|
Source code Encoders, Optimizers and Accelerators As with many scripting languages, PHP scripts are normally kept as human-readable source code, even on production webservers. While this allows flexibility, it can raise issues with security and performance. Encoders offer some source code security and enable proprietary software by hindering source code reverse engineering. Encoders fall broadly into two types; those that hide source code and those that compile code into bytecode. The downside of this latter approach is that a special extension has to be installed on the server in order to run encoded scripts, however the approach of encoding compiled code and use of an extension offers typically the best performance, security and opportunity for additional features that may be useful for developers. Compiled code solutions may exploit the potential for increased security through the use of their own execution engine, although some simpler solutions rely on the regular PHP engine to execute the compiled code. The most commonly used packages for source code protection are from Zend Technologies and ionCube Ltd. Code optimizers improve the quality of the compiled code by reducing its size and making changes that can reduce the execution time and improve performance. The nature of the PHP compiler is such that there are often many opportunities for code optimization. Accelerators offer performance gains by caching the compiled form of a PHP script in shared memory to avoid the overhead of parsing and compiling the code every time the script is run. They may also perform code optimization to provide increased execution performance. Both commercial (e.g. Zend Platform) and open source accelerators (e.g. xcache, eAccelerator, APC) are available. Debuggers and profilers Debuggers and profilers allow developers to analyze running PHP code for potential and noted software bugs and bottlenecks. Examples of such software for PHP include APD and Xdebug. Templating engines Templating engines provide macros that allow PHP applications to uniformly identify common variables. One popular templating engine is Smarty. PEAR The PHP Extension and Application Repository (PEAR) project aims to provide reusable libraries and components for PHP development. PEAR projects are usually written in PHP code using the Object-oriented programming paradigm. Support PHP has a formal development manual that is maintained by the free software community. In addition, answers to many questions can often be found by doing a simple internet search. PHP users assist each other through various media such as chat, forums, newsgroups and PHP developer web sites. In turn, the PHP development team actively participates in such communities, garnering assistance from them in their own development effort (PHP itself) and providing assistance to them as well. There are many help resources available for the novice PHP programmer. Criticism Criticisms of PHP include those general criticisms ascribed to other scripting languages and dynamically typed languages. This list includes criticisms that have been rectified in recent versions. · PHP originally inserted data received over the network directly into the language namespace ("register_globals"), leading to confusion between trusted and untrusted data, and unnecessary potential for security holes in PHP applications. This behaviour was turned off by default from version 4.2.0 released in April 2002. However, this feature is still being used by some legacy applications. · PHP has traditionally used features such as "magic_quotes_gpc" and "magic_quotes_runtime" which attempt to escape apostrophes (') and quotes (") in strings in the assumption that they will be used in databases, to prevent SQL injection attacks. This leads to confusion over which data is escaped and which is not, and to problems when data is not in fact used as input to a database. · PHP does not have native support for Unicode or multibyte strings. PHP does not enforce the declaration of variables prior to their use, and variables which have not been initialized can have operations (such as concatenation) performed on them; an operation on an uninitialized variable raises an E_NOTICE level error, but this is hidden by default. · PHP has no namespace support, with all PHP functions sharing the same global namespace. · PHP's dynamic type conversion could potentially cause problems. Variable types in PHP, although they exist, are transparent to the programmer. Some may consider this a feature, as a variable can change from int to double and back again without extra lines of code. However, variable type errors are not detected at compile-time, and the dynamic-typing behavior lacks full predictability. · The standard function library lacks internal consistency. Many functions perform relatively similar actions and have different name standards and argument orders. For example, strpos($haystack, $needle) vs. in_array($needle, $haystack), and strcasecmp vs. stristr. Release history Version Release date Most important changes PHP 1.0 June 8, 1995 Officially called "Personal Home Page Tools (PHP Tools)". This is the first use of the name "PHP". PHP Version 2 (PHP/FI) April 16, 1996 Considered by its creator as the "fasted and simplest ool" or creating dynamic web pages . PHP 3.0 Jun 6, 1998 Development moves from one person to multiple developers. Zeev Suraski and Andi Gutmans rewrite the base for this version. PHP 4.0 May 22, 2000 Added more advanced two-stage parse/execute tag- parsing system called the Zend engine. PHP 4.1 Dec 10, 2001 PHP 4.2 April 22, 2002 PHP 4.3 Dec 27, 2002 PHP 5.0 July 13, 2004 Zend Engine II with a new object model. PHP 5.1 Nov 25, 2005 PHP 5.2 Nov 2, 2006 Future development PHP 6, in development as of October 2006, aims to address some of PHP 5's shortcomings. Native Unicode support will be added; The magic_quotes option will be removed; The register_globals option will be removed; The safe_mode option will be removed. In addition, there has been discussion of adding namespace support. |
