Adrien Poupa

Software Engineering student

Menu Close

Category: PHP

An empirical study of performance in Laravel applications

As part of my Software Verification and Testing class at Concordia University, my team and I chose to study empirically the performance of some popular Laravel applications. The goal was to replicate the paper “How not to structure your database-backed web applications: a study of performance bugs in the wild” by Junwen Yang et al.

This paper, focused on the Ruby ecosystem, found that ORM API misuses such as inefficient queries, lack of pagination, inefficient eager loading or lazy loading were common causes for performance degradation. They also found that databases exhibited some design problems such as missing fields or indexes. To find such defects, they identified 12 popular Ruby applications and filled them with dummy data – 200 records, 2,000 and 20,000 records. They recorded performance issues, applied fixes and compared the results before and after applying them.

Thus, to apply a similar approach to the PHP ecosystem, we chose Attendize, Cachet and Monica as they are popular open-source Laravel applications. Attendize is a ticket selling and event management platform, Cachet is a status page system and Monica is a personal CRM.

Read more

Laravel : envoi du token CSRF lors d’un appel Ajax

Lors d’une requête POST en Ajax sous Laravel 5, il faut passer le jeton CSRF sous peine de recevoir une erreur de TokenMismatch, la protection contre les failles CSRF s’activant. Pour ce faire, je ne trouve pas la documentation très simple, alors qu’il suffit de passer l’attribut ‘_token’ dans le champ data (sous jQuery).

Ainsi, il n’y a qu’une ligne à rajouter :

$.ajax({
	type: "POST",
	url: "{{ url('/votre-url') }}",
	data: {
		...
		_token: "{!! csrf_token() !!}"
	}
})

Une alternative consiste à rajouter le champ complet contenant le jeton dans le fichier de template adéquat :

{!! csrf_field() !!}

Puis de recopier un code similaire au précédent, à ceci près qu’il ira chercher le code rajouté plus haut dans la page :

$.ajax({
	type: "POST",
	url: "{{ url('/votre-url') }}",
	data: {
		...
		_token: $('meta[name="csrf-token"]').attr('content')
	}
})

© 2019 Adrien Poupa. All rights reserved.

Theme by Anders Norén.