PHP

{{Infobox programming language | name = | logo = | caption = | file ext = .php, .phtml .php4 .php3 .php5 .phps | paradigm = imperative, object-oriented, Procedural, reflective | released = | designer = Rasmus Lerdorf | developer = The PHP Group | latest release version = 5.3.6 | latest release date = | typing = Dynamic, weak | implementations = Zend Engine, Phalanger, Quercus, Project Zero, HipHop | dialects = | influenced by = C, Perl, Java, C++, Tcl PHP can be deployed on most web servers and as a standalone interpreter, on almost every operating system and platform free of charge. and similar languages, PHP is installed on more than 20 million websites and 1 million web servers.

PHP was originally created by Rasmus Lerdorf in 1995. The main implementation of PHP is now produced by The PHP Group and serves as the de facto standard for PHP as there is no formal specification. PHP is free software released under the PHP License which is incompatible with the GNU General Public License (GPL) due to restrictions on the usage of the term PHP.

While PHP originally stood for "Personal Home Page", it is now said to stand for "PHP: Hypertext Preprocessor", a recursive acronym.

History

PHP originally stood for "personal home page". Lerdorf initially announced the release of PHP on the comp.infosystems.www.authoring.cgi Usenet discussion group on June 8, 1995.

Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism PHP: Hypertext Preprocessor. They also founded Zend Technologies in Ramat Gan, Israel.

A new major version has been under development alongside PHP 5 for several years. This version was originally planned to be released as PHP 6 as a result of its significant changes, which included plans for full Unicode support. However, Unicode support took developers much longer to implement than originally thought, and the decision was made in March 2010 to move the project to a branch, with features still under development moved to trunk.

Changes in the new code include the removal of register_globals, magic quotes, and safe mode. The reason for the removals was that register_globals had given way to security holes, and the use of magic quotes had an unpredictable nature, and was best avoided. Instead, to escape characters, magic quotes may be replaced with the addslashes() function, or more appropriately an escape mechanism specific to the database vendor itself like mysql_real_escape_string() for MySQL. Functions that will be removed in future versions and have been deprecated in PHP 5.3 will produce a warning if used.

Many high-profile open-source projects ceased to support PHP 4 in new code as of February 5, 2008, because of the GoPHP5 initiative, provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.

PHP does not have native support for Unicode or multibyte strings; Unicode support is under development for a future version of PHP and will allow strings as well as class-, method-, and function-names to contain non-ASCII characters.

PHP interpreters are available on both 32-bit and 64-bit operating systems, but on Microsoft Windows the only official distribution is a 32-bit implementation, requiring Windows 32-bit compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform. As of PHP 5.3.0, experimental 64-bit versions are available for MS Windows.

Licensing

PHP is free software released under the PHP License, which insists that: 4. Products derived from this software may not be called "PHP", nor may "PHP" appear in their name, without prior written permission from group@php.net. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo"

This restriction on use of the name PHP makes it incompatible with the GNU General Public License (GPL).

Release history

{| class="wikitable" |- ! Major version !! Minor version !! Release date !! Notes |- !1 | style="background:salmon;" | 1.0.0 | |Officially called "Personal Home Page Tools (PHP Tools)". This is the first use of the name "PHP". |- | style="background:salmon;" | 4.1.0 | |Introduced 'superglobals' ($_GET, $_POST, $_SESSION, etc.) |- | style="background:salmon;" | 4.4.0 | |Added man pages for phpize and php-config scripts. |- !rowspan="11"|5 | style="background:salmon;" | 5.0.0 | |Zend Engine II with a new object model. |- | style="background:salmon;" | 5.1.0 | |Performance improvements with introduction of compiler variables in re-engineered PHP Engine. It can also be used for command-line scripting and client-side GUI applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems (RDBMS). It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.

PHP primarily acts as a filter, taking input from a file or stream containing text and/or PHP instructions and outputs another stream of data; most commonly the output will be HTML. Since PHP 4, the PHP parser compiles input to produce bytecode for processing by the Zend Engine, giving improved performance over its interpreter predecessor.

Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting, and it is similar to other server-side scripting languages that provide dynamic content from a web server to a client, such as Microsoft's Asp.net, Sun Microsystems' JavaServer Pages, and mod_perl. PHP has also attracted the development of many frameworks that provide building blocks and a design structure to promote rapid application development (RAD). Some of these include CakePHP, Symfony, CodeIgniter, and Zend Framework, offering features similar to other web application frameworks.

