Hello! I'm a little new to PHP/MySQL and feel pretty comfortable with them, but because I'm self taught I'm not quite sure of some "best practices" that I should be aware of. I've searched around on the forums here and Google, but can't quite find what I'm looking for. If somebody could help me, that would be very appreciated!
First, I have a question about php sessions verses MySQL queries. Is it a bad thing to have many php sessions and do more database queries, or are php sessions better to do. My main concern is with performance and system resource usage. Currently, I have a login system that stores a few variables such as username, password, and user type in a session variable when they login, but I have gotten to a point where on almost every page I will need about 20 different things about the user. Would it be better to store all of these things in sessions, run a query every time they are needed, or is there another method. I would like to stay away from client-side cookies as I don't want the majority of the information to be able to be changed, and I generally have a distrust with cookies.
Secondly, I have a question about a commenting system. Is it okay to store comments in a database, or is this bad on system performance if somebody is viewing the comments and all of the comments are pulled from the database? The only other way I would know how to store comment information is in text files, but I find database integration easier. My main concern would be 20 comments on a page with 2000 characters each, and whether or not it would be okay to store all of that information in a database. On the same note, if I stored the information in text files instead, could it be easy for a hacker to change this information?
Lastly, if you have any general php best practices you feel I should be aware of when coding, I would love to hear them. Thanks for reading this, and I hope you can help.
