PHP 5.1.0 Released 275
kv9 writes "A new release of PHP5 is available. This version includes over 400 bugfixes, performance improvements over the 5.0.x branch, new date handling code, new versions of PCRE/SQLite/PEAR and over 30 new core/extension functions. A number of security fixes are also present and users are recommended to upgrade."
Re:All of my friends and family use the new PHP (Score:5, Insightful)
Rails still isn't a language, it's a framework.
(calling Ruby a "toy language" when comparing it to PHP is hillarous though, thanks for the laugh)
Bug fixes should go into 5.0.x (Score:5, Insightful)
Re:Sendmail (Score:2, Insightful)
Always check that your input is well-formed, an email address is actually an email address and so on.
If nothing else, stripping newlines and carriage returns will thwart most of those bots.
Unfortunately it's a common problem, but if you code properly it's entirely avoidable.
Adding even more functions? (Score:5, Insightful)
Ugh. Adding still to the inconsistent, namespace mess, PHP functions have? Worst. Decision. Ever.
Is any work being done to improve security? (Score:2, Insightful)
Are the PHP developers actively doing anything to help prevent those without much experience from writing code that can lead to a server being compromised? Not that they should restrict those few developers who do know what they're doing, but they should perhaps be taking a look at making it far more difficult to write dangerous code.
On the hardware front we have AMD and Intel adding support for non-executable stacks to their processors, for instance. GCC has StackGuard and StackShield. I think it's time for the PHP developers to step up to the place and try to limit the possible damage that can be done when using PHP incorrectly.
It's easy to continually blame the inexperienced PHP users for writing insecure code. But I do believe that it is up to the PHP developers to use their skills to help mitigate such problems.
Power? (Score:3, Insightful)
Backgrounds of the PHP developers. (Score:2, Insightful)
One thing I find about PHP is that, rightly or wrongly, we always hear about how it's quite lacking as a language. Could that be because it is designed by people who have very little experience designing modern programming languages?
Re:mySQL support (Score:5, Insightful)
The recent Oracle/InnoDB and MySQL AB/SCO debacles have also made many potential MySQL users weary. There are many users who are now questioning how viable MySQL will be in the near future, both from a technical standpoint with regards to the InnoDB purchase by Oracle, and from a legal standpoint concerning their dealings with SCO. SQLite and PostgreSQL do not suffer from such unknowns.
Re:Is any work being done to improve security? (Score:2, Insightful)
Who should be held responsible for THAT? (Set an X)
[ ] The Apache developers?
[ ] The Linux developers?
[ ] The server "administrator"?
Re:Great, now what about hosting companies (Score:5, Insightful)
Serious hosting companies just can't risk running software that hasn't been widely tested. While there may be benefits from running the new versions of PHP, for instance, it could be a disaster if a security flaw leads to their servers being compromised. An incident like that could financially destroy a small- or medium-sized hosting company. At least the older versions of PHP have undergone more testing than the newer releases.
Re:Power? (Score:0, Insightful)
Re:mySQL support (Score:0, Insightful)
>For read-only, or even read-mostly, MySQL is blisteringly fast. It slows down
>when doing many INSERT or UPDATE queries on large tables because the whole table
>is held in one file, which has to be locked during a write and so slows things
>down.
Sounds like you would be better off using a flat text file. Flat files are FASTER than mysql and can be totally cached in memory and your overall server will perform better without another service running in the background.
For even read-only data you can load the data into shared memory via PHP and get speed that is unmeasurably fast.
Thats the point and the joke about it all.. 95% of what people use mysql for could be done without a database at all, and the other 5% would be better off using a real database.
Re:Backgrounds of the PHP developers. (Score:5, Insightful)
Design and programming are two distinct disciplines. Some brilliant developers are good at both, but many people, myself included, get too much satisfaction from diving into coding to thoroughly think about what they are embarking on. The result is a program/system/language/whatever that starts with a clean small core but grows ever bigger and uglier as changes are bolted on. I tried PHP a couple years back and was disgusted by it. There's a reason why computer language design is a discipline of an academic subject, Computer Science: A wealth of knowledge has accumulated on how to do this kind of thing "right," and applying that knowledge will usually lead to a better end result.
