0

Instead of eval() I am investigating the pros and cons with creating .php-files on the fly using php-code.

Mainly because the generated code should be available to other visitors and for a long period of time, and not only for the current session. The generated php-files is created using functions dedicated for that and only that and under highly controlled conditions (no user input will ever reach those code files).

So, performance wise, how much load is put on the webserver when creating .php-files for instant execution using include() later elsewhere compared to updating a database record and always query a database at every visit?

The generated files should be updated (overwritten) quite frequently but not very frequent compared to how frequently they will be executed

What are the other pro/cons? Should the possibility of the combination of one user overwriting the code files at the same time as others is currently executing them introduce complicated concurrent conflict solving? Using Mutex? Is it next to impossible to overwrite the files if visitors is constantly "viewing" (executing) them?

PS. I am not interested in alternative methods/solutions for reaching "the same" goal, like:

  1. Cached and/or saved output buffers, as an alternative, is out of the question, mainly because the output from the generated php-code is highly dynamic and context-sensitive
  2. Storing the code as variables in a database and create dynamic php code that can do what is requested based on stored data, mainly because I don't want to use a database as backend for the feature. I don't ever need to search the data, query it for Aggregation, ranking or any other data collecting or manipulation
  3. Memcached, APC etcetera. It's not a caching feature I want
  4. Stand-alone (not PHP) server with custom compiled binary running in memory. Not what I am looking for here, although this alternative have crossed my mind.

EDIT: Got many questions about what "type" of code is generated. Without getting into details I can say: It's very context sensitive code. Code is not based on user direct input but input in terms of choices, position and flags. Like "closed" objects in relation to other objects. Most code parts is related to each other in many different, but very controlled, ways (similar to linked lists, genetic cells in AI-code etcetera) so querying a database is out of the question. One code file will include one or more others, and so on..

Improve this question
19
  • 2
    "no user input will ever reach those code files" That may be the plan, but if you give the web server write permission to the files it serves... you're gonna have a bad time. Commented Jan 5, 2018 at 12:30
  • 1
    Sounds like you're building a library system. Therefore simply use a database. Commented Jan 5, 2018 at 12:54
  • 1
    this just seems like a bad idea. why not use a database? anyway to answer your question, there is a performance hit but it is negligible probably, depending on how many files it is writing and the effort involved in creating them. If they are not unique to the user, then it is possible that they may change in between calls. This could indeed cause a security risk (potentially). Commented Jan 5, 2018 at 12:56
  • 1
    You're looking in the wrong direction. Since you're not open to alternatives, this is a dead-end question. Commented Jan 5, 2018 at 12:57
  • 1
    @Plarsen well most of writing code is figuring out ways to do what you want, so I wont fault you but it still seems likely that a stored-procedure or even multiple db calls would be faster; and definitely more secure. I suppose you could use a naming convention that ties the files to a user or time, to avoid the mismatch issue. good luck! Commented Jan 5, 2018 at 13:03

1 Answer 1

Reset to default
1

I do the same thing in an application. It generates static PHP Code from data in a MySQL database. I store the code in memcached and use ‘eval’ to execute it. Only when something changes in the MySQL database I regenerate the PHP. It saves an awful lot of MySQL reads

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Interesting idea, like a combination of keeping the pros from eval php code while using the pros regarding the update process from the SQL/memcashed-method. I need to take this into account and see if I can take it one step further and also create fysical .php-files
You can output physical php files of course, but with the right caching it would come to the same result effectively.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.