PHP is a general-purpose server-side
scripting languageA scripting language, script language, or extension language is a programming language that allows control of one or more applications. "Scripts" are distinct from the core code of the application, as they are usually written in a different language and are often created or at least modified by the...
originally designed for
web developmentWeb development is a broad term for the work involved in developing a web site for the Internet or an intranet . This can include web design, web content development, client liaison, client-side/server-side scripting, web server and network security configuration, and e-commerce development...
to produce
dynamic web pageA dynamic web page is a kind of web page that has been prepared with fresh information , for each individual viewing. It is not static because it changes with the time , the user , the user interaction , the context A dynamic web page is a kind of web page that has been prepared with fresh...
s. For this purpose, PHP code is embedded into the
HTMLHyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
source document and interpreted by a
web serverWeb server can refer to either the hardware or the software that helps to deliver content that can be accessed through the Internet....
with a PHP processor module, which generates the
web pageA web page or webpage is a document or information resource that is suitable for the World Wide Web and can be accessed through a web browser and displayed on a monitor or mobile device. This information is usually in HTML or XHTML format, and may provide navigation to other web pages via hypertext...
document. It also has evolved to include a
command-line interfaceA command-line interface is a mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks...
capability and can be used in standalone
graphical applicationsIn computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
. PHP can be deployed on most web servers and as a standalone interpreter, on almost every
operating systemAn operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
and
platformA computing platform includes some sort of hardware architecture and a software framework , where the combination allows software, particularly application software, to run...
free of charge. There is also commercial software such as RadPHP, a
rapid application developmentRapid application development is a software development methodology that uses minimal planning in favor of rapid prototyping. The "planning" of software developed using RAD is interleaved with writing the software itself...
frameworkIn computer programming, a software framework is an abstraction in which software providing generic functionality can be selectively changed by user code, thus providing application specific software...
for the PHP language. A competitor to
MicrosoftMicrosoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
's
Active Server PagesActive Server Pages , also known as Classic ASP or ASP Classic, was Microsoft's first server-side script engine for dynamically-generated Web pages. Initially released as an add-on to Internet Information Services via the Windows NT 4.0 Option Pack Active Server Pages (ASP), also known as Classic...
(ASP) server-side script engine and similar languages, PHP is installed on more than 20 million websites and 1 million
web serverWeb server can refer to either the hardware or the software that helps to deliver content that can be accessed through the Internet....
s.
PHP was originally created by
Rasmus LerdorfRasmus Lerdorf is a Danish programmer with Canadian citizenship and is most notable as the creator of the PHP scripting language. He authored the first two versions...
in 1995. The main implementation of PHP is now produced by The PHP Group and serves as the
de facto standardA de facto standard is a custom, convention, product, or system that has achieved a dominant position by public acceptance or market forces...
for PHP as there is no
formal specificationIn computer science, a formal specification is a mathematical description of software or hardware that may be used to develop an implementation. It describes what the system should do, not how the system should do it...
. PHP is
free softwareFree software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
released under the
PHP LicenseThe PHP License is the software license under which the PHP scripting language is released. The PHP License is a non-copyleft free software license according to the Free Software Foundation and an open source license according to the Open Source Initiative...
which is incompatible with the
GNU General Public LicenseThe GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
(GPL) due to restrictions on the usage of the term PHP.
While PHP originally stood for "Personal Home Page", it is now said to stand for "PHP: Hypertext Preprocessor", a
recursive acronymA recursive acronym is an acronym or initialism that refers to itself in the expression for which it stands...
.
History
PHP development began in 1994 when the Danish/
GreenlandGreenland is an autonomous country within the Kingdom of Denmark, located between the Arctic and Atlantic Oceans, east of the Canadian Arctic Archipelago. Though physiographically a part of the continent of North America, Greenland has been politically and culturally associated with Europe for...
ic/
CanadianCanada is a North American country consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic Ocean in the east to the Pacific Ocean in the west, and northward into the Arctic Ocean...
programmer
Rasmus LerdorfRasmus Lerdorf is a Danish programmer with Canadian citizenship and is most notable as the creator of the PHP scripting language. He authored the first two versions...
initially created a set of
PerlPerl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular...
scripts he called "Personal Home Page Tools" to maintain his personal homepage. The scripts performed tasks such as displaying his résumé and recording his web-page
trafficWeb traffic is the amount of data sent and received by visitors to a web site. It is a large portion of Internet traffic. This is determined by the number of visitors and the number of pages they visit...
. Lerdorf initially announced the release of PHP on the comp.infosystems.www.authoring.cgi
UsenetUsenet is a worldwide distributed Internet discussion system. It developed from the general purpose UUCP architecture of the same name.Duke University graduate students Tom Truscott and Jim Ellis conceived the idea in 1979 and it was established in 1980...
discussion group on June 8, 1995.
Zeev SuraskiZeev Suraski is an Israeli programmer, PHP developer and co-founder of Zend Technologies. A graduate of the Technion in Haifa, Israel, Suraski and fellow student Andi Gutmans created PHP 3 in 1997. In 1999 they wrote the Zend Engine, the core of PHP 4, and founded Zend Technologies, which has...
and
Andi GutmansAndi Gutmans is an Israeli programmer with Swiss roots, PHP developer and co-founder of Zend Technologies. A graduate of the Technion, the Israel Institute of Technology in Haifa, Gutmans and fellow student Zeev Suraski created PHP 3 in 1997...
, two
IsraelThe State of Israel is a parliamentary republic located in the Middle East, along the eastern shore of the Mediterranean Sea...
i developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism PHP: Hypertext Preprocessor. Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new
rewriteA rewrite in computer programming is the act or result of re-implementing a large portion of existing functionality without re-use of its source code. When the rewrite is not using existing code at all, it is common to speak of a rewrite from scratch...
of PHP's core, producing the
Zend EngineThe Zend Engine is an open source scripting engine , commonly known for the important role it plays in the web automation language PHP. It was originally developed by Andi Gutmans and Zeev Suraski while they were students at the Technion - Israel Institute of Technology. They later founded a...
in 1999. They also founded
Zend TechnologiesZend Technologies Ltd. is an Israeli world wide web infrastructure software company with headquarters in Cupertino, California, U.S., technology center in Ramat Gan, Tel Aviv, Israel and offices in France, Italy and Germany...
in
Ramat Gan, Israel.
In 2008 PHP 5 became the only stable version under development. Late static binding had been missing from PHP and was added in version 5.3.
A new major version has been under development alongside PHP 5 for several years. This version was originally planned to be released as PHP 6 as a result of its significant changes, which included plans for full Unicode support. However, Unicode support took developers much longer to implement than originally thought, and the decision was made in March 2010 to move the project to a branch, with features still under development moved to
trunkIn the field of software development, trunk refers to the unnamed branch of a file tree under revision control. The trunk is usually meant to be the base of a project on which development progresses. If developers are working exclusively on the trunk, it always contains the latest cutting-edge...
.
Changes in the new code include the removal of
register_globals,
magic quotesMagic quotes is a controversial feature of the PHP scripting language, which was introduced to help newcomers write functioning SQL commands without requiring manual escaping. It was later described and widely misinterpreted as help to prevent inexperienced developers from writing code which is...
, and safe mode. The reason for the removals was that register_globals had opened security holes by intentionally allowing runtime data injection, and the use of magic quotes had an unpredictable nature. Instead, to escape characters, magic quotes may be replaced with the addslashes function, or more appropriately an escape mechanism specific to the database vendor itself like mysql_real_escape_string for
MySQLMySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
. Functions that will be removed in future versions and have been deprecated in PHP 5.3 will produce a warning if used.
Many high-profile open-source projects ceased to support PHP 4 in new code as of February 5, 2008, because of the GoPHP5 initiative, provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.
PHP does not have native support for
UnicodeUnicode is a computing industry standard for the consistent encoding, representation and handling of text expressed in most of the world's writing systems...
or multibyte strings; Unicode support is under development for a future version of PHP and will allow strings as well as class-, method-, and function-names to contain non-
ASCIIThe American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
characters.
