Albertech.net » PHP

PHP: Display page render time

admin — Fri, 12 Jun 2009 19:06:20 +0000

Here’s what I currently use to determine how long it takes to generate a page in PHP. Its only 4 lines of code.

PHP 5

$time_start = microtime(true); $time_end = microtime(true); $time = $time_end - $time_start; echo "Displaying the render time: $time seconds\n";

PHP 4 Version: (8 lines)

Put this at the top of the PHP script:
$render_time_start = microtime_float();

Put this at the end of the script:
$render_time_end = microtime_float(); $render_time = $render_time_end - $render_time_start; echo $render_time;

function microtime_float(){ list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); }

Preventing MySQL injection with PHP

admin — Thu, 12 Mar 2009 22:13:14 +0000

A good practice is to check input strings to make sure users don’t put in mySQL commands in your server. For instance, if a username or password POST variable isn’t filtered, there is a potential for an injection like ‘OR myusername=’. In the past, I’ve been using my own PHP toolkit to “clean” the input variables. But recently, I began searching to see if there are a built-in solution in PHP for this, especially since I’m converting a script written in Python that had the filter MySQLdb.escape_string. Enter mysql_real_escape_string()

1) Step 1: Filter out the backtick character, ` which is often used in mySQL to denote field names
$variable = str_replace("`","",$variable);

2) Step 2: If its a username or password field which does not have a space, you should use ctype_alnum This will determine whether there is a character thats not alphanumeric or numeric. So, spaces will not work.
if (ctype_alnum($variable)) { //allowed variable }

3) Step 3: Use the mysql_real_escape_string as long as it exists on your server. If it doesn’t exist, an error message will display. I suggest upgrading your PHP if possible since this function will take care of different character sets/etc. You can use this function after the mySQL connection has been initialized.
if(function_exists("mysql_real_escape_string")) { $variable = mysql_real_escape_string(htmlspecialchars($variable, ENT_QUOTES)); } else { echo "mysql_real_escpe_string does not exist on the server. Upgrade PHP to the latest version."; }

PHP – MySQL datetime to seconds

admin — Tue, 27 Jan 2009 02:53:51 +0000

$unixseconds = strtotime($mysqldate);

For instance, you can use this to write a timeout script for login failures. Usually, a system should lock after 3-5 consecutive failed login attempts. I save the timestamp after the 5th consecutive login failure, then run a check on this timestamp if the current time is within the ~5-10 minute lockout window. 5 minutes is 300 seconds, 10 minutes is 600 seconds.

Validate MySQL date format in PHP

admin — Wed, 07 Jan 2009 20:32:38 +0000

Validating the date in MySQL should be done using preg_match since ereg_* functions will be removed in PHP 6.

More info on PHP 6 changes: http://wiki.php.net/todo/php60 It appears there will be a module that you can use to utilize existing ereg expressions, so that’ll buy some time to port code from ereg* to preg*.
function isValidDate($date){

if (preg_match (“/^([0-9]{4})-([0-9]{2})-([0-9]{2})$/”, $date))
{

return true;
}
else{
return false;
}

}

Define variables in PHP 5

admin — Wed, 03 Dec 2008 23:46:35 +0000

If you have older scripts, you may encounter warning messages such as “Notice: Undefined variable: ”

As a standard practice, you should define variables in PHP by putting in the variable name = FALSE;
$myvar = FALSE;

This is primarily for local variable names that aren’t passed in through a $_REQUEST or $_POST, etc.

PHP Uptime check

admin — Mon, 24 Nov 2008 21:49:33 +0000

I found a useful script in PHP that can be used for checking uptime of a server. It can be useful for checking when the servers have a such a significant load that pages can’t be displayed. The benefit or running it locally is that I can configure the script to perform failover functionality if necessary. Online uptime services are good too, but most of them aren’t free. Maybe I should force the server to show a failwhale when the site gets too busy… j/k

Here’s the link to the script.
http://www.programmingtalk.com/showthread.php?t=34999

// the URL you want to keep tabs on $url = 'http://www.somewebsite.com';


// if not available, send email

if ( url_exists( $url ) === FALSE )

{

    $to   = 'my@email.com';

    $subj = $url . ' is down!';

    $msg  = $url . ' was tested at ' . date( 'Y-m-d H:i:s' ) . ' and was inaccessible.';

    @mail( $to, $subj, $msg );

} 
/**

 * url_exists()

 * Checks for the validity of a given URL

 *

 * @param string The http[s] URL you're checking for

 * @return bool TRUE if online; FALSE if not; NULL if not an http(s):// URL

 */

function url_exists( $strURL = NULL )

{

    if ( !preg_match( '/^http(s?):\/\//i', $strURL, $m ) )

        return NULL;

    @$ch = curl_init();

    curl_setopt( $ch, CURLOPT_URL, $strURL );

    curl_setopt( $ch, CURLOPT_BINARYTRANSFER, 1 );

    curl_setopt( $ch, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback' );

    curl_setopt( $ch, CURLOPT_FAILONERROR, 1 );

    curl_setopt( $ch, CURLOPT_TIMEOUT, 5 );

    // https?

    if ( $m[1] == 's' )

        curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );

    @curl_exec( $ch );

    $intReturnCode = curl_getinfo( $ch, CURLINFO_HTTP_CODE );

    curl_close( $ch );

    return ( $intReturnCode == 200 OR $intReturnCode == 302 OR $intReturnCode == 304 ) ? TRUE : FALSE;

}

?>