PHP

PHP is a computer scripting language originally designed for producing dynamic web pages.^[1] The name PHP is a recursive acronym for PHP: Hypertext Preprocessor.

PHP is used mainly in server-side scripting, but can be used from a command line interface or in standalone graphical applications. Textual User Interfaces can also be created using ncurses.

The main implementation is produced by The PHP Group and released under the PHP License. This implementation serves to define a de facto standard for PHP, as there is no formal specification. The most recent version of PHP is 5.2.5, released on 8 November 2007. It is considered to be free software by the Free Software Foundation.^[2]

PHP was written as a set of Common Gateway Interface (CGI) binaries in the C programming language by the Danish/Greenlandic programmer Rasmus Lerdorf in 1994, to replace a small set of Perl scripts he had been using to maintain his personal homepage.^[3] Lerdorf initially created PHP to display his résumé and to collect certain data, such as how much traffic his page was receiving. Personal Home Page Tools was publicly released on 8 June 1995 after Lerdorf combined it with his own Form Interpreter to create PHP/FI (this release is considered PHP version 2).^[4]

Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism PHP: Hypertext Preprocessor. The development team officially released PHP/FI 2 in November 1997 after months of beta testing. Public testing of PHP 3 began and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend Engine in 1999.^[5] They also founded Zend Technologies in Ramat Gan, Israel, which actively manages the development of PHP.

In May 2000, PHP 4, powered by the Zend Engine 1.0, was released. The most recent update released by The PHP Group, is for the older PHP version 4 code branch which, as of January 2008, is up to version 4.4.8. PHP 4 will be supported by security updates until August 8, 2008.^[6]

On July 13, 2004, PHP 5 was released powered by the new Zend Engine II. PHP 5 included new features such as:^[7]

• Improved support for object-oriented programming
• The PHP Data Objects extension, which defines a lightweight and consistent interface for accessing databases
• Performance enhancements
• Better support for MySQL and MSSQL
• Embedded support for SQLite
• Integrated SOAP support
• Data iterators
• Error handling via exceptions

Currently, PHP 5.x is the only stable version that is being actively developed; active development on PHP 4 ceased at the end of 2007. However, critical security updates for PHP 4 will be provided until August 8, 2008.^[8] PHP 6 is currently under development, and is slated to release in conjunction with the decommission of PHP 4.^{[citation needed]} As a result of the GoPHP5 initiative, many high profile open source projects ceased to support PHP 4 in new code as of 5 February 2008.^[9]

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. PHP generally runs on a web server, taking PHP code as its input and creating Web pages as output. However, it can also be used for command-line scripting and client-side GUI applications. PHP can be deployed on most web servers and on almost every operating system and platform free of charge. The PHP Group also provides the complete source code for users to build, customize and extend for their own use.

PHP primarily acts as a filter. The PHP program takes input from a file or stream containing text and special PHP instructions and outputs another stream of data for display.

From PHP 4, the PHP parser compiles input to produce bytecode for processing by the Zend Engine, giving improved performance over its interpreter predecessor. PHP 5 uses the Zend Engine II.

Originally designed to create dynamic web pages, PHP's principal focus is server-side scripting. While running the PHP parser with a web server and web browser, the PHP model can be compared to other server-side scripting languages such as Microsoft's ASP.NET system, Sun Microsystems' JavaServer Pages, and mod perl as they all provide dynamic content to the client from a web server. To more directly compete with the "framework" approach taken by these systems, Zend is working on the Zend Framework - an emerging (as of June 2006) set of PHP building blocks and best practices; other PHP frameworks along the same lines include CakePHP, PRADO and Symfony.

The LAMP architecture has become popular in the Web industry as a way of deploying inexpensive, reliable, scalable, secure web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P can also refer to Python or Perl. PHP can be used with a large number of relational database management systems, runs on all of the most popular web servers and is available for many different operating systems. This flexibility means that PHP has a wide installation base across the Internet; As of April 2007, over 20 million Internet domains were hosted on servers with PHP installed.^[10] The number of installations is different from the number of sites actually using those installations, but this statistic does reflect the popularity of PHP.

