Misplaced Pages

PHP: Difference between revisions

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 09:02, 24 June 2006 edit59.92.241.165 (talk)No edit summary← Previous edit Revision as of 09:02, 24 June 2006 edit undoTawkerbot4 (talk | contribs)21,149 editsm BOT - rv 59.92.241.165 (talk) to last version by AntiVandalBotNext edit →
Line 1: Line 1:
{{Infobox Software
|name = ]
|caption = PHP logo
|developer = The PHP Group
|latest_release_version = 5.1.4 / <small>May 4, 2006</small><br /> 4.4.2
|latest_release_date = <small>January 13, 2006</small>
|operating_system = ]
|genre = ]
|license =
|website =
}}
{{otheruses|PHP}}
'''PHP''' is an ], ] ]. Originally designed as a high-level tool for producing ], PHP is used mainly in ] ].

==History==
PHP was originally designed as a small set of ] scripts, followed by a rewritten set of ] binaries written in ] by the Danish-Canadian programmer ] in 1994 to display his résumé and to collect certain data, such as how much traffic his page was receiving. "'''P'''ersonal '''H'''ome '''P'''age Tools" was on 8 June 1995 after Lerdorf combined it with his own '''F'''orm '''I'''nterpreter to create PHP/FI.

] and ], two Israeli developers at the ], rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the ] "'''P'''HP: ] ]". The development team officially released PHP/FI 2 in November 1997 after months of ] testing. Public testing of PHP 3 began immediately and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the ] in 1999.<ref> states that PHP 3 was powered by Zend Engine 0.5.</ref> They also founded ] in ], Israel, which has since overseen PHP development.

In May 2000, PHP 4, powered by the Zend Engine 1.0, was released.

On July 13 2004, PHP 5 was released, powered by Zend Engine II. PHP 5 includes new features such as ] and more performance enhancements taking advantage of the new engine.

==Usage==

PHP generally runs on a web server, taking PHP code as its input and creating Web pages as output.

When running server-side, the PHP model can be seen as an alternative to ] ]/]/] system, ]'s ], ]' ], ], ] and the ] framework. To more directly compete with the "framework" approach taken by these systems, Zend are working on the ] - an emerging (as of June 2006) set of PHP building blocks and best practices.

The ] architecture has become popular in the Web industry as a way of deploying inexpensive, reliable, scalable, secure web applications. PHP is commonly used as the ''P'' in this bundle alongside ], ] and ]. PHP can be used with a large number of ]s, runs on all of the most popular ]s and is available for many different operating systems. This flexibility means that PHP has a wide installation base across the Internet; PHP is one of the most popular programming languages for implementing websites
with over 20 million Internet domains using PHP<ref>http://www.php.net/usage.php</ref>.

Examples of popular server-side PHP applications include ], ] and ].

More recently, PHP has been adapted to provide a ], as well as ] libraries such as ] and text mode libraries like ] in order to facilitate development of a broader range of software. As PHP is higher-level than ], its use on the command line is desirable for some automation tasks that shell scripting has traditionally been used for.

==Syntax==
{{wikibookspar|Programming|PHP}}

PHP was originally designed to be used in conjunction with a web server, and acts as a ] which takes a file containing text and special PHP instructions and converts it to another form for display.

Here is a ] code example:

<?php
echo 'Hello, World!';
?>

The <?php ?> tags are ] which tell PHP to treat anything contained within as PHP code and to act on it.

A slightly less verbose "Hello World" program in PHP is:

<?='Hello, World!'?>

This example relies on PHP's 'short_open_tag' option being set to true. This may cause other problems in certain data — the character sequence <? is used to signify the start of other processing instructions such as the XML <?xml version="1.0" ?> header statement.

PHP ignores any text outside of its delimiter tags. Thus, the examples above are equivalent to the following text (and indeed are converted into this form):

Hello, World!

The primary use of this is to allow PHP statements to be embedded within HTML documents. PHP processes any delimited code in the page initially, thus handing the web server a file which consists entirely of HTML.

Variables are prefixed with a dollar symbol and no ] need be specified in advance. Variables are, subject to certain rules, evaluated in a string context.

PHP treats new lines as ], in the manner of a ] (except when inside string quotes). Statements are terminated by a semicolon, except in a few special cases.

PHP has three types of comment syntax: it allows multi-line comments using the /* */ construction as in C, and also allows comments which terminate at the end of the line using the // and # characters (as in C++ and Perl respectively).