PHP interpreters are available on both
32-bitThe range of integer values that can be stored in 32 bits is 0 through 4,294,967,295. Hence, a processor with 32-bit memory addresses can directly access 4 GB of byte-addressable memory....
and
64-bit64-bit is a word size that defines certain classes of computer architecture, buses, memory and CPUs, and by extension the software that runs on them. 64-bit CPUs have existed in supercomputers since the 1970s and in RISC-based workstations and servers since the early 1990s...
operating systems, but on
Microsoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
the only official distribution is a 32-bit implementation, requiring Windows 32-bit compatibility mode while using
Internet Information ServicesInternet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...
(IIS) on a 64-bit Windows platform. Experimental 64-bit versions of PHP 5.3.0 were briefly available for MS Windows, but have since been removed.
Licensing
PHP is
free softwareFree software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
released under the
PHP LicenseThe PHP License is the software license under which the PHP scripting language is released. The PHP License is a non-copyleft free software license according to the Free Software Foundation and an open source license according to the Open Source Initiative...
, which insists that:
4. Products derived from this software may not be called "PHP", nor
may "PHP" appear in their name, without prior written permission
from group@php.net. You may indicate that your software works in
conjunction with PHP by saying "Foo for PHP" instead of calling
it "PHP Foo" or "phpfoo"
This restriction on use of the name PHP makes it incompatible with the
GNU General Public LicenseThe GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
(GPL).
Release history
|
Meaning |
| Red |
Release no longer supported |
| Green |
Release still supported |
| Blue |
Future release |
| Major version | Minor version | Release date | Notes |
| 1 |
1.0.0 |
|
Officially called "Personal Home Page Tools (PHP Tools)". This is the first use of the name "PHP". |
| 2 |
2.0.0 |
|
Considered by its creator as the "fastest and simplest tool" for creating dynamic web pages. |
| 3 |
3.0.0 |
|
Development moves from one person to multiple developers. Zeev Suraski and Andi Gutmans rewrite the base for this version. |
| 3.0.18 |
|
The latest release for PHP 3.0.x. Unsupported Historical Releases |
| 4 |
4.0.0 |
|
Added more advanced two-stage parse/execute tag-parsing system called the Zend engine. |
| 4.1.0 |
|
Introduced 'superglobals' ($_GET, $_POST, $_SESSION, etc.) |
| 4.2.0 |
|
Disabled register_globals by default. Data received over the network is not inserted directly into the globalIn computer programming, a global variable is a variable that is accessible in every scope . Interaction mechanisms with global variables are called global environment mechanisms...
namespace anymore, closing possible security holes in applications. |
| 4.3.0 |
|
Introduced the CLIA command-line interface is a mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks...
, in addition to the CGIThe Common Gateway Interface is a standard method for web servers software to delegate the generation of web pages to executable files...
. |
| 4.4.0 |
|
Added man pages for phpize and php-config scripts. |
| 4.4.9 |
|
Security enhancements and bug fixes. The last release of the PHP 4.4 series. |
| 5 |
5.0.0 |
|
Zend Engine II with a new object model. |
| 5.1.0 |
|
Performance improvements with introduction of compiler variables in re-engineered PHP Engine. Added PHP Data Objects (PDO) as a consistent interface for accessing databases. |
| 5.2.0 |
|
Enabled the filter extension by default. Native JSON JSON , or JavaScript Object Notation, is a lightweight text-based open standard designed for human-readable data interchange. It is derived from the JavaScript scripting language for representing simple data structures and associative arrays, called objects...
support. |
| 5.2.17 |
|
Fix of critical vulnerability connected to floating point. |
| 5.3.0 |
|
Namespace A namespace is an abstract container or environment created to hold a logical grouping of unique identifiers or symbols . An identifier defined in a namespace is associated only with that namespace. The same identifier can be independently defined in multiple namespaces...
support; Late static bindingsIn programming languages, name binding is the association of objects with identifiers. An identifier bound to an object is said to reference that object. Machine languages have no built-in notion of identifiers, but name-object bindings as a service and notation for the programmer is implemented...
, Jump label (limited gotogoto is a statement found in many computer programming languages. It is a combination of the English words go and to. It performs a one-way transfer of control to another line of code; in contrast a function call normally returns control...
), Native closuresIn computer science, a closure is a function together with a referencing environment for the non-local variables of that function. A closure allows a function to access variables outside its typical scope. Such a function is said to be "closed over" its free variables...
, Native PHP archives (phar), garbage collectionIn computer science, garbage collection is a form of automatic memory management. The garbage collector, or just collector, attempts to reclaim garbage, or memory occupied by objects that are no longer in use by the program...
for circular references, improved WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
support, sqlite3, mysqlnd as a replacement for libmysql as underlying library for the extensions that work with MySQLMySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
, fileinfo as a replacement for mime_magic for better MIMEMultipurpose Internet Mail Extensions is an Internet standard that extends the format of email to support:* Text in character sets other than ASCII* Non-text attachments* Message bodies with multiple parts...
support, the Internationalization extension, and deprecation of ereg extension. |
| 5.3.1 |
|
Over 100 bug fixes, some of which were security fixes. |
| 5.3.2 |
|
Includes a large number of bug fixes. |
| 5.3.3 |
|
Mainly bug and security fixes; FPM PHP-FPM is a PHP FastCGI implementation.It is bundled with the official PHP distribution since version 5.3.3.- External Links :* *...
SAPI. |
| 5.3.4 |
|
Mainly bug and security fixes; improvements to FPM PHP-FPM is a PHP FastCGI implementation.It is bundled with the official PHP distribution since version 5.3.3.- External Links :* *...
SAPI. |
| 5.3.5 |
|
Fix of critical vulnerability connected to floating point. |
| 5.3.6 |
|
Over 60 bug fixes that were reported in the previous version. |
| 5.3.7 |
|
This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related. |
| 5.3.8 |
|
This release fixes two issues introduced in the PHP 5.3.7 release. |
| 5.4.0 RC2 |
|
Trait Support, Removed items: register_globals, safe_mode, allow_call_time_pass_reference, session_register, session_unregister and session_is_registered. Several improvements to existing features. |
| 6 |
?.? |
No date set |
The development of PHP 6 has been delayed because the developers have decided the current approach to handling of instance unicode is not a good one, and are considering alternate ways in the next version of PHP. The updates that were intended for PHP 6 were added to PHP 5.3.0(namespace support, Late Static Bindings, lambda functions, closures, goto) and 5.4.0(traits, closure rebinding) instead. |
Beginning on June 28th, 2011, the PHP Group began following a timeline for when new versions of PHP will be released. Under this timeline, at least one release should occur every month. Every one year, a minor release should occur which can include new features. Every minor release should at least have 2 years of security and bug fixes, followed by at least 1 year of only security fixes, for a total of a 3 year release process for every minor release. No new features (unless small and self contained) will be introduced into a minor release during the 3 year release process.
Usage
PHP is a general-purpose scripting language that is especially suited to
server-sideServer-side scripting is a web server technology in which a user's request is verified by running a script directly on the web server to generate dynamic web pages. It is usually used to provide interactive web sites that interface to databases or other data stores. This is different from...
web developmentWeb development is a broad term for the work involved in developing a web site for the Internet or an intranet . This can include web design, web content development, client liaison, client-side/server-side scripting, web server and network security configuration, and e-commerce development...
where PHP generally runs on a
web serverWeb server can refer to either the hardware or the software that helps to deliver content that can be accessed through the Internet....
. Any PHP code in a requested file is executed by the PHP runtime, usually to create
dynamic web pageA dynamic web page is a kind of web page that has been prepared with fresh information , for each individual viewing. It is not static because it changes with the time , the user , the user interaction , the context A dynamic web page is a kind of web page that has been prepared with fresh...
content or dynamic images used on web sites or elsewhere. It can also be used for command-line scripting and
client-sideClient-side refers to operations that are performed by the client in a client–server relationship in a computer network.Typically, a client is a computer application, such as a web browser, that runs on a user's local computer or workstation and connects to a server as necessary...
GUIIn computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
applications. PHP can be deployed on most
web serverWeb server can refer to either the hardware or the software that helps to deliver content that can be accessed through the Internet....
s, many
operating systemAn operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s and
platformsA computing platform includes some sort of hardware architecture and a software framework , where the combination allows software, particularly application software, to run...
, and can be used with many
relational database management systemA relational database management system is a database management system that is based on the relational model as introduced by E. F. Codd. Most popular databases currently in use are based on the relational database model....
s (RDBMS). It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.
PHP acts primarily as a
filterA filter is a computer program to process a data stream. Some operating systems such as Unix are rich with filter programs. Even Windows has some simple filters built into its command shell, most of which have significant enhancements relative to the similar filter commands that were available in...
, taking input from a file or stream containing text and/or PHP instructions and outputting another stream of data; most commonly the output will be HTML. Since PHP 4, the PHP parser
compilesA compiler is a computer program that transforms source code written in a programming language into another computer language...
input to produce
bytecodeBytecode, also known as p-code , is a term which has been used to denote various forms of instruction sets designed for efficient execution by a software interpreter as well as being suitable for further compilation into machine code...
for processing by the
Zend EngineThe Zend Engine is an open source scripting engine , commonly known for the important role it plays in the web automation language PHP. It was originally developed by Andi Gutmans and Zeev Suraski while they were students at the Technion - Israel Institute of Technology. They later founded a...
, giving improved performance over its
interpreterIn computer science, an interpreter normally means a computer program that executes, i.e. performs, instructions written in a programming language...
predecessor.
Originally designed to create dynamic web pages, PHP now focuses mainly on
server-side scriptingServer-side scripting is a web server technology in which a user's request is verified by running a script directly on the web server to generate dynamic web pages. It is usually used to provide interactive web sites that interface to databases or other data stores. This is different from...
, and it is similar to other server-side scripting languages that provide dynamic content from a web server to a
clientA client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
, such as
MicrosoftMicrosoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
's
ASP.NETASP.NET is a Web application framework developed and marketed by Microsoft to allow programmers to build dynamic Web sites, Web applications and Web services. It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft's Active Server Pages ...
,
Sun MicrosystemsSun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...
'
JavaServer PagesJavaServer Pages is a Java technology that helps software developers serve dynamically generated web pages based on HTML, XML, or other document types...
, and
mod perlmod_perl is an optional module for the Apache HTTP server. It embeds a Perl interpreter into the Apache server, so that dynamic content produced by Perl scripts can be served in response to incoming requests, without the significant overhead of re-launching the Perl interpreter for each request...
. PHP has also attracted the development of many
frameworksIn computer programming, a software framework is an abstraction in which software providing generic functionality can be selectively changed by user code, thus providing application specific software...
that provide building blocks and a design structure to promote
rapid application developmentRapid application development is a software development methodology that uses minimal planning in favor of rapid prototyping. The "planning" of software developed using RAD is interleaved with writing the software itself...
(RAD). Some of these include
CakePHPCakePHP is an open source web application framework for producing web applications. It is written in PHP, modeled after the concepts of Ruby on Rails, and distributed under the MIT License.-History:...
,
SymfonySymfony is a web application framework written in PHP which follows the model-view-controller paradigm. Released under the MIT license, Symfony is free software...
, CodeIgniter, and
Zend FrameworkZend Framework is an open source, object-oriented web application framework implemented in PHP 5 and licensed under the New BSD License.-Licensing:...
, offering features similar to other web application frameworks.
The
LAMPLAMP is an acronym for a solution stack of free, open source software, referring to the first letters of Linux , Apache HTTP Server, MySQL and PHP , principal components to build a viable general purpose web server.The GNU project is advocating people to use the term "GLAMP" since what is known as...
architecture has become popular in the web industry as a way of deploying web applications. PHP is commonly used as the P in this bundle alongside
LinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
,
ApacheThe Apache HTTP Server, commonly referred to as Apache , is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone...
and
MySQLMySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
, although the P may also refer to
PythonPython is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive...
or
PerlPerl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular...
or some combination of the three. Similar packages are also available for
WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
and
Mac OS XMac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, then called
WAMPWAMPs are packages of independently-created programs installed on computers that use a Microsoft Windows operating system.WAMP is an acronym formed from the initials of the operating system Microsoft Windows and the principal components of the package: Apache, MySQL and one of PHP, Perl or Python....
and
MAMPThe acronym MAMP refers to a set of free software programs commonly used together to run dynamic web sites on servers running the Apple Macintosh operating system, Mac OS X:* Mac OS X, the operating system;* Apache, the Web server;...
