jeffz2008

how do you find this? it's old ... and author himself agrees that "there are lies, big lies and benchmarking" but ... http://revjim.net/2003/04/23/speed-concerns-database-vs-filesystem/

RussellReal thanks a lot for taking time. Let me explain on osCommerce (open source shopping cart) example, as it demonstrates well what I have in mind. ---------------------- Text on e.g. product page consist of: -- dynamic content - e.g. product descriptions etc. fetched from DataBase -- static (language specific) content fetched from ... let's call them ... language pages, e.g texts like: "Please complete your selection" if there is something left to select for customer. Sort of .. part of interface. That static content is kept in language files in this way: //english version language file define('SELECTION_COMPLETE', 'Please complete your selection'); //eg. spanish version language file define('SELECTION_COMPLETE', 'Whatever way "Please complete your selection" goes in Spanish '); //etc. While client sees that as :" Please complete your selection", codewise it would look like this: echo SELECTION_COMPLETE; There is a proper language file serving mechanism on top of file, for a script to select from right language version. Question was : which do you think is faster: -- serving constants (delimited data) from file, or -- same lang. specific interface elements from DataBase Footnote: define('SELECTION_COMPLETE', 'Please complete your selection'); instead of constant, delimited csv/txt etc can be used.

Most common way (according to what I have seen of course) to serve multilang tool-texts (not a content! difference on the bottom) is to serve it from defined constants stored in files, which are stored in lang specific folders. e.g.: : define('SOMETHING', 'Something'); QUESTION: Would that be a big possible system slow-down, if such multilang content is to be served from database? I appreciate your opinions, observations, experiences in such matter. EXPLANATIONS: tool-texts - I understand them as static page elements, helping to use page (e.g informational element etc.) content - dynamic page elements, e.g. system user entered product description, user entered post etc.

I can upload (using web interface) to apache owned folders, if I want to update folders to 755 and update uploaded files to 644 after upload. My concern is safety. Is this setup safe. Additionally: Is it possible to move files between apache owned folder and e.g. admin owned folder?

MrAdam === User can do very little to influence GET data. He can only select link or not. Rest is auto generated depending on link purpose, vars on the page etc. What I'm concerned with is that once GET arrives at its destination that auto generated collection of GET vars is put together for a reason and is someone tries to mess that reason up, results may be distorted. Testing data is not a problem, problem is in strict data correlation and that almost cannot be tested. At least not from a practical standpoint. So if GET is a winner - it has to be somehow protected against tampering. mjdamato === Actually you are right. Bulk session create/clean up is not really a problem here. Problem is that total session clean-up may (and most likely will) clean elements which are vital like login data - just to start with. In such case one have to either: a. re-set them again (I guess - not the best idea) b. elements passed using session have to be unset one by one, which can create quite a workload in case when there are several vars are SESSION passed - that's where that "session workload" came from. Another point is that system I work with relies on GET auto generated data quite often and changing that would get me into way too much free overtime:), as I would have to redo too much. BTW: do you consider string encrypt/decrypt routine - as described above - will be very costly? Practical tests show almost no strain on system as user pool is quite limited. AND Dear Readers of this thread ... please do not take me as someone "full of it" trying to show off, looking for attention or something. My php knowledge/experience is quite OK, but the more I know, the more questions I have (truism - I know). And asking is never wrong. And someone might have dealt successfully with the problem and is willing to share his/her observations.

1. $_POST <form> POSTed variables to some process.file</form> What if I wan't to pass some variables elsewhere without employing form for it. Say form is dealing with some data, but user must have an option to pass variables available to that form to another form (say user has options and he just changed his mind about using this particular form and wants to switch to another keeping variables in tact) without firing up that post altogether. I could send form for processing and redirect from there to another option (form, file), but link residing within form with GET vars available to that form comes way more handy. If these vars are plain text they can be messed up with. 2. session If you have to pass literally dozens variables during use of software by user (sort of user session) , session can get swollen with them, so you have to set them and unset them constantly to keep it light. That setting/unsetting makes sessions approach much more workload costly than encrypted GET. Encrypted GET allows to hide variables from prying eyes and these vars expire automatically when page is closed. 3. testing and verifying data on arrival Quite troublesome if you have vars passed by GET interacting with each other in a specific way. example: order_id=12&order_prod_id=67 where order_id - obvious order_prod_id - id in table storing products for given order If numbers are changed, then dbase written info based on passed variable is out of whack. Testing and validating interactions between 2 or 3 vars is possible, but what if you have to test interconnections between a dozen of vars, or two dozens or more? Wouldn't it be better to use GET and just prevent anyone from messing with them? INITIAL QUESTION REMAINS: Can this way be messed up by php itself?