===Data types===

PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Portable code should not assume that values outside this range can be represented in an integer variable. Integer variables can be assigned using decimal (positive and negative), ] and ] notations. ] are also stored in a platform-specific range. They can be specified using ] notation, or two forms of ].

PHP has a native ] type, named "boolean", similar to the native Boolean types in ] and ]. Using the Boolean type conversion rules, non-zero values can be intepreted as true and zero as false, as in Perl and C.

The Null data type represents a variable that has no value. The only value in the Null data type is NULL.

Arrays are heterogeneous, meaning a single array can contain objects of more than one type. They can contain any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in ] with both keys and values, and the two can be intermingled.

Variables of type "resource" represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension. Examples include file, image and database resources.

===Objects===

Up until version 3, PHP had no ] features. Basic object functionality was added in version 3. The same semantics were implemented in PHP 4 as well as ] and return-by-reference for objects but the implementation still lacked the powerful and useful features of other object-oriented languages like ] and Java.

PHP's handling of objects was completely rewritten for PHP 5, allowing for better performance and more features. In previous versions of PHP, objects were handled like ]s. The drawback of this method was that semantically the whole object was copied when a variable was assigned, or passed as a parameter to a method. In the new approach, objects are referenced by ], and not by value. PHP 5 introduced private and protected ]s and methods, along with ] and ]s. It also introduced a standard way of declaring ] and ]s similar to that of other object-oriented languages, such as C++.

PHP 4 had no ]. PHP 5 introduces an exception model similar to that of other programming languages.

It should be noted that the static method and class variable features in Zend Engine 2 do not work the way some expect. There is no ] feature in the Engine, so the ]s are bound with a name at compile time instead of with a reference.

If the developer asks to create a copy of an object by using the reserved word ''clone'', the Zend engine will check if a <code>__clone()</code> method has been defined or not. If not, it will call a default <code>__clone()</code> which will copy all of the object's properties. If a <code>__clone()</code> method is defined, then it will be responsible to set the necessary properties in the created object. For convenience, the engine will supply a function that imports all of the properties from the source object, so that they can start with a by-value ] of the source object, and only override properties that need to be changed.

==Resources==
===Libraries===
{{main|List of PHP libraries}}

PHP includes a large number of free and open-source libraries with the core build. PHP is a fundamentally ]-aware system with modules built in for accessing ] servers, many database servers, embedded SQL libraries like embedded ] and ], ] servers, and others. Many functions familiar to ] programmers such as the <tt>printf</tt> family are available in the standard PHP build.

PHP ]s exist which, among other features, add support for the ], process management on ] ]s, ], and several popular ]. Some of the more unusual features are on-the-fly ] generation, integration with ], and generation of dynamic images (where the content of the image can be changed). Some additional extensions are available via the ].

===Source code encoders===
Encoders offer some source code security and enable ] by hindering source code ]. PHP scripts are compiled into native ]. The downside of this approach is that a special extension has to be installed on the server in order to run encoded scripts.

==Support==
PHP has a formal development manual that is maintained by the open source community. In addition, answers to most questions can often be found by doing a simple internet search. PHP users assist each other through various media such as chat, forums, newsgroups and PHP developer web sites. In turn, the PHP development team actively participates in such communities, garnering assistance from them in their own development effort (PHP itself) and providing assistance to them as well. There are many help resources available for the novice PHP programmer.

==Criticism==
Criticisms of PHP include those general criticisms ascribed to other ]s and ]. Some specific criticisms of PHP include the following:

*PHP does not enforce the declaration of variables prior to their use, and variables which have not been initialized can have operations (such as concatenation) performed on them; an operation on an uninitialized variable raises an E_NOTICE level error, but this is hidden by default.
*Method / function overloading is not allowed (''Obsolete since PHP5'').
*PHP's type checking is so loose as to be occasionally unenforcable. Variables in PHP are not limited to one type. It is possible to assign an integer value to the variable $Q, then assign a string value, and then assign an array to it. This can often lead to difficult-to-debug code. Type checking using the == operator is not strict, necessitating the === operator to ensure a type match. Functions are also not allowed to (directly) force the types of their arguments (PHP 5 improves on this, by adding the ability to force a function argument to be an array or an object of a certain class). Some functions have inconsistent output, with functions intended to return Boolean FALSE also returning non-Boolean values which evaluate to FALSE, such as 0 or "".
*PHP has no ] support, with all PHP functions share the same global namespace. The standard function library is criticised for its size and lack of internal consistency - There are over 3,000 "built-in" functions in the standard PHP distribution, with many only becoming available when PHP is linked against the required libraries. Many functions perform the same actions, but with slightly different input or results or syntax; there is little internal consistency regarding function argument order; functions have no standard naming convention, with use of underscores in names, verb/noun ordering and reference to parent libraries varying heavily. This is said to make it difficult to program in the language without the frequent consultation of a reference work.
*PHP contains a "magic quotes" feature which inserts backslashes into user input strings. The feature was introduced to prevent code written by beginners from being dangerous (such as in ] attacks), but some criticize it for frequently causing improperly displayed text or encouraging beginners to write PHP which is vulnerable to injection attacks when used on a system with it turned off. (''Obsolete in PHP6'')
*If 'register_globals' is enabled in PHP's configuration file, PHP automatically puts the values of ], ], ] and ] ] into standard variables, which can be a significant security risk for scripts that assume those variables are undefined. Other languages, such as ], include functionality to detect and clean harmful ] or other malicious code automatically, whereas PHP does not. (''Obsolete in PHP6'')
*In the majority of cases, ] webservers with PHP installed (using mod_php) typically run PHP scripts as "nobody", which can make file security in a shared hosting environment difficult. PHP's "Safe Mode" can emulate the security behavior of the OS to partially overcome this problem, but this is considered an imperfect solution).
*The many settings in the PHP interpreter's configuration file (''php.ini'') mean that code that works with one installation of PHP might not work with another. For example, if code is written to work with register_globals turned on, it won't work on another system that has register_globals turned off. This makes writing portable code more difficult as the only way to ensure compatibility is to assume that features will be unavailable.
*Some PHP extensions use libraries that are not ], so rendering with ]'s ] MPM (multi-processing module) may cause crashes.
*PHP does not have native support for ] or multibyte strings (''Obsolete in PHP6'').

==See also==
{{portalpar|Free software}}
* ]
* ]
* ]
* ]

==Footnotes==
<div class="references-small">
<references />
</div>

==References==
*Jason E. Sweat. Guide to PHP Design Patterns. PHP|architect, 2005. ISBN 0973589825.
*Ilia Alshanetsky. Guide to PHP Security. PHP|architect, 2005. ISBN 0973862106.
*Chris Shiflett. Essential PHP Security. O'Reilly Media, 2005. ISBN 059600656X.
*Larry Ullman. PHP and MySQL for Dynamic Web Sites. Peachpit Press, 1st edition, 2003. ISBN 0321186486.

==External links==

*
*
* — International group of PHP experts dedicated to promoting secure programming practices.
* — The Web Application Component Toolkit's wiki page on PHP security resources.
* — Group of security experts developing a modification to PHP to protect it against known and unknown attacks.
* newsgroup
*

]
]
]
]
]
]
]
]
]

]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]
]

Revision as of 09:02, 24 June 2006

PHP
Developer(s)The PHP Group
Stable release5.1.4 / May 4, 2006
4.4.2 / January 13, 2006
Repository
Operating systemCross-platform
TypeScripting language
LicensePHP License 3.01
Websitewww.php.net
For other uses, see PHP.

PHP is an open-source, reflective programming language. Originally designed as a high-level tool for producing dynamic web content, PHP is used mainly in server-side applications.

History

PHP was originally designed as a small set of Perl scripts, followed by a rewritten set of CGI binaries written in C by the Danish-Canadian programmer Rasmus Lerdorf in 1994 to display his résumé and to collect certain data, such as how much traffic his page was receiving. "Personal Home Page Tools" was publicly released on 8 June 1995 after Lerdorf combined it with his own Form Interpreter to create PHP/FI.

Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion - Israel Institute of Technology, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive acronym "PHP: Hypertext Preprocessor". The development team officially released PHP/FI 2 in November 1997 after months of beta testing. Public testing of PHP 3 began immediately and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend engine in 1999. They also founded Zend Technologies in Ramat Gan, Israel, which has since overseen PHP development.

In May 2000, PHP 4, powered by the Zend Engine 1.0, was released.

On July 13 2004, PHP 5 was released, powered by Zend Engine II. PHP 5 includes new features such as PHP Data Objects and more performance enhancements taking advantage of the new engine.

Usage

PHP generally runs on a web server, taking PHP code as its input and creating Web pages as output.

When running server-side, the PHP model can be seen as an alternative to Microsoft's ASP.NET/C#/VB.NET system, Macromedia's ColdFusion, Sun Microsystems' JSP, Zope, mod_perl and the Ruby on Rails framework. To more directly compete with the "framework" approach taken by these systems, Zend are working on the Zend Framework - an emerging (as of June 2006) set of PHP building blocks and best practices.