, with the first letter standing for the respective operating system.
As of April 2007, over 20 million Internet domains had web services hosted on servers with PHP installed and mod_php was recorded as the most popular
Apache HTTP ServerThe Apache HTTP Server, commonly referred to as Apache , is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone...
module.
PHP is used as the server-side programming language on 75% of all web servers.
Web content management systemA web content management system is a software system that provides website authoring, collaboration, and administration tools designed to allow users with little knowledge of web programming languages or markup languages to create and manage website content with relative ease...
s written in PHP include
MediaWikiMediaWiki is a popular free web-based wiki software application. Developed by the Wikimedia Foundation, it is used to run all of its projects, including Wikipedia, Wiktionary and Wikinews. Numerous other wikis around the world also use it to power their websites...
,
Joomla,
eZ Publish-External links:* * * * * *...
,
WordPressWordPress is a free and open source blogging tool and publishing platform powered by PHP and MySQL. It is often customized into a content management system . It has many features including a plug-in architecture and a template system. WordPress is used by over 14.7% of Alexa Internet's "top 1...
,
DrupalDrupal is a free and open-source content management system and content management framework written in PHP and distributed under the GNU General Public License. It is used as a back-end system for at least 1.5% of all websites worldwide ranging from personal blogs to corporate, political, and...
and
MoodleMoodle is a free source e-learning software platform, also known as a Course Management System, Learning Management System, or Virtual Learning Environment...
.
All websites created using these tools are written in PHP, including the user-facing portion of
WikipediaWikipedia is a free, web-based, collaborative, multilingual encyclopedia project supported by the non-profit Wikimedia Foundation. Its 20 million articles have been written collaboratively by volunteers around the world. Almost all of its articles can be edited by anyone with access to the site,...
,
FacebookFacebook is a social networking service and website launched in February 2004, operated and privately owned by Facebook, Inc. , Facebook has more than 800 million active users. Users must register before using the site, after which they may create a personal profile, add other users as...
,
and
DiggDigg is a social news website. Prior to Digg v4, its cornerstone function consisted of letting people vote stories up or down, called digging and burying, respectively. Digg's popularity prompted the creation of copycat social networking sites with story submission and voting systems...
.
Security
Vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language itself or of its core libraries are not frequent (23 in 2008, about 1% of the total). Recognizing that programmers cannot be trusted, some languages include
taint checkingTaint checking is a feature in some computer programming languages, such as Perl and Ruby, designed to increase security by preventing malicious users from executing commands on a host computer...
to detect automatically the lack of
input validationIn computer science, data validation is the process of ensuring that a program operates on clean, correct and useful data. It uses routines, often called "validation rules" or "check routines", that check for correctness, meaningfulness, and security of data that are input to the system...
which induces many issues. Such a feature is being developed for PHP, but its inclusion in a release has been rejected several times in the past.
Hosting PHP applications on a server requires careful and constant attention to
deal with these security risks. There are advanced protection patches such as
SuhosinSuhosin is an open source patch for PHP."The goal behind Suhosin is to be a safety net that protects servers from insecure PHP coding practices."In some Linux distributions it is shipped by default....
and Hardening-Patch, especially designed for web hosting environments.
PHPIDSPHPIDS is an open source PHP Web Application Intrusion Detection System. It was written by Mario Heiderich, Christian Matthies, Lars H. Strojny and several others in March 2007...
adds security to any PHP application to defend against intrusions. PHPIDS detects
Cross-site scriptingCross-site scripting is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same...
(XSS),
SQL injectionA SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker. SQL injection is a code injection technique that exploits a security vulnerability in a website's software...
, header injection,
Directory traversalA directory traversal consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs....
, Remote File Execution, Local File Inclusion, Denial of Service (DoS).
Syntax
PHP Test
echo 'Hello World';
/* echo("Hello World"); works as well,
although echo is not a function, but a
language construct. In some cases, such
as when multiple parameters are passed
to echo, parameters cannot be enclosed
in parentheses. */
?>