The LAMP architecture has become popular in the web industry as a way of deploying web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python or Perl or some combination of the three. WAMP packages (Windows/ Apache/ MySQL / PHP) and MAMP packages (Mac OS X / Apache / MySQL / PHP) are also available.

As of April 2007, over 20 million Internet domains had web services hosted on servers with PHP installed and mod_php was recorded as the most popular Apache HTTP Server module. PHP is used as the server-side programming language on 75% of all web servers. Web content management systems written in PHP include MediaWiki, Joomla, eZ Publish, WordPress, Drupal and Moodle. All websites created using these tools are written in PHP, including the user-facing portion of Wikipedia, Facebook, and Digg.

Security

The National Vulnerability Database maintains a list of vulnerabilities found in computer software. The overall proportion of PHP-related vulnerabilities on the database amounted to: 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, 35% in 2008, and 30% in 2009. Most of these PHP-related vulnerabilities can be exploited remotely: they allow attackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.

These vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language itself or of its core libraries are not frequent (23 in 2008, about 1% of the total). Recognizing that programmers cannot be trusted, some languages include taint checking to detect automatically the lack of input validation which induces many issues. Such a feature is being developed for PHP, but its inclusion in a release has been rejected several times in the past.

Hosting PHP applications on a server requires careful and constant attention to deal with these security risks. There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.

PHPIDS adds security to any PHP application to defend against intrusions. PHPIDS detects Cross-site scripting (XSS), SQL injection, header injection, Directory traversal, Remote File Execution, Local File Inclusion, Denial of Service (DoS).

Syntax

The PHP interpreter only executes PHP code within its delimiters. Anything outside its delimiters is not processed by PHP (although non-PHP text is still subject to control structures described within PHP code). The most common delimiters are to open and ?> to close PHP sections. delimiters are also available, as are the shortened forms or (which is used to echo back a string or variable) and ?> as well as ASP-style short forms <% or <%= and %>. While short delimiters are used, they make script files less portable as support for them can be disabled in the PHP configuration, and so they are discouraged. The purpose of all these delimiters is to separate PHP code from non-PHP code, including HTML.

The first form of delimiters, and ?>, in XHTML and other XML documents, creates correctly formed XML 'processing instructions'. This means that the resulting mixture of PHP code and other markup in the server-side file is itself well-formed XML.

Variables are prefixed with a dollar symbol and a type does not need to be specified in advance. Unlike function and class names, variable names are case sensitive. Both double-quoted ("") and heredoc strings allow the ability to embed a variable's value into the string. PHP treats newlines as whitespace in the manner of a free-form language (except when inside string quotes), and statements are terminated by a semicolon. PHP has three types of comment syntax: /* */ marks block and inline comments; // as well as # are used for one-line comments. The echo statement is one of several facilities PHP provides to output text (e.g. to a web browser).

In terms of keywords and language syntax, PHP is similar to most high level languages that follow the C style syntax. if conditions, for and while loops, and function returns are similar in syntax to languages such as C, C++, Java and Perl.

Data types

PHP stores whole numbers in a platform-dependent range, either a 64-bit or 32-bit signed integer equivalent to the C-language long type. Unsigned integers are converted to signed values in certain situations; this behavior is different from other programming languages. Integer variables can be assigned using decimal (positive and negative), octal, and hexadecimal notations. Floating point numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation. PHP has a native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C++.

The Standard PHP Library (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.

Functions

PHP has hundreds of base functions and thousands more via extensions. These functions are well documented on the PHP site; however, the built-in library has a wide variety of naming conventions and inconsistencies. PHP currently has no functions for thread programming, although it does support multiprocess programming on POSIX systems. Additional functions can be defined by a developer: function myFunction() { return 'John Doe'; }

echo 'My name is ' . myFunction() . '!';

PHP 5.2 and earlier

Functions are not first-class functions and can only be referenced by their name, directly or dynamically by a variable containing the name of the function. User-defined functions can be created at any time without being prototyped. The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and final classes as well as abstract methods and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with array syntax and objects implementing Iterator or IteratorAggregate can be used with the foreach language construct. There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.

If the developer creates a copy of an object using the reserved word clone, the Zend engine will check if a __clone() method has been defined or not. If not, it will call a default __clone() which will copy the object's properties. If a __clone() method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports the properties of the source object, so that the programmer can start with a by-value of the source object and only override properties that need to be changed.

