PHP: Hypertext Preprocessor (or just PHP ) is a server side script language designed for Web development, but also used as a general-purpose programming language. Originally created by Rasmus Lerdorf in 1994, PHP reference implementations are now produced by the PHP Group. PHP originally stands for Personal Home Page , but now stands for the recursive acronym PHP: Hypertext Preprocessor .
PHP code can be embedded into HTML code, or it can be used in combination with various web template systems, web content management systems, and web frameworks. PHP code is usually processed by a PHP interpreter that is implemented as a module on a web server or as an executable Common Gateway Interface (CGI). The web server combines PHP code interpreted and executed, which may be any type of data, including images, with the resulting web page. PHP code can also be run with a command line interface (CLI) and can be used to implement stand-alone graphical applications.
The standard PHP Interpreter, powered by Zend Engine, is free software released under the PHP License. PHP has been widely ported and can be used on most web servers on almost all operating systems and platforms, for free.
PHP language evolves without formal written or standard specifications until 2014, with initial implementations acting as a de facto standard that other implementations aim to follow. Since 2014, the work has produced a formal PHP specification.
During 2010 there has been an increase in efforts towards standardization and code sharing in PHP applications by projects such as PHP-FIG in the form of PSR initiatives as well as Composer dependency managers and packagist repositories. PHP hosts a variety of web frameworks that require special knowledge of the framework, with Laravel recently emerging as a popular choice by combining popular ideas made from other competing non-PHP web frameworks such as Ruby on Rails.
Video PHP
Histori
Sejarah awal
PHP development began in 1994 when Rasmus Lerdorf wrote several Common Gateway Interface (CGI) programs in C, which he used to maintain his personal homepage. He extends them to work with web forms and to communicate with databases, and calls this implementation "Personal Home Page/Forms Interpreter" or PHP/FI.
PHP/FI can be used to build simple and dynamic web applications. To speed up bug reporting and fix the code, Lerdorf initially announced the release of PHP/FI as a "Personal Page Tool (version PHP 1.0)" in the Usenet discussion group comp.infosystems.www.authoring.cgi on June 8 1995. This release already has the basic functionality that PHP has today. These include Perl-like variables, form handling, and the ability to embed HTML. The syntax is similar to Perl, but simpler, more limited and less consistent.
The beginning of PHP is not meant to be a new programming language, and grows organically, with Lerdorf noting in retrospect: "I do not know how to stop it, never any intention to write programming languages ââ[...] I have absolutely no idea how to write the language programming, I keep adding the next logical step on the way. "The development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997.
The fact that PHP was not originally designed, but developed organically has led to inconsistent naming functions and inconsistent parameter bookings. In some cases, function names are selected to match the low-level libraries in which PHP "wraps", while in some early versions of PHP, the length of function names is used internally as a hash function, so names are selected to improve the distribution of hash values.
PHP 3 and 4
Zeev Suraski and Andi Gutmans rewrote the parser in 1997 and formed the base of PHP 3, renaming the language into a recursive acronym PHP: Hypertext Preprocessor . After that, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started the rewriting of the new PHP core, producing Zend Engine in 1999. They also founded Zend Technologies in Ramat Gan, Israel.
On May 22, 2000, PHP 4, powered by Zend Engine 1.0, was released. As of August 2008, this branch reached version 4.4.9. PHP 4 is no longer in development or any security update will not be released.
PHP 5
On July 14, 2004, PHP 5 was released, powered by the new Zend Engine II. PHP 5 includes new features such as increased support for object-oriented programming, PHP Data Objects (PDO) extensions (which define lightweight and consistent interface for database access), and performance improvements. In 2008, PHP 5 became the only stable version under development. The late static attachment has been lost from PHP and added in version 5.3.
Many high profile open source projects stopped supporting PHP 4 in the new code on February 5, 2008, due to the GoPHP5 initiative, provided by a PHP developer consortium that promotes the transition from PHP 4 to PHP 5.
Over time, PHP translators became available on most existing 32-bit and 64-bit operating systems, either by building them from PHP source code, or by using pre-installed binaries. For versions of PHP 5.3 and 5.4, the only available Microsoft Windows binary distribution is a 32-bit x86 build, which requires Windows 32-bit compatibility mode when using Internet Information Services (IIS) on 64-bit Windows platforms. PHP version 5.5 makes 64-bit x86-64 build available for Microsoft Windows.
PHP 6 and Unicode
PHP receives mixed reviews because the original Unicode support is lacking at the core language level. In 2005, a project headed by Andrei Zmievski was initiated to bring genuine Unicode support throughout PHP, embedding the International Components library for Unicode (ICU), and representing the text string as UTF-16 internally. Since this will cause major changes to both the internal language and user code, it is planned to release this as a 6.0 language version, along with other major features later in development.
However, a lack of developers who understand the necessary changes, and performance issues arising from conversion to and from UTF-16, which are rarely used in the web context, cause delays in the project. As a result, the PHP 5.3 release was made in 2009, with many non-Unicode back-ported features of PHP 6, especially the namespaces. In March 2010, the project in its current form was officially abandoned, and the PHP4 release, 5.4 prepared contains the remaining non-Unicode features of PHP 6, such as binding properties and closures. The initial hope is that a new plan will be established for Unicode integration, but by 2014 nothing will be adopted.
PHP 7
During 2014 and 2015, a new major PHP version was developed, which is numbered PHP 7. The numbering of this version involves some debate. While the Unicode 6 Unicode trial has never been released, some articles and titles refer to the PHP 6 name, which may have caused some confusion if the new release reuses the name. After voting, the name of PHP 7 is selected.
The foundation of PHP 7 is a PHP branch originally nicknamed PHP next generation ( phpng ). It was written by Dmitry Stogov, Xinchen Hui and Nikita Popov, and aims to optimize PHP performance with Zend Engine refactoring while maintaining almost complete language compatibility. On July 14, 2014, the WordPress-based benchmark, which serves as the main benchmark for phpng projects, shows a nearly 100% performance improvement. Changes from phpng are also expected to make it easier to improve performance in the future, as more concise data structures and other changes are considered more suitable for successful migration to the just-in-time compiler (JIT). Due to significant changes, the reworked Zend Engine is called Zend Engine 3 , replacing Zend Engine 2 used in PHP 5.
Due to major internal changes in phpng, it has to accept the new main PHP version number, rather than the minor release of PHP 5, according to the PHP release process. The main version of PHP is allowed to break backward compatibility of code and therefore PHP 7 presents opportunities for other improvements beyond phpng that require backwards compatibility. In particular, it involves the following changes:
- Many fatal or recoverable level PHP error mechanisms are replaced with modern object-oriented exceptions
- The syntax for variable dereferencing is reworked to be internally more consistent and complete, allowing operator use - & gt; , [] , () , {} , and :: with left-left expression meaningful
- Support for PHP style 4 constructor methods is out of use
- The behavior of the foreach statement is changed to more predictable
- Constructor for some built-in class to PHP that returns zero after failure is changed to throw exceptions instead, for consistency
- Some unattended or outdated server application program interfaces (SAPIs) and extensions are removed from the PHP core, especially the old
extensions - The operator behavior of list () is changed to remove support for the string
- Support for PHP style code PHP ASP ( & lt;% and % & gt; , & lt; script languages ââ= php & gt; and & lt;/script & gt; ) have been deleted
- An error allows the switch statement to have some defaults default clause
- Support for hexadecimal number support in some implicit conversions from string to number type has been deleted
- Shift-left and right-shift operators are changed to behave more consistently across platforms
- Conversions between integers and floating point numbers are tightened and applied more consistently across platforms
PHP 7 also includes a new language feature. In particular, it introduces a return type declaration for a function, which complements the existing parameter type declarations, and support for scalar types (integer, float, string, and boolean) in declarations of parameter types and returns.
Release history
Starting on June 28, 2011, PHP Group implemented a timeline for the launch of the new version of PHP. Under this system, at least one release should occur each month. Once per year, small releases should occur that may include new features. Each small release should at least be backed up for two years with security fixes and bugs, followed by at least one year of security fixes, for a total three year release process for every small release. No new features, except small and independent, should be introduced to a small release during the three-year release process.
Maps PHP
Mascot
The mascot of the PHP project is elePHPant , a blue elephant with a PHP logo on its side, designed by Vincent Pontier in 1998. The elePHPant is sometimes different in color when in the form of plush toys.
Many variations of this mascot have been made over the years. Only elePHPants based on original design by Vincent Pontier are considered official by the community. These are highly collectible and some of them are very rare. Different variations are listed in A Field Guide to Elephpants.
Syntax
Here's "Hello, World!" program written in PHP code embedded in an HTML document:
However, since there is no requirement for PHP code to embed in HTML, the simplest version of Hello, World! can be written like this, with the closing tag removed as preferred in files containing pure PHP code
PHP Interpreter simply executes PHP code in its delimiter. Anything outside the delimiter is not processed by PHP, although non-PHP text is still subject to the control structure described in PHP code. The most common delimiters are & lt ;? Php to open and ? & Gt; to close the PHP section. Short form & lt ;? is also there. This short boundary makes the script file less portable, because support for it can be disabled in the local PHP configuration and is therefore not recommended. However, there is no recommendation for using short tag echo & lt ;? = . Prior to PHP 5.4.0, this short syntax for echo () only works with the short_open_tag configuration settings enabled, while for PHP 5.4.0 and later is always available. The purpose of all these delimiters is to separate PHP code from non-PHP content, such as JavaScript code or HTML markup.
First form of delimiter, & lt ;? Php and ? & Gt; , in XHTML and other XML documents, creates well-formed XML processing instructions. This means that the mixture of generated PHP code and other markup in the server-side file is a well-formed XML.
The variable begins with the dollar symbol, and the type does not need to be pre-defined. PHP 5 introduces hinting type which allows functions to force their parameters into objects of a particular class, array, interface or callback function. However, before PHP 7.0, type hints can not be used with scalar types such as integers or strings.
Unlike the function and class name, the variable name is case sensitive. The double-quoted ("") and heredoc strings provide the ability to interpolate variable values ââinto strings. PHP treats the new line as a blank space by means of a free-form language, and the statement ends with a semicolon. PHP has three types of comment syntax: /* */
marks inline blocks and comments; //
or #
is used for one line comments. The echo
statement is one of the few facilities provided by PHP for output text, for example. , to the web browser.
In terms of keyword and language syntax, PHP is similar to the C style syntax if condition, for and when the loop, and returns similar functionality in the syntax to languages ââlike C, C, C #, Java, and Perl.
Data type â ⬠<â â¬
PHP stores integers in a platform-dependent range, either integers marked 64-bit or 32-bit equivalent to the C-language long type. Unansigned integers are converted to signed values ââunder certain circumstances; this behavior is different from other programming languages. An integer variable can be given using decimal notation (positive and negative), octal, hexadecimal, and binary.
Floating point numbers are also stored in a platform-specific range. They can be determined using floating point notation, or two forms of scientific notation. PHP has a native Boolean type that is similar to the original Boolean type in Java and C. Using Boolean type conversion rules, non-zero values ââare interpreted as true and zero as false, as in Perl and C.
The null data type represents a variable that has no value; NULL
is the only value that is allowed for this data type.
Variables of type "resources" represent references to resources from external sources. This is usually created by a function of a certain extension, and can only be processed by a function of the same extension; examples include files, images, and database resources.
An array can contain elements of whatever type that PHP can handle, including resources, objects, and even other arrays. The order is preserved in the list of values ââand in the hash by key and value, and both can be mixed. PHP also supports strings, which can be used with single quotes, double quotes, nowdoc or heredoc syntax.
The PHP Standard Library (SPL) tries to solve standard problems and implements an efficient data access interface and class.
Function
PHP defines a large number of functions in the core language and many are also available in various extensions; these functions are well documented in the online PHP documentation. However, the built libraries have various naming conventions and associated inconsistencies, as described under the above history.
Specific functions may be specified by the developer, for example:
By 2018, the output of the above program example is 'I am currently 23 years old.'
Instead of function pointers, functions in PHP can be referenced by strings containing their names. In this way, a normal PHP function can be used, for example, as a callback or in a function table. User-defined functions can be created any time without a prototype. Functions can be defined inside a code block, allowing a run-time decision, whether or not a function should be defined. There is a function code
Until PHP 5.3, support for anonymous and closing functions does not exist in PHP. When create_function ()
exists since PHP 4.0.1, it is just a thin wrapper around eval ()
that allows normal PHP functions created during program execution. PHP 5.3 adds a syntax for defining anonymous or "closing" functions that can capture variables from the surrounding scope:
In the above example, getAdder ()
works to create a closure using the arguments passed use
imports variables from the lexical context), which takes an additional argument $ y
, and returns the closure made to the caller. Such a function is a first-class object, which means it can be stored in a variable, passed as a parameter to another function, etc.
Unusual for dynamically typed languages, PHP supports type declarations on function parameters, which are enforced at runtime. It has been supported for classes and interfaces since PHP 5.0, for arrays since PHP 5.1, for "callables" since PHP 5.4, and scalars (integer, float, string and boolean) types since PHP 7.0. PHP 7.0 also has a type declaration for a function return type, expressed by placing the type name after the parameter list, preceded by a colon. For example, the getAdder
function of the previous example can be annotated with such a type in PHP 7:
By default, scalar type declarations follow a weak typing principle. So, for example, if the parameter type is int
, PHP will allow not only integers, but also numeric strings that can be converted, buoy or boolean to be forwarded to that function, and will convert them. However, PHP 7 has a "tight typing" mode which, when used, does not allow such conversions to function calls and restore in files.
PHP Object
The basic object-oriented programming functionality is added in PHP 3 and enhanced in PHP 4. It enables PHP to gain further abstraction, making creative tasks easier for programmers using language. The object handling is completely rewritten for PHP 5, extending the feature set and improving performance. In previous versions of PHP, objects were handled like value types. The disadvantage of this method is that the code must use a PHP variable "reference" if it wants to modify the object that is passed rather than make a copy. In the new approach, the object is referenced by the handle, and not by value.
PHP 5 introduces private and protected member variables and methods, along with abstract classes, end classes, abstract methods, and end methods. It also introduces a standard way of declaring constructors and destructor, similar to other object-oriented languages ââsuch as C, and standard exception handling models. Furthermore, PHP 5 adds the interface and allows multiple interfaces to be implemented. There is a special interface that allows objects to interact with the runtime system. Objects that implements ArrayAccess can be used with array syntax and objects that implement Iterator or IteratorAggregate can be used with language constructs foreach
. There is no virtual table feature in the machine, so the static variable is bound by name, not a reference at compile time.
If the developer makes a copy of the object using the reserved word clone
, the Zend machine will check whether the __ clone ()
method has been set. Otherwise, it will call the default __ clone ()
which will copy the object property. If the __ clone ()
method is defined, it will be responsible for setting the required properties in the created object. For convenience, the machine will provide a function that imports the properties of the source object, so the programmer can start with a replica value of the source object and only replace the properties that need to be changed.
Here is a basic example of object-oriented programming in PHP:
The PHP property's visibility and methods are defined using the public
, private
, and protected
keywords. The default is public, if only var is used; var
is a synonym for public
. Items declared public
are accessible everywhere. protected
limits access to inherited classes (and to the class that defines the items). private
limits visibility only to the class that defines the item. Objects of the same type have access to private members and are protected respectively even though they are not the same example. Features of PHP member visibility are sometimes described as "very useful." However, they are also sometimes described as "least relevant and at worst positively dangerous."
Implementations
The original, only complete and most widely used PHP implementation was supported by Zend Engine and known only as PHP. To distinguish it from other implementations, sometimes unofficially called "PHP Zend". Zend Engine compiles the on-the-fly PHP source code into an executable executable format, thus serving as an interpreter. It is also a "reference implementation" of PHP, since PHP does not have a formal specification, and the semantics of PHP Zend define the PHP semantics. Because of the semantics and complexity of PHP semantics, defined by Zend's work, it is difficult for competing implementations to offer complete compatibility.
A single PHP request-per-script model, and the fact that Zend Engine is an interpreter, causes inefficiency; as a result, various products have been developed to help improve the performance of PHP. To speed up the execution time and do not need to compile the PHP source code every time a web page is accessed, PHP scripts can also be used in PHP's internal machine format by using the opcode cache, which works by caching the compiled form of PHP scripts (opcodes) in shared memory to avoid overhead parsing and compiling code every time the script runs. Opcode cache, Zend Opcache, built into PHP since version 5.5. Another example of the widely used opcode cache is Alternative PHP Cache (APC), which is available as a PECL extension.
While Zend PHP is still the most popular implementation, several other implementations have been developed. Some of them are compilers or support JIT compilations, and therefore offer performance benefits over Zend PHP at the expense of incomplete PHP compatibility. Alternative implementations include the following:
- HHVM (Virtual HipHop Machine) Ã, - developed on Facebook and available as open source, it converts PHP code into a high-level bytecode (commonly known as an intermediate language), which is then translated to x86-64 machine code dynamic at runtime by just-in-time compiler (JIT), resulting in performance improvements of up to 6ÃÆ'..
- ParrotÃ, - a virtual machine designed to run dynamic languages ââefficiently; Pipp converts the PHP source code into the intermediate Parrot representation, which is then translated into Parrot bytecode and run by the virtual machine.
- PhalangerÃ, - compiles PHP into Common Intermediate Language (CIL) bytecode
- QuercusÃ, - compiles PHP to Java bytecode
- HipHop - developed on Facebook and available as open source, it converts PHP scripts into C code and then compiles generated code, reducing server load by 50%. In early 2013, Facebook stopped it for HHVM for several reasons, including difficulty in use and lack of support for all PHP languages, including create_function () and eval () constructs.
License
PHP is free software released under the PHP License, which specifies that:
Products derived from this software can not be called "PHP", or maybe "PHP" appears in their name, without the prior written consent of group@php.net. You can show that your software works with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo".
This "PHP" use restriction makes PHP Licensing incompatible with General Public License (GPL), while the Zend License is not compatible because the ad clause is similar to the original BSD license.
Development and community
PHP includes various open source and free libraries in its source distribution, or use them in generating PHP build binaries. PHP is essentially an Internet-aware system with built-in modules for accessing the File Transfer Protocol (FTP) server and many database servers, including PostgreSQL, MySQL, Microsoft SQL Server, and SQLite (which is an embedded database), an LDAP server, and others. Many of the functions familiar to C programmers, such as those in the stdio family, are available in standard PHP form.
PHP allows developers to write extensions in C to add functionality to PHP language. The PHP extension can be compiled statically to PHP or loaded dynamically at the time of the process. Many extensions have been written to add support for Windows APIs, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and some popular compression formats. Other PHP features available through extensions include integration with IRC, dynamic image creation and Adobe Flash content, PHP Data Objects (PDO) as the abstraction layer used to access the database, and even speech synthesis. Some of the language's core functions, such as those related to strings and arrays, are also implemented as extensions. The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.
Some other projects, such as Zephir , provide the ability for PHP extensions to be created in high-level languages ââand compiled into native PHP extensions. Such an approach, instead of writing PHP direct extensions in C, simplifies the development of extensions and reduces the time required for programming and testing.
The PHP group consists of ten people (in 2015): Thies C. Arntzen, Stig Bakken, Shane Caraveo, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, Andrei Zmievski.
Zend Technologies provides PHP Certification based on the PHP 5.5 exam for programmers to become certified PHP developers.
Installation and configuration
There are two main ways to add support for PHP to a web server - as a native web server module, or as a CGI execution. PHP has a direct module interface called Server Application Programming Interface (SAPI), which is supported by many web servers including Apache HTTP Server, Microsoft IIS, Netscape (now not working) and iPlanet. Some other web servers, such as OmniHTTPd, support the Internet Server Application Programming Interface (ISAPI), which is the interface of Microsoft's web server module. If PHP does not have module support for web servers, PHP can always be used as a Common Gateway Interface (CGI) or FastCGI processor; in this case, the web server is configured to use PHP's executable CGI to process all requests to a PHP file.
PHP-FPM (FastCGI Process Manager) is an alternative implementation of FastCGI for PHP, bundled with the official PHP distribution since version 5.3.3. When compared to older FastCGI implementations, it contains some additional features, mostly useful for highly loaded web servers.
When using PHP for command line scripts, a PHP command line interface (CLI) is required. PHP supports CLI SAPI in PHP 4.3.0. The main focus of SAPI is to develop shell applications using PHP. There are some differences between CLI SAPI and SAPI others, although they share many of the same behaviors.
PHP has a direct module interface called SAPI for various web servers; in the case of PHPÃ, 5 and ApacheÃ, 2.0 on Windows, it is provided in the form of a DLL file called php5apache2.dll , which is a module that, among other functions, provides an interface between PHP and web server, implemented in a form that is understood by the server. This form is what is known as SAPI.
There are different types of SAPI for various web server extensions. For example, in addition to the ones listed above, other SAPI for PHP languages ââinclude the Common Gateway Interface (CGI) and the command line interface (CLI).
PHP can also be used to write graphical desktop graphical interface applications (GUI), by using the PHP-GTK extension. PHP-GTK is not included in the official PHP distribution, and as an extension can only be used with PHP 5.1.0 and later versions. The most common way to install PHP-GTK is to compile from source code.
When PHP is installed and used in a cloud environment, a software development kit (SDK) is provided to use special cloud features. As an example:
- Amazon Web Services provides the AWS SDK for PHP
- Windows Azure can be used with Windows Azure SDK for PHP.
Many configuration options are supported, affecting core PHP features and extensions. The php.ini
configuration file is searched in different locations, depending on how PHP is used. The configuration file is divided into sections, while some configuration options can also be configured in the web server configuration.
Use
PHP is a general purpose scripting language that is perfect for server side web development, in this case PHP generally runs on web servers. Any PHP code in the requested file is run by PHP runtime, usually to create dynamic web page content or dynamic images used on websites or elsewhere. It can also be used for command line scripts and client-side graphical user interface (GUI) applications. PHP can be used on most web servers, multiple operating systems and platforms, and can be used with many relational database management systems (RDBMS). Most web hosting providers support PHP for use by their clients. It's available for free, and the PHP Group provides complete source code for users to create, customize and expand for their own use.
PHP acts primarily as a filter, taking input from a file or stream containing text and/or PHP instructions and generating another data stream. The most common result is HTML, although it can be either JSON, XML or binary data such as image or audio formats. Since PHP 4, the PHP parser compiles the input to generate bytecode to be processed by Zend Engine, providing improved performance compared to its predecessor interpreter.
Originally designed to create dynamic web pages, PHP now focuses primarily on server-side scripting, and it's similar to server-side scripting languages ââthat provide dynamic content from web servers to clients, such as Microsoft ASP.NET, Sun Microsystems' JavaServer Pages, and mod_perl . PHP has also attracted the development of many software frameworks that provide building blocks and design structures to promote rapid application development (RAD). Some of them include PRADO, CakePHP, Symfony, CodeIgniter, Laravel, Yii Framework, Phalcon and Zend Framework, offering features similar to other web frameworks.
The LAMP architecture has become popular in the web industry as a way of deploying web applications. PHP is usually used as P in this bundle with Linux, Apache and MySQL, although P can also refer to Python, Perl, or some mix of all three. Similar packages, WAMP and MAMP, are also available for Windows and OS X, with the first letter standing for each operating system. Although PHP and Apache are provided as part of the basic installation of Mac OS X, this package user looks for a simpler installation mechanism that can be more easily updated.