The LAMP architecture has become popular in the Web industry as a way of deploying inexpensive, reliable, scalable, secure web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL. PHP can be used with a large number of relational database management systems, runs on all of the most popular web servers and is available for many different operating systems. This flexibility means that PHP has a wide installation base across the Internet; PHP is one of the most popular programming languages for implementing websites with over 20 million Internet domains using PHP.

Examples of popular server-side PHP applications include phpBB, Wordpress and MediaWiki.

More recently, PHP has been adapted to provide a command line interface, as well as GUI libraries such as GTK+ and text mode libraries like ncurses in order to facilitate development of a broader range of software. As PHP is higher-level than shell scripting, its use on the command line is desirable for some automation tasks that shell scripting has traditionally been used for.

Syntax

PHP was originally designed to be used in conjunction with a web server, and acts as a filter which takes a file containing text and special PHP instructions and converts it to another form for display.

Here is a Hello World code example:

<?php
echo 'Hello, World!';
?>

The <?php ?> tags are delimiters which tell PHP to treat anything contained within as PHP code and to act on it.

A slightly less verbose "Hello World" program in PHP is:

<?='Hello, World!'?>

This example relies on PHP's 'short_open_tag' option being set to true. This may cause other problems in certain data — the character sequence <? is used to signify the start of other processing instructions such as the XML <?xml version="1.0" ?> header statement.

PHP ignores any text outside of its delimiter tags. Thus, the examples above are equivalent to the following text (and indeed are converted into this form):

Hello, World!

The primary use of this is to allow PHP statements to be embedded within HTML documents. PHP processes any delimited code in the page initially, thus handing the web server a file which consists entirely of HTML.

Variables are prefixed with a dollar symbol and no type need be specified in advance. Variables are, subject to certain rules, evaluated in a string context.

PHP treats new lines as whitespace, in the manner of a free-form language (except when inside string quotes). Statements are terminated by a semicolon, except in a few special cases.

PHP has three types of comment syntax: it allows multi-line comments using the /* */ construction as in C, and also allows comments which terminate at the end of the line using the // and # characters (as in C++ and Perl respectively).

Data types

PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Portable code should not assume that values outside this range can be represented in an integer variable. Integer variables can be assigned using decimal (positive and negative), octal and hexadecimal notations. Real numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of Scientific notation.

PHP has a native Boolean type, named "boolean", similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values can be intepreted as true and zero as false, as in Perl and C.

The Null data type represents a variable that has no value. The only value in the Null data type is NULL.

Arrays are heterogeneous, meaning a single array can contain objects of more than one type. They can contain any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled.

Variables of type "resource" represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension. Examples include file, image and database resources.

Objects

Up until version 3, PHP had no object-oriented features. Basic object functionality was added in version 3. The same semantics were implemented in PHP 4 as well as pass-by-reference and return-by-reference for objects but the implementation still lacked the powerful and useful features of other object-oriented languages like C++ and Java.

PHP's handling of objects was completely rewritten for PHP 5, allowing for better performance and more features. In previous versions of PHP, objects were handled like primitive types. The drawback of this method was that semantically the whole object was copied when a variable was assigned, or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and abstract methods. It also introduced a standard way of declaring constructor and destructors similar to that of other object-oriented languages, such as C++.

PHP 4 had no exception handling. PHP 5 introduces an exception model similar to that of other programming languages.

It should be noted that the static method and class variable features in Zend Engine 2 do not work the way some expect. There is no virtual table feature in the Engine, so the static variables are bound with a name at compile time instead of with a reference.

If the developer asks to create a copy of an object by using the reserved word clone, the Zend engine will check if a __clone() method has been defined or not. If not, it will call a default __clone() which will copy all of the object's properties. If a __clone() method is defined, then it will be responsible to set the necessary properties in the created object. For convenience, the engine will supply a function that imports all of the properties from the source object, so that they can start with a by-value replica of the source object, and only override properties that need to be changed.

Resources

Libraries

Main article: List of PHP libraries

PHP includes a large number of free and open-source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing FTP servers, many database servers, embedded SQL libraries like embedded MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as the printf family are available in the standard PHP build.

PHP extensions exist which, among other features, add support for the Windows API, process management on Unix-like operating systems, cURL, and several popular compression formats. Some of the more unusual features are on-the-fly Macromedia Flash generation, integration with Internet relay chat, and generation of dynamic images (where the content of the image can be changed). Some additional extensions are available via the PHP Extension Community Library.