Specifically, my beef with PHP summarizes down to: It makes simple things simple in a way that encourages sloppy coding. PHP is to the current would-be Web geek generation what BASIC was to teenage would-be hotshot coders in the late '80s: A way to achieve "gee whiz!" effects easily and cheaply. It's possible to write large, elegant programs in PHP, but that's not what usually happens.
I here lot's of bickering about PHP 5 ... (Score:5, Insightful)
So what?
PHP is the web generations basic. No more. But no less either.
Given that loads of very usefull webapps out there are built in PHP
I'd say the criticisim is mostly inadequate whining. If PHP doesn't
cut it for your job, take something else. No big deal.
Re:OO (Score:4, Insightful)
php has it's good sides but it the long run it's definitely the loser platform from my point of view. even perl is more stable and readable after 3 years of support on the same code (on php you either do very expensive upgrades to the software every time there are some major changes or you do cheap fixes and the code turns into a mess).
have you ever tried to read a well organized OOP php source that is supposed to work with every version from 4.0 to 5.x ? nope ? give it a try, i'm sure you will fall off the fgging chair.
i suggest you use something else, use python, use ruby, if you need to kiss your bosses ass you might even use java but keep your fingers away from php while you can.
PHP, is it API or language? (Score:2, Insightful)
But as more "serious" developers pick it up, more "serious" features are requested.
The fact is, if you're flexible you can build whatever you need in PHP4. It may not always be the way you prefer to code, but you can do it.
PHP is what it is. And it won't appeal to everyone. Fortunately there are many other platforms for the unsatisfied. Take your pick.
If your primary gripe with PHP is that it isn't enough like Java, shut up and use Java. Same for - insert language here -
I am very interested to see the new framework being promised by Zend and IBM. (http://www.zend.com/php-collaboration/ [zend.com]) Can they really deliver on their promises? If not, I do predict a mass exodus to ROR. PHP could wind up being relegated to individual scripts or 5 page websites.
Re:Backgrounds of the PHP developers. (Score:3, Insightful)
The classical example of an "overdesigned" language is Java (I am lousy at separating the language from its APIs). What you get is some more "reuse" at the price of unnecessarily complicated framework. With languages like PHP you learn the right way by mistake (which is not necessarily suboptimal) and you should have the guts to break compatibility from time to time.
As for being disgusted by PHP -- usually you don't get disgusted by the language but by what people have written in it (or around it - talking about some PHP extensions). One can always find examples of an extremely ugly LISP function with LISP being one of the most beautiful languages ever.
But I'm heading towards a treacherous field - discussing programming language merits - wasn't it "the best tool for the appropriate job"? So, let's keep PHP for all these "gee whiz" tasks which apparently the society needs, otherwise go explain the x millions of PHP-sites...
At the end we will all grow software like plants :)
Re:Bug fixes should go into 5.0.x (Score:3, Insightful)
The lines with Added, Changed or Improved are mostly new features, the lines with Fixed are Bugfixes. 1/3 of the Changelog are therefore new features.
b4n
Re:Many improvement... (Score:3, Insightful)
Well put.
I find it ironic that PHP came out many years ago as a cheap and easy way to make more dynamic web pages with a simpler structure than perl. It was also a greatly reduced structure from perl.
Then someone added a bunch of MySQL to it, hyped it up as LAMP and now everyone's on that bandwagon. And those that weren't were bitching about how if you want to do a real web application you would be better off using Perl and PostgreSQL.
And now here we are years alter and from the threads I've seen herein:
- PHP has some horrible security pitfalls that are now being addressed.
- MySQL is being dumped for SQLite which is just a flat file system, but then so it Berkeley DB which seems pretty damn fast too
- PostgreSQL is still the last viable option for a real database that you can afford.
