Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

php|architect:
Five Top PHP Mistakes
Jul 21, 2006 @ 06:00:25

New to the A/R/T article repository from php|architect today is this look at the "Top Five PHP Mistakes" from Marco Tabini.

These topics have been beaten to death, and will likely continue to be beaten well after their bones have turned to dust. However, I have never had the opportunity to explore some aspects of PHP that obviously are mistakes-not just to understand their origin, but to analyze their impact on PHP and the way they have been dealt with.

His list of mistakes is:

  • Objects in PHP 4
  • Function Naming Consistency
  • Safe Mode and Magic Quotes
  • Register Globals
  • Lack of Unicode Support

Under each he explains them, noting why they are important enough to mention is the list. He does, however, end on a bit lighter note - the PHP, for all its problems and woes, is just like any other laugnage out there. It has its problems, but its learned from them and, as Marco puts it "has grown because of them".

tagged: top five mistakes safe_mode register_globals unicode objects function name top five mistakes safe_mode register_globals unicode objects function name

Link:

php|architect:
Five Top PHP Mistakes
Jul 21, 2006 @ 06:00:25

New to the A/R/T article repository from php|architect today is this look at the "Top Five PHP Mistakes" from Marco Tabini.

These topics have been beaten to death, and will likely continue to be beaten well after their bones have turned to dust. However, I have never had the opportunity to explore some aspects of PHP that obviously are mistakes-not just to understand their origin, but to analyze their impact on PHP and the way they have been dealt with.

His list of mistakes is:

  • Objects in PHP 4
  • Function Naming Consistency
  • Safe Mode and Magic Quotes
  • Register Globals
  • Lack of Unicode Support

Under each he explains them, noting why they are important enough to mention is the list. He does, however, end on a bit lighter note - the PHP, for all its problems and woes, is just like any other laugnage out there. It has its problems, but its learned from them and, as Marco puts it "has grown because of them".

tagged: top five mistakes safe_mode register_globals unicode objects function name top five mistakes safe_mode register_globals unicode objects function name

Link:

SitePoint PHP Blog:
What won't be in PHP 6
Mar 13, 2006 @ 07:31:38

In this post on the Sitepoint PHP Blog, Harry Fuecks makes a quick mention of another blog post dealing with the enhancements in PHP6 and another handy feature he noticed as well.

Pierre-Alain Joye picked this one up last week, and it needs repeating. For PHP6 the following are already gone from CVS: Register globals, Magic quotes, Safe mode.

As blogged a while back, you'll find these changes discussed here. Nice use of carrot and stick in fact - for the pain on fixing your apps to run under PHP6, you get Unicode.

The other feature he's noticed pertains to the php.ini settings file that PHP uses:

Just noticed a new ini setting here: "allow_url_include - PHP_INI_SYSTEM Available since PHP 6.0.0." Excellent! That eliminates another major source of exploits (perhaps the biggest) have moaned about that before here and here.

tagged: won\'t be in php6 register_globals magic_quotes safe_mode won\'t be in php6 register_globals magic_quotes safe_mode

Link:

SitePoint PHP Blog:
What won't be in PHP 6
Mar 13, 2006 @ 07:31:38

In this post on the Sitepoint PHP Blog, Harry Fuecks makes a quick mention of another blog post dealing with the enhancements in PHP6 and another handy feature he noticed as well.

Pierre-Alain Joye picked this one up last week, and it needs repeating. For PHP6 the following are already gone from CVS: Register globals, Magic quotes, Safe mode.

As blogged a while back, you'll find these changes discussed here. Nice use of carrot and stick in fact - for the pain on fixing your apps to run under PHP6, you get Unicode.

The other feature he's noticed pertains to the php.ini settings file that PHP uses:

Just noticed a new ini setting here: "allow_url_include - PHP_INI_SYSTEM Available since PHP 6.0.0." Excellent! That eliminates another major source of exploits (perhaps the biggest) have moaned about that before here and here.

tagged: won\'t be in php6 register_globals magic_quotes safe_mode won\'t be in php6 register_globals magic_quotes safe_mode

Link:

Justin Silverton's Blog:
What would you like to see in PHP 6?
Mar 13, 2006 @ 07:10:50

In this post from his blog, Justin Silverton takes a quick look back at the November meeting of a few of the main PHP developers on what needs to happen in PHP6.

In November of 2005, the major developers working on the core of PHP met up in Paris and discussed various additions that would possibly make version 6.

Attendees included Wez Furlong, Derick Rethans, Rasmus Lerdorf, and Zeev Suraski and some of the topics that were discussed included: filename encoding, optimizing the use of brackets in strings, and register_globals.

Of course, some of these issues have already been worked out of the PHP builds and will be coming to a web server near you with a whole new feel.

tagged: november 2005 meeting php6 future register_globals safe_mode november 2005 meeting php6 future register_globals safe_mode

Link:

Justin Silverton's Blog:
What would you like to see in PHP 6?
Mar 13, 2006 @ 07:10:50

In this post from his blog, Justin Silverton takes a quick look back at the November meeting of a few of the main PHP developers on what needs to happen in PHP6.

In November of 2005, the major developers working on the core of PHP met up in Paris and discussed various additions that would possibly make version 6.

Attendees included Wez Furlong, Derick Rethans, Rasmus Lerdorf, and Zeev Suraski and some of the topics that were discussed included: filename encoding, optimizing the use of brackets in strings, and register_globals.

Of course, some of these issues have already been worked out of the PHP builds and will be coming to a web server near you with a whole new feel.

tagged: november 2005 meeting php6 future register_globals safe_mode november 2005 meeting php6 future register_globals safe_mode

Link:

Pierre's Blog:
Magic's gone
Mar 09, 2006 @ 07:27:03

On Pierre's blog, there's this great reminder of the progress being made towards PHP6, and some of the big leaps that have been made so far - specifically related to register_globals and magic_quotes_*

I really start to love the next major version of PHP (aka PHP6).

register_globals and magic_quotes_ have gone: #1 and #2.

The get_magic_quotes_gpc, get_magic_quotes_runtime functions are kept but always return false, set_magic_quotes_runtime raises an E_CORE_ERROR. It may help you to migrate (I was in favour to drop them all, but it was a too drastic change for my collegues :)

These changes and the GD cleanup (gd1.x and freetype 1.x support removed, some code cleanup) make me feel really better while working in HEAD that 5.x.

He also notes the recent demise of safe_mode as well.

tagged: magic\'s gone register_globals magic_quotes safe_mode magic\'s gone register_globals magic_quotes safe_mode

Link:

Pierre's Blog:
Magic's gone
Mar 09, 2006 @ 07:27:03

On Pierre's blog, there's this great reminder of the progress being made towards PHP6, and some of the big leaps that have been made so far - specifically related to register_globals and magic_quotes_*

I really start to love the next major version of PHP (aka PHP6).

register_globals and magic_quotes_ have gone: #1 and #2.

The get_magic_quotes_gpc, get_magic_quotes_runtime functions are kept but always return false, set_magic_quotes_runtime raises an E_CORE_ERROR. It may help you to migrate (I was in favour to drop them all, but it was a too drastic change for my collegues :)

These changes and the GD cleanup (gd1.x and freetype 1.x support removed, some code cleanup) make me feel really better while working in HEAD that 5.x.

He also notes the recent demise of safe_mode as well.

tagged: magic\'s gone register_globals magic_quotes safe_mode magic\'s gone register_globals magic_quotes safe_mode

Link:

Zend Weekly Summary:
safe_mode is gone
Mar 02, 2006 @ 06:31:55

As pointed out by Ligaya Turmelle in this blog post today, it seems that safe_mode in PHP is officially "gone".

From this Zend Weekly Summary:

Following the Paris PDM recommendations, and (unusually) with the approval of the entire spectrum of PHP developers and users, Andi went to work on removing safe_mode from CVS HEAD this week. He got as far as the streams code before he hit a problem, and wrote to Sara (for help).

Sara agreed that it was in fact a bug, and admitted that she'd probably introduced this 'slight logic twist' when routing unlink() to use stream wrappers.

Andi thanked Sara for her analysis and asked her to keep an eye on his commits to ensure he didn't apply a wrong fix in the stream wrapper code. She did; he didn't. Andi went on to clean all trace of the safe_mode implementation from the rest of the PHP core and most of the core extensions, ably assisted by Ilia.

One of the longest-lingering, painful issues that PHP has had to deal with in the past has finally been laid to rest. Here's to a positive step forward to PHP6!

tagged: zend weekly summary safe_mode gone removed andi sara ilia zend weekly summary safe_mode gone removed andi sara ilia

Link:

Zend Weekly Summary:
safe_mode is gone
Mar 02, 2006 @ 06:31:55

As pointed out by Ligaya Turmelle in this blog post today, it seems that safe_mode in PHP is officially "gone".

From this Zend Weekly Summary:

Following the Paris PDM recommendations, and (unusually) with the approval of the entire spectrum of PHP developers and users, Andi went to work on removing safe_mode from CVS HEAD this week. He got as far as the streams code before he hit a problem, and wrote to Sara (for help).

Sara agreed that it was in fact a bug, and admitted that she'd probably introduced this 'slight logic twist' when routing unlink() to use stream wrappers.

Andi thanked Sara for her analysis and asked her to keep an eye on his commits to ensure he didn't apply a wrong fix in the stream wrapper code. She did; he didn't. Andi went on to clean all trace of the safe_mode implementation from the rest of the PHP core and most of the core extensions, ably assisted by Ilia.

One of the longest-lingering, painful issues that PHP has had to deal with in the past has finally been laid to rest. Here's to a positive step forward to PHP6!

tagged: zend weekly summary safe_mode gone removed andi sara ilia zend weekly summary safe_mode gone removed andi sara ilia

Link: