If you're relatively new to the PHP world, you may be wondering why there has been so much emphasis put on "magic quotes" in the language's past. If you're not entirely sure what they are (and why to avoid them) take a look at this quick overview from XpertDeveloper.com.

First of let me say that Magic Quotes is deprected from the PHP 5.3 and will be removed completely from the PHP 6. But as a developer you might face a situation when you have to work on application which runs on older version of PHP with some older functionality like rely on Magic Quotes.

They introduce the simple concept behind the magic quotes idea and, thankfully, the settings and code you can use to turn it off. It's been deprecated in PHP 5.3 but some older versions came with it enabled. If you're currently running with it on, it's highly recommended to turn it off and refactor your code accordingly.

In a new post today Johannes Schluter talks about the upcoming version of PHP and three of the things it features: no more short tags, no more magic quotes and the dropping of the enable-zend-multibyte compile option.

I was writing about PHP.next before, many things improved there meanwhile. Most notably we have a committed version number: The next PHP release will be called PHP 5.4. The topic I want to talk about today is "Improved application portability" which covers multiple small changes which aim at making it simpler for developers to write applications working on any PHP setup.

The first two will be immediately familiar to any PHP developer, but the third might be a little more elusive. This option was used to compile in multi-byte encodings to use for data in an application. Unfortunately a good implementation (that didn't use mbstring) couldn't be found, so they're removing the feature.

Padraic Brady has an addendum he's posted to his "making a blogging application with the Zend Framework" series dealing with a few random issues from along the way.

The interesting thing about live publishing of a long tutorial series is that it's not flawless. In fact it's the opposite. [...] To cover all these I'll occasionally highlight the more important ones both in notes to new entries, or where they slip past me, in Addendum entries like this one.

There's four sections in this update - one dealing with the referencing of base URLs, another worrying about magic_quotes settings, an updated database schema for the project and the final about removing non-english characters in the title URLs.

In a new post on the IBM developerWorks page, Nathan Good takes a look at some of the features of the up and coming versions of the PHP language including things like namespaces, changes in the XML handling and a few things taken out.

PHP's next edition, V6, includes new features and syntax improvements that will make it easier to use from an object-oriented standpoint. Other important features, such as Unicode support in many of the core functions, mean that PHP V6 is positioned for better international support and robustness.

New features he mentions include namespace support, improvements to the native Unicode support as well as a few of the things that will be permanently retired like the php.ini settings for magic_quotes and register_globals.

On the Making the Web blog, there's this post that talks about looking forward with your code and making it ready for when PHP6 comes around.

If you want to make use of PHP 6 when it comes, you're going to have to write your new scripts so they are compatible, and possibly change some of your existing scripts. To start making your scripts PHP 6 compatible, I've compiled a list of tips to follow when scripting.

There's only five things in his list (like "stop using magic_quotes" and "don't register long arrays") but the comments provide many more additional gotchas to look out for and new features that will be included.

On the Making the Web blog, there's this post that talks about looking forward with your code and making it ready for when PHP6 comes around.

If you want to make use of PHP 6 when it comes, you're going to have to write your new scripts so they are compatible, and possibly change some of your existing scripts. To start making your scripts PHP 6 compatible, I've compiled a list of tips to follow when scripting.

There's only five things in his list (like "stop using magic_quotes" and "don't register long arrays") but the comments provide many more additional gotchas to look out for and new features that will be included.

In a new post to his blog today, Dan Scott points out an article over on the Linux Weekly website talking about the current state of PHP security.

I was hoping for some provocative thoughts about the direction that PHP has been taking for the last six months or so in the arena of security. Unfortunately, I was greatly disappointed. Beyond using Stefan's departure as a kicking-off point for the article, the author didn't even mention any of these issues (taint, ext/filter, etc).

Instead, the article swerves back into the old rut of register_globals and magic_quotes. Dan also expresses concern at a possible misquote from Rasmus Lerdorf and that, had the author done a bit more homework, they wouldn't have made comments (in reference to the above mentioned features) like:

Security is a hard problem and any attempt to 'dumb down' a language is likely to run into security issues. [...] A great deal of useful code has been written on the PHP platform; it would be nice to find a way to keep that code coming while simultaneously making it more secure.

In a new post to his blog today, Dan Scott points out an article over on the Linux Weekly website talking about the current state of PHP security.

I was hoping for some provocative thoughts about the direction that PHP has been taking for the last six months or so in the arena of security. Unfortunately, I was greatly disappointed. Beyond using Stefan's departure as a kicking-off point for the article, the author didn't even mention any of these issues (taint, ext/filter, etc).

Instead, the article swerves back into the old rut of register_globals and magic_quotes. Dan also expresses concern at a possible misquote from Rasmus Lerdorf and that, had the author done a bit more homework, they wouldn't have made comments (in reference to the above mentioned features) like:

Security is a hard problem and any attempt to 'dumb down' a language is likely to run into security issues. [...] A great deal of useful code has been written on the PHP platform; it would be nice to find a way to keep that code coming while simultaneously making it more secure.