Instructor: Lyna Griffin Show bio Lyna has tutored undergraduate Information Management Systems and Database Development. She has a Bachelor's degree in Electrical Engineering and a Masters degree in Information Technology. For web developers, Hypertext Preprocessor (PHP) is one type of scripting language that can be utilized. Review the uses and advantages of PHP in the development of web applications. Updated: 01/12/2022 PHP stands for Hypertext Preprocessor (no, the acronym doesn't follow the name). It's an open source, server-side, scripting language used for the development of web applications. By scripting language, we mean a program that is script-based (lines of code) written for the automation of tasks. What does open source mean? Think of a car manufacturer making the secret to its design models and technology innovations available
to anyone interested. These design and technology details can be redistributed, modified, and adopted without the fear of any legal repercussions. The world today might have developed an amazing supercar! Web pages can be designed using HTML. With HTML, code execution is done on the user's browser (client-side). On the other hand, with PHP server-side scripting language, it's executed on the server before it gets to the web browser of the user. PHP can be embedded in HTML, and it's
well suited for web development and the creation of dynamic web pages for web applications, e-commerce applications, and database applications. It's considered a friendly language with abilities to easily connect with MySQL, Oracle, and other databases. PHP scripts can be used on most of the well-known operating systems like Linux, Unix, Solaris, Microsoft Windows, MAC OS and many others. It also
supports most web servers including Apache and IIS. Using PHP affords web developers the freedom to choose their operating system and web server. In PHP, server-side scripting is the main area of operation. Server-side scripting with PHP involves: In this instance, with the use of just a PHP parser, the PHP script can be executed without a server program or browser. This use of the PHP script is normally employed for simple text processing tasks, like task schedulers. PHP can also be used for creating client-side applications, like desktop applications. Desktop applications are usually characterized by a graphic user interface. With knowledge in using the
advanced features of PHP, such as PHP-GTK, these client-side applications can be developed. Are you a student or a teacher? Become a Member Already a member?
Log In Back Over 30,000 video lessons & teaching resources‐all in one place. Video lessons Quizzes & Worksheets Classroom Integration Lesson Plans I would definitely recommend Study.com to my colleagues. It’s like a teacher waved a magic wand and did the work for me. I feel like it’s a lifeline. Back Create an account to start this course today Used by over 30 million students worldwide Create an account Explore our library of over 84,000 lessonsThis article is about the scripting language. For other uses, see PHP (disambiguation). PHP
PHP is a general-purpose scripting language geared toward web development.[5] It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1994.[6] The PHP reference implementation is now produced by The PHP Group.[7] PHP originally stood for Personal Home Page,[6] but it now stands for the recursive initialism PHP: Hypertext Preprocessor.[8] PHP code is usually processed on a web server by a PHP interpreter implemented as a module, a daemon or as a Common Gateway Interface (CGI) executable. On a web server, the result of the interpreted and executed PHP code – which may be any type of data, such as generated HTML or binary image data – would form the whole or part of an HTTP response. Various web template systems, web content management systems, and web frameworks exist which can be employed to orchestrate or facilitate the generation of that response. Additionally, PHP can be used for many programming tasks outside the web context, such as standalone graphical applications[9] and robotic drone control.[10] PHP code can also be directly executed from the command line. The standard PHP interpreter, powered by the Zend Engine, is free software released under the PHP License. PHP has been widely ported and can be deployed on most web servers on a variety of operating systems and platforms.[11] The PHP language evolved without a written formal specification or standard until 2014, with the original implementation acting as the de facto standard which other implementations aimed to follow. Since 2014, work has gone on to create a formal PHP specification.[12] W3Techs reports that, as of January 2022, "PHP is used by 78.1% of all the websites whose server-side programming language we know."[13] PHP version 7.4 is the most used version. Support for version 7.3 was dropped on 6 December 2021. History[edit]Early history[edit]PHP development began in 1994 when Rasmus Lerdorf wrote several Common Gateway Interface (CGI) programs in C,[14][15] which he used to maintain his personal homepage. He extended them to work with web forms and to communicate with databases, and called this implementation "Personal Home Page/Forms Interpreter" or PHP/FI. PHP/FI could be used to build simple, dynamic web applications. To accelerate bug reporting and improve the code, Lerdorf initially announced the release of PHP/FI as "Personal Home Page Tools (PHP Tools) version 1.0" on the Usenet discussion group comp.infosystems.www.authoring.cgi on June 8, 1995.[1][16] This release already had the basic functionality that PHP has today. This included Perl-like variables, form handling, and the ability to embed HTML. The syntax resembled that of Perl, but was simpler, more limited and less consistent.[7] An example of the early PHP syntax:[17] <!--include /text/header.html--> <!--getenv HTTP_USER_AGENT--> <!--if substr $exec_result Mozilla--> Hey, you are using Netscape!<p> <!--endif--> <!--sql database select * from table where user='$username'--> <!--ifless $numentries 1--> Sorry, that record does not exist<p> <!--endif exit--> Welcome <!--$user-->!<p> You have <!--$index:0--> credits left in your account.<p> <!--include /text/footer.html--> Early PHP was not intended to be a new programming language, and grew organically, with Lerdorf noting in retrospect: "I don't know how to stop it, there was never any intent to write a programming language [...] I have absolutely no idea how to write a programming language, I just kept adding the next logical step on the way."[18] A development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997. The fact that PHP was not originally designed, but instead was developed organically has led to inconsistent naming of functions and inconsistent ordering of their parameters.[19] In some cases, the function names were chosen to match the lower-level libraries which PHP was "wrapping",[20] while in some very early versions of PHP the length of the function names was used internally as a hash function, so names were chosen to improve the distribution of hash values.[21] PHP 3 and 4[edit]Zeev Suraski and Andi Gutmans rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive acronym PHP: Hypertext Preprocessor.[7][22] Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend Engine in 1999.[23] They also founded Zend Technologies in Ramat Gan, Israel.[7] On 22 May 2000, PHP 4, powered by the Zend Engine 1.0, was released.[7] By August 2008, this branch had reached version 4.4.9. PHP 4 is now no longer under development and nor are any security updates planned to be released.[24][25] PHP 5[edit]On 1 July 2004, PHP 5 was released, powered by the new Zend Engine II.[7] PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects (PDO) extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements.[26] In 2008, PHP 5 became the only stable version under development. Late static binding had been missing from previous versions of PHP, and was added in version 5.3.[27][28] Many high-profile open-source projects ceased to support PHP 4 in new code from February 5, 2008, because of the GoPHP5 initiative,[29] provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.[30][31] Over time, PHP interpreters became available on most existing 32-bit and 64-bit operating systems, either by building them from the PHP source code, or by using pre-built binaries.[32] For PHP versions 5.3 and 5.4, the only available Microsoft Windows binary distributions were 32-bit IA-32 builds,[33][34] requiring Windows 32-bit compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform. PHP version 5.5 made the 64-bit x86-64 builds available for Microsoft Windows.[35] Official security support for PHP 5.6 ended on 31 December 2018.[36] PHP 6 and Unicode[edit]PHP received mixed reviews due to lacking native Unicode support at the core language level.[37][38] In 2005, a project headed by Andrei Zmievski was initiated to bring native Unicode support throughout PHP, by embedding the International Components for Unicode (ICU) library, and representing text strings as UTF-16 internally.[39] Since this would cause major changes both to the internals of the language and to user code, it was planned to release this as version 6.0 of the language, along with other major features then in development.[40] However, a shortage of developers who understood the necessary changes, and performance problems arising from conversion to and from UTF-16, which is rarely used in a web context, led to delays in the project.[41] As a result, a PHP 5.3 release was created in 2009, with many non-Unicode features back-ported from PHP 6, notably namespaces. In March 2010, the project in its current form was officially abandoned, and a PHP 5.4 release was prepared containing most remaining non-Unicode features from PHP 6, such as traits and closure re-binding.[42] Initial hopes were that a new plan would be formed for Unicode integration, but by 2014 none had been adopted. PHP 7[edit]During 2014 and 2015, a new major PHP version was developed, PHP 7. The numbering of this version involved some debate among internal developers.[43] While the PHP 6 Unicode experiment had never been released, several articles and book titles referenced the PHP 6 name, which might have caused confusion if a new release were to reuse the name.