhandler");! Here is an example that will compress the whole page and send it to the users browser and then the user will decode it automaticly!To get this to work properly, you have to compile PHP with "--with-zlib". Have fun with your new faster webpage
    PHP Code:
    <?php

    ob_start
    ("ob_gzhandler");

    ?>
    <html>
    <body>
    <p>This should be a compressed page.
    </html>
    <body>

  16. #66
    SitePoint Member
    Join Date
    Nov 2002
    Location
    Pennsylvania USA
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by scoates
    "marginally" definitely means "marginally" in this case.
    We're talking thousands of variable replacements (double quoted) before you'll notice ANY performace decrease, but you are correct, you do get some miniscule amount of gain from breaking out of quotes to substitute.
    The fraction of a second may not count towards much in this case, but I still prefer the "faster" method for easier readability in color-coded editors. My editor makes any "raw" written variables stick out like a sore thumb for easy pickin, but blends them in when they're contained inside double quotes. Even the color-coded PHP on this board demonstrates what I mean:

    PHP Code:
    <?php

    echo 'I find it easier to debug a '$concantenated .' string with '$color_coding '.<br /><hr />';

    echo 
    "...than to troubleshoot the $double_quoted variety of $strings.<br /><hr />";

    ?>
    I don't know if any editors highlight all PHP variables regardless of where they are... but if any such editor exists, I haven't seen one yet. In the meantime, it's nice to know the highlighted concantenation method not only works fine, but is a fraction of a second faster.

  17. #67
    SitePoint Enthusiast Kymira's Avatar
    Join Date
    Sep 2002
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by ZuulJin
    I got one...

    When trying to loop through the global arrays (I've only tested the $_POST array) you have to access it by the key name not by number.

    .... (edited out for space)

    Code:
    for ($i = '0'; $i < count($_POST); $i++)
    {
      $key = array_search('on', $_POST);
      echo $_POST[$key] . ' is on!';
    }
    [Z]
    When using a for loop, it's faster to set the end condition outside of the loop. Ex:

    Code:
    $array_count = count($_POST);
    
    for ($i = '0'; $i < $array_count; $i++)
    {
      $key = array_search('on', $_POST);
      echo $_POST[$key] . ' is on!';
    }
    Why is this faster? Unlike C/C++, Java (etc), PHP is an interpretted language and isn't compiled down to machine language. So if you call a function inside a loop declaration, PHP will call that function every time it iterates though the loop.

  18. #68
    SitePoint Enthusiast Kymira's Avatar
    Join Date
    Sep 2002
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Some extra things I forgot to mention

    With regard to the whole "global vars are evil arguement," I would agree to a certain point.

    For things such as "$is_logged_in," then yes, I agree that global vars are evil. On the other hand, if you look at phpBB's code, the use global vars for internal variables such as "global $db." In this case, $db is a database abstraction layer that that entire project uses. For example:

    PHP Code:
    /* simply authenticating users with plain text is bad in my opinion, but this is just an example*/
    function auth_user(&$username, &$password)
    {
       global 
    $db;

       
    $query "SELECT blah, blah.....";

       
    $result $db->sql_query($query);

       
    $auth_array $db->sql_fetchrow($result);

       
    /* more code to process the results, but not important to this example */

    For something like this, the $db class is used throughout the script, and it's easier than having to constantly pass the $db class to a function. Apparently there are problems with passing objects to a function, and using global vars in this way can help augment that.

    Associative Array Interpolation in Strings

    PHP Code:
    echo $array['key']; // is better than

    echo $array[key]; 
    However, if you try to use $array['key'] in a double quotes echo, it won't work. What you have to do is this:

    PHP Code:
    echo "This is my var in the array [COLOR=red]{[/COLOR]$array['key'][COLOR=red]}[/COLOR]."
    The braces help the parser distinguish the quotes between the brackets, i.e. [].
    Last edited by Kymira; Dec 12, 2002 at 21:51.

  19. #69
    Database Jedi MattR's Avatar
    Join Date
    Jan 2001
    Location
    buried in the database shell (Washington, DC)
    Posts
    1,107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Kymira,

    I think the official word from Zend (et al) is that you should abandon the use of double-quotes since the process to find variables in the quotes is quite costly. Not to mention it craps out quite soon (you can run benchmarks and it will eventually kill PHP).

    In short:
    PHP Code:
    echo 'You are ' $age ' years old!'
    is better and preferable to:
    PHP Code:
    echo "You are $age years old!"

  20. #70
    SitePoint Evangelist
    Join Date
    Oct 2001
    Posts
    592
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For things such as "$is_logged_in," then yes, I agree that global vars are evil. On the other hand, if you look at phpBB's code, the use global vars for internal variables such as "global $db." In this case, $db is a database abstraction layer that that entire project uses.
    So you're saying in some cases it's okay to use globals. Well, it's not (IMHO). The fact that a program uses globals can never be rectified by the reason for using them, as far as I'm concerned. So in this case I'd say: phpBB has a design problem, because it has to have at least one global variable to work properly...

    Vincent

  21. #71
    SitePoint Guru
    Join Date
    Feb 2002
    Posts
    625
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Some extra things I forgot to mention

    Associative Array Interpolation in Strings

    Code:
    echo $array['key']; // is better than
    
    echo $array[key];
    PHP Code:
    echo $array['key'
    Is not only better, it is the only correct way of doing, unless key is a constant. Turn on error reporting (including notices), and try this

    PHP Code:
    $array = array('one' => 'eins''two' => 'zwei');
    echo 
    $array[one]; 

    Will output the following
    Notice: Use of undefined constant one - assumed 'one' in ....

    Apparently there are problems with passing objects to a function, and using global vars in this way can help augment that.

    Never ever have i had problems passing objects to a function. Could you show me one example where passing objects to a function causes problems?

    datune

  22. #72
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by MattR
    I think the official word from Zend (et al) is that you should abandon the use of double-quotes since the process to find variables in the quotes is quite costly. Not to mention it craps out quite soon (you can run benchmarks and it will eventually kill PHP).
    How do you change to single quotes for this line for speed:
    PHP Code:
    $query "select x from table b where x = '$y'"
    Thanks,
    John
    Last edited by johnn; Dec 20, 2002 at 13:09.

  23. #73
    Database Jedi MattR's Avatar
    Join Date
    Jan 2001
    Location
    buried in the database shell (Washington, DC)
    Posts
    1,107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by johnn
    How do you change to single quotes for this line for speed:
    PHP Code:
    $query "select x from table b where x = '$y'"
    Thanks,
    John
    PHP Code:
    $query 'select x from table b where x = \'' $y '\''

  24. #74
    will code HTML for food Michel V's Avatar
    Join Date
    Sep 2000
    Location
    Corsica
    Posts
    552
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by voostind
    So in this case I'd say: phpBB has a design problem, because it has to have at least one global variable to work properly...
    How would you go about passing that $db to functions and classes?
    [blogger: zengun] [blogware contributor: wordpress]

  25. #75
    SitePoint Evangelist
    Join Date
    Oct 2001
    Posts
    592
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How would you go about passing that $db to functions and classes?
    I wouldn't.

    I would only pass the $db to the classes that actually need it, which - if you layer your code properly - will be surprisingly small in number...

    Vincent


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •