PHP
Introduction:
.PHP is a general-purpose server-side scripting language originally designed for Web development to produce dynamic Web pages. It is one of the first developed server-side scripting languages to be embedded into an HTML source document rather than calling an external file to process data. The code is interpreted by a Web server with a PHP processor module which generates the resulting Web page. It also has evolved to include a command-line interface capability and can be used in standalone graphical applications.[2] PHP can be deployed on most Web servers and also as a standalone shell on almost every operating system and platform free of charge.[3] A competitor to Microsoft's Active Server Pages (ASP) server-side script engine[4] and similar languages, PHP is installed on more than 20 million Web sites and 1 million Web servers.[5] Software that uses PHP includes MediaWiki, Joomla, Wordpress, Concrete5, MyBB, and Drupal. PHP was originally created by Rasmus Lerdorf in 1995. The main implementation of PHP is now produced by The PHP Group and serves as the formal reference to the PHP language.[6] PHP is free software released under the PHP License, which is incompatible with the GNU General Public License (GPL) due to restrictions on the usage of the term PHP.[7] While PHP originally stood for Personal Home Page, it is now said to stand for PHP: Hypertext Preprocessor, a recursive acronym.
History:
Rasmus Lerdorf, who wrote the original Common Gateway Interface (CGI) component together with Andi Gutmans and Zeev Suraski, who rewrote the parser that formed PHP 3 PHP development began in 1994 when the Danish/Greenlandic/Canadian programmer Rasmus Lerdorf initially created a set of Perl scripts he called
"Personal Home Page Tools" to maintain his personal homepage. The scripts performed tasks such as displaying his rsum and recording his web-page traffic.[6][9][10] Lerdorf initially announced the release of PHP on the comp.infosystems.www.authoring.cgi Usenet discussion group on June 8, 1995.[11] He rewrote these scripts as Common Gateway Interface (CGI) binaries in C, extending them to add the ability to work with Web forms and to communicate with databases and called this implementation "Personal Home Page/Forms Interpreter" or PHP/FI. PHP/FI could be used to build simple, dynamic Web applications. Lerdorf released PHP/FI as "Personal Home Page Tools (PHP Tools) version 1.0" publicly on June 8, 1995, to accelerate bug location and improve the code.[12] This release already had the basic functionality that PHP has today. This included Perl-like variables, form handling, and the ability to embed HTML. The syntax was similar to Perl but was more limited and simpler, although less consistent.[6] A development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997. On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released.[6] As of August 2008 this branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates be released.[14][15] On July 13, 2004, PHP 5 was released, powered by the new Zend Engine II.[6] PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects (PDO) extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements.[16] In 2008 PHP 5 became the only stable version under development. Late static binding had been missing from PHP and was added in version 5.3.[17][18] A new major version has been under development alongside PHP 5 for several years. This version was originally planned to be released as PHP 6 as a result of its significant changes, which included plans for full Unicode support. However, Unicode support took developers much longer to implement than originally thought, and the decision was made in March 2010[19] to move the project to a branch, with features still under development moved to trunk.
Licensing:
PHP is free software released under the PHP License, which insists that:[29] Products derived from this software may not be called "PHP", nor may "PHP" appear in their name, without prior written permission from group@php.net. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo". This restriction on use of the name PHP makes it incompatible with the GNU General Public License (GPL).[30]
Release history:
Meaning Red Release no longer supported Green Release supported Blue Future release Major Minor Release Notes version version date 1995- Officially called "Personal Home Page Tools (PHP 1 1.0.0 06-08 Tools)". This is the first use of the name "PHP".[6] 1997- Considered by its creator as the "fastest and simplest 2 2.0.0 11-01 tool" for creating dynamic Web pages.[6] Development moves from one person to multiple 19983.0.0 developers. Zeev Suraski and Andi Gutmans rewrite 06-06 the base for this version.[6] 3 2000- The latest release for PHP 3.0.x. Unsupported 3.0.18 10-20 Historical Releases 2000- Added more advanced two-stage parse/execute tag4.0.0 05-22 parsing system called the Zend engine.[31] 2001- Introduced 'superglobals' ($_GET, $_POST, 4.1.0 12-10 $_SESSION, etc.)[31] 4 Disabled register_globals by default. Data 2002- received over the network is not inserted directly into 4.2.0 04-22 the global namespace anymore, closing possible security holes in applications.[31] 4.3.0 2002- Introduced the command-line interface (CLI), to
4.4.0 4.4.9 5.0.0
12-27 200507-11 200808-07 200407-13 200511-24
supplement the CGI.[31][32] Added man pages for phpize and php-config scripts.[31] Security enhancements and bug fixes. The last release of the PHP 4.4 series.[33][34] Zend Engine II with a new object model.[35] Performance improvements with introduction of compiler variables in re-engineered PHP Engine.[35] Added PHP Data Objects (PDO) as a consistent interface for accessing databases. [36] Enabled the filter extension by default. Native JSON support.[35] End-of-life for 5.2 series [37] Fix of critical vulnerability connected to floating point. Namespace support; late static bindings, Jump label (limited goto), Native closures, Native PHP archives (phar), garbage collection for circular references, improved Windows support, sqlite3, mysqlnd as a replacement for libmysql as underlying library for the extensions that work with MySQL, fileinfo as a replacement for mime_magic for better MIME support, the Internationalization extension, and deprecation of ereg extension. Over 100 bug fixes, some of which were security fixes. Includes a large number of bug fixes. Mainly bug and security fixes; FPM SAPI. Mainly bug and security fixes; improvements to FPM SAPI. Fix of critical vulnerability connected to floating point. Over 60 bug fixes that were reported in the previous
5.1.0
200611-02 20105.2.16 12-16 20115.2.17 01-06 5.2.0
5.3.0
200906-30
5.3.1 5.3.2 5.3.3 5.3.4 5.3.5 5.3.6
200911-19 201003-04 201007-22 201012-10 201101-06 2011-
03-10 5.3.7 5.3.8 5.3.9 5.3.10 5.3.13 5.3.14 5.3.15 5.3.16 201108-18 201108-23 201201-10 201202-02 201205-08 201206-06 201207-19 201208-16
version. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related. This release fixes two issues introduced in the PHP 5.3.7 release. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related. Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. Fixed the vulnerability in CGI-based setups Number of bug fixes and security enhancements. Number of bug fixes and security enhancements. Number of bug fixes. Trait Support, short array syntax support. Removed items: register_globals, safe_mode, allow_call_time_pass_reference, session_register(), session_unregister() and session_is_registered(). Built-in web server.[38] Several improvements to existing features, performance and reduced memory requirements. Number of bug fixes and security enhancements. Security patch to fix PHP-CGI query string parameter vulnerability. Fix vulnerability in CGI-based setups and also the buffer overflow vulnerability for apache_request_headers() Number of bug fixes and security enhancements. Number of bug fixes and security enhancements.
5.4.0
201203-01
5.4.1 5.4.2 5.4.3 5.4.4 5.4.5
201204-26 201205-03 201205-08 201206-06 2012-
5.4.6
07-19 201208-16
Number of bug fixes.
6.0.0
The development of PHP 6 has been delayed because the developers have decided the current approach to handling of instance unicode is not a good one, and No date are considering alternate ways in the next version of set PHP.[39] The updates that were intended for PHP 6 were added to PHP 5.3.0 (namespace support, late static bindings, lambda functions, closures, goto) and 5.4.0 (traits, closure rebinding) instead.
Beginning on June 28, 2011, the PHP Group began following a timeline for when new versions of PHP will be released.[40] Under this timeline, at least one release should occur every month. Once per year, a minor release should occur which can include new features. Every minor release should at least have 2 years of security and bug fixes, followed by at least 1 year of only security fixes, for a total of a 3 year release process for every minor release. No new features (unless small and self contained) will be introduced into a minor release during the 3 year release process.
Usage:
PHP is a general-purpose scripting language that is especially suited to serverside web development where PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content or dynamic images used on Web sites or elsewhere.[41] It can also be used for command-line scripting and client-side graphical user interface (GUI) applications. PHP can be deployed on most Web servers, many operating systems and platforms, and can be used with many relational database management systems (RDBMS). It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.[3]
Security:
About 30% of all vulnerabilities listed on the National Vulnerability Database are linked to PHP. [55] These vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language
itself or of its core libraries are not frequent (23 in 2008, about 1% of the total).[56][57] Recognizing that programmers make mistakes, some languages include taint checking to detect automatically the lack of input validation which induces many issues. Such a feature is being developed for PHP,[58] but its inclusion in a release has been rejected several times in the past.[59][60] There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for Web hosting environments.[61] PHPIDS adds security to any PHP application to defend against intrusions. PHPIDS detects attacks based on cross-site scripting (XSS), SQL injection, header injection, directory traversal, remote file execution, remote file inclusion, and denial-of-service (DoS).[62]
Syntax:
Main article: PHP syntax and semantics <!DOCTYPE html> <meta charset=utf-8> <title>PHP Test</title> <?php echo 'Hello World'; ?> Hello world program in PHP code embedded in HTML code The PHP interpreter only executes PHP code within its delimiters. Anything outside its delimiters is not processed by PHP (although non-PHP text is still subject to control structures described in PHP code). The most common delimiters are <?php to open and ?> to close PHP sections. <script language="php"> and </script> delimiters are also available, as are the shortened forms <? or <?= (which is used to echo back a string or variable) and ?> as well as ASP-style short forms <% or <%= and %>. While short delimiters are used, they make script files less portable as support for them can be disabled in the PHP configuration, and so they are discouraged.[63] The purpose of all these delimiters is to separate PHP code from non-PHP code, including HTML.[64]
Data types:
PHP stores whole numbers in a platform-dependent range, either a 64-bit or 32-bit signed integer equivalent to the C-language long type. Unsigned integers are converted to signed values in certain situations; this behavior is different from other programming languages.[69] Integer variables can be assigned using decimal (positive and negative), octal, and hexadecimal notations. Floating point numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation.[70] PHP has a native Boolean type that is similar to the native Boolean types in Java and C++.
Functions:
PHP has hundreds of base functions and thousands more via extensions. These functions are well documented on the PHP site; however, the built-in library has a wide variety of naming conventions and inconsistencies. [73] PHP currently has no functions for thread programming, although it does support multiprocess programming on POSIX systems.[74]
PHP 5.2 and earlier:
Functions are not first-class functions and can only be referenced by their name, directly or dynamically by a variable containing the name of the function.[75] User-defined functions can be created at any time without being prototyped.[75] Functions can be defined inside code blocks, permitting a runtime decision as to whether or not a function should be defined. Function calls must use parentheses, with the exception of zero argument class constructor functions called with the PHP new operator, where parentheses are optional. PHP supports quasi-anonymous functions through the create_function() function, although they are not true anonymous functions because anonymous functions are nameless, but functions can only be referenced by name, or indirectly through a variable $function_name();, in PHP.[75]
PHP 5.3 and newer:
PHP gained support for closures. True anonymous functions are supported using the following syntax: function getAdder($x) { return function($y) use ($x) { return $x + $y; }; } $adder = getAdder(8); echo $adder(2); // prints "10" Here, the getAdder() function creates a closure using the parameter $x (the keyword use imports a variable from the lexical context), which takes an additional argument $y and returns it to the caller. Such a function is a first class object, meaning that it can be stored in a variable, passed as a parameter to other functions, etc. For more details see Lambda functions and closures RFC.
Objects:
Basic object-oriented programming functionality was added in PHP 3 and improved in PHP 4.[6] Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance.[76] In previous versions of PHP, objects were handled like value types.[76] The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes, final classes, abstract methods, and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other objectoriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with array syntax and objects implementing Iterator or IteratorAggregate can be used with the foreach language construct. There is no virtual table feature
in the engine, so static variables are bound with a name instead of a reference at compile time.[77]
Visibility of properties and methods:
The visibility of PHP properties and methods refers to visibility in PHP. It is defined using the keywords public, private, and protected. The default is public, if only var is used; var is a synonym for public. Items declared public can be accessed everywhere. protected limits access to inherited classes (and to the class that defines the item). private limits visibility only to the class that defines the item.[79] Objects of the same type have access to each other's private and protected members even though they are not the same instance. PHP's member visibility features have sometimes been described as "highly useful."[80] However, they have also sometimes been .
Speed optimization:
Main article: PHP accelerator PHP source code is compiled on-the-fly to an internal format that can be executed by the PHP engine.[82][83] In order to speed up execution time and not have to compile the PHP source code every time the Web page is accessed, PHP scripts can also be deployed in executable format using a PHP compiler. Code optimizers aim to enhance the performance of the compiled code by reducing its size, merging redundant instructions and making other changes that can reduce the execution time. With PHP, there are often opportunities for code optimization.[84] An example of a code optimizer is the eAccelerator .
Compilers:
The PHP language was originally implemented as an interpreter. Several compilers have been developed which decouple the PHP language from the interpreter. Advantages of compilation include better execution speed, static analysis, and improved interoperability with code written in other languages.[88] PHP compilers of note include Phalanger, which compiles PHP into Common Intermediate Language (CIL) byte-code, and HipHop, developed at Facebook and now available as open source, which transforms the PHP Script into C++, then compiles it, reducing server load up to 50%.
Criticism:
Some common criticisms of the PHP language include weak support for Object-oriented programming, thread safety, unit testing, exception handling, step-through debugging, domain modeling, inconsistent naming and poor performance when compared to rival frameworks and languages.[89] In the past there have been numerous security issues found within the framework. Despite numerous criticisms from computer scientists and programmers, PHP remains the most popular server-side scripting language in the world.[90] Also, there are efforts undergoing to try to improve PHP, and it has recently gained features at a rapid pace, such as JSON-inspired short array syntax, traits, function array dereferencing,[91] and features such as generators are to be implemented in future versions,[92] as well as the removal of some bad features such as "magic quotes".[93]
Resources:
PHP includes free and open source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing File Transfer Protocol (FTP) servers, many database servers, embedded SQL libraries such as embedded PostgreSQL, MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as those in the stdio family are available in the standard PHP build.[94] PHP allows developers to write extensions in C to add functionality to the PHP language. These can then be compiled into PHP or loaded dynamically at runtime. Extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Some more unusual features include integration with Internet Relay Chat, dynamic generation of images and Adobe Flash content, and even speech synthesis. The language's core functions such as those dealing with strings and arrays are also implemented as an extension.[95] The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.[96] Zend provides a certification exam for programmers to become certified PHP developers.