[44] After a vote, the name PHP 7 was chosen.[45] The foundation of PHP 7 is a PHP branch that was originally dubbed PHP next generation (phpng). It was authored by Dmitry Stogov, Xinchen Hui and Nikita Popov,[46] and aimed to optimize PHP performance by refactoring the Zend Engine while retaining near-complete language compatibility.[47] By 14 July 2014, WordPress-based benchmarks, which served as the main benchmark suite for the phpng project, showed an almost 100% increase in performance. Changes from phpng make it easier to improve performance in future versions, as more compact data structures and other changes are seen as better suited for a successful migration to a just-in-time (JIT) compiler.[48] Because of the significant changes, the reworked Zend Engine was called Zend Engine 3, succeeding Zend Engine 2 used in PHP 5.[49] Because of the major internal changes in phpng, it must receive a new major version number of PHP, rather than a minor PHP 5 release, according to PHP's release process.[50] Major versions of PHP are allowed to break backward-compatibility of code and therefore PHP 7 presented an opportunity for other improvements beyond phpng that require backward-compatibility breaks. In particular, it involved the following changes:
PHP 7 also included new language features. Most notably, it introduced return type declarations for functions[63] which complement the existing parameter type declarations, and support for the scalar types (integer, float, string, and boolean) in parameter and return type declarations.[64] PHP 8[edit]PHP 8 was released on November 26, 2020. PHP 8 is a major version and has breaking changes from previous versions.[65][66] New features and notable changes include: Just-in-time compilation[edit]Just-in-time compilation is supported in PHP 8.[67] PHP 8's JIT compiler can provide substantial performance improvements for some use cases,[68][69] while PHP developer Nikita Popov stated that the performance improvements for most websites will be less substantial than the upgrade from PHP 5 to PHP 7.[70] Substantial improvements are expected more for mathematical-type operations than for common web-development use cases.[70] Additionally, the JIT compiler provides future potential to move some code from C to PHP, due to the performance improvements for some use cases.[71] Addition of the match expression[edit]PHP 8 introduced the Type changes and additions[edit]PHP 8 introduced union types, a new "Attributes", often referred to as "annotations" in other programming languages, were added in PHP 8, which allow metadata to be added to classes.[65]
Syntax changes and additions[edit]PHP 8 includes changes to allow alternate, more concise, or more consistent syntaxes in a number of scenarios. For example, the nullsafe operator is similar to the null coalescing operator $human_readable_date = $user->getBirthday()?->diffForHumans(); Constructor property promotion has been added as "syntactic sugar," allowing class properties to be set automatically when parameters are passed into a class constructor.[65] This reduces the amount of boilerplate code that must be written. Other minor changes include support for use of Standard library changes and additions[edit]
Additional changes[edit]
PHP 8.1[edit]PHP 8.1 was released on November 25, 2021. It included several improvements, such as enumerations (also called "enums"), readonly properties and array unpacking with string keys.[80] Support for enumerations[edit]Support for enumerations was one of the most prominent features of PHP 8.1.[81] Enums allow developers to programmatically enforce states in their codebase. Below is an example of an enum: <?php namespace App\Enums; enum InvoiceStatus: string { case draft = 'draft'; case pending = 'pending'; case paid = 'paid'; case expired = 'expired'; } Other PHP 8.1 features[edit]
Release history[edit]
Beginning on 28 June 2011, the PHP Development Team implemented a timeline for the release of new versions of PHP.[50] Under this system, at least one release should occur every month. Once per year, a minor release should occur which may include new features. Every minor release should at least be supported for two years with security and bug fixes, followed by at least one year of only security fixes, for a total of a three-year release process for every minor release. No new features, unless small and self-contained, are to be introduced into a minor release during the three-year release process. Mascot[edit]The elePHPant, PHP mascot The mascot of the PHP project is the elePHPant, a blue elephant with the PHP logo on its side, designed by Vincent Pontier[179] in 1998.[180] "The (PHP) letters were forming the shape of an elephant if viewed in a sideways angle."[181] The elePHPant is sometimes differently colored when in plush toy form. Many variations of this mascot have been made over the years. Only the elePHPants based on the original design by Vincent Pontier are considered official by the community.[182] These are collectible and some of them are extremely rare.[183] Syntax[edit]A "Hello World" application in PHP 7.4 running on its built-in development server The following "Hello, World!" program is written in PHP code embedded in an HTML document: <!DOCTYPE html> <html> <head> <title>PHP "Hello, World!" program</title> </head> <body> <?php echo '<p>Hello, World!</p>'; ?> </body> </html> However, as no requirement exists for PHP code to be embedded in HTML, the simplest version of Hello, World! may be written like this, with the closing tag <?php echo 'Hello, World!'; The PHP interpreter only executes PHP code within its
delimiters. Anything outside of its delimiters is not processed by PHP, although non-PHP text is still subject to control structures described in PHP code. The most common delimiters are The first form of delimiters, Variables are prefixed with a dollar symbol, and a type does not need to be specified in advance. PHP 5 introduced type declarations that allows functions to force their parameters to be objects of a specific class, arrays, interfaces or callback functions. However, before PHP 7, type declarations could not be used with scalar types such as integer or string.[64] Below is an example of how PHP variables are declared and initialized. <?php $name = 'John'; // variable of string type being declared and initialized $age = 18; // variable of integer type being declared and initialized $height = 5.3; // variable of double type being declared and initialized echo $name . ' is ' . $height . "m tall\n"; // concatenating variables and strings echo "$name is $age years old."; // interpolating variables to string ?> Unlike function and class names, variable names are case sensitive. Both double-quoted ("") and heredoc strings provide the ability to interpolate a variable's value into the string.[192] PHP treats
newlines as whitespace in the manner of a free-form language, and statements are terminated by a
semicolon.[193] PHP has three types of comment syntax: In terms of keywords and language syntax, PHP is similar to the C style syntax. Data types[edit]PHP is loosely typed. It stores integers in a platform-dependent range, either as a 32, 64 or 128-bit signed integer equivalent to the C-language long type. Unsigned integers are converted to signed values in certain situations, which is different behavior to many other programming languages.[195] Integer variables can be assigned using decimal (positive and negative), octal, hexadecimal, and binary notations. Floating point numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation.[196] PHP has a native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C++.[196] The null data type represents a variable that has no value; Variables of the "resource" type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension; examples include file, image, and database resources.[196] Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled.[196] PHP also supports strings, which can be used with single quotes, double quotes, nowdoc or heredoc syntax.[197] The Standard PHP Library (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.[198] Functions[edit]PHP defines a large array of functions in the core language and many are also available in various extensions; these functions are well documented in the online PHP documentation.[199] However, the built-in library has a wide variety of naming conventions and associated inconsistencies, as described under history above. Custom functions may be defined by the developer: function myAge(int $birthYear): string { // calculate the age by subtracting the birth year from the current year. $yearsOld = date('Y') - $birthYear; // return the age in a descriptive string. return $yearsOld . ($yearsOld == 1 ? ' year' : ' years'); } echo 'I am currently ' . myAge(1995) . ' old.'; As of 2022, the output of the above sample program is "I am currently 27 years old." In lieu of function pointers, functions in PHP can be referenced by a string containing their name. In this manner, normal PHP functions can be used, for example, as callbacks or within
function tables.[200] User-defined functions may be created at any time without being
prototyped.[199][200] Functions may be defined inside code blocks, permitting a
run-time decision as to whether or not a function should be defined. There is a Since PHP 4.0.1 function getAdder($x) { return fn($y) => $x + $y; } $adder = getAdder(8); echo $adder(2); // prints "10" In the example above, Unusually for a dynamically typed language, PHP supports type declarations on function parameters, which are enforced at runtime. This has been supported for classes and interfaces since PHP 5.0, for arrays
since PHP 5.1, for "callables" since PHP 5.4, and scalar (integer, float, string and boolean) types since PHP 7.0.[64] PHP 7.0 also has type declarations for function return types, expressed by placing the type name after the list of parameters, preceded by a
