Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[centered]

psst - wish Rui a happy birthday!!

i don't know, with joost's populator, and my test install with 200 articles, archives takes a half a second to complete (per ghassem's timing mod) making it the slowest so far....

[Armen]

Just to make it even cleaner:

Code: [Select]

function get_id($parameter) {
$url = array();
$url = explode('/', $_GET['category']);
$get_id = array();
if ($url['1']) {
  $sub_cat = cleanGetSef($url['1']);
$result = mysql_query("SELECT seftitle FROM ".db('prefix')."categories WHERE seftitle = '$sub_cat'");
if (!$result || !mysql_num_rows($result)) { $subcat=''; } else {
$r = mysql_fetch_array($result); {$subcat = $r['seftitle'];}
$get_id['subcategory'] = $subcat;}
}
$get_id['category'] = cleanGetSef($url['0']);
if ($url['1'] && !$subcat) {
$get_id['article'] = cleanGetSef($url['1']);
} elseif ($url['2'] && $subcat) {
$get_id['article'] = cleanGetSef($url['2']);
}
if ($url['2'] && !$subcat) {
$get_id['commentspage'] = cleanGetSef($url['2']);
} elseif ($url['3'] && $subcat) {
$get_id['commentspage'] = cleanGetSef($url['3']);}
if (isset($get_id[$parameter])) {return cleanGetSef($get_id[$parameter]);}
}
Just GET_ID. But without unnessesary "!empty" and "isset" checks.
According to my tests, became slightly faster and takes less RAM togenerate a page.
Server response is better too, because it empties the RAM faster.

Next lie my questionable ideas about "empty".

Pleeease, people, don't use internal "!empty()" construct until it's really nessesary. Use "empty()" as it is, not the opposite way. It just sucks... Sucks so hard. I've been there...
Just for the sake of it: quote from php.net:

In response to a previous post regarding the speed of:

if (empty($var))
versus
if (!$var)

or

if (!empty($var))
versus
if ($var)

In fact I found that the empty() function is always slower. I have tested this on three different machines; Celeron, Pentium M, and an AMD Athlon 64. These all run php 5.2, and I have repeated the tests a number of times using different loops and variable types. My results show that, on average, empty() takes around 15 - 20% longer to complete its task.

[centered]

wow good advice!!  thanks for that!!

[Armen]

I guess it's time for me to review subcat-snews once again to get rid of !empty().

There's a lot of it, I see now.

[centered]

hmm I see conflicting opinions:
http://us2.php.net/manual/en/function.empty.php#79780
http://us2.php.net/manual/en/function.empty.php#73926 - in response to your notated comment
http://us2.php.net/manual/en/function.empty.php#72508
http://us2.php.net/manual/en/function.empty.php#58675
http://us2.php.net/manual/en/function.empty.php#61327

I would hold off on the empty's, but that is just me.

[Armen]

UPDATED:

Oh... "Empty" may be not logical, but it sure doesn't generate lots of E_NOTICE errors like if($var) does...
I guess PHP founders know better. I guess I was wrong. Well. Learn on my mistakes =)
Don't read below.

empty() [NOT !empty()] seems to be faster on php4, but slower on php5.

Also !empty is like... Like "If NOT empty". Logically it should be "If TRUE", right?
Why the opposite?

So if ($var) performs and logically stands better.

But that's not for discussing in this thread.

It may be... Just for the sake of it, to keep in mind:

if ($var) - to check if TRUE

And

empty($var) - to check if FALSE, I guess.

As far as it's the language construct, it should be used in the correct way. Not like !empty, but empty.

Again, why the opposite? Right? For an array, allright. But always?.. No.

http://retosphere.de/Main/Show.php?File=../prjphp/phpempty_annotation.php

[Joost]

As I understand it, empty is very consistent, always save. I ran into a similar issue when using this:
if ($_GET)

 instead of:

if (isset($_GET))

In this case - the context in which it is used - if  (!empty($_GET)) behaves like if ($_GET)
So the effects are not similar all the time.
To be or not to be, that's the question.

[Armen]

Well, in fact,

if (!empty($_POST['name']))

behaves like

if (isset($_POST['name']) && $_POST['name'])

Because it also checks if var's been set. And thus it doesn't generate E_NOTICE warning, which would be gen'd if simply checked with if ($var). empty() is the opposite of (boolean) var, except that no warning is generated when the variable is not set.