Examples of popular open source server-side PHP applications include phpBB, WordPress, and MediaWiki.

PHP also provides a command line interface SAPI for developing shell and desktop applications, daemons, log parsing, or other system administration tasks that have traditionally been the domain of Perl, Python, awk, or shell scripting.^[11]

PHP provides bindings to GUI libraries such as GTK+ (with PHP-GTK), Qt with PHP-Qt and text mode libraries like ncurses in order to facilitate development of a broader range of cross-platform GUI applications.

The usual Hello World code example for PHP is:

<?php
echo "Hello World!\n";
?>

PHP only parses code within its delimiters. Anything outside its delimiters is sent directly to the output and not parsed by PHP. PHP supports a number of different delimiters. The most common delimiters are <?php and ?>, respectively open and close delimiters. <script language="php"> </script> style delimiters are also always available, so these two forms are the most portable. Short tags (<? or <?= and ?>) are also quite commonly used, but are along with ASP style tags (<% or <%= and %>) less portable, as they can be disabled in the PHP configuration. For this reason the use of Short tags and ASP style tags is discouraged.^[12] The example above outputs the following:

Hello World!

The purpose of these delimiters is to separate PHP code from non-PHP code (notably HTML). Note that the delimiters are required to process PHP statements. Everything outside the delimiters is ignored by the parser and is simply passed through as output.

Instead of using <? and the echo statement an optional "shortcut" is the use of <?= instead of <? which implicitly echoes data:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
 "http://www.w3.org/TR/html4/strict.dtd">
<html>
 <head>
 <title><?=$page_title;?></title>
 </head>
 <body>
 <p>Hello</p>
 </body>
</html>

Variables are prefixed with a dollar symbol and a type does not need to be specified in advance. Unlike function and class names, variable names are case sensitive. Both double-quoted ("") and heredoc strings allow the ability to embed the variable's value into the string.

PHP treats newlines as whitespace, in the manner of a free-form language (except when inside string quotes). Statements are terminated by a semicolon, except in a few special cases.

PHP has three types of comment syntax: /* */ which serves as block comments, and // as well as # which is used for inline comments.

It should be noted that many examples use the print function instead of the echo function; the two are practically identical, and one may decide which one to use based on personal preference.

Output of text in HTML requires explicit use of the htmlspecialchars() function. The program may otherwise output invalid HTML and make the website vulnerable to a cross-site scripting attack.

PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Integer variables can be assigned using decimal (positive and negative), octal and hexadecimal notations. Real numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation.

PHP has a native Boolean type, named "boolean", similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl.

There are eight data types in PHP:

1. Integer
2. Double
3. Boolean
4. String
5. Object
6. Array
7. Null
8. Resource

The null data type represents a variable that has no value. The only value in the null data type is NULL.

Variables of the "resource" type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension. Examples include file, image and database resources.

Arrays support both numeric and string indices, and are heterogeneous. Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled.

PHP has hundreds of base functions and several thousand from extensions. Functions are not first-class functions and can only be referenced by their name as a string.

User-defined functions can be created at any time and without being prototyped. The usual way to define a function is the following (a rehash of the hello world program):

<?php
function hello()
{
    echo "Hello World!\n";
}

hello();
?>

Functions declared in this manner are global, though they can be created inside functions or other code blocks but those are not global. All functions must be called with parentheses unlike Ruby for instance. One exception is the echo "function" (as shown in the first example) which is not a function ^[13] but a language construct and so parentheses are optional.

PHP supports quasi-anonymous functions through the create_function() function. They are not true anonymous functions because anonymous functions are nameless but in PHP functions can only be referenced by name.

Basic object-oriented programming functionality was added in PHP 3.^[14] Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance. In previous versions of PHP, objects were handled like primitive types. The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and abstract methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model.

The static method and class variable features in Zend Engine 2 do not work the way some would expect. There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.

This example shows how to define a class, foo, that inherits from class bar. The function mystaticfunc is a public static function that can be called with foo::mystaticfunc();.

class foo extends bar
{
  function __construct()
  {
    $doo = "wah dee dee";
  }
  public static function mystaticfunc()
  {
    $dee = "dee dee dum";
  }
}

If the developer creates a copy of an object using the reserved word clone, the Zend engine will check if a __clone() method has been defined or not. If not, it will call a default __clone() which will copy all of the object's properties. If a __clone() method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports all properties of the source object, so that the programmer can start with a by-value replica of the source object and only override properties that need to be changed.

PHP includes a large number of free and open source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing FTP servers, many database servers, embedded SQL libraries such as embedded MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as those in the stdio family are available in the standard PHP build.

PHP allows developers to write extensions in C to add functionality to the PHP language. These can then be compiled into PHP or loaded dynamically at runtime. Extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Some more unusual features include integration with Internet relay chat, dynamic generation of images and Adobe Flash content, and even speech synthesis. The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.

As with many scripting languages, PHP scripts are normally kept as human-readable source code, even on production webservers. While this allows flexibility, it can raise issues with security and performance.

Encoders hinder source code reverse engineering. Encoders fall broadly into two types; those that hide source code and those that compile code into "optcode."^{[citation needed]} The downside of this latter approach is that a special extension has to be installed on the server in order to run encoded scripts, however the approach of encoding compiled code and use of an extension offers typically the best performance, security and opportunity for additional features that may be useful for developers. Compiled code solutions may exploit the potential for increased security through the use of their own execution engine, although some simpler solutions rely on the regular PHP engine to execute the compiled code. The most commonly used packages for source code protection are from Zend Technologies and ionCube Ltd.

Code optimizers improve the quality of the compiled code by reducing its size and making changes that can reduce the execution time and improve performance. The nature of the PHP compiler is such that there are often many opportunities for code optimization.

Accelerators offer performance gains by caching the compiled form of a PHP script in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. They may also perform code optimization to provide increased execution performance. Both commercial (e.g. Zend Platform) and open source accelerators (e.g. xcache, eAccelerator, APC) are available.

Debuggers and profilers allow developers to analyze running PHP code for potential and noted software bugs and bottlenecks. Examples of such software for PHP include APD and Xdebug.

Templating engines provide macros that allow PHP applications to uniformly identify common variables. One popular templating engine is Smarty. PHP itself makes a good templating engine.

The PHP Extension and Application Repository (PEAR) project aims to provide reusable libraries and components for PHP development. PEAR projects are usually written in PHP code using the Object-oriented programming paradigm.

PHP has a formal development manual that is maintained by the free software community. In addition, answers to many questions can often be found by doing a simple internet search. PHP users assist each other through various media such as chat, forums, newsgroups and PHP developer web sites. In turn, the PHP development team actively participates in such communities, garnering assistance from them in their own development effort (PHP itself) and providing assistance to them as well. There are many help resources^[15] available for the novice PHP programmer.

This article's "criticism" or "controversy" section may compromise the article's neutrality. Please help rewrite or integrate negative information to other sections through discussion on the talk page.

Criticisms of PHP include those ascribed to scripting languages and dynamically typed languages, such as low performance for general-purpose computation. The list below includes criticisms specific to PHP, some of which have been rectified in recent versions.

• PHP originally inserted data received over the network directly into the global namespace,^[16] leading to confusion between trusted and untrusted data, and unnecessary potential for security holes in PHP applications. This behavior was turned off by default from version 4.2.0 released in April 2002.^[17] However, this feature is still being used by some legacy applications.^[18]
• PHP has traditionally used features such as "magic_quotes_gpc" and "magic_quotes_runtime" which attempt to escape apostrophes (') and quotes (") in strings in the assumption that they will be used in databases, to prevent SQL injection attacks. This leads to confusion over which data is escaped and which is not, and to problems when data is not in fact used as input to a database and when the escaping used is not completely correct.^[19] To make code portable between servers which do and do not use magic quotes, developers can preface their code with a script to reverse the effect of magic quotes when it is applied.^[20]
• PHP does not have complete native support for Unicode or multibyte strings.^[21] Unicode support will be added with PHP 6.^[22]
• PHP does not by default enforce the declaration of variables prior to their use, and variables which have not been initialized can have operations (such as concatenation) performed on them; an operation on an uninitialized variable raises an E_NOTICE level error, but this is hidden by default.
• PHP has no namespace support which can lead to a very large amount of globally available functions, which introduces a potential risk for naming collisions that increases with the size of a project. However, namespace support is being included in both the PHP 5.3 and 6.0 version code branches, but which are both still currently under development.
• The standard function library lacks internal consistency. Many functions perform relatively similar actions and have different name standards and argument orders. For example:
  • Argument consistency: strpos($haystack, $needle) vs. in_array($needle, $haystack)
  • Naming convention: both of these work case-insensitively strcasecmp() vs. stristr() but the former indicates this with "case" while the latter does with "i"
  • Function name consistency: strpos() vs. str_replace()
• Destructive changes of function behaviour between releases:
  • tempnam() used to just return a filename prior to PHP 4.0.3. Now it also creates the file which could make some older scripts incoherent if they didn't intend to create it. One such usage is demonstrated in the official PHP manual itself (http://php.net/is_uploaded_file) where the function is used to get the path of the directory where temporary files are written.
  • strtotime() went through several behaviour changes. Prior to PHP 4.4.0 and in PHP 5.0 - 5.0.2 it even returned results inconsistent with the documentation when called with specific parameters (Marked as warnings here: http://php.net/strtotime). Still more changes were detected by users (see http://bugs.php.net/bug.php?id=36266)
  • for range() the manual says that it treats strings of numbers as strings not integers in PHP 4.1.0 - 4.3.2, presumably meaning that in other versions it treats them as integers.
  • array_search() returns null on failure instead of false prior to PHP 4.2.0, which makes a difference if strict type matching is used to check for failure. Same is true for ftruncate().
• No function pointer or reference data type. This requires referencing functions by strings and object methods as a two-element array of the object and method name as a string. Consequently, anonymous functions are also referenced by string. In addition, anonymous functions are not a native data type and their core has to be defined using strings to be eval'ed as well.
• Lack of late static binding^[23] (added in 5.3)^[24]
• Some portability issues with 32-bit and 64-bit integers, and sometimes unsigned integers get converted to signed values.^[25]
• The type conversion and comparison of PHP is not consistent among different types. For example, string "00", "0.0" and "0" are converted to boolean true, true and false respectively. However, string "00", "0.0" and "0" are both converted to number 0, and then number 0 is converted to boolean false.^{[citation needed]}
• Lack of Operator Overloading.^[26]

PHP 6, in development as of July 2007, aims to address some of PHP 5's shortcomings.^[35]

• Namespace support will be added.
• Native Unicode support will be added.
• The magic_quotes option will be removed.
• The HTTP_*_VARS global variables will be removed.
• The register_globals option will be removed.
• The safe_mode option will be removed.
• Late static binding will be added.

This article is in list format but may read better as prose. You can help by converting this article, if appropriate. Editing help is available. (December 2007)

There are a number of alternative implementations of the PHP language in addition to the reference implementation hosted at php.net.

Hebrew Programming Language (HPL) is a project to make it possible to write PHP in Hebrew, and in the future in other languages.

• Associative array
• Comparison of programming languages
• Heredoc
• List of PHP editors
• List of web application frameworks
• Paamayim Nekudotayim
• Phalanger
• PHP accelerator
• Roadsend PHP
• Standard PHP Library
• Zend Framework

Wikibooks has a book on the topic of: Programming:PHP

Wikiversity has learning resources about PHP

• Official PHP website
• Zend website
• Template:Dmoz
• Do You PHP? by Rasmus Lerdorf