- And PHP 6 is talking about adding NameSpaces.
What I see here is that as time marches on, PHP is becoming more difficult to use and more like Perl.So when PHP rivals Perl in capability, it will likely rival Perl in complexity as well, only Perl has had 10+ years to settle out the bugs.
And what simplistic dynamic web page application will come along to replace the original implimentation of PHP? After all, the who reason PHP was so popular was the fact that is was simpler to follow than Perl was. But if it's as complex as Perl.... What next?
I am beginning to thing that PHP would be better off, in the long run, if they just left themselves to the area of making a bitchin' fantastic scripting tool for making dynamic web pages without trying to compete directly with Perl, Java, and C at the same time. It's kind of stupid.
Everything has a place.
PHP5 deserves any criticism it gets (Score:3, Insightful)
A while ago, I tried writing my own blogging system using PHP, because it would be easy to find someone to host me. I kept having to look things up (isnull or is_null? arrlen or array_length? (neither, it's count)), typing mysql_this, mysql_that instead of using namespaces is annoying, lack of a good scoping system very annoying, etc etc. I did want to use PHP, but didn't, because I thought it sucks. Would you prefer it if I didn't say anything, and just let the PHP guys carry on with the mess they've made? Hint: that wouldn't accomplish anything.
"PHP is the web generations basic". Oh great, the web generation is growing up thinking that mysql_query( $_POST['input']) is a good idea. After all, magic quotes will make sure it's safe, so gets(input); system(input); in C should be safe! Intentionally or not, PHP is the first language learned by many people nowadays, so it should at least educate them into good practices instead of just doing stuff for them. (Doing things for the user is one of the things that Microsoft gets flak from here, too). PHP tried this before, with register_globals, and look what that turned out to be.
Surprisingly, people actually want to make PHP a better language, but apparently any complaints should be met with "Don't like it? Then get lost!", leaving PHP as it is. Oh well.
Re:PHP is a joke (Score:1, Insightful)
Re:And still no sign of work on #29337. (Score:1, Insightful)
A work in progress... PHP is getting better (Score:3, Insightful)
This is what PHP 5 and PHP 5.1 are all about. Lets fix the problems in the language and those things that go back to it's origins. PHP at one point did little more than a shell script, and now you have endless numbers of modules, extensions, and database backends.
You'll notice they have E_ALL on by default and highly encourage E_ALL|E_STRICT to be used for good coding practice. You'll notice register_globals is off by default. You'll notice countless quirks are virtually eliminated. magic_quotes are off by default because it's become apparent they don't always work and it's better done by the database engine (which can escape what it needs rather than just slashing random things).
You'll notice in 5.0 and 5.1, they pulled out extensions that are specific or not maintained (payflowpro, fileinfo, and many others) to PECL.
You'll notice they are recommending mysql extensions and others aren't use. You'll notice they're even advising that mysqli isn't used. You'll notice they are focusing on PDO to simplify and eliminate the ~10 driving extensions for each database engine with their own unique ways of doing everything with a universal framework (note: PEAR::DB is written in php classes- this is C and good code).
This is all a method to fix those problems everyone keeps complaining about. It's a pain, and creating even more complaints in the process of broken scripts, classes, and tools with the removal of things like is_a, call-time reference passing, and others- but once these scripts get fixed, and over time once everything goes PDO--- You'll find clean and swift code without much trouble at all.
Give it 6mo for the whole php 5.1 thing to migrate into various popular scripts and you'll find the world will be better for it. It's all in the master plan- simplify. Note that while many things have manual sections, much of it is in PECL and not the distro. At some point that should really be pulled into its own manual making it easier to find the core topics. That's just my opininion.
-M
Re:Backgrounds of the PHP developers. (Score:4, Insightful)
To recap. PHP got it right, perl got it wrong. You are annoyed because it's not the way you are used to working but that has nothing to do with the merits of the scoping rules.