Talk:PHP/Archive 7

Too vague to non-experts
This article has the potential to be very in-depth and informative but it reads like a technical discussion amongst php experts. It is very difficult to understand what PHP by reading the article as the article focusses too much on the guys who developed it, the release history and so on.

It would be nice to have a few simpler paragraphs explaining what it does, how it does it and with a few basic examples of use in a web browser. As it is right now, we dive straight into functions and comparisons with other programming languages. —Preceding unsigned comment added by 84.231.11.146 (talk) 06:49, 15 January 2011 (UTC)

Spoken Wikipedia audio recording
I've uploaded an audio recording of this article for the Spoken Wikipedia project. Please let me know if I made any mistakes (especially with pronouncing names :-P ). Thanks. --Mangst (talk) 01:42, 1 February 2011 (UTC)

PHP: Hypertext Preprocessor
the article implies that Zeev and Andi changed the PHP acronym to PHP: Hypertext Preprocessor, which obviously isn't true, it was decided via a community vote: http://blog.roshambo.org/how-the-php-acronym-was-reborn/ http://web.archive.org/web/20000815063125/il.php.net/vote_listing.php3 — Preceding unsigned comment added by Tyra3l (talk • contribs) 10:10, 16 June 2011 (UTC)

Redirection from PDO
PHP_Data_Objects redirects to this page, but PDO is mentioned nowhere on this site. Birchhunter (talk) 23:04, 9 July 2011 (UTC)

mod_php redirections
mod_php redirects here but it's only mentioned once in passing. 66.187.233.202 (talk) 02:32, 13 August 2011 (UTC)

FUD on Security
I find it pretty incredible that erroneous security data is posted on this article and the reference source is just someone's personal page. Even so, the data posted on this page doesn't even match the data in the article. Being that PHP is a real threat to other corporate backed languages (that themselves have huge security problems), it is obvious to any reader that this whole section is just someones sour grapes. — Preceding unsigned comment added by 20.142.112.36 (talk) 17:17, 30 August 2011 (UTC)

If you read carefully the referenced web page (which is a personal page), (http://www.coelho.net/php_cve.html) the author got these numbers by typing PHP into the vulnerabilities website and then he COUNTED THE HITS. Wow. How is that the basis for ANY statistic? It is exactly the same as typing in "(something) sucks" into google, changing the (something) and repeating and then drawing a conclusion. The author on the website actually disclaims his method for being construed as anything legitimate on his personal page:

One can query the database for keywords (e.g. PHP) and dates. It is a little bit crude: * there may be PHP-related vulnerabilities without the PHP keyword in them (say a bug in the PCRE library may affect PHP) * some vulnerabilities may have the keyword without being directly related to PHP (a description may contain a reference to a PHP web page). * a vulnerability report may indicate many vulnerabilities or they may be scattered into several reports.

How this is somehow a reference for the FUD that was then placed on this page is beyond me. This is the reason I removed the paragraph as it was, beyond any doubt, fud. — Preceding unsigned comment added by 20.142.112.36 (talk) 17:35, 30 August 2011 (UTC)

Hello My name is Artur Polanski and I represent Software Press company. We are creating a new version of popular magazine PHP Solution (English version), which will be available online and we are looking for authors who could provide us with some interesting articles concerning PHP5. I believe your expertise in this matter might be invaluable to our readers and maybe you could share your knowledge with us. Shall anyone be interested in such cooperation please contact me: artur.polanski@software.com.pl Best regards,

Artur Polanski. — Preceding unsigned comment added by 83.7.80.254 (talk) 12:36, 9 January 2012 (UTC)

5.4.0 Built-in web server
In PHP, For release 5.4.0 could we mention the new Built-in web server? Thanks. Eclipsed  (talk)   (COI Declaration)     16:14, 2 March 2012 (UTC)

Done That seems fine. Thanks! &mdash; Jess &middot; &Delta;&hearts; 07:01, 26 March 2012 (UTC)


 * ) — Preceding unsigned comment added by 122.166.8.45 (talk) 11:18, 19 April 2012 (UTC)

Criticism section?
PHP is often criticised for lack of solid language design and other shortcomings; see, for instance, at http://phpsadness.com/ and http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/

I think there should be a section on these criticisms, but I'm not sure I can write that in the proper NPOV tone myself. — Preceding unsigned comment added by Yoe (talk • contribs) 21:11, 13 May 2012 (UTC)

I added a criticism section, because of the wide-spread criticisms of PHP. There are market share statistics that show that many small companies tend to prefer PHP and LAMP development over Java or .NET simply because the technology is free. 202.232.200.82 (talk) 02:51, 13 June 2012 (UTC)

CAUTION: I've used php extensivly (expert level) and I can tell you from painful experience that php has some serious/fatal bugs. when I tried to get the bugs fixed i found that the developer community was badly dysfunctional, there is much fighting between them, there are developers who complain about the poor quality of the code, there are developers who have even forked the project... but there were not any developers who were actually interested/willing to fix these terrible bugs. The result is that we had to abandon our project at huge cost because the bugs were so fundamental they could not be worked around. I shudder when I see ecommerce programs written in php, the math functions of php cannot be trusted. You have been warned. 97.126.103.236 (talk) 02:00, 18 November 2012 (UTC)

PHP extensions
There is no general topic of "PHP Extensions" in Wikipedia. There are web discussions of including functions written in C so the code cannot be examined. The inclusion of a discussion from an internals point of view would clarify whether existing extensions are simple functions or whether the core of PHP can be overloaded to include new functionality. Jbottoms76 (talk) 20:51, 5 June 2012 (UTC)

Under "Visibility of properties and methods", it is stated that when a member is marked as protected, access is limited to inherited classes (and the class itself). This is incorrect: a protected member is also accessible from its superclasses. From the manual:

"Members declared protected can be accessed only within the class itself and by inherited and parent classes"

2001:980:4910:1:8147:4345:ED7B:E1DE (talk) 07:56, 10 August 2012 (UTC)

Overly technical and full of unnecessary details
This entry reads really badly. It goes into unnecessary detail about some aspects of php--complete with obtuse coding examples--while not spending much time talking about what php is and what makes it different than other languages. Also why does anyone need to know such a complete release history of php? To enjoy and gain knowledge from this article the reader would need advanced computer knowledge and already have a very strong interest in php.SciutoAlex (talk) 17:52, 10 August 2012 (UTC)

''It's an article on a programming language, well in keeping with the Perl, Python (programming language) and Ruby_(programming_language) articles. It may even be a little basic; more code examples would be useful. If one does not have 'advanced' computer knowledge and a very strong interest in PHP, then one has no need of reading farther than the first sentence.'' — Preceding unsigned comment added by 24.89.139.58 (talk) 18:53, 26 December 2012 (UTC)

Wrong History
The article claims, the initial version was developed in C, and then claims, that was re-implemented in C. That is wrong. The initial version was written in Perl (these were the "Personal Homepage Tools") and the 2nd version was re-implemented in C. See also the german Wikipedia. Yes, PHP started out as a bunch of Perl scripts. LinguistManiac (talk) 08:36, 8 March 2013 (UTC)

Release history sorted by minor version instead of by release date
Hi. The current version of this article has a "Release history" section sorted by minor version instead of using release date. It seems wrong to me to have a history section not sorted chronologically. --MZMcBride (talk) 04:43, 14 April 2013 (UTC)

PHP and virtual machines
The existence of PHP virtual machine runtime environments (e.g. HipHopVM, Parrot) is not mentioned. The implementations section would be a good place to mention these approaches. Hopscotch23 (talk) 17:03, 22 February 2014 (UTC)


 * Hello there! That's a very good point, thank you!  Will try to add them soon. &mdash; Dsimic (talk | contribs) 23:06, 22 February 2014 (UTC)


 * , please check it out. &mdash; Dsimic (talk | contribs) 05:10, 25 February 2014 (UTC)


 * Looks good, thanks! Hopscotch23 (talk) 16:56, 9 March 2014 (UTC)


 * You're welcome. &mdash; Dsimic (talk | contribs) 00:52, 10 March 2014 (UTC)

No controversy section?
About all the flaws alleged to be in PHP?  Tu rk ey ph an t 02:41, 21 May 2013 (UTC)


 * Turkeyphant, I agree that flaws alleged to be in PHP should be mentioned in this article, if they can be backed up with a reliable source.
 * I hope that even Dsimic agrees.
 * However, I would avoid a section specifically named "controversy" or "criticism", and instead use section titles with more neutral names such as "Reviews". See WP:Criticism for details. --DavidCary (talk) 19:19, 13 February 2014 (UTC)


 * Sure thing, we're here to list all aspects of PHP including all of its well-known deficiencies, so we maintain a clear WP:NPOV. I'm totally agreed that having a section named "Criticism" calls undue attention to negative viewpoints, as stated in WP:Criticism.


 * As the first step, I've just from "Criticism" section to "Security" section, as the moved content actually belongs to its new home.  What's left to us is to find a good new name for the "Criticism" section; "Reviews" doesn't sound good to me, for this purpose.  Hm...  &mdash; Dsimic (talk | contribs) 20:13, 13 February 2014 (UTC)


 * might be the solution for toning down the "Criticism" section..., I saw and reverted your edits, as they were really oversimplifying the sentences; audience for this article should be advanced enough to chew easily through longer and more complicated sentences. :)  Thoughts? &mdash; Dsimic (talk | contribs) 01:30, 27 February 2014 (UTC)


 * Looks good, Dsimic.
 * Currently the "Criticism"/"Reception" section has two paragraphs.
 * I think the parts about Unicode fit better in the "Unicode" section.
 * I think the paragraph discussing how "it was developed organically" and "very early versions of PHP" fit better in the "History" section.
 * Since the remaining sentence discusses multithreading in PHP, I suggest renaming that section "Multithreading".
 * (I think this is the "discuss" phase of WP:BRD).
 * --DavidCary (talk) 01:49, 27 February 2014 (UTC)


 * Had pretty much the same thoughts while reviewing your edits, and here's why keeping the "Reception" section might be better than dissolving it into the rest of the article – readability and ease of information access.  When we have a separate section describing the defficiencies of PHP, it's much easier that way to find them for anyone reading the article.  On the other hand, scattering that around does flow well with the rest of the article in a way you've described it, but those few trees would become almost invisible in a wood; also, there simply isn't enough meat for a separate "Multithreading" section.  I'm still thinking about it, and tried to improve it further with my . &mdash; Dsimic (talk | contribs) 02:13, 27 February 2014 (UTC)


 * I agree that a separate "criticism" section, in a encyclopedia article about any topic, makes it easier for people to find negatives of that topic.
 * A main point of the WP:UNDUE policy and the Criticism essay is that sometimes emphasizing certain things -- so that they become more visible and easier to find -- makes the article worse.
 * Out of the low-level programming languages -- assembly language, C (programming language), Forth (programming language), IBM PL/S, BLISS, BCPL,  ALGOL -- and the programming languages that  Edsger Dijkstra criticises -- COBOL, APL (programming language), FORTRAN, BASIC -- currently only one of those articles includes a "criticism" section.
 * Apparently articles about programming languages generally don't need a separate "criticism" section. Even when experts say that language causes brain damage. So I suggest that this PHP article doesn't need one either. --DavidCary (talk) 16:33, 5 March 2014 (UTC)


 * Well, with all that you've finally convinced me – why should PHP look worse than BASIC, for example?  BASIC also has no support for multi-threading or Unicode, and obviously nobody criticizes it for that. :)
 * Ok, so we move the "it was developed organically" part to the section, "core Unicode support" part to the  section, and remaining "multithreading at the core language level" part to the  section.  Are you Ok with that, as an extension of your original  content rearranging? &mdash; Dsimic (talk | contribs) 04:48, 6 March 2014 (UTC)


 * That sounds great. Go ahead. I'll make the changes you suggested in a few days, unless you get to it first. I pinch myself to make sure I'm not dreaming. This may be the most pleasant content dispute I've ever been involved in -- thank you. --DavidCary (talk) 18:25, 17 March 2014 (UTC)


 * Hehe, I'm glad that you find our whole discussion productive and pleasant at the same time! :) Of course, thank you for providing good arguments.  Got the "Reception" section "" into the rest of the article, please check it out –  with that, PHP no longer looks worse than BASIC. :) &mdash; Dsimic (talk | contribs) 22:46, 18 March 2014 (UTC)

Pronunciation
How does one pronounce "PHP" in spoken English? Since SQL is often rendered as "sequel", I personally advocate for pronouncing PHP as "fap"; and consequently refer to PHP conferences as circle-jerks. However, most people regard this as silly and sound out Pee Aych Pee My Sequel when they read "PHP/MySQL". — Preceding unsigned comment added by VoodooKobra (talk • contribs) 15:53, 14 April 2014 (UTC)


 * Hello there! Have you heard anyone pronouncing PHP as "fap"? :) &mdash; Dsimic (talk | contribs) 04:35, 15 April 2014 (UTC)

Getting an acceptable Lede
Up to May 8th, we've had a reasonably state single sentence summary in the Lede "PHP code is interpreted by a web server with a PHP processor module, which generates the resulting web page: PHP commands can be embedded directly into an HTML source document rather than calling an external file to process data. ", which was then ping-ponged around by Ngyikp and Erinaedu and the result wasn't grammatically correct. I proposed a middle course to try to avoid an edit war starting, and in fact without realising it pretty much reinstated the original (except the addition of usually "PHP code is usually ...").

Now OMPIRE has "fixed" this mess by replacing this by changing this to "PHP code is usually executed within the address space of a web server with a PHP interpreter embedded as a module. The server then sends PHP's output to its client.". Unfortunately, this summary isn't true:


 * The PHP compiler does not generate native code but rather an oparray intermediate format which the Zend engine then interpets at runtime.
 * The CGI SAPI (used on most shared services) and the variant FastCGI SAPIs (including fpm) (used on most high-throughput services) execute in their own address space.
 * The common module form, mod_php, typically runs on Apache in a pre-fork worker -- that is a within the address space of a child process of the server, rather than the server itself. It has to do this because quite a few extensions tend to leak memory so the child processes need to be bounced routinely to avoid memory growth killing performance.

My suggestion is that the original wording -- albeit looser -- wasn't inaccurate and is therefore a better lede summary. Can anyone propose a better -- and still accurate -- alternative? -- TerryE (talk)


 * Hello there! Very good point –  the lead section in fact wasn't that much incorrect, instead it was oriented toward only one of the many ways a PHP environment can be laid out and implemented.  Went ahead and, so it now reads like this:
 * PHP code can be simply mixed with HTML code, or it can be used in combination with various templating engines and web frameworks. PHP code is usually processed by a PHP interpreter, which is usually implemented as a web server's native module or a Common Gateway Interface (CGI) executable. After the PHP code is interpreted and executed, the web server sends resulting output to its client in form of a generated web page. PHP has also evolved to include a command-line interface (CLI) capability and can be used in standalone graphical applications.
 * Looking good? &mdash; Dsimic (talk | contribs) 06:16, 19 May 2014 (UTC)


 * +1 :-) TerryE (talk) 00:49, 17 May 2014‎


 * Thanks. :) In the meantime, the lead section was . &mdash; Dsimic (talk | contribs) 09:22, 22 May 2014 (UTC)

Security section is misleading
The article states "In 2013, 9% of all vulnerabilities listed by the National Vulnerability Database were linked to PHP;[129] historically, about 30% of all vulnerabilities listed since 1996 in this database are linked to PHP."

Although the writer distiguishes between programmer based error and flaws in the language core the implication remains that PHP as a langauge is the cause of web security vulnerabilities.

However, as it stands, the statisitc is meaningless and highly misleading unless we know what the relative percentage of sites on the web use PHP versus those using other scripting language. If 90% of websites (to pick a number out of the air) use PHP then no one should be surprised (it is less than noteworthy) that historically 30% of all vulnerabilities are linked to PHP. For this stat to have relevance we need to know:

1. What is the distribution of scripting languages on internet web sites. 2. What is the distribution of vulnerabilities for each language. 2. More difficult but important: are any of the identified vulnerabilites somehow inherent in the language or are we talking about the failure of programmers to write secure code? — Preceding unsigned comment added by 205.207.78.4 (talk) 17:02, 24 March 2014 (UTC)


 * For the answer to your first question, please see the fifth paragraph in section. &mdash; Dsimic (talk | contribs) 17:33, 24 March 2014 (UTC)

A proper search for Core PHP Vulnerabilities since 1999 can be viewed by using the Advanced search in NVD: http://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_vendor=cpe%3a%2f%3aphp&cpe_product=cpe%3a%2f%3aphp%3aphp&pub_date_start_month=0&pub_date_start_year=1999&cve_id= 72.21.198.64 (talk) 19:03, 27 June 2014 (UTC)

Name of PHP
Maybe I'm a bit unclear, but the current name of PHP is (PHP: Hypertext Preprocessor). Shouldn't his be in bold at the beginning at the article instead of in the middle?  CarnivorousBunny talk • contribs  14:09, 20 April 2014 (UTC)


