Asked  7 Months ago    Answers:  5   Viewed   47 times

Regarding performance, is there any difference between doing:

$message = "The request $request has $n errors";


$message = sprintf('The request %s has %d errors', $request, $n);

in PHP?

I would say that calling a function involves more stuff, but I do not know what's PHP doing behind the scenes to expand variables names.




In all cases the second won't be faster, since you are supplying a double-quoted string, which have to be parsed for variables as well. If you are going for micro-optimization, the proper way is:

$message = sprintf('The request %s has %d errors', $request, $n);

Still, I believe the seconds is slower (as @Pekka pointed the difference actually do not matter), because of the overhead of a function call, parsing string, converting values, etc. But please, note, the 2 lines of code are not equivalent, since in the second case $n is converted to integer. if $n is "no error" then the first line will output:

The request $request has no error errors

While the second one will output:

The request $request has 0 errors
Wednesday, March 31, 2021
answered 7 Months ago

Dont need to do any conversion first of all. So you can get rid of $code = (string)$code . ''; and all the strval() calls. You $message can be set as thus:

$message = "Winner information follows:rnEmail: ".$email."rnConfirmation Code: ".$code;

Also, it doesnt look like you are including the code in your second email. So the whole thing changed would look like this:

$myFile = "winners.txt";
$fh = fopen($myFile, 'a') or die("can't open file");
$email = $_POST['email'];
$code = $_POST['code'];
$message = "Winner information follows:rnEmail: ".$email."rnConfirmation Code: ".$code;
fwrite($fh, $email);
fwrite($fh, $code);
mail("", "Winning Notice ST", $message);
mail($email, "Winning Notice CT", 'Congrats, you won a free amazon gift card at If the following confirmation code matches the one in our records you will receive your reward. The code follows: '.$code);

One other thing to note is that you might want to put $email through some sanitizaiton checks to verify it is a valid email address.

Saturday, May 29, 2021
answered 5 Months ago

Inside single quotes everything is preserved literally, without exception.

That means you have to close the quotes, insert something, and then re-enter again.


Word concatenation is simply done by juxtaposition. As you can verify, each of the above lines is a single word to the shell. Quotes (single or double quotes, depending on the situation) don't isolate words. They are only used to disable interpretation of various special characters, like whitespace, $, ;... For a good tutorial on quoting see Mark Reed's answer. Also relevant: Which characters need to be escaped in bash?

Do not concatenate strings interpreted by a shell

You should absolutely avoid building shell commands by concatenating variables. This is a bad idea similar to concatenation of SQL fragments (SQL injection!).

Usually it is possible to have placeholders in the command, and to supply the command together with variables so that the callee can receive them from the invocation arguments list.

For example, the following is very unsafe. DON'T DO THIS

script="echo "Argument 1 is: $myvar""
/bin/sh -c "$script"

If the contents of $myvar is untrusted, here is an exploit:

myvar='foo"; echo "you were hacked'

Instead of the above invocation, use positional arguments. The following invocation is better -- it's not exploitable:

script='echo "arg 1 is: $1"'
/bin/sh -c "$script" -- "$myvar"

Note the use of single ticks in the assignment to script, which means that it's taken literally, without variable expansion or any other form of interpretation.

Tuesday, June 1, 2021
answered 5 Months ago

Reusing the selector reference, your first case, is definitely faster. Here's a test I made as proof:

The latter case, redefining your selectors, is reported as ~35% slower.

Saturday, July 3, 2021
answered 4 Months ago

You could use Invoke-Expression to have your string reparsed - something like this:

$string = 'The $animal says `"meow`"'
$animal = 'cat'
Invoke-Expression "Write-Host `"$string`""

Note how you have to escape the double quotes (using a backtick) inside your string to avoid confusing the parser. This includes any double quotes in the original string.

Also note that the first command should be a command, if you need to use the resulting string, just pipe the output using write-output and assign that to a variable you can use later:

$result = Invoke-Expression "write-output `"$string`""

As noted in your comments, if you can't modify the creation of the string to escape the double quotes, you will have to do this yourself. You can also wrap this in a function to make it look a little clearer:

function Invoke-String($str) { 
    $escapedString =  $str -replace '"', '`"'
    Invoke-Expression "Write-Output `"$escapedString`""

So now it would look like this:

# ~> $string = 'The $animal says "meow"'
# ~> $animal = 'cat'
# ~> Invoke-String $string
The cat says "meow"
Friday, July 30, 2021
answered 3 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :