1

I want to improve performance in my PHP code.

I have a login script which creates a session and assigns username and password

$_SESSION['name'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];

I have my main script with many functions which query the db with

$servername = "localhost";  $username = $_SESSION['name'];  
$password = $_SESSION['password'];  $dbname = "database";
$conn = new mysqli($servername, $username, $password, $dbname);

Is there better way than creating a new connection in every function?

new mysqli($servername, $username, $password, $dbname)

Do new mysqli connections slow the performance uneccessarily when I have a session?

Could I for example declare a global $conn and reuse it in every function?

Dharman
  • 21,838
  • 18
  • 57
  • 107
barnyard
  • 37
  • 6

1 Answers1

1

in php, globals can be a bit of a debate, check out this post for example: Are global variables in PHP considered bad practice? If so, why? .

Personally I am in the globals are bad camp. You shouldn't need to create a new connection for every function. Ideally (in my opinion at least) you should create a single connection object and then pass that around your program (i.e. dependency injection https://codeinphp.github.io/post/dependency-injection-in-php/).

If you're not currently using OOP then this would be as simple as defining it as a parameter e.g.

functionName(String $var1, int $var2, mysqli $conn) {
   //do your stuff
  
}

Do new mysqli connections slow the performance unnecessarily when I have a session?

It depends. The session should be used for persisting data across scripts, so you should be wary of what you store in there but yes you can use it to save you making requests on every page. Then you can just use isset($_SESSION['your-session-name']) to check whether or not you need to do the call

I would strongly advise against doing this:

$_SESSION['name'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];

firstly, you're not sanitising your data at all - remember you can never trust data from anywhere. Secondly passwords shouldn't be stored in the session and shouldn't be saved in plain text anywhere, and thirdly the log in details to your site shouldn't be the same as the credentials to your database. Database credentials should come from an independent source such as a .env of .ini file - this should also not be saved in your version control

imposterSyndrome
  • 876
  • 1
  • 7
  • 17
  • 1
    Thank you @jameson2012 - much appreciated – barnyard Nov 01 '20 at 13:59
  • I've created a function to check if static $conn is Null or create new connection - less code repetition but no performance improvement. Thanks for also highlighting the password vulnerability... – barnyard Nov 01 '20 at 14:16
  • @barnyard you're not likely to notice any performance. Think of how quickly a script executes. You are (i'm assuming) working on a local machine where you have exclusive access to the database. The difference in this environment is almost none (as you have noticed). But imagine you have a large scale app with millions of users making millions of connections per minute. This is where you would see an improvement. That's not to say you shouldn't consider it now though, it's better to have it scale and focus on more fun stuff then have it crumble because you didn't plan at all – imposterSyndrome Nov 03 '20 at 21:26
  • thanks for that extra detail - I actually have it on a web server now and didn't notice a time difference but the test was very casual and in a test not live env as you've highlighted – barnyard Nov 05 '20 at 11:03