|
PHP - Embedding Html Code Within Php - Performance Issue?
Is there a performance or security issue when embedding HTML code to be written to a page using a series of ECHO statements within PHP?
Here's two examples: <?php // Some PHP code echo "<p>Hello, World</p>\n"; // More php code ?> versus: <?php> // Some PHP script commands ?> <p>Hello World\n"; <?php // More PHP code ?> Is there a performance issue or potential security flaw that would make the first example any worse/better than the second? (Is one method more "secure" than the other method, I guess is what I'm asking?) I like the ease of just throwing in HTML within a PHP script without having toe escape quote marks, etc. But, I'm a bit concerned about security since whatever technique I use will be incorporated into a "commercial" production website. Similar TutorialsI am very new to PHP and have tried various techniques but I am getting a 500 error when clicking on the export button to download a csv report. I'm not sure why the previous developer did it this way. Is there a better why in PHP to make this code better? Willing to understand and learn from an PHP expert. The database is MYSQL.
$coursefilterid = $_GET['course'];
$conn = new mysqli($host, $username, $password, $database);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sqluserenrolled = "select mdl_user.username, mdl_user_enrolments.userid as enrolleduserid, mdl_enrol.courseid from mdl_user_enrolments
Inner Join
mdl_enrol
on
mdl_enrol.id = mdl_user_enrolments.enrolid
Inner Join
mdl_user
on
mdl_user.id = mdl_user_enrolments.userid
where
mdl_enrol.courseid = '" . $coursefilterid . "'
order by mdl_user.username
";
$queryenrolleduser = mysqli_query($conn, $sqluserenrolled);
?>
<html>
<head>
</head>
<body>
<form method="post"
action="<?php echo "userlistssiexport.php?id=$coursefilterid"?>">
<input type="hidden" name="exportcourseid"
value="<?php echo $coursefilterid;?>"> <input type="hidden"
name="sessid" value="<?php echo $USER->sesskey;?>"> <input
class="btn btn-primary" type="submit" name="submit"
value="<?php echo "Export";?>">
</form>
<?php
$noteid = "";
$cmId = "";
?>
<table class="data-table">
<caption class="title">User info</caption>
<thead>
<tr>
<th>Username</th>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
<th>Last login</th>
<th>Createddate</th>
<th>Position</th>
<th>Organization</th>
<th>Certificate Request Date</th>
<th>Role1</th>
<th>Role2</th>
<th>Role3</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($queryenrolleduser)) {
$enrolleduserid = $row['enrolleduserid'];
$sql = "select mdl_user.username as username,
mdl_user.firstname as firstname,
mdl_user.lastname as lastname,
mdl_user.email as email,
mdl_user.lastlogin as lastaccess,
mdl_user.timecreated as createddate,
mdl_user_info_data.data as position
from mdl_user
Inner Join
mdl_user_info_data
on
mdl_user_info_data.userid = mdl_user.id
Inner Join
mdl_user_info_field
on
mdl_user_info_field.id = mdl_user_info_data.fieldid
Inner Join
mdl_user_lastaccess
on
mdl_user_lastaccess.userid = mdl_user.id
where mdl_user_info_field.id = 1
and
mdl_user.deleted = 0
and
mdl_user.id = '" . $enrolleduserid . "'
group by mdl_user.username
order by mdl_user.username
";
$query = mysqli_query($conn, $sql);
if (! $query) {
die('SQL Error: ' . mysqli_error($conn));
} else {}
?>
<?php
$no = 1;
$total = 0;
$username = '';
$coursename = '';
$content = '';
$modulename = '';
$organization = '';
$userid = '';
$certificatedate = '';
$userrole = '';
$enrolleduserid = '';
while ($row = mysqli_fetch_array($query)) {
// Do something here
$username = $row['username'];
$coursename = $row['coursename'];
$content = $row['content'];
$noteid = $row['noteid'];
// $notedatetime = date("d/m/y g:i (A)", $row['notedate']);
$notedatetime = date("D M j Y G:i A", $row['notedate']);
$lastaccess = date("D M j Y G:i A", $row['lastaccess']);
$createddate = date("D M j Y G:i A", $row['createddate']);
$datafile = $username . $coursename . $content;
echo '<tr>
<td>' . $row['username'] . '</td>
<td>' . $row['firstname'] . '</td>
<td>' . $row['lastname'] . '</td>
<td>' . $row['email'] . '</td>
<td>' . $lastaccess . '</td>
<td>' . $createddate . '</td>
<td>' . $row['position'] . '</td>
';
$modid = $row['contextid'];
// Get module name
$sqlmodule = "select mdl_user.username as username,
mdl_user.firstname as firstname,
mdl_user.lastname as lastname,
mdl_user.email as email,
FROM_UNIXTIME(mdl_user_lastaccess.timeaccess) as lastaccess,
FROM_UNIXTIME(mdl_user.timecreated) as createddate,
mdl_user_info_data.data as organization
from mdl_user
Inner Join
mdl_user_info_data
on
mdl_user_info_data.userid = mdl_user.id
Inner Join
mdl_user_info_field
on
mdl_user_info_field.id = mdl_user_info_data.fieldid
Inner Join
mdl_user_lastaccess
on
mdl_user_lastaccess.userid = mdl_user.id
where mdl_user_info_field.id = 3
and
mdl_user.deleted = 0
and
mdl_user.username ='" . $username . "'";
$querymodule = mysqli_query($conn, $sqlmodule);
?>
<?php
$modulenamelink = "";
while ($row = mysqli_fetch_array($querymodule)) {
$organization = $row['organization'];
}
echo '<td>' . $organization . '</td>';
$sqlCertificateDateuid = "select id from mdl_user where username = '" . $username . "'";
$queryCertificateDateuid = mysqli_query($conn, $sqlCertificateDateuid);
while ($row = mysqli_fetch_array($queryCertificateDateuid)) {
$userid = $row['id'];
}
$sqlcertificatedate = "select * from mdl_certificateemail where userid = '" . $userid . "'
and courseid = '" . $coursefilterid . "'";
$querycertificaterequestdate = mysqli_query($conn, $sqlcertificatedate);
while ($row = mysqli_fetch_array($querycertificaterequestdate)) {
$certificatedate = date("D M j Y g:i:s A", $row['unixdatetimecertificate']);
}
echo '<td>' . $certificatedate . '</td>';
$sqluserrole = "select mdl_role_assignments.userid, mdl_role_assignments.roleid,mdl_course_modules.course, mdl_role.shortname as rolename,FROM_UNIXTIME(mdl_role_assignments.timemodified) from mdl_role_assignments
Inner Join
mdl_context
on
mdl_context.id = mdl_role_assignments.contextid
Inner Join
mdl_course_modules
on
mdl_course_modules.instance = mdl_context.instanceid
Inner Join
mdl_role
on
mdl_role.id = mdl_role_assignments.roleid
where mdl_course_modules.course = '" . $coursefilterid . "'
and
mdl_role_assignments.userid = '" . $userid . "'
group by
mdl_role_assignments.userid,
mdl_role_assignments.roleid,
mdl_course_modules.course,
mdl_role.shortname,
mdl_role_assignments.timemodified
order by mdl_role_assignments.timemodified
";
$userlistrole = '';
$queryuserrole = mysqli_query($conn, $sqluserrole);
while ($row = mysqli_fetch_array($queryuserrole)) {
$userrole = $row['rolename'];
$userlistrole = array(
array(
$userrole
)
);
// echo '<td>'.$userrole.'</td>';
}
foreach ($userlistrole as $listrole) {
// echo $listrole;
}
$teacherrole = array(
'student'
);
foreach ($teacherrole as $rolename) {
$role = $DB->get_record('role', array(
'shortname' => $rolename
));
$context = get_context_instance(CONTEXT_COURSE, $coursefilterid);
// $context = context_course::instance($cid1);
$teachers = get_role_users($role->id, $context);
foreach ($teachers as $teacher) {
$teacherid = $teacher->id;
if ($teacherid == $userid) {
echo '<td>student</td>';
}
}
}
$teacherrole = array(
'editingteacher'
);
foreach ($teacherrole as $rolename) {
$role = $DB->get_record('role', array(
'shortname' => $rolename
));
$context = get_context_instance(CONTEXT_COURSE, $coursefilterid);
// $context = context_course::instance($cid1);
