PHP Performance Tips
Version 0.531

Use 'Single Quotes' rather than "Double Quotes"

Putting a string in double quotes forces PHP to check for variables in the string and substitute them. For example:

$number = 5;
echo "I have $number apples"

will show as

I have 5 apples

assuming $number's value is 5. When you put it in single quotes, you save some CPU cycles as PHP does not have to parse the string for PHP variables.

Use mysql_real_escape_string on user variables in your SQL statements

Always use this function on all user inputted variables before passing it to the mysql_query or other query functions. This prevents SQL Injection attacks.

More information on how to make use of this function can be found here

Use Session Variables to store user data

PHP comes with a powerful built in session handler that can control session based on cookies or session IDs in URLs.

Rather than implementing your own way of session handling, make use of PHP's one. More information can be found here.

Work with Magic Quotes Disabled

PHP 5 and above discourages the use of Magic Quotes for portability (code somewhere, works everywhere), performance (penalty of escaping every input) and inconvenience (un escaping variables) reasons.

Here is a piece of code that can un-magic for a server which has magic quotes enabled:

if (get_magic_quotes_gpc()) 
{
	$in = array(&$_GET, &$_POST, &$_COOKIE);
	while (list($k,$v) = each($in)) 
	{
		foreach ($v as $key => $val) 
		{
			if (!is_array($val)) 
			{
				$in[$k][$key] = stripslashes($val);
				continue;
			}
			$in[] =& $in[$k][$key];
		}
	}
	unset($in);
}

Always remember to escape all user input, as long as it is a variable that is coming from some element of the user, be it cookie, browser version, hidden field, etc.

Use PHP as a Apache Module rather than a CGI gateway

In DreamHost, I found out that the performance increase is 500% more! That was enough reason for me to downgrade to PHP 4 as Dreamhost currently only supports PHP 4 as a Apache module.

Use PHP's built-in functions whenever possible

Using custom functions are slower than invoking built-in functions.

If you have many functions that take no parameters, consider grouping them under one function and pass the function name by parameter.

Be as specific as possible when construction SQL queries

When you expect only one row, make the query such that only one row will be returned. Check whether a user is activated, for example, before including it in the query.

This provides a second level of security.

Use ob_start for long documents for extra rendering speed

ob_start buffers the whole output in memory first. We've found a 400% increase in speed when using ob_start in the beginning of the document.

It is useful for long documents, but if the document is expected to be very long, you should not invoke it as it eats up PHP's available memory.

File Access Is Faster Than Database Access

Our in house tests with a local MySQL 5 database shows that there is a 300% overall speed compromise when reading a large set of data from the database (using the readfile PHP function) as compared to reading it from the hard disk. Local file storage vs database storage, the winner is still local file storage.

With another computer to serve as a database server, this further adds more time for processing.

If you need to store large amounts of data and don't need to search through them in a table, use the MEDIUMBLOB type field to contain the data rather than the MEDIUMTEXT. Again, we've found a slight performance increase when we switched to MEDIUMBLOB for text data.

The 'mysqlnd cannot connect to MySQL 4.1+ using old authentication' error

Although not a performance tip, this error has not much solutions on the web. Here are some solutions you can try to resolve this.

If you are using phpMyAdmin 3 with this #2000 error, try entering the password as one space (' '). This is the case if your password is supposed to be blank. So if you are using the root account, you will enter root for username and a space (' ') as password when phpMyAdmin prompts you. In the config.inc.php file, the line

$cfg['Servers'][$i]['nopassword'] = true;

should be there if your account has no password. Then the password line should be

$cfg['Servers'][$i]['password'] = ' ';

with a space there. This caused me several hours to discover. Otherwise you can try the methods below.

First, check your MY.INI file inside your C:\Program Files\MySQL\MySQL Server 5.0 folder for any references to OLD_PASSWORDS or OLD-PASSWORDS. If there are such references, remove them and restart server.

Next, change the passwords using MySQL Administrator. It provides a nice GUI interface that you can use to change user passwords. Even if you are very confident of the passwords being correct, change them again so that the user password updated to the new authentication structure.

If it still doesn't work, search for libmySQL.dll and replace the libmySQL.dll with the version from C:\Program Files\MySQL\MySQL Server 5.0\bin folder. Restart your Apache server.

Post below if you have found any other solutions.

Do you have more to share? Comment below!

Last Updated 25th July 2009.

Errors? Omissions? Need Help? Know something? Post your queries in the comments below.

This document is Copyright(©) 2001-2008 by G.Ganesh. Visit Bootstrike.Com (http://bootstrike.com).