| Subcribe via RSS

Must we always escape values?

August 18th, 2008 | 6 Comments | Posted in MySQL, MySQL Performance, PHP

One of the cardinal rules of writing web applications is to escape user-generated input with functions like PHP’s real_escape_string. This is a great rule, but one that can have a negative impact on your application’s performance if used unnecessarily. For instance, when querying data with an integer parameter that is passed internally (not user-generated):

$query = "SELECT SQL_NO_CACHE * FROM `user` WHERE `user_id` = '" .
$mysqli->real_escape_string ( self::$user_id ) . "'";
$res = $mysqli->query ( $query );

The above code takes an average of 0.000922918319702 seconds to execute.

Whereas:

$query = "SELECT SQL_NO_CACHE * FROM `user` WHERE `user_id` = " . self::$user_id;
$res = $mysqli->query ( $query );

takes an average of only 0.000418901443481 seconds to execute.

Although the improvement is small (~0.0005 seconds), when your site runs millions (or tens-of-millions) of queries per day, the benefits begin to add up.

Tags:

Setting Up WordPress on FreeBSD

June 12th, 2008 | 1 Comment | Posted in FreeBSD, MySQL, PHP

I suppose that it is only fitting that my first blog post be an instructional tidbit on installing WordPress on FreeBSD. As primarily a Linux user, I find the BSD package management system tedious at times. First, version information:

FreeBSD 7
Apache 2
MySQL 5.0.51a
PHP 5.2.6

This tutorial assumes two jails; one that serves as a MySQL database server, the other that functions as the web server.

Step 1: Install MySQL

On the host that will serve as your MySQL database server, run the following commands:

bash> cd /usr/ports/databases/mysql50-scripts
bash> portinstall -pvf
bash> cd /usr/ports/databases/mysql50-client
bash> portinstall -pvf
bash> cd /usr/ports/databases/mysql50-server
bash> portinstall -pvf
bash> /usr/local/etc/rc.d/mysql-server rcvar

Add the following line to /etc/rc.conf:

mysql_enable="YES"

Issue the following commands:

bash> mysql_install_db
bash> mysql_secure_install

Add a WordPress database and user in MySQL:

bash> mysql -uroot -p
mysql> CREATE DATABASE IF NOT EXISTS `wordpress_db`;
mysql> GRANT ALL PRIVILIGES ON `wordpress_db`.* TO 'wordpress_user'@'' IDENTIFIED BY ' ';

The rest of the steps will be on your webserver:

Step 2: Install Apache

bash> cd /usr/ports/www/apache20
bash> portinstall -pvf

Step 3: Install PHP

bash> cd /usr/ports/lang/php5
bash> make config

Check the “Build Apache Module” checkbox to enable mod_php:
PHP Make Config

bash> portinstall -pvf

Step 4: Configure & Start Apache

Add the following line to /usr/local/etc/apache2/httpd.conf in the “Dynamic Shared Object (DSO) Support” section:

LoadModule php5_module libexec/apache2/libphp5.so

Start Apache:

bash> apachectl restart

Step 5: Install MySQL Client

bash> cd /usr/ports/databases/mysql50-client
bash> portinstall -pvf
bash> cd /usr/ports/databases/php5-mysqli/
bash> portinstall -pvf

Step 6: Install and Configure WordPress

bash> cd /usr/ports/www/wordpress
bash> portinstall -pvf
bash> cd /usr/local/www/data-dist/wordpress/
bash> mv wp-config-sample.php wp-config.php

Edit the following lines of wp-config.php to suit your installation (refer to step one):

define('DB_NAME', '');
define('DB_USER', '');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

define('SECRET_KEY', '');

Step 7: Perform WordPress Setup

Visit your new blog in your favorite browser and follow the simple steps. Viola! You are now running WordPress:)

Tags: