The PHP date() function is used to format a time or a date.
--------------------------------------------------------------------------------
The PHP Date() Function
The PHP date() function formats a timestamp to a more readable date and time.
Syntax
date(format,timestamp)
Parameter Description
format Required. Specifies the format of the timestamp
timestamp Optional. Specifies a timestamp. Default is the current date and time (as a timestamp)
--------------------------------------------------------------------------------
PHP Date - What is a Timestamp?
A timestamp is the number of seconds since January 1, 1970 at 00:00:00 GMT. This is also known as the Unix Timestamp.
--------------------------------------------------------------------------------
PHP Date - Format the Date
The first parameter in the date() function specifies how to format the date/time. It uses letters to represent date and time formats. Here are some of the letters that can be used:
d - The day of the month (01-31)
m - The current month, as a number (01-12)
Y - The current year in four digits
An overview of all the letters that can be used in the format parameter, can be found in our PHP Date reference.
Other characters, like"/", ".", or "-" can also be inserted between the letters to add additional formatting:
echo date("Y/m/d");
echo "
";
echo date("Y.m.d");
echo "
";
echo date("Y-m-d");
?>
The output of the code above could be something like this:
2006/07/11
2006.07.11
2006-07-11
--------------------------------------------------------------------------------
PHP Date - Adding a Timestamp
The second parameter in the date() function specifies a timestamp. This parameter is optional. If you do not supply a timestamp, the current time will be used.
In our next example we will use the mktime() function to create a timestamp for tomorrow.
The mktime() function returns the Unix timestamp for a specified date.
Syntax
mktime(hour,minute,second,month,day,year,is_dst)
To go one day in the future we simply add one to the day argument of mktime():
$tomorrow = mktime(0,0,0,date("m"),date("d")+1,date("Y"));echo "Tomorrow is ".date("Y/m/d", $tomorrow);
?>
The output of the code above could be something like this:
Tomorrow is 2006/07/12
--------------------------------------------------------------------------------
PHP Date - Reference
For more information about all the PHP date functions, please visit our PHP Date Reference.
Wednesday, January 23, 2008
PHP $_POST
The $_POST variable is used to collect values from a form with method="post".
--------------------------------------------------------------------------------
The $_POST Variable
The $_POST variable is an array of variable names and values sent by the HTTP POST method.
The $_POST variable is used to collect values from a form with method="post". Information sent from a form with the POST method is invisible to others and has no limits on the amount of information to send.
Example
When the user clicks the "Submit" button, the URL will not contain any form data, and will look something like this:
http://www.w3schools.com/welcome.php
The "welcome.php" file can now use the $_POST variable to catch the form data (notice that the names of the form fields will automatically be the ID keys in the $_POST array):
Welcome .
You are years old!
--------------------------------------------------------------------------------
Why use $_POST?
Variables sent with HTTP POST are not shown in the URL
Variables have no length limit
However, because the variables are not displayed in the URL, it is not possible to bookmark the page.
--------------------------------------------------------------------------------
The $_REQUEST Variable
The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE.
The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods.
Example
Welcome .
You are years old!
--------------------------------------------------------------------------------
The $_POST Variable
The $_POST variable is an array of variable names and values sent by the HTTP POST method.
The $_POST variable is used to collect values from a form with method="post". Information sent from a form with the POST method is invisible to others and has no limits on the amount of information to send.
Example
When the user clicks the "Submit" button, the URL will not contain any form data, and will look something like this:
http://www.w3schools.com/welcome.php
The "welcome.php" file can now use the $_POST variable to catch the form data (notice that the names of the form fields will automatically be the ID keys in the $_POST array):
Welcome .
You are years old!
--------------------------------------------------------------------------------
Why use $_POST?
Variables sent with HTTP POST are not shown in the URL
Variables have no length limit
However, because the variables are not displayed in the URL, it is not possible to bookmark the page.
--------------------------------------------------------------------------------
The $_REQUEST Variable
The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE.
The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods.
Example
Welcome .
You are years old!
PHP $_GET
The $_GET variable is used to collect values from a form with method="get".
--------------------------------------------------------------------------------
The $_GET Variable
The $_GET variable is an array of variable names and values sent by the HTTP GET method.
The $_GET variable is used to collect values from a form with method="get". Information sent from a form with the GET method is visible to everyone (it will be displayed in the browser's address bar) and it has limits on the amount of information to send (max. 100 characters).
Example
When the user clicks the "Submit" button, the URL sent could look something like this:
http://www.w3schools.com/welcome.php?name=Peter&age=37
The "welcome.php" file can now use the $_GET variable to catch the form data (notice that the names of the form fields will automatically be the ID keys in the $_GET array):
Welcome .
You are years old!
--------------------------------------------------------------------------------
Why use $_GET?
Note: When using the $_GET variable all variable names and values are displayed in the URL. So this method should not be used when sending passwords or other sensitive information! However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases.
Note: The HTTP GET method is not suitable on large variable values; the value cannot exceed 100 characters.
--------------------------------------------------------------------------------
The $_REQUEST Variable
The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE.
The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods.
Example
Welcome .
You are years old!
--------------------------------------------------------------------------------
The $_GET Variable
The $_GET variable is an array of variable names and values sent by the HTTP GET method.
The $_GET variable is used to collect values from a form with method="get". Information sent from a form with the GET method is visible to everyone (it will be displayed in the browser's address bar) and it has limits on the amount of information to send (max. 100 characters).
Example
When the user clicks the "Submit" button, the URL sent could look something like this:
http://www.w3schools.com/welcome.php?name=Peter&age=37
The "welcome.php" file can now use the $_GET variable to catch the form data (notice that the names of the form fields will automatically be the ID keys in the $_GET array):
Welcome .
You are years old!
--------------------------------------------------------------------------------
Why use $_GET?
Note: When using the $_GET variable all variable names and values are displayed in the URL. So this method should not be used when sending passwords or other sensitive information! However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases.
Note: The HTTP GET method is not suitable on large variable values; the value cannot exceed 100 characters.
--------------------------------------------------------------------------------
The $_REQUEST Variable
The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE.
The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods.
Example
Welcome .
You are years old!
PHP Forms and User Input
The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input.
--------------------------------------------------------------------------------
PHP Form Handling
The most important thing to notice when dealing with HTML forms and PHP is that any form element in an HTML page will automatically be available to your PHP scripts.
Form example:
The example HTML page above contains two input fields and a submit button. When the user fills in this form and click on the submit button, the form data is sent to the "welcome.php" file.
The "welcome.php" file looks like this:
Welcome .
You are years old.
A sample output of the above script may be:
Welcome John.
You are 28 years old.
The PHP $_GET and $_POST variables will be explained in the next chapters.
--------------------------------------------------------------------------------
Form Validation
User input should be validated whenever possible. Client side validation is faster, and will reduce server load.
However, any site that gets enough traffic to worry about server resources, may also need to worry about site security. You should always use server side validation if the form accesses a database.
A good way to validate a form on the server is to post the form to itself, instead of jumping to a different page. The user will then get the error messages on the same page as the form. This makes it easier to discover the error.
--------------------------------------------------------------------------------
PHP Form Handling
The most important thing to notice when dealing with HTML forms and PHP is that any form element in an HTML page will automatically be available to your PHP scripts.
Form example:
The example HTML page above contains two input fields and a submit button. When the user fills in this form and click on the submit button, the form data is sent to the "welcome.php" file.
The "welcome.php" file looks like this:
Welcome .
You are years old.
A sample output of the above script may be:
Welcome John.
You are 28 years old.
The PHP $_GET and $_POST variables will be explained in the next chapters.
--------------------------------------------------------------------------------
Form Validation
User input should be validated whenever possible. Client side validation is faster, and will reduce server load.
However, any site that gets enough traffic to worry about server resources, may also need to worry about site security. You should always use server side validation if the form accesses a database.
A good way to validate a form on the server is to post the form to itself, instead of jumping to a different page. The user will then get the error messages on the same page as the form. This makes it easier to discover the error.
PHP Functions
The real power of PHP comes from its functions.
In PHP - there are more than 700 built-in functions available.
--------------------------------------------------------------------------------
PHP Functions
In this tutorial we will show you how to create your own functions.
For a reference and examples of the built-in functions, please visit our PHP Reference.
--------------------------------------------------------------------------------
Create a PHP Function
A function is a block of code that can be executed whenever we need it.
Creating PHP functions:
All functions start with the word "function()"
Name the function - It should be possible to understand what the function does by its name. The name can start with a letter or underscore (not a number)
Add a "{" - The function code starts after the opening curly brace
Insert the function code
Add a "}" - The function is finished by a closing curly brace
Example
A simple function that writes my name when it is called:
function writeMyName()
{
echo "Kai Jim Refsnes";
}writeMyName();
?>
--------------------------------------------------------------------------------
Use a PHP Function
Now we will use the function in a PHP script:
function writeMyName()
{
echo "Kai Jim Refsnes";
}echo "Hello world!
";
echo "My name is ";
writeMyName();
echo ".
That's right, ";
writeMyName();
echo " is my name.";
?>
The output of the code above will be:
Hello world!
My name is Kai Jim Refsnes.
That's right, Kai Jim Refsnes is my name.
--------------------------------------------------------------------------------
PHP Functions - Adding parameters
Our first function (writeMyName()) is a very simple function. It only writes a static string.
To add more functionality to a function, we can add parameters. A parameter is just like a variable.
You may have noticed the parentheses after the function name, like: writeMyName(). The parameters are specified inside the parentheses.
Example 1
The following example will write different first names, but the same last name:
function writeMyName($fname)
{
echo $fname . " Refsnes.
";
}echo "My name is ";
writeMyName("Kai Jim");echo "My name is ";
writeMyName("Hege");echo "My name is ";
writeMyName("Stale");
?>
The output of the code above will be:
My name is Kai Jim Refsnes.
My name is Hege Refsnes.
My name is Stale Refsnes.
Example 2
The following function has two parameters:
function writeMyName($fname,$punctuation)
{
echo $fname . " Refsnes" . $punctuation . "
";
}echo "My name is ";
writeMyName("Kai Jim",".");echo "My name is ";
writeMyName("Hege","!");echo "My name is ";
writeMyName("Ståle","...");
?>
The output of the code above will be:
My name is Kai Jim Refsnes.
My name is Hege Refsnes!
My name is Ståle Refsnes...
--------------------------------------------------------------------------------
PHP Functions - Return values
Functions can also be used to return values.
Example
function add($x,$y)
{
$total = $x + $y;
return $total;
}echo "1 + 16 = " . add(1,16);
?>
The output of the code above will be:
1 + 16 = 17
In PHP - there are more than 700 built-in functions available.
--------------------------------------------------------------------------------
PHP Functions
In this tutorial we will show you how to create your own functions.
For a reference and examples of the built-in functions, please visit our PHP Reference.
--------------------------------------------------------------------------------
Create a PHP Function
A function is a block of code that can be executed whenever we need it.
Creating PHP functions:
All functions start with the word "function()"
Name the function - It should be possible to understand what the function does by its name. The name can start with a letter or underscore (not a number)
Add a "{" - The function code starts after the opening curly brace
Insert the function code
Add a "}" - The function is finished by a closing curly brace
Example
A simple function that writes my name when it is called:
function writeMyName()
{
echo "Kai Jim Refsnes";
}writeMyName();
?>
--------------------------------------------------------------------------------
Use a PHP Function
Now we will use the function in a PHP script:
function writeMyName()
{
echo "Kai Jim Refsnes";
}echo "Hello world!
";
echo "My name is ";
writeMyName();
echo ".
That's right, ";
writeMyName();
echo " is my name.";
?>
The output of the code above will be:
Hello world!
My name is Kai Jim Refsnes.
That's right, Kai Jim Refsnes is my name.
--------------------------------------------------------------------------------
PHP Functions - Adding parameters
Our first function (writeMyName()) is a very simple function. It only writes a static string.
To add more functionality to a function, we can add parameters. A parameter is just like a variable.
You may have noticed the parentheses after the function name, like: writeMyName(). The parameters are specified inside the parentheses.
Example 1
The following example will write different first names, but the same last name:
function writeMyName($fname)
{
echo $fname . " Refsnes.
";
}echo "My name is ";
writeMyName("Kai Jim");echo "My name is ";
writeMyName("Hege");echo "My name is ";
writeMyName("Stale");
?>
The output of the code above will be:
My name is Kai Jim Refsnes.
My name is Hege Refsnes.
My name is Stale Refsnes.
Example 2
The following function has two parameters:
function writeMyName($fname,$punctuation)
{
echo $fname . " Refsnes" . $punctuation . "
";
}echo "My name is ";
writeMyName("Kai Jim",".");echo "My name is ";
writeMyName("Hege","!");echo "My name is ";
writeMyName("Ståle","...");
?>
The output of the code above will be:
My name is Kai Jim Refsnes.
My name is Hege Refsnes!
My name is Ståle Refsnes...
--------------------------------------------------------------------------------
PHP Functions - Return values
Functions can also be used to return values.
Example
function add($x,$y)
{
$total = $x + $y;
return $total;
}echo "1 + 16 = " . add(1,16);
?>
The output of the code above will be:
1 + 16 = 17
PHP Looping
Looping statements in PHP are used to execute the same block of code a specified number of times.
--------------------------------------------------------------------------------
Looping
Very often when you write code, you want the same block of code to run a number of times. You can use looping statements in your code to perform this.
In PHP we have the following looping statements:
while - loops through a block of code if and as long as a specified condition is true
do...while - loops through a block of code once, and then repeats the loop as long as a special condition is true
for - loops through a block of code a specified number of times
foreach - loops through a block of code for each element in an array
--------------------------------------------------------------------------------
The while Statement
The while statement will execute a block of code if and as long as a condition is true.
Syntax
while (condition)
code to be executed;
Example
The following example demonstrates a loop that will continue to run as long as the variable i is less than, or equal to 5. i will increase by 1 each time the loop runs:
$i=1;
while($i<=5)
{
echo "The number is " . $i . "
";
$i++;
}
?>
--------------------------------------------------------------------------------
The do...while Statement
The do...while statement will execute a block of code at least once - it then will repeat the loop as long as a condition is true.
Syntax
do
{
code to be executed;
}
while (condition);
Example
The following example will increment the value of i at least once, and it will continue incrementing the variable i as long as it has a value of less than 5:
$i=0;
do
{
$i++;
echo "The number is " . $i . "
";
}
while ($i<5);
?>
--------------------------------------------------------------------------------
The for Statement
The for statement is used when you know how many times you want to execute a statement or a list of statements.
Syntax
for (initialization; condition; increment)
{
code to be executed;
}
Note: The for statement has three parameters. The first parameter initializes variables, the second parameter holds the condition, and the third parameter contains the increments required to implement the loop. If more than one variable is included in the initialization or the increment parameter, they should be separated by commas. The condition must evaluate to true or false.
Example
The following example prints the text "Hello World!" five times:
for ($i=1; $i<=5; $i++)
{
echo "Hello World!
";
}
?>
--------------------------------------------------------------------------------
The foreach Statement
The foreach statement is used to loop through arrays.
For every loop, the value of the current array element is assigned to $value (and the array pointer is moved by one) - so on the next loop, you'll be looking at the next element.
Syntax
foreach (array as value)
{
code to be executed;
}
Example
The following example demonstrates a loop that will print the values of the given array:
$arr=array("one", "two", "three");foreach ($arr as $value)
{
echo "Value: " . $value . "
";
}
?>
--------------------------------------------------------------------------------
Looping
Very often when you write code, you want the same block of code to run a number of times. You can use looping statements in your code to perform this.
