If you examine the source of this Web form, you will notice the following HTML form code: <form action=”/vote/apps/vote.php” target=_blank method=”POST”> <font face=”Verdana” size=”1”>How do you rate this site? <p> <input type=radio name=”vote” value=”1”>Great, very informative<br> <input type=radio name=”vote” value=”2”>Good, has good info <br> <input type=radio name=”vote” value=”3”>OK, needs a bit of improvement<br> <input type=radio name=”vote” value=”4”>Poor, needs a lot of improvement <p> <input type=submit value=”Vote”> <input type=hidden name=”poll_id” value=”1”> </font> </form> Notice that the form action line is set to /vote/apps/vote.php, as it is needed to call the vote application. In addition, note that each vote radio button is called “vote” and has a numeric value (1–4). This is needed to collect vote data. Finally, note a hidden form field called poll_id, which is set to 1. This number identifies the form in the vote.conf file’s $choicesPerPoll array, which is shown here: $choicesPerPoll = array( //POLL ID => NUMBER OF CHOICES 1 => 4, 2 => 7 ); This array in vote.conf determines the maximum number of options per polling form. Here, our Web site polling form (poll_id 1) has four options, as shown in the aforementioned HTML form, so the $choicesPerPoll array has the same number specified. Now, if you select any of the voting options for the Web site form and click the Vote button, your vote will be stored in the VOTES table in the VOTE database. You will be given a cookie so that you cannot vote again until the COOKIE_ EXPIRATION_TIME time specified in vote.conf expires. As soon as you click the Vote button, you will see a pop-up window that shows the current poll results (i.e., including your vote). This page is shown using a results template stored in the templates directory (%DocumentRoot%/vote/ apps/templates ). The name of the template is specific to each poll_id. For exam- ple, a poll form with poll_id must have a template called 001.html in the %DocumentRoot/%vote/apps/templates directory. Because each poll has its own results template, you can customize each poll’s results as desired. Chapter 20: Web Site Tools 707 26 549669 ch20.qxd 4/4/03 9:27 AM Page 707 The basic structure of a results template is as follows: <! BEGIN mainBlock > {1_VOTE_COUNT} {1_VOTE_PERCENT} {2_VOTE_COUNT} {2_VOTE_PERCENT} {n_VOTE_COUNT} {n_VOTE_PERCENT} {TOTAL_VOTES} <! END mainBlock > Each of the tags within the braces is replaced with respective vote data. For example, {1_VOTE_COUNT} is replaced with the total number of votes cast for option #1 in a poll. The {1_VOTE_PERCENT} tag is replaced with the percentage of votes cast for option #1 in a poll. The {TOTAL_VOTES} tag is replaced with the grand total of votes cast in a poll. Figure 20-4 shows a sample results page for the Web site poll described in the preceding example. Figure 20-4: A sample Web site’s poll results. So far, our example poll form has used multiple radio button options. However, the vote tool also supports multiple checkbox options, for polls in which you want visitors to cast multiple votes that identify their preferences from a group of items. For exam- ple, Figure 20-5 shows a poll form that asks users to select one or more languages. This form can be found in the sample_polls directory as language_poll.html. 708 Part V: Internet Applications 26 549669 ch20.qxd 4/4/03 9:27 AM Page 708 Figure 20-5: A sample language poll form using checkboxes. The source for this form looks as follows: <form action=”/vote/apps/vote.php” target=_blank method=”POST”> What languages do you write code? (check all that applies)<p> <input type=checkbox name=”vote[]” value=”1”>PHP<br> <input type=checkbox name=”vote[]” value=”2”>Perl<br> <input type=checkbox name=”vote[]” value=”3”>C<br> <input type=checkbox name=”vote[]” value=”4”>C++<br> <input type=checkbox name=”vote[]” value=”5”>Java<br> <input type=checkbox name=”vote[]” value=”6”>Python<br> <input