web notes - a blog

grep -rl MultiViews *  | sed  "s/\(.*\)/chown user:group \1/" > chown_multi
grep -rl bacjdzzazbzceh * | sed  "s/\(.*\)/chown user:group \1/" > chown_bacj
grep -rl MultiViews *  | sed  "s/\(.*\)/rm -f \1/" > rm_multi
grep -rl bacjdzzazbzceh * | sed  "s/\(.*\)/rm -f \1/" > rm_bacj

If you don't have root privileges on a server and need to clean up after a hack, your hosting company may be willing to change the ownership of the files so you can delete them.

You can also try to use

<?php system('./rm_multi'); ?>.

In virtually every web application - performance should take precedence over everything.

PHP (and many other languages) are interpretive. The code is read over and over.

• Organize the files such that the most commonly used code is first.
• Keep files small.
• Use a good architecture.
• Don’t read data or access information that won’t be used. If it won’t go to the client, on every request, don’t read it.
• Validate on the client side first, and don’t send the data to the server if it isn’t valid.
• Perform quick validation and escaping to protect the server on the server side.
• Cache files on the client whenever possible.
• Cache information on the server, use session variables for anything that will be used on every request. Consider storing ACL data in a session variable, but be aware of security risks.
• Be aware of PHP best practices, and the impacts of double-quoted strings.

In addition to demonstrating the timing impacts of using preg_replace instead of trim, timetest.php also shows how you can use a PHP script to display itself on a page.

echo htmlentities(file_get_contents('timetest.php'));

Regular expressions incur a significant amount of overhead. If there is a suitable PHP function, it should always be used before coding a regular expression.

<?php

$sWord = '   TestString    ';

/* Time preg_replace trim double quotes */
$fStartPreg=microtime(true);
$sPreg=preg_replace("/^\s+|\s+$/", "", $sWord);
$fEndPreg=microtime(true);

/* Time preg_replace trim single quotes */
$fStartPregSng=microtime(true);
$sPreg=preg_replace('/^\s+|\s+$/', '', $sWord);
$fEndPregSng=microtime(true);

/* Time trim */
$fStartTrim=microtime(true);
$sTrim=trim($sWord);
$fEndTrim=microtime(true);

/* Calculate elapsed times */
$fPregElapsed=$fEndPreg-$fStartPreg;
$fPregElapsedSng=$fEndPregSng-$fStartPregSng;
$fTrimElapsed=$fEndTrim-$fStartTrim;

/* Display output */
echo '<html>';
echo '<pre>';
echo htmlentities(file_get_contents('timetest.php'));
echo "\n\n";
echo '$sWord: -'.$sWord."-\n";
echo '$sPreg: -'.$sPreg."-\n";
echo '$sTrim: -'.$sTrim."-\n";
printf("preg_replace:\t%f<br />",$fPregElapsed);
printf("preg_replace:\t%f (single quotes)<br />",$fPregElapsedSng);
printf("trim:\t\t%f<br />",$fTrimElapsed);
printf("difference:\t%f<br />",$fPregElapsed-$fTrimElapsed);
echo '</pre>';
echo '</html>';

?>

$sWord: - TestString -
$sPreg: -TestString-
$sTrim: -TestString-
preg_replace: 0.000114
preg_replace: 0.000012 (single quotes)
trim: 0.000008
difference: 0.000106

This page also demonstrates the impact of single quotes vs. double quotes.

If you need the JSON support functions json_encode and json_decode, but your server is not running PHP 5.2+, consider using the Zend framework.

One of the nicest things about the JSON support is that it will use json_encode and json_decode if they are available, if not, it will handle it.

Zend framework can be used as a library, so if all you need is the JSON support, you won’t incur alot of overhead.

The new version of Zend Framework includes dojo!