Revision as of 08:33, 30 June 2006 editTommyG (talk | contribs)Extended confirmed users3,164 edits No objections on talk page, so removing.← Previous edit | Latest revision as of 08:05, 17 January 2025 edit undo2a03:32c0:7:921a:c20a:5767:d4aa:159a (talk)No edit summaryTags: Mobile edit Mobile web edit | ||
Line 1: | Line 1: | ||
{{Short description|Scripting language created in 1994}} | |||
{{Infobox Software | |||
{{About|the scripting language}} | |||
|name = ] | |||
{{Infobox programming language | |||
|caption = PHP logo | |||
| |
| logo = PHP-logo.svg | ||
| file ext = {{codes|.php|.phar|.phtml|.pht|.phps|d=,}} | |||
|latest_release_version = 5.1.4 / <small>May 4, 2006</small><br /> 4.4.2 | |||
| paradigm = ]: ], ], ], ], ] | |||
|latest_release_date = <small>January 13, 2006</small> | |||
| released = {{start date and age|1995|06|08|df=y}}<ref name="Lerdorf-1995" /><ref name="Lerdorf-2007">{{cite web | last=Lerdorf | first=Rasmus | title=PHP on Hormones – history of PHP presentation by Rasmus Lerdorf given at the MySQL Conference in Santa Clara, California | date=2007-04-26 | publisher=The Conversations Network | url=http://itc.conversationsnetwork.org/shows/detail3298.html | archive-date=2013-07-29 | archive-url=https://web.archive.org/web/20130729204354id_/http://itc.conversationsnetwork.org/shows/detail3298.html | url-status=dead }}</ref> | |||
|operating_system = ] | |||
| |
| designer = ] | ||
| developer = {{URL|https://php.net/credits/|The PHP Development Team}}, ], {{URL|https://thephp.foundation/|PHP Foundation}} | |||
|license = | |||
| latest release version = 8.4.3 | |||
|website = | |||
| latest release date = {{Start date and age|2025|01|17|df=y}}<ref>{{Cite web|title=PHP: PHP 8.4.0 Release Announcement|website=www.php.net|url=https://www.php.net/releases/8.4/index.php }}</ref> | |||
| typing = ], ], ]<ref>{{cite web|url=https://secure.php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict|title=PHP: Function arguments – Manual|website=secure.php.net}}</ref> | |||
| implementations = ], ], ], ], ] | |||
| dialects = | |||
| influenced by = ], ], ], ],<ref>{{cite web | url = https://www.php.net/manual/en/preface.php | title = PHP: Preface – Manual}}</ref> ],<ref name="Lerdorf-2007" /> ]<ref name="Stogov-2015">{{Cite tweet |user=dstogov |number=672864802474229760 |last=Stogov |first=Dmitry |date = 2015-12-04 |title=It's not a secret that some #PHP7 optimization ideas came from HHVM, LuaJIT and V8. Thank you @HipHopVM @SaraMG. #php7thankyou}}</ref> | |||
| influenced = ], ], ], ] | |||
| programming language = ] (primarily; some components ]) | |||
| operating system = ], ], ], ], ], ] | |||
| license = ] (most of Zend engine under ]) for PHP 4 and later versions (only; dual-licensed ] version 2 or any later version and PHP License for PHP versions 3.0 or earlier.<ref>{{cite web |title=PHP: Release Archives (museum) |url=https://museum.php.net/php3/ |website=museum.php.net}}</ref>) | |||
| website = {{Official URL}} | |||
| wikibooks = PHP Programming | |||
}} | }} | ||
{{otheruses|PHP}} | |||
'''PHP''' is an ], ] ]. Originally designed as a high-level tool for producing ], PHP is used mainly in ] ]. | |||
'''PHP''' is a ] ] geared towards ].<ref>{{Cite web|url=https://www.php.net/|title=PHP: Hypertext Preprocessor|website=www.php.net|access-date=2020-02-12}}</ref> It was originally created by ] ] ] in 1993 and released in 1995.<ref name="Krill-2013">{{Cite web |last=Krill |first=Paul |date=2013-11-18 |title=Believe the hype: PHP founder backs Facebook's HipHop technology |url=https://www.infoworld.com/article/2609877/believe-the-hype--php-founder-backs-facebook-s-hiphop-technology.html |access-date=2022-10-13 |website=InfoWorld |language=en}}</ref><ref>{{Cite web |title=Announce: Personal Home Page Tools (PHP Tools) |url=https://groups.google.com/g/comp.infosystems.www.authoring.cgi/c/PyJ25gZ6z7A/m/M9FkTUVDfcwJ?pli=1 |access-date=2022-11-03 |website=groups.google.com}}</ref> The PHP ] is now produced by the PHP Group.<ref name="The PHP Group">{{cite web|access-date=2008-02-25|url=https://www.php.net/history|title=History of PHP and related projects |publisher=The PHP Group}}</ref> PHP was originally an abbreviation of '''''Personal Home Page''''',<ref name="php.net-3">{{cite web |title=History of PHP |url=https://php.net/manual/en/history.php.php |website=php.net}}</ref><ref>{{Cite book |last=Olsson |first=Mikael |url=https://books.google.com/books?id=_ahBAAAAQBAJ |title=PHP Quick Scripting Reference |date=2013-09-04 |publisher=Apress |isbn=978-1-4302-6284-8 |language=en}}</ref> but it now stands for the ] '''''PHP: Hypertext Preprocessor'''''.<ref>, www.php.net.</ref> | |||
==History== | |||
PHP was originally designed as a small set of ] scripts, followed by a rewritten set of ] binaries written in ] by the Danish-Canadian programmer ] in 1994 to display his résumé and to collect certain data, such as how much traffic his page was receiving. "'''P'''ersonal '''H'''ome '''P'''age Tools" was on 8 June 1995 after Lerdorf combined it with his own '''F'''orm '''I'''nterpreter to create PHP/FI. | |||
PHP code is usually processed on a ] by a PHP ] implemented as a ], a ] or a ] (CGI) executable. On a web server, the result of the ] and executed PHP code{{em dash}}which may be any type of data, such as generated ] or ] image data{{em dash}}would form the whole or part of an ] response. Various ]s, web ]s, and ]s exist that can be employed to orchestrate or facilitate the generation of that response. Additionally, PHP can be used for many programming tasks outside the web context, such as standalone ]<ref>{{cite web | url = https://php.net/manual/en/intro-whatcando.php | work = PHP Manual | title = Introduction: What can PHP do? | access-date = 2009-03-05}}</ref> and ] control.<ref>{{Citation|title=helicopter: Port of node-ar-drone which allows user to control a Parrot AR Drone over PHP: jolicode/php-ar-drone|date=2019-01-11|url=https://github.com/jolicode/php-ar-drone|publisher=JoliCode|access-date=2019-02-23}}</ref> PHP code can also be directly executed from the ]. | |||
] and ], two Israeli developers at the ], rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the ] "'''P'''HP: ] ]". The development team officially released PHP/FI 2 in November 1997 after months of ] testing. Public testing of PHP 3 began immediately and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the ] in 1999.<ref> states that PHP 3 was powered by Zend Engine 0.5.</ref> They also founded ] in ], Israel, which has since overseen PHP development. | |||
The standard PHP interpreter, powered by the ], is ] released under the ]. PHP has been widely ported and can be deployed on most web servers on a variety of ]s and ].<ref name="O'Reilly-2001" /> | |||
In May 2000, PHP 4, powered by the Zend Engine 1.0, was released. | |||
The PHP language has evolved without a written ] or standard<!-- until 2014 -->, with the original ] acting as the '']'' standard that other implementations aimed to follow. <!-- PHP standard spec dropped at GitHub, besides would have been on old EOLed version of PHP: Since 2014, work has gone on to create a formal PHP specification.<ref>{{cite web|last1=Jackson|first1=Joab|title=PHP gets a formal specification, at last|url=https://www.computerworld.com/article/2490649/php-gets-a-formal-specification--at-last.html|website=Computerworld|publisher=]|date=2014-07-31}}</ref> --> | |||
On July 13 2004, PHP 5 was released, powered by Zend Engine II. PHP 5 includes new features such as ] and more performance enhancements taking advantage of the new engine. | |||
W3Techs reports that {{as of|2024|10|27|lc=y}} (about two years since <!-- 28 November 2022 --> PHP 7 was discontinued and 11 months after the PHP 8.3 release), PHP 7 is still used by 50.0% of PHP websites, which is outdated and known to be insecure.<ref name="www.php.net">{{Cite web|url=https://www.php.net/eol.php|title=PHP: Unsupported Branches|website=www.php.net}}</ref><ref name="W3Techs – World Wide Web Technology Surveys" /> In addition, the even more outdated (discontinued for 5+ <!-- since 31 December 2018 --> years) and insecure PHP 5 is used by 13.2% and the no longer supported PHP 8.0 is also very popular, so <!-- "Version 8 is used by 27.8% of all the websites. .. Version 8.1 is used by 40.2% of all the websites who use PHP version 8." i.e. 8.1 used by 0.278 * 0.402 = 11% of the websites --> the majority of PHP websites do not use supported versions. | |||
==Usage== | |||
== History == | |||
PHP generally runs on a web server, taking PHP code as its input and creating Web pages as output. | |||
{{multiple image | |||
| align = right | |||
| width = 105 | |||
| image1 = Rasmus Lerdorf cropped.jpg | |||
| image2 = Andi Gutmans 1.jpg | |||
| image3 = Zeev Suraski 2005 cropped.jpg | |||
| footer = ], creator of PHP; and ] and ], creators of the ] | |||
}} | |||
=== Early history === | |||
When running server-side, the PHP model can be seen as an alternative to ] ]/]/] system, ]'s ], ]' ], ], ] and the ] framework. To more directly compete with the "framework" approach taken by these systems, Zend is working on the ] - an emerging (as of June 2006) set of PHP building blocks and best practices. | |||
PHP development began in 1993<ref name="Krill-2013" /> when ] wrote several ] (CGI) programs in ],<ref name="Lerdorf-2012">{{cite web | url = https://twitter.com/rasmus/status/226405807305138176 | title = I wonder why people keep writing that PHP was ever written in Perl. It never was. #php | last = Lerdorf | first = Rasmus | publisher = Twitter | date = 2012-07-20 | access-date = 2014-09-04}}</ref><ref>{{cite web | url = http://itc.conversationsnetwork.org/shows/detail3298.html | title = PHP on Hormones | format = mp3 | last = Lerdorf | first = Rasmus | publisher = The Conversations Network | date = 2007-04-26 | access-date = 2009-06-22 | archive-date = 2019-01-06 | archive-url = https://web.archive.org/web/20190106230504/http://web.archive.org/web/20130729204354id_/http://itc.conversationsnetwork.org/shows/detail3298.html | url-status = dead }}</ref> which he used to maintain his ]. He extended them to work with ]s and to communicate with ]s, and called this implementation "Personal Home Page/Forms Interpreter" or PHP/FI. | |||
An example of the early PHP ]:<ref>{{cite web|last=Lerdorf|first=Rasmus|year=2007|title=Slide 3|url=http://talks.php.net/show/mysql07key/3|access-date=2009-06-22|work=slides for 'PHP on Hormones' talk|publisher=The PHP Group}}</ref> | |||
The ] architecture has become popular in the Web industry as a way of deploying inexpensive, reliable, scalable, secure web applications. PHP is commonly used as the ''P'' in this bundle alongside ], ] and ]. PHP can be used with a large number of ]s, runs on all of the most popular ]s and is available for many different operating systems. This flexibility means that PHP has a wide installation base across the Internet; PHP is one of the most popular programming languages for implementing websites | |||
with over 20 million Internet domains using PHP<ref>http://www.php.net/usage.php</ref>. | |||
<syntaxhighlight lang="html"> | |||
Examples of popular server-side PHP applications include ], ], ] and ]. | |||
<!--include /text/header.html--> | |||
<!--getenv HTTP_USER_AGENT--> | |||
PHP also provides a ], as well as bindings to ] libraries such as ] and text mode libraries like ] in order to facilitate development of a broader range of software. It has seen an increased use on the command line for tasks which has traditionally been the domain of ] or ]. | |||
<!--if substr $exec_result Mozilla--> | |||
Hey, you are using Netscape!<p> | |||
<!--endif--> | |||
<!--sql database select * from table where user='$username'--> | |||
==Syntax== | |||
<!--ifless $numentries 1--> | |||
{{wikibookspar|Programming|PHP}} | |||
Sorry, that record does not exist<p> | |||
<!--endif exit--> | |||
Welcome <!--$user-->!<p> | |||
You have <!--$index:0--> credits left in your account.<p> | |||
<!--include /text/footer.html--> | |||
PHP was originally designed to be used in conjunction with a web server, and acts as a ] which takes a file containing text and special PHP instructions and converts it to another form for display. | |||
</syntaxhighlight> | |||
PHP/FI could be used to build simple, ]s. To accelerate ] reporting and improve the code, Lerdorf initially announced the release of PHP/FI as "Personal Home Page Tools (PHP Tools) version 1.0" on the ] discussion group ''comp.infosystems.www.authoring.cgi'' on 8 June 1995.<ref name="Lerdorf-1995">{{cite web|url= https://groups.google.com/group/comp.infosystems.www.authoring.cgi/msg/cc7d43454d64d133?pli=1 |title=Announce: Personal Home Page Tools (PHP Tools)|last=Lerdorf|first=Rasmus|date=June 8, 1995|access-date=7 June 2011}}</ref><ref>{{cite newsgroup | title = Announce: Personal Home Page Tools (PHP Tools) | author = Lerdorf, Rasmus | date = 1995-06-08 | newsgroup = comp.infosystems.www.authoring.cgi | url = https://groups.google.com/group/comp.infosystems.www.authoring.cgi/msg/cc7d43454d64d133 | access-date = 2006-09-17}}</ref> This release included basic functionality such as ], form handling, and the ability to embed ]. By this point, the ] had changed to resemble that of ], but was simpler, more limited, and less consistent.<ref name="php.net-3" /><ref name="The PHP Group" /> | |||
Here is a ] code example: | |||
Early PHP was never intended to be a new ]; rather, it grew organically, with Lerdorf noting in retrospect: "I don't know how to stop it there was never any intent to write a programming language I have absolutely no idea how to write a programming language I just kept adding the next logical step on the way."<ref name="Rasmus Lerdorf-2003">{{cite web|title = Rasmus Lerdorf, Senior Technical Yahoo: PHP, Behind the Mic|date = 2003-11-19|url =http://itc.conversationsnetwork.org/shows/detail58.html|archive-url = https://web.archive.org/web/20130728125152/http://itc.conversationsnetwork.org/shows/detail58.html|archive-date = 2013-07-28}}</ref> A development team began to form and, after months of work and ] testing, officially released PHP/FI 2 in November 1997.<ref>{{Cite web |last1=Alshetwi |first1=A.B. |last2=Rahmat |first2=R. A. A. O. |last3=Borhan |first3=M. N. |last4=Ismael |first4=S. |last5=Ali |first5=A. |last6=Irtema |first6=H. I. M. |last7=Alfakhria |first7=A. Y. |date=2018 |title=Web-Based Expert System for Optimizing of Traffic Road in Developing Countries |url=https://www.researchgate.net/publication/326727672 |access-date=13 Feb 2024}}</ref> | |||
<?php | |||
echo 'Hello, World!'; | |||
?> | |||
The fact that PHP was not originally designed, but instead was developed organically has led to inconsistent naming of functions and inconsistent ordering of their parameters.<ref>{{cite web|title=Problems with PHP|url=http://toykeeper.net/soapbox/php_problems/|access-date=20 December 2010}}</ref> In some cases, the function names were chosen to match the lower-level libraries which PHP was "wrapping",<ref>{{cite web|url=http://news.php.net/php.internals/70950 |title=php.internals: Re: Function name consistency |website=news.php.net |date=2013-12-28 |access-date=2014-02-09}}</ref> while in some very early versions of PHP the length of the function names was used internally as a ], so names were chosen to improve the distribution of ].<ref name="Rasmus Lerdorf-2013">{{cite newsgroup |title=Re: Flexible function naming |author=] |date=Dec 16, 2013 |newsgroup=php.internals |url=http://news.php.net/php.internals/70691 |access-date=December 26, 2013}}</ref> | |||
The <?php ?> tags are ] which tell PHP to treat anything contained within as PHP code and to act on it. | |||
=== PHP 3 and 4 === | |||
A slightly less verbose "Hello World" program in PHP is: | |||
] ].]] | |||
] and ] rewrote the ] in 1997 and formed the base of PHP 3, changing the language's name to the ] ''PHP: Hypertext Preprocessor''.<ref name="The PHP Group" /><ref>{{cite web|title=PHP{{snd}} Acronym Meaning Vote |url=http://il.php.net/vote_listing.php3 |website=PHP.net |archive-date=August 15, 2000 |url-status=dead |archive-url=https://web.archive.org/web/20000815063125/http://il.php.net/vote_listing.php3}}</ref> Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new ] of PHP's core, producing the ] in 1999.<ref>{{cite web | title = Zend Engine version 2.0: Feature Overview and Design | publisher = ] Technologies Ltd. | url = http://www.zend.com/zend/zend-engine-summary.php | access-date = 2006-09-17 | archive-url = https://web.archive.org/web/20060719204721/http://www.zend.com/zend/zend-engine-summary.php | archive-date = 2006-07-19 | url-status = dead}}</ref> They also founded ] in ], ].<ref name="The PHP Group" /> | |||
On 22 May 2000, PHP 4, powered by the Zend Engine 1.0, was released.<ref name="The PHP Group" /> By August 2008, this branch had reached version 4.4.9. PHP 4 is now no longer under development and nor are any security updates planned to be released.<ref name="The PHP Group-2007a">{{cite web|title=php.net 2007 news archive|url=https://www.php.net/archive/2007.php|publisher=The PHP Group|access-date=2008-02-22|date=2007-07-13}}</ref><ref>{{cite web |access-date=2018-12-16 |url=https://www.internetnews.com/developer/php-4-is-dead%ef%bf%bdlong-live-php-5/|title=PHP 4 is Dead—Long Live PHP 5 |publisher=InternetNews |date=2008-02-01 |last=Kerner |first=Sean Michael |archive-url=https://web.archive.org/web/20180806115411/http://www.internetnews.com/dev-news/article.php/3725291 |archive-date=2018-08-06}}</ref> | |||
<?='Hello, World!'?> | |||
=== PHP 5 === | |||
This example relies on PHP's 'short_open_tag' option being set to true. This may cause other problems in certain data — the character sequence <? is used to signify the start of other processing instructions such as the XML <?xml version="1.0" ?> header statement. | |||
On 1 July 2004, PHP 5 was released, powered by the new Zend Engine II.<ref name="The PHP Group" /> PHP 5 included new features such as improved support for ], the PHP Data Objects (PDO) extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements.<ref>{{cite web|title=Why PHP 5 Rocks!|url=http://www.onlamp.com/pub/a/php/2004/07/15/UpgradePHP5.html|publisher=O'Reilly|access-date=2008-02-22|date=2004-07-15|author=Trachtenberg, Adam|archive-date=2016-03-31|archive-url=https://web.archive.org/web/20160331232050/http://www.onlamp.com/pub/a/php/2004/07/15/UpgradePHP5.html|url-status=dead}}</ref> In 2008, PHP 5 became the only stable version under development. ] had been missing from previous versions of PHP, and was added in version 5.3.<ref>{{cite web|url=http://www.digitalsandwich.com/archives/53-Late-Static-Binding-in-PHP.html|access-date=2008-03-25|title=Late Static Binding in PHP|date=2006-02-23|publisher=Digital Sandwich}}</ref><ref>{{cite web|access-date=2008-03-25|url=https://www.php.net/language.oop5.static|title=Static Keyword|publisher=The PHP Group}}</ref> | |||
Many high-profile open-source projects ceased to support PHP 4 in new code from February 5, 2008, because of the GoPHP5 initiative,<ref name="GoPHP5">{{cite web | url=http://www.gophp5.org/projects|title=GoPHP5 | url-status=dead | archive-url=https://web.archive.org/web/20110717133313/http://gophp5.org/projects | archive-date=2011-07-17}}</ref> provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.<ref name="GoPHP5 Press Release">{{cite web |url=http://gophp5.org/sites/gophp5.org/files/press_release.pdf |title=PHP projects join forces to Go PHP 5 |access-date=2008-02-23 |work=GoPHP5 Press Release | url-status=dead | archive-url=https://web.archive.org/web/20190804012720/http://gophp5.org/sites/gophp5.org/files/press_release.pdf | archive-date=2019-08-04}}</ref><ref>{{cite web|url=http://gophp5.org/|title=GoPHP5|publisher=GoPHP5|access-date=2008-02-22 | url-status=dead | archive-url=https://web.archive.org/web/20110427101913/http://www.gophp5.org/ | archive-date=2011-04-27}}</ref> | |||
PHP ignores any text outside of its delimiter tags. Thus, the examples above are equivalent to the following text (and indeed are converted into this form): | |||
Over time, PHP interpreters became available on most existing ] and ] operating systems, either by building them from the PHP source code or by using pre-built binaries.<ref>{{cite web | |||
Hello, World! | |||
| url = https://www.php.net/manual/en/install.php | |||
| title = PHP Installation and Configuration | |||
| access-date = 2013-10-29 | |||
| website = php.net | |||
}}</ref> For PHP versions 5.3 and 5.4, the only available ] binary distributions were 32-bit ] builds,<ref>{{cite web | |||
| url = https://windows.php.net/download/#php-5.3 | |||
| title = PHP for Windows: Binaries and sources releases (5.3) | |||
| access-date = 2013-10-29 | |||
| website = php.net | |||
}}</ref><ref>{{cite web | |||
| url = https://windows.php.net/download/#php-5.4 | |||
| title = PHP for Windows: Binaries and sources releases (5.4) | |||
| access-date = 2013-10-29 | |||
| website = php.net | |||
}}</ref> requiring Windows 32-bit compatibility mode while using ] (IIS) on a 64-bit Windows platform. PHP version 5.5 made the 64-bit ] builds available for Microsoft Windows.<ref>{{cite web | |||
| url = https://windows.php.net/download/#php-5.5 | |||
| title = PHP for Windows: Binaries and sources releases (5.5) | |||
| access-date = 2013-10-29 | |||
| website = php.net | |||
}}</ref> | |||
Official security support for PHP 5.6 ended on 31 December 2018.<ref>{{Cite web | url=https://php.net/supported-versions.php |title = PHP: Supported Versions}}</ref> | |||
The primary use of this is to allow PHP statements to be embedded within HTML documents. PHP processes any delimited code in the page initially, thus handing the web server a file which consists entirely of HTML. | |||
=== <span id="PHP6-UNICODE">PHP 6 and Unicode</span> === | |||
Variables are prefixed with a dollar symbol and no ] need be specified in advance. Variables are, subject to certain rules, evaluated in a string context. | |||
PHP received mixed reviews due to lacking native ] support at the core language level.<ref>{{cite web | |||
| url = https://php.net/manual/en/language.types.string.php | |||
| title = Types: Strings (PHP Manual) | |||
| access-date = 2013-09-22 | |||
| website = PHP.net | |||
}}</ref><ref>{{cite web | |||
| url = https://www.php.net/manual/en/language.types.string.php#language.types.string.details | |||
| title = Details of the String Type (PHP Manual) | |||
| access-date = 2021-09-22 | |||
| website = PHP.net | |||
}}</ref> In 2005, a project headed by Andrei Zmievski was initiated to bring native ] support throughout PHP, by embedding the ] (ICU) library, and representing text strings as ] internally.<ref>{{cite mailing list|url=http://marc.info/?l=php-internals&m=112365908921757&w=1|title=PHP Unicode support design document|date=2005-08-10|access-date=2014-02-09|author=Andrei Zmievski}}</ref> Since this would cause major changes both to the internals of the language and to user code, it was planned to release this as version 6.0 of the language, along with other major features then in development.<ref>{{cite web|url=http://news.php.net/php.internals/17668|title=PHP 5.5 or 6.0|access-date=2014-02-09}}</ref> | |||
However, a shortage of developers who understood the necessary changes, and performance problems arising from conversion to and from UTF-16, which is rarely used in a web context, led to delays in the project.<ref>{{cite web|title=The Good, the Bad, and the Ugly: What Happened to Unicode and PHP 6|url=http://www.slideshare.net/andreizm/the-good-the-bad-and-the-ugly-what-happened-to-unicode-and-php-6|access-date=2014-02-09|author=Andrei Zmievski|date=2011-04-22}}</ref> As a result, a PHP 5.3 release was created in 2009, with many non-Unicode features back-ported from PHP 6, notably namespaces. In March 2010, the project in its current form was officially abandoned, and a PHP 5.4 release was prepared to contain most remaining non-Unicode features from PHP 6, such as traits and closure re-binding.<ref>{{cite mailing list|url=http://news.php.net/php.internals/47120|title=PHP 6|access-date=2014-02-07|date=2010-03-11|author=Rasmus Lerdorf}}</ref> Initial hopes were that a new plan would be formed for Unicode integration, but by 2014 none had been adopted.{{Citation needed|date=November 2023}} | |||
PHP treats new lines as ], in the manner of a ] (except when inside string quotes). Statements are terminated by a semicolon, except in a few special cases. | |||
=== PHP 7 === | |||
PHP has three types of comment syntax: it allows multi-line comments using the /* */ construction as in C, and also allows comments which terminate at the end of the line using the // and # characters (as in C++ and Perl respectively). | |||
During 2014 and 2015, a new major PHP version was developed, PHP 7. The numbering of this version involved some debate among internal developers.<ref>{{cite web|url=https://philsturgeon.uk/php/2014/07/23/neverending-muppet-debate-of-php-6-v-php-7/|title=The Neverending Muppet Debate of PHP 6 v PHP 7|access-date=2015-11-19|archive-url=https://web.archive.org/web/20151119132438/https://philsturgeon.uk/php/2014/07/23/neverending-muppet-debate-of-php-6-v-php-7/|archive-date=2015-11-19|url-status=dead}}</ref> While the PHP 6 Unicode experiments had never been released, several articles and book titles referenced the PHP 6 names, which might have caused confusion if a new release were to reuse the name.<ref>{{cite web |title=RFC: Name of Next Release of PHP |url=https://wiki.php.net/rfc/php6 |date=2014-07-07 |access-date=2014-07-15 |website=php.net}}</ref> After a vote, the name PHP 7 was chosen.<ref>{{cite web|title=Re: Name of Next Release of PHP (again) |url=https://www.mail-archive.com/internals@lists.php.net/msg68598.html |date=2014-07-30 |access-date=2014-07-30}}</ref> | |||
The foundation of PHP 7 is a PHP ] that was originally dubbed ''PHP next generation'' (''phpng''). It was authored by Dmitry Stogov, Xinchen Hui and Nikita Popov,<ref>{{cite web|url=http://news.php.net/php.internals/73888|title=phpng: Refactored PHP Engine with Big Performance Improvement|website=news.php.net}}</ref> and aimed to optimize PHP performance by refactoring the Zend Engine while retaining near-complete language compatibility.<ref>{{cite web |url=https://wiki.php.net/rfc/phpng |title=PHP: rfc:phpng |access-date=16 December 2014 |website=php.net}}</ref> By 14 July 2014, ]-based benchmarks, which served as the main benchmark suite for the phpng project, showed an almost 100% increase in performance. Changes from phpng make it easier to improve performance in future versions, as more compact data structures and other changes are seen as better suited for a successful migration to a ] (JIT) compiler.<ref name="php.net-7">{{cite web|url=https://wiki.php.net/phpng |title=PHP: phpng |website=php.net |access-date=2014-07-15}}</ref> Because of the significant changes, the reworked Zend Engine was called ''Zend Engine 3'', succeeding Zend Engine 2 used in PHP 5.<ref name="github.com-2014">{{cite web |url=https://github.com/php/php-src/commit/150dc69d6eee35738f505e925ee664c02060196d |website=github.com |date=2014-12-05 |access-date=2014-12-05 |title=Merge branch 'ZendEngine3'}}</ref> | |||
===Data types=== | |||
Because of the major internal changes in phpng, it must receive a new ] number of PHP, rather than a minor PHP 5 release, according to PHP's release process.<ref name="PHP-2011" /> Major versions of PHP are allowed to break backward-compatibility of code and therefore PHP 7 presented an opportunity for other improvements beyond phpng that require backward-compatibility breaks.{{Citation needed|date=April 2024}} In particular, it involved the following changes: | |||
PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Portable code should not assume that values outside this range can be represented in an integer variable. Integer variables can be assigned using decimal (positive and negative), ] and ] notations. ] are also stored in a platform-specific range. They can be specified using ] notation, or two forms of ]. | |||
* Many fatal or recoverable-level legacy PHP error mechanisms were replaced with modern object-oriented ].<ref name="php.net" /> | |||
* The syntax for variable dereferencing was reworked to be internally more consistent and complete, allowing the use of the operators <code>-></code>, <code></code>, <code>()</code>,<code>{}</code>, and <code>::</code>, with arbitrary meaningful left-side expressions.<ref name="php.net-2014b">{{cite web |url=https://wiki.php.net/rfc/uniform_variable_syntax |title=PHP RFC: Uniform Variable Syntax |date=2014-05-31 |access-date=2014-07-30 |website=php.net}}</ref> | |||
* Support for legacy PHP 4-style constructor methods was deprecated.<ref>{{Cite web|url=https://3v4l.org/udRhX|title=Online PHP editor | output for udRhX|website=3v4l.org}}</ref> | |||
* The behavior of the ] was changed to be more predictable.<ref>{{cite web|url=https://wiki.php.net/rfc/php7_foreach|title=PHP RFC: Fix "foreach" behavior|access-date=2015-05-21|website=php.net}}</ref> | |||
* Constructors for the few classes built-in to PHP which returned null upon failure were changed to throw an exception instead, for consistency.<ref>{{cite web|url=https://wiki.php.net/rfc/internal_constructor_behaviour|title=PHP RFC: Constructor behaviour of internal classes|access-date=2015-05-21|website=php.net}}</ref> | |||
* Several unmaintained or deprecated ]s (SAPIs) and extensions were removed from the PHP core, most notably the legacy <code>mysql</code> extension.<ref>{{cite web|url=https://wiki.php.net/rfc/removal_of_dead_sapis_and_exts|title=PHP RFC: Removal of dead or not yet PHP7 ported SAPIs and extensions|access-date=2015-05-21|website=php.net}}</ref> | |||
* The behavior of the <code>list()</code> operator was changed to remove support for strings.<ref>{{cite web|url=https://wiki.php.net/rfc/fix_list_behavior_inconsistency|title=PHP RFC: Fix list() behavior inconsistency|access-date=2015-05-21|website=php.net}}</ref> | |||
* Support was removed for legacy ASP-style delimiters <code><%</code> and <code>%></code> and <code><script language="php"> ... </script></code>.<ref>{{cite web|url=https://wiki.php.net/rfc/remove_alternative_php_tags|title=PHP RFC: Remove alternative PHP tags|access-date=2015-05-21|website=php.net}}</ref> | |||
* An oversight allowing a ] to have multiple <code>default</code> clauses was fixed.<ref>{{cite web|url=https://wiki.php.net/rfc/switch.default.multiple|title=PHP RFC: Make defining multiple default cases in a switch a syntax error|access-date=2015-05-21|website=php.net}}</ref> | |||
* Support for hexadecimal number support in some implicit conversions from strings to number types was removed.<ref>{{cite web|url=https://wiki.php.net/rfc/remove_hex_support_in_numeric_strings|title=PHP RFC: Remove hex support in numeric strings|access-date=2015-05-21|website=php.net}}</ref> | |||
* The ] and ] operators were changed to behave more consistently across platforms.<ref name="php.net-5" /> | |||
* Conversions between floating-point numbers and integers were changed (e.g. infinity changed to convert to zero) and implemented more consistently across platforms.<ref name="php.net-5">{{cite web|url=https://wiki.php.net/rfc/integer_semantics|title=PHP RFC: Integer Semantics|access-date=2015-05-21|quote=Making NaN and Infinity always become zero when cast to integer means more cross-platform consistency, and is also less surprising than what is currently produces|website=php.net}}</ref><ref>{{cite web|url=https://wiki.php.net/rfc/zpp_fail_on_overflow|title=PHP RFC: ZPP Failure on Overflow|access-date=2015-05-21|website=php.net}}</ref> | |||
PHP 7 also included new language features. Most notably, it introduced return type declarations for functions<ref name="php.net-2015a">{{cite web |url=https://wiki.php.net/rfc/return_types |title=RFC: Return Types |date=2015-01-27 |access-date=2015-01-28 |website=php.net}}</ref> which complement the existing parameter type declarations, and support for the ] types (integer, float, string, and boolean) in parameter and return type declarations.<ref name="php.net-2015b">{{cite web|url=https://wiki.php.net/rfc/scalar_type_hints_v5|title=RFC: Scalar Type Declarations |date=2015-03-16 |access-date=2015-03-17 |website=php.net}}</ref> | |||
PHP has a native ] type, named "boolean", similar to the native Boolean types in ] and ]. Using the Boolean type conversion rules, non-zero values can be intepreted as true and zero as false, as in Perl and C. | |||
=== PHP 8 === | |||
The Null data type represents a variable that has no value. The only value in the Null data type is NULL. | |||
PHP 8 was released on 26 November 2020, and is currently the second-most used PHP major version. PHP 8 is a major version and has breaking changes from previous versions.<ref name="Brent">{{cite web |author=Brent |title=What's new in PHP 8 |url=https://stitcher.io/blog/new-in-php-8 |website=Stitcher |access-date=22 September 2020}}</ref><ref name="PHP">{{cite web |title=PHP 8 Released|url=https://www.php.net/releases/8.0/en.php |website=PHP |access-date=27 November 2020}}</ref> New features and notable changes include: | |||
==== Just-in-time compilation ==== | |||
Arrays are heterogeneous, meaning a single array can contain objects of more than one type. They can contain any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in ] with both keys and values, and the two can be intermingled. | |||
] is supported in PHP 8.<ref name="wiki.php.net-2" /> | |||
PHP 8's ] can provide substantial performance improvements for some use cases,<ref name="Brent-2">{{cite web |author=Brent |title=PHP 8: JIT performance in real-life web applications |url=https://stitcher.io/blog/jit-in-real-life-web-applications |website=Stitcher.io |access-date=4 October 2020}}</ref><ref>{{cite web |last1=Rethams |first1=Derick |title=PHP 8: A Quick Look at JIT |url=https://derickrethans.nl/a-quick-look-at-jit.html}}</ref> while (then PHP) developer Nikita Popov stated that the performance improvements for most websites will be less substantial than the upgrade from PHP 5 to PHP 7.<ref name="Popov-2020" /> Substantial improvements are expected more for mathematical-type operations than for common web-development use cases.<ref name="Popov-2020">{{cite web |last1=Popov |first1=Nikita |title="What's new in PHP 8.0?" Nikita Popov |date=13 July 2020 |url=https://www.youtube.com/watch?v=NbBRXwu1Md8 |archive-url=https://ghostarchive.org/varchive/youtube/20211211/NbBRXwu1Md8| archive-date=2021-12-11 |url-status=live|publisher=PHP fwdays |access-date=4 October 2020}}{{cbignore}}</ref> Additionally, the JIT compiler provides the future potential to move some code from C to PHP, due to the performance improvements for some use cases.<ref name="Daniele-2020">{{cite web |last1=Daniele |first1=Carlo |title=What's New in PHP 8 (Features, Improvements, and the JIT Compiler) |url=https://kinsta.com/blog/php-8/ |website=Kinsta |date=25 May 2020 |access-date=24 December 2020}}</ref> | |||
Variables of type "resource" represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension. Examples include file, image and database resources. | |||
==== Addition of the match expression ==== | |||
===Objects=== | |||
{{Main|PHP syntax and semantics#Match expression}} | |||
PHP 8 introduced the {{code|match}} expression.<ref name="Redmond-2020">{{cite web |last1=Redmond |first1=Paul |title=Match Expression is Coming to PHP 8 |url=https://laravel-news.com/match-expression-php-8 |website=Laravel News |date=15 July 2020 |access-date=4 October 2020}}</ref> The match expression is conceptually similar to a {{code|switch}} statement and is more compact for some use cases.<ref name="PHP Watch">{{cite web |title=PHP 8.0: Match Expressions |url=https://php.watch/versions/8.0/match-expression |website=PHP Watch |access-date=4 October 2020}}</ref> Because {{code|match}} is an expression, its result can be assigned to a variable or returned from a function.<ref>{{cite web |last1=Barnes |first1=Eric |title=PHP 8 is now Released! |url=https://laravel-news.com/php-8 |website=Laravel News |date=27 November 2020 |access-date=24 December 2020 |ref=laravel-news-php-8-released}}</ref> | |||
Up until version 3, PHP had no ] features. Basic object functionality was added in version 3. The same semantics were implemented in PHP 4 as well as ] and return-by-reference for objects but the implementation still lacked the powerful and useful features of other object-oriented languages like ] and Java. | |||
==== Type changes and additions ==== | |||
PHP's handling of objects was completely rewritten for PHP 5, allowing for better performance and more features. In previous versions of PHP, objects were handled like ]s. The drawback of this method was that semantically the whole object was copied when a variable was assigned, or passed as a parameter to a method. In the new approach, objects are referenced by ], and not by value. PHP 5 introduced private and protected ]s and methods, along with ] and ]s. It also introduced a standard way of declaring ] and ]s similar to that of other object-oriented languages, such as C++. | |||
PHP 8 introduced union types, a new {{code|static}} return type, and a new {{code|mixed}} type.<ref name="Brent" /> | |||
"Attributes", often referred to as "annotations" in other programming languages, were added in PHP 8, which allow metadata to be added to classes.<ref name="Brent" /> | |||
PHP 4 had no ]. PHP 5 introduces an exception model similar to that of other programming languages. | |||
{{code|throw}} was changed from being a statement to being an expression.<ref name="wiki.php.net-4" /> This allows exceptions to be thrown in places that were not previously possible.<ref name="Brent" /> | |||
It should be noted that the static method and class variable features in Zend Engine 2 do not work the way some expect. There is no ] feature in the Engine, so the ]s are bound with a name at compile time instead of with a reference. | |||
==== Syntax changes and additions ==== | |||
If the developer asks to create a copy of an object by using the reserved word ''clone'', the Zend engine will check if a <code>__clone()</code> method has been defined or not. If not, it will call a default <code>__clone()</code> which will copy all of the object's properties. If a <code>__clone()</code> method is defined, then it will be responsible to set the necessary properties in the created object. For convenience, the engine will supply a function that imports all of the properties from the source object, so that they can start with a by-value ] of the source object, and only override properties that need to be changed. | |||
PHP 8 includes changes to allow alternate, more concise, or more consistent syntaxes in a number of scenarios. For example, the nullsafe operator is similar to the ] {{code|??}}, but used when calling methods.<ref name="wiki.php.net" /> The following code snippet will not throw an error if {{code|getBirthday()}} returns null: | |||
<syntaxhighlight lang="php"> | |||
==Resources== | |||
$human_readable_date = $user->getBirthday()?->diffForHumans(); | |||
===Libraries=== | |||
</syntaxhighlight> | |||
{{main|List of PHP libraries}} | |||
Constructor property promotion has been added as "]," allowing class properties to be set automatically when parameters are passed into a class ].<ref name="Brent" /> This reduces the amount of ] that must be written.<ref>{{cite web |last1=Roose |first1=Brent |title=PHP 8: Constructor property promotion |url=https://stitcher.io/blog/constructor-promotion-in-php-8 |access-date=30 April 2024}}</ref> | |||
PHP includes a large number of free and open-source libraries with the core build. PHP is a fundamentally ]-aware system with modules built in for accessing ] servers, many database servers, embedded SQL libraries like embedded ] and ], ] servers, and others. Many functions familiar to ] programmers such as the <tt>printf</tt> family are available in the standard PHP build. | |||
Other minor changes include support for use of {{code|::class}} on objects, which serves as an alternative for the use of {{code|get_class()}};<ref name="Brent" /> non-capturing catches in try-catch blocks; variable syntax tweaks to resolve inconsistencies; support for named arguments; and support for trailing commas in parameter lists, which adds consistency with support for trailing commas in other contexts, such as in arrays.<ref name="PHP" /> | |||
PHP ]s exist which, among other features, add support for the ], process management on ] ]s, ], and several popular ]. Some of the more unusual features are on-the-fly ] generation, integration with ], and generation of dynamic images (where the content of the image can be changed). Some additional extensions are available via the ]. | |||
==== Standard library changes and additions ==== | |||
===Source code encoders=== | |||
* Weak maps were added in PHP 8. A {{code|WeakMap}} holds references to objects, but these references do not prevent such objects from being ].<ref name="wiki.php.net-3" /> This can provide performance improvements in scenarios where data is being ]; this is of particular relevance for ]s (ORM).<ref name="Brent" /> | |||
Encoders offer some source code security and enable ] by hindering source code ]. PHP scripts are compiled into native ]. The downside of this approach is that a special extension has to be installed on the server in order to run encoded scripts. | |||
* Various adjustments to interfaces, such as adding support for creating {{code|DateTime}} objects from interfaces, and the addition of a {{code|Stringable}} interface that can be used for type hinting.<ref name="Brent" /> | |||
* Various new functions including {{code|lang=php|str_contains()}}, {{code|lang=php|str_starts_with()}}, and {{code|lang=php|str_ends_with()}};<ref name="Merchant-2020">{{cite web |last1=Merchant |first1=Amit |title=These new string functions are coming in PHP 8 |url=https://www.amitmerchant.com/new-string-functions-php8/ |website=Amit Merchant |date=13 June 2020 |access-date=4 October 2020}}</ref> {{code|lang=php|fdiv()}}; {{code|lang=php|get_debug_type()}}; and {{code|lang=php|get_resource_id()}}<ref name="Brent" /> | |||
* Object implementation of {{code|lang=php|token_get_all()}}<ref name="Brent" /> | |||
==== Additional changes ==== | |||
===All-In-One Installers=== | |||
* Type annotations were also added into PHP's C source code itself to allow internal functions and methods to have "complete type information in reflection."<ref>{{cite web |last1=Popov |first1=Nikita |title=Call for participation: Annotating internal function argument and return types |url=https://externals.io/message/106522 |website=Externals |access-date=19 November 2020}}</ref> | |||
As installing Apache and configuring it for php can be a daunting task under any OS, a number of open source projects aiming to create an 'all-in-one' installer for apache with php, mysql (as it is commonly used for portal systems requiring a backend), and possibly an FTP and mail server. A number of packages like this are available, however ] and ] are most commonly used for installing a default configuration of these on Windows. It is to be noted, however, that these packages are by no means secure and are ''not'' recommended for production servers. | |||
* Inheritance with private methods<ref name="Brent" /> | |||
* Abstract methods in traits improvements<ref name="Brent" /> | |||
=== PHP 8.1 === | |||
This is simply due to, as noted in the installation of each and on , none of these installers are endorsed by PHP.net, and the developement team believes that manual installation is best for security. This is a view share by developers of such installers, and the XAMPP control panel (available at http://localhost/xampp after installation) is full of security warnings about running web servers on Windows. As part of the same project as ], ] was designed to give Linux users this ease of installation as well, however due to the complexity of variation between distributions it is recommended configuring apache for php manually under linux. See ]. Those installing Apache manually will also find warnings about Apache being unstable under Windows throughout the installation process. See . | |||
PHP 8.1 was released on November 25, 2021.<ref>{{Cite web|url=https://www.php.net/ChangeLog-8.php#8.1.0 |title=PHP 8 ChangeLog |access-date=2024-01-05 |website=PHP.net}}</ref> It added support for ] (also called "enums"), declaring properties as <code>readonly</code> (which prevents modification of the property after initialization), and array unpacking with string keys. The new ] can be used to indicate that a function does not return.<ref>{{Cite web|title=PHP: PHP 8.1.0 Release Announcement |url=https://www.php.net/releases/8.1/en.php |access-date=2024-01-05 |website=PHP.net}}</ref> | |||
{{citeneeded}} | |||
== |
=== PHP 8.2 === | ||
PHP 8.2 was released on December 8, 2022.<ref>{{Cite web|url=https://www.php.net/ChangeLog-8.php#8.2.0 |title=PHP 8 ChangeLog |access-date=2024-01-05 |website=PHP.net}}</ref> New in this release are <code>readonly</code> classes (whose instance properties are implicitly readonly), ] (DNF) types, and the <code>random</code> extension, which provides a ] with an object-oriented ],<ref>{{Cite web|title=PHP: PHP 8.2.0 Release Announcement |url=https://www.php.net/releases/8.2/en.php |access-date=2024-01-05 |website=PHP.net}}</ref> Sensitive Parameter value redaction, and a ton of other features. | |||
PHP has a formal development manual that is maintained by the open source community. In addition, answers to most questions can often be found by doing a simple internet search. PHP users assist each other through various media such as chat, forums, newsgroups and PHP developer web sites. In turn, the PHP development team actively participates in such communities, garnering assistance from them in their own development effort (PHP itself) and providing assistance to them as well. There are many help resources available for the novice PHP programmer. | |||
== |
=== PHP 8.3 === | ||
PHP 8.3 was released on November 23, 2023. This release introduced readonly array properties, allowing arrays to be declared as immutable after initialization. It also added support for class aliases for built-in PHP classes, new methods for random float generation in the Random extension, and enhanced PHP INI settings with fallback value support. Additionally, the new {{Mono|stream_context_set_options}} function provides improved API for stream manipulation, among other updates and deprecations. | |||
Criticisms of PHP include those general criticisms ascribed to other ]s and ]. Some specific criticisms of PHP include the following: | |||
=== PHP 8.4 === | |||
*PHP does not enforce the declaration of variables prior to their use, and variables which have not been initialized can have operations (such as concatenation) performed on them; an operation on an uninitialized variable raises an E_NOTICE level error, but this is hidden by default. | |||
PHP 8.4 was released on November 21, 2024. | |||
*PHP's type checking is so loose as to be occasionally unenforceable. Variables in PHP are not limited to one type. It is possible to assign an integer value to the variable $Q, then assign a string value, and then assign an array to it. This can often lead to difficult-to-debug code. Type checking using the == operator is not strict, necessitating the === operator to ensure a type match. Functions are also not allowed to (directly) force the types of their arguments (PHP 5 improves on this, by adding the ability to force a function argument to be an array or an object of a certain class). Some functions have inconsistent output, with functions intended to return Boolean FALSE also returning non-Boolean values which evaluate to FALSE, such as 0 or "". | |||
*PHP has no ] support, with all PHP functions share the same global namespace. The standard function library is criticised for its size and lack of internal consistency - There are over 3,000 "built-in" functions in the standard PHP distribution, with many only becoming available when PHP is linked against the required libraries. Many functions perform the same actions, but with slightly different input or results or syntax; there is little internal consistency regarding function argument order; functions have no standard naming convention, with use of underscores in names, verb/noun ordering and reference to parent libraries varying heavily. This is said to make it difficult to program in the language without the frequent consultation of a reference work. | |||
*PHP contains a "magic quotes" feature which inserts backslashes into user input strings. The feature was introduced to prevent code written by beginners from being dangerous (such as in ] attacks), but some criticize it for frequently causing improperly displayed text or encouraging beginners to write PHP which is vulnerable to injection attacks when used on a system with it turned off. (''Obsolete in PHP6'') | |||
*If 'register_globals' is enabled in PHP's configuration file, PHP automatically puts the values of ], ], ] and ] ] into standard variables, which can be a significant security risk for scripts that assume those variables are undefined. Other languages, such as ], include functionality to detect and clean harmful ] or other malicious code automatically, whereas PHP does not. (''Obsolete in PHP6'') | |||
*In the majority of cases, ] webservers with PHP installed (using mod_php) typically run PHP scripts as "nobody", which can make file security in a shared hosting environment difficult. PHP's "Safe Mode" can emulate the security behavior of the OS to partially overcome this problem, but this is considered as an imperfect solution. | |||
*Some PHP extensions use libraries that are not ], so rendering with ]'s ] MPM (multi-processing module) may cause crashes. | |||
*PHP does not have native support for ] or multibyte strings (''Obsolete in PHP6''). | |||
=== Release history === | |||
==See also== | |||
<!-- Template:Version – for version & release history. Documentation and examples: ] --> | |||
{{portalpar|Free software}} | |||
{{sticky header}} | |||
* ] | |||
{{mw-datatable}} | |||
* ] | |||
{| class="wikitable mw-datatable mw-collapsible sticky-header" | |||
|- | |||
! Version | |||
! style="min-width: 10em;" | Release date | |||
! style="min-width: 10em;" | Supported until<ref name="php.net-2">{{cite web|url=https://php.net/eol.php |title=Unsupported Branches |website=php.net |access-date=2019-07-31}}</ref> | |||
! Notes | |||
|- | |||
| {{Version |o | 1.0}} | |||
| 8 June 1995 | |||
| | |||
| Officially called "Personal Home Page Tools (PHP Tools)". This is the first use of the name "PHP".<ref name="The PHP Group" /> | |||
|- | |||
| {{Version |o | 2.0}} | |||
| 1 November 1997 | |||
| | |||
| Officially called "PHP/FI 2.0". This is the first release that could actually be characterised as PHP, being a standalone language with many features that have endured to the present day. | |||
|- | |||
| {{Version |o | 3.0}} | |||
| 6 June 1998 | |||
| 20 October 2000<ref name="php.net-2" /> | |||
| Development moves from one person to multiple developers. Zeev Suraski and Andi Gutmans rewritten the base for this version.<ref name="The PHP Group" /> | |||
|- | |||
| {{Version |o | 4.0}} | |||
| 22 May 2000<ref>{{cite web |title=PHP 4.0.0 Released |url=https://news-web.php.net/php.announce/22 |access-date=25 October 2020}}</ref> | |||
| 23 June 2001<ref name="php.net-2" /> | |||
| Added more advanced two-stage parse/execute tag-parsing system called the Zend engine.<ref name="The PHP Group-2008">{{cite web|title=PHP: PHP 4 ChangeLog|url=https://www.php.net/ChangeLog-4.php|publisher=The PHP Group|access-date=2008-02-22|date=2008-01-03}}</ref> | |||
|- | |||
| {{Version |o | 4.1}} | |||
| 10 December 2001<ref>{{cite web |title=PHP 4.1.0 Release Announcement |url=https://www.php.net/releases/4_1_0.php |access-date=25 October 2020}}</ref> | |||
| 12 March 2002<ref name="php.net-2" /> | |||
| Introduced "superglobals" ({{code|lang=php|$_GET}}, {{code|lang=php|code=$_POST}}, {{code|lang=php|code=$_SESSION}}, etc.)<ref name="The PHP Group-2008" /> | |||
|- | |||
| {{Version |o | 4.2}} | |||
| 22 April 2002<ref>{{cite web |title=PHP 4.2.0 Release Announcement |url=https://www.php.net/releases/4_2_0.php |access-date=25 October 2020}}</ref> | |||
| 6 September 2002<ref name="php.net-2" /> | |||
| Disabled <code>register_globals</code> by default. Data received over the network is not inserted directly into the ] namespace anymore, closing possible security holes in applications.<ref name="The PHP Group-2008" /> | |||
|- | |||
| {{Version |o | 4.3}} | |||
| 27 December 2002<ref>{{cite web |title=PHP 4.3.0 Release Announcement |url=https://www.php.net/releases/4_3_0.php |access-date=25 October 2020}}</ref> | |||
| 31 March 2005<ref name="php.net-2" /> | |||
| Introduced the ] (CLI), to supplement the CGI.<ref name="The PHP Group-2008" /><ref name="PHP Manual-2">{{cite web|title= Using PHP from the command line | work = PHP Manual|url=https://php.net/manual/en/features.commandline.php|publisher=The PHP Group|access-date=2009-09-11}}</ref> | |||
|- | |||
| {{Version |o | 4.4}} | |||
| 11 July 2005<ref>{{cite web |title=PHP 4.4.0 Release Announcement |url=https://www.php.net/releases/4_4_0.php |access-date=25 October 2020}}</ref> | |||
| 7 August 2008<ref name="php.net-2" /> | |||
| Fixed a memory corruption bug, which required breaking binary compatibility with extensions compiled against PHP version 4.3.x.<ref>{{cite web|title=PHP 4.4.0 Release Announcement|work=PHP Manual|url=https://php.net/releases/4_4_0.php|publisher=The PHP Group|access-date=2013-11-24}}</ref> | |||
|- | |||
| {{Version |o | 5.0}} | |||
| 13 July 2004<ref>{{cite web |title=PHP 5.0.0 Released! |url=https://news-web.php.net/php.announce/50 |access-date=25 October 2020}}</ref> | |||
| 5 September 2005<ref name="php.net-2" /> | |||
| Zend Engine II with a new object model.<ref name="The PHP Group-2007">{{cite web|title=PHP: PHP 5 ChangeLog|url=https://www.php.net/ChangeLog-5.php|publisher=The PHP Group|access-date=2008-02-22|date=2007-11-08}}</ref> | |||
|- | |||
| {{Version |o | 5.1}} | |||
| 24 November 2005<ref>{{cite web |title=PHP 5.1.0 Release Announcement |url=https://www.php.net/releases/5_1_0.php |access-date=25 October 2020}}</ref> | |||
| 24 August 2006<ref name="php.net-2" /> | |||
| Performance improvements with the introduction of compiler variables in re-engineered PHP Engine.<ref name="The PHP Group-2007" /> Added PHP Data Objects (PDO) as a consistent interface for accessing databases.<ref name="The PHP Group-2011">{{cite web|title=PHP manual: PDO|url=https://php.net/manual/en/intro.pdo.php|publisher=The PHP Group|access-date=2011-11-15|date=2011-11-15}}</ref> | |||
|- | |||
| {{Version |o | 5.2}} | |||
| 2 November 2006<ref>{{cite web |title=PHP 5.2.0 Release Announcement |url=https://www.php.net/releases/5_2_0.php |access-date=25 October 2020}}</ref> | |||
| 6 January 2011<ref name="php.net-2" /> | |||
| Enabled the filter extension by default. Native ] support.<ref name="The PHP Group-2007" /> | |||
|- | |||
| {{Version |o | 5.3}} | |||
| 30 June 2009<ref>{{cite web |title=PHP 5.3.0 Release Announcement |url=https://www.php.net/releases/5_3_0.php |access-date=25 October 2020}}</ref> | |||
| 14 August 2014<ref name="php.net-2" /> | |||
| ] support; ], jump label (limited ]), ]s, ], PHP archives (phar), ] for circular references, improved ] support, sqlite3, mysqlnd as a replacement for libmysql as the underlying library for the extensions that work with ], fileinfo as a replacement for mime_magic for better ] support, the Internationalization extension, and deprecation of ereg extension. | |||
|- | |||
| {{Version |o | 5.4}} | |||
| 1 March 2012<ref>{{cite web |title=PHP 5.4.0 Release Announcement |url=https://www.php.net/releases/5_4_0.php |access-date=25 October 2020}}</ref> | |||
| 3 September 2015<ref name="php.net-2" /> | |||
| ] support, short array syntax support. Removed items: <code>register_globals</code>, <code>safe_mode</code>, <code>allow_call_time_pass_reference</code>, {{code|lang=php|code=session_register()}}, {{code|lang=php|code=session_unregister()}} and {{code|lang=php|code=session_is_registered()}}. Built-in web server.<ref>{{cite web|url=https://php.net/manual/en/features.commandline.webserver.php |title=Built-in web server |access-date=March 26, 2012}}</ref> Several improvements to existing features, performance and reduced memory requirements. | |||
|- | |||
| {{Version |o | 5.5}} | |||
| 20 June 2013<ref>{{cite web |title=PHP 5.5.0 Release Announcement |url=https://www.php.net/releases/5_5_0.php |access-date=25 October 2020}}</ref> | |||
| 10 July 2016<ref name="php.net-8">{{cite web|url=https://php.net/supported-versions.php |title=Supported Versions |website=php.net |access-date=2017-12-13}}</ref> | |||
| Support for ], <code>finally</code> blocks for exceptions handling, OpCache (based on Zend Optimizer+) bundled in official distribution.<ref name="php.net-9">{{cite web|title=PHP 5.5.0 changes|url=https://php.net/manual/en/migration55.new-features.php|access-date=2015-03-03|website=php.net}}</ref> | |||
|- | |||
| {{Version |o | 5.6}} | |||
| 28 August 2014<ref>{{cite web |title=PHP 5.6.0 Release Announcement |url=https://www.php.net/releases/5_6_0.php |access-date=25 October 2020}}</ref> | |||
| 31 December 2018<ref name="php.net-8" /> | |||
| Constant scalar expressions, ]s, argument unpacking, new exponentiation operator, extensions of the <code>use</code> statement for functions and constants, new <code>phpdbg</code> debugger as a SAPI module, and other smaller improvements.<ref name="php.net-10">{{cite web |title=Migrating from PHP 5.5.x to PHP 5.6.x |url=https://www.php.net/manual/en/migration56.new-features.php |access-date=2014-03-24 |website=php.net}}</ref> | |||
|- | |||
| style="background:silver;"| 6.x | |||
| {{n/a|Not released}} | |||
| {{n/a}} | |||
| Abandoned version of PHP that planned to include native Unicode support.<ref>{{cite web|url=https://lwn.net/Articles/379909/|title=Resetting PHP 6|quote=There have been books on the shelves purporting to cover PHP 6 since at least 2008. But, in March 2010, the PHP 6 release is not out{{snd}} in fact, it is not even close to out. Recent events suggest that PHP 6 will not be released before 2011{{snd}} if, indeed, it is released at all.}}</ref><ref>{{cite news|url=http://www.infoworld.com/article/2841561/php/php-7-moves-full-speed-ahead.html|title=PHP 7 moves full speed ahead|newspaper=InfoWorld |quote=Recent versions of PHP have been part of the 5.x release series, but there will be no PHP 6. "We're going to skip 6, because years ago, we had plans for a 6, but those plans were very different from what we're doing now," Gutmans said. Going right to version 7 avoids confusion.|date=2014-10-31 |last1=Krill |first1=Paul }}</ref> | |||
|- | |||
| {{Version |o | 7.0}} | |||
| 3 December 2015<ref name="php.net-2018">{{cite web |url=https://php.net/archive/2018.php#id2018-07-19-2|title=News Archive – 2018: PHP 7.2.9 Released |date=2018-08-16 |access-date=2018-08-16 |website=php.net}}</ref> | |||
| 10 January 2019<ref name="PHP-2011" /> | |||
| Zend Engine 3 (performance improvements<ref name="php.net-7" /> and 64-bit integer support on Windows<ref>{{cite web|url=https://wiki.php.net/rfc/size_t_and_int64_next|title=PHP: rfc:size_t_and_int64_next|website=php.net|access-date=16 December 2014}}</ref>), uniform variable syntax,<ref name="php.net-2014b" /> ]-based compilation process,<ref>{{cite web|url=https://wiki.php.net/rfc/abstract_syntax_tree|title=PHP: rfc:abstract_syntax_tree|website=php.net|access-date=16 December 2014}}</ref> added {{code|lang=php|code=Closure::call()}},<ref>{{cite web|url=https://wiki.php.net/rfc/closure_apply|title=PHP: rfc:closure_apply|website=php.net|access-date=16 December 2014}}</ref> bitwise shift consistency across platforms,<ref>{{cite web|url=https://wiki.php.net/rfc/integer_semantics|title=PHP: rfc:integer_semantics|website=php.net|access-date=16 December 2014}}</ref> {{code|lang=php|code=??}} (]) operator,<ref>{{cite web|url=https://wiki.php.net/rfc/isset_ternary|title=PHP: rfc:isset_ternary|website=php.net|access-date=16 December 2014}}</ref> ] code point ],<ref>{{cite web|url=https://wiki.php.net/rfc/unicode_escape|title=RFC: Unicode Codepoint Escape Syntax|date=2014-11-24|access-date=2014-12-19}}</ref> return type declarations,<ref name="php.net-2015a" /> scalar type (integer, float, string and boolean) declarations,<ref name="php.net-2015b" /> <code><=></code> "spaceship" ] operator,<ref>{{cite web|url=https://wiki.php.net/rfc/combined-comparison-operator|title=Combined Comparison (Spaceship) Operator|website=php.net|access-date=2015-05-21}}</ref> ] delegation,<ref>{{cite web|url=https://wiki.php.net/rfc/generator-delegation|title=PHP RFC: Generator Delegation|access-date=2015-05-21|website=php.net}}</ref> ]es,<ref>{{cite web|url=https://wiki.php.net/rfc/anonymous_classes|title=PHP RFC: Anonymous Classes|access-date=2015-05-21|website=php.net}}</ref> simpler and more consistently available ] API,<ref>{{cite web|url=https://wiki.php.net/rfc/easy_userland_csprng|title=PHP RFC: Easy User-land CSPRNG|access-date=2015-05-21|website=php.net}}</ref> replacement of many remaining internal PHP "errors" with the more modern ],<ref name="php.net">{{cite web|url=https://wiki.php.net/rfc/engine_exceptions_for_php7|title=PHP RFC: Exceptions in the engine (for PHP 7)|access-date=2015-05-21|website=php.net}}</ref> and shorthand syntax for importing multiple items from a namespace.<ref>{{cite web|url=https://wiki.php.net/rfc/group_use_declarations|title=PHP RFC: Group Use Declarations|access-date=2015-05-21|website=php.net}}</ref> | |||
|- | |||
| {{Version |o | 7.1}} | |||
| 1 December 2016 | |||
| 1 December 2019<ref name="php.net-8" /> | |||
| {{code|lang=php|iterable}} type,<ref>{{cite web|url=https://wiki.php.net/rfc/iterable|title=PHP: rfc:iterable|website=php.net|date=2016-06-10|access-date=2023-06-30}}</ref> nullable types,<ref>{{cite web|url=https://wiki.php.net/rfc/nullable_types|title=PHP: rfc:nullable_types|website=php.net|date=2014-04-10|access-date=2023-06-30}}</ref> ],<ref>{{cite web|url=http://wiki.php.net/rfc/void_return_type|title=PHP: rfc:void_return_type|website=php.net|date=2015-11-09|access-date=2015-11-14}}</ref> class constant ],<ref>{{cite web|url=https://wiki.php.net/rfc/class_const_visibility|title=PHP: rfc:class_constant_visibility|website=php.net|date=2015-10-27|access-date=2015-12-08}}</ref> short list syntax,<ref>{{cite web|url=https://wiki.php.net/rfc/short_list_syntax|title=PHP: rfc:short_list_syntax|website=php.net|date=2016-04-07|access-date=2023-06-30}}</ref> multi-catch<ref>{{cite web|url=https://wiki.php.net/rfc/multiple-catch|title=PHP: rfc:multiple-catch|website=php.net|date=2016-03-06|access-date=2023-06-30}}</ref> | |||
|- | |||
| {{Version |o | 7.2}} | |||
| 30 November 2017 | |||
| 30 November 2020<ref name="php.net-8" /> | |||
| Object parameter and return type declaration,<ref>{{cite web|url=https://wiki.php.net/rfc/object-typehint|title=PHP: rfc:object-typehint|website=wiki.php.net}}</ref> libsodium extension,<ref>{{cite web|url=https://wiki.php.net/rfc/libsodium|title=PHP: rfc:libsodium|website=wiki.php.net}}</ref> abstract method overriding,<ref>{{cite web|url=https://wiki.php.net/rfc/allow-abstract-function-override|title=PHP: rfc:allow-abstract-function-override|website=wiki.php.net}}</ref> parameter type widening<ref>{{cite web|url=https://wiki.php.net/rfc/parameter-no-type-variance|title=PHP: rfc:parameter-no-type-variance|website=wiki.php.net}}</ref> | |||
|- | |||
| {{Version |o | 7.3}} | |||
| 6 December 2018<ref>{{cite web|url=https://wiki.php.net/todo/php73|title=PHP: todo:php73|website=wiki.php.net}}</ref> | |||
| 6 December 2021 | |||
| Flexible ] and Nowdoc syntax,<ref>{{cite web|url=https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes|title=PHP: rfc:flexible_heredoc_nowdoc_syntaxes|website=wiki.php.net}}</ref> support for reference assignment and array deconstruction with {{code|lang=php|code=list()}},<ref>{{cite web|url=https://wiki.php.net/rfc/list_reference_assignment|title=PHP: rfc:list_reference_assignment|website=wiki.php.net}}</ref> PCRE2 support,<ref>{{cite web|url=https://wiki.php.net/rfc/pcre2-migration|title=PHP: rfc:pcre2-migration|website=wiki.php.net}}</ref> {{code|lang=php|code=hrtime}} function<ref>{{cite web|url=https://php.net/manual/en/function.hrtime.php|title=PHP: hrtime{{snd}} Manual|website=php.net}}</ref> | |||
|- | |||
| {{Version |o | 7.4}} | |||
| 28 November 2019<ref>{{Cite web|url=https://www.php.net/archive/2019.php#2019-11-28-1|title=PHP 7.4.0 Released!|website=php.net|access-date=2019-11-28}}</ref> | |||
| 28 November 2022 | |||
| Typed properties 2.0,<ref>{{Cite web|url=https://wiki.php.net/rfc/typed_properties_v2|title=PHP: rfc:typed_properties_v2|website=wiki.php.net|access-date=2019-04-04}}</ref> preloading,<ref>{{Cite web|url=https://wiki.php.net/rfc/preload|title=PHP: rfc:preload|website=wiki.php.net|access-date=2019-04-04}}</ref> null-coalescing assignment operator,<ref>{{Cite web|url=https://wiki.php.net/rfc/null_coalesce_equal_operator|title=PHP: rfc:null_coalesce_equal_operator|website=wiki.php.net|access-date=2019-04-04}}</ref> improve {{code|lang=php|code=openssl_random_pseudo_bytes}},<ref>{{Cite web|url=https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes|title=PHP: rfc:improve-openssl-random-pseudo-bytes|website=wiki.php.net|access-date=2019-04-04}}</ref> weak references,<ref name="wiki.php.net-3">{{Cite web|url=https://wiki.php.net/rfc/weakrefs|title=PHP: rfc:weakrefs|website=wiki.php.net|access-date=2019-04-05}}</ref> ] (FFI),<ref>{{Cite web|url=https://wiki.php.net/rfc/ffi|title=PHP: rfc:ffi|website=wiki.php.net|access-date=2019-04-05}}</ref> always available hash extension,<ref>{{Cite web|url=https://wiki.php.net/rfc/permanent_hash_ext|title=PHP: rfc:permanent_hash_ext|website=wiki.php.net|access-date=2019-04-05}}</ref> password hash registry,<ref>{{Cite web|url=https://wiki.php.net/rfc/password_registry|title=PHP: rfc:password_registry|website=wiki.php.net|access-date=2019-04-05}}</ref> multibyte string splitting,<ref>{{Cite web|url=https://wiki.php.net/rfc/mb_str_split|title=PHP: rfc:mb_str_split|website=wiki.php.net|access-date=2019-04-05}}</ref> reflection for references,<ref>{{Cite web|url=https://wiki.php.net/rfc/reference_reflection|title=PHP: rfc:reference_reflection|website=wiki.php.net|access-date=2019-04-05}}</ref> unbundle ext/wddx,<ref>{{Cite web|url=https://wiki.php.net/rfc/deprecate-and-remove-ext-wddx|title=PHP: rfc:deprecate-and-remove-ext-wddx|website=wiki.php.net|access-date=2019-04-05}}</ref> new custom object serialization mechanism<ref>{{Cite web|url=https://wiki.php.net/rfc/custom_object_serialization|title=PHP: rfc:custom_object_serialization|website=wiki.php.net|access-date=2019-04-05}}</ref> | |||
|- | |||
| {{Version |o | 8.0}} | |||
| 26 November 2020<ref>{{Cite web|url=https://www.php.net/supported-versions.php|title=PHP: Supported Versions|website=php.net|access-date=2023-11-26}}</ref> | |||
| 26 November 2023 | |||
| ],<ref name="wiki.php.net-2">{{Cite web|url=https://wiki.php.net/rfc/jit|title=PHP: rfc:jit|website=wiki.php.net|access-date=2019-04-05}}</ref> arrays starting with a negative index,<ref>{{Cite web|url=https://wiki.php.net/rfc/negative_array_index|title=PHP: rfc:negative_array_index|website=wiki.php.net|access-date=2019-04-05}}</ref> stricter/saner language semantics (validation for abstract trait methods),<ref>{{cite web |title=PHP RFC: Validation for abstract trait methods |url=https://wiki.php.net/rfc/abstract_trait_method_validation |website=wiki.php.net |access-date=14 August 2020}}</ref> saner string to number comparisons,<ref>{{cite web |title=PHP RFC: Saner string to number comparisons |url=https://wiki.php.net/rfc/string_to_number_comparison |website=wiki.php.net |access-date=14 August 2020}}</ref> saner numeric strings,<ref>{{cite web |title=PHP RFC: Saner numeric strings |url=https://wiki.php.net/rfc/saner-numeric-strings |website=wiki.php.net |access-date=14 August 2020}}</ref> {{code|lang=php|TypeError}} on invalid arithmetic/bitwise operators,<ref>{{cite web |title=PHP RFC: Stricter type checks for arithmetic/bitwise operators |url=https://wiki.php.net/rfc/arithmetic_operator_type_checks |website=wiki.php.net |access-date=14 August 2020}}</ref> reclassification of various engine errors,<ref>{{cite web |title=PHP RFC: Reclassifying engine warnings |url=https://wiki.php.net/rfc/engine_warnings |website=wiki.php.net |access-date=14 August 2020}}</ref> consistent type errors for internal functions,<ref>{{Cite web|url=https://wiki.php.net/rfc/consistent_type_errors|title=PHP: rfc:consistent_type_errors|website=wiki.php.net|access-date=2019-04-05}}</ref> fatal error for incompatible method signatures<ref>{{Cite web|url=https://wiki.php.net/rfc/lsp_errors|title=PHP: rfc:lsp_errors|website=wiki.php.net|access-date=2019-05-26}}</ref>), locale-independent float to string conversion,<ref>{{cite web |title=PHP RFC: Locale-independent float to string cast |url=https://wiki.php.net/rfc/locale_independent_float_to_string |website=wiki.php.net |access-date=14 August 2020}}</ref> variable syntax tweaks,<ref>{{cite web |title=PHP RFC: Variable Syntax Tweaks |url=https://wiki.php.net/rfc/variable_syntax_tweaks|website=wiki.php.net |access-date=14 August 2020}}</ref> attributes,<ref>{{cite web |title=PHP RFC: Attributes V2 |url=https://wiki.php.net/rfc/attributes_v2 |website=wiki.php.net |access-date=14 August 2020}}</ref><ref>{{Cite web|title=PHP RFC: Attribute Amendments|url=https://wiki.php.net/rfc/attribute_amendments |website=wiki.php.net |access-date=14 August 2020}}</ref><ref>{{Cite web|title=PHP RFC: Shorter Attribute Syntax|url=https://wiki.php.net/rfc/shorter_attribute_syntax|access-date=2020-06-20|website=wiki.php.net}}</ref><ref>{{cite web |title=PHP RFC: Shorter Attribute Syntax Change |url=https://wiki.php.net/rfc/shorter_attribute_syntax_change |website=wiki.php.net |access-date=14 August 2020}}</ref> named arguments,<ref>{{cite web |title=PHP RFC: Named Arguments |url=https://wiki.php.net/rfc/named_params |website=wiki.php.net |access-date=14 August 2020}}</ref> match expression,<ref>{{cite web |title=PHP RFC: Match expression v2 |url=https://wiki.php.net/rfc/match_expression_v2 |website=wiki.php.net |access-date=14 August 2020}}</ref> constructor property promotion,<ref>{{cite web |title=PHP RFC: Constructor Property Promotion |url=https://wiki.php.net/rfc/constructor_promotion |website=wiki.php.net |access-date=14 August 2020}}</ref> union types,<ref>{{cite web |title=PHP RFC: Union Types 2.0 |url=https://wiki.php.net/rfc/union_types_v2 |website=wiki.php.net |access-date=14 August 2020}}</ref> {{code|lang=php|mixed}} type,<ref>{{cite web |title=PHP RFC: Mixed Type v2 |url=https://wiki.php.net/rfc/mixed_type_v2 |website=wiki.php.net |access-date=14 August 2020}}</ref> static return type,<ref>{{cite web |title=PHP RFC: Static return type |url=https://wiki.php.net/rfc/static_return_type |website=wiki.php.net |access-date=14 August 2020}}</ref> nullsafe operator,<ref name="wiki.php.net">{{cite web |title=PHP RFC: Nullsafe operator |url=https://wiki.php.net/rfc/nullsafe_operator |website=wiki.php.net |access-date=14 August 2020}}</ref> non-capturing catches,<ref>{{cite web |title=PHP RFC: non-capturing catches |url=https://wiki.php.net/rfc/non-capturing_catches |website=wiki.php.net |access-date=14 August 2020}}</ref> {{code|lang=php|throw}} expression,<ref name="wiki.php.net-4">{{cite web |title=PHP RFC: throw expression |url=https://wiki.php.net/rfc/throw_expression |website=wiki.php.net |access-date=14 August 2020}}</ref> JSON extension is always available.<ref name="Andre">{{cite web |last1=Andre |first1=Tyson |title=PHP RFC: Always available JSON extension |url=https://wiki.php.net/rfc/always_enable_json |website=PHP |access-date=25 October 2020}}</ref> | |||
|- | |||
| {{Version |co | 8.1}} | |||
| 25 November 2021<ref>{{Cite web |title=PHP: todo:php81 |url=https://wiki.php.net/todo/php81 |access-date=2022-06-16 |website=wiki.php.net}}</ref> | |||
| 31 December 2025 | |||
| Explicit octal integer literal notation,<ref>{{Cite web|url=https://wiki.php.net/rfc/explicit_octal_notation|title=PHP RFC: Explicit octal integer literal notation|website=wiki.php.net|access-date=2020-11-25}}</ref> enumerations,<ref>{{Cite web|url=https://wiki.php.net/rfc/enumerations|title=PHP RFC: Enumerations|website=wiki.php.net|access-date=2021-03-25}}</ref> read-only properties,<ref>{{Cite web|title=PHP: rfc:readonly_properties_v2|url=https://wiki.php.net/rfc/readonly_properties_v2|access-date=2021-11-26|website=wiki.php.net}}</ref> first-class callable syntax,<ref>{{Cite web|title=PHP: rfc:first_class_callable_syntax|url=https://wiki.php.net/rfc/first_class_callable_syntax|access-date=2021-11-26|website=wiki.php.net}}</ref> {{code|lang=php|new}} in initializers,<ref>{{Cite web|title=PHP: rfc:new_in_initializers|url=https://wiki.php.net/rfc/new_in_initializers|access-date=2021-11-26|website=wiki.php.net}}</ref> pure intersection types,<ref>{{Cite web|title=PHP: rfc:pure-intersection-types|url=https://wiki.php.net/rfc/pure-intersection-types|access-date=2021-11-26|website=wiki.php.net}}</ref> {{code|lang=php|never}} return type,<ref>{{Cite web|title=PHP: rfc:noreturn_type|url=https://wiki.php.net/rfc/noreturn_type|access-date=2021-11-26|website=wiki.php.net}}</ref> {{code|lang=php|final}} class constraints,<ref>{{Cite web|title=PHP: rfc:final_class_const|url=https://wiki.php.net/rfc/final_class_const|access-date=2021-11-26|website=wiki.php.net}}</ref> fibers<ref>{{Cite web|title=PHP: rfc:fibers|url=https://wiki.php.net/rfc/fibers|access-date=2021-11-26|website=wiki.php.net}}</ref> | |||
|- | |||
| {{Version |co |8.2}} | |||
| 8 December 2022<ref>{{Cite web |title=PHP: todo:php82 |url=https://wiki.php.net/todo/php82 |access-date=2022-06-16 |website=wiki.php.net}}</ref> | |||
| 31 December 2026 | |||
| Readonly classes,<ref>{{Cite web |title=PHP: rfc:readonly_classes |url=https://wiki.php.net/rfc/readonly_classes |access-date=2022-06-16 |website=wiki.php.net}}</ref> {{code|lang=php|code=null}}, {{code|lang=php|code=false}}, and {{code|lang=php|code=true}} as stand-alone types,<ref>{{Cite web |title=PHP: rfc:null-false-standalone-types |url=https://wiki.php.net/rfc/null-false-standalone-types |access-date=2022-06-16 |website=wiki.php.net}}</ref><ref>{{Cite web |title=PHP: rfc:true-type |url=https://wiki.php.net/rfc/true-type |access-date=2022-06-16 |website=wiki.php.net}}</ref> locale-independent case conversion,<ref>{{Cite web |title=PHP: rfc:strtolower-ascii |url=https://wiki.php.net/rfc/strtolower-ascii |access-date=2022-06-16 |website=wiki.php.net}}</ref> disjunctive normal form types,<ref>{{Cite web |title=PHP: rfc:dnf_types |url=https://wiki.php.net/rfc/dnf_types |access-date=2023-02-07 |website=wiki.php.net}}</ref> constants in traits<ref>{{Cite web |title=PHP: rfc:constants_in_traits |url=https://wiki.php.net/rfc/constants_in_traits |access-date=2023-02-07 |website=wiki.php.net}}</ref> | |||
|- | |||
| {{Version |co | 8.3}} | |||
| 23 November 2023<ref>{{Cite web |date=23 November 2023 |title=PHP 8.3.0 Released! |url=https://www.php.net/archive/2023.php#2023-11-23-2 |access-date=24 November 2023 |website=php.net}}</ref> | |||
| 31 December 2027 | |||
| Typed class constants,<ref>{{Cite web |title=PHP: rfc:typed_class_constants |url=https://wiki.php.net/rfc/typed_class_constants |access-date=2023-12-17 |website=wiki.php.net}}</ref> dynamic class constant fetch,<ref>{{Cite web |title=PHP: rfc:dynamic_class_constant_fetch |url=https://wiki.php.net/rfc/dynamic_class_constant_fetch |access-date=2023-12-17 |website=wiki.php.net}}</ref> {{code|lang=php|code=#}} attribute,<ref>{{Cite web |title=PHP: rfc:marking_overriden_methods |url=https://wiki.php.net/rfc/marking_overriden_methods |access-date=2023-12-17 |website=wiki.php.net}}</ref> deep-cloning of read-only properties,<ref>{{Cite web |title=PHP: rfc:readonly_amendments |url=https://wiki.php.net/rfc/readonly_amendments |access-date=2023-12-17 |website=wiki.php.net}}</ref> new {{code|lang=php|code=json_validate}} function,<ref>{{Cite web |title=PHP: rfc:json_validate |url=https://wiki.php.net/rfc/json_validate |access-date=2023-12-17 |website=wiki.php.net}}</ref> randomizer additions,<ref>{{Cite web |title=PHP: rfc:randomizer_additions |url=https://wiki.php.net/rfc/randomizer_additions |access-date=2023-12-17 |website=wiki.php.net}}</ref> the command-line linter supports multiple files | |||
|- | |||
| {{Version |c | 8.4}} | |||
| 21 November 2024<ref>{{Cite web |date=26 March 2024 |title=PHP: todo: php84|url=https://wiki.php.net/todo/php84 |access-date=26 March 2024 |website=php.net}}</ref> | |||
| 31 December 2028 | |||
| Property hooks, asymmetric visibility, an updated DOM API, performance improvements, bug fixes, and general cleanup. | |||
|- | |||
|- class="sortbottom" | |||
| colspan="4" | {{Version |l |show=111101}} | |||
|} | |||
Beginning on 28 June 2011, the PHP Development Team implemented a timeline for the release of new versions of PHP.<ref name="PHP-2011">{{cite web|title=PHP: Release Process|url=https://wiki.php.net/rfc/releaseprocess|access-date=2013-10-06|date=2011-06-20}}</ref> Under this system, at least one release should occur every month. Once per year, a minor release should occur which may include new features. Every minor release should at least be supported for two years with security and bug fixes, followed by at least one year of only security fixes, for a total of a three-year release process for every minor release. No new features, unless small and self-contained, are to be introduced into a minor release during the three-year release process. | |||
== <span id=ELEPHPANT>Mascot</span> == | |||
] | |||
The mascot of the PHP project is the ''elePHPant'', a blue ] with the PHP logo on its side, designed by Vincent Pontier<ref>{{cite web|title=PHP: ElePHPant|url=https://php.net/elephpant.php|date=4 Oct 2014|access-date=4 Oct 2014}}</ref> in 1998.<ref>{{cite web|url=https://wwphp-fb.github.io/faq/community/elephpant/|title=Redirecting…|website=wwphp-fb.github.io}}</ref> "The (PHP) letters were forming the shape of an elephant if viewed in a sideways angle."<ref>{{cite web|url=https://7php.com/elephpant/|title=The PHP Mascot's Birth – Creator Of The elePHPant Vincent Pontier Reveals The True Story!|website=7php.com|date=2014-01-06}}</ref> The elePHPant is sometimes differently coloured when in ] form.<ref>{{Cite web |title=ElePHPant |url=https://docs.php.earth/php/community/elephpant/ |access-date=2024-02-13 |website=PHP.earth |language=en}}</ref> | |||
Many variations of this mascot have been made over the years. Only the elePHPants based on the original design by Vincent Pontier are considered official by the community.<ref>{{Cite web|url=https://www.php.net/elephpant.php|title=PHP: ElePHPant|website=www.php.net}}</ref> These are collectable and some of them are extremely rare.<ref>{{Cite web|url=https://afieldguidetoelephpants.net/|title=A Field Guide to Elephpants|website=afieldguidetoelephpants.net}}</ref> | |||
== Syntax == | |||
{{Main|PHP syntax and semantics}} | |||
] | |||
The following ] is written in PHP code embedded in an ] document: | |||
<syntaxhighlight lang="html+php" highlight="7-9"> | |||
<!DOCTYPE html> | |||
<html> | |||
<head> | |||
<title>PHP "Hello, World!" program</title> | |||
</head> | |||
<body> | |||
<p><?= 'Hello, World!' ?></p> | |||
</body> | |||
</html> | |||
</syntaxhighlight> | |||
However, as no requirement exists for PHP code to be embedded in HTML, the simplest version of ''Hello, World!'' may be written like this, with the closing tag <syntaxhighlight lang="PHP" inline="">?></syntaxhighlight> omitted as preferred in files containing pure PHP code.<ref>{{cite web|url=https://www.php.net/manual/en/language.basic-syntax.phptags.php |title=tags{{snd}} Manual |website=php.net |access-date=2014-02-17}}</ref> | |||
<syntaxhighlight lang="php5"> | |||
<?php echo 'Hello, World!'; | |||
</syntaxhighlight> | |||
The PHP interpreter only executes PHP code within its ]s. Anything outside of its delimiters is not processed by PHP, although the non-PHP text is still subject to ]s described in PHP code. The most common delimiters are <syntaxhighlight lang="PHP" inline=""><?php</syntaxhighlight> to open and <syntaxhighlight lang="PHP" inline="">?></syntaxhighlight> to close PHP sections. The shortened form <syntaxhighlight lang="PHP" inline=""><?</syntaxhighlight> also exists. This short delimiter makes script files less portable since support for them can be disabled in the local PHP configuration and it is therefore discouraged.<ref name="php.net-2008" /><ref name="The PHP Group-3">{{cite web|title=PHP: Basic syntax|url=https://www.php.net/manual/en/language.basic-syntax.php|publisher=The PHP Group|access-date=2008-02-22}}</ref> Conversely, there is no recommendation against the echo short tag <syntaxhighlight lang="PHP" inline=""><?=</syntaxhighlight>.<ref>{{cite web|access-date=2016-01-03|url=https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md|title=Basic Coding Standard|publisher=PHP Framework Interoperability Group}}</ref> Prior to PHP 5.4.0, this short syntax for <syntaxhighlight lang="php" inline="">echo</syntaxhighlight> only works with the <code>short_open_tag</code> configuration setting enabled, while for PHP 5.4.0 and later it is always available.<ref>{{cite web|url=https://www.php.net/echo |title=echo{{snd}} Manual |website=php.net |access-date=2014-02-17}}</ref><ref>{{cite web|url=https://www.php.net/manual/en/ini.core.php#ini.short-open-tag |title=Description of core php.ini directives{{snd}} Manual |website=php.net |date=2002-03-17 |access-date=2014-02-17}}</ref><ref name="php.net-2008">{{cite web |url=http://wiki.php.net/rfc/shortags |title=PHP: rfc:shortags |website=php.net |date=2008-04-03 |access-date=2014-05-08 }}</ref> The purpose of all these delimiters is to separate PHP code from non-PHP content, such as ] code or HTML markup.<ref>{{cite web|access-date=2008-02-25|url=https://www.php.net/manual/en/tutorial.firstpage.php|title=Your first PHP-enabled page |publisher=The PHP Group}}</ref> So the shortest ] written in PHP is: | |||
<syntaxhighlight lang="html+php"> | |||
<?='Hello, World!'; | |||
</syntaxhighlight> | |||
The first form of delimiters, <syntaxhighlight lang="PHP" inline><?php</syntaxhighlight> and <syntaxhighlight lang="PHP" inline>?></syntaxhighlight>, in ] and other ] documents, creates correctly formed XML processing instructions.<ref>{{cite web | url = http://www.w3.org/TR/2008/REC-xml-20081126/#sec-pi | title = Processing Instructions | work = Extensible Markup Language (XML) 1.0 (Fifth Edition) | publisher = W3C | date = 26 November 2008 | last = Bray | first = Tim | access-date = 2009-06-18|display-authors=etal}}</ref> This means that the resulting mixture of PHP code and other markups in the server-side file is itself well-formed XML. | |||
{{Anchor|TYPE-HINTING}} | |||
Variables are ] with a ], and a ] does not need to be specified in advance. PHP 5 introduced ''type declarations'' that allow functions to force their parameters to be objects of a specific class, arrays, interfaces or ]s. However, before PHP 7, type declarations could not be used with scalar types such as integers or strings.<ref name="php.net-2015b" /> | |||
Below is an example of how PHP variables are declared and initialized. | |||
<syntaxhighlight lang="php"> | |||
<?php | |||
$name = 'John'; // variable of string type being declared and initialized | |||
$age = 18; // variable of integer type being declared and initialized | |||
$height = 5.3; // variable of double type being declared and initialized | |||
echo $name . ' is ' . $height . "m tall\n"; // concatenating variables and strings | |||
echo "$name is $age years old."; // interpolating variables to string | |||
?> | |||
</syntaxhighlight> | |||
Unlike function and class names, variable names are case-sensitive. Both double-quoted ("") and ] strings provide the ability to interpolate a variable's value into the string.<ref>{{cite web|access-date=2008-03-16|url=https://www.php.net/manual/en/language.variables.php|title=Variables |publisher=The PHP Group}}</ref> PHP treats ]s as ] in the manner of a ], and statements are terminated by a semicolon.<ref>{{cite web|access-date=2008-03-16|url=https://www.php.net/basic-syntax.instruction-separation|title=Instruction separation |publisher=The PHP Group}}</ref> PHP has three types of ]: <syntaxhighlight lang="PHP" inline>/* */</syntaxhighlight> marks block and inline comments; <syntaxhighlight lang="PHP" inline>//</syntaxhighlight> or <syntaxhighlight lang="PHP" inline>#</syntaxhighlight> are used for one-line comments.<ref>{{cite web|access-date=2008-03-16|url=https://www.php.net/manual/en/language.basic-syntax.comments.php|title=Comments |publisher=The PHP Group}}</ref> The <code>echo</code> statement is one of several facilities PHP provides to output text.{{Citation needed|date=November 2023}} | |||
In terms of keywords and language syntax, PHP is similar to C-style syntax. <syntaxhighlight lang="PHP" inline>if</syntaxhighlight> conditions, <syntaxhighlight lang="PHP" inline>for</syntaxhighlight> and <syntaxhighlight lang="PHP" inline>while</syntaxhighlight> loops and function returns are similar in syntax to languages such as C, C++, C#, Java and Perl.{{Citation needed|date=November 2023}} | |||
=== Data types === | |||
PHP is ]. It stores integers in a platform-dependent range, either as a 32, 64 or 128-bit ] ] equivalent to the ]. Unsigned integers are converted to signed values in certain situations, which is different behaviour to many other programming languages.<ref>{{cite web | url = http://www.mysqlperformanceblog.com/2007/03/27/integers-in-php-running-with-scissors-and-portability/ | title = Integers in PHP, running with scissors, and portability | date = March 27, 2007 | publisher = MySQL Performance Blog | access-date = 2007-03-28}}</ref> Integer variables can be assigned using decimal (positive and negative), ], ], and ] notations.{{Citation needed|date=November 2023}} | |||
]s are also stored in a platform-specific range. They can be specified using floating-point notation, or two forms of ].<ref name="The PHP Group-2">{{cite web|access-date=2008-03-16|url=https://www.php.net/manual/en/language.types.php|title=Types |publisher=The PHP Group}}</ref> PHP has a native ] type that is similar to the native Boolean types in ] and ]. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in ] and C++.<ref name="The PHP Group-2" /> | |||
The null data type represents a variable that has no value; <code>NULL</code> is the only allowed value for this data type.<ref name="The PHP Group-2" /> | |||
Variables of the "resource" type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension; examples include file, image, and database resources.<ref name="The PHP Group-2" /> | |||
Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in ] with both keys and values, and the two can be intermingled.<ref name="The PHP Group-2" /> PHP also supports ], which can be used with single quotes, double quotes, nowdoc or ] syntax.<ref>{{cite web|access-date=2008-03-21|url=https://www.php.net/manual/en/language.types.string.php|title=Strings |publisher=The PHP Group}}</ref> | |||
The '''Standard PHP Library''' (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.<ref>{{cite web | url = https://www.php.net/spl | title = SPL – StandardPHPLibrary | date = March 16, 2009 | website = PHP.net | access-date = 2009-03-16}}</ref> | |||
=== Functions === | |||
PHP defines a large array of functions in the core language and many are also available in various extensions; these functions are well documented online .<ref name="php.net-2014a" /> However, the built-in library has a wide variety of naming conventions and associated inconsistencies, as described under ] above. | |||
Custom functions may be defined by the developer: | |||
<syntaxhighlight lang="php"> | |||
function myAge(int $birthYear): string | |||
{ | |||
// calculate the age by subtracting the birth year from the current year. | |||
$yearsOld = date('Y') - $birthYear; | |||
// return the age in a descriptive string. | |||
return $yearsOld . ($yearsOld == 1 ? ' year' : ' years'); | |||
} | |||
echo 'I am currently ' . myAge(1995) . ' old.'; | |||
</syntaxhighlight> | |||
As of {{CURRENTYEAR}}, the output of the above sample program is "I am currently {{#expr: {{CURRENTYEAR}} - 1995}} years old." | |||
In lieu of ]s, functions in PHP can be referenced by a string containing their name. In this manner, normal PHP functions can be used, for example, as ] or within ]s.<ref name="php.net-2014c" /> User-defined functions may be created at any time without being ].<ref name="php.net-2014a">{{cite web | |||
| url = https://www.php.net/manual/en/functions.user-defined.php | |||
| title = User-defined functions (PHP manual) | |||
| date = 2014-07-04 | access-date = 2014-07-07 | |||
| website = php.net | |||
}}</ref><ref name="php.net-2014c">{{cite web | |||
| url = https://www.php.net/manual/en/functions.variable-functions.php | |||
| title = Variable functions (PHP manual) | |||
| date = 2014-07-04 | access-date = 2014-07-07 | |||
| website = php.net | |||
}}</ref> Functions may be defined inside code blocks, permitting a ] as to whether or not a function should be defined. There is a <code>function_exists</code> function that determines whether a function with a given name has already been defined. Function calls must use parentheses, with the exception of zero-argument class ] functions called with the PHP operator <code>new</code>, in which case parentheses are optional.{{Citation needed|date=November 2023}} | |||
Since PHP 4.0.1 <code>create_function()</code>, a thin wrapper around <code>eval()</code>, allowed normal PHP functions to be created during program execution; it was deprecated in PHP 7.2 and removed in PHP 8.0<ref>{{cite web | |||
| url = https://www.php.net/manual/en/function.create-function.php | |||
| title = create_function() (PHP manual) | |||
| date = 2022-04-06 | access-date = 2022-05-04 | |||
| website = php.net | |||
}}</ref> in favor of syntax for ]s or "]"<ref>{{cite web | |||
| url = https://www.php.net/manual/en/functions.anonymous.php | |||
| title = Anonymous functions (PHP manual) | |||
| date = 2014-07-04 | access-date = 2014-07-07 | |||
| website = php.net | |||
}}</ref> that can capture variables from the surrounding scope, which was added in PHP 5.3. Shorthand arrow syntax was added in PHP 7.4:<ref>{{cite web | |||
| url = https://www.php.net/manual/en/functions.arrow.php | |||
| title = Arrow Functions (PHP manual) | |||
| access-date = 2021-01-25 | |||
| website = php.net | |||
}}</ref> | |||
<syntaxhighlight lang="php"> | |||
function getAdder($x) { | |||
return fn($y) => $x + $y; | |||
} | |||
$adder = getAdder(8); | |||
echo $adder(2); // prints "10" | |||
</syntaxhighlight> | |||
In the example above, <code>getAdder()</code> function creates a closure using passed argument {{code|lang=php|code=$x}}, which takes an additional argument {{code|lang=php|code=$y}}, and returns the created closure to the caller. Such a function is a first-class object, meaning that it can be stored in a variable, passed as a ] to other functions, etc.<ref>{{cite web | |||
| url = http://wiki.php.net/rfc/closures | |||
| title = Request for Comments: Lambda functions and closures | |||
| date = 2008-07-01 | access-date = 2014-07-07 | |||
| author1 = Christian Seiler | author2 = Dmitry Stogov | |||
| website = php.net | |||
}}</ref> | |||
Unusually for a dynamically typed language, PHP supports type declarations on function parameters, which are enforced at runtime. This has been supported for classes and interfaces since PHP 5.0, for arrays since PHP 5.1, for "callables" since PHP 5.4, and scalar (integer, float, string and boolean) types since PHP 7.0.<ref name="php.net-2015b" /> PHP 7.0 also has type declarations for function return types, expressed by placing the type name after the list of parameters, preceded by a colon.<ref name="php.net-2015a" /> For example, the <code>getAdder</code> function from the earlier example could be annotated with types like so in PHP 7: | |||
<syntaxhighlight lang="php"> | |||
function getAdder(int $x): Closure | |||
{ | |||
return fn(int $y): int => $x + $y; | |||
} | |||
$adder = getAdder(8); | |||
echo $adder(2); // prints "10" | |||
echo $adder(null); // throws an exception because an incorrect type was passed | |||
$adder = getAdder(); // would also throw an exception | |||
</syntaxhighlight> | |||
By default, scalar type declarations follow weak typing principles. So, for example, if a parameter's type is <code>int</code>, PHP would allow not only integers, but also convertible numeric strings, floats or Booleans to be passed to that function, and would convert them.<ref name="php.net-2015b" /> However, PHP 7 has a "strict typing" mode which, when used, disallows such conversions for function calls and returns within a file.<ref name="php.net-2015b" /> | |||
=== PHP objects === | |||
Basic ] functionality was added in PHP 3 and improved in PHP 4.<ref name="The PHP Group" /> This allowed for PHP to gain further abstraction, making creative tasks easier for programmers using the language. Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance.<ref name="mjtsai.com" /> In previous versions of PHP, objects were handled like ]s.<ref name="mjtsai.com">{{cite web|access-date=2008-03-16|url=http://mjtsai.com/blog/2004/07/15/php-5-object-references/|title=PHP 5 Object References |website=mjtsai.com}}</ref> The drawback of this method was that code had to make heavy use of PHP's "reference" variables if it wanted to modify an object it was passed rather than creating a copy of it. In the new approach, objects are referenced by ], and not by value.{{Citation needed|date=November 2023}} | |||
PHP 5 introduced private and protected ]s and methods, along with ], ], ]s, and ]s. It also introduced a standard way of declaring ] and ], similar to that of other object-oriented languages such as ], and a standard ] model. Furthermore, PHP 5 added ] and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. ] implementing ArrayAccess can be used with ] syntax and objects implementing ] or ] can be used with the <code>foreach</code> ]. There is no ] feature in the engine, so ]s are bound with a name instead of a reference at compile time.<ref name="The PHP Group-4">{{cite web|access-date=2008-03-16|url=http://www.php.net/zend-engine-2.php|title=Classes and Objects (PHP 5) |publisher=The PHP Group}}</ref> | |||
If the developer creates a copy of an object using the reserved word <code>clone</code>, the Zend engine will check whether a <code>__clone()</code> method has been defined. If not, it will call a default <code>__clone()</code> which will copy the object's properties. If a <code>__clone()</code> method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports the properties of the source object, so the programmer can start with a by-value ] of the source object and only override properties that need to be changed.<ref>{{cite web|access-date=2008-03-16|url=https://www.php.net/language.oop5.cloning|title=Object cloning |publisher=The PHP Group}}</ref> | |||
The ] of PHP properties and methods is defined using the ] <code>public</code>, <code>private</code>, and <code>protected</code>. The default is public, if only ] is used; <code>var</code> is a synonym for <code>public</code>. Items declared <code>public</code> can be accessed everywhere. <code>protected</code> limits access to ]es (and to the class that defines the item). <code>private</code> limits visibility only to the class that defines the item.<ref>{{cite web |url=http://theserverpages.com/php/manual/en/language.oop5.visibility.php |title=Visibility (PHP Manual) |website=theserverpages.com |date=2005-05-19 |access-date=2010-08-26 |archive-date=2010-09-24 |archive-url=https://web.archive.org/web/20100924033414/http://theserverpages.com/php/manual/en/language.oop5.visibility.php |url-status=dead }}</ref> Objects of the same type have access to each other's private and protected members even though they are not the same instance.{{Citation needed|date=November 2023}} | |||
==== Example ==== | |||
The following is a basic example of ] in PHP 8: | |||
<syntaxhighlight lang="php" line> | |||
<?php | |||
abstract class User | |||
{ | |||
protected string $name; | |||
public function __construct(string $name) | |||
{ | |||
// make first letter uppercase and the rest lowercase | |||
$this->name = ucfirst(strtolower($name)); | |||
} | |||
public function greet(): string | |||
{ | |||
return "Hello, my name is " . $this->name; | |||
} | |||
abstract public function job(): string; | |||
} | |||
class Student extends User | |||
{ | |||
public function __construct(string $name, private string $course) | |||
{ | |||
parent::__construct($name); | |||
} | |||
public function job(): string | |||
{ | |||
return "I learn " . $this->course; | |||
} | |||
} | |||
class Teacher extends User | |||
{ | |||
public function __construct(string $name, private array $teachingCourses) | |||
{ | |||
parent::__construct($name); | |||
} | |||
public function job(): string | |||
{ | |||
return "I teach " . implode(", ", $this->teachingCourses); | |||
} | |||
} | |||
$students = [ | |||
new Student("Alice", "Computer Science"), | |||
new Student("Bob", "Computer Science"), | |||
new Student("Charlie", "Business Studies"), | |||
]; | |||
$teachers = [ | |||
new Teacher("Dan", ), | |||
new Teacher("Erin", ), | |||
new Teacher("Frankie", ), | |||
]; | |||
foreach ( as $users) { | |||
echo $users::class . "s:\n"; | |||
array_walk($users, function (User $user) { | |||
echo "{$user->greet()}, {$user->job()}\n"; | |||
}); | |||
} | |||
</syntaxhighlight> | |||
This program outputs the following: | |||
{{samp|Students:<br> | |||
Hello, my name is Alice, I learn Computer Science<br> | |||
Hello, my name is Bob, I learn Computer Science<br> | |||
Hello, my name is Charlie, I learn Business Studies<br> | |||
Teachers:<br> | |||
Hello, my name is Dan, I teach Computer Science, Information Security<br> | |||
Hello, my name is Erin, I teach Computer Science, 3D Graphics Programming<br> | |||
Hello, my name is Frankie, I teach Online Marketing, Business Studies, E-commerce|style=padding: 1em; overflow-x: hidden; word-wrap: break-word;}} | |||
<!-- Note that there are problems with the script in this section. --> | |||
== Implementations == | |||
The only complete PHP implementation is the original, known simply as PHP. It is the most widely used and is powered by the ]. To disambiguate it from other implementations, it is sometimes unofficially called "Zend PHP". The Zend Engine ] PHP ] on-the-fly into an internal format that it can execute, thus it works as an ].<ref>{{cite web|access-date=2009-11-04|url=http://www.linux-tutorial.info/modules.php?name=Howto&pagename=Unix-and-Internet-Fundamentals-HOWTO/languages.html|title=How do computer languages work?|archive-date=2011-07-16|archive-url=https://web.archive.org/web/20110716214917/http://www.linux-tutorial.info/modules.php?name=Howto&pagename=Unix-and-Internet-Fundamentals-HOWTO/languages.html|url-status=dead}}</ref><ref>{{cite book |title=Beginning PHP and MySQL 5: From Novice to Professional |author=Gilmore, W. Jason |page= |date=2006-01-23 |publisher=Apress |isbn=1-59059-552-1 |url=https://archive.org/details/beginningphpmysq0000gilm/page/43 }}</ref> It is also the "reference implementation" of PHP, as PHP has no formal specification, and so the semantics of Zend PHP define the semantics of PHP. Due to the complex and nuanced semantics of PHP, defined by how Zend works, it is difficult for competing implementations to offer complete compatibility.{{Citation needed|date=November 2023}} | |||
PHP's single-request-per-script-execution model, and the fact that the Zend Engine is an interpreter, leads to inefficiency; as a result, various products have been developed to help improve PHP performance. In order to speed up execution time and not have to compile the PHP source code every time the web page is accessed, PHP scripts can also be deployed in the PHP engine's internal format by using an ] cache, which works by ] the compiled form of a PHP script (opcodes) in ] to avoid the overhead of ] and ] the code every time the script runs. An opcode cache, ], is built into PHP since version 5.5.<ref>{{cite web | |||
| title = Integrating Zend Optimizer+ into the PHP distribution | |||
| url = http://news.php.net/php.internals/66531 | |||
| access-date = 2013-03-08 | |||
| website = news.php.net | |||
}}</ref> Another example of a widely used opcode cache is the ] (APC), which is available as a ] extension.<ref>{{cite web | |||
| url = http://www.php.net/manual/en/book.apc.php | |||
| title = Alternative PHP Cache | |||
| access-date = 2013-09-21 | |||
| website = PHP.net | |||
| archive-date = 2013-11-15 | |||
| archive-url = https://web.archive.org/web/20131115071936/http://php.net/manual/en/book.apc.php | |||
| url-status = dead | |||
}}</ref> | |||
While Zend PHP is still the most popular implementation, several other implementations have been developed. Some of these are ]s or support ], and hence offer performance benefits over Zend PHP at the expense of lacking full PHP compatibility.{{Citation needed|date=November 2023}} Alternative implementations include the following: | |||
* ] (HipHop Virtual Machine) – developed at Facebook and available as open source, it converts PHP code into a high-level bytecode (commonly known as an ]), which is then translated into x86-64 machine code dynamically at runtime by a ] (JIT) compiler, resulting in up to 6× performance improvements.<ref>{{cite web|url=http://www.hhvm.com/blog/2813/we-are-the-98-5-and-the-16 |title=We are the 98.5% (and the 16%) « HipHop Virtual Machine |website=hhvm.com |date=December 2013 |access-date=2014-02-23}}</ref> However, since version 7.2 Zend has outperformed HHVM,<ref>{{Cite web|url=https://kinsta.com/blog/php-benchmarks/|title=The Definitive PHP 5.6, 7.0, 7.1, 7.2 & 7.3 Benchmarks (2019)|date=2019-01-14 |access-date=2019-04-19}}</ref> and HHVM 3.24 is the last version to officially support PHP.<ref>{{Cite web|url=https://www.infoworld.com/article/3226489/web-development/forget-php-facebooks-hhvm-engine-switches-to-hack-instead.html|title=Forget PHP! Facebook's HHVM engine switches to Hack instead|last=Krill|first=Paul|date=2017-09-20|website=InfoWorld |access-date=2019-02-06}}</ref> | |||
** ] – developed at Facebook and available as open source, it transforms the PHP scripts into ] code and then compiles the resulting code, reducing the server load up to 50%. In early 2013, Facebook deprecated it in favour of HHVM due to multiple reasons, including deployment difficulties and lack of support for the whole PHP language, including the <code>create_function()</code> and <code>eval()</code> constructs.<ref>{{cite web|title=Announcement on GitHub removing HPHPc support|website=]|url=https://github.com/facebook/hiphop-php/commit/fc5b95110ff75110ad55bb97f7c93a8c4eb68e3b|access-date=2013-05-24}}</ref> | |||
* ] – a virtual machine designed to run dynamic languages efficiently; the cross-translator Pipp transforms the PHP source code into the ], which is then translated into the Parrot's bytecode and executed by the virtual machine. | |||
* ] – a second-generation compiler to .] ] (CIL) bytecode, built on the ] platform; successor of Phalanger, sharing several architectural components | |||
* ] – compiles PHP into .Net Common Intermediate Language bytecode; predecessor of PeachPie | |||
* ] – compiles PHP into ] | |||
== Licensing == | |||
{{Main|PHP License}} | |||
PHP is ] released under the ], which stipulates that:<ref>{{cite web|url=https://www.php.net/license/3_01.txt |title=The PHP License, version 3.01|access-date=2010-05-20}}</ref> | |||
{{blockquote | |||
| Products derived from this software may not be called "PHP", nor may "PHP" appear in their name, without prior written permission from group@php.net. You may indicate that your software works in conjunction with PHP by saying "] for PHP" instead of calling it "PHP Foo" or "phpfoo". | |||
}} | |||
This restriction on the use of "PHP" makes the PHP License incompatible with the ] (GPL), while the Zend License is incompatible due to an advertising clause similar to that of the original ].<ref>{{cite web | title = GPL-Incompatible, Free Software Licenses | url = https://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses | work = Various Licenses and Comments about Them | publisher = Free Software Foundation|access-date=2011-01-03}}</ref> | |||
== <span id=PDO><span id=ZEPHIR>Development and community</span></span> == | |||
PHP includes various ] in its source distribution or uses them in resulting PHP binary builds. PHP is fundamentally an ]-aware system with built-in modules for accessing ] (FTP) servers and many database servers, including ], ], ] and ] (which is an embedded database), ] servers, and others. Numerous functions are familiar to C programmers, such as those in the ] family, are available in standard PHP builds.<ref>{{cite web|access-date=2015-01-14|url=https://php.net/manual/en/indexes.functions.php|title=PHP: Function and Method listing{{snd}} Manual |publisher=The PHP Group}}</ref> | |||
PHP allows developers to write ] in ] to add functionality to the PHP language. PHP extensions can be compiled statically into PHP or loaded dynamically at runtime. Numerous extensions have been written to add support for the ], process management on ] ]s, multibyte strings (]), ], and several popular ]. Other PHP features made available through extensions include integration with ] (IRC), dynamic generation of images and ] content, ''PHP Data Objects'' (PDO) as an abstraction layer used for accessing databases,<ref>{{cite web|url=http://www.php.net/manual/en/intro.pdo.php |title=Introduction{{snd}} Manual |website=php.net |date=2013-06-07 |access-date=2013-06-13}}</ref><ref>{{cite web|url=http://www.onlamp.com/pub/a/php/2004/08/05/dataobjects.html|title=Simplify Business Logic with PHP DataObjects — O'Reilly Media|author=Darryl Patterson|date=5 August 2004|website=ibm.com|access-date=16 December 2014|archive-date=16 December 2014|archive-url=https://web.archive.org/web/20141216140653/http://www.onlamp.com/pub/a/php/2004/08/05/dataobjects.html|url-status=dead}}</ref><ref>{{cite web|url=http://www-128.ibm.com/developerworks/db2/library/techarticle/dm-0612xia/|title=IBM — United States|access-date=16 December 2014}}</ref><ref>{{cite web|url=http://www-128.ibm.com/developerworks/library/os-php-dbmistake/index.html |title=Five common PHP database problems |website=ibm.com |date=2006-08-01 |access-date=2013-06-13}}</ref><ref>{{cite web|url=http://www.redbooks.ibm.com/abstracts/sg247218.html|title=IBM Redbooks — Developing PHP Applications for IBM Data Servers|website=redbooks.ibm.com|access-date=16 December 2014}}</ref><ref>{{cite web|url=http://www.phparch.com/issue.php?mid=65|title=php Magazine – The Journal for PHP Programmers|website=www.phparch.com}}</ref><ref>{{cite magazine|url=http://www.infoworld.com/article/05/10/19/HNphpshow_1.html|title=PHP catching on at enterprises, vying with Java|last=Krill|first=Paul|date=19 October 2005|magazine=InfoWorld|archive-url=https://web.archive.org/web/20140713004345/http://www.infoworld.com/d/developer-world/php-catching-enterprises-vying-java-708|archive-date=13 July 2014}}</ref> and even ]. Some of the language's core functions, such as those dealing with strings and arrays, are also implemented as extensions.<ref>{{cite web|url=http://lxr.php.net/xref/PHP_5_4/ext/standard/|archive-url=https://web.archive.org/web/20120316010914/http://lxr.php.net/xref/PHP_5_4/ext/standard/|url-status=dead|archive-date=16 March 2012|title=Cross Reference: /PHP_5_4/ext/standard/|website=php.net|access-date=16 December 2014}}</ref> The ] (PECL) project is a repository for extensions to the PHP language.<ref>{{cite web|access-date=2008-02-25|url=http://www.devnewz.com/090902b.html|title=Developing Custom PHP Extensions |website=devnewz.com |date=2002-09-09 |archive-url = https://web.archive.org/web/20080218045752/http://www.devnewz.com/090902b.html |archive-date = 2008-02-18}}</ref> | |||
Some other projects, such as ''Zephir'', provide the ability for PHP extensions to be created in a high-level language and compiled into native PHP extensions. Such an approach, instead of writing PHP extensions directly in C, simplifies the development of extensions and reduces the time required for programming and testing.<ref>{{cite web | |||
| url = https://docs.zephir-lang.com/en/latest/motivation.html | |||
| title = Why Zephir? | |||
| date = 2015-10-20 | access-date = 2015-12-14 | |||
| website = zephir-lang.com | |||
}}</ref> | |||
By December 2018 the PHP Group consisted of ten people: ], ], ], ], ], ], ], ], ], and ].<ref>{{cite web|title=PHP Credits|url=https://php.net/credits|access-date=2018-12-16}}</ref> | |||
] provides a ] based on PHP 8<!-- assumed or still only 7? It's hard to confirm at target page and exploring I at least ocnfirmed some things are updated to 8, or 8.1: https://training.zend.com/learn/courses/271/php-architect Develop asynchronous programming apps using PHP 8.1 fibers --><ref>{{Cite web|title=Learn PHP Via PHP Training and PHP Certification|url=https://www.zend.com/training/php|access-date=2020-11-16|website=www.zend.com}}</ref> exam (and previously based on PHP 7 and 5.5) for programmers to become certified PHP developers. | |||
== The PHP Foundation == | |||
{{Infobox organization | |||
| formation = {{start date and age|2021|11|22}} | |||
| logo = The PHP Foundation Logo.svg | |||
| founder = ], ], Acquia, ], Private Packagist, ], Craft CMS, Tideways, ], ]<ref>{{Cite web |last=Walker |first=James |date=2021-12-13 |title=What the New PHP Foundation Means for PHP's Future |url=https://www.howtogeek.com/devops/what-the-new-php-foundation-means-for-phps-future/ |access-date=2023-11-26 |website=How-To Geek |language=en}}</ref> | |||
| website = https://thephp.foundation | |||
}} | |||
On 26 November 2021, the ] blog announced the creation of The PHP Foundation, which will sponsor the design and development of PHP.<ref>{{Cite web |title=The New Life of PHP – The PHP Foundation {{!}} The PhpStorm Blog |url=https://blog.jetbrains.com/phpstorm/2021/11/the-php-foundation/ |access-date=2022-06-16 |website=The JetBrains Blog |date=22 November 2021 |language=en-US}}</ref> | |||
{| class="wikitable" | |||
!Year | |||
!] | |||
!] | |||
!] | |||
|- | |||
!2022<ref>{{Cite web |title=The PHP Foundation: Impact and Transparency Report 2022 |url=https://thephp.foundation/blog/2022/11/22/transparency-and-impact-report-2022/ |access-date=2023-11-27 |website=thephp.foundation |language=en}}</ref> | |||
|683 | |||
|283 | |||
|8 | |||
|- | |||
!2023<ref>{{Cite web |last=Pronskiy |first=Roman |date=2024-02-26 |title=The PHP Foundation: Impact and Transparency Report 2023 |url=https://thephp.foundation/blog/2024/02/26/transparency-and-impact-report-2023/ |access-date=2024-04-01 |website=The PHP Foundation}}</ref> | |||
|784 | |||
|702 | |||
|17 | |||
|} | |||
The foundation hires "Core Developers" to work on the PHP language's core repository. Roman Pronskiy, a member of the foundation's board, said that they aim to pay "market salaries" to developers.<ref>{{Cite news |last=Anderson |first=Tim |title=PHP Foundation formed to fund core developers |url=https://www.theregister.com/2021/11/23/php_foundation_formed_to_fund/ |access-date=2023-12-05 |website=www.theregister.com |language=en}}</ref> | |||
The response to the foundation has mostly been positive, with the foundation being praised for better supporting the language and helping to stop the decrease in the language's popularity.<ref>{{Cite web |title=Programming languages: This old favourite is gaining popularity again |url=https://www.zdnet.com/article/programming-languages-this-old-favourite-is-gaining-popularity-again/ |access-date=2023-12-05 |website=ZDNET |language=en}}</ref><ref>{{Cite web |title=PHP 8.1 Released With Enums, Read-Only Properties and Fibers |url=https://www.i-programmer.info/news/98-languages/15050-php-81-released.html |access-date=2023-12-05 |website=www.i-programmer.info}}</ref> However, it has also been criticised for adding breaking changes to minor versions of PHP, such as in PHP 8.2 where initialising members of a class out-with the original class scope would cause depreciation errors,<ref>{{Cite web |title=It's time for the PHP Foundation to #StopBreakingPHP |url=https://trongate.io/news/display/TWN4GR/its-time-for-the-php-foundation-to-stopbreakingphp |access-date=2023-11-27 |website=trongate.io}}</ref> these changes impacted a number of open source projects including ]. | |||
<ref>{{Cite web |date=2023-11-16 |title=WordPress 6.4 PHP Compatibility |url=https://make.wordpress.org/hosting/2023/11/16/wordpress-6-4-php-compatibility/ |access-date=2023-11-27 |website=Make WordPress Hosting |language=en-US}}</ref> | |||
Germany's ] provided more than 200,000 Euros to support the PHP Foundation.<ref>{{Cite web |title=PHP |url=https://www.sovereigntechfund.de/tech/php |access-date=2024-05-26 |website=Sovereign Tech Fund |language=en}}</ref> | |||
== <span id=PHPFPM>Installation and configuration</span> == | |||
] | |||
There are two primary ways for adding support for PHP to a web server – as a native web server module, or as a CGI executable. PHP has a direct module interface called ] (SAPI), which is supported by many web servers including ], ] and ]. Some other web servers, such as OmniHTTPd, support the ] (ISAPI), which is ]'s web server module interface. If PHP has no module support for a web server, it can always be used as a ] (CGI) or ] processor; in that case, the web server is configured to use PHP's CGI executable to process all requests to PHP files.<ref name="php.net-4">{{cite web | |||
| url = http://www.php.net/manual/en/install.general.php | |||
| title = General Installation Considerations | |||
| access-date = 2013-09-22 | |||
| website = php.net | |||
}}</ref> | |||
PHP-FPM (FastCGI Process Manager) is an alternative FastCGI implementation for PHP, bundled with the official PHP distribution since version 5.3.3.<ref>{{cite web | |||
| url = http://www.php.net/archive/2010.php#id2010-07-22-2 | |||
| title = News Archive: PHP 5.3.3 Released! | |||
| date = 2010-07-22 | |||
| website = php.net}}</ref> When compared to the older FastCGI implementation, it contains some additional features, mostly useful for heavily loaded web servers.<ref>{{cite web | |||
| url = http://www.php.net/manual/en/install.fpm.php | |||
| title = FastCGI Process Manager (FPM) | |||
| access-date = 2013-09-22 | |||
| website = php.net | |||
}}</ref> | |||
When using PHP for command-line scripting, a PHP ] (CLI) executable is needed. PHP supports a CLI ] (SAPI) since PHP 4.3.0.<ref>{{cite web | |||
| url = http://www.php.net/manual/en/features.commandline.introduction.php | |||
| title = Command line usage: Introduction | |||
| access-date = 2013-09-22 | |||
| website = php.net | |||
}}</ref> The main focus of this SAPI is developing ] applications using PHP. There are quite a few differences between the CLI SAPI and other SAPIs, although they do share many of the same behaviours.<ref>{{cite web | |||
| url = http://www.php.net/manual/en/features.commandline.differences.php | |||
| title = Command line usage: Differences to other SAPIs | |||
| access-date = 2013-09-22 | |||
| website = php.net | |||
}}</ref> | |||
