 |
What is PHP?
|
PHP is a programming
language used to create websites. Short for "PHP: Hypertext Preprocessor",
it is an open-source, reflective programming language used
mainly for developing
server-side applications and dynamic web content, and more
recently, a broader range of software applications.
PHP allows interaction with a large number of relational database
management systems, such as MySQL, Oracle, IBM DB2, Microsoft
SQL Server, PostgreSQL and SQLite. PHP runs on most major operating
systems, including Unix, Linux, Windows, and Mac OS X, and
can interact with many major web servers. The official PHP
website contains very extensive documentation.
There is a command line interface (CLI), as well as GUI libraries
such as the Gimp Tool Kit (GTK+) and text mode libraries like
Ncurses and Newt.
PHP is the result of the efforts of many contributors. It
is licensed under the PHP License, a BSD-style license. Since
version 4, it has been powered by the Zend engine.
History
PHP was originally
designed as a small set of Perl scripts, followed by a rewritten
set of CGI binaries written in C by
the Danish-Canadian programmer Rasmus Lerdorf in 1994 to display
his résumé and to collect certain data, such
as how much traffic his page was receiving. "Personal
Home Page Tools" was publicly released on 8 June 1995
after Lerdorf combined it with his own Form Interpreter to
create PHP/FI.
Zeev Suraski and
Andi Gutmans, two Israeli developers of the Technion - Israel
Institute of Technology, rewrote the parser
in 1997 and formed the base of PHP 3, changing the language's
name to the recursive acronym "PHP: Hypertext Preprocessor".
The development team officially released PHP/FI 2 in November
1997 after months of beta testing. Public testing of PHP 3
began immediately and the official launch came in June 1998.
Suraski and Gutmans then started a new rewrite of PHP's core,
producing the Zend engine in 1999 (a page at www.zend.com states
that PHP 3 was powered by Zend Engine 0.5). They also founded
Zend Technologies in Ramat Gan, Israel which has since overseen
the PHP advances.
In May 2000, PHP 4, powered by the Zend Engine 1.0, was released.
On July 13, 2004, PHP 5 was released, powered by Zend Engine
II. PHP 5 includes new features such as PHP Data Objects (PDO)
and more performance enhancements taking advantage of the new
engine.
Support for objects
Up until version 3, PHP had no object-oriented features.
In version 3 basic object functionality was added. The same
semantics
were implemented in PHP 4 as well as pass-by-reference and
return-by-reference for objects but the implementation still
lacked the powerful and useful features of other object-oriented
languages like C++ and Java.
In version 5, which was released in July 2004, PHP's object-oriented
functionality has been very much enhanced and is more robust
and complete.
Criticism
Criticisms of PHP include those general criticisms ascribed
to other scripting programming languages and dynamically typed
languages. In addition, specific criticisms of PHP include:
Syntax
PHP does not enforce the declaration of variables, and variables
that have not been initialized can have operations (such as
concatenation) performed on them; however, an operation on
an uninitialized variable does raise an E_NOTICE level error,
errors that are hidden by default. This leads to security holes
with register_globals (not on by default), as mentioned below.
See also error_reporting().
Within sections of the built-in function selection there is
little or no consistency regarding argument order (examples:
order of subject array and other data for array handling functions,
order of needle and haystack in various search functions).
Variables in PHP are not limited to one type. It is possible
to assign an integer value to the variable $Q, then assign
a string value, and then assign an array to it. Functions are
also not allowed to (directly) force the types of their arguments,
and overloading is not allowed. This can often lead to difficult-to-debug
code.
Type checking is
not strict. In most languages "0" (the
string "0") is not equivalent to 0 (the integer zero),
which in turn is not equal to the value FALSE (which is the
boolean value for 0). In PHP, this is not the case unless strict
comparisons are used.
$intVar = 0;
$strVar = "0";
$boolVar = FALSE;
if ($intVar == $strVar && $boolVar == $strVar) {
echo 'These values are the same when non-strict comparisons
are used';
}
echo 'Instead, strict === comparisons must be used, which also
check for type';
if ($intVar === $strVar) {
echo 'This code will not be executed.';
}
Built-in functions
Built-in function names have no standard form, with some employing
underscores (e.g. strip_tags, html_entity_decode) while others
do not (e.g. stripslashes,
htmlentities). Furthermore, some functions are verb_noun() while others are
noun_verb() and some are prefixed_byModuleName while others use a module_suffix_scheme.
Although all new functions do follow a naming standard, old names remain for
backward compatibility reasons.
Some functions
have inconsistent output. Statements like This function may
return Boolean FALSE, but may also return a
non-Boolean value which evaluates
to FALSE, such as 0 or "". can be found in the documentation. This
is related to PHP's dynamic typing. A workaround is using strict (===) type
checking as opposed to loose (==). See also the manual on type juggling.
The number of built-in functions is said to be too numerous,
with many functions performing the same actions, but with
just slightly different data, results,
etc. This is said to make it difficult to program in the language without the
frequent consultation of a reference work.
There are over 3,000 functions, sharing the same global namespace.
Most functions are not enabled by default, but become available
when PHP is linked against
the required libraries. To mitigate this, function names are usually prefixed
with their library name.
There is a "magic quotes" feature that inserts backslashes into user
input strings. The feature was introduced to reduce code written by beginners
from being dangerous (such as in SQL injection attacks), but some criticize
it as a frequent cause of improperly displayed text or encouraging beginners
to write PHP which is vulnerable to SQL-injection when used on a system with
it turned off. (Always be sure to check for "magic-quotes": get_magic_quotes_gpc();
and to unset "magic-quotes-runtime": set_magic_quotes_runtime(0);.)
Magic Quotes Runtime defaults to Off. The default Magic Quotes GPC setting
is determined by which of the PHP ini files that you use. It is On by default
in php.ini-dist, and Off in php.ini-recommended. For more information, see
the security section in the Magic Quotes chapter of the PHP manual.
Security
If register_globals is enabled in PHP's configuration file,
PHP automatically puts the values of Post, Get, Cookie and
Session Parameters into standard variables,
which can be a significant security risk for scripts that assume those variables
are undefined. As of version 4.2.0 register_globals defaults to off. For more
information, see the security section in the Using Register Globals chapter
of the PHP manual.
Other languages, such as ASP.NET, include functionality to
detect and clean harmful cross-site scripting or other malicious
code automatically, whereas
PHP does not. See also strip_tags().
In the majority
of cases, Linux and Unix webservers with PHP installed (using
mod_php) typically run PHP scripts as "nobody",
which can make file security in a shared hosting environment
difficult. PHP's Safe Mode can emulate
the security behavior of the OS to partially overcome this problem.
Miscellaneous
Error messages are said to be confusing, although this is a
common criticism levelled at many programming languages. For
further information, see the manual
section on PHP parser tokens. (PHP's error reporting when set to report all
has especially useful tips. The only one that might be confusing to a new programmer
is the one where it expects a semi colon at the end of your page. This is normally
caused by not closing a brace somewhere in your code.)
The many settings in the PHP interpreter's configuration file (php.ini) mean
that code that works with one installation of PHP might not work with another.
For example, if code is written to work with register_globals turned on, it
won't work on another system that has register_globals turned off. This makes
it necessary to write code that is cross-platform compatible by assuming that
register_globals will be off and therefore calling a global variable with its
prefix in front of its name, such as $_POST['variable'], $_SERVER['variable']
and $_COOKIE['variable']—not, simply, $variable. For more information,
see the manual page on using external variables.
Some PHP extensions use libraries that are not threadsafe,
so rendering with Apache 2's Multithreaded MPM (multi-processing
module) may cause crashes.
There is no native support for Unicode or multibyte strings
(mbstring is provided as an extension). This is an improvement
planned for the next major
revision
(5.5 or 6.0).
A library has been developed called WASP or Web Application
Structure for PHP that delivers a three-tier framework
for PHP web applications more
similar to other formal enterprise products like WLS (Web Logic Server)
instead of
PHP's usual script-style, code-hacker-friendly approach.
PHP5 is not fully backward compatible with PHP4.
About
this Tutorial
This tutorial is from The
Wikipedia which is published under the
GNU Free Documentation License.
 Dr. Dobb's Journal enables programmers to write the most efficient and sophisticated programs and help in daily programming quandaries. Dr. Dobb's Journal is the essential multi-language/multi-platform resource for professional programmers and software developers. You'll read about algorithms, coding tips, working code, discussions of fundamental design issues and actual program listings guaranteed to make you a better programmer.
.
Subscribe Free!
|
|
