Just launched a new website - feedback?

[ArmyofHarmony]

Hi guys,

I've just launched a new website UsefulStats:

http://www.usefulstats.com

As someone that works in marketing, I regularly need to find statistics I can throw into presentations when pitching clients. I figured that having a central source of these statistics (about any topic) would be quite useful.

I paid some company in India to do the design and front-end coding. I then coded the backend myself.

Feedback appreciated! I haven't shared the site widely yet as I'm still getting some initial stats uploaded. Anyone is free to sign up and submit their own statistics, though they will have to be vetted by me before they become searchable / shown on the homepage.

Do you like the concept?

Cheers

 

[GravyMonster]

I love the concept

I'd be interested to hear what kind of back-end infrastructure you're using, as I can imagine if this picks up you'll be receiving a lot of traffic.

 

[xbenjiiman]

I like the concept too, are you scraping or adding manually?

Also are your images cached or are they being generated on-the-fly with GD? They're loading pretty slowly for me.

I love the concept

I'd be interested to hear what kind of back-end infrastructure you're using, as I can imagine if this picks up you'll be receiving a lot of traffic.

It's PHP, doesn't look like any frameworks either.

Btw OP, might want to move away from MYSQL_ functions, since they're deprecated.

Also,

http://www.usefulstats.com/include/moreresults.php?lowerlimit=10'

 

[Aston998]

I like the concept too

 

[ArmyofHarmony]

I like the concept too, are you scraping or adding manually?

Also are your images cached or are they being generated on-the-fly with GD? They're loading pretty slowly for me.



It's PHP, doesn't look like any frameworks either.

Btw OP, might want to move away from MYSQL_ functions, since they're deprecated.

Also,

http://www.usefulstats.com/include/moreresults.php?lowerlimit=10'

Thanks for the feedback - how did you trigger that error specifically?

I'm not a developer by trade but i've bashed this together using what PHP and mySQL I know. I didn't realise those functions were deprecated!!


Images are loaded on the fly using GD... any ideas how i can optimise this? I've done this so that people can paste a link on facebook and a big image would appear in the newsfeed. Problem is, the image takes so long to load, a smaller image often appears in the first instance.

i've hired someone full time (not in the UK of course!) to find stats and populate the site initially. The aim is that the public will add stats themselves. I'd love to build a scraper to hunt down stats manually but this is beyond my ability right now.

 

[ArmyofHarmony]

I love the concept

I'd be interested to hear what kind of back-end infrastructure you're using, as I can imagine if this picks up you'll be receiving a lot of traffic.

Thanks for the feedback.

I have a VPS with heartinternet that this is sitting on... i'm hoping this is sufficient for now. I can upweight the amount of RAM/CPUs on the fly if needed.

I'm not too hot on hosting etc. so will probably do some load testing just in case to see how the site handles more traffic.

 

[GravyMonster]

Images are loaded on the fly using GD... any ideas how i can optimise this? I've done this so that people can paste a link on facebook and a big image would appear in the newsfeed. Problem is, the image takes so long to load, a smaller image often appears in the first instance.

The GD library is notoriously slow. I'm not sure about an alternative library to use, but you could certainly cache the images once they are first generated (as the stat itself won't change) so that you could serve subsequent requests for the image instantly.

If you do get traffic issues, look at moving to Azure or EC2. I would also suggest having a unified API sitting on top of a TableStorage/DocumentDB system which is separate from the website. I'm sure PHP/mySQL will be fine for starting out with though.

 

[ArmyofHarmony]

I noticed quite a few people have searched for SQL statements etc.

I take it i've covered off the security here aspects here?

Also not sure why <script>alert("test");</script> seems to screw up the page.

 

[ArmyofHarmony]

The GD library is notoriously slow. I'm not sure about an alternative library to use, but you could certainly cache the images once they are first generated (as the stat itself won't change) so that you could serve subsequent requests for the image instantly.

THat's a good idea. Any ideas how to do it?

 

[GravyMonster]

Not sure on the specifics as I'm a C#/MVC/WebApi guy, not PHP.

