wide thoughts

I’m really glad to see Lukas planning to push PDO a step higher. I think it’s already a decent extension, and has a bright future — since I first used the extension I’ve never ever used anything else for any database. It’s object-oriented, has a lean interface, it’s fast, and supports a major feature: prepared statements. I’ve completely forgotten about having to escape, because I always insert/update through these. Seeing mysql_real_escape_string() anywhere in code makes me sad, and seeing $db = mysql_connect() and then passing the resource around makes me sick . Yes, you can use a class to wrap this up, but why would you? PDO is just that and more.

The only thing I miss is some sort of prepared statement inspection. You prepare it, and you pass the parameters, but you can’t find out what the query actually looks like. This would come in handy for logging, but it may be impossible to implement in the extension, because as I understand prepared statements are assembled by the database itself, unless they’re emulated by the extension.

Just looked at search terms leading people to my blog and found a few of “wideimage problem php”. Just to let you know, there are several support channels available if you get stuck using the library or find a bug. So, please, don’t let me guess what your problems are.

It’s friday evening and I’ve just released a new version of WideImage. I’m such a geek.

I’ve recently started a new project, called LayerCache. It’s an easy-to-use caching framework for PHP5, which allows you to cache items in multiple layers. When a requested item isn’t present in one layer, the framework reads from the next layer in the stack. If the item isn’t present in any layer, it’s retrieved from the source and stored in all caches in the stack.

An example of usage would be caching user profiles in Memcache (bigger, slower, global to all webservers) and APC (smaller, faster, local to each webserver). It also offers a mechanism called prefetch, which aims to reduce the database hit when an item is removed from the cache because of age (ttl).

Currently, the framework offers interfaces to Memcache, APC, file caching and local caching (PHP array with LRU, caching in a request scope). I’ll probably add more caching interfaces support as the project evolves. There is no documentation, apart from examples (see link bellow) and unit tests (yes, that counts as documentation). The current code is fully tested with PHPUnit, but no stable package is currently available.

For more, visit the following links:

• Project web site
• Introduction
• Examples
• Browse SVN
• LayerCache Ohloh profile

For some reason php|architect’s June issue failed to list Symfony among 6 frameworks that are supposedly worth mentioning. I’m not going to speculate on why, but I will say that it’s wrong from at least one perspective.

If a serious magazine tries to present itself as a valuable source of PHP information, and half of the issue is dedicated to frameworks, and they put a big caption saying “PHP HAS BEEN FRAMED – A rundown of popular frameworks” on the front cover, but then at least two of the frameworks listed are far from maturity (and userbase, and documentation) of the big players, and you fail to list at least one of the most popular frameworks, then it’s a fail. Whether it be because they couldn’t find anybody that would write an article, or they didn’t try hard enough to find anybody, or they just didn’t think about it, it’s still a fail. They should’ve. And the same could be said for a few other PHP frameworks.

I wonder what were the criteria for the framework selection. Popularity couldn’t be the only one, because that would mean at least three frameworks replaced by others.

Even though, it’s an interesting issue, framework articles included.

When it comes to (un)serializing objects in PHP, some things may surprise you. In this post I show what I’ve found out last week, when I was testing serialization with different class definitions. This is generally a bad practice, and shows one of the biggest drawbacks of using serialization for persistent object storage: the serialized data holds a frozen version of an object. As project evolves, and classes change, the serialized information doesn’t change with them. When objects are unserialized with the new class definition, it can result in unexpected behavior. You should take care when using serialization for persistent or temporary storage (ie caching objects in memcache), because every change in the class definition may affect the unserialized objects, causing numerous bugs and crashes.
Read more…

I just published the slides and accompanying files for my <?php konferenca 2009 talk. You can download them here.

Update: video of my talk is available. And also other videos from the conference. All in Slovene.

Getting ready for <?php konferenca, the Slovenian PHP conference. I’ll try to shed some light on security issues (and why they are bad), and on how to properly secure a web site (and why that’s good). The workshop is wonderfully imaginatively titled PHP and security.

I’ve read this post about micro-optimization today, and I think many of the listed hints are wrong. Not wrong in way of being false, but in a way that you shouldn’t use them. Sebastian already wrote something about it, but more can be said.

The difference between static and object method call isn’t about speed at all, it’s about what you’re dealing with and what you’re trying to do. If you have an object, you call an object method. If you have a class with a static method, you call the static method. You shouldn’t choose between the two just for the sake of speed. You shouldn’t even have the option of choosing. They’re not interchangeable. And, in most cases you should be using objects, not classes, for testability’s sake.

A similar case can be made for “accessing a global variable is faster then an object property”. If I start developing with this hint in mind, and I start putting object properties in the global scope, what I am going to get? A mess, that’s what. You should never think about putting an object property in the global scope, for any reason, optimization included.

Another example would be “an array is a faster alternative to a class with several fields”. (Should be object, not class.) Again, this makes little sense. An array is a hash-like storage of data, an object is a black box that receives and sends messages, it’s encapsulated data with behavior attached. These two are two different things, and if I change the code to use arrays instead of objects, the change ripples throughout the rest of the code. Again, this leads to messy code. Not to mention that in the spirit of OOP you should be aiming to use objects, not arrays. Sure, there are cases where this hint would be suitable, but optimization like this should be the last thing you think about.

There are more hints like this, but I’m not going to list them all, because I’ve made my point: most of the hints are invalid, because they compare non-interchangeable things. If I push it a little, it’s almost like saying: not using echo is faster than using it. Yes, it’s completely true, but these two options don’t do the same thing.

I can’t help myself, so I’ll say a little something about the famous PHP quotes optimization: single quotes are faster than double quotes. First, these two aren’t the same, so changing one to another ripples out. Second, with quotes it’s only about readability and taste. Third, the speed gain is literally negligible. This is another hint you should forget as soon as possible. A second spent on quotes optimization is a second lost. I just lost a few minutes writing this, but some readers will hopefully gain them by not bothering about optimizing quotes.

A lot can be said about optimization, but most of these hints sure aren’t worth remembering. Even more; forget them as soon as possible. If you have a speed problem, find out where it is, and fix it. In the vast majority of the time it’s IO-related resources: the database and files, maybe network shares, or whatnot. I’ve never seen a real-life problem where for statement was causing problems and foreach solved them. This just doesn’t happen, except maybe if you’re computing Pi in php-cli.

The path to optimization should be:

1. Write working code, no matter how slow it is. It’s a million times better than fast code with bugs.
2. If and only if you undoubtedly have performance issues, profile your code, locate and measure slow code.
3. Optimize the slowest thing. Only the slowest thing.
4. Loop.

Also keep in your mind that by optimizing your code, you reduce readability, and consequently maintainability. This means that you’ll lose more time the next time you come back to update or fix the code.

There are also some good points that Alex makes, so I’ll repeat them here, because these are worth remembering:

• use prepared database statements,
• avoid @ (error control operator),
• avoid notices and warnings in your scripts.

Yesterday I’ve noticed that too many queries are sent to the database server, even though the result should be cached in memcache. After digging into the source and testing, I’ve discovered something like this:

The fetchFromDb() method returned an empty array, which was stored in memcache. But, as it turns out, the bug was in checking of $results. An empty array evaluates to false when checking for true/false. I knew that already, but I missed this one.

So, the script issued a query, even though it already had a result. Luckily, this only happened with empty result sets, so the query was fast, and didn’t overload the server.

The correct code would be:

I’ve lost quite some time over this, so I’m posting this as a reminder: if possible, use strict checking.