Astions, thank you very much for looking through my examples and raising the important point of it being a bit sluggish. I'm not sure if it's the MYSQL tables that are causing the problem though because they are almost identical to those I've used for a client's news page
http://www.diffusionpictures.co.uk/news.php, so I think the sluggish response of my new open source blog must be caused by the new PHP script.
I believe it is my security that's slowing the blog down a bit at the moment. All the data that is passed to and from the MYSQL database is filtered three times:
1) Checks whether the data added is what it should be (even the get requests you see in the url are all checked to see if they are correct) and then stores the data in an array called $clean
2) Before data is added to the tables of the database or compared with anything already there I escape any special characters that could allow someone to SQL Inject. The escaped data is stored in an array called $mysql.
3) Data drawn from the database is then filtered to remove the effect of escaping in stage 2 of my security, the code is then filtered to add any special characters required (ie &) and then my xhtml generator creates valid xhtml strict from the plain text the user entered as posts, comments etc. Data filtered from the database is stored in an array called $html.
With all the data passed through the PHP script being filtered 3 times it takes nearly 500 lines of code before anything actually happens with that data (these 500 lines do not include all the functions that are called up by each filter request).
I have read a lot of work from Chris Shiflett (including his book "Essential PHP Security") which advises that I take security seriously and said this was the best approach to improve my security. Am I taking security too seriously? It certainly seems to be affecting the performance of The Embed Blog.
Thank you again Astions for your feedback. What are your views on security? Is it worth slowing down my blog for the security testing? Should I just work on optimising the efficiency of my security tests?