sleep
and usleep
pause PHP execution for the amount of time requested in argument (first in seconds, second in micro-seconds). During that time, PHP will hang, and keep all its resources opened.
Most of the time, sleep
and usleep
are not desirable, as speed is paramount. They are sometimes used for security reasons, so as to slow down any attack : for example, on a login script, any check of login/password combination will be slowed a little so as to make any brute force attack useless.
The security risk lies in the pause : the sleep
function won't prevent the same user to send a lot of other queries, and once all those queries are sleeping for several seconds, then the server will time out.
It is recommended to avoid using sleep
and usleep
within web applications.
Any usage of sleep
is suspect and should be reviewed.
<?php
if (!user_login($user, $pass)) {
sleep(2);
}
?>
CLI applications may have valid use of sleep
and usleep
.