Source code encoders

Encoders offer some source code security and enable proprietary software by hindering source code reverse engineering. PHP scripts are compiled into native byte-code. The downside of this approach is that a special extension has to be installed on the server in order to run encoded scripts.

Support

PHP has a formal development manual that is maintained by the open source community. In addition, answers to most questions can often be found by doing a simple internet search. PHP users assist each other through various media such as chat, forums, newsgroups and PHP developer web sites. In turn, the PHP development team actively participates in such communities, garnering assistance from them in their own development effort (PHP itself) and providing assistance to them as well. There are many help resources available for the novice PHP programmer.

Criticism

Criticisms of PHP include those general criticisms ascribed to other scripting programming languages and dynamically typed languages. Some specific criticisms of PHP include the following:

  • PHP does not enforce the declaration of variables prior to their use, and variables which have not been initialized can have operations (such as concatenation) performed on them; an operation on an uninitialized variable raises an E_NOTICE level error, but this is hidden by default.
  • Method / function overloading is not allowed (Obsolete since PHP5).
  • PHP's type checking is so loose as to be occasionally unenforcable. Variables in PHP are not limited to one type. It is possible to assign an integer value to the variable $Q, then assign a string value, and then assign an array to it. This can often lead to difficult-to-debug code. Type checking using the == operator is not strict, necessitating the === operator to ensure a type match. Functions are also not allowed to (directly) force the types of their arguments (PHP 5 improves on this, by adding the ability to force a function argument to be an array or an object of a certain class). Some functions have inconsistent output, with functions intended to return Boolean FALSE also returning non-Boolean values which evaluate to FALSE, such as 0 or "".
  • PHP has no namespace support, with all PHP functions share the same global namespace. The standard function library is criticised for its size and lack of internal consistency - There are over 3,000 "built-in" functions in the standard PHP distribution, with many only becoming available when PHP is linked against the required libraries. Many functions perform the same actions, but with slightly different input or results or syntax; there is little internal consistency regarding function argument order; functions have no standard naming convention, with use of underscores in names, verb/noun ordering and reference to parent libraries varying heavily. This is said to make it difficult to program in the language without the frequent consultation of a reference work.
  • PHP contains a "magic quotes" feature which inserts backslashes into user input strings. The feature was introduced to prevent code written by beginners from being dangerous (such as in SQL injection attacks), but some criticize it for frequently causing improperly displayed text or encouraging beginners to write PHP which is vulnerable to injection attacks when used on a system with it turned off. (Obsolete in PHP6)
  • If 'register_globals' is enabled in PHP's configuration file, PHP automatically puts the values of Post, Get, Cookie and Session Parameters into standard variables, which can be a significant security risk for scripts that assume those variables are undefined. Other languages, such as ASP.NET, include functionality to detect and clean harmful cross-site scripting or other malicious code automatically, whereas PHP does not. (Obsolete in PHP6)
  • In the majority of cases, Unix-like webservers with PHP installed (using mod_php) typically run PHP scripts as "nobody", which can make file security in a shared hosting environment difficult. PHP's "Safe Mode" can emulate the security behavior of the OS to partially overcome this problem, but this is considered an imperfect solution).
  • The many settings in the PHP interpreter's configuration file (php.ini) mean that code that works with one installation of PHP might not work with another. For example, if code is written to work with register_globals turned on, it won't work on another system that has register_globals turned off. This makes writing portable code more difficult as the only way to ensure compatibility is to assume that features will be unavailable.
  • Some PHP extensions use libraries that are not threadsafe, so rendering with Apache 2's Multithreaded MPM (multi-processing module) may cause crashes.
  • PHP does not have native support for Unicode or multibyte strings (Obsolete in PHP6).

See also

Footnotes

  1. a page at www.zend.com states that PHP 3 was powered by Zend Engine 0.5.
  2. http://www.php.net/usage.php

References

  • Jason E. Sweat. Guide to PHP Design Patterns. PHP|architect, 2005. ISBN 0973589825.
  • Ilia Alshanetsky. Guide to PHP Security. PHP|architect, 2005. ISBN 0973862106.
  • Chris Shiflett. Essential PHP Security. O'Reilly Media, 2005. ISBN 059600656X.
  • Larry Ullman. PHP and MySQL for Dynamic Web Sites. Peachpit Press, 1st edition, 2003. ISBN 0321186486.

External links

Categories:
PHP: Difference between revisions Add topic