 

[xbenjiiman]

Thanks for the feedback - how did you trigger that error specifically?

I'm not a developer by trade but i've bashed this together using what PHP and mySQL I know. I didn't realise those functions were deprecated!!


Images are loaded on the fly using GD... any ideas how i can optimise this? I've done this so that people can paste a link on facebook and a big image would appear in the newsfeed. Problem is, the image takes so long to load, a smaller image often appears in the first instance.

i've hired someone full time (not in the UK of course!) to find stats and populate the site initially. The aim is that the public will add stats themselves. I'd love to build a scraper to hunt down stats manually but this is beyond my ability right now.

The error is a simple test of SQL injection. %27 is a '. I'd suggest moving to PDO, or MYSQLi if you're not familiar with object-orientated programming.

GD is very able, though it is very slow. You could generate the image and save it to a file and save the file path to the database. Then just reference the image from the database when you want to display it.

 

[xbenjiiman]

I noticed quite a few people have searched for SQL statements etc.

I take it i've covered off the security here aspects here?

Also not sure why <script>alert("test");</script> seems to screw up the page.

XSS. Consider the strip_tags function. Just simply escaping the quotes is not enough.

 

[fez]

If you are serving different sized images I would take a master image and then decide what resizes you are prepared to offer. You don't need to create a resize on the fly for every screen size.

You store the master image on the server and reference the path in the db record. You then have a folder with resizes in it.

You can then do one of two things:

When a user comes to your site you check the size of image they need and check your resizes folder to see if that resize exists for the requested image. If it does, serve that, if not, create it then serve it.

The second option is just to create all the resizes when you first save the master image. Both methods have downsides but they are minimal and based on whether speed or server storage is more important.

 

[kola]

i've hired someone full time (not in the UK of course!) to find stats and populate the site initially. The aim is that the public will add stats themselves. I'd love to build a scraper to hunt down stats manually but this is beyond my ability right now.

so stupid question why would the public add stats themselves ?

 

[touch]

so stupid question why would the public add stats themselves ?

For the same reasons they add answers to stackoverflow or add content to wikipedia?

 

[visibleman]

The second option is just to create all the resizes when you first save the master image.

As Fez mentions, you'd create a range of sizes and serve the user the closest and the range can be determined from using analytics, which over time will give you an idea of the devices/sites you need to cater for.

Either way, moving to serving static images rather than generating them on-the-fly is the best way to go as it'll reduce the server's workload; plus it opens you up to options like CDN's etc if need be.

XSS. Consider the strip_tags function.

I would perhaps recommend going one step further and using a module like HTML Purifier, although this does massively depend on the data and a strip_tags() + htmlspecialchars() combo might be perfectly adequate.

 

[ArmyofHarmony]

If you are serving different sized images I would take a master image and then decide what resizes you are prepared to offer. You don't need to create a resize on the fly for every screen size.

You store the master image on the server and reference the path in the db record. You then have a folder with resizes in it.

You can then do one of two things:

When a user comes to your site you check the size of image they need and check your resizes folder to see if that resize exists for the requested image. If it does, serve that, if not, create it then serve it.

The second option is just to create all the resizes when you first save the master image. Both methods have downsides but they are minimal and based on whether speed or server storage is more important.

Sounds like a good idea... will put that on the to do list!

Just spent the evening working on the other suggestion. Now when a statistic is submitted, I generate an image, save it to a png on the server and use that image instead of the GD generated one.

Seems to work a lot better now!

 

[ArmyofHarmony]

As Fez mentions, you'd create a range of sizes and serve the user the closest and the range can be determined from using analytics, which over time will give you an idea of the devices/sites you need to cater for.

Either way, moving to serving static images rather than generating them on-the-fly is the best way to go as it'll reduce the server's workload; plus it opens you up to options like CDN's etc if need be.




I would perhaps recommend going one step further and using a module like HTML Purifier, although this does massively depend on the data and a strip_tags() + htmlspecialchars() combo might be perfectly adequate.

Strip_tags has seemed to work well. Going to have to clue myself up on the more advanced stuff soon