As a GHOP Task , Cornil did a performance analysis of Drupal and found its two largest performance drains were the bootstrap process and the theming layer. Quite simply, Drupal spends too much time including code. [...] Fortunately, Drupal 7's self-learning code registry system has just landed, which should obliterate most of the wasted bootstrap cost.

Larry describes the "heart of it all", the token_get_all call, that parses through an entire PHP file, splitting out things like classes included and functions called. This is passed through a function_exists call to the current script and, if it's already there, the file isn't included repetitively.

Among those on the list are things like:

• Defines for configuration
• Filenaming
• If your code is public, you should try not to ridicule yourself.
• Mixing PHP and HTML

Check out the rest of the post and some of the interesting comments that follow.

When it comes to PHP security, you often think of input filtering, SQL injection prevention, XSS in user submitted content and so on. Well, forget about that. They're all pretty trivial compared to what I feel is by far the most important security issue of any web application. Read on to find out why.

Their number one thing to do to keep safe and secure? "Keep your systems updated." They point out that security a web site is one thing but securing the system that it runs on/has been developed on is another (and improperly patched, it could cause some huge problems).

Now, the best way to keep on top of potential vulnerabilities in your underlying systems is with updates. Sometimes, however, you need to go a little further. [...] Watching the web is also a good idea; major security vulnerabilities generally make it to the front page of Digg.

In this tutorial, I'll show you how to use PHP-CLI, the command line interface for PHP, to get your maintenance under control using the technologies you're already familiar with. I'll also examine some of the By the time you've finished this tutorial, you'll be able to build human-assisted backup systems, automatic report generators.

It's a pretty basic introduction that talks about what the CLI environment is and what sorts of things PHP brings to the table. They include some sample scripts to do things like database cleanup and a method for taking in human interaction via the command line.