--------------------------------- Frankly, it makes me feel uneasy when I have to send something using $_GET. Especially if it can influence data written to DB. Lately I have developed some workaround, but I'm unsure If it really make sense. I wonder if it won't be undone by register_globals on, or some other PHP peculiarities I haven't even heard about yet. What is your opinion? Does that make sense? What I wanted to accomplish: - hide vital variables from snooping eyes. - prevent any messing about with data sent What and how I did it: PREPARE FOR SEND: 1. prep $_GET string, eg. something like below, usually sent open text: result: $str= 'phase=3&set=2&pID=1015&oID=9309&qty=2&opi=11113&src=2&id=18' 2. create md5 hash of a string to prevent tampering with encrypted $_GET string by user result: be9ace7a810c3bf461ec5e768b63c7cf 3. passprase ecrypt string - using custom function passphrase can be stored as constant in config.php file (or similar), or stored in DBase; my projects are IonCube encrypted, so config.php file seems to be pretty well protected. length between 8-32 chars result: $str = 'zlf{d"'/bqdwh 08vs~.%,wQT""8'?jMI :,=/,bcs:)6pf`/(448%%LR7 "2!kb|+;4pa9<' ; 4. make sure that is will get unbroken through web/browser encoded by custom function using base64_encode php function (it replaces - among other things web-unsafe chars as " '+','/','=' " result: emxme2QiJy9icWR3aCAwOHZzfi4lLHdRVCIiOCc_ak1JIDosPS8sYmNzOik2cGZgLyg0NDglJX9MUjcgIjIha2J8Kzs0cGE5PA 5. combine 2. and 3. for $_GET shipment, using some joiner-string - I use: 000111000, but it can be anything result: emxme2QiJy9icWR3aCAwOHZzfi4lLHdRVCIiOCc_ak1JIDosPS8sYmNzOik2cGZgLyg0NDglJX9MUjcgIjIha2J8Kzs0cGE5PA000111000be9ace7a810c3bf461ec5e768b63c7cf 6. send 5. as one $_GET variable, eg. result: d=emxme2QiJy9icWR3aCAwOHZzfi4lLHdRVCIiOCc_ak1JIDosPS8sYmNzOik2cGZgLyg0NDglJX9MUjcgIjIha2J8Kzs0cGE5PA000111000be9ace7a810c3bf461ec5e768b63c7cf Practical side- how it looks in code (in a simplified way): $str = 'phase=3&set=2&pID=1015&oID=9309&qty=2&opi=11113&src=2&id=18'; $link = jp_encode64($str); //custom function described above. <a href="https://www.server.co.uk/admin/file.php?d=$link">[send me]</a> RECEIVING AND HANDLING STRING 1. spliting $_GET var using joiner (see: 5 above) resultes: a. emxme2QiJy9icWR3aCAwOHZzfi4lLHdRVCIiOCc_ak1JIDosPS8sYmNzOik2cGZgLyg0NDglJX9MUjcgIjIha2J8Kzs0cGE5PA b. be9ace7a810c3bf461ec5e768b63c7cf 2. decoding chunk a - using base64_decode url-safe modified version result: $str = 'zlf{d"'/bqdwh 08vs~.%,wQT""8'?jMI :,=/,bcs:)6pf`/(448%%LR7 "2!kb|+;4pa9<' ; 3. decrypting 2. using custom function (passphrase based) result: $str= 'phase=3&set=2&pID=1015&oID=9309&qty=2&opi=11113&src=2&id=18' 4. md5 hashing 3. and comparing against 1. b. , if not the same die() otherwise go. 5. retrieving variables from 3 $str if 4. is a go. how: Tt must be dynamic, otherwise its useless really. I tackled that using foreach and $$var php capacity. In other words, above $$var allows $name = 'Some_text'; $$name = 123; echo $Some_text; // outputs: 123 Variable name named after a string. All that dynamic retrieval takes some 10 lines of code. sample: $encrypted_str = $_GET['d']; if (isset($encrypted_str) && !empty($encrypted_str)) { $str = jp_decode64($encrypted_str); $outerArray = explode('&',$str); foreach ($outerArray as $key => $val) { $innerArray = explode('=', $val); $prepGETvar = $innerArray[0]; $$innerArray[0] = $innerArray[1]; } } ADDITIONAL NOTES: 1. calling variables: To call retrieved from string var just use name which was chosen when $_GET string was $str = 'phase=3&set=2&pID=1015&oID=9309&qty=2&opi=11113&src=2&id=18'; eg. $phase or $oID or $opi etc. It has nothing to do with registered_globals. Foreach loop creates dynamically these variables on top of a page, using $key for a name and $val for a value. Rest of file can use these created on top vars. 2. tampering: Tampering with any part of $_GET passed encrypted variable is impossible. a. if data chunk is tampered with - md5 check does not match b. if joiner string is changed decode function cannot properly split passed encrypted variable and gives up returning error c. if $_GET passed md5 created at the beginning is tampered with, it does not match newly created md5 resulting in error

That is (was) "inherited" design. format: branch1_stock, branch2_stock Supposed to be compact (and it was), but working with it was hell. I added additional table, so no need for mind-breaking exercises anymore

