Out of this three algorythms the sha256 is way more safer, than the other two. But the good salting is much more important then the good choice of hash method.
You should use a fix salt, wich is long enough to prevent its cracking by brute force.
You should also use a random salt, wich can be stored as plain text in the db beside the hashed password. It can be quite short, it's main aim to prevent the attacker to find the common passwords(without random salt their hashes would be the same) and (if the attacker gets the fix salt) to prevent building site specific rainbow tables.
Sample code:
define('FIX_SALT','DVlDR%UZFdsf%!gfjSEFsz5ghdf');
(..)
$hashed_pass = hash('sha256',FIX_SALT.$plain_pass.$random_salt);
$random_salt should be a short random string, and can be stored as a plain text, as I mentioned above.
You shouldn't worry about the good speed of SHA256. There is no way that any attacker can generate even 2^128 hashes, it will be impossible in the next 20 years...