PHP

Paradigm	imperative, object-oriented
Appeared in	1995
Designed by	Rasmus Lerdorf
Developer	The PHP Group
Latest release	5.2.6/ 2008-05-01; 144 days ago
Latest unstable release	5.3.0-dev and 6.0-dev[1]
Typing discipline	Dynamic, weak
Major implementations	Roadsend PHP, Phalanger, Quercus, Project Zero
Influenced by	C, Perl, Java, C++, C#, Python
Influenced	Php4delphi
OS	Cross-platform
License	PHP License
Website	http://php.net/

PHP is a computer scripting language. Originally designed for producing dynamic web pages, it has evolved to include a command line interface capability and can be used in standalone graphical applications.^[2]

While PHP was originally created by Rasmus Lerdorf in 1995, the main implementation of PHP is now produced by The PHP Group and serves as the de facto standard for PHP as there is no formal specification.^[3] Released under the PHP License, the Free Software Foundation considers it to be free software.^[4]

PHP is a widely-used general-purpose scripting language that is especially suited for web development and can be embedded into HTML. It generally runs on a web server, taking PHP code as its input and creating web pages as output. It can be deployed on most web servers and on almost every operating system and platform free of charge.^[5] PHP is installed on more than 20 million websites and 1 million web servers.^[6] The most recent major release of PHP was version 5.2.6 on May 1, 2008.^[7]

History

Rasmus Lerdorf, who wrote the original Common Gateway Interface binaries, and Andi Gutmans and Zeev Suraski, who rewrote the parser that formed PHP 3

PHP originally stood for Personal Home Page.^[8] It began in 1994 as a set of Common Gateway Interface binaries written in the C programming language by the Danish/Greenlandic programmer Rasmus Lerdorf. Lerdorf initially created these Personal Home Page Tools to replace a small set of Perl scripts he had been using to maintain his personal homepage. The tools were used to perform tasks such as displaying his résumé and recording how much traffic his page was receiving.^[3] He combined these binaries with his Form Interpreter to create PHP/FI, which had more functionality. PHP/FI included a larger implementation for the C programming language and could communicate with databases, enabling the building of simple, dynamic web applications. Lerdorf released PHP publicly on June 8, 1995 to accelerate bug location and improve the code.^[9] This release was named PHP version 2 and already had the basic functionality that PHP has today. This included Perl-like variables, form handling, and the ability to embed HTML. The syntax was similar to Perl but was more limited, simpler, and less consistent.^[3]

Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism PHP: Hypertext Preprocessor.^[3] The development team officially released PHP/FI 2 in November 1997 after months of beta testing. Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend Engine in 1999.^[10] They also founded Zend Technologies in Ramat Gan, Israel.^[3]

On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released.^[3] On July 13, 2004, PHP 5 was released, powered by the new Zend Engine II.^[3] PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements.^[11] The most recent update released by The PHP Group is for the older PHP version 4 code branch. As of August, 2008 this branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates be released.^[12][13]

In 2008, PHP 5 became the only stable version under development. Late static binding has been missing from PHP and will be added in version 5.3.^[14][15] PHP 6 is under development alongside PHP 5. Major changes include the removal of register_globals,^[16] magic quotes, and safe mode.^[12][17]

PHP does not have complete native support for Unicode or multibyte strings;^[18] unicode support will be included in PHP 6.^[19] Many high profile open source projects ceased to support PHP 4 in new code as of February 5, 2008, due to the GoPHP5 initiative, provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.^[20][21]

It runs in both 32-bit and 64-bit environments, but on Windows the only official distribution is 32-bit, requiring Windows 32-bit compatibility mode to be enabled while using IIS in a 64-bit Windows environment. There is a third-party distribution^[22] available for 64-bit Windows

Release history

	Meaning
Red	Old release; not supported
Yellow	Old release; still supported
Green	Current release
Blue	Future release

Major Version	Minor Version	Release date	Notes
1.0	1.0.0	1995-06-08	Officially called "Personal Home Page Tools (PHP Tools)". This is the first use of the name "PHP".[3]
2.0	2.0.0	1996-04-16	Considered by its creator as the "fastest and simplest tool" for creating dynamic web pages.[3]
3.0	3.0.0	1998-06-06	Development moves from one person to multiple developers. Zeev Suraski and Andi Gutmans rewrite the base for this version.[3]
4.0	4.0.0	2000-05-22	Added more advanced two-stage parse/execute tag-parsing system called the Zend engine.[23]
	4.1.0	2001-12-10	Introduced 'superglobals' ($_GET, $_POST, $_SESSION, etc.)[23]
	4.2.0	2002-04-22	Disabled register_globals by default. Data received over the network is not inserted directly into the global namespace anymore, closing possible security holes in applications.[23]
	4.3.0	2002-12-27	Introduced the CLI, in addition to the CGI.[23]
	4.4.0	2005-07-11	Added man pages for phpize and php-config scripts.[23]
	4.4.8	2008-01-03	Several security enhancements and bug fixes. Was to be the end of life release for PHP 4. Security updates only until 2008-08-08, if necessary.[24]
	4.4.9	2008-08-07	More security enhancements and bug fixes. The last release of the PHP 4.4 series.[25][26]
5.0	5.0.0	2004-07-13	Zend Engine II with a new object model.[7]
	5.1.0	2005-11-24	Performance improvements with introduction of compiler variables in re-engineered PHP Engine.[7]
	5.2.0	2006-11-02	Enabled the filter extension by default.[7]
	5.2.6	2008-05-01[27]	Several security enhancements and bug fixes[27]
	5.3.0	Mid Oct'08[28]	Namespace support; Improved XML support through use of XMLReader and XMLWriter; SOAP support,[29] Late static bindings, Jump label (limited goto), Closures, Native PHP archives
6.0	6.0.0	No date set	Unicode support; removal of ereg extension, 'register_globals', 'magic_quotes' and 'safe_mode'; Alternative PHP Cache; Removal of mime_magic and rewrite of fileinfo() for better MIME support[30]

Security

The proportion of insecure software written in PHP, out of the total of all common software vulnerabilities, amounted to: 12% in 2003, 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, and 33.8% for the first quarter of 2008. More than a third of these PHP software vulnerabilities are listed recently.^[47] Most of these software vulnerabilities can be exploited remotely, that is without being logged on the computer hosting the vulnerable application. The most common vulnerabilities are caused by not following best practice programming rules and vulnerabilities related to software written in old PHP versions. One very common security concern is register_globals which was disabled by default since 2002 in PHP 4.2 and was removed in PHP6.

There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.^[48] Installing PHP as a CGI binary rather than as an Apache module is the preferred method for added security.^[49

Syntax-highlighted PHP code embedded within HTML