Basic example of object-oriented programming as described above: class Person { public $firstName; public $lastName;

public function __construct($firstName, $lastName = '') { //Optional parameter $this->firstName = $firstName; $this->lastName = $lastName; }

public function greet() { return "Hello, my name is " . $this->firstName . " " . $this->lastName . "."; }

static public function staticGreet($firstName, $lastName) { return "Hello, my name is " . $firstName . " " . $lastName . "."; } }

$he = new Person('John', 'Smith'); $she = new Person('Sally', 'Davis'); $other= new Person('Joe');

echo $he->greet(); // prints "Hello, my name is John Smith." echo ''; echo $she->greet(); // prints "Hello, my name is Sally Davis." echo ''; echo $other->greet(); // prints "Hello, my name is Joe ." echo ''; echo Person::staticGreet('Jane', 'Doe'); // prints "Hello, my name is Jane Doe."

Visibility of properties and methods

The visibility of PHP properties and methods refers to visibility in PHP. It is defined using the keywords public, private, and protected. The default is public, if only var is used; var is a synonym for public. Items declared public can be accessed everywhere. protected limits access to inherited classes (and to the class that defines the item). private limits visibility only to the class that defines the item. Objects of the same type have access to each other's private and protected members even though they are not the same instance. PHP's member visibility features have sometimes been described as "highly useful." However, they have also sometimes been described as "at best irrelevant and at worst positively harmful."

Speed optimization

PHP source code is compiled on-the-fly to an internal format that can be executed by the PHP engine. In order to speed up execution time and not have to compile the PHP source code every time the webpage is accessed, PHP scripts can also be deployed in executable format using a PHP compiler.

Code optimizers aim to enhance the performance of the compiled code by reducing its size, merging redundant instructions and making other changes that can reduce the execution time. With PHP, there are often opportunities for code optimization. An example of a code optimizer is the eAccelerator PHP extension.

Another approach for reducing compilation overhead for PHP servers is using an opcode cache. Opcode caches work by caching the compiled form of a PHP script (opcodes) in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. An opcode cache, APC, will be built into an upcoming release of PHP.

Opcode caching and code optimization can be combined for best efficiency, as the modifications do not depend on each other (they happen in distinct stages of the compilation).

Compilers

The PHP language was originally implemented as an interpreter. Several compilers have been developed which decouple the PHP language from the interpreter. Advantages of compilation include better execution speed, obfuscation, static analysis, and improved interoperability with code written in other languages. The following are actual PHP compilers:

bcompiler - a PHP bytecode compiler

phc - a C++ based compiler for PHP, using the Zend run-time for maximum compatibility

Roadsend - achieves native compilation by compiling to bigloo scheme, which in turn is compiled to C, then to machine code

Raven - a rewrite of Roadsend PHP (rphp), based on LLVM and a new C++ runtime

Phalanger - compiles source code written in the PHP scripting language into CIL byte-code

Caucho Resin/Quercus - compiles PHP to Java bytecode

HipHop - developed at Facebook and now available as open source, transforms the PHP Script into C++, then compiles it, reducing server load up to 50%.

php-to-scala - converts PHP to human-readable Scala source code, which the developer can compile to Java bytecode

phc-win - PHC-WIN is a windows application that allows one to create EXEs from PHP code.

"Embedders" also exist, which can package PHP scripts and other files into a Windows Executable, but do not provide any of the benefits of language-level compilation:

ExeOutput for PHP - PHP compiler for Windows (commercial)

Resources

PHP includes free and open source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing servers, many database servers, embedded SQL libraries such as embedded PostgreSQL, MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as those in the stdio family are available in the standard PHP build.

PHP allows developers to write extensions in C to add functionality to the PHP language. These can then be compiled into PHP or loaded dynamically at runtime. Extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Some more unusual features include integration with Internet Relay Chat, dynamic generation of images and Adobe Flash content, and even speech synthesis. The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.

Zend provides a certification exam for programmers to become certified PHP developers.

See also

Comparison of programming languages

Comparison of PHP Frameworks

List of AMP packages

List of PHP editors

PHP accelerator

PHP-FPM

PHP-GTK

Template processor

EasyPHP

XAMPP

Zend Certified Engineer

Zend Server Community Edition

Notes

External links

PHP Section on DevShed

PHP Reference Manual

Category:Free compilers and interpreters Category:Procedural programming languages Category:Object-oriented programming languages Category:PHP programming language Category:Scripting languages Category:Initialisms Category:Cross-platform software Category:Internet terminology Category:Filename extensions