PHP

PHP: Hypertext Preprocessor is a widely used, general-purpose scripting language that was originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document. As a general-purpose programming language, PHP code is processed by an interpreter application in command-line mode performing desired operating system operations and producing program output on its standard output channel. It may also function as a graphical application. PHP is available as a processor for most modern web servers and as standalone interpreter on most operating systems and computing platforms.

PHP was originally created by Rasmus Lerdorf in 1995 and has been in continuous development ever since. The main implementation of PHP is now produced by The PHP Group and serves as the de facto standard for PHP as there is no formal specification. PHP is free software released under the PHP License.

History

PHP originally stood for personal home page. It began in 1994 as a set of Common Gateway Interface (CGI) binaries written in the C programming language by the Danish/Greenlandic programmer Rasmus Lerdorf.[3][4] Lerdorf initially created these Personal Home Page Tools to replace a small set of Perl scripts he had been using to maintain his personal homepage. The tools were used to perform tasks such as displaying his résumé and recording how much traffic his page was receiving.

He combined these binaries with his Form Interpreter to create PHP/FI, which had more functionality. PHP/FI included a larger implementation for the C programming language and could communicate with databases, enabling the building of simple, dynamic web applications. Lerdorf released PHP publicly on June 8, 1995, to accelerate bug location and improve the code. This release was named PHP version 2 and already had the basic functionality that PHP has today. This included Perl-like variables, form handling, and the ability to embed HTML. The syntax was similar to Perl but was more limited, simpler, and less consistent.

Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language’s name to the recursive initialism PHP: Hypertext Preprocessor. The development team officially released PHP/FI 2 in November 1997 after months of beta testing. Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP’s core, producing the Zend Engine in 1999. They also founded Zend Technologies in Ramat Gan, Israel.

On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released. As of August 2008 this branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates be released.

On July 13, 2004, PHP 5 was released, powered by the new Zend Engine II. PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements. In 2008 PHP 5 became the only stable version under development. Late static binding has been missing from PHP and has been added in version 5.3.

A new major version has been under development alongside PHP 5 for several years. This version was originally planned to be released as PHP 6 as a result of its significant changes, which included plans for full Unicode support. However, Unicode support took developers much longer to implement than originally thought, and the decision was made in March of 2010 to move the project to a branch, with features still under development moved to a trunk.

Changes in the new code include the removal of register_globals, magic quotes, and safe mode. The reason for the removals was that register_globals had given way to security holes, and magic quotes had an unpredictable nature, and was best avoided. Instead, to escape characters, magic quotes may be substituted with the addslashes() function, or more appropriately an escape mechanism specific to the database vendor itself like mysql_real_escape_string() for MySQL. Functions that will be removed in future versions and have been deprecated in PHP 5.3, will produce a warning if used.

Many high-profile open-source projects ceased to support PHP 4 in new code as of February 5, 2008, because of the GoPHP5 initiative, provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.

PHP currently does not have native support for Unicode or multibyte strings; Unicode support is under development for a future verson of PHP and will allow strings as well as class, method, and function names to contain non-ASCII characters.

PHP interpreters are available on both 32-bit and 64-bit operating systems, but on Microsoft Windows the only official distribution is a 32-bit implementation, requiring Windows 32-bit compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform. As of PHP 5.3.0, experimental 64-bit versions are available for MS Windows.

Licensing

PHP is free software released under the PHP License, which insists that:

  • The name “PHP” must not be used to endorse or promote products derived from this software without prior written permission.

This makes it incompatible with the GNU General Public License (GPL) because restrictions exist regarding the use of the term PHP.

Release history

Meaning
Red Release no longer supported
Green Release still supported
Blue Future release
Major version Minor version Release date Notes
1 1.0.0 1995-06-08 Officially called “Personal Home Page Tools (PHP Tools)”. This is the first use of the name “PHP”.
2 2.0.0 1997-11-01 Considered by its creator as the “fastest and simplest tool” for creating dynamic web pages.
3 3.0.0 1998-06-06 Development moves from one person to multiple developers. Zeev Suraski and Andi Gutmans rewrite the base for this version.
4 4.0.0 2000-05-22 Added more advanced two-stage parse/execute tag-parsing system called the Zend engine.
4.1.0 2001-12-10 Introduced ‘superglobals’ ($_GET, $_POST, $_SESSION, etc.)
4.2.0 2002-04-22 Disabled register_globals by default. Data received over the network is not inserted directly into the global namespace anymore, closing possible security holes in applications.
4.3.0 2002-12-27 Introduced the CLI, in addition to the CGI.
4.4.0 2005-07-11 Added man pages for phpize and php-config scripts.
4.4.8 2008-01-03 Several security enhancements and bug fixes. Was to be the end of life release for PHP 4. Security updates only until 2008-08-08, if necessary.
4.4.9 2008-08-07 More security enhancements and bug fixes. The last release of the PHP 4.4 series.
5 5.0.0 2004-07-13 Zend Engine II with a new object model.
5.1.0 2005-11-24 Performance improvements with introduction of compiler variables in re-engineered PHP Engine.
5.2.0 2006-11-02 Enabled the filter extension by default. Native JSON support.
5.2.11 2009-09-16 Bug and security fixes.
5.2.12 2009-12-17 Over 60 bug fixes, including 5 security fixes.
5.2.13 2010-02-25 Bug and security fixes.
5.3.0 2009-06-30 Namespace support; Late static bindings, Jump label (limited goto), Native closures, Native PHP archives (phar), garbage collection for circular references, improved Windows support, sqlite3, mysqlnd as a replacement for libmysql as underlying library for the extensions that work with MySQL, fileinfo as a replacement for mime_magic for better MIME support, the Internationalization extension, and deprecation of ereg extension.
5.3.1 2009-11-19 Over 100 bug fixes