$teachers = get_role_users($role->id, $context);
foreach ($teachers as $teacher) {
$teacherid = $teacher->id;
if ($teacherid == $userid) {
echo '<td></td>';
echo '<td>editingteacher</td>';
}
}
}
$teacherrole = array(
'manager'
);
foreach ($teacherrole as $rolename) {
$role = $DB->get_record('role', array(
'shortname' => $rolename
));
$context = get_context_instance(CONTEXT_COURSE, $coursefilterid);
// $context = context_course::instance($cid1);
$teachers = get_role_users($role->id, $context);
foreach ($teachers as $teacher) {
$teacherid = $teacher->id;
if ($teacherid == $userid) {
echo '<td>manager</td>';
}
}
}
echo '</tr>';
}
}
?>
</tbody>
<tfoot>
</tfoot>
</table>
</body>
</html>
<?php
}
}
else {
header("Location:/index.php");
// echo "something";
die();
}
}
else {
header("Location:/index.php");
die();
}
?>
OK, I've seen this done both ways and want to know which (if any) is the most secure way to do it... I've been coding my pages using echo statements to write HTML, such as: <?php echo "<p><strong>hello, World!</strong></p>"; echo "<p>You a $age year(s) old!</p> "; ... ?> and so on... but is this any better <?php <p><strong>Hello World!</strong></p> echo "<p><strong>You are $age year(s) old!</p>"; ?> Is one of these methods better than the other (using ECHO to write actual HTML statements out rather than just embedding them in the script without ECHO)? Which is the recommended method? Im going to use a large array of arrays, each of one having a lot of values and some sub arrays. My question is... is faster to use arrays or is better to have a object to acces using methods and all? i suppose objects are slower... Also i was planing in use arrays with string keys in nearly all places, normally these are slower, but in php hashes and arrays are the same tipe so i dont know... I have the following simple code to test against collision on a primary key I am creating: Code: [Select] $machine_ids = array(); for($i = 0; $i < 100000; $i++) { //Generate machine id returns a 15 character alphanumeric string $mid = Functions::generate_machine_id(); if(in_array($mid, $machine_ids)) { die("Collision!"); } else { $machine_ids[] = $mid; } } die("Success!"); Any idea why this is taking minutes to run? Anyway to speed it up? A few questions that if I was more knowledgeable about MySQL (such as the query log that I've heard of). - Does mysqli::multi_query() make multiple requests to the server or just one? - If it is just splitting the queries on the semicolon and then making multiple requests, is it still faster than looping and querying in PHP? - Does it take less memory than, lets say, mysql_query() foreach query? - Is it faster than, lets say again, mysql_query() looped? The last 2 I can probably just benchmark myself but I'm hoping someone will know off had. Background (blah blah blah) I'm working on a lean rapid development framework for myself (and maybe others eventually) to use. Much like Cake and other frameworks it does a lot of queries, often times more then you need. The sacrifice of course is performance VS ease of development, but I'm trying to not make a martyr out of my framework :-) I've observed on many occasions that simple queries can take more time than a complex query on seemingly random occasions. My understanding is that this is because of the connection, not the real amount of time it took for the server to query. I figure if I avoid multiple requests to the server I will cut down on the time everything takes. My theory is based on the same concept of combining all your CSS and JS files into single files to avoid dozens of HTTP requests which slow down page load time. I want to do a test while refreshing the page 100 times with 500 rows in a table, and then without 