colon.[63] For example, the function getAdder(int $x): Closure { return fn(int $y): int => $x + $y; } $adder = getAdder(8); echo $adder(2); // prints "10" echo $adder(null); // throws an exception because an incorrect type was passed $adder = getAdder([]); // would also throw an exception By default, scalar type declarations follow weak typing principles. So, for example, if a parameter's type is PHP Objects[edit]Basic object-oriented programming functionality was added in PHP 3 and improved in PHP 4.[7] This allowed for PHP to gain further abstraction, making creative tasks easier for programmers using the language. Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance.[205] In previous versions of PHP, objects were handled like value types.[205] The drawback of this method was that code had to make heavy use of PHP's "reference" variables if it wanted to modify an object it was passed rather than creating a copy of it. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes,
final classes, abstract methods, and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added
interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with
array syntax and objects implementing Iterator or IteratorAggregate can be used with the If the
developer creates a copy of an object using the reserved word The visibility of PHP properties and methods is defined using the
keywords Example[edit]The following is a basic example of object-oriented programming in PHP 8: <?php abstract class User { protected string $name; public function __construct(string $name) { // make first letter uppercase and the rest lowercase $this->name = ucfirst(strtolower($name)); } public function greet(): string { return "Hello, my name is " . $this->name; } abstract public function job(): string; } class Student extends User { public function __construct(string $name, private string $course) { parent::__construct($name); } public function job(): string { return "I learn " . $this->course; } } class Teacher extends User { public function __construct(string $name, private array $teachingCourses) { parent::__construct($name); } public function job(): string { return "I teach " . implode(", ", $this->teachingCourses); } } $students = [ new Student("Alice", "Computer Science"), new Student("Bob", "Computer Science"), new Student("Charlie", "Business Studies"), ]; $teachers = [ new Teacher("Dan", ["Computer Science", "Information Security"]), new Teacher("Erin", ["Computer Science", "3D Graphics Programming"]), new Teacher("Frankie", ["Online Marketing", "Business Studies", "E-commerce"]), ]; foreach ([$students, $teachers] as $users) { echo $users[0]::class . "s:\n"; array_walk($users, function (User $user) { echo "{$user->greet()}, {$user->job()}\n"; }); } This program outputs the following: Students: Hello, my name is Alice, I learn Computer Science Hello, my name is Bob, I learn Computer Science Hello, my name is Charlie, I learn Business Studies Teachers: Hello, my name is Dan, I teach Computer Science, Information Security Hello, my name is Erin, I teach Computer Science, 3D Graphics Programming Hello, my name is Frankie, I teach Online Marketing, Business Studies, E-commerce Implementations[edit]The only complete PHP implementation is the original, known simply as PHP. It is the most widely used and is powered by the Zend Engine. To disambiguate it from other implementations, it is sometimes unofficially called "Zend PHP". The Zend Engine compiles PHP source code on-the-fly into an internal format that it can execute, thus it works as an interpreter.[209][210] It is also the "reference implementation" of PHP, as PHP has no formal specification, and so the semantics of Zend PHP define the semantics of PHP. Due to the complex and nuanced semantics of PHP, defined by how Zend works, it is difficult for competing implementations to offer complete compatibility. PHP's single-request-per-script-execution model, and the fact that the Zend Engine is an interpreter, leads to inefficiency; as a result, various products have been developed to help improve PHP performance. In order to speed up execution time and not have to compile the PHP source code every time the web page is accessed, PHP scripts can also be deployed in the PHP engine's internal format by using an opcode cache, which works by caching the compiled form of a PHP script (opcodes) in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. An opcode cache, Zend Opcache, is built into PHP since version 5.5.[211] Another example of a widely used opcode cache is the Alternative PHP Cache (APC), which is available as a PECL extension.[212] While Zend PHP is still the most popular implementation, several other implementations have been developed. Some of these are compilers or support JIT compilation, and hence offer performance benefits over Zend PHP at the expense of lacking full PHP compatibility. Alternative implementations include the following:
Licensing[edit]PHP is free software released under the PHP License, which stipulates that:[217]
This restriction on use of "PHP" makes the PHP License incompatible with the General Public License (GPL), while the Zend License is incompatible due to an advertising clause similar to that of the original BSD license.[218] Development and community[edit]PHP includes various free and open-source libraries in its source distribution, or uses them in resulting PHP binary builds. PHP is fundamentally an Internet-aware system with built-in modules for accessing File Transfer Protocol (FTP) servers and many database servers, including PostgreSQL, MySQL, Microsoft SQL Server and SQLite (which is an embedded database), LDAP servers, and others. Numerous functions familiar to C programmers, such as those in the stdio family, are available in standard PHP builds.[219] PHP allows developers to write extensions in C to add functionality to the PHP language. PHP extensions can be compiled statically into PHP or loaded dynamically at runtime. Numerous extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Other PHP features made available through extensions include integration with Internet Relay Chat (IRC), dynamic generation of images and Adobe Flash content, PHP Data Objects (PDO) as an abstraction layer used for accessing databases,[220][221][222][223][224][225][226] and even speech synthesis. Some of the language's core functions, such as those dealing with strings and arrays, are also implemented as extensions.[227] The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.[228] Some other projects, such as Zephir, provide the ability for PHP extensions to be created in a high-level language and compiled into native PHP extensions. Such an approach, instead of writing PHP extensions directly in C, simplifies the development of extensions and reduces the time required for programming and testing.[229] By December 2018 the PHP Group consisted of ten people: Thies C. Arntzen, Stig Bakken, Shane Caraveo, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, and Andrei Zmievski.[230] Zend Technologies provides a PHP Certification based on PHP 7[231] exam (and previously based on PHP 5.5) for programmers to become certified PHP developers. PHP Foundation[edit]On November 26, 2021, the JetBrains blog announced the creation of the PHP Foundation, which will sponsor the design and development of PHP.[232] Installation and configuration[edit]Example output of the phpinfo() function in PHP 7.1 There are two primary ways for adding support for PHP to a web server – as a native web server module, or as a CGI executable. PHP has a direct module interface called Server Application Programming Interface (SAPI), which is supported by many web servers including Apache HTTP Server, Microsoft IIS and iPlanet Web Server. Some other web servers, such as OmniHTTPd, support the Internet Server Application Programming Interface (ISAPI), which is Microsoft's web server module interface. If PHP has no module support for a web server, it can always be used as a Common Gateway Interface (CGI) or FastCGI processor; in that case, the web server is configured to use PHP's CGI executable to process all requests to PHP files.[233] PHP-FPM (FastCGI Process Manager) is an alternative FastCGI implementation for PHP, bundled with the official PHP distribution since version 5.3.3.[234] When compared to the older FastCGI implementation, it contains some additional features, mostly useful for heavily loaded web servers.[235] When using PHP for command-line scripting, a PHP command-line interface (CLI) executable is needed. PHP supports a CLI server application programming interface (SAPI) since PHP 4.3.0.[236] The main focus of this SAPI is developing shell applications using PHP. There are quite a few differences between the CLI SAPI and other SAPIs, although they do share many of the same behaviors.[237] PHP has a direct module interface called SAPI for different web servers;[238] in case of PHP 5 and Apache 2.0 on Windows, it is provided in form of a DLL file called php5apache2.dll,[239] which is a module that, among other functions, provides an interface between PHP and the web server, implemented in a form that the server understands. This form is what is known as a SAPI. There are different kinds of SAPIs for various web server extensions. For example, in addition to those listed above, other SAPIs for the PHP language include the Common Gateway Interface and command-line interface.[238][240] PHP can also be used for writing desktop graphical user interface (GUI) applications, by using the PHP-GTK extension. PHP-GTK is not included in the official PHP distribution,[233] and as an extension it can be used only with PHP versions 5.1.0 and newer. The most common way of installing PHP-GTK is compiling it from the source code.[241] When PHP is installed and used in cloud environments, software development kits (SDKs) are provided for using cloud-specific features. For example:
Numerous configuration options are supported, affecting both core PHP features and extensions.[244][245] Configuration file Use[edit]A broad overview of the LAMP software bundle, displayed here together with Squid PHP is a general-purpose scripting language that is especially suited to server-side web development, in which case PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content or dynamic images used on websites or elsewhere.[249] It can also be used for command-line scripting and client-side graphical user interface (GUI) applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems (RDBMS). Most web hosting providers support PHP for use by their clients. It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.[11] Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting,[250] and it is similar to