, some of which were security fixes as well.

5.3.2 2010-03-04 Includes a large number of bug fixes.
php-trunk-dev No date set Unicode support; removal of ‘register_globals’, ‘magic_quotes’ and ‘safe_mode’; Alternative PHP Cache

Usage

PHP is a general-purpose scripting language that is especially suited to server-side web development where PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content. It can also be used for command-line scripting and client-side GUI applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems. It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.

PHP primarily acts as a filter, taking input from a file or stream containing text and/or PHP instructions and outputs another stream of data; most commonly the output will be HTML. Since PHP 4, the PHP parser compiles input to produce bytecode for processing by the Zend Engine, giving improved performance over its interpreter predecessor.

Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting, and it is similar to other server-side scripting languages that provide dynamic content from a web server to a client, such as Microsoft‘s Active Server Pages, Sun MicrosystemsJavaServer Pages, and mod_perl. PHP has also attracted the development of many frameworks that provide building blocks and a design structure to promote rapid application development (RAD). Some of these include CakePHP, Symfony, CodeIgniter, and Zend Framework, offering features similar to other web application frameworks.

The LAMP architecture has become popular in the web industry as a way of deploying web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python or Perl or some combination of the three.

As of April 2007, over 20 million Internet domains had web services hosted on servers with PHP installed and mod_php was recorded as the most popular Apache HTTP Server module. Significant websites are written in PHP including the user-facing portion of Facebook, Wikipedia (MediaWiki), Yahoo!, MyYearbook, Digg, Joomla, eZ_Publish, WordPress, YouTube in its early stages, Drupal, Tagged and Moodle.

Security

The National Vulnerability Database stores all vulnerabilities found in computer software. The overall proportion of PHP-related vulnerabilities on the database amounted to: 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, 35% in 2008, and 30% in 2009. Most of these PHP-related vulnerabilities can be exploited remotely: they allow crackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.

These vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language itself or of its core libraries are not frequent (23 in 2008, about 1% of the total). Recognizing that programmers cannot be trusted, some languages include taint checking to detect automatically the lack of input validation which induces many issues. Such a feature is being developed for PHP, but its inclusion in a release has been rejected several times in the past.

Hosting PHP applications on a server requires a careful and constant attention to deal with these security risks. There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.

Syntax

Main article: PHP syntax and semantics

<html>
    <head>
        <title>PHP Test</title>
    </head>
    <body>
        <?php
             echo "Hello World";
             /* echo("Hello World"); works as well, although echo isn't a
                function (it's a language construct). In some cases, such
                as when multiple parameters are passed to echo, parameters
                cannot be enclosed in parentheses */
        ?>
    </body>
</html>

PHP code embedded within HTML

PHP only parses code within its delimiters. Anything outside its delimiters is sent directly to the output and is not processed by PHP (although non-PHP text is still subject to control structures described within PHP code). The most common delimiters are <?php to open and ?> to close PHP sections. <script> and </script> delimiters are also available, as are the shortened forms <? or <?= (which is used to echo back a string or variable) and ?> as well as ASP-style short forms <% or <%= and %>. While short delimiters are used, they make script files less portable as their purpose can be disabled in the PHP configuration

, and so they are discouraged. The purpose of all these delimiters is to separate PHP code from non-PHP code, including HTML.

The first form of delimiters, <?php and ?>, in XHTML and other XML documents, creates correctly formed XML ‘processing instructions’.[50] This means that the resulting mixture of PHP code and other markup in the server-side file is itself well-formed XML.

Variables are prefixed with a dollar symbol and a type does not need to be specified in advance. Unlike function and class names, variable names are case sensitive. Both double-quoted ("") and heredoc strings allow the ability to embed a variable’s value into the string. PHP treats newlines as whitespace in the manner of a free-form language (except when inside string quotes), and statements are terminated by a semicolon. PHP has three types of comment syntax: /* */ marks block and inline comments; // as well as # are used for one-line comments. The echo statement is one of several facilities PHP provides to output text (e.g. to a web browser).

In terms of keywords and language syntax, PHP is similar to most high level languages that follow the C style syntax. If conditions, for and while loops, and function returns are similar in syntax to languages such as C, C++, Java and Perl.