Hi, I can't figure out, why I can't figure this out ... seems to be simple. -------- I get this from data base using while loop (each row is one loop/result) 1_0,2_2 1_0,2_1 1_2,2_0 1_0,2_0,4_3 eg. 1_2 = type_quantity Both, type and qty change dynamically, as dbase changes (being written to), so I can have eg.:1_3,3_2,5_3 etc. I always know how many types I have [types() function gets that data - see code] I'm trying to get an array holding total quantities for each type, where key is a type and total qty is a value, eg: array(1=>2, 2=>3, 3=>0, 4=>3) I tried many approaches, eg: while($call = $call_query) { //eg.: $call['data'] = 1_2,2_0 //split 1_2,2_0 into $getdata1_array = array(0=>1_2, 1=>2_0) $getdata1_array = explode(',',$call['data']); //init. array $array = array(); //loop through types - which qty (how many different types) I always know (types() function) for ($i=1; $i<=types(); $i++) { //initiate total qty for each type container $val_count=0; //walk getdata1_array foreach ($getdata1_array as $chunk) { //split eg. 1_2 into a 2-element array array(1,2) $getdata2_array = explode('_',$chunk); //if 1st array element (type: $chunk[0]) equals type from for loop ($i) - add second element to $val_count if ($chunk[0] == $i) $val_count+=$getdata2_array[1]; } //add sum to array - continue for all type-element adding sums to array $array[$i] = $val_count; } } expected: array(1=>2, 2=>3, 3=>0, 4=>3) I get: array (1=>0, 2=>0, 3=>0, 4=>3) Could you show me where do I go wrong?

Thank you thorpe. Your solution brings this: Array ( [0] => 5 [1] => 8 [2] => 1 [3] => 35 ) I was actually looking for this: Array ([3]=>8 [1]=>1 [6]=>35) I actually did it this way (not very elegant/compact, but does the job). $entry_array = '415{3}8{1}1{6}35'; $str = str_replace(array('{','}'),',',$entry_array); $array = explode(',',$str); array_shift($array); foreach ($array as $k => $v) { if (!is_odd($k)) $key_array[] = $v;//even if (is_odd($k)) $val_array[] = $v; //odd } //for loop below is for PHP4 //PHP5 has function for it: array_combine for ($i=0, $n=sizeof($key_array); $i<$n; $i++) { $new_array[$key_array[$i]] = $val_array[$i]; } print_r($new_array); A little function is needed here (checks even/odd - only if array_combine is not used): function is_odd($number) { return $number & 1; // }

ghostdog74 thank you - I will definitely have to explore regex. Your solution gets this: Array ( [0] => 415 [1] => 8 [2] => 1 [3] => 35 ) while I look to accomplish this: Array ([3]=>8 [1]=>1 [6]=>35) Inside of curly braces become keys and what follows, becomes values of a new array Anyone has an idea?

Here's the string: 415{3}8{1}1{6}35 I'm trying to: 1. drop first element - 415 2. convert rest of string to an array in this way: array([3]=>8 [1]=>1 [6]=>35) Seems simple enough, but somehow I do something wrong. Here's what I try to do: $s = explode('{', '415{3}8{1}1{6}35'); I get: Array ( [0] => 3}8 [1] => 1}1 [2] => 6}35 ) I tried to walk this array using foreach and exploding values, but I can't find (so far) a way to actually get this: Array ([3]=>8 [1]=>1 [6]=>35) Any thoughts which can put me on a right track? Thanx in advance.

Just the ticket. Thank you for taking your time and helping me learn something new today. All the best from London. Jeff

Groupping one of the value multi assoc array using another as group factor I have this problem. I must admit it has bested me - for now. I have assoc multi-array passed by POST. I would like to group [final_price] => value using [tax_class_id] => as grouping factor and possibly get results in an array. Of course it has to be a dynamic process, as number of subarrays will change. Also [tax_class_id] => is not a contant and can be changed, deleted, added etc. See sample below: -------------------- 1. What I have: -------------------- Array ( [0 ] => Array ( [id] => 840 [model] => DMCFS20EB [quantity] => 1 [final_price] => 166.8 [tax_class_id] => 0 ) [1] => Array ( [id] => 821 [model] => TH42PX80B [quantity] => 1 [final_price] => 570.2042 [tax_class_id] => 7 ) [2] => Array ( [id] => 614 [model] => SL1000 [quantity] => 2 [final_price] => 215.99 [tax_class_id] => 8 ) [3] => Array ( [id] => 282 [model] => RDRHXD870 [quantity] => 1 [final_price] => 199.991395 [tax_class_id] => 7 ) ) ----------------------------- 2. what I'd like to get: ----------------------------- -> subarrays groupped by [tax_class_id] => -> [final_price] => added for same [tax_class_id]s Array ( [1] => Array ( [tax_class_id] => 0 [final_price] => 166.8 ) [2] => Array ( [tax_class_id] => 7 [final_price] => 770.19559 ) [3] => Array ( [tax_class_id] => 8 [final_price] => 215.99 ) )