other server-side scripting languages that provide dynamic content from a web server to a client, such as Microsoft's ASP.NET,
Sun Microsystems' JavaServer Pages,[251] and The LAMP architecture has become popular in the web industry as a way of deploying web applications.[252] PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python, Perl, or some mix of the three. Similar packages, WAMP and MAMP, are also available for Windows and macOS, with the first letter standing for the respective operating system. Although both PHP and Apache are provided as part of the macOS base install, users of these packages seek a simpler installation mechanism that can be more easily kept up to date. For specific and more advanced usage scenarios, PHP offers a well defined and documented way for writing custom extensions in C or C++.[253][254][255][256][257][258][259] Besides extending the language itself in form of additional libraries, extensions are providing a way for improving execution speed where it is critical and there is room for improvements by using a true compiled language.[260][261] PHP also offers well defined ways for embedding itself into other software projects. That way PHP can be easily used as an internal scripting language for another project, also providing tight interfacing with the project's specific internal data structures.[262] PHP received mixed reviews due to lacking support for multithreading at the core language level,[263] though using threads is made possible by the "pthreads" PECL extension.[264][265] A command line interface, php-cli, and two ActiveX Windows Script Host scripting engines for PHP have been produced. Popularity and usage statistics[edit]PHP is used for Web content management systems including MediaWiki,[266] WordPress,[267] Joomla,[268] Drupal,[269] Moodle,[270] eZ Publish, eZ Platform, and SilverStripe.[271] As of January 2013, PHP was used in more than 240 million websites (39% of those sampled) and was installed on 2.1 million web servers.[272] As of March 2021, PHP was used as the server-side programming language on 79.1% of websites, down from 83.5% previously, where the language could be determined, and PHP 7 is the most used version of the language with 50.3% of all websites on the web using that version.[273] Security[edit]In 2019, 11% of all vulnerabilities listed by the National Vulnerability Database were linked to PHP;[274] historically, about 30% of all vulnerabilities listed since 1996 in this database are linked to PHP. Technical security flaws of the language itself or of its core libraries are not frequent (22 in 2009, about 1% of the total although PHP applies to about 20% of programs listed). Recognizing that programmers make mistakes, some languages include taint checking to automatically detect the lack of input validation which induces many issues. Such a feature is being developed for PHP,[276] but its inclusion into a release has been rejected several times in the past.[277][278] There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.[279] Historically, old versions of PHP had some configuration parameters and default values for such runtime
settings that made some PHP applications prone to security issues. Among these, Another example for the potential runtime-settings vulnerability comes from failing to
disable PHP execution (for example by using the Also, enabling the dynamic loading of PHP extensions (via Implied type conversions that result in different values being treated as equal, sometimes against the programmer's intent, can lead to security issues. For
example, the result of the comparison In a 2013 analysis of over 170,000
website defacements, published by Zone-H, the most frequently (53%) used technique was exploitation of file inclusion vulnerability, mostly related to insecure usage of the PHP language
constructs As of April 2021, W3Techs reports that 64% of websites using PHP, use versions 7.2 or older (which are no longer supported by The PHP Development Team) with 35% of all PHP websites using version 5.6 or older.[295] Version 5 is still used by 24.5% of all the websites (September 2021).[296] It is highly recommended to migrate to PHP version 7 or 8 and use random_int() instead of rand() or mt_rand(), as the latter functions are not cryptographically-secure. There are two attacks that can be performed over PHP entropy sources: "Seed Attack" and "State recovery attack". With current GPU technologies an attacker can perform up to 2^30 MD5 calculations per second with a $250 GPU, while with an additional $500 can reach up to 2^32 calculations.[297] In combination with a "birthday attack" this can lead to serious security vulnerabilities. See also[edit]
References[edit]
Further reading[edit]This audio file was created from a revision of this article dated 23 November 2011, and does not reflect subsequent edits.
External links[edit]
|