Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
hicuxunicorniobestbuildpc
The Mouse Is Extension Of Arm



Joined: Aug 13, 2009
Posts: 1015
Location: Netherland

PostPosted: Tue Sep 24, 2013 3:16 am Reply with quote

Today I decided to take a look line by line on mainfile.php.

Example:

Find

Code:
function update_points($id) {

   global $db, $prefix, $user, $user_prefix;
   if (is_user($user)) {
      if(!is_array($user)) {
         $cookie = cookiedecode($user);
         $username = trim($cookie[1]);
      } else {
         $username = trim($user[1]);
      }
      if ($db->sql_numrows($db->sql_query('SELECT * FROM ' . $prefix . '_groups')) > '0') {
         $id = intval($id);
         $result = $db->sql_query('SELECT points FROM ' . $prefix . '_groups_points WHERE id=\'' . $id . '\'');
         list($points) = $db->sql_fetchrow($result);
         $db->sql_query('UPDATE ' . $user_prefix.'_users SET points=points+' . $points . ' WHERE username=\'' . $username . '\'');
      }
   }
}


Replace with

Code:
function update_points($id) {

   global $db, $prefix, $user, $user_prefix;
   if (is_user($user)) {
      if(!is_array($user)) {
         $cookie = cookiedecode($user);
         $username = trim($cookie[1]);
      } else {
         $username = trim($user[1]);
      }
      if ($db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_groups`')) > '0') {
         $id = intval($id);
         $result = $db->sql_query('SELECT `points` FROM `' . $prefix . '_groups_points` WHERE `id` = \'' . $id . '\'');
         list($points) = $db->sql_fetchrow($result);
         $db->sql_query('UPDATE `' . $user_prefix.'_users` SET `points` = `points`+' . $points . ' WHERE `username` = \'' . $username . '\'');
      }
   }
}


I found out more and I will post the whole update from mainfile.php for RavenNuke 2.51
 
View user's profile Send private message Visit poster's website
hicuxunicorniobestbuildpc







PostPosted: Tue Sep 24, 2013 3:23 am Reply with quote

here I show u more


Code:
function adminblock() {

   global $admin, $admin_file, $db, $prefix, $user_prefix;
   if (is_admin($admin)) {
      $sql = 'SELECT `title`, `content`, `bid` FROM `' . $prefix . '_blocks` WHERE `bkey` = \'admin\'';
      $result = $db->sql_query($sql);
      while (list($title, $content, $bid) = $db->sql_fetchrow($result)) {
         $content = preg_replace('/\badmin.php/', $admin_file . '.php', $content);
         themesidebox($title, $content, $bid);
      }
      $title = _WAITINGCONT;
      $display = 0;
      $content = '<div class="ul-box"><ul class="rn-ul">';
      $num = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_queue`'));
      $display = $display + $num;
      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=submissions">' . _SUBMISSIONS . '</a>: ' . $num . '</li>';
      $num = $db->sql_numrows($db->sql_query('SELECT * FROM ' . $prefix . '_reviews_add'));
      $display = $display + $num;
      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=reviews">' . _WREVIEWS . '</a>: ' . $num . '</li>';
      $num = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_links_newlink`'));
      $display = $display + $num;
      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=Links">' . _WLINKS . '</a>: ' . $num . '</li>';
      $modreql = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_links_modrequest` WHERE `brokenlink` = 0'));
      $display = $display + $modreql;
      if ($modreql > 0) $content .= '<li><a href="' . $admin_file . '.php?op=LinksListModRequests">' . _MODREQLINKS . '</a>: ' . $modreql . '</li>';
      $brokenl = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_links_modrequest` WHERE `brokenlink` = 1'));
      $display = $display + $brokenl;
      if ($brokenl > 0) $content .= '<li><a href="' . $admin_file . '.php?op=LinksListBrokenLinks">' . _BROKENLINKS . '</a>: ' . $brokenl . '</li>';
      $num = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_nsngd_new`'));
      $display = $display + $num;
      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=DownloadNew">' . _UDOWNLOADS . '</a>: ' . $num . '</li>';
      $modreqd = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_nsngd_mods` WHERE `brokendownload` = 0'));
      $display = $display + $modreqd;
      if ($modreqd > 0) $content .= '<li><a href="' . $admin_file . '.php?op=DownloadModifyRequests">' . _MODREQDOWN . '</a>: ' . $modreqd . '</li>';
      $brokend = $db->sql_numrows($db->sql_query('SELECT * FROM `' . $prefix . '_nsngd_mods` WHERE `brokendownload` = 1'));
      $display = $display + $brokend;
      if ($brokend > 0) $content .= '<li><a href="' . $admin_file . '.php?op=DownloadBroken">' . _BROKENDOWN . '</a>: ' . $brokend . '</li>';
      $result = $db->sql_query('SELECT COUNT(*) FROM `' . $prefix . '_gcal_event` WHERE `approved` = 0');
      list($num) = $db->sql_fetchrow($result, SQL_NUM);
      $display = $display + $num;
      if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=gcalendar">' . _GCALENDAR_EVENTS . '</a>: ' . $num . '</li>';
      if (file_exists('modules/Your_Account/credits.html')) {
         $ya_expire = 0;
         $past = 0;
         $configresult = $db->sql_query('SELECT `config_name` , `config_value` FROM `' . $user_prefix . '_users_config` WHERE `config_name`=\'expiring\'');
         $ya_config = $db->sql_fetchrow($configresult);
         $ya_expire = $ya_config['config_value'];
         if ($ya_expire != 0) {
            $past = time() - $ya_expire;
            $res = $db->sql_query('SELECT `user_id` FROM `' . $user_prefix . '_users_temp` WHERE `time` < \'' . $past . '\'');
            while (list($uid) = $db->sql_fetchrow($res)) {
               $db->sql_query('DELETE FROM `' . $user_prefix . '_users_temp` WHERE `user_id` = \'' . $uid . '\'');
               $db->sql_query('DELETE FROM `' . $user_prefix . '_users_temp_field_values` WHERE `uid` = \'' . $uid . '\'');
            }
         }
         $result = $db->sql_query('SELECT COUNT(*) FROM `' . $user_prefix . '_users_temp` WHERE `admin_approve`= 1');
         list($numapproved) = $db->sql_fetchrow($result, SQL_NUM);
         $result = $db->sql_query('SELECT COUNT(*) FROM `' . $user_prefix . '_users_temp` WHERE `admin_approve`= 0');
         list($numneeds) = $db->sql_fetchrow($result, SQL_NUM);
         $num = $numapproved + $numneeds;
         $display = $display + $num;
         if ($num > 0) $content .= '<li><a href="' . $admin_file . '.php?op=yaUsers" title="' . _WAITINGAPPROVAL . ' = '. $numneeds . ' '._WAITINGACTIVATION.' = '. $numapproved . '">' . _USERS . '</a>: ' . $num . '</li>';
      }
      $content .= '</ul></div><div class="block-spacer">&nbsp;</div>';
      if($display > 0) themesidebox($title, $content, $bid);
   }
}
 
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6405

PostPosted: Tue Sep 24, 2013 6:35 am Reply with quote

What is the reason for adding single quotes around attribute names in SQL is...? Performance, security, standards compliance?

I'm sure you could go on all day (for several days) with this, but, please, cut to the choice and make a point. A link to proof your point would be nice, too.

_________________
I google, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG
 
View user's profile Send private message
hicuxunicorniobestbuildpc







PostPosted: Tue Sep 24, 2013 4:33 pm Reply with quote

Well my point is very simple. I just notice one part from the code is ok and other not so I am trying to do a little bit makeup and clean code for a better performance. Take a look at the whole mainfile.php and u will see the different.
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6795
Location: Ha Noi, Viet Nam

PostPosted: Wed Sep 25, 2013 9:23 am Reply with quote

There is ONE very good reason to use single back-tick quotes but the code you have posted is actually detrimental to performance so in order to help you understand what you have done, your going to have to tell me why YOU think your code is better.
 
View user's profile Send private message Send e-mail
hicuxunicorniobestbuildpc







PostPosted: Wed Sep 25, 2013 4:13 pm Reply with quote

well, I guess we all agree single quotes will load the site twice faster and backticks would make anything parsing your code less confused and more understandable. I don't know but I do like it so please explain to me what could be the most efficient way to code or make it better. If I compare old modules and block with what I see right now. I think it was a disaster.

Example:

Code:
function is_group($user, $name) {

          global $prefix, $db, $user_prefix, $cookie, $user;
     if (is_user($user)) {
          if(!is_array($user)) {
          $cookie = cookiedecode($user);
          $uid = intval($cookie[0]);
          } else {
          $uid = intval($user[0]);
          }
          $result = $db->sql_query("SELECT points FROM ".$user_prefix."_users WHERE user_id='$uid'");
          $row = $db->sql_fetchrow($result);
          $points = intval($row['points']);
          $db->sql_freeresult($result);
          $result2 = $db->sql_query("SELECT mod_group FROM ".$prefix."_modules WHERE title='$name'");
          $row2 = $db->sql_fetchrow($result2);
          $mod_group = intval($row2['mod_group']);
          $db->sql_freeresult($result2);
          $result3 = $db->sql_query("SELECT points FROM ".$prefix."_groups WHERE id='$mod_group'");
          $row3 = $db->sql_fetchrow($result3);
          $grp = intval($row3['points']);
          $db->sql_freeresult($result3);
          if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
           return 1;
          }
     }
     return 0;
}