As of April 2007, over 20 million Internet domains have web services hosted on servers with PHP installed and mod_php listed as the most popular Apache HTTP Server module. As of June 2018, PHP is used as a server-side programming language at 83.5% of websites where language can be specified. Web content management systems written in PHP include MediaWiki, Joomla, eZ Publish, eZ Platform, SilverStripe, WordPress, Drupal, and Moodle. Websites written in PHP, on the back-end and/or users, including Facebook, Digg, Tumblr, Dailymotion, and Slack.
For specific and more advanced usage scenarios, PHP offers a well-defined and documented way to write custom extensions in C or C. In addition to expanding the language itself in the form of additional libraries, the extension provides a way to increase the very important execution speed and there is room for improvement using the compiled language. PHP also offers a well-defined way to embed itself into other software projects. That way PHP can be easily used as an internal scripting language for other projects, it also provides a rigorous interface to the project's specific internal data structure.
PHP receives mixed reviews due to lack of support for multithreading at the core language level, although using threads is made possible by the "pthread" PECL extension.
In January 2013, PHP was used on over 240 million websites (39% of those samples) and installed on 2.1 million web servers.
The command line interface, php-cli, and two scripting engines ActiveX Windows Script Host for PHP have been produced.
Security
By 2017, 3% of all vulnerabilities listed by the National Vulnerability Database are related to PHP; Historically, about 30% of all registered vulnerabilities since 1996 in this database are associated with PHP. The technical security flaws from the language itself or from the core library are not frequent (22 in 2009, about 1% of the total although PHP applies to about 20% of the programs listed). Realizing that programmers make mistakes, some languages ââinclude staining checks to automatically detect the lack of validation of inputs that cause a lot of trouble. Such features are being developed for PHP, but inclusion into releases has been rejected several times in the past.
There are advanced protection patches like Suhosin and Hardening-Patch, designed specifically for the web hosting environment.
There are certain language features and configuration parameters (especially default values ââfor runtime settings) that make PHP applications vulnerable to security issues. Among these, the magic_quotes_gpc and register_globals configuration commands are the best known; the latter makes any URL parameters into PHP variables, paving the way for serious security vulnerabilities by allowing attackers to set the value of each global variable initialized and disrupt the execution of PHP scripts. Support for "magic quotes" and "global lists" has been out of date since PHP 5.3.0, and deleted in PHP 5.4.0.
Another example for a vulnerability runtime setting comes from a failure to disable PHP execution (via engine the configuration directive) for the directory where the uploaded image is stored; leaving the default settings may result in malicious PHP code execution embedded in the uploaded image. Also, leaving enabled dynamic loading of PHP extensions (via the enable_dl configuration directive) in a shared web hosting environment may cause security issues.
Also, implied type conversions that generate incompatible values ââare treated as identical to the intent of the programmer can cause security issues. For example, the comparison result 0e1234 == 0 the comparison is true , since the first comparable value is treated as a scientific notation that has a value ( 0 ÃÆ' - 10 1234 ), ie zero . This feature generates authentication vulnerabilities in the Simple Machines Forum, Typo3, and phpBB when MD5 password hashes are compared. Instead, either the strcmp function or the identity operator ( === ) should be used; 0e1234 === 0 produces false .
In the 2013 analysis of over 170,000 websites, published by Zone-H, the most frequent technique (53%) used was the exploitation of inclusion file vulnerabilities, mostly related to the use of unsafe PHP functions including >, need , and allow_url_fopen .
See also
References
Further reading
-
Paul Ford (June 11, 2015). "What is Code?". Bloomberg Businessweek . What is the Absolute Minimum I Need to Know About PHP?
External links
- Official website
- PHP in Curlie (based on DMOZ)
- PHP Manual Reference
- PHP source code repository in GitHub
- PHP and Symfony: Structure, Stability, and Flexibility
Source of the article : Wikipedia