More - here.

equilni, sorry for offtopic. Offtopic closed.

[Armen]

Back to business.

Another attempt to boost get_id for subcategories, this time - using not only cleanGetSef, but also SESSIONS.
Idea by Ghassem Tofighi.
Speed comparisons placed below.

Replace your function get_id($parameter) with these two functions:

Code: [Select]

// GET ID
// CleanGetSef MODDED, SESSION-based.
// Modded by Armen. Inspired by Ghassem Tofighi's get_id() booster.
function get_id($parameter) {
   if ($_SESSION['last']['GET']!= $_GET){
      unset ($_SESSION['last']);
      $_SESSION['last']['GET'] = $_GET;
  $url = array();
      $url = explode('/', $_GET['category']);
      $get_id = array();
  $get_id['category'] = cleanGetSef($url['0']);
      $_SESSION['last']['category'] = $get_id['category'];
  if (isset($url['1'])) {
  $sub_cat = cleanGetSef($url['1']);
$result = mysql_query("SELECT seftitle FROM ".db('prefix')."categories WHERE seftitle = '$sub_cat'");
if (!$result || !mysql_num_rows($result)) {
$subcat = NULL;
}
else {
$r = mysql_fetch_array($result); {$subcat = $r['seftitle'];
}
$get_id['subcategory'] = $subcat;
$_SESSION['last']['subcategory'] = $get_id['subcategory'];
}
      if (isset($url['1']) && empty($subcat)) {
         $get_id['article'] = cleanGetSef($url['1']);
         $_SESSION['last']['article'] = $get_id['article'];
      }
   elseif (isset($url['2']) && !empty($subcat)) {
$get_id['article'] = cleanGetSef($url['2']);
$_SESSION['last']['article'] = $get_id['article'];
  }
  if (isset($url['2']) && empty($subcat)) {
$get_id['commentspage'] = cleanGetSef($url['2']);
$_SESSION['last']['commentspage'] = $get_id['commentspage'];
  }
   elseif (isset($url['3']) && !empty($subcat)) {
$get_id['commentspage'] = cleanGetSef($url['3']);
$_SESSION['last']['commentspage'] = $get_id['commentspage'];
   }
}
   }
   else {
      $get_id['subcategory'] = $_SESSION['last']['subcategory'];
      $get_id['category'] = $_SESSION['last']['category'];
      $get_id['article'] = $_SESSION['last']['article'];
      $get_id['commentspage'] = $_SESSION['last']['commentspage'];
}
 if (isset($get_id[$parameter])) {
 return cleanGetSef($get_id[$parameter]);
 }
}

// Codie's function for cleaning the SEF
function cleanGetSef( $inSef ) {
   if ( $inSef == '' ) {
      $sef = '';
   }
   elseif ( is_int($inSef) ) {
      $sef = (int) $inSef;
   }
   else {
      if (! preg_match('/^[a-z0-9\-_#\.]+$/', $inSef) ) {
         $sef = false;
      }
      else {
         $sef = $inSef;
      }
   }
   return $sef;
}
Speed compared to the previous (not session-based) get_id:

"category->article"-class pages: 25-30% faster;
"subcategory->article"-class pages: 30-40% faster;
"category, subcategory"-class pages: no change;

I still can't believe subcategory version of my modded snews installation finally became even faster then non-subcategory one. Sweeeeet.

Another idea to enchance subcat-snews experience.
This will make your website title show "Subcategory - Category" instead of "Subcategory/Category".
I find it more appealing, because everything else in the title is divided with " - ".
But still, your choice it remains.

Change this:

Code: [Select]

if (!empty($subcatName)) { $title .= $subcatName.'/';}
To this:

Code: [Select]

if (!empty($subcatName)) { $title .= $subcatName.' - ';}

[centered]

Thanks I will take a look at the new get_id after work. 

[centered]

The sessions doesn't pass anything harmful or possibly harmful?  Your not cleaning anything with the session lines...

[Armen]

I'm not cleaning anything, because everything is already clean - cleaned with CleanGetSef.

Sessions are better for the server - use of sessions improves server's responsiveness, if server's configured properly.

In this particular case no vital information is stored in sessions (if it's what you're asking for).

