PHP Script security help

I am still waiting for an explanation as to why your super regular expressions are better than using a precompiled function.
Your solution is a waste of processor cycles.

 

your solution is non-existent, and bitchin like this is a waste of my time.

I dont think that regular expressions will have any substantial overhead in comparison to the use of basename.

 

If there's a way to make something more efficient with minimal or maybe even less effort, you approach it. And a precompiled function that does exactly what you are trying to do is always more efficient than a regular expression.
So if you think that your solution is better you have no clue about what scalability means, which is sad.

 

Thanks to you both.. but no need to have a go at each other over this..

 

Apparently it entirely depends on your environment, no one is right or wrong, it's like I said in the first place, you have your way and I have mine .....

<?php
$mtime = explode( " ",microtime() );
$mtime = $mtime[1] + $mtime[0];
$starttime = $mtime; 

for( $i = 0; $i < 1000; $i++ ) :
$string = "/home/none/someone/something/contactus.htm";
$string = preg_replace( "/\/.*\/(.*)\.(.*)$/", "$1", $string );
endfor;

$mtime = explode( " ", microtime() );
$mtime = $mtime[1] + $mtime[0];
$endtime = $mtime;
$totaltime = ( $endtime - $starttime );

echo "Execution time : ".$totaltime." seconds ( regex )<br />\n"; 

$mtime = explode( " ",microtime() );
$mtime = $mtime[1] + $mtime[0];
$starttime = $mtime; 

for( $i = 0; $i < 1000; $i++ ) :
$string = "/home/none/someone/something/contactus.htm";
$string = basename( $string );
endfor;

$mtime = explode( " ", microtime() );
$mtime = $mtime[1] + $mtime[0];
$endtime = $mtime;
$totaltime = ( $endtime - $starttime );

echo "Execution time : ".$totaltime." seconds ( basename )<br />\n"; 
?>

PHP:

10 execution basename avg : 0.508209599388 seconds
10 execution regex avg : 0.444041623009 seconds

 

I run the script and this is the result i got:

i understand that basename is faster not the other way around.

 

On my machine locally and my server I get results the opposite of that, proving in the end that it doesn't really matter ...... it's quite bizarre infact :S

Execution time : 0.00461602210999 seconds ( regex )
Execution time : 0.00545215606689 seconds ( basename )

Execution time : 0.00460600852966 seconds ( regex )
Execution time : 0.00540685653687 seconds ( basename )

Execution time : 0.00471901893616 seconds ( regex )
Execution time : 0.00543093681335 seconds ( basename )

 

ROFL

It's hilarious how you changed your post to reflect your new findings. Yep, that's true, I do know what you wrote there first. I especially liked that part about the lettuce.

 

well, clearly I was partially wrong about that bit, but all the same I believe and have tested that it really does depend on your atmosphere.

Out of interest have you run that script ? what was the results of it and what were the specs of the machine, I get pretty similar results on a dual core p4, a my athlon laptop and my p4 server, the athlon is slower but still the same sort of result ?

Sorry about the lettuce thing it wasn't really fair ......

 

Thanks krakjoe.. it works just fine..
The only problem that I am having is that ; I have all my functions in a folder a file named functions.php
I moved the function to functions.php
So I include the php/functions.php in details.php
But it doest not work then.. "Unrecognized title, Unrecognized content " Any idea why ?

 

function get_details( $pid )

{

  # Clean up the pid

  $pid = preg_replace( "/\.(.*)$/", "", $pid );

  # I'm being anal, no need for this ( for most machines )

  $return = array(); 

  # Might want this to log foul requests

  $return["requester"] = $_SERVER['REMOTE_ADDR'];

  # While we're here :

  $return["time"] = time();

  # User agent into array ...

  $return["ua"] = $_SERVER['HTTP_USER_AGENT'];  

  # Need to check that we're making sense still

  if( !file_exists( ROOT_PATH . "/" . $pid . ".htm" ) )

  {

    $return["content"] = "Unrecognized content";

  }

  else

  {

    $return["content"] = @file_get_contents( ROOT_PATH . "/" . $pid . ".htm" );

  }



  if( !file_exists( ROOT_PATH . "/" . $pid . ".txt" ) )

  {

    $return["title"] = "Unrecognized title";

  }

  else

  {

    $return["title"] = @file_get_contents( ROOT_PATH . "/" . $pid . ".txt" );

  }



  # If you had meta desc for pages, you could do the following also :

  # $return["meta"] = @file_get_contents( dirname(__FILE__) . "/" . $pid . ".meta" ) ; 

  # but you don't so I'll leave it commented, but you see how it's working now

  # right?  

  return $return; # Return data, an associative array of all sorts

}

PHP:

put that in functions, and in the file you're calling it from, before you include the function file put :

define("ROOT_PATH", dirname(__FILE__) );

PHP:

and that'll sort that out for you assuming your details.php is in same folder as stuff.htm and stuff.txt