PHP: Difference between revisions
Line 37: | Line 37: | ||
==Syntax== |
==Syntax== |
||
{{wikibookspar|Programming|PHP}} |
{{wikibookspar|Programming|PHP}} |
||
PHP primarily acts as a [[Filter (software)|filter]] which takes a file containing text and special PHP instructions and converts it to another form for display. |
PHP is the first language that primarily acts as a [[Filter (software)|filter]] which takes a file containing text and special PHP instructions and converts it to another form for display. |
||
Here is a [[Hello World]] code example: |
Here is a [[Hello World]] code example: |
Revision as of 18:59, 13 August 2006
PHP | |
Developer(s) | The PHP Group |
---|---|
Stable release | 5.1.4 / May 4, 2006 4.4.3 / August 3, 2006 |
Repository | |
Operating system | Cross-platform |
Type | Scripting language |
License | PHP License 3.01 |
Website | http://www.php.net/ |
PHP (PHP: Hypertext Preprocessor) is an open-source, reflective programming language. Originally designed as a high level scripting language for producing dynamic Web pages, PHP is used mainly in server-side application software.
History
PHP was originally designed as a small set of Perl scripts, followed by a rewritten set of CGI binaries written in the C programming language by the Danish-Canadian programmer Rasmus Lerdorf in 1994 to display his résumé and to collect certain data, such as how much traffic his page was receiving. "Personal Home Page Tools" was publicly released on June 8 1995 after Lerdorf combined it with his own Form Interpreter to create PHP/FI.[1]
Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion - Israel Institute of Technology, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism "PHP: Hypertext Preprocessor". The development team officially released PHP/FI 2 in November 1997 after months of beta testing. Public testing of PHP 3 began immediately and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend engine in 1999.[2] They also founded Zend Technologies in Ramat Gan, Israel, which is actively involved with PHP development.
In May 2000, PHP 4, powered by the Zend Engine 1.0, was released.
On July 13 2004, PHP 5 was released, powered by Zend Engine II. PHP 5 includes new features such as PHP Data Objects and more performance enhancements taking advantage of the new engine.
Usage
PHP is a general usage programming language, but is especially suited for web development. For web development, PHP generally runs on a web server, taking PHP code as its input and creating Web pages as output.
The LAMP architecture has become popular in the Web industry as a way of deploying inexpensive, reliable, scalable, secure web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL. PHP can be used with a large number of relational database management systems, runs on all of the most popular web servers and is available for many different operating systems. This flexibility means that PHP has a wide installation base across the Internet; over 18 million Internet domains are currently hosted on servers with PHP installed.[3]
Examples of popular server-side PHP applications include phpBB, Joomla, Wordpress and MediaWiki, among thousands of others.
When running server-side, the PHP model can be seen as an alternative to Microsoft's ASP.NET system, ColdFusion, Sun Microsystems' JSP, Zope, mod_perl and the Ruby on Rails. PHP offers multiple frameworks, for instance Zend is working on the Zend Framework - an emerging (as of June 2006) set of PHP building blocks and best practices; other PHP frameworks along the same lines include CakePHP and Symfony.
PHP also provides a command line interface, as well as bindings to GUI libraries such as GTK+ and text mode libraries like ncurses in order to facilitate development of a broader range of software. It is increasingly used on the command line for tasks which have traditionally been the domain of Perl or shell scripting.
Syntax
PHP is the first language that primarily acts as a filter which takes a file containing text and special PHP instructions and converts it to another form for display.
Here is a Hello World code example:
<?php echo 'Hello, World!'; ?>
The <?php ?> tags are delimiters which tell PHP to treat anything contained within as PHP code and to act on it.
A slightly less verbose "Hello World" program in PHP is:
<?='Hello, World!'?>
This example relies on PHP's 'short_open_tag' option being set to true. This may cause other problems in certain data — the character sequence <? is used to signify the start of other processing instructions such as the XML <?xml version="1.0" ?> header statement.
PHP ignores any text outside of its delimiter tags. Thus, the examples above are equivalent to the following text (and indeed are converted into this form):
Hello, World!
The primary use of this is to allow PHP statements to be embedded within HTML documents. PHP processes any delimited code in the page initially, thus handing the web server a file which consists entirely of HTML. example:
<?php //statements here ?> regular html here <? //more php statements ?>
Variables are prefixed with a dollar symbol and no type need be specified in advance. Variables are, subject to certain rules, evaluated in a string context.
PHP treats new lines as whitespace, in the manner of a free-form language (except when inside string quotes). Statements are terminated by a semicolon, except in a few special cases.
PHP has three types of comment syntax: it allows multi-line comments using the /* */ construction as in C, and also allows comments which terminate at the end of the line using the // and # characters (as in C++ and Perl respectively).
Data types
PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Portable code should not assume that values outside this range can be represented in an integer variable. Integer variables can be assigned using decimal (positive and negative), octal and hexadecimal notations. Real numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of Scientific notation.
PHP has a native Boolean type, named "boolean", similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values can be interpreted as true and zero as false, as in Perl and C.
The Null data type represents a variable that has no value. The only value in the Null data type is NULL.
Arrays are heterogeneous, meaning a single array can contain objects of more than one type. They can contain any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled.
Variables of type "resource" represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension. Examples include file, image and database resources.
Objects
Basic object-oriented functionality was added in PHP 3; PHP 4 added pass-by-reference and return-by-reference for objects. But these implementations still lacked the powerful and useful features of other object-oriented languages like C++ and Java.
PHP's handling of objects was completely rewritten for PHP 5, allowing for better performance and more features. In previous versions of PHP, objects were handled like primitive types. The drawback of this method was that semantically the whole object was copied when a variable was assigned, or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and abstract methods. It also introduced a standard way of declaring constructors and destructors similar to that of other object-oriented languages, such as C++.
PHP 4 had no exception handling. PHP 5 introduces an exception model similar to that of other programming languages.
The static method and class variable features in Zend Engine 2 do not work the way some expect. There is no virtual table feature in the Engine, so the static variables are bound with a name at compile time instead of with a reference.
If the developer asks to create a copy of an object by using the reserved word clone, the Zend engine will check if a __clone()
method has been defined or not. If not, it will call a default __clone()
which will copy all of the object's properties. If a __clone()
method is defined, then it will be responsible to set the necessary properties in the created object. For convenience, the engine will supply a function that imports all of the properties from the source object, so that they can start with a by-value replica of the source object, and only override properties that need to be changed.
Resources
Libraries
PHP includes a large number of free and open-source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing FTP servers, many database servers, embedded SQL libraries like embedded MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as the printf family are available in the standard PHP build.
PHP extensions exist which, among other features, add support for the Windows API, process management on Unix-like operating systems, cURL, and several popular compression formats. Some of the more unusual features are on-the-fly Adobe Flash generation, integration with Internet relay chat, and generation of dynamic images (where the content of the image can be changed). Some additional extensions are available via the PHP Extension Community Library.
Source code encoders
Encoders offer some source code security and enable proprietary software by hindering source code reverse engineering. PHP scripts are compiled into native byte-code. The downside of this approach is that a special extension has to be installed on the server in order to run encoded scripts.
Support
PHP has a formal development manual that is maintained by the open source community. In addition, answers to most questions can often be found by doing a simple internet search. PHP users assist each other through various media such as chat, forums, newsgroups and PHP developer web sites. In turn, the PHP development team actively participates in such communities, garnering assistance from them in their own development effort (PHP itself) and providing assistance to them as well. There are many help resources available for the novice PHP programmer.
Criticism
Criticisms of PHP include those general criticisms ascribed to other scripting programming languages and dynamically typed languages. Some specific criticisms of PHP include the following:
- PHP does not have native support for Unicode or multibyte strings, making internationalization of PHP software difficult.
- PHP does not enforce the declaration of variables prior to their use, and variables which have not been initialized can have operations (such as concatenation) performed on them; an operation on an uninitialized variable raises an E_NOTICE level error, but this is hidden by default.
- PHP's type checking is so loose as to be occasionally unenforceable. Variables in PHP are not limited to one type. It is possible to assign an integer value to the variable $Q, then assign a string value, and then assign an array to it. This can often lead to difficult-to-debug code. Type checking using the == operator is not strict, necessitating the === operator to ensure a type match. Functions are also not allowed to (directly) force the types of their arguments (PHP 5 improves on this, by adding the ability to force a function argument to be an array or an object of a certain class). Some functions have inconsistent output, with functions intended to return Boolean FALSE also returning non-Boolean values which evaluate to FALSE, such as 0 or "".
- PHP has no namespace support, with all PHP functions sharing the same global namespace.
- The standard function library lacks internal consistency. A significant number of functions perform the same actions, but with slightly different input or results or syntax. There is little internal consistency regarding function argument order. Functions have no standard naming convention, with variant uses of underscores in names, verb/noun ordering and reference to parent libraries.
- PHP contains a "magic quotes" feature which inserts backslashes into user input strings. The feature was introduced to prevent code written by beginners from being dangerous (such as in SQL injection attacks), but some criticize it for frequently causing improperly displayed text or encouraging beginners to write PHP which is vulnerable to injection attacks when used on a system with it turned off. By default, PHP automatically inserts "magic quotes" on POST, GET and COOKIE data by default. It should be noted that the "magic quotes" can easily be removed by using the stripslashes function on POST, GET and COOKIE data, and is disabled by default in newer version of PHP.
- If 'register_globals' is enabled in PHP's configuration file, PHP automatically puts the values of Post, Get, Cookie and Session Parameters into standard variables, which can be a significant security risk for scripts that assume those variables are undefined.[4]
- Many shared web hosts offer PHP support with mod_php, running PHP scripts as the web server user, which can make file security in a shared hosting environment difficult. PHP's "Safe Mode" can emulate the security behavior of the OS to partially overcome this problem and impose restrictions on file handling functions.
- Some PHP extensions use libraries that are not threadsafe, so rendering with Apache 2's Multi-Processing Module or Microsoft's IIS in ISAPI mode may cause crashes.[5]
See also
Footnotes and references
- Sweat, Jason E (2005). Guide to PHP Design Patterns. PHP architect. ISBN 0973589825.
- Alshanetsky, Ilia (2005). Guide to PHP Security. PHP architect. ISBN 0973862106.
- Shiflett, Chris (2005). Essential PHP Security. O'Reilly Media. ISBN 059600656X.
- Ullman, Larry (2003). PHP and MySQL for Dynamic Web Sites (1st Edition ed.). Peachpit Press. ISBN 0321186486.
{{cite book}}
:|edition=
has extra text (help)
- ^ http://groups.google.com/group/comp.infosystems.www.authoring.cgi/msg/cc7d43454d64d133
- ^ a page at www.zend.com states that PHP 3 was powered by Zend Engine 0.5.
- ^ http://www.php.net/usage.php
- ^ "Chapter 29. Using Register Globals". The PHP Group. Retrieved 2006-07-13.
- ^ http://phplens.com/phpeverywhere/fastcgi-php
External links
- PHP website
- PHP Security Consortium — International group of PHP experts dedicated to promoting secure programming practices.
- Zend website - A commercial company who provide various commercial PHP tools, but who also contribute significantly to PHP
- SourceGuardian - A commercial company providing encoding software
- WACT PHP Application Security Wiki — The Web Application Component Toolkit's wiki page on PHP security resources.
- comp.lang.php newsgroup
- PHP in the Open Directory Project
- PHP Manual