If one feels paranoid, he/she can double check var, recieved from session, or call session_regenerate_id() in the index.php (when calling snews.php).

[centered]

I'm not cleaning anything, because everything is already clean - cleaned with CleanGetSef.
....
If one feels paranoid, he/she can double check var, recieved from session, or call session_regenerate_id() in the index.php (when calling snews.php).

We are trying to be secure for the user against threats and such right?

I think it should be recleaned, at least once, maybe here:
$_SESSION['last']['GET'] = $_GET;

I am not sure about the other options mentioned... just work and I have a non functioning brain here....

[Armen]

Don't be so hard on yourself, man.

The thing is, $_GET is being exploded any way, being legit or not. Then every array entry is being cleaned.

SESSION is just a special array. It responds and stores data like any ordinary array variable, with the difference of being stored on the server. If you still don't trust SESSIONS and think they may be hijacked/injected this way, you can check $_GET on the way. But it will slow down get_id for 20-30%, thus eliminating all SESSION-based get_id benefits.

Here's where one may want to check for XSS. But it's not nessesary.

Code: [Select]

$url = explode('/', $_GET['category']);
Final version (both functions):

Code: [Select]

// GET ID
// CleanGetSef MODDED, SESSION-based.
// Modded by Armen. Inspired by Ghassem Tofighi's get_id() booster.
function get_id($parameter) {
   if ($_SESSION['last']['GET']!= $_GET){
      unset ($_SESSION['last']);
      $_SESSION['last']['GET'] = $_GET;
  $url = array();
      $url = explode('/', $_GET['category']);
      $get_id = array();
  $get_id['category'] = cleanGetSef($url['0']);
      $_SESSION['last']['category'] = $get_id['category'];
  if (isset($url['1'])) {
  $sub_cat = cleanGetSef($url['1']);
$result = mysql_query("SELECT seftitle FROM ".db('prefix')."categories WHERE seftitle = '$sub_cat'");
if (!$result || !mysql_num_rows($result)) {
$subcat = NULL;
}
else {
$r = mysql_fetch_array($result); {$subcat = $r['seftitle'];
}
$get_id['subcategory'] = $subcat;
$_SESSION['last']['subcategory'] = $get_id['subcategory'];
}
      if (isset($url['1']) && empty($subcat)) {
         $get_id['article'] = cleanGetSef($url['1']);
         $_SESSION['last']['article'] = $get_id['article'];
      }
   elseif (isset($url['2']) && !empty($subcat)) {
$get_id['article'] = cleanGetSef($url['2']);
$_SESSION['last']['article'] = $get_id['article'];
  }
  if (isset($url['2']) && empty($subcat)) {
$get_id['commentspage'] = cleanGetSef($url['2']);
$_SESSION['last']['commentspage'] = $get_id['commentspage'];
  }
   elseif (isset($url['3']) && !empty($subcat)) {
$get_id['commentspage'] = cleanGetSef($url['3']);
$_SESSION['last']['commentspage'] = $get_id['commentspage'];
   }
}
   }
   else {
  $get_id['subcategory'] = $_SESSION['last']['subcategory'];
  $get_id['category'] = $_SESSION['last']['category'];
  $get_id['article'] = $_SESSION['last']['article'];
  $get_id['commentspage'] = $_SESSION['last']['commentspage'];
}
 if (isset($get_id[$parameter])) {
 return cleanGetSef($get_id[$parameter]);
 }
}

// Codie's function for cleaning the SEF (OPTIMIZED)
function cleanGetSef($inSef) {
$sef = preg_match('/^[a-z0-9\-_#\.]+$/', $inSef) ? $inSef : NULL; return $sef;}
BTW, notice, what I've done to Codie's function:

Code: [Select]

// Codie's function for cleaning the SEF (OPTIMIZED)
function cleanGetSef($inSef) { $sef = preg_match('/^[a-z0-9\-_#\.]+$/', $inSef) ? $inSef : NULL; return $sef;}
Smaller, isn't it? Faster too. Let it be?

[centered]

haha I type it wrong... I ment to say I just woke up and my brain is not functioning yet...

anyway, good work so far! 

XSS slows down the process that is why (I assume of course) codie has his new function in place:
$url = explode('/', clean(cleanXSS($_GET['category'])));