500 rows in a table and with different kind of php code, i need to do some type of testing to get results back in to show which way is faster for mysql/php. Any idea how to do this any scripts out there or a built in php/mysql function? Thanks I am wondering since in php when you write string in " " quotes php will look if there is any variable and if it is it will read that variable and replace variable name with that value inside the string. However when i use ' ' quotes php will not look for any variables inside that string. So my question is when you write a really big application is it good to always use ' ' quotes when you can instead of " " ones. Does that have an impact on performance. Thanks Alright guys, I see people recommending prepared statements (PDO/MySQLi) and saying that they are way to go these days. However upon doing a bit more research, I've found that prepared statements, PDO in particular, is lacking in terms of performance, especially using SELECT statements. Now I'm starting a new project, which is basically a text based game with lots of queries and DB interaction, so I'm really interested in knowing what's the best approach for me. I was leaning towards PDO but I don't want it crawling my server under heavy load. I appreciate any advices or first hand experiences on this. Do I really have to care about the amount of spaces/tabs I have in my program? Is my code good? Example: Code: [Select] class SportListout{ public $start; public $db; private $junk = 'This is junk data. Unable to find it \'s parents. It is recommended that you delete this data.'; function __construct($db){ $this -> db = $db; $this -> setStartingParent(); } function searchListout($sp){ $notif = 'There are no search results that match that criteria.'; if(strlen($sp) > 0){ if(strlen($sp) < 3){ This is my common text format. Is this ok or should I not make spaces in between functions? Hello,
Any ideas why server resources not exhausted on the code below, when my.cnf and php.ini are both set to use half the resources each? PHP & MySQL will both utilize all allotted resources on other scripts, so it's not a tuning problem. There is no script-side tuning.
The bottleneck: pdo select as shown below
foreach($bigList as $listObject) {
$sql = $dbl->prepare("SELECT * FROM fewMillionRows WHERE indexedCol1=:indexedCol1 AND indexedCol2=:indexedCol2 AND indexedCol3=:indexedCol3 AND indexedCol4=:indexedCol4 LIMIT 1");
$sql->execute($preparedValues);
$return = $sql->fetchAll(PDO::FETCH_ASSOC);
}
On a dedicated server with 8GB RAM, the server uses >5% cpu/ram but takes a long time to finish the script.
Second Question
What are some alternative designs?
Because the column values all happen to be alphanumeric, I could select the entire table and store it in an array. Accessing the keys like so: indexedCol1indexedCol2indexedCol3indexedCol4.
Results:
MyISAM - Select Whole Table: 30 seconds
MyISAM – Select Individual Rows (10k times) – 68 seconds
InnoDB – Select Whole Table: 30 seconds
InnoDB – Select Individual Rows (10k times) – 131 seconds
I am surprised it takes so long to select a whole table. The server resources use 1% for about 20 seconds, then cpu/ram jump to 30%+ for about 10 seconds. This is still drastically faster than individual selects.
In this instance, $bigList is over 500k items. At 68 seconds per 10k rows it’s absurdly long. Building an array with key/values is the only realistic way I currently know of, but I suspect there is a much better way of doing this.
As far as I know, I cannot do a select like so: SELECT * FROM t1 WHERE (column1,column2,column3) IN ((val1, val2,val3), (val4, val5,val6))
There is no way to determine whether a row was found for each entry as far as I know.
I have the following code in html: <html> <head> <script type="text/javascript"> <!-- function delayer(){ window.location = "http://VARIABLEVALUE.mysite.com" } //--> </script> <title>Redirecting ...</title> </head> <body onLoad="setTimeout('delayer()', 1000)"> <script type="text/javascript"> var sc_project=71304545; var sc_invisible=1; var sc_security="9c433fretre"; </script> <script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script><noscript> <div class="statcounter"><a title="vBulletin statistics" href="http://statcounter.com/vbulletin/" target="_blank"><img class="statcounter" src="http://c.statcounter.com/71304545/0/9c433fretre/1/" alt="vBulletin statistics" ></a></div></noscript> </body> </html> Is a basic html webpage with a timer redirect script and a stascounter code. I know a bit about html and javascript, but almost nothing about php. My question is: How a can convert this html code into a php file, in order to send a variable value using GET Method and display this variable value inside the javascript code where says VARIABLEVALUE. Thanks in adavance for your help. I can't figure out how to optimize my Zend framework performance. My query executes in 200ms but my page is taking almost 60 seconds to load. While checking the zend toolbar it shows that my page size is 14mb and I don't know why. The routes and options size is really large but I don't know what is causing this. Any ideas?
To see the full breakdown:
http://awesomescreen....com/0c73vewycc
Hi All, I have written the following to validate my dynamic includes, one question is i will be using sessions to control user access to certain pages. Obviously the session_start() has to go into my index.php file. Can anyone see any problems with this or my dynamic include validation code. My page varilable is populated using the mod_rewirte function in appache. <?PHP include('inc/settings.inc.php'); if(isset($_GET['page'])) { //remove slashes $page = stripslashes($_GET['page']); //rebuild the extension and file name $filename = 'lib/'.$page.'.php'; //Check to see if the file exists in lib if (file_exists($filename)) { //Dynamic Switch $allowed = array( array("test", "New Customers"), array("home", "Home Page"), ); $iffed = false; $get_section = $_GET['page']; //Create a dynamic switch to check for files being in my allowed array foreach($allowed as $rd) { if($get_section == $rd[0]) { $iffed = $rd; $content = $filename; foreach($rd as $value) { $page_title = $value; } } } if($iffed === false) { //File is not in my include list. die( "Page does not pass the validated inclusion list." ); } } else { //Page does not exist in my lib folder. die('Page does not exist, please contact the administrator.'); } } else { // If no page is requested then default home. $filename = 'lib/home.php'; $content = '1'; $page_title = 'Home'; } ?> Thanks in advance. Sam Hi All, I'm new to PHP and I'm probably making a fundamental mistake somewhere, however, enough time wasted, I thought you might be able to shed some light on my problem. I basically have a php script running with nginx and fast_cgi. The whole script is just a large switch statement that does some matching against the request strings and returns a template rendered by Tenjin. It all works fine and it's quite performant based on a simple curl-loader test. The simple performance figures are taken from curl-loader and show 400 CAPS (Call Attempts Per Second). The test is 200 clients requesting the same url for 100 cycles. The problem arises when I introduce a "sleep" into the php code for 150 milliseconds, which is my basic idea of introducing latency to the system. The performance for the same test of 200 clients * 100 cycles produces 55 CAPS which is a huge drop in performance based on 150 millisecond delay. The sleep method used is "usleep" and I've also tried "time_nanosleep". I know there's not a huge amount of info there but based on performance figures above, is there something fundamental/trivial I'm missing or doing??? Are there any known issues with the sleep methods??? I've tried setting 'set_time_limit(0)' before the sleep call but that didn't help. Any advice you can offer is greatly appreciated.. I'm looking at shared hosting provided by GoDaddy. On the shared hosting they offer, entry process limitations range from 100 to 125.