Data types

PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Unsigned integers are converted to signed values in certain situations; this behavior is different from other programming languages. Integer variables can be assigned using decimal (positive and negative), octal, and hexadecimal notations. Floating point numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation. PHP has a native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C++. The null data type represents a variable that has no value. The only value in the null data type is NULL. Variables of the “resource” type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension; examples include file, image, and database resources. Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled. PHP also supports strings, which can be used with single quotes, double quotes, or heredoc syntax.

The Standard PHP Library (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.

Functions

PHP has hundreds of base functions and thousands more via extensions. These functions are well documented on the PHP site; however, the built-in library has a wide variety of naming conventions and inconsistencies. PHP currently has no functions for thread programming, although it does support multiprocess programming on POSIX systems.

5.2 and earlier

Functions are not first-class functions and can only be referenced by their name, directly or dynamically by a variable containing the name of the function. User-defined functions can be created at any time without being prototyped. Functions can be defined inside code blocks, permitting a run-time decision as to whether or not a function should be defined. Function calls must use parentheses, with the exception of zero argument class constructor functions called with the PHP new operator, where parentheses are optional. PHP supports quasi-anonymous functions through the create_function() function, although they are not true anonymous functions because anonymous functions are nameless, but functions can only be referenced by name, or indirectly through a variable $function_name();, in PHP.

5.3 and newer

PHP gained support for closures. True anonymous functions are supported using the following syntax:

function getAdder($x)
{
    return function ($y) use ($x) {
        return $x + $y;
    };
}
$adder = getAdder(8);
echo $adder(2); // prints "10"

Here, getAdder() function creates a closure using parameter $x (keyword “use” forces getting variable from context), which takes additional argument $y and returns it to the caller. Such a function can be stored, given as the parameter to other functions, etc. For more details see Lambda functions and closures RFC

.

The goto flow control device was made available in PHP 5.3 and is used as follows:

function lock()
{
    $file = fopen("file.txt","r+");
    retry:
    if(flock($file,LOCK_EX))
    {
        fwrite($file, "Success!");
        fclose($file);
        return 0;
    }
    else
        goto retry;
}

When lock() is called, PHP opens a file and tries to lock it. retry:, the target label, defines the point to which execution should return if flock() is unsuccessful and the goto retry; is called. goto is not unrestricted and requires that the target label be in the same file and context.

Objects

Basic object-oriented programming functionality was added in PHP 3 and improved in PHP 4. Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance. In previous versions of PHP, objects were handled like value types. The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and final classes as well as abstract methods and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with array syntax and objects implementing Iterator or IteratorAggregate can be used with the foreach language construct. There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.

If the developer creates a copy of an object using the reserved word clone, the Zend engine will check if a __clone() method has been defined or not. If not, it will call a default __clone() which will copy the object’s properties. If a __clone() method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports the properties of the source object, so that the programmer can start with a by-value replica of the source object and only override properties that need to be changed.

Basic example of object-oriented programming as described above:

Class Person
{
    public $first;
    public $last;
    public function __construct($f,$l)
    {
        $this->first = $f;
        $this->last = $l;
    }
    public function greeting()
    {
        return 'Hello, my name is ' . $this->first . ' ' . $this->last . '.';
        // return 'Hello, my name is ' . $this->first . ' ' . $this->last . '.'; also works when not called from Person::greeting()
    }
}
$him = new Person('John','Smith');
$her = new Person('Sally','Davis');
echo $him->greeting(); // prints "Hello, my name is John Smith."
echo '<br>';
echo $her->greeting(); // prints "Hello, my name is Sally Davis."

Speed optimization

PHP source code is compiled on-the-fly to an internal format that can be executed by the PHP engine. In order to speed up execution time and not have to compile the PHP source code every time the webpage is accessed, PHP scripts can also be deployed in executable format using a PHP compiler.

Code optimizers aim to reduce the runtime of the compiled code by reducing its size and making other changes that can reduce the execution time with the goal of improving performance. The nature of the PHP compiler is such that there are often opportunities for code optimization, and an example of a code optimizer is the eAccelerator PHP extension.

Another approach for reducing overhead for high load PHP servers is using an Opcode cache. Opcode caches work by caching the compiled form of a PHP script (opcodes) in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. An opcode cache, APC, will be built into an upcoming release of PHP. Opcode caching is also available in Zend Server Community Edition.

8 thoughts on “PHP

  1. Monica S. says:

    Hi, I’m very interested in Linux but Im a Super Newbie and I’m having trouble deciding on the right distribution for me (Havent you heard this a million times?) anyway here is my problem, I need a distribution that can switch between reading and writing in English and Japanese (Japanese Language Support) with out restarting the operating system.

  2. Emily N. says:

    Hi, I’m very interested in Linux but Im a Super Newbie and I’m having trouble deciding on the right distribution for me (Havent you heard this a million times?) anyway here is my problem, I need a distribution that can switch between reading and writing in English and Japanese (Japanese Language Support) with out restarting the operating system.

  3. Amy B. says:

    The Amyloidosis Foundation estimates that approximately 3,000 people are diagnosed with amyloidosis each year in North America and that blood cancers overall have increased more than 40% in the last decade.

Leave a Reply