I am logging in users via windows authentication and then storing that user's rights in a session variable. I use a delimited method of rights storage in a database i.e:
$rights //retrieved from database
= 'read,edit,delete,admin'
so my question is should I;
//generate variable
$_SESSION['userrights'] = $rights ($rights is retrieved from database)
//use strpos to find if right is allowed
if (strpos($_SESSION['userrights'],"admin") !== false) { // do the function }
OR
//make array of rights
$_SESSION['userrights'] = explode(',',$rights)
//use in_array to find if right is allowed
if (in_array("admin",$_SESSION['userrights'])) { // do the function }
Bit of a OCD question as I presume the difference will be pretty much negligible for what I am doing but which would be the faster (use less resources) method?
Any answers appreciated except ones that insult my method of rights storage!
strpos is the fastest way to search a text needle, php.net site:
If you only want to determine if a particular needle occurs within haystack, use the faster and less memory intensive function strpos()....
As I often work with large datasets, I'd go with isset or !empty on an associative array and check for the key, like @Barmar suggests. Here is a quick 1M benchmark on an Intel® Core™ i3-540 (3.06 GHz)
$test = array("read", "edit", "delete", "admin");
echo "<pre>";
// --- strpos($rights,$test[$i%4]) ---
$rights = 'read,edit,delete,admin';
$mctime = microtime(true);
for($i=0; $i<=1000000; $i++) { if (strpos($rights,$test[$i%4]) !== false) { }}
echo ' strpos(... '.round(microtime(true)-$mctime,3)."s\n";
// --- in_array($test[$i%4],$rights) ---
$rights = array("read", "edit", "delete", "admin");
$mctime = microtime(true);
for($i=0; $i<=1000000; $i++) { if (in_array($test[$i%4],$rights)) { }}
echo 'in_array(... '.round(microtime(true)-$mctime,3)."s\n";
// --- !empty($rights[$test[$i%4]]) ---
$rights = array('read' => 1, 'edit' => 1, 'delete' => 1, 'admin' => 1);
$mctime = microtime(true);
for($i=0; $i<=1000000; $i++) { if (!empty($rights[$test[$i%4]])) { }}
echo ' !empty(... '.round(microtime(true)-$mctime,3)."s\n";
// --- isset($rights[$test[$i%4]]) ---
$rights = array('read' => 1, 'edit' => 1, 'delete' => 1, 'admin' => 1);
$mctime = microtime(true);
for($i=0; $i<=1000000; $i++) { if (isset($rights[$test[$i%4]])) { }}
echo ' isset(... '.round(microtime(true)-$mctime,3)."s\n\n";
echo "</pre>";
The winner is isset:
strpos(... 0.393s
in_array(... 0.519s
!empty(... 0.232s
isset(... 0.209s
A benchmark that proofs that strpos is not the fastest method, but faster than in_array:
<?php
echo phpversion() . PHP_EOL;
// build random array
$array = array_fill(0, 10000, 16);
$array = array_map('openssl_random_pseudo_bytes', $array);
$array = array_map('bin2hex', $array);
$array_flipped = array_flip($array);
$string = implode($array);
$random_keys = array_rand($array_flipped, 10);
$loops = 10000;
$start = microtime(true);
for ($i = 0; $i < $loops; $i++) {
strpos($string, $random_keys[ rand(0, 9) ]);
}
echo __LINE__ . ': ' . round(microtime(true) - $start, 5) . PHP_EOL;
$start = microtime(true);
for ($i = 0; $i < $loops; $i++) {
in_array($random_keys[ rand(0, 9) ], $array);
}
echo __LINE__ . ': ' . round(microtime(true) - $start, 5) . PHP_EOL;
$start = microtime(true);
for ($i = 0; $i < $loops; $i++) {
isset($array_flipped[ $random_keys[ rand(0, 9) ] ]);
}
echo __LINE__ . ': ' . round(microtime(true) - $start, 5) . PHP_EOL;
$start = microtime(true);
for ($i = 0; $i < $loops; $i++) {
$array_flipped = array_flip($array);
isset($array_flipped[ $random_keys[ rand(0, 9) ] ]);
}
echo __LINE__ . ': ' . round(microtime(true) - $start, 5) . PHP_EOL;
?>
Result:
5.6.31
19: 1.11484
25: 1.3109
31: 0.00237
38: 13.64204
As you can see it is important not to flip an array on-the-fly to benefit from isset.
Have you considered the possibility of doing a query on the database if $_SESSION['userrights'] exists in the database? You're already doing a query to get the list of rights in your example, why not do a query for a specific $_SESSION['userrights'] and check if there are any rows returned?
