PHP 5.1.0 Released 275
kv9 writes "A new release of PHP5 is available. This version includes over 400 bugfixes, performance improvements over the 5.0.x branch, new date handling code, new versions of PCRE/SQLite/PEAR and over 30 new core/extension functions. A number of security fixes are also present and users are recommended to upgrade."
mySQL support (Score:5, Funny)
Re:mySQL support (Score:2, Informative)
For read-only, or even read-mostly, MySQL is blisteringly fast. It slows down when doing many INSERT or UPDATE queries on large tables because the whole table is held in one file, which has to be locked during a write and so slows things down.
On Linux, with a disk caching policy of "Never, ever commit anything unless you have to swap something from RAM, or are about
Re:mySQL support (Score:5, Insightful)
The recent Oracle/InnoDB and MySQL AB/SCO debacles have also made many potential MySQL users weary. There are many users who are now questioning how viable MySQL will be in the near future, both from a technical standpoint with regards to the InnoDB purchase by Oracle, and from a legal standpoint concerning their dealings with SCO. SQLite and PostgreSQL do not suffer from such unknowns.
Some more alternatives to MySQL (Score:5, Interesting)
- IBM has spiffed up Cloudscape to be somewhat compatible to DB2, renamed it to Derby and is giving it away
- Oracle is giving away a mildly crippled version of its DB, I don't remember the exact circumstances
- ADABAS, also known as SAP DB, is now also FOSS
- Firebird, née Interbase, was freed years ago and is said to be working well and under active development. I don't know why so few people seem to like it.
- I believe I heard about SQL Server being "free" under some circumstances too, but I'm not sure.
So... many thanks to MySQL for being a forerunner in the "free DB" department, and more thanks to other, formerly proprietary-only vendors for making their products a little more accessible to the common man!Re:Some more alternatives to MySQL (Score:3, Informative)
IBM has spiffed up Cloudscape to be somewhat compatible to DB2, renamed it to Derby and is giving it away
PDO_ODBC [php.net], Zend Core for IBM [zend.com]
Oracle is giving away a mildly crippled version of its DB, I don't remember the exact circumstances
PDO_OCI [php.net], Zend Core for Oracle [zend.com]
ADABAS, also known as SAP DB, is now also FOSS
This one, I know very little about..
Firebird, née Interbase, was freed years ago and is said to be working well and under
PDO (Score:2)
-M
Re:PDO (Score:2)
Re:PDO (Score:2)
He is bashing the specific implementation, but the concept is the same. PDO is _A_ solution. It's a good solution. It is technically very stable. It working out of PECL (and just a base is distributed with PHP-5.1) means for easy updates if compiled with s
Re:mySQL support (Score:4, Informative)
Actually, this can be tricky due to MySQL's tendencies to massage data to fit comfortably into tables. Using defaults such as 0000-00-00 in date fields instead of NULL, allowing values such as 2005-02-30 (i.e. 30th of February).
If you have such values in your MySQL database and intend to migrate that data into PostgreSQL, you first have to make the data conform to the C part of ACID (Consistency) before moving it to other RDBMS systems.
Re:mySQL support (Score:2)
In a file. SQLite databases are just a single binary file (although it supports building a database in memory too). Before you moan, that's one of the features/goals of SQLite. When you need that simplicity, it's great.
I do wonder if including SQLite with PHP will mean a lot of people think that it's appropriate for a massively multi-user app, whereas that's not really what it's designed for.
Re:mySQL support (Score:2)
The file system is often unfairly overlooked IMHO. How many blogs (what is it now... 70,000 new blogs created per day?) actually need to be stored in database backends? This is a mostly WORM (Write Once Read Many) media, statically generate your HTML and seperate your code into purely generative (stuff that just reads the same old stuff from the db, an
Re:mySQL support (Score:3, Interesting)
I think you mean that when doing lookups of a very small (less than 1%) set of data from a single table with simple queries that mysql understands the b-tree index in myisam or oracle's innodb is as fast as any other database. In the case of myisam maybe a little more, in the case of innodb maybe a little less.
I'm sure you don't mean that when selecting 10% of the data of a single table of the database (thereby unable to do b-tree lookups)
You forgot one. (Score:2)
Re:You forgot one. (Score:3, Interesting)
Re:mySQL support (Score:2)
Jesus , didn't realise mySQL was *that* primative. If anyone had
suggested using that form of implementation for a DBMS 20 years ago
they'd probably have been laughed out of the room , never mind in 2005!
You'd be lucky to get away with that even in a college DB project!
Re:mySQL support (Score:2)
Light-weight and extremely fast for read-only operations.
You can't do semi-complex queries against it mind you.
Re:mySQL support (Score:2)
We have 40-odd different tables, which have to be joined together for most queries. Several of them have over a hundred megabytes of data, meaning that without indexes searching the data would take an unspeakable amount of time. The ability to store UTF-8 in text fields is also a definite requirement for us. Thread safety is of course
Re:mySQL support (Score:2)
Re:TROLL! (Score:2)
Sendmail (Score:3, Funny)
I think we've finally found a replacement for the security disaster known as sendmail -- PHP.
Re:Sendmail (Score:2)
I think I've worked out what PHP stands for -- "Pretty Hopeless Privacy"
Re:Sendmail (Score:2)
Besides, most of the bad programming practices that PHP allows are due to it being written in C, so your crappy C coding practices will also work in PHP.
Re:Sendmail (Score:2, Insightful)
Always check that your input is well-formed, an email address is actually an email address and so on.
If nothing else, stripping newlines and carriage returns will thwart most of those bots.
Unfortunately it's a common problem, but if you code properly it's entirely avoidable.
Re:Sendmail (Score:2, Informative)
Flamebait my ass, this is true. (Score:3, Funny)
Never Program- RFC822, workarounds (Score:3, Interesting)
Always validate all input provided by the user that is used in any way. If it's in a database you're smart enough to escape it (or use query replacement methods that do it for you). If you're sending mail, you damn-well be sure it's an e-mail address. You have RFCs to guide you on this:
http://www.w3.org/Protocols/rfc822/ [w3.org]
A field-name consists of one or more printable characters (excluding colon, space, and control-characters). A field-name MUST be
Many improvement... (Score:4, Funny)
...and still no damn fucking namespaces.
Go PHP, ride on to the 20th century!
Re:Many improvement... (Score:3, Informative)
http://www.php.net/~derick/meeting-notes.html [php.net]
http://www.corephp.co.uk/archives/19-Prepare-for-
Re:Many improvement... (Score:5, Interesting)
http://developers.slashdot.org/comments.pl?sid=16
It's true that PHP suffers from various naming conventions, but namespaces might me the answer.
For PHP 6.0, does anyone know if the core developers are thinking of moving most builtin libraries into namespaces? For instance:
. . . http://ca.php.net/manual/en/function.oci-commit.p
could be placed in the "builtin\oci" namespace and
. . . http://ca.php.net/manual/en/function.ocicommit.ph
could be placed in the "builtin\legacy\oci" namespace.
You could quickly convert all PHP5 to PHP6 simply by adding the line:
. . . import builtin\*;
to the top of every file to make all builtin functions global (the way they are in PHP5).
Apps written in PHP5 would still work without the import, but they'd get a warning (which could be switches off in the php.ini).
Re:Many improvement... (Score:2)
Not only that, but what I enjoy the most about these PHP 6 planning meeting notes is:
http://www.php.net/~derick/meeting-notes.html#safe -mode [php.net]
Re:Many improvement... (Score:2)
Re:Many improvement... (Score:2)
Re:Many improvement... (Score:3, Insightful)
Well put.
I find it ironic that PHP came out many years ago as a cheap and easy way to make more dynamic web pages with a simpler structure than perl. It was also a greatly reduced structure from perl.
Then someone added a bunch of MySQL to it, hyped it up as LAMP and now everyone's on that bandwagon. And those that weren't were bitching about how if you want to do a real web application you would be better off using Perl and PostgreSQL.
And now here we are years alter and from the threads I've seen herei
Re:Many improvement... (Score:3, Interesting)
And another big reason is that the perl libraries (ala CPAN) do not require a recompile of perl itself. I cannot count the number of times I go to do something in PHP only to discover that PHP has to be recompiled with the switch to include such-and-such library. Need to work against an Oracle database in PHP? Bring down the production web servers to install a new PHP with OCI support enabled. Need to work against Oracle in Perl? Just install the appropriate perl module, no need to do anything drastic.
Re:Many improvement... (Score:2)
You drop the appropriate DLL's into the system %Path% (which should include the PHP directory) or, if you're using Apache 2, the PHP INI Directory specified in your httpd.conf. Alternatively, you can add them to your php.ini's extension_dir, whatever you set that to be. Then you edit the PHP.INI file and uncomment or add the modules you want to use. Then restart Apache and pray. I say "pray" because Apa
Re:Many improvement... (Score:2)
Re:Still no namespaces .. (Score:2)
The only thing missing is the ability to alter the class def a la adding "friend"s
Re:Still no namespaces .. (Score:2)
Yes, one can kid-of-emulate namespaces using classes (AFAIK people have done it in fucking Javascript for years !).
But
To sum it up, yes you can use the oh so shiny new PHP classes to create nam
Re:Many improvement... (Score:2)
Re:Many improvement... (Score:2)
Beware of PHP 5.1 (Score:5, Informative)
http://news.php.net/php.internals/20352 [php.net]
Re:Beware of PHP 5.1 (Score:4, Funny)
I've only messed around with PHP for my personal website and a small catalogue style website for my parents' business, but I noticed there were no namespaces, so I simulated them by prefixing class/function names with short prefixes, e.g. twbb_GetForumThread() etc.
I don't envisage having any problems with the new PHP core functions colliding with my names. But then maybe that's because I've worked with other languages that don't have namespaces (e.g. C, which I believe had some brief border-line success/popularity at one point, despite being crippled by lack of namespaces), and also I have a fucking clue what I'm doing. Idiots, on the other hand, will always run into problems.
That's not to say I wouldn't like to see namespaces in PHP :-)
Re:Beware of PHP 5.1 (Score:2)
Bug fixes should go into 5.0.x (Score:5, Insightful)
Re:Bug fixes should go into 5.0.x (Score:3, Insightful)
The lines with Added, Changed or Improved are mostly new features, the lines with Fixed are Bugfixes. 1/3 of the Changelog are therefore new features.
b4n
Adding even more functions? (Score:5, Insightful)
Ugh. Adding still to the inconsistent, namespace mess, PHP functions have? Worst. Decision. Ever.
Backgrounds of the PHP developers. (Score:2, Insightful)
One thing I find about PHP is that, rightly or wrongly, we always hear about how it's quite lacking as a language. Could that be because it is designed by people who have very little experience designing modern programming languages?
Re:Backgrounds of the PHP developers. (Score:2)
Re:Backgrounds of the PHP developers. (Score:2, Interesting)
Re:Backgrounds of the PHP developers. (Score:5, Insightful)
Design and programming are two distinct disciplines. Some brilliant developers are good at both, but many people, myself included, get too much satisfaction from diving into coding to thoroughly think about what they are embarking on. The result is a program/system/language/whatever that starts with a clean small core but grows ever bigger and uglier as changes are bolted on. I tried PHP a couple years back and was disgusted by it. There's a reason why computer language design is a discipline of an academic subject, Computer Science: A wealth of knowledge has accumulated on how to do this kind of thing "right," and applying that knowledge will usually lead to a better end result.
Specifically, my beef with PHP summarizes down to: It makes simple things simple in a way that encourages sloppy coding. PHP is to the current would-be Web geek generation what BASIC was to teenage would-be hotshot coders in the late '80s: A way to achieve "gee whiz!" effects easily and cheaply. It's possible to write large, elegant programs in PHP, but that's not what usually happens.
Re:Backgrounds of the PHP developers. (Score:2)
I code in PHP because I can quickly roll out powerful scripts, but the namespaces really need an overhaul.
Re:Backgrounds of the PHP developers. (Score:2)
Re:Backgrounds of the PHP developers. (Score:2)
Re:Backgrounds of the PHP developers. (Score:3, Insightful)
The classical example of an "overdesigned" language is Java (I am lousy at separating the language from its APIs). What you get is some more "reuse" at the price of unnecessari
A work in progress... PHP is getting better (Score:3, Insightful)
This is what PHP 5 and PHP 5.1 are all about. Lets fix the problems in the language and those things that go back to it's origins. PHP at one point did little more than a shell script, and now you have endless numbers of modules, extensions, and database backends.
You'll notice they have E_ALL on by default and highly encourage E_ALL|E_STRICT to be used for good coding prac
Re:Backgrounds of the PHP developers. (Score:2)
Ou yeah? Eat $this->!
Re:Backgrounds of the PHP developers. (Score:2)
Re:Backgrounds of the PHP developers. (Score:4, Informative)
I've just 'inherited' a PHP project, and I want to scream. I've finally had to 'learn my enemy.' So, wanting to know what the heck I was getting into, I bought a ton of O'Reilly books, and I read through a bunch of "Programming PHP" before beginning, so I wouldn't make the mistake of just slapping together whatever worked. Getting right into it, I was appalled at how poor the 'design' of the language is. It's a poor ripoff of many decent languages, slapped together in whatever Q&D way would 'make it work.' Why are phonetic string comparison functions part of the core language?! Those should be in a library! Why, oh why, was the scoping done so utterly backwards?! I was cleaning up some code, moving it into a function, and suddenly it stopped working. I had realized the answer the first time I tweaked it, but summarily forgot the second time around. What was it? Why, naturally, I had forgotten to do 'global $foo' inside my function - how stupid could I be to think code inside a function wouldn't pick up the contents of the variable as declared outside it?
*sigh* I've gotten a project with 15,600 lines of 'code,' and already gotten rid of 1200 lines of repetitive junk by applying some common sense to it. I have another 120 lines lined up to be shot today. (A diff -uw of 2 files turned up exactly 5 differences.)
PHP makes it way to easy for people without a clue to 'write code' that 'works.' Thank you all the same, but I prefer to keep my brain engaged in 'drive,' rather than 'park.'
Re:Backgrounds of the PHP developers. (Score:4, Insightful)
To recap. PHP got it right, perl got it wrong. You are annoyed because it's not the way you are used to working but that has nothing to do with the merits of the scoping rules.
Re:Backgrounds of the PHP developers. (Score:2)
Is any work being done to improve security? (Score:2, Insightful)
Are the PHP developers actively doing anything to help prevent those without much experience from writing code that can lead to a server being compromised? Not that they should restrict those few developers who do know what they're doing, but they should perhaps be taking a look a
Re:Is any work being done to improve security? (Score:2, Interesting)
Re:Is any work being done to improve security? (Score:2, Insightful)
Who should be held responsible for THAT? (Set an X)
[ ] The Apache developers?
[ ] The Linux developers?
[ ] The server "administrator"?
Umm (Score:2)
Re:Is any work being done to improve security? (Score:2, Informative)
They are doing quite a bit actually. PHP6 will see a full input_filter mechanism added, safe_mode (misleading name) removed, and other substantial changes that will deeply improve security for programmers.
In addition, there is discussion of adding namespaces in php6, a feature that would easily improve security in virtually every app by preventing unint
Do they really take security seriously? (Score:2)
Re:Do they really take security seriously? (Score:2)
Re:Do they really take security seriously? (Score:2)
PHP Security (Score:4, Interesting)
Some of us are trying to help the situation by educating PHP developers. For my part, I try to write articles [shiflett.org] (and make them available for free), give talks [brainbulb.com] at conferences and user groups, and answer questions on mailing lists and forums.
There's also the PHP Security Consortium [phpsec.org], the Zend Framework (which will hopefully include most things on my wishlist [shiflett.org] as well as solve other problems [shiflett.org]), and a new input filter extension [derickrethans.nl].
As BP says, it's a start.
Re:Is any work being done to improve security? (Score:2)
*Ahem!*
But anyway. I'm not aware of any built-in security problems - most of what your average Slashdotters regard as 'OH THAT'S SO INSECURE WHY CAN'T THEY FIX IT????' seems to be down to shitty programming by end-users rather than PHP limitations. Idiotic PHP features like magic-quoting of input stri
Re:Is any work being done to improve security? (Score:2)
Indeed! Microsoft is often criticised for trying to do things for the user, instead of showing the user how to do them. The same criticisms apply to PHP here.
PHP is renouned for having good documentation;
Re:Is any work being done to improve security? (Score:2)
Yes it would hurt. addslashes is actually the _wrong_ way to do things. It is bad design. But it is shameful that even up till now in PHP it's not clear what to use instead. pear db or pdo?
Whatever it is, you should use a database specific quoting method.
In perl if you have a db object $dbh you'd call it like this:
$quoted_stuff=$dbh->quote($stufftoquote);
However, you shou
Re:Is any work being done to improve security? (Score:2)
Yes, that would hurt because you're supposed to use the dbtype_real_escape_string() function instead. addslashes() practially adds random slashes to hope that it won't fuck anything up.
Advances/Alternative to the server (Score:5, Interesting)
Zend refuses to add basic features such as a basic accelerator ( PHP scripts get recompiled on every request ). In fact, there was a rumor that Zend bought and killed http://sourceforge.net/projects/turck-mmcache/ [sourceforge.net], the best accelerator out there because it competed with their commercial product.
I understand that money has to be made for development to continue, but that's no way to compete.
PHP server needs true session and application scope variables. File-based session variables it has right now means that any variable that's not serializable ( eg. file descriptor ) can not be saved in the session scope. This is a huge problem. It results in developers making countless round trips to their database to serialize data, and hence making PHP scripts more dependant on close/performant database in general. There was an mmap based solution being worked on, but haven't heard much about it lately.
Other web environments have had these features for years.
I'm guessing that that sought of restriction on the PHP server will continue until an alternative server is developed and begins to gain popularity.
Re:Advances/Alternative to the server (Score:2)
Re:Advances/Alternative to the server (Score:2)
b4n
Persistance (Score:2)
- each apache process takes some requests. Opening a file-descriptor or database connection in one doesn't mean it'll be available to another process. So the file needs to be opened, database connected to, etc.
- persistent connections (datab
Re:Advances/Alternative to the server (Score:2)
If you have a big server farm you could of course also talk to Zend. The Zend Platform is much more than just an accelerator. And if you are a good customer anyway why should the mind about a little price drop.
b4n
OO (Score:4, Informative)
PHP 5 brought more OO features but it's still loosely typed and not compiled, meaning its OO features pale in comparison to JSP and ASP.NET. Until these two features are added by default (yes I know there are compilers), I can't really see how people will want to make use of its OO features in a business scenario. It handles strings (atleast in 4) about 50x slower than
Re:OO (Score:4, Insightful)
php has it's good sides but it the long run it's definitely the loser platform from my point of view. even perl is more stable and readable after 3 years of support on the same code (on php you either do very expensive upgrades to the software every time there are some major changes or you do cheap fixes and the code turns into a mess).
have you ever tried to read a well organized OOP php source that is supposed to work with every version from 4.0 to 5.x ? nope ? give it a try, i'm sure you will fall off the fgging chair.
i suggest you use something else, use python, use ruby, if you need to kiss your bosses ass you might even use java but keep your fingers away from php while you can.
How completely inapropriate. (Score:2)
He is wrong though, PHP is compiled. Its just compiled every single time you request a page, making it slow. Accelerators exist to compile PHP once and then cache that. This is not possible with ruby because it is not compiled, it is interpreted.
Re:How completely inapropriate. (Score:2)
Consider:
PHP (weakly typeed, late binding):
$x = 1;
$y = '2';
echo $x+$y;
# prints 3
Ruby (strongly typed, late binding):
x = 1
y = '2'
puts x + y
# ERROR
Did you look at the PHP 6.0 codebase ? (Score:4, Interesting)
I'd like to take this oppurtunity to complain about __autoload in PHP5. It is one functionality which I find tremendously inconvenient when coding something like APC [php.net]. File inclusions were never supposed to be that dynamic, it ends up with different compilations of the same file for different places it is included in (apparently some [php.net] are still fighting).
Use a few defines and be explicit (Score:2)
Have a base controller include that one core_defines.php file, the
include(CLASS_PATH."foo.php");
Yes, it's not the namespace support you're talking about, but it's much better than having all your include() statements use "../../../" notation in them. There are two primary issues with that approach.
1. The path where you store those files might need to change for some reason.
2. It's not as clear from looking at it what type of file is being loaded unless you have class_*, lib_*, and other f
Great, now what about hosting companies (Score:2)
Re:Great, now what about hosting companies (Score:5, Insightful)
Serious hosting companies just can't risk running software that hasn't been widely tested. While there may be benefits from running the new versions of PHP, for instance, it could be a disaster if a security flaw leads to their servers being compromised. An incident like that could financially destroy a small- or medium-sized hosting company. At least the older versions of PHP have undergone more testing than the newer releases.
Re:Great, now what about hosting companies (Score:2, Informative)
What's up and coming in PHP6 (Score:2, Informative)
I here lot's of bickering about PHP 5 ... (Score:5, Insightful)
So what?
PHP is the web generations basic. No more. But no less either.
Given that loads of very usefull webapps out there are built in PHP
I'd say the criticisim is mostly inadequate whining. If PHP doesn't
cut it for your job, take something else. No big deal.
PHP5 deserves any criticism it gets (Score:3, Insightful)
A while ago, I tried writing my own blogging system using PHP, because it would be easy to find someone to host me. I kept having to look things up (isnull or
PHP, is it API or language? (Score:2, Insightful)
But as more "serious" developers pick it up, more "serious" features are requested.
The fact is, if you're flexible you can build whatever you need in PHP4. It may not always be the way you prefer to code, but you can do it.
PHP is what it is. And it won't appeal to everyone. Fortunately there are many othe
And still no sign of work on #29337. (Score:2)
Apparently the ticket hasn't been touched since it was reported 16 months ago.
PDO (Score:2)
PDO [php.net] is the first API/extension in PHP that looks like it was designed before writing.
That's big step away from MySQL and magic_quotes mess.
Who to emulate today? Perl? Java? C++? (Score:3, Interesting)
Today, after not having done any PHP for about two years, I took a look at the PHP 5 documentation.
I was appalled.
Back when I started learning Perl, many of the apparent idiosyncrasies in PHP made sense such as the $syntax, multiple variable assignation, string concatenation and others. PHP had made a simpler version of Perl (automatic dereferencing, yay!). Then, when I was reading through the docs I noticed that PHP5 was doing its utter best to ape the functionality of Java (OO, exceptions, collections, interfaces, reflection, overloading, overriding etc) with the syntax of C++ (:: for static members, -> for virtual methods) but with the same loosely typed variables (Just ask yourself when looking at code you've never seen exactly what type does that unknown function return) and no namespaces (Perl, Java and C++ all have this in some form or another) and a huge array of functions that has no consistency whatsoever.
So, in essence, we have a language that is a mix of Perl, Java and C++ but with no real innovation of its own, unlike Python or Ruby, both of which are extremely consistent and remain true to themselves. Even lowly Javascript is far more consistent than PHP.
There is no way that I will code or design a large webapp in PHP. I had to debug a fairly complex one recently and it was a nightmare. I think I'll wait another few years and look what PHP6 turns out to be.
Re:All of my friends and family use the new PHP (Score:5, Insightful)
Rails still isn't a language, it's a framework.
(calling Ruby a "toy language" when comparing it to PHP is hillarous though, thanks for the laugh)
Power? (Score:3, Insightful)
Re:Power? (Score:2, Interesting)
Yes, but as Alan Perlis said in one of his epigrams... [yale.edu]
Using your example, Perl is as complete as C, but IMHO interesting things are easier to do in Perl (or ruby, for that matter).
Re:Power? (Score:2)
The other side of this metric is how easy it is to write an interpretor for another language when you need to. It is possible, for example, to write a P
Re:Why am I getting spam from Linspire? (Score:2)
Re:PHP alternatives (Score:3, Informative)
When you hear Ruby in the context of web applications, the speaker definitely means Ruby on Rails [rubyonrails.com]. For writing more than the simplest web application, it's probably a php killer, on account of its price ($0) and relatively flat learning curve (even if you've never done ruby). Others have observed [c2.com] that RoR has subtle ways of making you do the right thing in a given programming situation, even if you don't know what that is at the time. I dare say that rails teaches the coder alot about object-oriented pro