PHP
downloads | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

What is PHP?

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. After that, check out the online manual, and the example archive sites and some of the other resources available in the links section.

Ever wondered how popular PHP is? see the Netcraft Survey.

Thanks To

Related sites

Community

Syndication

You can grab our news as an RSS feed via a daily dump in a file named news.rss.

Upcoming Events [add]

May

Conferences

17. Chicago php|tek 2007
18. Italian PHPDay

User Group Events

17. TriPUG
17. OINK-PUG (Cincinnati, Ohio)
17. Utah PHP Users Group Meeting
19. Kansas City
19. Miami Linux Users Group
19. Twin Cities PHP
19. Los Angeles LAMPsig
22. New York
22. AzPHP
22. San Antonio PHP Meetup
28. Long Island PHP Users Group
29. Malaysia PHP Meetup
29. PHP Usergroup Karlsruhe
30. Irish PHP Users Group meeting
31. Arabic PHP Group Meeting
31. Malaysia PHP User Group Meet Up
31. Sandy PHP Group

June

Conferences

9. PHP Vikinger

User Group Events

1. Köln/Bonn
3. PHP meeting online in China
3. meeting de LAMPistas en La Paz
4. PHP Meetup Columbia MD
5. SW Florida Linux Users Group
5. PDXPHP monthly meeting
5. Providence PHP Meetup
6. Meeting PHP Usergroup OWL
7. SDPHP (San Diego, CA)
7. Hannover
7. Meetup Day
7. Omaha PHP Users Group Meetup
7. PHP London
7. The Houston PHP Users Group
7. Boston PHP Meetup
7. Atlanta PHP User Group
7. Manchester UK - PHP Group
7. EdPUG - Edinburgh PHP User Group
7. Sydney PHP Group meetings
7. PHP UG Meetup Auckland
7. Cape Town PHP Users Group
7. Jacksonville User Group
7. Seattle PHP Meetup Group
9. PHP User Group Nanaimo, BC/CA
9. PEA meeting from phpchina
12. Hamburg
12. Dallas PHP/MySQL Users Group
12. Dallas PHP Users Group (DPUG)
12. Austin PHP Meetup
12. OKC PHP Meetup
12. Seattle PHP Users Group
13. Wash DC PHP Developers Group
13. Stuttgart
14. Meeting usergroup Dortmund
14. PHP Usergroup Frankfurt/Main
14. Melbourne PHP Users Group
16. Kansas City
16. Miami Linux Users Group
16. Twin Cities PHP
16. Los Angeles LAMPsig
19. Madison PHP User's Group
19. PHP Brisbane Meetup Group
20. Miami PHP User Group
20. Broward Php Usergroup
20. Nashville PHP Users Group
20. Chicago PHP User Group Brunch
21. TriPUG
21. OINK-PUG (Cincinnati, Ohio)
21. Utah PHP Users Group Meeting
25. Long Island PHP Users Group
26. New York
26. AzPHP
26. San Antonio PHP Meetup
26. Malaysia PHP Meetup
26. PHP Usergroup Karlsruhe
27. Irish PHP Users Group meeting
28. Arabic PHP Group Meeting
28. Malaysia PHP User Group Meet Up
28. Sandy PHP Group

Training

1. Weekend course PHP
1. PHP/MySQL training San Francisco
3. Ahmedabad PHP Group Training
4. MySQL Spain
4. Curso PHP Madrid
4. PHP E-Learning/Germany
4. Curso on-line ActionScript / PHP
4. PHP & MySQL Training in Kassel
4. PHP & MySQL com Dreamweaver MX
4. Curso on-line de PHP
4. PHP & MYSQL-Construindo WebSites
4. PHP Programming Boot Camp
5. Curso on-line de PHP-MySQL
5. PHP Class at CalTek
6. PHP Training - Chennai - India
7. Curso de PHP Avanzado en Bilbao
11. PHP para Expertos Curso on-line
11. Curso PHP y MySQL
11. PHP Programming Boot Camp - USA
11. Formation PHP maitrise
11. Formation PHP Maitrise
18. PHP & MySQL Training / Gießen
18. Advanced PHP Programming
18. PHP Intro Course South Africa
19. Cursos de PHP en Bilbao
21. Chennai PHP Training
25. Basic PHP Course
25. LAMP Training in Ottawa
25. LAMP Training in Montreal
25. PHP Training Philippines
26. UK PHP Training
28. PHP Brasil - Training

PHP 5.2.2 and PHP 4.4.7 Released

[03-May-2007] The PHP development team would like to announce the immediate availability of PHP 5.2.2 and availability of PHP 4.4.7. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.2 release can be found in the release announcement for 5.2.2, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.7 release can be found in the release announcement for 4.4.7, the full list of changes is available in the ChangeLog for PHP 4.

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

  • Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
  • Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
  • Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)
  • Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)
  • Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
  • Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).
  • Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)
  • Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
  • Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)
  • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)

Security Enhancements and Fixes in PHP 5.2.2 only:

  • Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser)
  • Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
  • Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
  • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky)
  • Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)

Security Enhancements and Fixes in PHP 4.4.7 only:

  • XSS in phpinfo() (MOPB-8 by Stefan Esser)

While majority of the issues outlined above are local, in some circumstances given specific code paths they can be triggered externally. Therefor, we strongly recommend that if you use code utilizing the functions and extensions identified as having had vulnerabilities in them, you consider upgrading your PHP.

