Jonathan Hilgeman

Everything complex is made up of simpler things.

Archive for the ‘Uncategorized’ Category

Use filter_var to Strip Out Non-Digit Characters

Here’s a fun tidbit – how many times have you used a simple regular expression like this:

$x = preg_replace("/[^0-9]/","", $y);

…to quickly strip out all non-digit characters in a string? I’ve done it probably a hundred times over the years, but I ran across a script today that was packed FULL of code that used regular expressions where they didn’t need to be used, and it was taking about 100 milliseconds to run on each loop (and there were thousands of loops).

I know the character-by-character parsing in C# is extremely fast, so I first tried to do the same thing with a user function in PHP like this:

function stripNonDigits($str)
  $new = "";
  $len = strlen($str);
  for($i = 0; $i < $len; $i++)
    $c = $str[$i];
    if(($c >= '0') || ($c <= '9'))
      $new .= $c;
  return $new;

I assumed that wasn’t going to work all that well since it wasn’t compiled code, and I was right. The overhead alone from calling a user function almost surpassed the regex performance times, and once I added in the character comparison and string concatenation, it was all over. It was way slower than regex (over 2x as slow)!

I then figured that PHP had to have a way to do this, and I remembered filter_var had a filter for integer numbers, although it didn’t strip out + or – signs, so I set up another test where the filtering line was just:

$signs = array("-","+");
$x = str_replace($signs,"",filter_var($y, FILTER_SANITIZE_NUMBER_INT));

The result was blistering faster compared to preg_replace. I ran the same code against a variety of data sources – from 64-byte strings to 256k strings, and filter_var() consistently outperformed all other methods. The only way I can think of to get better performance is to build a custom PHP extension that would strip out the plus and minus signs as well, but this is about as good as we can get it using standard PHP functionality.

So next time you reach for regex, check out filter_var() first!




Quick Summary

One of the best investments I ever made was to pony up a few extra bucks over a decade ago to buy the lifetime license for UltraEdit. It’s lightning fast, has more features than a dozen Swiss army knives, has fantastic, responsive and personal support (no outsourced tech support that claims their name is “Ken” and only responds with canned messages), and is just a an all-around fantastic editor for anything text-based (code, XML, etc).

All the basic stuff you’d expect from any decent code editor is in there (syntax highlighting, expandable/collapsible sections, bookmarking lines, etc…), but UE takes it many steps further.

Do you work with XML documents often? Use built-in tools to navigate through XML documents easily, quickly and reliably reformat / prettify them in a click, and more!

Need to edit or view a document in hex? Just hit Ctrl+H to toggle between the views (it auto-defaults to hex for binary files).

Need support for different character sets or want to convert between them? It’s a matter of selecting the desired character set from a dropdown.

Did Windows blue-screen while you were editing a document? No worries – UE keeps draft copies automatically and recovers them for you on the next startup.

Want to edit in columns (e.g. add a comma before 1000 lines all at once)? No problem – switch to column edit mode.

Need powerful search-and-replace functionality that works with different regex engines and also supports filesystem searches? UE’s got that.

Need macros? Not a problem, and hotkeys make it a breeze to do quick recording and repeated playback. There’s a full macro editor for more advanced functionality.

Want to define your own custom commands? Easy.

Want an ASCII table? Yeah, that’s built in.

Need integrated SFTP, SSH, and similar file transfer support? Yeah, that’s also built in so you can edit a file, hit save, and have it auto-upload.

Need to edit HUGE, multi-gigabyte files? No problem.

Need easy-to-navigate file tabs? That’s a default.

Want to compare two files? That’s built in, and it’ll even guess the right files you want to compare based on filename similarity!

And there’s a lot more not covered here, and even more getting added with every version. It’s an absolutely fantastic editor.

Yes, you can get SOME of this via some open-source editors like Notepad++ and I have to use some of those editors on client machines sometimes. There’s just no comparison in terms of how refined UltraEdit is compared to other editors. This is a tool that would be extremely difficult to live without on a day-to-day basis.

Unfortunately, I don’t think they offer lifetime licenses anymore, but it’s well worth the money to own a copy of this if you’re a developer!

Security Task Manager



Quick Summary

When I’m checking out a system for malware, one of my first stops is to install Neuber’s Security Task Manager. I came across this little gem several years ago, when a client asked me to investigate the “Case of the Missing Space”. Basically, their drives were constantly losing free space, and none of the regular tools like TreeSize were able to determine where the massive amounts of used bytes were, and the regular task manager wasn’t showing any weird activity, but the server was acting very strange.

I finally came across Security Task Manager and gave it a go on the server. It instantly picked up a stealth process that was running Java. The process had created folders that were invisible and serving up German pirated movies via FTP. Using that information, cleanup was a snap!

What Does It Do?

The app basically does a thorough analysis of running programs and rates their risk based on behaviors (e.g. invisible windows, ability to record keystrokes, etc…) and also takes publisher information into account (e.g. core Windows processes that “act” suspicious aren’t thrown to the top of the list) and also community-based ratings. It’s still up to you to determine whether or not a process is malicious or not. There are many valid processes (e.g. MySQL server, some browser plugins, etc) that will get rated as risky, but are safe.

However, it’s a great way to quickly get a snapshot of the riskiest running processes in the system, including processes that might be hidden from the normal Windows task manager.

Hiding TreeNodes in C#


In a recent project, I was building out a TreeView control that could be searched and filtered. One of the primary problems was that there was no proper way to hide a TreeNode temporarily. The solution was fairly simple, though, and performed very well.

1. I started by created a new class that extended the base TreeView class.

2. Inside the new class, I defined a public TreeView called tvHidden, which held the nodes that were temporarily hidden.

3. I then added two public methods, Hide and Show, which both accepted a TreeNode as a parameter.

4. In the Hide method, I used the TreeNode’s Tag to store a reference to the original parent (Node.Parent), then removed the node from its current collection and added it to the tvHidden Nodes collection.

5. In the Show method, I removed the node from its current collection, then cast the Node.Tag back to its proper original TreeView or TreeNode value, and then added the node object back into that parent’s Nodes collection.

Presto! A simple, efficient solution for temporarily hiding TreeNodes!

The full version of the class implements a custom structure to stuff more custom data into the Node.Tag property, a Dictionary to look up nodes by name (no matter which TreeView they’re in), and support for copying parent structures.