In PHP we have the following looping statements:
while - loops through a block of code if and as long as a specified condition is true
do...while - loops through a block of code once, and then repeats the loop as long as a special condition is true
for - loops through a block of code a specified number of times
foreach - loops through a block of code for each element in an array
--------------------------------------------------------------------------------
The while Statement
The while statement will execute a block of code if and as long as a condition is true.
Syntax
while (condition)
code to be executed;
Example
The following example demonstrates a loop that will continue to run as long as the variable i is less than, or equal to 5. i will increase by 1 each time the loop runs:
$i=1;
while($i<=5)
{
echo "The number is " . $i . "
";
$i++;
}
?>
--------------------------------------------------------------------------------
The do...while Statement
The do...while statement will execute a block of code at least once - it then will repeat the loop as long as a condition is true.
Syntax
do
{
code to be executed;
}
while (condition);
Example
The following example will increment the value of i at least once, and it will continue incrementing the variable i as long as it has a value of less than 5:
$i=0;
do
{
$i++;
echo "The number is " . $i . "
";
}
while ($i<5);
?>
--------------------------------------------------------------------------------
The for Statement
The for statement is used when you know how many times you want to execute a statement or a list of statements.
Syntax
for (initialization; condition; increment)
{
code to be executed;
}
Note: The for statement has three parameters. The first parameter initializes variables, the second parameter holds the condition, and the third parameter contains the increments required to implement the loop. If more than one variable is included in the initialization or the increment parameter, they should be separated by commas. The condition must evaluate to true or false.
Example
The following example prints the text "Hello World!" five times:
for ($i=1; $i<=5; $i++)
{
echo "Hello World!
";
}
?>
--------------------------------------------------------------------------------
The foreach Statement
The foreach statement is used to loop through arrays.
For every loop, the value of the current array element is assigned to $value (and the array pointer is moved by one) - so on the next loop, you'll be looking at the next element.
Syntax
foreach (array as value)
{
code to be executed;
}
Example
The following example demonstrates a loop that will print the values of the given array:
$arr=array("one", "two", "three");foreach ($arr as $value)
{
echo "Value: " . $value . "
";
}
?>
PHP Arrays
An array can store one or more values in a single variable name.
--------------------------------------------------------------------------------
What is an array?
When working with PHP, sooner or later, you might want to create many similar variables.
Instead of having many similar variables, you can store the data as elements in an array.
Each element in the array has its own ID so that it can be easily accessed.
There are three different kind of arrays:
Numeric array - An array with a numeric ID key
Associative array - An array where each ID key is associated with a value
Multidimensional array - An array containing one or more arrays
--------------------------------------------------------------------------------
Numeric Arrays
A numeric array stores each element with a numeric ID key.
There are different ways to create a numeric array.
Example 1
In this example the ID key is automatically assigned:
$names = array("Peter","Quagmire","Joe");
Example 2
In this example we assign the ID key manually:
$names[0] = "Peter";
$names[1] = "Quagmire";
$names[2] = "Joe";
The ID keys can be used in a script:
$names[1] = "Quagmire";
$names[2] = "Joe";echo $names[1] . " and " . $names[2] .
" are ". $names[0] . "'s neighbors";
?>
The code above will output:
Quagmire and Joe are Peter's neighbors
--------------------------------------------------------------------------------
Associative Arrays
An associative array, each ID key is associated with a value.
When storing data about specific named values, a numerical array is not always the best way to do it.
With associative arrays we can use the values as keys and assign values to them.
Example 1
In this example we use an array to assign ages to the different persons:
$ages = array("Peter"=>32, "Quagmire"=>30, "Joe"=>34);
Example 2
This example is the same as example 1, but shows a different way of creating the array:
$ages['Peter'] = "32";
$ages['Quagmire'] = "30";
$ages['Joe'] = "34";
The ID keys can be used in a script:
$ages['Quagmire'] = "30";
$ages['Joe'] = "34";echo "Peter is " . $ages['Peter'] . " years old.";
?>
The code above will output:
Peter is 32 years old.
--------------------------------------------------------------------------------
Multidimensional Arrays
In a multidimensional array, each element in the main array can also be an array. And each element in the sub-array can be an array, and so on.
Example
In this example we create a multidimensional array, with automatically assigned ID keys:
$families = array
(
"Griffin"=>array
(
"Peter",
"Lois",
"Megan"
),
"Quagmire"=>array
(
"Glenn"
),
"Brown"=>array
(
"Cleveland",
"Loretta",
"Junior"
)
);
The array above would look like this if written to the output:
Array
(
[Griffin] => Array
(
[0] => Peter
[1] => Lois
[2] => Megan
)
[Quagmire] => Array
(
[0] => Glenn
)
[Brown] => Array
(
[0] => Cleveland
[1] => Loretta
[2] => Junior
)
)
Example 2
Lets try displaying a single value from the array above:
echo "Is " . $families['Griffin'][2] .
" a part of the Griffin family?";
The code above will output:
Is Megan a part of the Griffin family?
--------------------------------------------------------------------------------
What is an array?
When working with PHP, sooner or later, you might want to create many similar variables.
Instead of having many similar variables, you can store the data as elements in an array.
Each element in the array has its own ID so that it can be easily accessed.
There are three different kind of arrays:
Numeric array - An array with a numeric ID key
Associative array - An array where each ID key is associated with a value
Multidimensional array - An array containing one or more arrays
--------------------------------------------------------------------------------
Numeric Arrays
A numeric array stores each element with a numeric ID key.
There are different ways to create a numeric array.
Example 1
In this example the ID key is automatically assigned:
$names = array("Peter","Quagmire","Joe");
Example 2
In this example we assign the ID key manually:
$names[0] = "Peter";
$names[1] = "Quagmire";
$names[2] = "Joe";
The ID keys can be used in a script:
$names[1] = "Quagmire";
$names[2] = "Joe";echo $names[1] . " and " . $names[2] .
" are ". $names[0] . "'s neighbors";
?>
The code above will output:
Quagmire and Joe are Peter's neighbors
--------------------------------------------------------------------------------
Associative Arrays
An associative array, each ID key is associated with a value.
When storing data about specific named values, a numerical array is not always the best way to do it.
With associative arrays we can use the values as keys and assign values to them.
Example 1
In this example we use an array to assign ages to the different persons:
$ages = array("Peter"=>32, "Quagmire"=>30, "Joe"=>34);
Example 2
This example is the same as example 1, but shows a different way of creating the array:
$ages['Peter'] = "32";
$ages['Quagmire'] = "30";
$ages['Joe'] = "34";
The ID keys can be used in a script:
$ages['Quagmire'] = "30";
$ages['Joe'] = "34";echo "Peter is " . $ages['Peter'] . " years old.";
?>
The code above will output:
Peter is 32 years old.
--------------------------------------------------------------------------------
Multidimensional Arrays
In a multidimensional array, each element in the main array can also be an array. And each element in the sub-array can be an array, and so on.
Example
In this example we create a multidimensional array, with automatically assigned ID keys:
$families = array
(
"Griffin"=>array
(
"Peter",
"Lois",
"Megan"
),
"Quagmire"=>array
(
"Glenn"
),
"Brown"=>array
(
"Cleveland",
"Loretta",
"Junior"
)
);
The array above would look like this if written to the output:
Array
(
[Griffin] => Array
(
[0] => Peter
[1] => Lois
[2] => Megan
)
[Quagmire] => Array
(
[0] => Glenn
)
[Brown] => Array
(
[0] => Cleveland
[1] => Loretta
[2] => Junior
)
)
Example 2
Lets try displaying a single value from the array above:
echo "Is " . $families['Griffin'][2] .
" a part of the Griffin family?";
The code above will output:
Is Megan a part of the Griffin family?
PHP Switch Statement
The Switch statement in PHP is used to perform one of several different actions based on one of several different conditions.
--------------------------------------------------------------------------------
The Switch Statement
If you want to select one of many blocks of code to be executed, use the Switch statement.
The switch statement is used to avoid long blocks of if..elseif..else code.
Syntax
switch (expression)
{
case label1:
code to be executed if expression = label1;
break;
case label2:
code to be executed if expression = label2;
break;
default:
code to be executed
if expression is different
from both label1 and label2;
}
Example
This is how it works:
A single expression (most often a variable) is evaluated once
The value of the expression is compared with the values for each case in the structure
If there is a match, the code associated with that case is executed
After a code is executed, break is used to stop the code from running into the next case
The default statement is used if none of the cases are true
switch ($x)
{
case 1:
echo "Number 1";
break;
case 2:
echo "Number 2";
break;
case 3:
echo "Number 3";
break;
default:
echo "No number between 1 and 3";
}
?>
--------------------------------------------------------------------------------
The Switch Statement
If you want to select one of many blocks of code to be executed, use the Switch statement.
The switch statement is used to avoid long blocks of if..elseif..else code.
Syntax
switch (expression)
{
case label1:
code to be executed if expression = label1;
break;
case label2:
code to be executed if expression = label2;
break;
default:
code to be executed
if expression is different
from both label1 and label2;
}
Example
This is how it works:
A single expression (most often a variable) is evaluated once
The value of the expression is compared with the values for each case in the structure
If there is a match, the code associated with that case is executed
After a code is executed, break is used to stop the code from running into the next case
The default statement is used if none of the cases are true
switch ($x)
{
case 1:
echo "Number 1";
break;
case 2:
echo "Number 2";
break;
case 3:
echo "Number 3";
break;
default:
echo "No number between 1 and 3";
}
?>
PHP If...Else Statements
The if, elseif and else statements in PHP are used to perform different actions based on different conditions.
Conditional Statements
Very often when you write code, you want to perform different actions for different decisions.
You can use conditional statements in your code to do this.
if...else statement - use this statement if you want to execute a set of code when a condition is true and another if the condition is not true
elseif statement - is used with the if...else statement to execute a set of code if one of several condition are true
The If...Else Statement
If you want to execute some code if a condition is true and another code if a condition is false, use the if....else statement.
Syntax
if (condition)
code to be executed if condition is true;
else
code to be executed if condition is false;
Example
The following example will output "Have a nice weekend!" if the current day is Friday, otherwise it will output "Have a nice day!":
$d=date("D");
if ($d=="Fri")
echo "Have a nice weekend!";
else
echo "Have a nice day!";
?>
If more than one line should be executed if a condition is true/false, the lines should be enclosed within curly braces:
$d=date("D");
if ($d=="Fri")
{
echo "Hello!
";
echo "Have a nice weekend!";
echo "See you on Monday!";
}
?>
The ElseIf Statement
If you want to execute some code if one of several conditions are true use the elseif statement
Syntax
if (condition)
code to be executed if condition is true;
elseif (condition)
code to be executed if condition is true;
else
code to be executed if condition is false;
Example
The following example will output "Have a nice weekend!" if the current day is Friday, and "Have a nice Sunday!" if the current day is Sunday. Otherwise it will output "Have a nice day!":
$d=date("D");
if ($d=="Fri")
echo "Have a nice weekend!";
elseif ($d=="Sun")
echo "Have a nice Sunday!";
else
echo "Have a nice day!";
?>
Conditional Statements
Very often when you write code, you want to perform different actions for different decisions.
You can use conditional statements in your code to do this.
if...else statement - use this statement if you want to execute a set of code when a condition is true and another if the condition is not true
elseif statement - is used with the if...else statement to execute a set of code if one of several condition are true
The If...Else Statement
If you want to execute some code if a condition is true and another code if a condition is false, use the if....else statement.
Syntax
if (condition)
code to be executed if condition is true;
else
code to be executed if condition is false;
Example
The following example will output "Have a nice weekend!" if the current day is Friday, otherwise it will output "Have a nice day!":
$d=date("D");
if ($d=="Fri")
echo "Have a nice weekend!";
else
echo "Have a nice day!";
?>
If more than one line should be executed if a condition is true/false, the lines should be enclosed within curly braces:
$d=date("D");
if ($d=="Fri")
{
echo "Hello!
";
echo "Have a nice weekend!";
echo "See you on Monday!";
}
?>
The ElseIf Statement
If you want to execute some code if one of several conditions are true use the elseif statement
Syntax
if (condition)
code to be executed if condition is true;
elseif (condition)
code to be executed if condition is true;
else
code to be executed if condition is false;
Example
The following example will output "Have a nice weekend!" if the current day is Friday, and "Have a nice Sunday!" if the current day is Sunday. Otherwise it will output "Have a nice day!":
$d=date("D");
if ($d=="Fri")
echo "Have a nice weekend!";
elseif ($d=="Sun")
echo "Have a nice Sunday!";
else
echo "Have a nice day!";
?>
PHP Operators
Operators are used to operate on values.
PHP Operators
This section lists the different operators used in PHP.
Arithmetic Operators
Operator
Description
Example
Result
+
Addition
x=2x+2
4
-
Subtraction
x=25-x
3
*
Multiplication
x=4x*5
20
/
Division
15/55/2
32.5
%
Modulus (division remainder)
5%210%810%2
120
++
Increment
x=5x++
x=6
--
Decrement
x=5x--
x=4
Assignment Operators
Operator
Example
Is The Same As
=
x=y
x=y
+=
x+=y
x=x+y
-=
x-=y
x=x-y
*=
x*=y
x=x*y
/=
x/=y
x=x/y
.=
x.=y
x=x.y
%=
x%=y
x=x%y
Comparison Operators
Operator
Description
Example
==
is equal to
5==8 returns false
!=
is not equal
5!=8 returns true
>
is greater than
5>8 returns false
<
is less than
5<8 returns true
>=
is greater than or equal to
5>=8 returns false
<=
is less than or equal to
5<=8 returns true
Logical Operators
Operator
Description
Example
&&
and
x=6y=3
(x <> 1) returns true
or
x=6y=3
(x==5 y==5) returns false
!
not
x=6y=3
!(x==y) returns true
PHP Operators
This section lists the different operators used in PHP.
Arithmetic Operators
Operator
Description
Example
Result
+
Addition
x=2x+2
4
-
Subtraction
x=25-x
3
*
Multiplication
x=4x*5
20
/
Division
15/55/2
32.5
%
Modulus (division remainder)
5%210%810%2
120
++
Increment
x=5x++
x=6
--
Decrement
x=5x--
x=4
Assignment Operators
Operator
Example
Is The Same As
=
x=y
x=y
+=
x+=y
x=x+y
-=
x-=y
x=x-y
*=
x*=y
x=x*y
/=
x/=y
x=x/y
.=
x.=y
x=x.y
%=
x%=y
x=x%y
Comparison Operators
Operator
Description
Example
==
is equal to
5==8 returns false
!=
is not equal
5!=8 returns true
>
is greater than
5>8 returns false
<
is less than
5<8 returns true
>=
is greater than or equal to
5>=8 returns false
<=
is less than or equal to
5<=8 returns true
Logical Operators
Operator
Description
Example
&&
and
x=6y=3
(x <> 1) returns true
or
x=6y=3
(x==5 y==5) returns false
!
not
x=6y=3
!(x==y) returns true
PHP String
A string variable is used to store and manipulate a piece of text.
Strings in PHP
String variables are used for values that contains character strings.
In this tutorial we are going to look at some of the most common functions and operators used to manipulate strings in PHP.
After we create a string we can manipulate it. A string can be used directly in a function or it can be stored in a variable.