Then I want to convert it like this:

Code:
function is_group($user, $name) {

          global $prefix, $db, $user_prefix, $cookie, $user;
     if (is_user($user)) {
          if(!is_array($user)) {
          $cookie = cookiedecode($user);
          $uid = intval($cookie[0]);
          } else {
          $uid = intval($user[0]);
          }
          $result = $db->sql_query('SELECT `points` FROM `' . $user_prefix . '_users` WHERE `user_id` = \'' . $uid . '\'');
          $row = $db->sql_fetchrow($result);
          $points = intval($row['points']);
          $db->sql_freeresult($result);
          $result2 = $db->sql_query('SELECT `mod_group` FROM `' . $prefix . '_modules` WHERE `title` = \'' . $name . '\'');
          $row2 = $db->sql_fetchrow($result2);
          $mod_group = intval($row2['mod_group']);
          $db->sql_freeresult($result2);
          $result3 = $db->sql_query('SELECT `points` FROM `' . $prefix . '_groups WHERE `id` = \'' . $mod_group . '\'');
          $row3 = $db->sql_fetchrow($result3);
          $grp = intval($row3['points']);
          $db->sql_freeresult($result3);
          if (($points >= 0 AND $points >= $grp) OR $mod_group == 0) {
           return 1;
          }
     }
     return 0;
}


Note: I learned it from Neralex's module, that is what he used to do with all the new modules.

If you open index.php from the last news module I can see clean code and all single quotes and backtick

Code:
function theindex($new_topic = 0) {

   global $db, $storyhome, $topicname, $topicimage, $topictext, $datetime, $user, $cookie, $nukeurl, $prefix, $multilingual, $currentlang, $articlecomm, $sitename, $user_news, $userinfo;
   // Query TON addons
   $sql_ton = 'SELECT `newsrows`, `bookmark`, `linklocation`, `articlelink`, `TON_useTitleLink`, `TON_usePDF`, `TON_useRating`, `TON_useSendToFriend`, `showtags`, `TON_useCharLimit`, `TON_CharLimit`, `usedisqus`, `shortname`, `googlapi`, `usegooglsb`, `newssort`, `newsorder` FROM `' . $prefix . '_ton`';
 
Guardian2003







PostPosted: Wed Sep 25, 2013 4:30 pm Reply with quote

I'm no mySQL expert but as far as I know, there is only one valid reason for using backticks around field names and that is to prevent collisions with keywords that mySQL uses for it's built in functions.
If you look at the lists here [ Only registered users can see links on this board! Get registered or login! ] you can see that some keywords could easily be used by accident, such as 'default', 'desc' etc.
Of course we now have a conundrum developing.......
On the one hand, it makes perfect sense to backtick everything to help ensure a field we used doesn't cause a problem in the future if mySQL suddenly adds another function but on the other hand, every backtick needs to be parsed by PHP, which degrades performance.

It's really down to personal preference and the developers own coding style so there isn't really a right or wrong way to do it.
 
hicuxunicorniobestbuildpc







PostPosted: Thu Sep 26, 2013 3:16 am Reply with quote

Thanks for this info Guardian2003, I think it is true to change anything we have to single quotes and backtick
 
neralex
Site Admin



Joined: Aug 22, 2007
Posts: 1549

PostPosted: Thu Sep 26, 2013 1:35 pm Reply with quote

Guardian is right, it's really down to the developers own coding style. The News module was going through many hands since some years. The results of them are different ways of coding. I have only tried to choose one way. I have seen it many times in the code-lines from Palbin and i like simply his clean style. Smile

_________________
Github: RavenNuke 
View user's profile Send private message
Guardian2003







PostPosted: Thu Sep 26, 2013 2:01 pm Reply with quote

hicuxunicorniobestbuildpc wrote:
Thanks for this info Guardian2003, I think it is true to change anything we have to single quotes and backtick

I agree that it is nice when there is consistency with coding style. As part of a development team, we try very hard to be consistent with our code and have our own internal set of coding standards to try and ensure no matter who writes a piece of code, you cannot tell if someone else makes some edits further down the road.

The one thing you do have to be careful of though, especially in a public forum like this is simply posting snippets of code and then another snippet of the same code without explaining fully the differences and why the code has changed. Visitors might accidentally assume the original code has a bug and you are proposing a fix or worse case, because this site uses re-writing, the code might get mangled when it is posted and someone might end up replacing existing working code with something that doesn't work.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©