Category: "PHP"
Cleaning up after a hack
Sep 26th
grep -rl MultiViews * | sed "s/\(.*\)/chown user:group \1/" > chown_multi
grep -rl bacjdzzazbzceh * | sed "s/\(.*\)/chown user:group \1/" > chown_bacj
grep -rl MultiViews * | sed "s/\(.*\)/rm -f \1/" > rm_multi
grep -rl bacjdzzazbzceh * | sed "s/\(.*\)/rm -f \1/" > rm_bacj
If you don't have root privileges on a server and need to clean up after a hack, your hosting company may be willing to change the ownership of the files so you can delete them.
You can also try to use
<?php system('./rm_multi'); ?>.
OOP Web
Sep 23rd
In virtually every web application - performance should take precedence over everything.
PHP (and many other languages) are interpretive. The code is read over and over.
- Organize the files such that the most commonly used code is first.
- Keep files small.
- Use a good architecture.
- Don’t read data or access information that won’t be used. If it won’t go to the client, on every request, don’t read it.
- Validate on the client side first, and don’t send the data to the server if it isn’t valid.
- Perform quick validation and escaping to protect the server on the server side.
- Cache files on the client whenever possible.
- Cache information on the server, use session variables for anything that will be used on every request. Consider storing ACL data in a session variable, but be aware of security risks.
- Be aware of PHP best practices, and the impacts of double-quoted strings.
Display PHP for Demonstration Code
Sep 17th
In addition to demonstrating the timing impacts of using preg_replace instead of trim, timetest.php also shows how you can use a PHP script to display itself on a page.
echo htmlentities(file_get_contents('timetest.php'));
preg_replace trim vs. trim
Sep 16th
Regular expressions incur a significant amount of overhead. If there is a suitable PHP function, it should always be used before coding a regular expression.
<?php
$sWord = ' TestString ';
/* Time preg_replace trim double quotes */
$fStartPreg=microtime(true);
$sPreg=preg_replace("/^\s+|\s+$/", "", $sWord);
$fEndPreg=microtime(true);
/* Time preg_replace trim single quotes */
$fStartPregSng=microtime(true);
$sPreg=preg_replace('/^\s+|\s+$/', '', $sWord);
$fEndPregSng=microtime(true);
/* Time trim */
$fStartTrim=microtime(true);
$sTrim=trim($sWord);
$fEndTrim=microtime(true);
/* Calculate elapsed times */
$fPregElapsed=$fEndPreg-$fStartPreg;
$fPregElapsedSng=$fEndPregSng-$fStartPregSng;
$fTrimElapsed=$fEndTrim-$fStartTrim;
/* Display output */
echo '<html>';
echo '<pre>';
echo htmlentities(file_get_contents('timetest.php'));
echo "\n\n";
echo '$sWord: -'.$sWord."-\n";
echo '$sPreg: -'.$sPreg."-\n";
echo '$sTrim: -'.$sTrim."-\n";
printf("preg_replace:\t%f<br />",$fPregElapsed);
printf("preg_replace:\t%f (single quotes)<br />",$fPregElapsedSng);
printf("trim:\t\t%f<br />",$fTrimElapsed);
printf("difference:\t%f<br />",$fPregElapsed-$fTrimElapsed);
echo '</pre>';
echo '</html>';
?>
$sWord: - TestString -
$sPreg: -TestString-
$sTrim: -TestString-
preg_replace: 0.000114
preg_replace: 0.000012 (single quotes)
trim: 0.000008
difference: 0.000106
This page also demonstrates the impact of single quotes vs. double quotes.
PHP 5.1 JSON
Sep 4th
If you need the JSON support functions json_encode and json_decode, but your server is not running PHP 5.2+, consider using the Zend framework.
One of the nicest things about the JSON support is that it will use json_encode and json_decode if they are available, if not, it will handle it.
Zend framework can be used as a library, so if all you need is the JSON support, you won’t incur alot of overhead.
The new version of Zend Framework includes dojo!