Below, the PHP script assigns the string "Hello World" to a string variable called $txt:
$txt="Hello World";
echo $txt;
?>
The output of the code above will be:
Hello World
Now, lets try to use some different functions and operators to manipulate our string.
The Concatenation Operator
There is only one string operator in PHP.
The concatenation operator (.) is used to put two string values together.
To concatenate two variables together, use the dot (.) operator:
$txt1="Hello World";
$txt2="1234";
echo $txt1 . " " . $txt2;
?>
The output of the code above will be:
Hello World 1234
If we look at the code above you see that we used the concatenation operator two times. This is because we had to insert a third string.
Between the two string variables we added a string with a single character, an empty space, to separate the two variables.
Using the strlen() function
The strlen() function is used to find the length of a string.
Let's find the length of our string "Hello world!":
echo strlen("Hello world!");
?>
The output of the code above will be:
12
The length of a string is often used in loops or other functions, when it is important to know when the string ends. (i.e. in a loop, we would want to stop the loop after the last character in the string)
Using the strpos() function
The strpos() function is used to search for a string or character within a string.
If a match is found in the string, this function will return the position of the first match. If no match is found, it will return FALSE.
Let's see if we can find the string "world" in our string:
echo strpos("Hello world!","world");
?>
The output of the code above will be:
6
As you see the position of the string "world" in our string is position 6. The reason that it is 6, and not 7, is that the first position in the string is 0, and not 1.
Complete PHP String Reference
For a complete reference of all string functions, go to our complete PHP String Reference.
The reference contains a brief description and examples of use for each function!
Strings in PHP
String variables are used for values that contains character strings.
In this tutorial we are going to look at some of the most common functions and operators used to manipulate strings in PHP.
After we create a string we can manipulate it. A string can be used directly in a function or it can be stored in a variable.
Below, the PHP script assigns the string "Hello World" to a string variable called $txt:
$txt="Hello World";
echo $txt;
?>
The output of the code above will be:
Hello World
Now, lets try to use some different functions and operators to manipulate our string.
The Concatenation Operator
There is only one string operator in PHP.
The concatenation operator (.) is used to put two string values together.
To concatenate two variables together, use the dot (.) operator:
$txt1="Hello World";
$txt2="1234";
echo $txt1 . " " . $txt2;
?>
The output of the code above will be:
Hello World 1234
If we look at the code above you see that we used the concatenation operator two times. This is because we had to insert a third string.
Between the two string variables we added a string with a single character, an empty space, to separate the two variables.
Using the strlen() function
The strlen() function is used to find the length of a string.
Let's find the length of our string "Hello world!":
echo strlen("Hello world!");
?>
The output of the code above will be:
12
The length of a string is often used in loops or other functions, when it is important to know when the string ends. (i.e. in a loop, we would want to stop the loop after the last character in the string)
Using the strpos() function
The strpos() function is used to search for a string or character within a string.
If a match is found in the string, this function will return the position of the first match. If no match is found, it will return FALSE.
Let's see if we can find the string "world" in our string:
echo strpos("Hello world!","world");
?>
The output of the code above will be:
6
As you see the position of the string "world" in our string is position 6. The reason that it is 6, and not 7, is that the first position in the string is 0, and not 1.
Complete PHP String Reference
For a complete reference of all string functions, go to our complete PHP String Reference.
The reference contains a brief description and examples of use for each function!
PHP Variables
Variables are used for storing values, such as numbers, strings or function results, so that they can be used many times in a script.
Variables in PHP
Variables are used for storing a values, like text strings, numbers or arrays.
When a variable is set it can be used over and over again in your script
All variables in PHP start with a $ sign symbol.
The correct way of setting a variable in PHP:
$var_name = value;
New PHP programmers often forget the $ sign at the beginning of the variable. In that case it will not work.
Let's try creating a variable with a string, and a variable with a number:
$txt = "Hello World!";
$number = 16;
?>
PHP is a Loosely Typed Language
In PHP a variable does not need to be declared before being set.
In the example above, you see that you do not have to tell PHP which data type the variable is.
PHP automatically converts the variable to the correct data type, depending on how they are set.
In a strongly typed programming language, you have to declare (define) the type and name of the variable before using it.
In PHP the variable is declared automatically when you use it.
Variable Naming Rules
A variable name must start with a letter or an underscore "_"
A variable name can only contain alpha-numeric characters and underscores (a-Z, 0-9, and _ )
A variable name should not contain spaces. If a variable name is more than one word, it should be separated with underscore ($my_string), or with capitalization ($myString)
Variables in PHP
Variables are used for storing a values, like text strings, numbers or arrays.
When a variable is set it can be used over and over again in your script
All variables in PHP start with a $ sign symbol.
The correct way of setting a variable in PHP:
$var_name = value;
New PHP programmers often forget the $ sign at the beginning of the variable. In that case it will not work.
Let's try creating a variable with a string, and a variable with a number:
$txt = "Hello World!";
$number = 16;
?>
PHP is a Loosely Typed Language
In PHP a variable does not need to be declared before being set.
In the example above, you see that you do not have to tell PHP which data type the variable is.
PHP automatically converts the variable to the correct data type, depending on how they are set.
In a strongly typed programming language, you have to declare (define) the type and name of the variable before using it.
In PHP the variable is declared automatically when you use it.
Variable Naming Rules
A variable name must start with a letter or an underscore "_"
A variable name can only contain alpha-numeric characters and underscores (a-Z, 0-9, and _ )
A variable name should not contain spaces. If a variable name is more than one word, it should be separated with underscore ($my_string), or with capitalization ($myString)
PHP Syntax
You cannot view the PHP source code by selecting "View source" in the browser - you will only see the output from the PHP file, which is plain HTML. This is because the scripts are executed on the server before the result is sent back to the browser.
Basic PHP Syntax
A PHP scripting block always starts with . A PHP scripting block can be placed anywhere in the document.
On servers with shorthand support enabled you can start a scripting block with .
However, for maximum compatibility, we recommend that you use the standard form (
A PHP file normally contains HTML tags, just like an HTML file, and some PHP scripting code.
Below, we have an example of a simple PHP script which sends the text "Hello World" to the browser:
Each code line in PHP must end with a semicolon. The semicolon is a separator and is used to distinguish one set of instructions from another.
There are two basic statements to output text with PHP: echo and print. In the example above we have used the echo statement to output the text "Hello World".
Comments in PHP
In PHP, we use // to make a single-line comment or /* and */ to make a large comment block.
Basic PHP Syntax
A PHP scripting block always starts with . A PHP scripting block can be placed anywhere in the document.
On servers with shorthand support enabled you can start a scripting block with .
However, for maximum compatibility, we recommend that you use the standard form (
A PHP file normally contains HTML tags, just like an HTML file, and some PHP scripting code.
Below, we have an example of a simple PHP script which sends the text "Hello World" to the browser:
Each code line in PHP must end with a semicolon. The semicolon is a separator and is used to distinguish one set of instructions from another.
There are two basic statements to output text with PHP: echo and print. In the example above we have used the echo statement to output the text "Hello World".
Comments in PHP
In PHP, we use // to make a single-line comment or /* and */ to make a large comment block.
PHP Installation
What do You Need?
This tutorial will not explain how to install PHP, MySQL, or Apache Server.
If your server supports PHP - you don't need to do anything! You do not need to compile anything or install any extra tools - just create some .php files in your web directory - and the server will parse them for you. Most web hosts offer PHP support.
However, if your server does not support PHP, you must install PHP. Below is a link to a good tutorial from PHP.net on how to install PHP5:
http://www.php.net/manual/en/install.php
Download PHP
Download PHP for free here: http://www.php.net/downloads.php
Download MySQL Database
Download MySQL for free here: http://www.mysql.com/downloads/index.html
Download Apache Server
Download Apache for free here: http://httpd.apache.org/download.cgi
This tutorial will not explain how to install PHP, MySQL, or Apache Server.