type=checkbox name=”vote[]” value=”7”>Smalltalk<br> <input type=submit value=”Vote”<br> <input type=hidden name=”poll_id” value=”2”> Here, notice that the vote field name is not vote but vote[], to indicate that we are returning an array of options. The values are still numeric. When this poll form is submitted with multiple selections, each vote is added in the database. Figure 20-6 shows an example results page (displayed using tem- plates/002.html ). Chapter 20: Web Site Tools 709 26 549669 ch20.qxd 4/4/03 9:27 AM Page 709 Figure 20-6: A favorite language poll results page. Summary In this chapter, you learned how to develop a vote application that could be used to poll your Web site visitors about issues related to your Web site or other matters about which you are interested to know their opinions. This is a nifty tool to have for most Web sites. 710 Part V: Internet Applications 26 549669 ch20.qxd 4/4/03 9:27 AM Page 710 Tuning and Securing PHP Applications CHAPTER 21 Speeding Up PHP Applications CHAPTER 22 Securing PHP Applications Part VI 27 549669 PP06.qxd 4/4/03 9:27 AM Page 711 27 549669 PP06.qxd 4/4/03 9:27 AM Page 712 Chapter 21 Speeding Up PHP Applications IN THIS CHAPTER ◆ Benchmarking your PHP application ◆ Stress-testing your PHP application ◆ Compressing your PHP application output ◆ Using output caching using jpcache ◆ Using output caching using the PEAR cache ◆ Using function caching using the PEAR cache ◆ Using PHP opcode caching techniques THIS CHAPTER DESCRIBES HOW YOU can speed up your PHP applications using vari- ous techniques, including fine-tuning code, output buffering, output compression, output caching, and code caching. These techniques will enable you to turbocharge your application for the high-volume access scenarios usually present in heavy- traffic Web sites with PHP applications. Optimization isn’t a task that should be undertaken on every piece of code. You must ask yourself, before starting to optimize code, “is this code fast enough?” If the answer is “yes,” optimization probably isn’t necessary. Spending time optimizing existing code could be time wasted if you neglect other tasks for the optimization time. The best advice is to use good tech- niques while constructing the code in the first place and only optimize code that actually needs it. 713 28 549669 ch21.qxd 4/4/03 9:27 AM Page 713 Benchmarking Your PHP Application Most Web programming is done quickly, and often carelessly. When someone needs a new Web application, notifying the developers is often the last priority. Once the developers are notified, the application gets the “was needed yesterday” status. Therefore, developers design quick-and-dirty applications, and lack the necessary time to fine-tune the code. When you plan to develop a new application, try to allocate one-third of your project time to fine-tuning your code. The first step in fine-tuning your code is identifying the most commonly used code segments. You can easily do this by adding spurious print statements to your code or enabling logging/debugging for critical segments of your applications. Once you have identified the segments of code that are most commonly required to service a request, you need to identify any elements that are not operating at optimal speed. To identify slow code, you should review your code as frequently as possible, using the benchmarking techniques described in the following section. Note that optimizing code won’t always improve performance. It’s impor- tant to consider the whole picture when you are experiencing performance problems — if your database is maxed out, your bandwidth not adequate for your traffic, or hardware not keeping up with the demand, optimizing code won’t improve a thing. Benchmarking your code The PEAR package discussed in Chapter 4 includes a set of benchmark classes that you can use to benchmark your code without writing a lot of new code. For exam- ple, Listing 21-1 shows a PHP