PEAK XOOPS - News

| PHP | Site News | XOOPS |

Poster : GIJOE on 2006-06-20 13:16:00 (13320 reads)

I've found much better anti-XSS system like "Big umbrella".

1. check doubtful request (eg. "<script") in the top of application
2. if such requests exist, push an output filter by ob_start()
3. else no ob_start() are pushed (=performance safe)
4. check registered doubtful-requests exist in the html for outputting
5. if exist, die().

I'll write the code in (2)

0 comments

PHP : IN than JOIN (2)

Poster : GIJOE on 2006-06-06 18:10:55 (18554 reads)

Marijuana suggested me "You should compare with IN and INNER JOIN instead of LEFT JOIN".
As his suggestion sounds quite reasonable, I've done benchmark again.

The result
(LEFT JOIN) << (IN) ~ (INNER JOIN)

Thus I still insist "IN than JOIN".
That's because, dividing queries into permission and main makes coding easy.

Read more... | 3238 bytes more |0 comments

PHP : IN is faster than JOIN

Poster : GIJOE on 2006-06-04 04:32:00 (9838 reads)

MySQL is one of the fastest Database Engine with simple queries, though it is not so fast on with complex queries.

Thus, we should divide queries simple as possible.

eg) permission system between categories and groups:


CREATE TABLE cat (
  `cid` int NOT NULL default 0,
  `name` varchar(255) NOT NULL default '',
  PRIMARY KEY (cid)
) TYPE=MyISAM ;

CREATE TABLE cat_perm (
  `cid` int NOT NULL default 0,
  `gid` int NOT NULL default 0,
  PRIMARY KEY (cid,gid)
) TYPE=MyISAM ;

CREATE TABLE item (
  `id` int NOT NULL default 0,
  `cid` int NOT NULL default 0,
  `name` varchar(255) NOT NULL default '',
  PRIMARY KEY (id),
  KEY (cid)
) TYPE=MyISAM ;

(1) A complex query using JOIN ...


SELECT item.* FROM item LEFT JOIN cat_perm ON cat_perm.cid=item.cid WHERE cat_perm.gid=1;

(2) two simple queries using IN ...


SELECT cid FROM cat_perm WHERE gid=1;

make cid list from the result, then


SELECT * FROM item WHERE cid IN (cid list);

(2) is faster than (1)

This is a result of just a simple bench mark.
In real, as permission system is more complex than it in real, (2) will be much faster than (1)

IN than JOIN

It sounds a good slogan

------------------------------------
(2006/06/06 added)
Though the result of bench mark is correct, this is not a good comparison.
see also:
http://www.peak.ne.jp/xoops/md/news/article.php?storyid=123

3 comments

PHP : under the topic of against CSRF...

Poster : GIJOE on 2006-05-31 06:08:21 (9015 reads)

It is non-sense to check "Time-out error" or "Ticket" error in Wiki editing.
These checks make users much impatience.

The "rerversibility" is the most important to think about "anti-CSRF".

If a web application has a reversibility in editing, it is not necessary to add Ticket nor Referer checking in transaction stage for posting.

Wiki is a well-desinged application from this point of view.

We should design applications with reversibilities as possible.

0 comments

PHP : Which function should be adopted in escaping string?

Poster : GIJOE on 2006-05-25 06:34:07 (18472 reads)

This is a summary of discussion with ELF about escaping string for SQL.

I recommmend addslashes()

(A) performance
(B) compatibility with environments of magic_quotes_gpc=on
(C) reverse function exists
(D) DB connection free

ELF recommend *_escape_string()

(1) clear the purpose
(2) searchable by grep, replacable by sed, easily
(3) can follow to change DB engine's spec

I think it stands to reason all of (1)(2)(3).

Read more... | 1043 bytes more |2 comments

« 1 2 3 (4) 5 6 »

Lost Password?

Register now!