If your server supports PHP - you don't need to do anything! You do not need to compile anything or install any extra tools - just create some .php files in your web directory - and the server will parse them for you. Most web hosts offer PHP support.
However, if your server does not support PHP, you must install PHP. Below is a link to a good tutorial from PHP.net on how to install PHP5:
http://www.php.net/manual/en/install.php
Download PHP
Download PHP for free here: http://www.php.net/downloads.php
Download MySQL Database
Download MySQL for free here: http://www.mysql.com/downloads/index.html
Download Apache Server
Download Apache for free here: http://httpd.apache.org/download.cgi
Introduction to PHP
What You Should Already Know
Before you continue you should have a basic understanding of the following:
HTML / XHTML
Some scripting knowledge
If you want to study these subjects first, find the tutorials on our Home page.
What is PHP?
PHP stands for PHP: Hypertext Preprocessor
PHP is a server-side scripting language, like ASP
PHP scripts are executed on the server
PHP supports many databases (MySQL, Informix, Oracle, Sybase, Solid, PostgreSQL, Generic ODBC, etc.)
PHP is an open source software (OSS)
PHP is free to download and use
What is a PHP File?
PHP files may contain text, HTML tags and scripts
PHP files are returned to the browser as plain HTML
PHP files have a file extension of ".php", ".php3", or ".phtml"
What is MySQL?
MySQL is a database server
MySQL is ideal for both small and large applications
MySQL supports standard SQL
MySQL compiles on a number of platforms
MySQL is free to download and use
PHP + MySQL
PHP combined with MySQL are cross-platform (means that you can develop in Windows and serve on a Unix platform)
Why PHP?
PHP runs on different platforms (Windows, Linux, Unix, etc.)
PHP is compatible with almost all servers used today (Apache, IIS, etc.)
PHP is FREE to download from the official PHP resource: www.php.net
PHP is easy to learn and runs efficiently on the server side
Where to Start?
Install an Apache server on a Windows or Linux machine
Install PHP on a Windows or Linux machine
Install MySQL on a Windows or Linux machine
Before you continue you should have a basic understanding of the following:
HTML / XHTML
Some scripting knowledge
If you want to study these subjects first, find the tutorials on our Home page.
What is PHP?
PHP stands for PHP: Hypertext Preprocessor
PHP is a server-side scripting language, like ASP
PHP scripts are executed on the server
PHP supports many databases (MySQL, Informix, Oracle, Sybase, Solid, PostgreSQL, Generic ODBC, etc.)
PHP is an open source software (OSS)
PHP is free to download and use
What is a PHP File?
PHP files may contain text, HTML tags and scripts
PHP files are returned to the browser as plain HTML
PHP files have a file extension of ".php", ".php3", or ".phtml"
What is MySQL?
MySQL is a database server
MySQL is ideal for both small and large applications
MySQL supports standard SQL
MySQL compiles on a number of platforms
MySQL is free to download and use
PHP + MySQL
PHP combined with MySQL are cross-platform (means that you can develop in Windows and serve on a Unix platform)
Why PHP?
PHP runs on different platforms (Windows, Linux, Unix, etc.)
PHP is compatible with almost all servers used today (Apache, IIS, etc.)
PHP is FREE to download from the official PHP resource: www.php.net
PHP is easy to learn and runs efficiently on the server side
Where to Start?
Install an Apache server on a Windows or Linux machine
Install PHP on a Windows or Linux machine
Install MySQL on a Windows or Linux machine
PHP Tutorial
PHP is a powerful server-side scripting language for creating dynamic and interactive websites.
PHP is the widely-used, free, and efficient alternative to competitors such as Microsoft's ASP. PHP is perfectly suited for Web development and can be embedded directly into the HTML code.
The PHP syntax is very similar to Perl and C. PHP is often used together with Apache (web server) on various operating systems. It also supports ISAPI and can be used with Microsoft's IIS on Windows.
PHP is the widely-used, free, and efficient alternative to competitors such as Microsoft's ASP. PHP is perfectly suited for Web development and can be embedded directly into the HTML code.
The PHP syntax is very similar to Perl and C. PHP is often used together with Apache (web server) on various operating systems. It also supports ISAPI and can be used with Microsoft's IIS on Windows.
Wednesday, January 9, 2008
PHP 4.4.8
Support for PHP 4 has been discontinued since 2007-12-31. Please consider upgrading to PHP 5.2. The release below is the last PHP 4 release.
Complete Source Code
PHP 4.4.8 (tar.bz2) [4,440Kb] - 03 January 2008md5: ed31e77414e0331e787487b53732dbca
PHP 4.4.8 (tar.gz) [5,498Kb] - 03 January 2008md5: 8ad5d1ca793d55b24cd82e591248c04e
See the ChangeLog for a complete list of changes, or the release notes for more information on this particular release.
Windows Binaries
All Windows binaries can be used on Windows 98/Me and on Windows NT/2000/XP/2003.
The Windows binaries follow shortly.
Complete Source Code
PHP 4.4.8 (tar.bz2) [4,440Kb] - 03 January 2008md5: ed31e77414e0331e787487b53732dbca
PHP 4.4.8 (tar.gz) [5,498Kb] - 03 January 2008md5: 8ad5d1ca793d55b24cd82e591248c04e
See the ChangeLog for a complete list of changes, or the release notes for more information on this particular release.
Windows Binaries
All Windows binaries can be used on Windows 98/Me and on Windows NT/2000/XP/2003.
The Windows binaries follow shortly.
PHP 5.2.5
Complete Source Code
PHP 5.2.5 (tar.bz2) [7,591Kb] - 08 November 2007md5: 1fe14ca892460b09f06729941a1bb605
PHP 5.2.5 (tar.gz) [9,739Kb] - 08 November 2007md5: 61a0e1661b70760acc77bc4841900b7a
Windows Binaries
PHP 5.2.5 zip package [9,713Kb] - 08 November 2007md5: a1e31c0d872ab030a2256b1cd6d3b7d1
PHP 5.2.5 installer [19,803Kb] - 15 November 2007md5: f9396b654721d9a18c95ea6412c3d54e
Note: Updated due to problems with the original installer for this release.
PECL 5.2.5 Win32 binaries [2,879Kb] - 08 November 2007md5: a3553b61c9332d08a5044cf9bf89f2df
PHP 5.2.5 Non-thread-safe Win32 binaries [9,619Kb] - 08 November 2007md5: 41ef1582f43cfdb6e546a626b9ef93d6
PECL 5.2.5 Non-thread-safe Win32 binaries [4,114Kb] - 08 November 2007md5: 6e5ac694907b4aae080b2c9b6e83748a
Note: (Most of these PECL extension files come standard with the PHP 4 Windows binaries, but have since been moved into this separate PECL download. Files such as php_pdf.dll, php_ssh2.dll, etc.)
We have a PHP 5 / Zend Engine 2 page explaining the language level changes introduced in PHP 5. The PHP 5 ChangeLog details all the other changes
PHP 5.2.5 (tar.bz2) [7,591Kb] - 08 November 2007md5: 1fe14ca892460b09f06729941a1bb605
PHP 5.2.5 (tar.gz) [9,739Kb] - 08 November 2007md5: 61a0e1661b70760acc77bc4841900b7a
Windows Binaries
PHP 5.2.5 zip package [9,713Kb] - 08 November 2007md5: a1e31c0d872ab030a2256b1cd6d3b7d1
PHP 5.2.5 installer [19,803Kb] - 15 November 2007md5: f9396b654721d9a18c95ea6412c3d54e
Note: Updated due to problems with the original installer for this release.
