Yohanes Mario [dot] com

my online scrapbook of scrambled thoughts

I've been relying on Apache and PHP for a very long time, and they have served me well. However, they do have disadvantages, and I feel that I need to keep up with new technologies in order to further my knowledge. Apache is built with old paradigms to handle concurrency, it uses one thread per connection. Thread is expensive, especially for a constrained environment like a web server. So, when there's another platform which offer high concurency with a fixed size of thread pool, I'm sold.

Enter NGINX (read: engine-x). It uses a limited size of thread pool, so it will never create unlimited number of threads. It uses a non-blocking model instead of the traditional blocking model which Apache uses (which is why they need one thread per connection in the first place). The only disadvantage it has is the lack of support compared to Apache. To use php on NGINX, you need to go the extra mile. But PHP is also reliant on old paradigms. It's still based on a file system structure, it still use one thread per execution of a script (which negates the benefit of NGINX), and it's painfuly slow. So, now what?

This is where Node.js comes in. Node.js is basically javascript which you can run on the server. Imagine that. You can have practically the same language for both client and server. And it also use non-blocking model, just as an added bonus. Granted, it only use a single thread to run everything, but it still performs better than PHP which uses multi-thread, and you still can run multiple Node.js worker processes if you really need to scale further. Mind-blown.

So, yes, I just recreated my blog engine from scratch using Node.js. And it took me significantly less time than if I were to recreate this blog using PHP from scratch. Node.js is that easy to use, if you consider javascript as an easy language. I certainly am.

That's all. As always, happy blogging!

   Posted in CMS        Yohanes Mario Chandra        0 Comments

Since forever I've been looking for a way to easily print my blog content from php inside a html text input field or textarea. The results has always been awful or awkward at best. For those who have been making admin pages their whole life would know this. Printing an escaped HTML character is easy, but printing it inside a textarea is another story. The root cause of this is because <input type='text' /> and <textarea></textarea> have different ways of displaying content.

And then I got an epiphany, why don't I use JSON to encode the data, and then use javascript to fill those empty text fields and textarea? And that's what I did. This way, I avoid printing directly into the textarea altogether. The way to do this is easy, I will have two variables, namely $json which contains the JSON encoded string, and $result which contains the string which will be echoed.

<?php

    $json = json_encode(array(
        "textareaId" => $textareaContent
    ));

    $result = "<script type='text/javascript'>
        var preloadedData = ".$json.";

        $('#textareaId').val(preloadedData.textareaId);
    </script>";

Using this method, I can just use jQuery's .val() method to fill any text input, regardless of it's type.

That's all. Hope this helps. Happy blogging!

   Posted in CMS        Yohanes Mario Chandra        0 Comments

From the first time I deal with web programming, I have been searching for the best SQL input sanitation possible. I have tried to eliminate unwanted characters from the string, and then I try to use Separate Room SQL validation Method (SRS-VM) for absolute security with a little performance drawback.

Overtime, SRS-VM proved to be unusable when it comes to inserting new data set which don't have any reference from the database. SRS-VM need to have a data reference in order to operate, so, that makes creating new blog post impossible.

After several time searching through the net, and attending lecture from my university, I realize that there's one more option which is an absolutely secure method, and doesn't hinder performance as much as SRS-VM. For a long time, there has been a function in PHP which I never realize, called mysql_real_escape_string. This function escapes every special characters in SQL. This basically means that I can enter any character I want without worrying about SQL injection.

Yes, I know. My journey towards finding this simple function is THAT long. That's what happen when we don't use documentation properly.

So, I hope this post help you. Happy blogging!

   Posted in CMS        Yohanes Mario Chandra        0 Comments