PHP has a direct module interface called SAPI for different web servers;<ref name="php.net-6">{{cite web | |||
|url = https://php.net/manual/en/install.general.php|title = General Installation Considerations|access-date = 2013-09-22|website = php.net}}</ref> in case of PHP 5 and Apache 2.0 on Windows, it is provided in form of a ] file called {{Mono|php5apache2.dll}},<ref>{{cite web|url = https://php.net/manual/en/install.windows.apache2.php|title = PHP: Apache 2.x on Microsoft Windows|access-date = 2013-09-22|website = php.net|url-status = dead|archive-url = https://web.archive.org/web/20130926122011/http://php.net/manual/en/install.windows.apache2.php|archive-date = 2013-09-26}}</ref> which is a module that, among other functions, provides an interface between PHP and the web server, implemented in a form that the server understands. This form is what is known as a SAPI.{{Citation needed|date=November 2023}} | |||
There are different kinds of SAPIs for various web server extensions. For example, in addition to those listed above, other SAPIs for the PHP language include the Common Gateway Interface and command-line interface.<ref name="php.net-6" /><ref>{{cite web | |||
|url = http://www.php.net/manual/en/features.commandline.introduction.php|title = Command line usage: Introduction|access-date = 2013-09-22|website = php.net}}</ref> | |||
PHP can also be used for writing desktop ] (GUI) applications, by using the {{cite web | |||
| url = https://github.com/cztomczak/phpdesktop | |||
| title = PHP Desktop | |||
| website = ] | |||
}} or discontinued ] extension. PHP-GTK is not included in the official PHP distribution,<ref name="php.net-4" /> and as an extension, it can be used only with PHP versions 5.1.0 and newer. The most common way of installing PHP-GTK is by compiling it from the source code.<ref>{{cite web | |||
| url = http://gtk.php.net/manual/en/tutorials.installation.php | |||
| title = Installing PHP-GTK 2 | |||
| access-date = 2013-09-22 | |||
| website = php.net | |||
| archive-date = 2013-12-12 | |||
| archive-url = https://web.archive.org/web/20131212093441/http://gtk.php.net/manual/en/tutorials.installation.php | |||
| url-status = dead | |||
}}</ref> | |||
When PHP is installed and used in ] environments, ]s (SDKs) are provided for using cloud-specific features.{{Citation needed|date=November 2023}} For example: | |||
* ] provides the AWS SDK for PHP<ref>{{cite web|url=http://aws.amazon.com/sdkforphp/ |title=AWS SDK for PHP |website=aws.amazon.com |access-date=2014-03-06}}</ref> | |||
* ] can be used with the Windows Azure SDK for PHP.<ref>{{cite web |url=http://www.interoperabilitybridges.com/projects/php-sdk-for-windows-azure.aspx |title=Windows Azure SDK for PHP — Interoperability Bridges and Labs Center |website=interoperabilitybridges.com |access-date=2014-03-06 |url-status=dead |archive-url=https://web.archive.org/web/20140320152702/http://www.interoperabilitybridges.com/projects/php-sdk-for-windows-azure.aspx |archive-date=2014-03-20 }}</ref> | |||
Numerous configuration options are supported, affecting both core PHP features and extensions.<ref>{{cite web | |||
| url = http://www.php.net/manual/en/configuration.php | |||
| title = Runtime configuration: Table of contents | |||
| access-date = 2013-09-22 | |||
| website = php.net | |||
}}</ref><ref>{{cite web | |||
| url = http://www.php.net/manual/en/ini.list.php | |||
| title = php.ini directives: List of php.ini directives | |||
| access-date = 2013-09-22 | |||
| website = php.net | |||
}}</ref> Configuration file <code>php.ini</code> is searched for in different locations, depending on the way PHP is used.<ref>{{cite web | |||
| url = http://www.php.net/manual/en/configuration.file.php | |||
| title = Runtime configuration: The configuration file | |||
| access-date = 2013-09-22 | |||
| publisher = PHP.net | |||
}}</ref> The configuration file is split into various sections,<ref>{{cite web | |||
| url = http://www.php.net/manual/en/ini.sections.php | |||
| title = php.ini directives: List of php.ini sections | |||
| access-date = 2013-09-22 | |||
| publisher = PHP.net | |||
}}</ref> while some of the configuration options can be also set within the web server configuration.<ref>{{cite web | |||
| url = http://www.php.net/manual/en/configuration.changes.modes.php | |||
| title = Runtime configuration: Where a configuration setting may be set | |||
| access-date = 2013-09-22 | |||
| publisher = PHP.net | |||
}}</ref> | |||
== Use == | |||
] ]] | |||
PHP is a general-purpose scripting language that is especially suited to ] ], in which case PHP generally runs on a ]. Any PHP code in a requested file is ] by the PHP runtime, usually to create ] content or dynamic images used on websites or elsewhere.<ref>{{cite web|url=https://php.net/manual/en/book.image.php |title=PHP Manual Image Processing and GD; |publisher= php.net |access-date=2011-04-09}}</ref> It can also be used for ] scripting and ] ] (GUI) applications. PHP can be deployed on most web servers, many ]s and ], and can be used with many ]s (RDBMS). Most ] providers support PHP for use by their clients. It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.<ref name="O'Reilly-2001">{{cite web|access-date=2008-02-25|url=http://www.onlamp.com/pub/a/php/2001/05/03/php_foundations.html|title=Embedding PHP in HTML|publisher=O'Reilly|date=2001-05-03|archive-date=2008-02-19|archive-url=https://web.archive.org/web/20080219180226/http://www.onlamp.com/pub/a/php/2001/05/03/php_foundations.html|url-status=dead}}</ref> | |||
] (PHP and MySQL)]] | |||
Originally designed to create dynamic ]s, PHP now focuses mainly on ],<ref>{{cite web|url=http://webmaster.iu.edu/PHPlanguage/index.shtml|title=PHP Server-Side Scripting Language|publisher=]|access-date=2008-02-25|date=2007-04-04|archive-url=https://web.archive.org/web/20160121223739/http://webmaster.iu.edu/tools-and-guides/programming-languages/php.phtml|archive-date=2016-01-21}}</ref> and it is similar to other server-side scripting languages that provide dynamic content from a web server to a ], such as ], ]'s ], ]' ],<ref>{{cite web|url=http://java.sun.com/products/jsp/jspservlet.html|title=JavaServer Pages Technology — JavaServer Pages Comparing Methods for Server-Side Dynamic Content White Paper|publisher=Sun Microsystems|access-date=2008-02-25}}</ref> and <code>]</code><!-- do not remove the underscore from mod_perl: it is part of the name -->. PHP has also attracted the development of many ]s that provide building blocks and a design structure to promote ] (RAD).{{Citation needed|date=November 2023}} Some of these include ], ], ], ], ], ], ] and ], offering features similar to other ]s. | |||
The ] has become popular in the web industry as a way of deploying web applications.<ref>{{cite web|url=http://www.ibm.com/developerworks/library/os-5waystunelamp/index.html|title=Five simple ways to tune your LAMP application| website=] |date=2011-01-25}}</ref> PHP is commonly used as the ''P'' in this bundle alongside ], ] and ], although the ''P'' may also refer to ], ], or some mix of the three. Similar packages, ] and ], are also available for ] and ], with the first letter standing for the respective operating system. Although both PHP and Apache are provided as part of the macOS base install, users of these packages seek a simpler installation mechanism that can be more easily kept up to date.{{Citation needed|date=November 2023}} | |||
For specific and more advanced usage scenarios, PHP offers a well-defined and documented way for writing custom extensions in ] or ].<ref>{{cite web | |||
| url = http://www.php.net/manual/en/internals2.structure.php | |||
| title = PHP at the core: Extension structure | |||
| access-date = 2013-09-22 | |||
| website = PHP.net | |||
| archive-date = 2013-09-26 | |||
| archive-url = https://web.archive.org/web/20130926082102/http://www.php.net/manual/en/internals2.structure.php | |||
| url-status = dead | |||
}}</ref><ref>{{cite web | |||
| url = http://www.php.net/manual/en/internals2.counter.php | |||
| title = PHP at the core: The "counter" Extension – A Continuing Example | |||
| access-date = 2013-09-22 | |||
| website = PHP.net | |||
| archive-date = 2013-09-26 | |||
| archive-url = https://web.archive.org/web/20130926082106/http://www.php.net/manual/en/internals2.counter.php | |||
| url-status = dead | |||
}}</ref><ref>{{cite web | |||
| url = http://devzone.zend.com/303/extension-writing-part-i-introduction-to-php-and-zend/ | |||
| title = Extension Writing Part I: Introduction to PHP and Zend | |||
| date = 2005-03-01 | |||
| access-date = 2013-09-22 | |||
| publisher = ] | |||
| archive-url = https://web.archive.org/web/20130924233638/http://devzone.zend.com/303/extension-writing-part-i-introduction-to-php-and-zend/ | |||
| archive-date = 2013-09-24 | |||
| url-status = dead | |||
}}</ref><ref>{{cite web | |||
| url = http://devzone.zend.com/317/extension-writing-part-ii-parameters-arrays-and-zvals/ | |||
| title = Extension Writing Part II: Parameters, Arrays, and ZVALs | |||
| date = 2005-06-06 | |||
| access-date = 2013-09-22 | |||
| publisher = ] | |||
| archive-url = https://web.archive.org/web/20130926091658/http://devzone.zend.com/317/extension-writing-part-ii-parameters-arrays-and-zvals/ | |||
| archive-date = 2013-09-26 | |||
| url-status = dead | |||
}}</ref><ref>{{cite web | |||
| url = http://devzone.zend.com/318/extension-writing-part-ii-parameters-arrays-and-zvals-continued/ | |||
| title = Extension Writing Part II: Parameters, Arrays, and ZVALs (continued) | |||
| date = 2005-06-06 | |||
| access-date = 2013-09-22 | |||
| publisher = ] | |||
| archive-url = https://web.archive.org/web/20130926091655/http://devzone.zend.com/318/extension-writing-part-ii-parameters-arrays-and-zvals-continued/ | |||
| archive-date = 2013-09-26 | |||
| url-status = dead | |||
}}</ref><ref>{{cite web | |||
| url = http://devzone.zend.com/446/extension-writing-part-iii-resources/ | |||
| title = Extension Writing Part III: Resources | |||
| date = 2006-05-12 | |||
| access-date = 2013-09-22 | |||
| publisher = ] | |||
| archive-url = https://web.archive.org/web/20130926091645/http://devzone.zend.com/446/extension-writing-part-iii-resources/ | |||
| archive-date = 2013-09-26 | |||
| url-status = dead | |||
}}</ref><ref>{{cite web | |||
| url = http://devzone.zend.com/1435/wrapping-c-classes-in-a-php-extension/ | |||
| title = Wrapping C++ Classes in a PHP Extension | |||
| date = 2009-04-22 | |||
| access-date = 2013-09-22 | |||
| publisher = ] | |||
| archive-url = https://web.archive.org/web/20130920011549/http://devzone.zend.com/1435/wrapping-c-classes-in-a-php-extension/ | |||
| archive-date = 2013-09-20 | |||
| url-status = dead | |||
}}</ref>{{Primary source inline|date=November 2023|reason=Since this is a broad generalization, secondary sources are required}} Besides extending the language itself in form of additional ], extensions are providing a way for improving execution speed where it is critical and there is room for improvements by using a true ].<ref>{{cite web | |||
| url = https://stackoverflow.com/q/1110682 | |||
| title = Extending PHP with C++? | |||
| access-date = 2013-09-22 | |||
| publisher = ] | |||
}}</ref><ref>{{cite web | |||
| url = https://stackoverflow.com/q/1502244 | |||
| title = How can I use C++ code to interact with PHP? | |||
| access-date = 2013-09-22 | |||
| publisher = ] | |||
}}</ref> PHP also offers well-defined ways for embedding itself into other software projects. That way PHP can be easily used as an internal ] for another project, also providing tight interfacing with the project's specific internal ]s.<ref>{{cite book | |||
| title = Extending and Embedding PHP | |||
| first = Sara | last = Golemon | |||
| year = 2006 | |||
| publisher = Sams | isbn = 978-0-672-32704-9 | |||
}}</ref> | |||
PHP received mixed reviews due to lacking support for ] at the core language level,<ref>{{cite web | |||
| url = https://bugs.php.net/bug.php?id=46919 | |||
| title = Request #46919: Multithreading | |||
| access-date = 2013-09-22 | |||
| website = PHP.net | |||
}}</ref> though using threads is made possible by the "pthreads" ] extension.<ref>{{cite web | |||
| url = http://www.php.net/manual/en/intro.pthreads.php | |||
| title = pthreads: Introduction (PHP Manual) | |||
| access-date = 2013-09-22 | |||
| website = PHP.net | |||
}}</ref><ref>{{cite web|url=https://pecl.php.net/package/pthreads |title=PECL :: Package :: pthreads |website=pecl.php.net |access-date=2014-02-09}}</ref> | |||
A command line interface, php-cli, and two ] ] scripting engines for PHP have been produced.{{Citation needed|date=November 2023}} | |||
=== Popularity and usage statistics === | |||
PHP is used for ]s including ],<ref>{{cite web|date=2010-01-25|title=Manual:Installation requirements#PHP|url=http://www.mediawiki.org/search/?title=Manual:Installation_requirements&oldid=299556#PHP|access-date=2010-02-26|publisher=MediaWiki|quote=PHP is the programming language in which MediaWiki is written }}</ref> ],<ref>{{cite web|title=About WordPress|url=http://wordpress.org/about/|access-date=2010-02-26|quote=WordPress was built on PHP}}</ref> ],<ref>{{cite web|last=Kempkens|first=Alex|title=Joomla! — Content Management System to build websites & apps|url=http://www.joomla.org/about-joomla.html}}</ref> ],<ref>{{cite web|title=PHP and Drupal|date=16 September 2007|url=http://drupal.org/node/176052|access-date=2010-06-13|publisher=Drupal.org|archive-date=2010-02-08|archive-url=https://web.archive.org/web/20100208205523/http://drupal.org/node/176052|url-status=dead}}</ref> ],<ref>{{cite web|title=About|url=http://docs.moodle.org/en/About_Moodle|access-date=2009-12-20|publisher=Moodle.org|archive-date=2010-01-11|archive-url=https://web.archive.org/web/20100111055644/http://docs.moodle.org/en/About_Moodle|url-status=dead}}</ref> ], ], and ].<ref>{{cite web|title=Server requirements of SilverStripe|url=http://doc.silverstripe.org/framework/en/installation/server-requirements|url-status=dead|archive-url=https://web.archive.org/web/20141128063118/http://doc.silverstripe.org/framework/en/installation/server-requirements|archive-date=28 November 2014|access-date=13 October 2014|quote=SilverStripe requires PHP 5.3.2+}}</ref> | |||
{{As of|2013|1}}, PHP was used in more than 240 million ]s (39% of those sampled) and was installed on 2.1 million ]s.<ref>{{cite web | url=http://news.netcraft.com/archives/2013/01/31/php-just-grows-grows.html | title=PHP just grows & grows | date=2013-01-31 | access-date=2013-04-01 | author=Ide, Andy}}</ref> | |||
{{As of|2024|11|21}} (the day of PHP 8.4's release), PHP is used as the server-side programming language on 75.4% of websites where the language could be determined; PHP 7 is the most used version of the language with 49.1% of websites using PHP being on that version, while 37.9% use PHP 8, 12.9% use PHP 5 and 0.1% use PHP 4.<ref name="W3Techs – World Wide Web Technology Surveys">{{cite web |title=Usage statistics of PHP for websites |url=https://w3techs.com/technologies/details/pl-php |website=W3Techs – World Wide Web Technology Surveys |publisher=W3Techs |access-date=21 November 2024}}</ref> | |||
{{Stacked bar | |||
|A1=35.3|T1=PHP 8<br />37.9%|C1=linear-gradient(to right, #66FF66 0.1%, #D4F4B4 9.4%, #FEF8C6 36.6%, #FFCC66, #FF7800); <!-- Please keep this color scheme for PHP 8: it reflects the actual and security of each branch --> | |||
|A2=49.1|T2=PHP 7<br />49.1%|C2=linear-gradient(to right, #dc2626 71.7%, #ef4444, #f87171, #fca5a5, #fecaca); | |||
|A3=13.5|T3=PHP 5<br />12.9%|C3=linear-gradient(to right, #075985 54.2%, #0369a1, #0284c7, #0ea5e9, #38bdf8, #7dd3fc, #bae6fd); | |||
|A4=0.1|T4=PHP 4<br />0.1%|C4=#d4d4d4; | |||
}} | |||
{{Pie chart | |||
|radius = 160 | |||
<!-- PHP version 8 (37.9%) --> | |||
|value1 = 0 <!-- Formula: Version 8.4 is used by 0.0% of all the websites who use PHP version 8, so 37.9 / 100 * 0.0 = 0 --> | |||
|label1 = PHP 8.4: less than 0.1% of PHP 8 | |||
|color1 = #66FF66 <!-- Please keep this color scheme for PHP 8: it reflects the actual and security of each branch --> | |||
|value2 = 3.56 <!-- Formula: Version 8.3 is used by 9.4% of all the websites who use PHP version 8, so 37.9 / 100 * 9.4 = 3.56 --> | |||
|label2 = PHP 8.3: 9.40% of PHP 8 | |||
|color2 = #D4F4B4 <!-- Please keep this color scheme for PHP 8: it reflects the actual and security of each branch --> | |||
|value3 = 10.08 | |||
|label3 = PHP 8.2: 26.6% of PHP 8 | |||
|color3 = #FEF8C6 <!-- Please keep this color scheme for PHP 8: it reflects the actual and security of each branch --> | |||
|value4 = 14.63 <!-- seemst to be actually 11%, thus outdated numbers here? --> | |||
|label4 = PHP 8.1: 38.6% of PHP 8 | |||
|color4 = #FFCC66 <!-- Please keep this color scheme for PHP 8: it reflects the actual and security of each branch --> | |||
|value5 = 9.63 | |||
|label5 = PHP 8.0: 25.4% of PHP 8 | |||
|color5 = #FF7800 <!-- Please keep this color scheme for PHP 8: it reflects the actual and security of each branch --> | |||
<!-- PHP version 7 (49.1%) --> | |||
|value6 = 35.50 <!-- Formula: Version 7.4 is used by 72.3% of all the websites who use PHP version 7, so 49.1 / 100 * 72.3 = 35.50 --> | |||
|label6 = PHP 7.4: 72.3% of PHP 7 | |||
|color6 = #dc2626 | |||
|value7 = 5.70 | |||
|label7 = PHP 7.3: 11.6% of PHP 7 | |||
|color7 = #ef4444 | |||
|value8 = 4.22 | |||
|label8 = PHP 7.2: 8.60% of PHP 7 | |||
|color8 = #f87171 | |||
|value9 = 1.82 | |||
|label9 = PHP 7.1: 3.70% of PHP 7 | |||
|color9 = #fca5a5 | |||
|value10 = 1.87 | |||
|label10 = PHP 7.0: 3.80% of PHP 7 | |||
|color10 = #fecaca | |||
<!-- PHP version 5 (12.9%) --> | |||
|value11 = 7.0176 | |||
|label11 = PHP 5.6: 54.4% of PHP 5 | |||
|color11 = #075985 | |||
|value12 = 1.0578 | |||
|label12 = PHP 5.5: 8.20% of PHP 5 | |||
|color12 = #0369a1 | |||
|value13 = 1.9737 | |||
|label13 = PHP 5.4: 15.3% of PHP 5 | |||
|color13 = #0284c7 | |||
|value14 = 1.8963 | |||
|label14 = PHP 5.3: 14.7% of PHP 5 | |||
|color14 = #0ea5e9 | |||
|value15 = 0.8772 | |||
|label15 = PHP 5.2: 6.80% of PHP 5 | |||
|color15 = #38bdf8 | |||
|value16 = 0.0516 | |||
|label16 = PHP 5.1: 0.40% of PHP 5 | |||
|color16 = #7dd3fc | |||
|value17 = 0 | |||
|label17 = PHP 5.0: less than 0.1% of PHP 5 | |||
|color17 = #bae6fd | |||
<!-- PHP version 4 (0.1%) --> | |||
|value18 = 0.0759 | |||
|label18 = PHP 4.4: 75.9% of PHP 4 | |||
|color18 = #525252 | |||
|value19 = 0.0192 | |||
|label19 = PHP 4.3: 19.2% of PHP 4 | |||
|color19 = #737373 | |||
|value20 = 0.0037 | |||
|label20 = PHP 4.2: 3.70% of PHP 4 | |||
|color20 = #a3a3a3 | |||
|value21 = 0.0009 | |||
|label21 = PHP 4.1: 0.90% of PHP 4 | |||
|color21 = #d4d4d4 | |||
|value22 = 0.0004 | |||
|label22 = PHP 4.0: 0.40% of PHP 4 | |||
|color22 = #e5e5e5 | |||
|caption = Usage share of PHP versions on 21 November 2024:<br /> the day of PHP 8.4's release<ref name="W3Techs – World Wide Web Technology Surveys" /><ref>{{Cite web|url=https://w3techs.com/technologies/details/pl-php/4|title=Usage Statistics and Market Share of PHP Version 4 for Websites, November 2024|website=w3techs.com}}</ref><ref name="w3techs.com">{{Cite web|url=https://w3techs.com/technologies/details/pl-php/5|title=Usage Statistics and Market Share of PHP Version 5 for Websites, November 2024|website=w3techs.com}}</ref><ref>{{Cite web|url=https://w3techs.com/technologies/details/pl-php/7|title=Usage Statistics and Market Share of PHP Version 7 for Websites, November 2024|website=w3techs.com}}</ref><ref>{{Cite web|url=https://w3techs.com/technologies/details/pl-php/8|title=Usage Statistics and Market Share of PHP Version 8 for Websites, November 2024|website=w3techs.com}}</ref> | |||
}} | |||
== <span id="REGISTER-GLOBALS">Security</span> == | |||
In 2019, 11% of all vulnerabilities listed by the ] were linked to PHP;<ref name="National Vulnerability Database">{{cite web | url=https://nvd.nist.gov/vuln/search/statistics?form_type=Basic&results_type=statistics&query=PHP&queryType=phrase&search_type=all | title=National Vulnerability Database (NVD) Search Vulnerabilities Statistics | access-date=2019-11-22}}</ref> historically, about 30% of all vulnerabilities listed since 1996 in this database are linked to PHP. Technical security flaws of the language itself or of its core libraries are not frequent (22 in 2009, about 1% of the total although PHP applies to about 20% of programs listed).<ref name="PHP-2012">{{cite web | |||
| url=http://www.coelho.net/php_cve.html | |||
| title=PHP-related vulnerabilities on the National Vulnerability Database | |||
| date=2012-07-05 | |||
| access-date=2013-04-01 | |||
| archive-date=2009-06-28 | |||
| archive-url=https://web.archive.org/web/20090628173101/http://www.coelho.net/php_cve.html | |||
| url-status=dead | |||
}}</ref> Recognizing that programmers make mistakes, some languages include ] to automatically detect the lack of ] which induces many issues. Such a feature has been proposed for PHP in the past, but either been rejected or the proposal abandoned.<ref>{{cite web | |||
| url=http://derickrethans.nl/files/meeting-notes.html#sand-boxing-or-taint-mode <!-- formerly at https://php.net/~derick/meeting-notes.html#sand-boxing-or-taint-mode --> | |||
| title=Developer Meeting Notes, Nov. 2005}}</ref><ref>{{cite web | |||
|url = http://devzone.zend.com/article/2798-Zend-Weekly-Summaries-Issue-368#Heading1 | |||
|title = Taint mode decision, November 2007 | |||
|url-status = dead | |||
|archive-url = https://web.archive.org/web/20090226124957/http://devzone.zend.com/article/2798-Zend-Weekly-Summaries-Issue-368#Heading1 | |||
|archive-date = 2009-02-26 | |||
}}</ref><ref>{{Cite web|url=https://wiki.php.net/rfc/taint|title=PHP: rfc:taint|website=wiki.php.net}}</ref> | |||
Third-party projects such as ]<ref>{{cite web | |||
| title=Hardened-PHP Project | |||
| url=http://www.hardened-php.net | |||
| date=2008-08-15 | |||
| access-date=2019-08-22 | |||
| archive-url=https://web.archive.org/web/20190224012812/http://www.hardened-php.net/ | |||
| archive-date=2019-02-24 | |||
| url-status=dead | |||
}}</ref> and Snuffleupagus<ref>{{cite web|title=Snuffleupagus Documentation|url=https://snuffleupagus.readthedocs.io/}}</ref> aim to remove or change dangerous parts of the language. | |||
Historically, old versions of PHP had some configuration parameters and default values for such runtime settings that made some PHP applications prone to security issues. Among these, <code>]</code> and <code>register_globals</code><ref name="PHP Manual-3">{{cite web | |||
| url = https://php.net/manual/en/security.globals.php | |||
| title = Security: Using Register Globals | |||
| work = PHP Manual | |||
| access-date = 2013-09-22 | |||
| publisher = PHP.net | |||
| archive-date = 2013-09-27 | |||
| archive-url = https://web.archive.org/web/20130927161000/http://php.net/manual/en/security.globals.php | |||
| url-status = dead | |||
}}</ref> configuration directives were the best known; the latter made any URL parameters become PHP variables, opening a path for serious security vulnerabilities by allowing an attacker to set the value of any uninitialized global variable and interfere with the execution of a PHP script. Support for "]" and "register globals" settings has been deprecated since PHP 5.3.0, and removed from PHP 5.4.0.<ref name="PHP Manual">{{cite web | |||
| url = http://www.php.net/manual/en/security.magicquotes.php | |||
| title = Magic Quotes | |||
| work = PHP Manual | |||
| access-date = 2014-01-17 | |||
| publisher = PHP.net | |||
| archive-date = 2014-02-08 | |||
| archive-url = https://web.archive.org/web/20140208000607/http://www.php.net/manual/en/security.magicquotes.php | |||
| url-status = dead | |||
}}</ref> | |||
Another example for the potential runtime-settings vulnerability comes from failing to disable PHP execution (for example by using the <code>engine</code> configuration directive)<ref>{{cite web | |||
| url = http://www.php.net/manual/en/apache.configuration.php#ini.engine | |||
| title = 'engine' configuration directive | |||
| work = PHP: Runtime Configuration | |||
| access-date = 2014-02-13 | |||
| publisher = PHP.net | |||
}}</ref> for the directory where uploaded files are stored; enabling it can result in the execution of malicious code embedded within the uploaded files.<ref>{{cite web | |||
| url = http://devzone.zend.com/1008/php-security-exploit-with-gif-images/ | |||
| title = PHP Security Exploit With GIF Images | |||
| date = 2007-06-22 | |||
| access-date = 2013-09-22 | |||
| archive-url = https://web.archive.org/web/20130927162421/http://devzone.zend.com/1008/php-security-exploit-with-gif-images/ | |||
| archive-date = 2013-09-27 | |||
| url-status = dead | |||
}}</ref><ref>{{cite web | |||
| url = http://www.phpclasses.org/blog/post/67-PHP-security-exploit-with-GIF-images.html | |||
| title = PHP security exploit with GIF images | |||
| date = 2007-06-20 | access-date = 2013-09-22 | |||
| publisher = PHP Classes blog | |||
}}</ref><ref>{{cite web | |||
|url = http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/ | |||
|title = Passing Malicious PHP Through getimagesize() | |||
|date = 2007-06-04 | |||
|access-date = 2013-09-22 | |||
|url-status = dead | |||
|archive-url = https://web.archive.org/web/20130921222424/http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize | |||
|archive-date = 2013-09-21 | |||
}}</ref> The best practice is to either locate the image directory outside of the document root available to the web server and serve it via an intermediary script or disable PHP execution for the directory which stores the uploaded files.{{Citation needed|date=November 2023}} | |||
Also, enabling the dynamic loading of PHP extensions (via <code>enable_dl</code> configuration directive)<ref>{{cite web | |||
| url = http://www.php.net/manual/en/info.configuration.php#ini.enable-dl | |||
| title = 'enable_dl' configuration directive | |||
| work = PHP: Runtime Configuration | |||
| access-date = 2014-02-13 | |||
| publisher = PHP.net | |||
}}</ref> in a ] environment can lead to security issues.<ref>{{cite web | |||
| url = https://php.net/manual/en/function.dl.php | |||
| title = PHP function reference: dl() | |||
| access-date = 2013-09-22 | |||
| publisher = PHP.net | |||
}}</ref><ref>{{cite web | |||
| url = http://www.webhostingtalk.com/showthread.php?t=514779 | |||
| title = My host won't fix their Trojan | |||
| access-date = 2013-09-22 | |||
| publisher = WebHosting Talk | |||
}}</ref> | |||
Implied ]s that result in different values being treated as equal, sometimes against the programmer's intent, can lead to security issues. For example, the result of the comparison {{nowrap|1=<code>'0e1234' == '0'</code>}} is <code>true</code>, because strings that are parsable as numbers are converted to numbers; in this case, the first compared value is treated as ] having the value ({{val|0|e=1234}}), which is zero. Errors like this resulted in authentication vulnerabilities in ],<ref>{{cite news|url=http://raz0r.name/vulnerabilities/simple-machines-forum/|title= Simple Machines Forum <= 2.0.3 Admin Password Reset|author=Raz0r| newspaper=Raz0R.name — Web Application Security |date = 25 January 2013}}</ref> ]<ref>{{cite web|url=http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html|title=TYPO3-SA-2010-020, TYPO3-SA-2010-022 EXPLAINED|author=Nibble Security}}</ref> and ]<ref>{{cite web|url=http://ahack.ru/articles/cryptographic-security-and-php-applications.htm |title=Криптостойкость и небезопасное сравнение |website=ahack.ru |language=ru |url-status=unfit |archive-url=https://web.archive.org/web/20170704214011/https://ahack.ru/articles/cryptographic-security-and-php-applications.htm |archive-date=4 July 2017 }}</ref> when ] ] were compared. The recommended way is to use <code></code> (for ] safety), <code>]</code> or the identity operator (<code>===</code>), as {{nowrap|1=<code>'0e1234' === '0'</code>}} results in <code>false</code>.{{Citation needed|date=April 2024}} | |||
In a 2013 analysis of over 170,000 ]s, published by ], the most frequently (53%) used technique was the exploitation of ], mostly related to insecure usage of the PHP language constructs <code>include</code>, <code>require</code>, and <code>allow_url_fopen</code>.<ref>{{cite web | url=https://ipsec.pl/web-application-security/most-common-attacks-web-applications.html | title=Most common attacks on web applications | publisher=IPSec.pl | date=2013 | access-date=2015-04-15 | first=Pawel |last=Krawczyk | archive-url=https://web.archive.org/web/20150415150236/https://ipsec.pl/web-application-security/most-common-attacks-web-applications.html | archive-date=2015-04-15 | url-status=dead }}</ref><ref>{{cite web | url=https://ipsec.pl/application-security/2013/so-what-are-most-critical-application-flaws-new-owasp-top-10.html | title=So what are the "most critical" application flaws? On new OWASP Top 10 | publisher=IPSec.pl | date=2013 | access-date=2015-04-15 |first=Pawel |last=Krawczyk }}</ref> | |||
=== Cryptographic Security === | |||
PHP includes <code>rand()</code><ref>{{cite web |title=PHP: Rand – Manual |url=https://php.net/rand}}</ref> and <code>mt_rand()<ref>{{cite web |title=PHP: Mt_rand - Manual |url=https://php.net/mt_rand}}</ref></code>functions which use a ], and are not cryptographically secure. As of version 8.1, the <code>random_int()</code> function is included, which uses a cryptographically secure source of randomness provided by the system.<ref>{{cite web | url=https://php.net/random_int | title=PHP: Random_int – Manual }}</ref> | |||
There are two attacks that can be performed over PHP entropy sources: "seed attack" and "state recovery attack".{{Citation needed|date=November 2023}} As of 2012, a $250 ] can perform up to 2{{sup|30}} ] calculations per second, while a $750 GPU can perform four times as many calculations at the same time.<ref>{{Cite web|url=https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/argyros|title=I Forgot Your Password: Randomness Attacks Against PHP Applications|website=usenix.org|publisher=]|first1=George|last1=Argyros|first2=Aggelos|last2=Kiayias|date=10 August 2012|access-date=19 April 2024}}</ref> In combination with a "]" this can lead to serious security vulnerabilities.{{Citation needed|date=November 2023}} | |||
=== Long-Term Support === | |||
The PHP development team provides official bug fixes for 2 years following release of each minor version, followed by another 2 years where only security fixes are released.<!-- <ref name="PHP-2011" /> link to outdated RFC --><ref>{{cite web | url=https://wiki.php.net/rfc/release_cycle_update | title=PHP: RFC:release_cycle_update }}</ref> After this, the release is considered ] and no longer officially supported. | |||
Extended Long-Term Support beyond this is available from commercial providers, such as ] and others<ref>{{Cite web |title=PHP Support for PHP 7.2 – 8.0 {{!}} PHP LTS {{!}} Zend by Perforce |url=https://www.zend.com/services/php-long-term-support |archive-url= |archive-date= |access-date=2024-05-23}}</ref><ref>{{Cite web |title=Pagely PHP Long Term Support Page |url=https://pagely.com/solutions/php-long-term-support/ |access-date=2024-09-14 |website=Pagely |language=en-US}}</ref> | |||
== See also == | |||
{{Portal|Computer programming|Free and open-source software}} | |||
{{Div col|colwidth=25em}} | |||
* ] | * ] | ||
* ] | |||
* ] | |||
* ] | |||
* ] | |||
* ] (PHP Extension and Application Repository) | |||
* ] | |||
* ] | |||
* ] (free and open-source cross-platform web server solution stack package) | |||
* ] | |||
{{div col end}} | |||
== |
== References == | ||
{{Reflist}} | |||
<div class="references-small"> | |||
<references /> | |||
</div> | |||
== Further reading == | |||
==References== | |||
{{Spoken Misplaced Pages|En-PHP.ogg|date=2011-11-23}} | |||
*Jason E. Sweat. Guide to PHP Design Patterns. PHP|architect, 2005. ISBN 0973589825. | |||
* {{cite journal |quote=What's the Absolute Minimum I Must Know About PHP? |url= https://www.bloomberg.com/graphics/2015-paul-ford-what-is-code/ |title=What is Code? |first=Paul |last=Ford |date=June 11, 2015 |journal=]}} | |||
*Ilia Alshanetsky. Guide to PHP Security. PHP|architect, 2005. ISBN 0973862106. | |||
*Chris Shiflett. Essential PHP Security. O'Reilly Media, 2005. ISBN 059600656X. | |||
*Larry Ullman. PHP and MySQL for Dynamic Web Sites. Peachpit Press, 1st edition, 2003. ISBN 0321186486. | |||
==External links== | == External links == | ||
* {{Official website}} | |||
{{Navboxes|list= | |||
* | |||
{{PHP}} | |||
* | |||
{{Web interfaces}} | |||
* — International group of PHP experts dedicated to promoting secure programming practices. | |||
{{Programming languages}} | |||
* — The Web Application Component Toolkit's wiki page on PHP security resources. | |||
{{FOSS}} | |||
* — Group of security experts developing a modification to PHP to protect it against known and unknown attacks. | |||
}} | |||
* newsgroup | |||
{{Sister bar|wikt=no|commons=Category:PHP|v=Topic:PHP|n=no|q=no|s=no|b=PHP Programming|voy=no|mw=PHP}} | |||
* | |||
{{Authority control}} | |||
] | ] | ||
] | ] | ||
] | ] | ||
] | ] | ||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | ] | ||
] | ] | ||
] | ] | ||
] | ] | ||
] | |||
] | ] | ||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] | |||
] |
Latest revision as of 08:05, 17 January 2025
Scripting language created in 1994 This article is about the scripting language. For other uses, see PHP (disambiguation).Paradigm | Multi-paradigm: imperative, functional, object-oriented, procedural, reflective |
---|---|
Designed by | Rasmus Lerdorf |
Developer | The PHP Development Team, Zend Technologies, PHP Foundation |
First appeared | 8 June 1995; 29 years ago (1995-06-08) |
Stable release | 8.4.3 / 17 January 2025; 0 days ago (2025-01-17) |
Typing discipline | Dynamic, weak, gradual |
Implementation language | C (primarily; some components C++) |
OS | Unix-like, Windows, macOS, IBM i, OpenVMS, IBM Z |
License | PHP License (most of Zend engine under Zend Engine License) for PHP 4 and later versions (only; dual-licensed GNU General Public License version 2 or any later version and PHP License for PHP versions 3.0 or earlier.) |
Filename extensions | .php ,.phar ,.phtml ,.pht ,.phps |
Website | www |
Major implementations | |
Zend Engine, HHVM, PeachPie, Quercus, Parrot | |
Influenced by | |
Perl, C, C++, Java, Tcl, JavaScript | |
Influenced | |
Hack, JSP, ASP, React JS | |
|
PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by the PHP Group. PHP was originally an abbreviation of Personal Home Page, but it now stands for the recursive acronym PHP: Hypertext Preprocessor.
PHP code is usually processed on a web server by a PHP interpreter implemented as a module, a daemon or a Common Gateway Interface (CGI) executable. On a web server, the result of the interpreted and executed PHP code—which may be any type of data, such as generated HTML or binary image data—would form the whole or part of an HTTP response. Various web template systems, web content management systems, and web frameworks exist that can be employed to orchestrate or facilitate the generation of that response. Additionally, PHP can be used for many programming tasks outside the web context, such as standalone graphical applications and drone control. PHP code can also be directly executed from the command line.
The standard PHP interpreter, powered by the Zend Engine, is free software released under the PHP License. PHP has been widely ported and can be deployed on most web servers on a variety of operating systems and platforms.
The PHP language has evolved without a written formal specification or standard, with the original implementation acting as the de facto standard that other implementations aimed to follow.
W3Techs reports that as of 27 October 2024 (about two years since PHP 7 was discontinued and 11 months after the PHP 8.3 release), PHP 7 is still used by 50.0% of PHP websites, which is outdated and known to be insecure. In addition, the even more outdated (discontinued for 5+ years) and insecure PHP 5 is used by 13.2% and the no longer supported PHP 8.0 is also very popular, so the majority of PHP websites do not use supported versions.
History
Rasmus Lerdorf, creator of PHP; and Andi Gutmans and Zeev Suraski, creators of the Zend EngineEarly history
PHP development began in 1993 when Rasmus Lerdorf wrote several Common Gateway Interface (CGI) programs in C, which he used to maintain his personal homepage. He extended them to work with web forms and to communicate with databases, and called this implementation "Personal Home Page/Forms Interpreter" or PHP/FI.
An example of the early PHP syntax:
<!--include /text/header.html--> <!--getenv HTTP_USER_AGENT--> <!--if substr $exec_result Mozilla--> Hey, you are using Netscape!<p> <!--endif--> <!--sql database select * from table where user='$username'--> <!--ifless $numentries 1--> Sorry, that record does not exist<p> <!--endif exit--> Welcome <!--$user-->!<p> You have <!--$index:0--> credits left in your account.<p> <!--include /text/footer.html-->
PHP/FI could be used to build simple, dynamic web applications. To accelerate bug reporting and improve the code, Lerdorf initially announced the release of PHP/FI as "Personal Home Page Tools (PHP Tools) version 1.0" on the Usenet discussion group comp.infosystems.www.authoring.cgi on 8 June 1995. This release included basic functionality such as Perl-like variables, form handling, and the ability to embed HTML. By this point, the syntax had changed to resemble that of Perl, but was simpler, more limited, and less consistent.
Early PHP was never intended to be a new programming language; rather, it grew organically, with Lerdorf noting in retrospect: "I don't know how to stop it there was never any intent to write a programming language I have absolutely no idea how to write a programming language I just kept adding the next logical step on the way." A development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997.
The fact that PHP was not originally designed, but instead was developed organically has led to inconsistent naming of functions and inconsistent ordering of their parameters. In some cases, the function names were chosen to match the lower-level libraries which PHP was "wrapping", while in some very early versions of PHP the length of the function names was used internally as a hash function, so names were chosen to improve the distribution of hash values.
PHP 3 and 4
Zeev Suraski and Andi Gutmans rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive acronym PHP: Hypertext Preprocessor. Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend Engine in 1999. They also founded Zend Technologies in Ramat Gan, Israel.
On 22 May 2000, PHP 4, powered by the Zend Engine 1.0, was released. By August 2008, this branch had reached version 4.4.9. PHP 4 is now no longer under development and nor are any security updates planned to be released.
PHP 5
On 1 July 2004, PHP 5 was released, powered by the new Zend Engine II. PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects (PDO) extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements. In 2008, PHP 5 became the only stable version under development. Late static binding had been missing from previous versions of PHP, and was added in version 5.3.
Many high-profile open-source projects ceased to support PHP 4 in new code from February 5, 2008, because of the GoPHP5 initiative, provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.
Over time, PHP interpreters became available on most existing 32-bit and 64-bit operating systems, either by building them from the PHP source code or by using pre-built binaries. For PHP versions 5.3 and 5.4, the only available Microsoft Windows binary distributions were 32-bit IA-32 builds, requiring Windows 32-bit compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform. PHP version 5.5 made the 64-bit x86-64 builds available for Microsoft Windows.
Official security support for PHP 5.6 ended on 31 December 2018.
PHP 6 and Unicode
PHP received mixed reviews due to lacking native Unicode support at the core language level. In 2005, a project headed by Andrei Zmievski was initiated to bring native Unicode support throughout PHP, by embedding the International Components for Unicode (ICU) library, and representing text strings as UTF-16 internally. Since this would cause major changes both to the internals of the language and to user code, it was planned to release this as version 6.0 of the language, along with other major features then in development.
However, a shortage of developers who understood the necessary changes, and performance problems arising from conversion to and from UTF-16, which is rarely used in a web context, led to delays in the project. As a result, a PHP 5.3 release was created in 2009, with many non-Unicode features back-ported from PHP 6, notably namespaces. In March 2010, the project in its current form was officially abandoned, and a PHP 5.4 release was prepared to contain most remaining non-Unicode features from PHP 6, such as traits and closure re-binding. Initial hopes were that a new plan would be formed for Unicode integration, but by 2014 none had been adopted.
PHP 7
During 2014 and 2015, a new major PHP version was developed, PHP 7. The numbering of this version involved some debate among internal developers. While the PHP 6 Unicode experiments had never been released, several articles and book titles referenced the PHP 6 names, which might have caused confusion if a new release were to reuse the name. After a vote, the name PHP 7 was chosen.
The foundation of PHP 7 is a PHP branch that was originally dubbed PHP next generation (phpng). It was authored by Dmitry Stogov, Xinchen Hui and Nikita Popov, and aimed to optimize PHP performance by refactoring the Zend Engine while retaining near-complete language compatibility. By 14 July 2014, WordPress-based benchmarks, which served as the main benchmark suite for the phpng project, showed an almost 100% increase in performance. Changes from phpng make it easier to improve performance in future versions, as more compact data structures and other changes are seen as better suited for a successful migration to a just-in-time (JIT) compiler. Because of the significant changes, the reworked Zend Engine was called Zend Engine 3, succeeding Zend Engine 2 used in PHP 5.
Because of the major internal changes in phpng, it must receive a new major version number of PHP, rather than a minor PHP 5 release, according to PHP's release process. Major versions of PHP are allowed to break backward-compatibility of code and therefore PHP 7 presented an opportunity for other improvements beyond phpng that require backward-compatibility breaks. In particular, it involved the following changes:
- Many fatal or recoverable-level legacy PHP error mechanisms were replaced with modern object-oriented exceptions.
- The syntax for variable dereferencing was reworked to be internally more consistent and complete, allowing the use of the operators
->
,,
()
,{}
, and::
, with arbitrary meaningful left-side expressions. - Support for legacy PHP 4-style constructor methods was deprecated.
- The behavior of the
foreach
statement was changed to be more predictable. - Constructors for the few classes built-in to PHP which returned null upon failure were changed to throw an exception instead, for consistency.
- Several unmaintained or deprecated server application programming interfaces (SAPIs) and extensions were removed from the PHP core, most notably the legacy
mysql
extension. - The behavior of the
list()
operator was changed to remove support for strings. - Support was removed for legacy ASP-style delimiters
<%
and%>
and<script language="php"> ... </script>
. - An oversight allowing a switch statement to have multiple
default
clauses was fixed. - Support for hexadecimal number support in some implicit conversions from strings to number types was removed.
- The left-shift and right-shift operators were changed to behave more consistently across platforms.
- Conversions between floating-point numbers and integers were changed (e.g. infinity changed to convert to zero) and implemented more consistently across platforms.
PHP 7 also included new language features. Most notably, it introduced return type declarations for functions which complement the existing parameter type declarations, and support for the scalar types (integer, float, string, and boolean) in parameter and return type declarations.
PHP 8
PHP 8 was released on 26 November 2020, and is currently the second-most used PHP major version. PHP 8 is a major version and has breaking changes from previous versions. New features and notable changes include:
Just-in-time compilation
Just-in-time compilation is supported in PHP 8.
PHP 8's JIT compiler can provide substantial performance improvements for some use cases, while (then PHP) developer Nikita Popov stated that the performance improvements for most websites will be less substantial than the upgrade from PHP 5 to PHP 7. Substantial improvements are expected more for mathematical-type operations than for common web-development use cases. Additionally, the JIT compiler provides the future potential to move some code from C to PHP, due to the performance improvements for some use cases.
Addition of the match expression
Main article: PHP syntax and semantics § Match expressionPHP 8 introduced the match
expression. The match expression is conceptually similar to a switch
statement and is more compact for some use cases. Because match
is an expression, its result can be assigned to a variable or returned from a function.
Type changes and additions
PHP 8 introduced union types, a new static
return type, and a new mixed
type.
"Attributes", often referred to as "annotations" in other programming languages, were added in PHP 8, which allow metadata to be added to classes.
throw
was changed from being a statement to being an expression. This allows exceptions to be thrown in places that were not previously possible.
Syntax changes and additions
PHP 8 includes changes to allow alternate, more concise, or more consistent syntaxes in a number of scenarios. For example, the nullsafe operator is similar to the null coalescing operator ??
, but used when calling methods. The following code snippet will not throw an error if getBirthday()
returns null:
$human_readable_date = $user->getBirthday()?->diffForHumans();
Constructor property promotion has been added as "syntactic sugar," allowing class properties to be set automatically when parameters are passed into a class constructor. This reduces the amount of boilerplate code that must be written.
Other minor changes include support for use of ::class
on objects, which serves as an alternative for the use of get_class()
; non-capturing catches in try-catch blocks; variable syntax tweaks to resolve inconsistencies; support for named arguments; and support for trailing commas in parameter lists, which adds consistency with support for trailing commas in other contexts, such as in arrays.
Standard library changes and additions
- Weak maps were added in PHP 8. A
WeakMap
holds references to objects, but these references do not prevent such objects from being garbage collected. This can provide performance improvements in scenarios where data is being cached; this is of particular relevance for object–relational mappings (ORM). - Various adjustments to interfaces, such as adding support for creating
DateTime
objects from interfaces, and the addition of aStringable
interface that can be used for type hinting. - Various new functions including
str_contains()
,str_starts_with()
, andstr_ends_with()
;fdiv()
;get_debug_type()
; andget_resource_id()
- Object implementation of
token_get_all()
Additional changes
- Type annotations were also added into PHP's C source code itself to allow internal functions and methods to have "complete type information in reflection."
- Inheritance with private methods
- Abstract methods in traits improvements
PHP 8.1
PHP 8.1 was released on November 25, 2021. It added support for enumerations (also called "enums"), declaring properties as readonly
(which prevents modification of the property after initialization), and array unpacking with string keys. The new never type can be used to indicate that a function does not return.
PHP 8.2
PHP 8.2 was released on December 8, 2022. New in this release are readonly
classes (whose instance properties are implicitly readonly), disjunctive normal form (DNF) types, and the random
extension, which provides a pseudorandom number generator with an object-oriented API, Sensitive Parameter value redaction, and a ton of other features.
PHP 8.3
PHP 8.3 was released on November 23, 2023. This release introduced readonly array properties, allowing arrays to be declared as immutable after initialization. It also added support for class aliases for built-in PHP classes, new methods for random float generation in the Random extension, and enhanced PHP INI settings with fallback value support. Additionally, the new stream_context_set_options function provides improved API for stream manipulation, among other updates and deprecations.
PHP 8.4
PHP 8.4 was released on November 21, 2024.
Release history
Version | Release date | Supported until | Notes |
---|---|---|---|
Old version, no longer maintained: 1.0 | 8 June 1995 | Officially called "Personal Home Page Tools (PHP Tools)". This is the first use of the name "PHP". | |
Old version, no longer maintained: 2.0 | 1 November 1997 | Officially called "PHP/FI 2.0". This is the first release that could actually be characterised as PHP, being a standalone language with many features that have endured to the present day. | |
Old version, no longer maintained: 3.0 | 6 June 1998 | 20 October 2000 | Development moves from one person to multiple developers. Zeev Suraski and Andi Gutmans rewritten the base for this version. |
Old version, no longer maintained: 4.0 | 22 May 2000 | 23 June 2001 | Added more advanced two-stage parse/execute tag-parsing system called the Zend engine. |
Old version, no longer maintained: 4.1 | 10 December 2001 | 12 March 2002 | Introduced "superglobals" ($_GET , $_POST , $_SESSION , etc.)
|
Old version, no longer maintained: 4.2 | 22 April 2002 | 6 September 2002 | Disabled register_globals by default. Data received over the network is not inserted directly into the global namespace anymore, closing possible security holes in applications.
|
Old version, no longer maintained: 4.3 | 27 December 2002 | 31 March 2005 | Introduced the command-line interface (CLI), to supplement the CGI. |
Old version, no longer maintained: 4.4 | 11 July 2005 | 7 August 2008 | Fixed a memory corruption bug, which required breaking binary compatibility with extensions compiled against PHP version 4.3.x. |
Old version, no longer maintained: 5.0 | 13 July 2004 | 5 September 2005 | Zend Engine II with a new object model. |
Old version, no longer maintained: 5.1 | 24 November 2005 | 24 August 2006 | Performance improvements with the introduction of compiler variables in re-engineered PHP Engine. Added PHP Data Objects (PDO) as a consistent interface for accessing databases. |
Old version, no longer maintained: 5.2 | 2 November 2006 | 6 January 2011 | Enabled the filter extension by default. Native JSON support. |
Old version, no longer maintained: 5.3 | 30 June 2009 | 14 August 2014 | Namespace support; late static bindings, jump label (limited goto), anonymous functions, closures, PHP archives (phar), garbage collection for circular references, improved Windows support, sqlite3, mysqlnd as a replacement for libmysql as the underlying library for the extensions that work with MySQL, fileinfo as a replacement for mime_magic for better MIME support, the Internationalization extension, and deprecation of ereg extension. |
Old version, no longer maintained: 5.4 | 1 March 2012 | 3 September 2015 | Trait support, short array syntax support. Removed items: register_globals , safe_mode , allow_call_time_pass_reference , session_register() , session_unregister() and session_is_registered() . Built-in web server. Several improvements to existing features, performance and reduced memory requirements.
|
Old version, no longer maintained: 5.5 | 20 June 2013 | 10 July 2016 | Support for generators, finally blocks for exceptions handling, OpCache (based on Zend Optimizer+) bundled in official distribution.
|
Old version, no longer maintained: 5.6 | 28 August 2014 | 31 December 2018 | Constant scalar expressions, variadic functions, argument unpacking, new exponentiation operator, extensions of the use statement for functions and constants, new phpdbg debugger as a SAPI module, and other smaller improvements.
|
6.x | Not released | — | Abandoned version of PHP that planned to include native Unicode support. |
Old version, no longer maintained: 7.0 | 3 December 2015 | 10 January 2019 | Zend Engine 3 (performance improvements and 64-bit integer support on Windows), uniform variable syntax, AST-based compilation process, added Closure::call() , bitwise shift consistency across platforms, ?? (null coalesce) operator, Unicode code point escape syntax, return type declarations, scalar type (integer, float, string and boolean) declarations, <=> "spaceship" three-way comparison operator, generator delegation, anonymous classes, simpler and more consistently available CSPRNG API, replacement of many remaining internal PHP "errors" with the more modern exceptions, and shorthand syntax for importing multiple items from a namespace.
|
Old version, no longer maintained: 7.1 | 1 December 2016 | 1 December 2019 | iterable type, nullable types, void return type, class constant visibility modifiers, short list syntax, multi-catch
|
Old version, no longer maintained: 7.2 | 30 November 2017 | 30 November 2020 | Object parameter and return type declaration, libsodium extension, abstract method overriding, parameter type widening |
Old version, no longer maintained: 7.3 | 6 December 2018 | 6 December 2021 | Flexible Heredoc and Nowdoc syntax, support for reference assignment and array deconstruction with list() , PCRE2 support, hrtime function
|
Old version, no longer maintained: 7.4 | 28 November 2019 | 28 November 2022 | Typed properties 2.0, preloading, null-coalescing assignment operator, improve openssl_random_pseudo_bytes , weak references, foreign function interface (FFI), always available hash extension, password hash registry, multibyte string splitting, reflection for references, unbundle ext/wddx, new custom object serialization mechanism
|
Old version, no longer maintained: 8.0 | 26 November 2020 | 26 November 2023 | Just-In-Time (JIT) compilation, arrays starting with a negative index, stricter/saner language semantics (validation for abstract trait methods), saner string to number comparisons, saner numeric strings, TypeError on invalid arithmetic/bitwise operators, reclassification of various engine errors, consistent type errors for internal functions, fatal error for incompatible method signatures), locale-independent float to string conversion, variable syntax tweaks, attributes, named arguments, match expression, constructor property promotion, union types, mixed type, static return type, nullsafe operator, non-capturing catches, throw expression, JSON extension is always available.
|
Old version, still maintained: 8.1 | 25 November 2021 | 31 December 2025 | Explicit octal integer literal notation, enumerations, read-only properties, first-class callable syntax, new in initializers, pure intersection types, never return type, final class constraints, fibers
|
Old version, still maintained: 8.2 | 8 December 2022 | 31 December 2026 | Readonly classes, null , false , and true as stand-alone types, locale-independent case conversion, disjunctive normal form types, constants in traits
|
Old version, still maintained: 8.3 | 23 November 2023 | 31 December 2027 | Typed class constants, dynamic class constant fetch, # attribute, deep-cloning of read-only properties, new json_validate function, randomizer additions, the command-line linter supports multiple files
|
Latest version: 8.4 | 21 November 2024 | 31 December 2028 | Property hooks, asymmetric visibility, an updated DOM API, performance improvements, bug fixes, and general cleanup. |
Legend:Unsupported versionOld version, still maintainedLatest versionLatest preview versionFuture release |
Beginning on 28 June 2011, the PHP Development Team implemented a timeline for the release of new versions of PHP. Under this system, at least one release should occur every month. Once per year, a minor release should occur which may include new features. Every minor release should at least be supported for two years with security and bug fixes, followed by at least one year of only security fixes, for a total of a three-year release process for every minor release. No new features, unless small and self-contained, are to be introduced into a minor release during the three-year release process.
Mascot
The mascot of the PHP project is the elePHPant, a blue elephant with the PHP logo on its side, designed by Vincent Pontier in 1998. "The (PHP) letters were forming the shape of an elephant if viewed in a sideways angle." The elePHPant is sometimes differently coloured when in plush toy form.
Many variations of this mascot have been made over the years. Only the elePHPants based on the original design by Vincent Pontier are considered official by the community. These are collectable and some of them are extremely rare.
Syntax
Main article: PHP syntax and semanticsThe following "Hello, World!" program is written in PHP code embedded in an HTML document:
<!DOCTYPE html> <html> <head> <title>PHP "Hello, World!" program</title> </head> <body> <p><?= 'Hello, World!' ?></p> </body> </html>
However, as no requirement exists for PHP code to be embedded in HTML, the simplest version of Hello, World! may be written like this, with the closing tag ?>
omitted as preferred in files containing pure PHP code.
<?php echo 'Hello, World!';
The PHP interpreter only executes PHP code within its delimiters. Anything outside of its delimiters is not processed by PHP, although the non-PHP text is still subject to control structures described in PHP code. The most common delimiters are <?php
to open and ?>
to close PHP sections. The shortened form <?
also exists. This short delimiter makes script files less portable since support for them can be disabled in the local PHP configuration and it is therefore discouraged. Conversely, there is no recommendation against the echo short tag <?=
. Prior to PHP 5.4.0, this short syntax for echo
only works with the short_open_tag
configuration setting enabled, while for PHP 5.4.0 and later it is always available. The purpose of all these delimiters is to separate PHP code from non-PHP content, such as JavaScript code or HTML markup. So the shortest "Hello, World!" program written in PHP is:
<?='Hello, World!';
The first form of delimiters, <?php
and ?>
, in XHTML and other XML documents, creates correctly formed XML processing instructions. This means that the resulting mixture of PHP code and other markups in the server-side file is itself well-formed XML.
Variables are prefixed with a dollar symbol, and a type does not need to be specified in advance. PHP 5 introduced type declarations that allow functions to force their parameters to be objects of a specific class, arrays, interfaces or callback functions. However, before PHP 7, type declarations could not be used with scalar types such as integers or strings.
Below is an example of how PHP variables are declared and initialized.
<?php $name = 'John'; // variable of string type being declared and initialized $age = 18; // variable of integer type being declared and initialized $height = 5.3; // variable of double type being declared and initialized echo $name . ' is ' . $height . "m tall\n"; // concatenating variables and strings echo "$name is $age years old."; // interpolating variables to string ?>
Unlike function and class names, variable names are case-sensitive. Both double-quoted ("") and heredoc strings provide the ability to interpolate a variable's value into the string. PHP treats newlines as whitespace in the manner of a free-form language, and statements are terminated by a semicolon. PHP has three types of comment syntax: /* */
marks block and inline comments; //
or #
are used for one-line comments. The echo
statement is one of several facilities PHP provides to output text.
In terms of keywords and language syntax, PHP is similar to C-style syntax. if
conditions, for
and while
loops and function returns are similar in syntax to languages such as C, C++, C#, Java and Perl.
Data types
PHP is loosely typed. It stores integers in a platform-dependent range, either as a 32, 64 or 128-bit signed integer equivalent to the C-language long type. Unsigned integers are converted to signed values in certain situations, which is different behaviour to many other programming languages. Integer variables can be assigned using decimal (positive and negative), octal, hexadecimal, and binary notations.
Floating-point numbers are also stored in a platform-specific range. They can be specified using floating-point notation, or two forms of scientific notation. PHP has a native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C++.
The null data type represents a variable that has no value; NULL
is the only allowed value for this data type.
Variables of the "resource" type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension; examples include file, image, and database resources.
Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled. PHP also supports strings, which can be used with single quotes, double quotes, nowdoc or heredoc syntax.
The Standard PHP Library (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.
Functions
PHP defines a large array of functions in the core language and many are also available in various extensions; these functions are well documented online PHP documentation. However, the built-in library has a wide variety of naming conventions and associated inconsistencies, as described under history above.
Custom functions may be defined by the developer:
function myAge(int $birthYear): string { // calculate the age by subtracting the birth year from the current year. $yearsOld = date('Y') - $birthYear; // return the age in a descriptive string. return $yearsOld . ($yearsOld == 1 ? ' year' : ' years'); } echo 'I am currently ' . myAge(1995) . ' old.';
As of 2025, the output of the above sample program is "I am currently 30 years old."
In lieu of function pointers, functions in PHP can be referenced by a string containing their name. In this manner, normal PHP functions can be used, for example, as callbacks or within function tables. User-defined functions may be created at any time without being prototyped. Functions may be defined inside code blocks, permitting a run-time decision as to whether or not a function should be defined. There is a function_exists
function that determines whether a function with a given name has already been defined. Function calls must use parentheses, with the exception of zero-argument class constructor functions called with the PHP operator new
, in which case parentheses are optional.
Since PHP 4.0.1 create_function()
, a thin wrapper around eval()
, allowed normal PHP functions to be created during program execution; it was deprecated in PHP 7.2 and removed in PHP 8.0 in favor of syntax for anonymous functions or "closures" that can capture variables from the surrounding scope, which was added in PHP 5.3. Shorthand arrow syntax was added in PHP 7.4:
function getAdder($x) { return fn($y) => $x + $y; } $adder = getAdder(8); echo $adder(2); // prints "10"
In the example above, getAdder()
function creates a closure using passed argument $x
, which takes an additional argument $y
, and returns the created closure to the caller. Such a function is a first-class object, meaning that it can be stored in a variable, passed as a parameter to other functions, etc.
Unusually for a dynamically typed language, PHP supports type declarations on function parameters, which are enforced at runtime. This has been supported for classes and interfaces since PHP 5.0, for arrays since PHP 5.1, for "callables" since PHP 5.4, and scalar (integer, float, string and boolean) types since PHP 7.0. PHP 7.0 also has type declarations for function return types, expressed by placing the type name after the list of parameters, preceded by a colon. For example, the getAdder
function from the earlier example could be annotated with types like so in PHP 7:
function getAdder(int $x): Closure { return fn(int $y): int => $x + $y; } $adder = getAdder(8); echo $adder(2); // prints "10" echo $adder(null); // throws an exception because an incorrect type was passed $adder = getAdder(); // would also throw an exception
By default, scalar type declarations follow weak typing principles. So, for example, if a parameter's type is int
, PHP would allow not only integers, but also convertible numeric strings, floats or Booleans to be passed to that function, and would convert them. However, PHP 7 has a "strict typing" mode which, when used, disallows such conversions for function calls and returns within a file.
PHP objects
Basic object-oriented programming functionality was added in PHP 3 and improved in PHP 4. This allowed for PHP to gain further abstraction, making creative tasks easier for programmers using the language. Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance. In previous versions of PHP, objects were handled like value types. The drawback of this method was that code had to make heavy use of PHP's "reference" variables if it wanted to modify an object it was passed rather than creating a copy of it. In the new approach, objects are referenced by handle, and not by value.
PHP 5 introduced private and protected member variables and methods, along with abstract classes, final classes, abstract methods, and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with array syntax and objects implementing Iterator or IteratorAggregate can be used with the foreach
language construct. There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.
If the developer creates a copy of an object using the reserved word clone
, the Zend engine will check whether a __clone()
method has been defined. If not, it will call a default __clone()
which will copy the object's properties. If a __clone()
method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports the properties of the source object, so the programmer can start with a by-value replica of the source object and only override properties that need to be changed.
The visibility of PHP properties and methods is defined using the keywords public
, private
, and protected
. The default is public, if only var is used; var
is a synonym for public
. Items declared public
can be accessed everywhere. protected
limits access to inherited classes (and to the class that defines the item). private
limits visibility only to the class that defines the item. Objects of the same type have access to each other's private and protected members even though they are not the same instance.
Example
The following is a basic example of object-oriented programming in PHP 8:
<?php abstract class User { protected string $name; public function __construct(string $name) { // make first letter uppercase and the rest lowercase $this->name = ucfirst(strtolower($name)); } public function greet(): string { return "Hello, my name is " . $this->name; } abstract public function job(): string; } class Student extends User { public function __construct(string $name, private string $course) { parent::__construct($name); } public function job(): string { return "I learn " . $this->course; } } class Teacher extends User { public function __construct(string $name, private array $teachingCourses) { parent::__construct($name); } public function job(): string { return "I teach " . implode(", ", $this->teachingCourses); } } $students = [ new Student("Alice", "Computer Science"), new Student("Bob", "Computer Science"), new Student("Charlie", "Business Studies"), ]; $teachers = [ new Teacher("Dan", ), new Teacher("Erin", ), new Teacher("Frankie", ), ]; foreach ( as $users) { echo $users::class . "s:\n"; array_walk($users, function (User $user) { echo "{$user->greet()}, {$user->job()}\n"; }); }
This program outputs the following:
Students:
Hello, my name is Alice, I learn Computer Science
Hello, my name is Bob, I learn Computer Science
Hello, my name is Charlie, I learn Business Studies
Teachers:
Hello, my name is Dan, I teach Computer Science, Information Security
Hello, my name is Erin, I teach Computer Science, 3D Graphics Programming
Hello, my name is Frankie, I teach Online Marketing, Business Studies, E-commerce
Implementations
The only complete PHP implementation is the original, known simply as PHP. It is the most widely used and is powered by the Zend Engine. To disambiguate it from other implementations, it is sometimes unofficially called "Zend PHP". The Zend Engine compiles PHP source code on-the-fly into an internal format that it can execute, thus it works as an interpreter. It is also the "reference implementation" of PHP, as PHP has no formal specification, and so the semantics of Zend PHP define the semantics of PHP. Due to the complex and nuanced semantics of PHP, defined by how Zend works, it is difficult for competing implementations to offer complete compatibility.
PHP's single-request-per-script-execution model, and the fact that the Zend Engine is an interpreter, leads to inefficiency; as a result, various products have been developed to help improve PHP performance. In order to speed up execution time and not have to compile the PHP source code every time the web page is accessed, PHP scripts can also be deployed in the PHP engine's internal format by using an opcode cache, which works by caching the compiled form of a PHP script (opcodes) in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. An opcode cache, Zend Opcache, is built into PHP since version 5.5. Another example of a widely used opcode cache is the Alternative PHP Cache (APC), which is available as a PECL extension.
While Zend PHP is still the most popular implementation, several other implementations have been developed. Some of these are compilers or support JIT compilation, and hence offer performance benefits over Zend PHP at the expense of lacking full PHP compatibility. Alternative implementations include the following:
- HHVM (HipHop Virtual Machine) – developed at Facebook and available as open source, it converts PHP code into a high-level bytecode (commonly known as an intermediate language), which is then translated into x86-64 machine code dynamically at runtime by a just-in-time (JIT) compiler, resulting in up to 6× performance improvements. However, since version 7.2 Zend has outperformed HHVM, and HHVM 3.24 is the last version to officially support PHP.
- HipHop – developed at Facebook and available as open source, it transforms the PHP scripts into C++ code and then compiles the resulting code, reducing the server load up to 50%. In early 2013, Facebook deprecated it in favour of HHVM due to multiple reasons, including deployment difficulties and lack of support for the whole PHP language, including the
create_function()
andeval()
constructs.
- HipHop – developed at Facebook and available as open source, it transforms the PHP scripts into C++ code and then compiles the resulting code, reducing the server load up to 50%. In early 2013, Facebook deprecated it in favour of HHVM due to multiple reasons, including deployment difficulties and lack of support for the whole PHP language, including the
- Parrot – a virtual machine designed to run dynamic languages efficiently; the cross-translator Pipp transforms the PHP source code into the Parrot intermediate representation, which is then translated into the Parrot's bytecode and executed by the virtual machine.
- PeachPie – a second-generation compiler to .NET Common Intermediate Language (CIL) bytecode, built on the Roslyn platform; successor of Phalanger, sharing several architectural components
- Phalanger – compiles PHP into .Net Common Intermediate Language bytecode; predecessor of PeachPie
- Quercus – compiles PHP into Java bytecode
Licensing
Main article: PHP LicensePHP is free software released under the PHP License, which stipulates that:
Products derived from this software may not be called "PHP", nor may "PHP" appear in their name, without prior written permission from group@php.net. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo".
This restriction on the use of "PHP" makes the PHP License incompatible with the GNU General Public License (GPL), while the Zend License is incompatible due to an advertising clause similar to that of the original BSD license.
Development and community
PHP includes various free and open-source libraries in its source distribution or uses them in resulting PHP binary builds. PHP is fundamentally an Internet-aware system with built-in modules for accessing File Transfer Protocol (FTP) servers and many database servers, including PostgreSQL, MySQL, Microsoft SQL Server and SQLite (which is an embedded database), LDAP servers, and others. Numerous functions are familiar to C programmers, such as those in the stdio family, are available in standard PHP builds.
PHP allows developers to write extensions in C to add functionality to the PHP language. PHP extensions can be compiled statically into PHP or loaded dynamically at runtime. Numerous extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Other PHP features made available through extensions include integration with Internet Relay Chat (IRC), dynamic generation of images and Adobe Flash content, PHP Data Objects (PDO) as an abstraction layer used for accessing databases, and even speech synthesis. Some of the language's core functions, such as those dealing with strings and arrays, are also implemented as extensions. The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.
Some other projects, such as Zephir, provide the ability for PHP extensions to be created in a high-level language and compiled into native PHP extensions. Such an approach, instead of writing PHP extensions directly in C, simplifies the development of extensions and reduces the time required for programming and testing.
By December 2018 the PHP Group consisted of ten people: Thies C. Arntzen, Stig Bakken, Shane Caraveo, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, and Andrei Zmievski.
Zend Technologies provides a PHP Certification based on PHP 8 exam (and previously based on PHP 7 and 5.5) for programmers to become certified PHP developers.
The PHP Foundation
Formation | November 22, 2021; 3 years ago (2021-11-22) |
---|---|
Founder | Automattic, Laravel, Acquia, Zend, Private Packagist, Symfony, Craft CMS, Tideways, PrestaShop, JetBrains |
Website | https://thephp.foundation |
On 26 November 2021, the JetBrains blog announced the creation of The PHP Foundation, which will sponsor the design and development of PHP.
Year | Commits | Reviews | RFCs |
---|---|---|---|
2022 | 683 | 283 | 8 |
2023 | 784 | 702 | 17 |
The foundation hires "Core Developers" to work on the PHP language's core repository. Roman Pronskiy, a member of the foundation's board, said that they aim to pay "market salaries" to developers.
The response to the foundation has mostly been positive, with the foundation being praised for better supporting the language and helping to stop the decrease in the language's popularity. However, it has also been criticised for adding breaking changes to minor versions of PHP, such as in PHP 8.2 where initialising members of a class out-with the original class scope would cause depreciation errors, these changes impacted a number of open source projects including WordPress.
Germany's Sovereign Tech Fund provided more than 200,000 Euros to support the PHP Foundation.
Installation and configuration
There are two primary ways for adding support for PHP to a web server – as a native web server module, or as a CGI executable. PHP has a direct module interface called server application programming interface (SAPI), which is supported by many web servers including Apache HTTP Server, Microsoft IIS and iPlanet Web Server. Some other web servers, such as OmniHTTPd, support the Internet Server Application Programming Interface (ISAPI), which is Microsoft's web server module interface. If PHP has no module support for a web server, it can always be used as a Common Gateway Interface (CGI) or FastCGI processor; in that case, the web server is configured to use PHP's CGI executable to process all requests to PHP files.
PHP-FPM (FastCGI Process Manager) is an alternative FastCGI implementation for PHP, bundled with the official PHP distribution since version 5.3.3. When compared to the older FastCGI implementation, it contains some additional features, mostly useful for heavily loaded web servers.
When using PHP for command-line scripting, a PHP command-line interface (CLI) executable is needed. PHP supports a CLI server application programming interface (SAPI) since PHP 4.3.0. The main focus of this SAPI is developing shell applications using PHP. There are quite a few differences between the CLI SAPI and other SAPIs, although they do share many of the same behaviours.
PHP has a direct module interface called SAPI for different web servers; in case of PHP 5 and Apache 2.0 on Windows, it is provided in form of a DLL file called php5apache2.dll, which is a module that, among other functions, provides an interface between PHP and the web server, implemented in a form that the server understands. This form is what is known as a SAPI.
There are different kinds of SAPIs for various web server extensions. For example, in addition to those listed above, other SAPIs for the PHP language include the Common Gateway Interface and command-line interface.
PHP can also be used for writing desktop graphical user interface (GUI) applications, by using the "PHP Desktop". GitHub. or discontinued PHP-GTK extension. PHP-GTK is not included in the official PHP distribution, and as an extension, it can be used only with PHP versions 5.1.0 and newer. The most common way of installing PHP-GTK is by compiling it from the source code.
When PHP is installed and used in cloud environments, software development kits (SDKs) are provided for using cloud-specific features. For example:
- Amazon Web Services provides the AWS SDK for PHP
- Microsoft Azure can be used with the Windows Azure SDK for PHP.
Numerous configuration options are supported, affecting both core PHP features and extensions. Configuration file php.ini
is searched for in different locations, depending on the way PHP is used. The configuration file is split into various sections, while some of the configuration options can be also set within the web server configuration.
Use
PHP is a general-purpose scripting language that is especially suited to server-side web development, in which case PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content or dynamic images used on websites or elsewhere. It can also be used for command-line scripting and client-side graphical user interface (GUI) applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems (RDBMS). Most web hosting providers support PHP for use by their clients. It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.
Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting, and it is similar to other server-side scripting languages that provide dynamic content from a web server to a client, such as Python, Microsoft's ASP.NET, Sun Microsystems' JavaServer Pages, and mod_perl
. PHP has also attracted the development of many software frameworks that provide building blocks and a design structure to promote rapid application development (RAD). Some of these include PRADO, CakePHP, Symfony, CodeIgniter, Laravel, Yii Framework, Phalcon and Laminas, offering features similar to other web frameworks.
The LAMP architecture has become popular in the web industry as a way of deploying web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python, Perl, or some mix of the three. Similar packages, WAMP and MAMP, are also available for Windows and macOS, with the first letter standing for the respective operating system. Although both PHP and Apache are provided as part of the macOS base install, users of these packages seek a simpler installation mechanism that can be more easily kept up to date.
For specific and more advanced usage scenarios, PHP offers a well-defined and documented way for writing custom extensions in C or C++. Besides extending the language itself in form of additional libraries, extensions are providing a way for improving execution speed where it is critical and there is room for improvements by using a true compiled language. PHP also offers well-defined ways for embedding itself into other software projects. That way PHP can be easily used as an internal scripting language for another project, also providing tight interfacing with the project's specific internal data structures.
PHP received mixed reviews due to lacking support for multithreading at the core language level, though using threads is made possible by the "pthreads" PECL extension.
A command line interface, php-cli, and two ActiveX Windows Script Host scripting engines for PHP have been produced.
Popularity and usage statistics
PHP is used for Web content management systems including MediaWiki, WordPress, Joomla, Drupal, Moodle, eZ Publish, eZ Platform, and SilverStripe.
As of January 2013, PHP was used in more than 240 million websites (39% of those sampled) and was installed on 2.1 million web servers.
As of 21 November 2024 (the day of PHP 8.4's release), PHP is used as the server-side programming language on 75.4% of websites where the language could be determined; PHP 7 is the most used version of the language with 49.1% of websites using PHP being on that version, while 37.9% use PHP 8, 12.9% use PHP 5 and 0.1% use PHP 4.
PHP 837.9%PHP 7
49.1%PHP 5
12.9%PHP 4
0.1%
|
Usage share of PHP versions on 21 November 2024:
the day of PHP 8.4's release
Security
In 2019, 11% of all vulnerabilities listed by the National Vulnerability Database were linked to PHP; historically, about 30% of all vulnerabilities listed since 1996 in this database are linked to PHP. Technical security flaws of the language itself or of its core libraries are not frequent (22 in 2009, about 1% of the total although PHP applies to about 20% of programs listed). Recognizing that programmers make mistakes, some languages include taint checking to automatically detect the lack of input validation which induces many issues. Such a feature has been proposed for PHP in the past, but either been rejected or the proposal abandoned.
Third-party projects such as Suhosin and Snuffleupagus aim to remove or change dangerous parts of the language.
Historically, old versions of PHP had some configuration parameters and default values for such runtime settings that made some PHP applications prone to security issues. Among these, magic_quotes_gpc
and register_globals
configuration directives were the best known; the latter made any URL parameters become PHP variables, opening a path for serious security vulnerabilities by allowing an attacker to set the value of any uninitialized global variable and interfere with the execution of a PHP script. Support for "magic quotes" and "register globals" settings has been deprecated since PHP 5.3.0, and removed from PHP 5.4.0.
Another example for the potential runtime-settings vulnerability comes from failing to disable PHP execution (for example by using the engine
configuration directive) for the directory where uploaded files are stored; enabling it can result in the execution of malicious code embedded within the uploaded files. The best practice is to either locate the image directory outside of the document root available to the web server and serve it via an intermediary script or disable PHP execution for the directory which stores the uploaded files.
Also, enabling the dynamic loading of PHP extensions (via enable_dl
configuration directive) in a shared web hosting environment can lead to security issues.
Implied type conversions that result in different values being treated as equal, sometimes against the programmer's intent, can lead to security issues. For example, the result of the comparison '0e1234' == '0'
is true
, because strings that are parsable as numbers are converted to numbers; in this case, the first compared value is treated as scientific notation having the value (0×10), which is zero. Errors like this resulted in authentication vulnerabilities in Simple Machines Forum, Typo3 and phpBB when MD5 password hashes were compared. The recommended way is to use hash_equals()
(for timing attack safety), strcmp
or the identity operator (===
), as '0e1234' === '0'
results in false
.
In a 2013 analysis of over 170,000 website defacements, published by Zone-H, the most frequently (53%) used technique was the exploitation of file inclusion vulnerability, mostly related to insecure usage of the PHP language constructs include
, require
, and allow_url_fopen
.
Cryptographic Security
PHP includes rand()
and mt_rand()
functions which use a pseudorandom number generator, and are not cryptographically secure. As of version 8.1, the random_int()
function is included, which uses a cryptographically secure source of randomness provided by the system.
There are two attacks that can be performed over PHP entropy sources: "seed attack" and "state recovery attack". As of 2012, a $250 GPU can perform up to 2 MD5 calculations per second, while a $750 GPU can perform four times as many calculations at the same time. In combination with a "birthday attack" this can lead to serious security vulnerabilities.
Long-Term Support
The PHP development team provides official bug fixes for 2 years following release of each minor version, followed by another 2 years where only security fixes are released. After this, the release is considered end of life and no longer officially supported.
Extended Long-Term Support beyond this is available from commercial providers, such as Zend and others
See also
- Comparison of programming languages
- List of Apache–MySQL–PHP packages
- List of PHP accelerators
- List of PHP editors
- PEAR (PHP Extension and Application Repository)
- PHP accelerator
- Template processor
- XAMPP (free and open-source cross-platform web server solution stack package)
- Zend Server
References
- ^ Lerdorf, Rasmus (June 8, 1995). "Announce: Personal Home Page Tools (PHP Tools)". Retrieved 7 June 2011.
- ^ Lerdorf, Rasmus (2007-04-26). "PHP on Hormones – history of PHP presentation by Rasmus Lerdorf given at the MySQL Conference in Santa Clara, California". The Conversations Network. Archived from the original on 2013-07-29.
- "PHP: PHP 8.4.0 Release Announcement". www.php.net.
- "PHP: Function arguments – Manual". secure.php.net.
- "PHP: Release Archives (museum)". museum.php.net.
- "PHP: Preface – Manual".
- Stogov, Dmitry (2015-12-04). "It's not a secret that some #PHP7 optimization ideas came from HHVM, LuaJIT and V8. Thank you @HipHopVM @SaraMG. #php7thankyou" (Tweet) – via Twitter.
- "PHP: Hypertext Preprocessor". www.php.net. Retrieved 2020-02-12.
- ^ Krill, Paul (2013-11-18). "Believe the hype: PHP founder backs Facebook's HipHop technology". InfoWorld. Retrieved 2022-10-13.
- "Announce: Personal Home Page Tools (PHP Tools)". groups.google.com. Retrieved 2022-11-03.
- ^ "History of PHP and related projects". The PHP Group. Retrieved 2008-02-25.
- ^ "History of PHP". php.net.
- Olsson, Mikael (2013-09-04). PHP Quick Scripting Reference. Apress. ISBN 978-1-4302-6284-8.
- PHP Manual: Preface, www.php.net.
- "Introduction: What can PHP do?". PHP Manual. Retrieved 2009-03-05.
- helicopter: Port of node-ar-drone which allows user to control a Parrot AR Drone over PHP: jolicode/php-ar-drone, JoliCode, 2019-01-11, retrieved 2019-02-23
- ^ "Embedding PHP in HTML". O'Reilly. 2001-05-03. Archived from the original on 2008-02-19. Retrieved 2008-02-25.
- "PHP: Unsupported Branches". www.php.net.
- ^ "Usage statistics of PHP for websites". W3Techs – World Wide Web Technology Surveys. W3Techs. Retrieved 21 November 2024.
- Lerdorf, Rasmus (2012-07-20). "I wonder why people keep writing that PHP was ever written in Perl. It never was. #php". Twitter. Retrieved 2014-09-04.
- Lerdorf, Rasmus (2007-04-26). "PHP on Hormones". The Conversations Network. Archived from the original (mp3) on 2019-01-06. Retrieved 2009-06-22.
- Lerdorf, Rasmus (2007). "Slide 3". slides for 'PHP on Hormones' talk. The PHP Group. Retrieved 2009-06-22.
- Lerdorf, Rasmus (1995-06-08). "Announce: Personal Home Page Tools (PHP Tools)". Newsgroup: comp.infosystems.www.authoring.cgi. Retrieved 2006-09-17.
- "Rasmus Lerdorf, Senior Technical Yahoo: PHP, Behind the Mic". 2003-11-19. Archived from the original on 2013-07-28.
- Alshetwi, A.B.; Rahmat, R. A. A. O.; Borhan, M. N.; Ismael, S.; Ali, A.; Irtema, H. I. M.; Alfakhria, A. Y. (2018). "Web-Based Expert System for Optimizing of Traffic Road in Developing Countries". Retrieved 13 Feb 2024.
- "Problems with PHP". Retrieved 20 December 2010.
- "php.internals: Re: Function name consistency". news.php.net. 2013-12-28. Retrieved 2014-02-09.
- Rasmus Lerdorf (Dec 16, 2013). "Re: Flexible function naming". Newsgroup: php.internals. Retrieved December 26, 2013.
- "PHP – Acronym Meaning Vote". PHP.net. Archived from the original on August 15, 2000.
- "Zend Engine version 2.0: Feature Overview and Design". Zend Technologies Ltd. Archived from the original on 2006-07-19. Retrieved 2006-09-17.
- "php.net 2007 news archive". The PHP Group. 2007-07-13. Retrieved 2008-02-22.
- Kerner, Sean Michael (2008-02-01). "PHP 4 is Dead—Long Live PHP 5". InternetNews. Archived from the original on 2018-08-06. Retrieved 2018-12-16.
- Trachtenberg, Adam (2004-07-15). "Why PHP 5 Rocks!". O'Reilly. Archived from the original on 2016-03-31. Retrieved 2008-02-22.
- "Late Static Binding in PHP". Digital Sandwich. 2006-02-23. Retrieved 2008-03-25.
- "Static Keyword". The PHP Group. Retrieved 2008-03-25.
- "GoPHP5". Archived from the original on 2011-07-17.
- "PHP projects join forces to Go PHP 5" (PDF). GoPHP5 Press Release. Archived from the original (PDF) on 2019-08-04. Retrieved 2008-02-23.
- "GoPHP5". GoPHP5. Archived from the original on 2011-04-27. Retrieved 2008-02-22.
- "PHP Installation and Configuration". php.net. Retrieved 2013-10-29.
- "PHP for Windows: Binaries and sources releases (5.3)". php.net. Retrieved 2013-10-29.
- "PHP for Windows: Binaries and sources releases (5.4)". php.net. Retrieved 2013-10-29.
- "PHP for Windows: Binaries and sources releases (5.5)". php.net. Retrieved 2013-10-29.
- "PHP: Supported Versions".
- "Types: Strings (PHP Manual)". PHP.net. Retrieved 2013-09-22.
- "Details of the String Type (PHP Manual)". PHP.net. Retrieved 2021-09-22.
- Andrei Zmievski (2005-08-10). "PHP Unicode support design document" (Mailing list). Retrieved 2014-02-09.
- "PHP 5.5 or 6.0". Retrieved 2014-02-09.
- Andrei Zmievski (2011-04-22). "The Good, the Bad, and the Ugly: What Happened to Unicode and PHP 6". Retrieved 2014-02-09.
- Rasmus Lerdorf (2010-03-11). "PHP 6" (Mailing list). Retrieved 2014-02-07.
- "The Neverending Muppet Debate of PHP 6 v PHP 7". Archived from the original on 2015-11-19. Retrieved 2015-11-19.
- "RFC: Name of Next Release of PHP". php.net. 2014-07-07. Retrieved 2014-07-15.
- "Re: [PHP-DEV] [VOTE] [RFC] Name of Next Release of PHP (again)". 2014-07-30. Retrieved 2014-07-30.
- "phpng: Refactored PHP Engine with Big Performance Improvement". news.php.net.
- "PHP: rfc:phpng". php.net. Retrieved 16 December 2014.
- ^ "PHP: phpng". php.net. Retrieved 2014-07-15.
- "Merge branch 'ZendEngine3'". github.com. 2014-12-05. Retrieved 2014-12-05.
- ^ "PHP: Release Process". 2011-06-20. Retrieved 2013-10-06.
- ^ "PHP RFC: Exceptions in the engine (for PHP 7)". php.net. Retrieved 2015-05-21.
- ^ "PHP RFC: Uniform Variable Syntax". php.net. 2014-05-31. Retrieved 2014-07-30.
- "Online PHP editor | output for udRhX". 3v4l.org.
- "PHP RFC: Fix "foreach" behavior". php.net. Retrieved 2015-05-21.
- "PHP RFC: Constructor behaviour of internal classes". php.net. Retrieved 2015-05-21.
- "PHP RFC: Removal of dead or not yet PHP7 ported SAPIs and extensions". php.net. Retrieved 2015-05-21.
- "PHP RFC: Fix list() behavior inconsistency". php.net. Retrieved 2015-05-21.
- "PHP RFC: Remove alternative PHP tags". php.net. Retrieved 2015-05-21.
- "PHP RFC: Make defining multiple default cases in a switch a syntax error". php.net. Retrieved 2015-05-21.
- "PHP RFC: Remove hex support in numeric strings". php.net. Retrieved 2015-05-21.
- ^ "PHP RFC: Integer Semantics". php.net. Retrieved 2015-05-21.
Making NaN and Infinity always become zero when cast to integer means more cross-platform consistency, and is also less surprising than what is currently produces
- "PHP RFC: ZPP Failure on Overflow". php.net. Retrieved 2015-05-21.
- ^ "RFC: Return Types". php.net. 2015-01-27. Retrieved 2015-01-28.
- ^ "RFC: Scalar Type Declarations". php.net. 2015-03-16. Retrieved 2015-03-17.
- ^ Brent. "What's new in PHP 8". Stitcher. Retrieved 22 September 2020.
- ^ "PHP 8 Released". PHP. Retrieved 27 November 2020.
- ^ "PHP: rfc:jit". wiki.php.net. Retrieved 2019-04-05.
- Brent. "PHP 8: JIT performance in real-life web applications". Stitcher.io. Retrieved 4 October 2020.
- Rethams, Derick. "PHP 8: A Quick Look at JIT".
- ^ Popov, Nikita (13 July 2020). ""What's new in PHP 8.0?" Nikita Popov". PHP fwdays. Archived from the original on 2021-12-11. Retrieved 4 October 2020.
- Daniele, Carlo (25 May 2020). "What's New in PHP 8 (Features, Improvements, and the JIT Compiler)". Kinsta. Retrieved 24 December 2020.
- Redmond, Paul (15 July 2020). "Match Expression is Coming to PHP 8". Laravel News. Retrieved 4 October 2020.
- "PHP 8.0: Match Expressions". PHP Watch. Retrieved 4 October 2020.
- Barnes, Eric (27 November 2020). "PHP 8 is now Released!". Laravel News. Retrieved 24 December 2020.
- ^ "PHP RFC: throw expression". wiki.php.net. Retrieved 14 August 2020.
- ^ "PHP RFC: Nullsafe operator". wiki.php.net. Retrieved 14 August 2020.
- Roose, Brent. "PHP 8: Constructor property promotion". Retrieved 30 April 2024.
- ^ "PHP: rfc:weakrefs". wiki.php.net. Retrieved 2019-04-05.
- Merchant, Amit (13 June 2020). "These new string functions are coming in PHP 8". Amit Merchant. Retrieved 4 October 2020.
- Popov, Nikita. "Call for participation: Annotating internal function argument and return types". Externals. Retrieved 19 November 2020.
- "PHP 8 ChangeLog". PHP.net. Retrieved 2024-01-05.
- "PHP: PHP 8.1.0 Release Announcement". PHP.net. Retrieved 2024-01-05.
- "PHP 8 ChangeLog". PHP.net. Retrieved 2024-01-05.
- "PHP: PHP 8.2.0 Release Announcement". PHP.net. Retrieved 2024-01-05.
- ^ "Unsupported Branches". php.net. Retrieved 2019-07-31.
- "PHP 4.0.0 Released". Retrieved 25 October 2020.
- ^ "PHP: PHP 4 ChangeLog". The PHP Group. 2008-01-03. Retrieved 2008-02-22.
- "PHP 4.1.0 Release Announcement". Retrieved 25 October 2020.
- "PHP 4.2.0 Release Announcement". Retrieved 25 October 2020.
- "PHP 4.3.0 Release Announcement". Retrieved 25 October 2020.
- "Using PHP from the command line". PHP Manual. The PHP Group. Retrieved 2009-09-11.
- "PHP 4.4.0 Release Announcement". Retrieved 25 October 2020.
- "PHP 4.4.0 Release Announcement". PHP Manual. The PHP Group. Retrieved 2013-11-24.
- "PHP 5.0.0 Released!". Retrieved 25 October 2020.
- ^ "PHP: PHP 5 ChangeLog". The PHP Group. 2007-11-08. Retrieved 2008-02-22.
- "PHP 5.1.0 Release Announcement". Retrieved 25 October 2020.
- "PHP manual: PDO". The PHP Group. 2011-11-15. Retrieved 2011-11-15.
- "PHP 5.2.0 Release Announcement". Retrieved 25 October 2020.
- "PHP 5.3.0 Release Announcement". Retrieved 25 October 2020.
- "PHP 5.4.0 Release Announcement". Retrieved 25 October 2020.
- "Built-in web server". Retrieved March 26, 2012.
- "PHP 5.5.0 Release Announcement". Retrieved 25 October 2020.
- ^ "Supported Versions". php.net. Retrieved 2017-12-13.
- "PHP 5.5.0 changes". php.net. Retrieved 2015-03-03.
- "PHP 5.6.0 Release Announcement". Retrieved 25 October 2020.
- "Migrating from PHP 5.5.x to PHP 5.6.x". php.net. Retrieved 2014-03-24.
- "Resetting PHP 6".
There have been books on the shelves purporting to cover PHP 6 since at least 2008. But, in March 2010, the PHP 6 release is not out – in fact, it is not even close to out. Recent events suggest that PHP 6 will not be released before 2011 – if, indeed, it is released at all.
- Krill, Paul (2014-10-31). "PHP 7 moves full speed ahead". InfoWorld.
Recent versions of PHP have been part of the 5.x release series, but there will be no PHP 6. "We're going to skip 6, because years ago, we had plans for a 6, but those plans were very different from what we're doing now," Gutmans said. Going right to version 7 avoids confusion.
- "News Archive – 2018: PHP 7.2.9 Released". php.net. 2018-08-16. Retrieved 2018-08-16.
- "PHP: rfc:size_t_and_int64_next". php.net. Retrieved 16 December 2014.
- "PHP: rfc:abstract_syntax_tree". php.net. Retrieved 16 December 2014.
- "PHP: rfc:closure_apply". php.net. Retrieved 16 December 2014.
- "PHP: rfc:integer_semantics". php.net. Retrieved 16 December 2014.
- "PHP: rfc:isset_ternary". php.net. Retrieved 16 December 2014.
- "RFC: Unicode Codepoint Escape Syntax". 2014-11-24. Retrieved 2014-12-19.
- "Combined Comparison (Spaceship) Operator". php.net. Retrieved 2015-05-21.
- "PHP RFC: Generator Delegation". php.net. Retrieved 2015-05-21.
- "PHP RFC: Anonymous Classes". php.net. Retrieved 2015-05-21.
- "PHP RFC: Easy User-land CSPRNG". php.net. Retrieved 2015-05-21.
- "PHP RFC: Group Use Declarations". php.net. Retrieved 2015-05-21.
- "PHP: rfc:iterable". php.net. 2016-06-10. Retrieved 2023-06-30.
- "PHP: rfc:nullable_types". php.net. 2014-04-10. Retrieved 2023-06-30.
- "PHP: rfc:void_return_type". php.net. 2015-11-09. Retrieved 2015-11-14.
- "PHP: rfc:class_constant_visibility". php.net. 2015-10-27. Retrieved 2015-12-08.
- "PHP: rfc:short_list_syntax". php.net. 2016-04-07. Retrieved 2023-06-30.
- "PHP: rfc:multiple-catch". php.net. 2016-03-06. Retrieved 2023-06-30.
- "PHP: rfc:object-typehint". wiki.php.net.
- "PHP: rfc:libsodium". wiki.php.net.
- "PHP: rfc:allow-abstract-function-override". wiki.php.net.
- "PHP: rfc:parameter-no-type-variance". wiki.php.net.
- "PHP: todo:php73". wiki.php.net.
- "PHP: rfc:flexible_heredoc_nowdoc_syntaxes". wiki.php.net.
- "PHP: rfc:list_reference_assignment". wiki.php.net.
- "PHP: rfc:pcre2-migration". wiki.php.net.
- "PHP: hrtime – Manual". php.net.
- "PHP 7.4.0 Released!". php.net. Retrieved 2019-11-28.
- "PHP: rfc:typed_properties_v2". wiki.php.net. Retrieved 2019-04-04.
- "PHP: rfc:preload". wiki.php.net. Retrieved 2019-04-04.
- "PHP: rfc:null_coalesce_equal_operator". wiki.php.net. Retrieved 2019-04-04.
- "PHP: rfc:improve-openssl-random-pseudo-bytes". wiki.php.net. Retrieved 2019-04-04.
- "PHP: rfc:ffi". wiki.php.net. Retrieved 2019-04-05.
- "PHP: rfc:permanent_hash_ext". wiki.php.net. Retrieved 2019-04-05.
- "PHP: rfc:password_registry". wiki.php.net. Retrieved 2019-04-05.
- "PHP: rfc:mb_str_split". wiki.php.net. Retrieved 2019-04-05.
- "PHP: rfc:reference_reflection". wiki.php.net. Retrieved 2019-04-05.
- "PHP: rfc:deprecate-and-remove-ext-wddx". wiki.php.net. Retrieved 2019-04-05.
- "PHP: rfc:custom_object_serialization". wiki.php.net. Retrieved 2019-04-05.
- "PHP: Supported Versions". php.net. Retrieved 2023-11-26.
- "PHP: rfc:negative_array_index". wiki.php.net. Retrieved 2019-04-05.
- "PHP RFC: Validation for abstract trait methods". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Saner string to number comparisons". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Saner numeric strings". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Stricter type checks for arithmetic/bitwise operators". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Reclassifying engine warnings". wiki.php.net. Retrieved 14 August 2020.
- "PHP: rfc:consistent_type_errors". wiki.php.net. Retrieved 2019-04-05.
- "PHP: rfc:lsp_errors". wiki.php.net. Retrieved 2019-05-26.
- "PHP RFC: Locale-independent float to string cast". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Variable Syntax Tweaks". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Attributes V2". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Attribute Amendments". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Shorter Attribute Syntax". wiki.php.net. Retrieved 2020-06-20.
- "PHP RFC: Shorter Attribute Syntax Change". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Named Arguments". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Match expression v2". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Constructor Property Promotion". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Union Types 2.0". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Mixed Type v2". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: Static return type". wiki.php.net. Retrieved 14 August 2020.
- "PHP RFC: non-capturing catches". wiki.php.net. Retrieved 14 August 2020.
- Andre, Tyson. "PHP RFC: Always available JSON extension". PHP. Retrieved 25 October 2020.
- "PHP: todo:php81". wiki.php.net. Retrieved 2022-06-16.
- "PHP RFC: Explicit octal integer literal notation". wiki.php.net. Retrieved 2020-11-25.
- "PHP RFC: Enumerations". wiki.php.net. Retrieved 2021-03-25.
- "PHP: rfc:readonly_properties_v2". wiki.php.net. Retrieved 2021-11-26.
- "PHP: rfc:first_class_callable_syntax". wiki.php.net. Retrieved 2021-11-26.
- "PHP: rfc:new_in_initializers". wiki.php.net. Retrieved 2021-11-26.
- "PHP: rfc:pure-intersection-types". wiki.php.net. Retrieved 2021-11-26.
- "PHP: rfc:noreturn_type". wiki.php.net. Retrieved 2021-11-26.
- "PHP: rfc:final_class_const". wiki.php.net. Retrieved 2021-11-26.
- "PHP: rfc:fibers". wiki.php.net. Retrieved 2021-11-26.
- "PHP: todo:php82". wiki.php.net. Retrieved 2022-06-16.
- "PHP: rfc:readonly_classes". wiki.php.net. Retrieved 2022-06-16.
- "PHP: rfc:null-false-standalone-types". wiki.php.net. Retrieved 2022-06-16.
- "PHP: rfc:true-type". wiki.php.net. Retrieved 2022-06-16.
- "PHP: rfc:strtolower-ascii". wiki.php.net. Retrieved 2022-06-16.
- "PHP: rfc:dnf_types". wiki.php.net. Retrieved 2023-02-07.
- "PHP: rfc:constants_in_traits". wiki.php.net. Retrieved 2023-02-07.
- "PHP 8.3.0 Released!". php.net. 23 November 2023. Retrieved 24 November 2023.
- "PHP: rfc:typed_class_constants". wiki.php.net. Retrieved 2023-12-17.
- "PHP: rfc:dynamic_class_constant_fetch". wiki.php.net. Retrieved 2023-12-17.
- "PHP: rfc:marking_overriden_methods". wiki.php.net. Retrieved 2023-12-17.
- "PHP: rfc:readonly_amendments". wiki.php.net. Retrieved 2023-12-17.
- "PHP: rfc:json_validate". wiki.php.net. Retrieved 2023-12-17.
- "PHP: rfc:randomizer_additions". wiki.php.net. Retrieved 2023-12-17.
- "PHP: todo: php84". php.net. 26 March 2024. Retrieved 26 March 2024.
- "PHP: ElePHPant". 4 Oct 2014. Retrieved 4 Oct 2014.
- "Redirecting…". wwphp-fb.github.io.
- "The PHP Mascot's Birth – Creator Of The elePHPant Vincent Pontier Reveals The True Story!". 7php.com. 2014-01-06.
- "ElePHPant". PHP.earth. Retrieved 2024-02-13.
- "PHP: ElePHPant". www.php.net.
- "A Field Guide to Elephpants". afieldguidetoelephpants.net.
- "tags – Manual". php.net. Retrieved 2014-02-17.
- ^ "PHP: rfc:shortags". php.net. 2008-04-03. Retrieved 2014-05-08.
- "PHP: Basic syntax". The PHP Group. Retrieved 2008-02-22.
- "Basic Coding Standard". PHP Framework Interoperability Group. Retrieved 2016-01-03.
- "echo – Manual". php.net. Retrieved 2014-02-17.
- "Description of core php.ini directives – Manual". php.net. 2002-03-17. Retrieved 2014-02-17.
- "Your first PHP-enabled page". The PHP Group. Retrieved 2008-02-25.
- Bray, Tim; et al. (26 November 2008). "Processing Instructions". Extensible Markup Language (XML) 1.0 (Fifth Edition). W3C. Retrieved 2009-06-18.
- "Variables". The PHP Group. Retrieved 2008-03-16.
- "Instruction separation". The PHP Group. Retrieved 2008-03-16.
- "Comments". The PHP Group. Retrieved 2008-03-16.
- "Integers in PHP, running with scissors, and portability". MySQL Performance Blog. March 27, 2007. Retrieved 2007-03-28.
- ^ "Types". The PHP Group. Retrieved 2008-03-16.
- "Strings". The PHP Group. Retrieved 2008-03-21.
- "SPL – StandardPHPLibrary". PHP.net. March 16, 2009. Retrieved 2009-03-16.
- ^ "User-defined functions (PHP manual)". php.net. 2014-07-04. Retrieved 2014-07-07.
- ^ "Variable functions (PHP manual)". php.net. 2014-07-04. Retrieved 2014-07-07.
- "create_function() (PHP manual)". php.net. 2022-04-06. Retrieved 2022-05-04.
- "Anonymous functions (PHP manual)". php.net. 2014-07-04. Retrieved 2014-07-07.
- "Arrow Functions (PHP manual)". php.net. Retrieved 2021-01-25.
- Christian Seiler; Dmitry Stogov (2008-07-01). "Request for Comments: Lambda functions and closures". php.net. Retrieved 2014-07-07.
- ^ "PHP 5 Object References". mjtsai.com. Retrieved 2008-03-16.
- "Classes and Objects (PHP 5)". The PHP Group. Retrieved 2008-03-16.
- "Object cloning". The PHP Group. Retrieved 2008-03-16.
- "Visibility (PHP Manual)". theserverpages.com. 2005-05-19. Archived from the original on 2010-09-24. Retrieved 2010-08-26.
- "How do computer languages work?". Archived from the original on 2011-07-16. Retrieved 2009-11-04.
- Gilmore, W. Jason (2006-01-23). Beginning PHP and MySQL 5: From Novice to Professional. Apress. p. 43. ISBN 1-59059-552-1.
- "[VOTE] Integrating Zend Optimizer+ into the PHP distribution". news.php.net. Retrieved 2013-03-08.
- "Alternative PHP Cache". PHP.net. Archived from the original on 2013-11-15. Retrieved 2013-09-21.
- "We are the 98.5% (and the 16%) « HipHop Virtual Machine". hhvm.com. December 2013. Retrieved 2014-02-23.
- "The Definitive PHP 5.6, 7.0, 7.1, 7.2 & 7.3 Benchmarks (2019)". 2019-01-14. Retrieved 2019-04-19.
- Krill, Paul (2017-09-20). "Forget PHP! Facebook's HHVM engine switches to Hack instead". InfoWorld. Retrieved 2019-02-06.
- "Announcement on GitHub removing HPHPc support". GitHub. Retrieved 2013-05-24.
- "The PHP License, version 3.01". Retrieved 2010-05-20.
- "GPL-Incompatible, Free Software Licenses". Various Licenses and Comments about Them. Free Software Foundation. Retrieved 2011-01-03.
- "PHP: Function and Method listing – Manual". The PHP Group. Retrieved 2015-01-14.
- "Introduction – Manual". php.net. 2013-06-07. Retrieved 2013-06-13.
- Darryl Patterson (5 August 2004). "Simplify Business Logic with PHP DataObjects — O'Reilly Media". ibm.com. Archived from the original on 16 December 2014. Retrieved 16 December 2014.
- "IBM — United States". Retrieved 16 December 2014.
- "Five common PHP database problems". ibm.com. 2006-08-01. Retrieved 2013-06-13.
- "IBM Redbooks — Developing PHP Applications for IBM Data Servers". redbooks.ibm.com. Retrieved 16 December 2014.
- "php[architect] Magazine – The Journal for PHP Programmers". www.phparch.com.
- Krill, Paul (19 October 2005). "PHP catching on at enterprises, vying with Java". InfoWorld. Archived from the original on 13 July 2014.
- "Cross Reference: /PHP_5_4/ext/standard/". php.net. Archived from the original on 16 March 2012. Retrieved 16 December 2014.
- "Developing Custom PHP Extensions". devnewz.com. 2002-09-09. Archived from the original on 2008-02-18. Retrieved 2008-02-25.
- "Why Zephir?". zephir-lang.com. 2015-10-20. Retrieved 2015-12-14.
- "PHP Credits". Retrieved 2018-12-16.
- "Learn PHP Via PHP Training and PHP Certification". www.zend.com. Retrieved 2020-11-16.
- Walker, James (2021-12-13). "What the New PHP Foundation Means for PHP's Future". How-To Geek. Retrieved 2023-11-26.
- "The New Life of PHP – The PHP Foundation | The PhpStorm Blog". The JetBrains Blog. 22 November 2021. Retrieved 2022-06-16.
- "The PHP Foundation: Impact and Transparency Report 2022". thephp.foundation. Retrieved 2023-11-27.
- Pronskiy, Roman (2024-02-26). "The PHP Foundation: Impact and Transparency Report 2023". The PHP Foundation. Retrieved 2024-04-01.
- Anderson, Tim. "PHP Foundation formed to fund core developers". www.theregister.com. Retrieved 2023-12-05.
- "Programming languages: This old favourite is gaining popularity again". ZDNET. Retrieved 2023-12-05.
- "PHP 8.1 Released With Enums, Read-Only Properties and Fibers". www.i-programmer.info. Retrieved 2023-12-05.
- "It's time for the PHP Foundation to #StopBreakingPHP". trongate.io. Retrieved 2023-11-27.
- "WordPress 6.4 PHP Compatibility". Make WordPress Hosting. 2023-11-16. Retrieved 2023-11-27.
- "PHP". Sovereign Tech Fund. Retrieved 2024-05-26.
- ^ "General Installation Considerations". php.net. Retrieved 2013-09-22.
- "News Archive: PHP 5.3.3 Released!". php.net. 2010-07-22.
- "FastCGI Process Manager (FPM)". php.net. Retrieved 2013-09-22.
- "Command line usage: Introduction". php.net. Retrieved 2013-09-22.
- "Command line usage: Differences to other SAPIs". php.net. Retrieved 2013-09-22.
- ^ "General Installation Considerations". php.net. Retrieved 2013-09-22.
- "PHP: Apache 2.x on Microsoft Windows". php.net. Archived from the original on 2013-09-26. Retrieved 2013-09-22.
- "Command line usage: Introduction". php.net. Retrieved 2013-09-22.
- "Installing PHP-GTK 2". php.net. Archived from the original on 2013-12-12. Retrieved 2013-09-22.
- "AWS SDK for PHP". aws.amazon.com. Retrieved 2014-03-06.
- "Windows Azure SDK for PHP — Interoperability Bridges and Labs Center". interoperabilitybridges.com. Archived from the original on 2014-03-20. Retrieved 2014-03-06.
- "Runtime configuration: Table of contents". php.net. Retrieved 2013-09-22.
- "php.ini directives: List of php.ini directives". php.net. Retrieved 2013-09-22.
- "Runtime configuration: The configuration file". PHP.net. Retrieved 2013-09-22.
- "php.ini directives: List of php.ini sections". PHP.net. Retrieved 2013-09-22.
- "Runtime configuration: Where a configuration setting may be set". PHP.net. Retrieved 2013-09-22.
- "PHP Manual Image Processing and GD;". php.net. Retrieved 2011-04-09.
- "PHP Server-Side Scripting Language". Indiana University. 2007-04-04. Archived from the original on 2016-01-21. Retrieved 2008-02-25.
- "JavaServer Pages Technology — JavaServer Pages Comparing Methods for Server-Side Dynamic Content White Paper". Sun Microsystems. Retrieved 2008-02-25.
- "Five simple ways to tune your LAMP application". IBM. 2011-01-25.
- "PHP at the core: Extension structure". PHP.net. Archived from the original on 2013-09-26. Retrieved 2013-09-22.
- "PHP at the core: The "counter" Extension – A Continuing Example". PHP.net. Archived from the original on 2013-09-26. Retrieved 2013-09-22.
- "Extension Writing Part I: Introduction to PHP and Zend". Zend Technologies. 2005-03-01. Archived from the original on 2013-09-24. Retrieved 2013-09-22.
- "Extension Writing Part II: Parameters, Arrays, and ZVALs". Zend Technologies. 2005-06-06. Archived from the original on 2013-09-26. Retrieved 2013-09-22.
- "Extension Writing Part II: Parameters, Arrays, and ZVALs (continued)". Zend Technologies. 2005-06-06. Archived from the original on 2013-09-26. Retrieved 2013-09-22.
- "Extension Writing Part III: Resources". Zend Technologies. 2006-05-12. Archived from the original on 2013-09-26. Retrieved 2013-09-22.
- "Wrapping C++ Classes in a PHP Extension". Zend Technologies. 2009-04-22. Archived from the original on 2013-09-20. Retrieved 2013-09-22.
- "Extending PHP with C++?". Stack Overflow. Retrieved 2013-09-22.
- "How can I use C++ code to interact with PHP?". Stack Overflow. Retrieved 2013-09-22.
- Golemon, Sara (2006). Extending and Embedding PHP. Sams. ISBN 978-0-672-32704-9.
- "Request #46919: Multithreading". PHP.net. Retrieved 2013-09-22.
- "pthreads: Introduction (PHP Manual)". PHP.net. Retrieved 2013-09-22.
- "PECL :: Package :: pthreads". pecl.php.net. Retrieved 2014-02-09.
- "Manual:Installation requirements#PHP". MediaWiki. 2010-01-25. Retrieved 2010-02-26.
PHP is the programming language in which MediaWiki is written
- "About WordPress". Retrieved 2010-02-26.
WordPress was built on PHP
- Kempkens, Alex. "Joomla! — Content Management System to build websites & apps".
- "PHP and Drupal". Drupal.org. 16 September 2007. Archived from the original on 2010-02-08. Retrieved 2010-06-13.
- "About". Moodle.org. Archived from the original on 2010-01-11. Retrieved 2009-12-20.
- "Server requirements of SilverStripe". Archived from the original on 28 November 2014. Retrieved 13 October 2014.
SilverStripe requires PHP 5.3.2+
- Ide, Andy (2013-01-31). "PHP just grows & grows". Retrieved 2013-04-01.
- "Usage Statistics and Market Share of PHP Version 4 for Websites, November 2024". w3techs.com.
- "Usage Statistics and Market Share of PHP Version 5 for Websites, November 2024". w3techs.com.
- "Usage Statistics and Market Share of PHP Version 7 for Websites, November 2024". w3techs.com.
- "Usage Statistics and Market Share of PHP Version 8 for Websites, November 2024". w3techs.com.
- "National Vulnerability Database (NVD) Search Vulnerabilities Statistics". Retrieved 2019-11-22.
- "PHP-related vulnerabilities on the National Vulnerability Database". 2012-07-05. Archived from the original on 2009-06-28. Retrieved 2013-04-01.
- "Developer Meeting Notes, Nov. 2005".
- "Taint mode decision, November 2007". Archived from the original on 2009-02-26.
- "PHP: rfc:taint". wiki.php.net.
- "Hardened-PHP Project". 2008-08-15. Archived from the original on 2019-02-24. Retrieved 2019-08-22.
- "Snuffleupagus Documentation".
- "Security: Using Register Globals". PHP Manual. PHP.net. Archived from the original on 2013-09-27. Retrieved 2013-09-22.
- "Magic Quotes". PHP Manual. PHP.net. Archived from the original on 2014-02-08. Retrieved 2014-01-17.
- "'engine' configuration directive". PHP: Runtime Configuration. PHP.net. Retrieved 2014-02-13.
- "PHP Security Exploit With GIF Images". 2007-06-22. Archived from the original on 2013-09-27. Retrieved 2013-09-22.
- "PHP security exploit with GIF images". PHP Classes blog. 2007-06-20. Retrieved 2013-09-22.
- "Passing Malicious PHP Through getimagesize()". 2007-06-04. Archived from the original on 2013-09-21. Retrieved 2013-09-22.
- "'enable_dl' configuration directive". PHP: Runtime Configuration. PHP.net. Retrieved 2014-02-13.
- "PHP function reference: dl()". PHP.net. Retrieved 2013-09-22.
- "My host won't fix their Trojan". WebHosting Talk. Retrieved 2013-09-22.
- Raz0r (25 January 2013). "Simple Machines Forum <= 2.0.3 Admin Password Reset". Raz0R.name — Web Application Security.
{{cite news}}
: CS1 maint: numeric names: authors list (link) - Nibble Security. "TYPO3-SA-2010-020, TYPO3-SA-2010-022 EXPLAINED".
- "Криптостойкость и небезопасное сравнение". ahack.ru (in Russian). Archived from the original on 4 July 2017.
- Krawczyk, Pawel (2013). "Most common attacks on web applications". IPSec.pl. Archived from the original on 2015-04-15. Retrieved 2015-04-15.
- Krawczyk, Pawel (2013). "So what are the "most critical" application flaws? On new OWASP Top 10". IPSec.pl. Retrieved 2015-04-15.
- "PHP: Rand – Manual".
- "PHP: Mt_rand - Manual".
- "PHP: Random_int – Manual".
- Argyros, George; Kiayias, Aggelos (10 August 2012). "I Forgot Your Password: Randomness Attacks Against PHP Applications". usenix.org. USENIX. Retrieved 19 April 2024.
- "PHP: RFC:release_cycle_update".
- "PHP Support for PHP 7.2 – 8.0 | PHP LTS | Zend by Perforce". Retrieved 2024-05-23.
- "Pagely PHP Long Term Support Page". Pagely. Retrieved 2024-09-14.
Further reading
Listen to this article (35 minutes) This audio file was created from a revision of this article dated 23 November 2011 (2011-11-23), and does not reflect subsequent edits.(Audio help · More spoken articles)- Ford, Paul (June 11, 2015). "What is Code?". Bloomberg Businessweek.
What's the Absolute Minimum I Must Know About PHP?
External links
Links to related articles | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
- Media from Commons
- Textbooks from Wikibooks
- Resources from Wikiversity
- Documentation from MediaWiki
- PHP
- 1995 software
- Free software programmed in C
- Class-based programming languages
- Cross-platform software
- Dynamic programming languages
- Dynamically typed programming languages
- Filename extensions
- Free and open source interpreters
- High-level programming languages
- Internet terminology
- Object-oriented programming languages
- PHP software
- Procedural programming languages
- Programming languages
- Programming languages created in 1995
- Scripting languages
- Software using the PHP license
- Text-oriented programming languages