What is PHP?

PHP is a programming language used to create websites. Short for "PHP: Hypertext Preprocessor", it is an open-source, reflective programming language used mainly for developing server-side applications and dynamic web content, and more recently, a broader range of software applications.

PHP allows interaction with a large number of relational database management systems, such as MySQL, Oracle, IBM DB2, Microsoft SQL Server, PostgreSQL and SQLite. PHP runs on most major operating systems, including Unix, Linux, Windows, and Mac OS X, and can interact with many major web servers. The official PHP website contains very extensive documentation.

There is a command line interface (CLI), as well as GUI libraries such as the Gimp Tool Kit (GTK+) and text mode libraries like Ncurses and Newt.

PHP is the result of the efforts of many contributors. It is licensed under the PHP License, a BSD-style license. Since version 4, it has been powered by the Zend engine.

PHP was originally designed as a small set of Perl scripts, followed by a rewritten set of CGI binaries written in C by the Danish-Canadian programmer Rasmus Lerdorf in 1994 to display his résumé and to collect certain data, such as how much traffic his page was receiving. "Personal Home Page Tools" was publicly released on 8 June 1995 after Lerdorf combined it with his own Form Interpreter to create PHP/FI.

Zeev Suraski and Andi Gutmans, two Israeli developers of the Technion - Israel Institute of Technology, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive acronym "PHP: Hypertext Preprocessor". The development team officially released PHP/FI 2 in November 1997 after months of beta testing. Public testing of PHP 3 began immediately and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend engine in 1999 (a page at www.zend.com states that PHP 3 was powered by Zend Engine 0.5). They also founded Zend Technologies in Ramat Gan, Israel which has since overseen the PHP advances.

In May 2000, PHP 4, powered by the Zend Engine 1.0, was released.

On July 13, 2004, PHP 5 was released, powered by Zend Engine II. PHP 5 includes new features such as PHP Data Objects (PDO) and more performance enhancements taking advantage of the new engine.

Support for objects
Up until version 3, PHP had no object-oriented features. In version 3 basic object functionality was added. The same semantics were implemented in PHP 4 as well as pass-by-reference and return-by-reference for objects but the implementation still lacked the powerful and useful features of other object-oriented languages like C++ and Java.

In version 5, which was released in July 2004, PHP's object-oriented functionality has been very much enhanced and is more robust and complete.

Criticisms of PHP include those general criticisms ascribed to other scripting programming languages and dynamically typed languages. In addition, specific criticisms of PHP include: SyntaxPHP does not enforce the declaration of variables, and variables that have not been initialized can have operations (such as concatenation) performed on them; however, an operation on an uninitialized variable does raise an E_NOTICE level error, errors that are hidden by default. This leads to security holes with register_globals (not on by default), as mentioned below. See also error_reporting().

Within sections of the built-in function selection there is little or no consistency regarding argument order (examples: order of subject array and other data for array handling functions, order of needle and haystack in various search functions).

Variables in PHP are not limited to one type. It is possible to assign an integer value to the variable $Q, then assign a string value, and then assign an array to it. Functions are also not allowed to (directly) force the types of their arguments, and overloading is not allowed. This can often lead to difficult-to-debug code.

Type checking is not strict. In most languages "0" (the string "0") is not equivalent to 0 (the integer zero), which in turn is not equal to the value FALSE (which is the boolean value for 0). In PHP, this is not the case unless strict comparisons are used.

$intVar = 0;
$strVar = "0";
$boolVar = FALSE;
if ($intVar == $strVar && $boolVar == $strVar) {
echo 'These values are the same when non-strict comparisons are used';
echo 'Instead, strict === comparisons must be used, which also check for type';
if ($intVar === $strVar) {
echo 'This code will not be executed.';

Built-in functions
Built-in function names have no standard form, with some employing underscores (e.g. strip_tags, html_entity_decode) while others do not (e.g. stripslashes, htmlentities). Furthermore, some functions are verb_noun() while others are noun_verb() and some are prefixed_byModuleName while others use a module_suffix_scheme. Although all new functions do follow a naming standard, old names remain for backward compatibility reasons.

Some functions have inconsistent output. Statements like This function may return Boolean FALSE, but may also return a non-Boolean value which evaluates to FALSE, such as 0 or "". can be found in the documentation. This is related to PHP's dynamic typing. A workaround is using strict (===) type checking as opposed to loose (==). See also the manual on type juggling.

The number of built-in functions is said to be too numerous, with many functions performing the same actions, but with just slightly different data, results, etc. This is said to make it difficult to program in the language without the frequent consultation of a reference work.

There are over 3,000 functions, sharing the same global namespace. Most functions are not enabled by default, but become available when PHP is linked against the required libraries. To mitigate this, function names are usually prefixed with their library name.

There is a "magic quotes" feature that inserts backslashes into user input strings. The feature was introduced to reduce code written by beginners from being dangerous (such as in SQL injection attacks), but some criticize it as a frequent cause of improperly displayed text or encouraging beginners to write PHP which is vulnerable to SQL-injection when used on a system with it turned off. (Always be sure to check for "magic-quotes": get_magic_quotes_gpc(); and to unset "magic-quotes-runtime": set_magic_quotes_runtime(0);.) Magic Quotes Runtime defaults to Off. The default Magic Quotes GPC setting is determined by which of the PHP ini files that you use. It is On by default in php.ini-dist, and Off in php.ini-recommended. For more information, see the security section in the Magic Quotes chapter of the PHP manual.

If register_globals is enabled in PHP's configuration file, PHP automatically puts the values of Post, Get, Cookie and Session Parameters into standard variables, which can be a significant security risk for scripts that assume those variables are undefined. As of version 4.2.0 register_globals defaults to off. For more information, see the security section in the Using Register Globals chapter of the PHP manual.

Other languages, such as ASP.NET, include functionality to detect and clean harmful cross-site scripting or other malicious code automatically, whereas PHP does not. See also strip_tags().

In the majority of cases, Linux and Unix webservers with PHP installed (using mod_php) typically run PHP scripts as "nobody", which can make file security in a shared hosting environment difficult. PHP's Safe Mode can emulate the security behavior of the OS to partially overcome this problem.

Error messages are said to be confusing, although this is a common criticism levelled at many programming languages. For further information, see the manual section on PHP parser tokens. (PHP's error reporting when set to report all has especially useful tips. The only one that might be confusing to a new programmer is the one where it expects a semi colon at the end of your page. This is normally caused by not closing a brace somewhere in your code.) The many settings in the PHP interpreter's configuration file (php.ini) mean that code that works with one installation of PHP might not work with another. For example, if code is written to work with register_globals turned on, it won't work on another system that has register_globals turned off. This makes it necessary to write code that is cross-platform compatible by assuming that register_globals will be off and therefore calling a global variable with its prefix in front of its name, such as $_POST['variable'], $_SERVER['variable'] and $_COOKIE['variable']—not, simply, $variable. For more information, see the manual page on using external variables.

Some PHP extensions use libraries that are not threadsafe, so rendering with Apache 2's Multithreaded MPM (multi-processing module) may cause crashes.

There is no native support for Unicode or multibyte strings (mbstring is provided as an extension). This is an improvement planned for the next major revision (5.5 or 6.0).

A library has been developed called WASP or Web Application Structure for PHP that delivers a three-tier framework for PHP web applications more similar to other formal enterprise products like WLS (Web Logic Server) instead of PHP's usual script-style, code-hacker-friendly approach. PHP5 is not fully backward compatible with PHP4.

About this Article
This article is from The Wikipedia which is published under the GNU Free Documentation License.


Post a Comment