0

So, I'm originally a native application developer (mostly C++), but I've found myself working on a small business Coding project for a friend. I'm used to self contained native applications and I'm struggling with a current problem on my project:

I have an AppInstance class in PHP which is implemented as a singleton (I've heard that most of the time this isn't really the best way to do things, and I concede this). This class contains a few basic operating parameters for the application (mostly simple strings and numbers), as well as an array of complex objects (objects composed of other objects, arrays and other members and methods). I'd like to be able to pass any/all of this application data between this original PHP script (which initializes all of the values that my program needs to run, and outputs the default HTML of my UI).

I then begin to handle user input actions with Javascript. Some of these inputs require information from the original PHP script. Because the processing of these inputs requires a bit more computation, I'd like to use AJAX to call this processing on the server (in PHP) and return the output. However, Because this processing requires some of the objects from the original PHP script, I'm trying to figure out how I should pass these objects around in the most efficient way?

I've read that I can use JSON encode to effectively serialize my objects and send them to JS (the UI in this case), and these objects can be returned to PHP (see this). But my question really is a multi-part:

  1. Would it be more efficient to perform all calculations and processing on the server (in PHP, rather than doing it all on the client-side in JS)?
  2. If the answer to #1 is "Yes", my first inclination is to serialize the PHP object to a file on the server, and have the new PHP script read and deserialize the object. Is there a more efficient method than this and,if not, should I serialize in JSON or PHP's serialize() format?

Edit: I should probably mention that some of my objects also possess resource variable, as I know this has some effect on serialization.

Community
  • 1
  • 1
Brandon S.
  • 306
  • 1
  • 4
  • 14

1 Answers1

1

In terms of efficiency I would be looking at whatever reduces the number of network (AJAX) calls, as this will usually be your largest overhead. This is hard to comment on in your case because I don't know how often a client is going to be making such calls. A bigger worry for me is security, as Javascript would be able to manipulate values it gets from the AppInstance. I personally would consider an API which only exposes actions you permit.

HenryTK
  • 1,287
  • 8
  • 11
  • The AJAX calls would be pretty prevalent, as my interface consists of a dynamic form with fields that can be added. Basically I would need to call AJAX every time the user presses the "add" button. I was afraid of this, but wanted (what I guess is) a more senior opinion. If I go with a pure JS approach (to reduce AJAX overhead), I would ideally only want the objects from the original PHP script to be readable, not editable. But what are the potential security concerns with writable objects? These variables would only be able to be changed within the source correct? – Brandon S. Mar 02 '16 at 16:06
  • 1
    I work under the assumption everything coming from the client (Javascript) is dangerous rubbish that needs to be cleaned. The concern is not with the writability of objects, it is with the validation of input from the client. Decide up front what data you want to pass to the client, and what values they are allowed to change (with server-side validation that those values are acceptable). – HenryTK Mar 02 '16 at 16:23
  • I feel like this is a good assumption and I definitely agree with your point. However, in my particular case, I don't want the user to be able to change any variables at runtime?(not sure what to call it in web, because it isn't technically running any application in the background). Rather, I just need to pass the data so that JS can read it (different parts of the UserInterface need to be generated dynamically based upon the objects' properties.). So, just sending the objects I need from PHP to JS should be enough. – Brandon S. Mar 02 '16 at 16:43
  • Unfortunately with Javascript the client can change anything at runtime. The name 'client-side script' is appropriate, because it highlights the client as the owner. You may be the person writing the Javascript, but the client owns it. As you will know from experience when somebody else owns something your application depends on your best weapon is a clearly defined interface. – HenryTK Mar 02 '16 at 17:56
  • I'm taking your comment to mean that I should make sure that my PHP objects are well encapsulated (protected properties using accessors and mutators). Such that when they are encoded, passed to JS, and then decoded, that JS can only access properties through the interfaces (accessors). Did you mean something different by your comment? Because if I do it the way I just described, JavaScript can't change the object properties, correct? – Brandon S. Mar 02 '16 at 18:33
  • Not correct. Javascript can do what it wants with your data, and your father's data, and his father before him. – HenryTK Mar 02 '16 at 19:14
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/105181/discussion-between-brandon-snider-and-henrytk). – Brandon S. Mar 02 '16 at 19:15