 * Hello there! The lead section currently contains that description in its opening paragraph, just to quote it:
 * While PHP originally stood for Personal Home Page,[6] it now stands for PHP: Hypertext Preprocessor, a recursive backronym.[7]
 * So, it should be Ok, if you agree. &mdash; Dsimic (talk | contribs) 14:22, 20 April 2014 (UTC)


 * I'd like to make a note: PHP is a recursive acronym, not a recursive backronym. Backronyms are formed when an acronym is made to fit an existing word, which was not the case with PHP. Forcefully (talk) 18:36, 8 July 2014 (UTC)


 * Hello there! Hm, but "PHP" already stood for "Personal Home Page" before "PHP: Hypertext Preprocessor" was coined, thus "PHP" already existed as an abbreviation.  That's why it might be treated as a backronym, as the meaning of "PHP" clearly was "reinvented", so to speak. &mdash; Dsimic (talk | contribs) 20:45, 8 July 2014 (UTC)


 * I know there was a lot of dispute over this whole acronym vs. backronym thing, and I know we solved properly, but I'm wondering whether it's entirely necessary to include this bit of information. This is an article about the programming language, after all. Not an article about its name. Cfjem (talk) 19:21, 9 July 2014 (UTC)


 * Including that detail shouldn't hurt as it also indirectly introduces the concept of recursion, what can't be a bad thing in a programming language article. :) Hope you agree. &mdash; Dsimic (talk | contribs) 00:26, 10 July 2014 (UTC)


 * I guess it can't hurt. Cfjem (talk) 01:26, 13 July 2014 (UTC)

hello world embedded code
has anyone else noticed that the hello world code doesn't work properly? Both Firefox and Chrome return:

Hello World

'; ?>

I'm not knowledgeable enough about PHP to fix even this error properly. --Kwixtartpahtee (talk) 23:05, 22 June 2014 (UTC)


 * @Kwixtartpahtee, it does work on a webserver if you have PHP configured. Yes, I would expect to get the sort of error that you describe if you attempted to run this server-side script on you local PC's browser. TerryE (talk) 09:15, 23 June 2014 (UTC)


 * Open up a terminal, navigate to where you saved the script (e.g., ). Then type   to start a server. Open your browser and go to   and the code will then work. Let99 (talk) 06:24, 10 November 2014 (UTC)


 * ... what applies to PHP 5.4.0+, by the way. :) &mdash; Dsimic (talk | contribs) 06:45, 10 November 2014 (UTC)

Variadic in 5.6?
PHP always had variadic functions, at least since PHP4 days, with func_num_args / func_get_arg / func_get_args / ... ( https://php.net/manual/en/function.func-num-args.php / https://php.net/manual/en/function.func-get-arg.php / https://php.net/manual/en/function.func-get-args.php ) Divinity76 (talk) 10:50, 7 January 2015 (UTC)


 * Hello! Please see http://php.net/manual/en/functions.arguments.php#functions.variable-arg-list for an explanation what changed with variable-length argument lists in PHP 5.6. &mdash; Dsimic (talk | contribs) 07:50, 8 January 2015 (UTC)

Connection to the database
when i use this connection to connect to the database it brigs me errors mysql_connect("localhost","root",""); mysql_select_db("pass"); — Preceding unsigned comment added by 197.232.26.250 (talk) 06:19, 22 April 2015 (UTC)


 * Hello! Talk pages such as this one should contain discussions focused on article improvements, please see WP:NOTFORUM for further information. &mdash; Dsimic (talk | contribs) 04:43, 23 April 2015 (UTC)

PHP syntax and semantics
Does anyone want to help modernize and expand the PHP syntax and semantics page? It's really bad at the moment. Let99 (talk) 06:21, 10 November 2014 (UTC)


 * Hello! Hm, why do we have that article at all?  It looks like a manual, what's pretty much against WP:NOTMANUAL. &mdash; Dsimic (talk | contribs) 06:44, 10 November 2014 (UTC)
 * Well, we have Python syntax and semantics too. &mdash;ajf (talk) 15:55, 10 November 2014 (UTC)
 * Which doesn't make it better: That's pretty much against WP:NOTMANUAL. Such articles should not exist inside the enWP. --88.130.86.109 (talk) 15:35, 6 May 2015 (UTC)