PECL 5.2.5 Win32 binaries [2,879Kb] - 08 November 2007md5: a3553b61c9332d08a5044cf9bf89f2df
PHP 5.2.5 Non-thread-safe Win32 binaries [9,619Kb] - 08 November 2007md5: 41ef1582f43cfdb6e546a626b9ef93d6
PECL 5.2.5 Non-thread-safe Win32 binaries [4,114Kb] - 08 November 2007md5: 6e5ac694907b4aae080b2c9b6e83748a
Note: (Most of these PECL extension files come standard with the PHP 4 Windows binaries, but have since been moved into this separate PECL download. Files such as php_pdf.dll, php_ssh2.dll, etc.)
We have a PHP 5 / Zend Engine 2 page explaining the language level changes introduced in PHP 5. The PHP 5 ChangeLog details all the other changes
PHP Manual Updates
The PHP documentation team is proud to present to the PHP community a few fixes and tweaks to the PHP Manual, including:
an improved, XSL-based build system that will deliver compiled manuals to mirrors in a more timely manner (goodbye dsssl)
manual pages can now contain images (see imagearc() for an example)
updated function version information and capture system (fewer "no version information, might be only in CVS" messages)
... and more to come!
Please help us improve the documentation by submitting bug reports, and adding notes to undocumented functions.
an improved, XSL-based build system that will deliver compiled manuals to mirrors in a more timely manner (goodbye dsssl)
manual pages can now contain images (see imagearc() for an example)
updated function version information and capture system (fewer "no version information, might be only in CVS" messages)
... and more to come!
Please help us improve the documentation by submitting bug reports, and adding notes to undocumented functions.
The front page has changed
google 3rd page
The news on the front page of php.net has changed, the conference announcements are now located on their own page. The idea is to keep php.net specific news clear and also opens the door for additional news entries, like for RC releases. More changes are on the way so keep an eye out.
The news on the front page of php.net has changed, the conference announcements are now located on their own page. The idea is to keep php.net specific news clear and also opens the door for additional news entries, like for RC releases. More changes are on the way so keep an eye out.
PHP 5.2.1 and PHP 4.4.5 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.1 and availability of PHP 4.4.5. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.1 release can be found in the release announcement for 5.2.1, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.5 release can be found in the release announcement for 4.4.5, the full list of changes is available in the ChangeLog for PHP 4.
Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:
Fixed possible safe_mode & open_basedir bypasses inside the session extension.
Fixed unserialize() abuse on 64 bit systems with certain input strings.
Fixed possible overflows and stack corruptions in the session extension.
Fixed an underflow inside the internal sapi_header_op() function.
Fixed non-validated resource destruction inside the shmop extension.
Fixed a possible overflow in the str_replace() function.
Fixed possible clobbering of super-globals in several code paths.
Fixed a possible information disclosure inside the wddx extension.
Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.
Fixed a string format vulnerability inside the odbc_result_all() function.
Security Enhancements and Fixes in PHP 5.2.1 only:
Prevent search engines from indexing the phpinfo() page.
Fixed a number of input processing bugs inside the filter extension.
Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
Fixed possible stack/buffer overflows inside zip, imap & sqlite extensions.
Fixed several possible buffer overflows inside the stream filters.
Memory limit is now enabled by default.
Added internal heap protection.
Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.
Security Enhancements and Fixes in PHP 4.4.5 only:
Fixed possible overflows inside zip & imap extensions.
Fixed a possible buffer overflow inside mail() function on Windows.
Unbundled the ovrimos extension.
The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.1.
Update: Feb 14th; Added release information for PHP 4.4.5.
Update: Feb 12th; The Windows install package had problems with upgrading from previous PHP versions. That has now been fixed and new file posted in the download section.
Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:
Fixed possible safe_mode & open_basedir bypasses inside the session extension.
Fixed unserialize() abuse on 64 bit systems with certain input strings.
Fixed possible overflows and stack corruptions in the session extension.
Fixed an underflow inside the internal sapi_header_op() function.
Fixed non-validated resource destruction inside the shmop extension.
Fixed a possible overflow in the str_replace() function.
Fixed possible clobbering of super-globals in several code paths.
Fixed a possible information disclosure inside the wddx extension.
Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.
Fixed a string format vulnerability inside the odbc_result_all() function.
Security Enhancements and Fixes in PHP 5.2.1 only:
Prevent search engines from indexing the phpinfo() page.
Fixed a number of input processing bugs inside the filter extension.
Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
Fixed possible stack/buffer overflows inside zip, imap & sqlite extensions.
Fixed several possible buffer overflows inside the stream filters.
Memory limit is now enabled by default.
Added internal heap protection.
Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.
Security Enhancements and Fixes in PHP 4.4.5 only:
Fixed possible overflows inside zip & imap extensions.
Fixed a possible buffer overflow inside mail() function on Windows.
Unbundled the ovrimos extension.
The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.1.
Update: Feb 14th; Added release information for PHP 4.4.5.
Update: Feb 12th; The Windows install package had problems with upgrading from previous PHP versions. That has now been fixed and new file posted in the download section.
PHP 4.4.6 Released
The PHP development team would like to announce the immediate availability of PHP 4.4.6.
The main issue that this release addresses is a crash problem that was introduced in PHP 4.4.5. The problem occurs when session variables are used while register_globals is enabled.
Details about the PHP 4.4.6 release can be found in the release announcement for 4.4.6, the full list of changes is available in the ChangeLog for PHP 4.
The main issue that this release addresses is a crash problem that was introduced in PHP 4.4.5. The problem occurs when session variables are used while register_globals is enabled.
Details about the PHP 4.4.6 release can be found in the release announcement for 4.4.6, the full list of changes is available in the ChangeLog for PHP 4.
The PHP.net Google Summer of Code
The PHP team is once again proud to participate in the Google Summer of Code. Seven students will "flip bits instead of burgers" this summer:
Mentored by Michael Wallner, Hannes Magnusson will work on LiveDocs, which is a "tool to display DocBook XML files in a web browser on the fly, without the need of building all HTML target files first". This project will be of great value to the PHP Documentation Team.
The PHP Interpreter uses reference counting to keep track of which objects are no longer referenced and thus can be destroyed. A major weakness in the current implementation is that it cannot detect reference cycles, that is objects that reference each other in a circular graph structure which is not referenced itself from outside the circle. Mentored by Derick Rethans, David Wang will implement a new reference counting algorithm that will alleviate this problem.
Xdebug provides a range of useful functionality for PHP developers, including detailed error information, code coverage and profiling support, and support for remote debugging using the GDB and DBGp protocols. Mentored by Xdebug's creator, Derick Rethans, Adam Harvey will develop a cross-platform GUI application that implements the DBGp protocol and allows PHP applications to be debugged using Xdebug in a development environment agnostic fashion.
Mentored by Lukas Smith, Konsta Vesterinen will work on the object-relational mapper Doctrine.
Mutation Testing, or Automated Error Seeding, is an approach where the testing tool makes some change to the tested code, runs the tests, and if the tests pass displays a message saying what it changed. This approach is different than code coverage analysis, because it can find code that is executed by the running of tests but not actually tested. Mentored by Sebastian Bergmann, Mike Lewis will implement Mutation Testing for PHPUnit.
Mentored by Helgi Þormar Þorbjörnsson, Igor Feghali will add support for foreign keys to MDB2_Schema, a package that "enables users to maintain RDBMS independant schema files in XML that can be used to create, alter and drop database entities and insert data into a database".
Mentored by David Coallier, Nicolas Bérard-Nault will refactor the internals of Jaws, a Framework and Content Management System for building dynamic web sites, for PHP 6.
Mentored by Michael Wallner, Hannes Magnusson will work on LiveDocs, which is a "tool to display DocBook XML files in a web browser on the fly, without the need of building all HTML target files first". This project will be of great value to the PHP Documentation Team.
The PHP Interpreter uses reference counting to keep track of which objects are no longer referenced and thus can be destroyed. A major weakness in the current implementation is that it cannot detect reference cycles, that is objects that reference each other in a circular graph structure which is not referenced itself from outside the circle. Mentored by Derick Rethans, David Wang will implement a new reference counting algorithm that will alleviate this problem.
Xdebug provides a range of useful functionality for PHP developers, including detailed error information, code coverage and profiling support, and support for remote debugging using the GDB and DBGp protocols. Mentored by Xdebug's creator, Derick Rethans, Adam Harvey will develop a cross-platform GUI application that implements the DBGp protocol and allows PHP applications to be debugged using Xdebug in a development environment agnostic fashion.
Mentored by Lukas Smith, Konsta Vesterinen will work on the object-relational mapper Doctrine.
Mutation Testing, or Automated Error Seeding, is an approach where the testing tool makes some change to the tested code, runs the tests, and if the tests pass displays a message saying what it changed. This approach is different than code coverage analysis, because it can find code that is executed by the running of tests but not actually tested. Mentored by Sebastian Bergmann, Mike Lewis will implement Mutation Testing for PHPUnit.
Mentored by Helgi Þormar Þorbjörnsson, Igor Feghali will add support for foreign keys to MDB2_Schema, a package that "enables users to maintain RDBMS independant schema files in XML that can be used to create, alter and drop database entities and insert data into a database".
Mentored by David Coallier, Nicolas Bérard-Nault will refactor the internals of Jaws, a Framework and Content Management System for building dynamic web sites, for PHP 6.
PHP 5.2.2 and PHP 4.4.7 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.2 and availability of PHP 4.4.7. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.2 release can be found in the release announcement for 5.2.2, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.7 release can be found in the release announcement for 4.4.7, the full list of changes is available in the ChangeLog for PHP 4.
Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:
Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).
Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)
Security Enhancements and Fixes in PHP 5.2.2 only:
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky)
Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)
Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)
Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)
Security Enhancements and Fixes in PHP 4.4.7 only:
XSS in phpinfo() (MOPB-8 by Stefan Esser)
While majority of the issues outlined above are local, in some circumstances given specific code paths they can be triggered externally. Therefor, we strongly recommend that if you use code utilizing the functions and extensions identified as having had vulnerabilities in them, you consider upgrading your PHP.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.2.
Update: May 4th; The PHP 4.4.7 Windows build was updated due to the faulty Apache2 module shipped with the original
Update: May 23th; By accident a couple of fixes where listed as fixed in both PHP 5.2.2 and 4.4.7 but where however only fixed in PHP 5.2.2. The PHP 4 ChangeLog was not affected.
Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:
Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).
Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)
Security Enhancements and Fixes in PHP 5.2.2 only:
Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser)
Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky)
Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)
Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)
Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)
Security Enhancements and Fixes in PHP 4.4.7 only:
XSS in phpinfo() (MOPB-8 by Stefan Esser)
While majority of the issues outlined above are local, in some circumstances given specific code paths they can be triggered externally. Therefor, we strongly recommend that if you use code utilizing the functions and extensions identified as having had vulnerabilities in them, you consider upgrading your PHP.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.2.
Update: May 4th; The PHP 4.4.7 Windows build was updated due to the faulty Apache2 module shipped with the original
Update: May 23th; By accident a couple of fixes where listed as fixed in both PHP 5.2.2 and 4.4.7 but where however only fixed in PHP 5.2.2. The PHP 4 ChangeLog was not affected.
PHP 5.2.3 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.3. This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release.
Further details about the PHP 5.2.3 release can be found in the release announcement for 5.2.3, the full list of changes is available in the ChangeLog for PHP 5.
Security Enhancements and Fixes in PHP 5.2.3:
Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
Added mysql_set_charset() to allow runtime altering of connection encoding.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.3.
Further details about the PHP 5.2.3 release can be found in the release announcement for 5.2.3, the full list of changes is available in the ChangeLog for PHP 5.
Security Enhancements and Fixes in PHP 5.2.3:
Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
Added mysql_set_charset() to allow runtime altering of connection encoding.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.3.
PHP 4 end of life announcement
Today it is exactly three years ago since PHP 5 has been released. In those three years it has seen many improvements over PHP 4. PHP 5 is fast, stable & production-ready and as PHP 6 is on the way, PHP 4 will be discontinued.
The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Please use the rest of this year to make your application suitable to run on PHP 5.
For documentation on migration for PHP 4 to PHP 5, we would like to point you to our migration guide. There is additional information available in the PHP 5.0 to PHP 5.1 and PHP 5.1 to PHP 5.2 migration guides as well.
The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Please use the rest of this year to make your application suitable to run on PHP 5.
For documentation on migration for PHP 4 to PHP 5, we would like to point you to our migration guide. There is additional information available in the PHP 5.0 to PHP 5.1 and PHP 5.1 to PHP 5.2 migration guides as well.
Security Enhancements and Fixes in PHP 5.2.4:
google 2nd page
Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
Improved fix for MOPB-03-2007.
Corrected fix for CVE-2007-2872.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.4.
Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
Improved fix for MOPB-03-2007.
Corrected fix for CVE-2007-2872.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.4.
The new documentation build system is ready for testing
The PHP documentation team is pleased to announce the initial release of the new build system that generates the PHP Manual. Written in PHP, PhD ([PH]P based [D]ocBook renderer) builds are now available for viewing at docs.php.net. Everyone is encouraged to test and use this system so that bugs will be found and squashed.
Once the new build system is stable, expect additional changes to the PHP manual that will include an improved navigation system and styling for OOP documentation.
Feel free to set this developmental mirror as your default by using my.php.
PHP 5.2.4 Released
[30-Aug-2007]
The PHP development team would like to announce the immediate availability of PHP 5.2.4. This release focuses on improving the stability of the PHP 5.2.X branch with over 120 various bug fixes in addition to resolving several low priority security bugs. All users of PHP are encouraged to upgrade to this release.
Further details about the PHP 5.2.4 release can be found in the release announcement for 5.2.4, the full list of changes is available in the ChangeLog for PHP 5.
Once the new build system is stable, expect additional changes to the PHP manual that will include an improved navigation system and styling for OOP documentation.
Feel free to set this developmental mirror as your default by using my.php.
PHP 5.2.4 Released
[30-Aug-2007]
The PHP development team would like to announce the immediate availability of PHP 5.2.4. This release focuses on improving the stability of the PHP 5.2.X branch with over 120 various bug fixes in addition to resolving several low priority security bugs. All users of PHP are encouraged to upgrade to this release.
Further details about the PHP 5.2.4 release can be found in the release announcement for 5.2.4, the full list of changes is available in the ChangeLog for PHP 5.
PHP 5.2.5 Released
The PHP development team would like to announce the immediate availability of PHP 5.2.5. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.
Further details about the PHP 5.2.5 release can be found in the release announcement for 5.2.5, the full list of changes is available in the ChangeLog for PHP 5.
Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.5.
Further details about the PHP 5.2.5 release can be found in the release announcement for 5.2.5, the full list of changes is available in the ChangeLog for PHP 5.
Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.5.
PHP 4.4.8 Released
The PHP development team would like to announce the immediate availability of PHP 4.4.8. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last normal PHP 4.4 release. If necessary, releases to address security issues could be made until 2008-08-08.
Security Enhancements and Fixes in PHP 4.4.8:
Improved fix for MOPB-02-2007.
Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
Fixed integer overlow in str[c]spn().
Fixed regression in glob when open_basedir is on introduced by #41655 fix.
Fixed money_format() not to accept multiple %i or %n tokens.
Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.
Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).
For a full list of changes in PHP 4.4.8, see the ChangeLog.
Security Enhancements and Fixes in PHP 4.4.8:
Improved fix for MOPB-02-2007.
Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
Fixed integer overlow in str[c]spn().
Fixed regression in glob when open_basedir is on introduced by #41655 fix.
Fixed money_format() not to accept multiple %i or %n tokens.
Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.
Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).
For a full list of changes in PHP 4.4.8, see the ChangeLog.
Subscribe to:
Posts (Atom)