script that benchmarks a function called myFunction. Listing 21-1: bench1.php <?php // If you have installed PEAR packages in // a different directory than %DocumentRoot%/pear // change the setting below. $PEAR_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’ ; $PATH = $PEAR_DIR; 714 Part VI: Tuning and Securing PHP Applications 28 549669 ch21.qxd 4/4/03 9:27 AM Page 714 ini_set( ‘include_path’, ‘:’ . $PATH . ‘:’ . ini_get(‘include_path’)); require_once ‘Benchmark/Iterate.php’; $benchmark = new Benchmark_Iterate; $benchmark->run(10, ‘myFunction’, $argument); $result = $benchmark->get(); echo “<pre>”; print_r($result); echo “</pre>”; exit; function myFunction($var) { // do something echo ‘x ‘; } ?> The $PEAR_DIR variable points to the PEAR directory, which in this case is installed in %DocumentRoot%/pear. The $PEAR_DIR variable is included in the include_path using the ini_set() call. Then the Benchmark/Iterate.php class is loaded into the application. A benchmark Iterate object called $benchmark is created. This object is used to run the myFunction function 10 times. The $argument variable is passed to myFunction each time it is called. The profiling result of the multiple execution, $result, is retrieved using the get() method of the benchmark object. The result is output to the screen using the print_r() function. A sample of typical output looks as follows: x x x x x x x x x x Array ( [1] => 0.00074100494384766 [2] => 0.00013399124145508 [3] => 0.00013101100921631 [4] => 0.0001380443572998 [5] => 0.00014901161193848 [6] => 0.00013506412506104 [7] => 0.00013101100921631 [8] => 0.00013399124145508 Chapter 21: Speeding Up PHP Applications 715 28 549669 ch21.qxd 4/4/03 9:27 AM Page 715 [9] => 0.00014710426330566 [10] => 0.00013601779937744 [mean] => 0.00019762516021729 [iterations] => 10 ) Notice that for each execution of myFunction, the benchmark object has tracked the execution time. It has also calculated the mean (average) time needed by myFunction, which is 0.00019762516021729 seconds (approximately 0.20 ms). By running the target functions (slow functions) multiple times, you can deter- mine the mean execution speed and start fine-tuning the code using the benchmark method described. Now let’s look at another method of benchmarking your code. Listing 21-2 shows a PHP script that uses the Benchmark/Timer.php class from PEAR’s bench- mark classes to time execution of a function named myFunction(). Listing 21-2: bench2php <?php // If you have installed PEAR packages in // a different directory than %DocumentRoot%/pear // change the setting below. $PEAR_DIR = $_SERVER[‘DOCUMENT_ROOT’] . ‘/pear’ ; $PATH = $PEAR_DIR; ini_set( ‘include_path’, ‘:’ . $PATH . ‘:’ . ini_get(‘include_path’)); require_once ‘Benchmark/Timer.php’; $timer = new Benchmark_Timer(); $timer->start(); $timer->setMarker(‘start_myFunction’); for($i=0; $i<10; $i++) { myFunction($argument); } $timer->setMarker(‘end_myFunction’); $timer->stop(); $profiling = $timer->getProfiling(); 716 Part VI: Tuning and Securing PHP Applications 28 549669 ch21.qxd 4/4/03 9:27 AM Page 716 [...]... output: 0 1 2 3 4 5 6 7 8 9 Time elapsed: 0.00 094 497 20382 690 4 Array ( [0] => Array ( [name] => Start [time] => 10 392 924 59. 1770 590 0 [diff] => [total] => 0 ) [1] => Array ( [name] => start_myFunction [time] => 10 392 924 59. 17758700 717 28 5 496 69 ch21.qxd 718 4/4/03 9: 27 AM Page 718 Part VI: Tuning and Securing PHP Applications [diff] => 0.00052 797 794 342041 [total] => 0.00052 797 794 342041 ) [2] => Array (... 0.00052 797 794 342041 [total] => 0.00052 797 794 342041 ) [2] => Array ( [name] => end_myFunction [time] => 10 392 924 59. 17853200 [diff] => 0.00 094 497 20382 690 4 [total] => 0.00147 294 998 16 895 ) [3] => Array ( [name] => Stop [time] => 10 392 924 59. 17860700 [diff] => 7. 498 2643127441E-05 [total] => 0.00154 793 262481 69 ) ) Using this type of benchmarking, you can create numerous markers in your code, gathering profiling... script called test .php: < ?php require “/path/to/jpcache/jpcache .php ; echo time(); phpinfo(); ?> Make sure that /path/to/jpcache in the require() line points to the appropriate directory in which jpcache .php is installed 28 5 496 69 ch21.qxd 4/4/03 9: 27 AM Page 7 29 Chapter 21: Speeding Up PHP Applications 6 Now run this script via a Web browser using http://server/path/ to/jpcache/test .php You should see... (Unix) PHP/ 4.1.2 Date: Sat, 07 Dec 2002 20:52:20 GMT Connection: close Content-Type: text/html X-Powered-By: PHP/ 4.1.2 28 5 496 69 ch21.qxd 4/4/03 9: 27 AM Page 727 Chapter 21: Speeding Up PHP Applications Keep in mind that GZIP is only one practical option in improving your code Also, the overhead in calling the ZIP function, hit on server RAM, etc., must be carefully weighed Caching Your PHP Applications. .. seconds 1000 0 28 5 496 69 ch21.qxd 4/4/03 9: 27 AM Page 723 Chapter 21: Speeding Up PHP Applications Total transferred: HTML transferred: Requests per second: Transfer rate: Connection Times (ms) min avg Connect: 0 0 Processing: 111 427 Total: 111 427 1754000 bytes 1311000 bytes 113.71 199 .45 kb/s received max 5 550 555 Notice that Requests per second is 113.71 for accessing the myapp .php PHP script Change... shows you how a simple PHP script (shown in Listing 21-6) can be converted to use the PEAR output caching feature 7 29 28 5 496 69 ch21.qxd 730 4/4/03 9: 27 AM Page 730 Part VI: Tuning and Securing PHP Applications Listing 21-6: non_cached .php < ?php echo “This is the contents”; echo “Time is “ date(‘M-d-Y H:i:s A’, time()) “”; ?> To use the PEAR output cache for the preceding PHP script, you need... http://server/path/to/pear_content_cache .php? nocache=1 28 5 496 69 ch21.qxd 4/4/03 9: 27 AM Page 733 Chapter 21: Speeding Up PHP Applications This will ensure that users are served fresh contents PEAR’s cache package can also cache PHP function calls Listing 21-8 shows a script called pear_func_cache .php that enables function caching for a function named slowFunction() Listing 21-8: pear_func_cache .php < ?php // If you have... and improve your PHP applications for speed You also learned how to buffer output, how to compress output, and how to cache output for faster response time Finally, you learned about tools that can optimize PHP itself  29 5 496 69 ch22.qxd 4/4/03 9: 27 AM Page 737 Chapter 22 Securing PHP Applications IN THIS CHAPTER ◆ Protecting your application-related files ◆ Controlling access to your applications ◆... never get stale pages or data PHPA: the PHP Accelerator This is also a very popular, free PHP opcode cache that features a built-in code optimizer as well You can download PHPA from http://www .php- accelerator co.uk/ 735 28 5 496 69 ch21.qxd 736 4/4/03 9: 27 AM Page 736 Part VI: Tuning and Securing PHP Applications The PHPA does not currently have an official license to make it free In addition, the source... Apache or an Apache-like Web server (such as Zeus) 737 29 5 496 69 ch22.qxd 738 4/4/03 9: 27 AM Page 738 Part VI: Tuning and Securing PHP Applications Restricting access to your PHP application-related files When you create a large PHP application, many files might contain sensitive information For example, the configuration files used in many of the applications in this book contain database connection . end_myFunction [time] => 10 392 924 59. 17853200 [diff] => 0.00 094 497 20382 690 4 [total] => 0.00147 294 998 16 895 ) [3] => Array ( [name] => Stop [time] => 10 392 924 59. 17860700 [diff] => 7. 498 2643127441E-05 [total]. 0.00074100 494 384766 [2] => 0.00013 399 12414 5508 [3] => 0.0001310110 092 1631 [4] => 0.000138044357 299 8 [5] => 0.0001 490 1161 193 848 [6] => 0.0001 3506 41 2506 104 [7] => 0.0001310110 092 1631 [8]. 0.00013 399 12414 5508 Chapter 21: Speeding Up PHP Applications 715 28 5 496 69 ch21.qxd 4/4/03 9: 27 AM Page 715 [9] => 0.00014710426330566 [10] => 0.000136017 799 37744 [mean] => 0.000 197 625160217 29 [iterations]