Here’s what I currently use to determine how long it takes to generate a page in PHP. Its only 8 lines of code.

A good practice is to check input strings to make sure users don’t put in mySQL commands in your server. For instance, if a username or password POST variable isn’t filtered, there is a potential for an injection like ‘OR myusername=’. In the past, I’ve been using my own PHP toolkit to “clean” the input variables. But recently, I began searching to see if there are a built-in solution in PHP for this, especially since I’m converting a script written in Python that had the filter MySQLdb.escape_string. Enter mysql_real_escape_string()

$unixseconds = strtotime($mysqldate);

For instance, you can use this to write a timeout script for login failures. Usually, a system should lock after 3-5 consecutive failed login attempts. I save the timestamp after the 5th consecutive login failure, then run a check on this timestamp if the current time is within the ~5-10 minute lockout window. 5 minutes is 300 seconds, 10 minutes is 600 seconds.

Validating the date in MySQL should be done using preg_match since ereg_* functions will be removed in PHP 6.

More info on PHP 6 changes: http://wiki.php.net/todo/php60 It appears there will be a module that you can use to utilize existing ereg expressions, so that’ll buy some time to port code from ereg* to preg*.
function isValidDate($date){

if (preg_match (“/^([0-9]{4})-([0-9]{2})-([0-9]{2})$/”, $date))
{

return true;
}
else{
return false;
}

}

If you have older scripts, you may encounter warning messages such as “Notice: Undefined variable: ”

As a standard practice, you should define variables in PHP by putting in the variable name = FALSE;
$myvar = FALSE;

This is primarily for local variable names that aren’t passed in through a $_REQUEST or $_POST, etc.

I found a useful script in PHP that can be used for checking uptime of a server. It can be useful for checking when the servers have a such a significant load that pages can’t be displayed. The benefit or running it locally is that I can configure the script to perform failover functionality if necessary. Online uptime services are good too, but most of them aren’t free. Maybe I should force the server to show a failwhale when the site gets too busy… j/k

Here’s the link to the script.
http://www.programmingtalk.com/showthread.php?t=34999

// the URL you want to ...