For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.2.

Update: May 4th; The PHP 4.4.7 Windows build was updated due to the faulty Apache2 module shipped with the original

The PHP.net Google Summer of Code

[14-Apr-2007] The PHP team is once again proud to participate in the Google Summer of Code. Seven students will "flip bits instead of burgers" this summer:

  • Mentored by Michael Wallner, Hannes Magnusson will work on LiveDocs, which is a "tool to display DocBook XML files in a web browser on the fly, without the need of building all HTML target files first". This project will be of great value to the PHP Documentation Team.
  • The PHP Interpreter uses reference counting to keep track of which objects are no longer referenced and thus can be destroyed. A major weakness in the current implementation is that it cannot detect reference cycles, that is objects that reference each other in a circular graph structure which is not referenced itself from outside the circle. Mentored by Derick Rethans, David Wang will implement a new reference counting algorithm that will alleviate this problem.
  • Xdebug provides a range of useful functionality for PHP developers, including detailed error information, code coverage and profiling support, and support for remote debugging using the GDB and DBGp protocols. Mentored by Xdebug's creator, Derick Rethans, Adam Harvey will develop a cross-platform GUI application that implements the DBGp protocol and allows PHP applications to be debugged using Xdebug in a development environment agnostic fashion.
  • Mentored by Lukas Smith, Konsta Vesterinen will work on the object-relational mapper Doctrine.
  • Mutation Testing, or Automated Error Seeding, is an approach where the testing tool makes some change to the tested code, runs the tests, and if the tests pass displays a message saying what it changed. This approach is different than code coverage analysis, because it can find code that is executed by the running of tests but not actually tested. Mentored by Sebastian Bergmann, Mike Lewis will implement Mutation Testing for PHPUnit.
  • Mentored by Helgi Þormar Þorbjörnsson, Igor Feghali will add support for foreign keys to MDB2_Schema, a package that "enables users to maintain RDBMS independant schema files in XML that can be used to create, alter and drop database entities and insert data into a database".
  • Mentored by David Coallier, Nicolas Bérard-Nault will refactor the internals of Jaws, a Framework and Content Management System for building dynamic web sites, for PHP 6.

PHP 4.4.6 Released

[01-Mar-2007] The PHP development team would like to announce the immediate availability of PHP 4.4.6. The main issue that this release addresses is a crash problem that was introduced in PHP 4.4.5. The problem occurs when session variables are used while register_globals is enabled. Details about the PHP 4.4.6 release can be found in the release announcement for 4.4.6, the full list of changes is available in the ChangeLog for PHP 4.

PHP 5.2.1 and PHP 4.4.5 Released

[14-Feb-2007] The PHP development team would like to announce the immediate availability of PHP 5.2.1 and availability of PHP 4.4.5. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.1 release can be found in the release announcement for 5.2.1, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.5 release can be found in the release announcement for 4.4.5, the full list of changes is available in the ChangeLog for PHP 4.

Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:

  • Fixed possible safe_mode & open_basedir bypasses inside the session extension.
  • Fixed unserialize() abuse on 64 bit systems with certain input strings.
  • Fixed possible overflows and stack corruptions in the session extension.
  • Fixed an underflow inside the internal sapi_header_op() function.
  • Fixed non-validated resource destruction inside the shmop extension.
  • Fixed a possible overflow in the str_replace() function.
  • Fixed possible clobbering of super-globals in several code paths.
  • Fixed a possible information disclosure inside the wddx extension.
  • Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
  • Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.
  • Fixed a string format vulnerability inside the odbc_result_all() function.

Security Enhancements and Fixes in PHP 5.2.1 only:

  • Prevent search engines from indexing the phpinfo() page.
  • Fixed a number of input processing bugs inside the filter extension.
  • Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
  • Fixed possible stack/buffer overflows inside zip, imap & sqlite extensions.
  • Fixed several possible buffer overflows inside the stream filters.
  • Memory limit is now enabled by default.
  • Added internal heap protection.
  • Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.

Security Enhancements and Fixes in PHP 4.4.5 only:

  • Fixed possible overflows inside zip & imap extensions.
  • Fixed a possible buffer overflow inside mail() function on Windows.
  • Unbundled the ovrimos extension.

The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible.

For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.1.

Update: Feb 14th; Added release information for PHP 4.4.5.

Update: Feb 12th; The Windows install package had problems with upgrading from previous PHP versions. That has now been fixed and new file posted in the download section.

The front page has changed

[08-Feb-2007] The news on the front page of php.net has changed, the conference announcements are now located on their own page. The idea is to keep php.net specific news clear and also opens the door for additional news entries, like for RC releases. More changes are on the way so keep an eye out.

The PHP Manual

PHP Manual Updates

[03-Feb-2007] The PHP documentation team is proud to present to the PHP community a few fixes and tweaks to the PHP Manual, including:

  • an improved, XSL-based build system that will deliver compiled manuals to mirrors in a more timely manner (goodbye dsssl)
  • manual pages can now contain images (see imagearc() for an example)
  • updated function version information and capture system (fewer "no version information, might be only in CVS" messages)
  • ... and more to come!

Please help us improve the documentation by submitting bug reports, and adding notes to undocumented functions.

News Archive

 
RSS | show source | credits | stats | sitemap | contact | advertising | mirror sites