[56K WARN] Feedback required for The Embed Blog

It doesn't matter if you do all the error checking in the world, or if you have the most beautiful graphics, if your site or application design isn't usable, it's not going to do well. Get input and advice on usability and user interface issues here.

Moderator: General Moderators

Post Reply
wolve
Forum Newbie
Posts: 4
Joined: Mon Mar 26, 2007 4:12 pm

[56K WARN] Feedback required for The Embed Blog

Post by wolve »

I am currently developing an open source blog program called The Embed Blog, which can be added to an existing web page. It would be amazing if some of you could try the blog and let me know what you think about the development so far.

You can download the blog from here:
http://www.web-creative.co.uk/projects/embedblog.php

It still requires a lot of development, and it would really help to have some constructive criticism or ideas for extra features.

Here are locations I have already installed the blog for testing:

Image
Simon Woolverton's Blog - The Embed Blog


Image
Static News - Embed Blog Micro


Image
DBBT News - Embed Blog Micro
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

I'm not going to download a copy of your blog system and beta test it for free, but I did click around on the examples you provided.

They look good, but I think under the hood you need to optimize your MySQL tables. The blogs are a bit sluggish :(

Good news is that optimizing table structures is pretty quick and easy:)
wolve
Forum Newbie
Posts: 4
Joined: Mon Mar 26, 2007 4:12 pm

Post by wolve »

Astions, thank you very much for looking through my examples and raising the important point of it being a bit sluggish. I'm not sure if it's the MYSQL tables that are causing the problem though because they are almost identical to those I've used for a client's news page http://www.diffusionpictures.co.uk/news.php, so I think the sluggish response of my new open source blog must be caused by the new PHP script.

I believe it is my security that's slowing the blog down a bit at the moment. All the data that is passed to and from the MYSQL database is filtered three times:
1) Checks whether the data added is what it should be (even the get requests you see in the url are all checked to see if they are correct) and then stores the data in an array called $clean
2) Before data is added to the tables of the database or compared with anything already there I escape any special characters that could allow someone to SQL Inject. The escaped data is stored in an array called $mysql.
3) Data drawn from the database is then filtered to remove the effect of escaping in stage 2 of my security, the code is then filtered to add any special characters required (ie &) and then my xhtml generator creates valid xhtml strict from the plain text the user entered as posts, comments etc. Data filtered from the database is stored in an array called $html.

With all the data passed through the PHP script being filtered 3 times it takes nearly 500 lines of code before anything actually happens with that data (these 500 lines do not include all the functions that are called up by each filter request).

I have read a lot of work from Chris Shiflett (including his book "Essential PHP Security") which advises that I take security seriously and said this was the best approach to improve my security. Am I taking security too seriously? It certainly seems to be affecting the performance of The Embed Blog.

Thank you again Astions for your feedback. What are your views on security? Is it worth slowing down my blog for the security testing? Should I just work on optimising the efficiency of my security tests?
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Don't ever guess at what is slow. If you want to find out what is taking the time you need a profiler.
wolve
Forum Newbie
Posts: 4
Joined: Mon Mar 26, 2007 4:12 pm

Post by wolve »

ole wrote:Don't ever guess at what is slow. If you want to find out what is taking the time you need a profiler.
Where can I find a profiler to check my PHP code performance?
Edit: Is this one any good? http://www.semdesigns.com/Products/Prof ... filer.html
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Xdebug.
wolve
Forum Newbie
Posts: 4
Joined: Mon Mar 26, 2007 4:12 pm

Post by wolve »

feyd wrote:Xdebug.
Thank you feyd. I'll test my blog with this later today, and hopefully it will reveal why it's sluggish.
Post Reply