I was also told this by customer support:
Entry Processes are the number of connections your account can process simultaneously. Understanding what constitutes a connection is important, though, because it's not as straightforward as "the number of visitors on your website." Here's what constitutes as a connection: Your website delivering data via HTTP Your hosting account transferring data via SSH A Cron job processing However, the connections are only counted while they're processing. As soon as they've finished, they no longer count as processes. For an example, if a visitor comes to your site and your home page takes .1 seconds to load and generates only one HTTP connection, that visitor counted as one process for .1 seconds. Even though that visitor is still "viewing your site," they no longer count as a connection until they do something else that generates another connection, like move to a new page. So what is an average user count that I can conclude? I don't want to think that "it's not possible" I just need to know what limitations I'm looking at. I'm also curious what kind of error would be generated if more than 100 or 125 people tried to access the server simulataneously. Or perhaps employ an access delay of some sort. Edited by moose-en-a-gant, 10 January 2015 - 09:59 PM. I have a form that users input user name, password, and email... all writes to csv fine. My problem is I need to concatenate a a string with a variable and some html code will preserving the html when written to the csv.. I need the csv to be this username,password,email,user,category,text with http://sub.domain..com/splash/,something,something here's what i have Code: [Select] <?php if($_POST['formSubmit'] == "Submit") $varUserName = $_POST['username']; $varPW = $_POST['PW']; $varEmail = $_POST['email']; { $fs = fopen("testcsv.csv","a"); fputcsv($fs, array($varUserName,$varPW,$varEmail,"user","title",",category","some text '<a href="http://$varUserName.url.com/splash/>site.com</a>',)); fclose($fs); exit; } ?> and of course I'm getting Parse error: syntax error, unexpected T_STRING, expecting ')' on line 9 I have a website http://www.pbm-biz.com/cricket/ where I am streaming Live Cricket world cup matches. My question is that during the streaming, I would like to keep the code in PHP so that others don't copy it. I can't find any solution. Any suggestions. Thanks, Faisal Can I combine also HTML code in PHP function? For example, can a PHP function include HTML form and the PHP code to handle this form? If yes, this will make my main code much more smaller and readable. If not, is there a way to define an "external macro" like, which allow me to replace pre-defined lines of code with short alias? The code snippet below works fine with PHP 5.3 (register_globals = Off) but does NOT give the same results with PHP 5.5: $verhash = md5($tstamp."salt");
if ($hash != $verhash) {
$_SESSION['direct'] = 1;
if(isset($_SESSION['ntrd'])) {
unset($_SESSION['ntrd']);
}
if(isset($_SESSION['rntr'])) {
unset($_SESSION['rntr']);
}
header('refresh: 0; url=/accessDenied.php');
exit;
}
I'm not sure if there is a problem with the above snippet or with some other part of the code but I always get redirected to the 'accessDenied.php' page with PHP 5.5.Can someone tell me if the snippet above would output differently on PHP 5.5? Thanks, Jeff Edited by jeffshead, 04 November 2014 - 08:36 PM. ok, I thought I had this working but I guess not. Once I click the submit button the email goes but I need to be redirected to a web page named http://myserver/notification_sent.php I edited the line: <form method="post"> to look like <form method="post" action="http://myserver/notification_sent.php"> & I then get redirected to the page I need but the email don't go out. Code: [Select] $mailheaders = "From: Reporting System<rps@yahoo.org>"; $destination = array(); if (!empty($_POST['notify_jane'])) $destination[] = 'email1@yahoo.org'; if (!empty($_POST['notify_john'])) $destination[] = 'email2@yahoo.org'; if ($destination) { mail(join(', ', $destination), 'Document Added/Updated', 'This is a test notification', $mailheaders); } ?> <form method="post"> <input type="hidden" name="formsent" value="true" /> <br/> If you do not need to send a notification to someone you can close this window. If you do, choose the name(s) below and click submit. <br/>------------------------------------------------------- <br/>Check this box <input autocomplete="off" type="checkbox" name="notify_jane" value="yes" /> to send <strong>John Doe</strong> a notification. <br/>Check this box <input autocomplete="off" type="checkbox" name="notify_jane" value="yes" /> to send <strong>Jane Doe</strong> a notification. <br> <br> <input type="submit" value="Submit" /> <br/>------------------------------------------------------- </form> <?php |
|||||||