Cookies

We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Computing and Information Services

About PHP

General PHP documentation

PHP is a very popular scripting language, used mainly to generate dynamic web pages.  General information can be found on the main PHP web site, including:

Specific information about PHP at Durham

The University's main web servers run PHP, and the preferred way to create dynamic pages on the web service is to use PHP. Any user can create PHP scripts in their public_html directory (J:\public_html folder), and use these, for instance, to display and update data held in a MySQL database.

From September 2007 to June 2009, we supported two versions of PHP side by side: PHP 4 and PHP 5. By default, a user's PHP scripts ran in PHP 4, unless they opted to use PHP 5.

On 30 June 2009, support for PHP 4 was withdrawn, and all PHP scripts now run in PHP 5. The withdrawal of version 4 was necessary because it is no longer supported by the PHP Group, who will provide no more bug fixes or security updates for it.  CIS also upgraded PHP from version 5.2 to 5.3 on  29 June 2010: please see the note below about deprecated features in PHP 5.3.

For reasons of backward compatibility, we ran PHP 4 with a number of configuration settings which are no longer the defaults recommended by PHP's authors. However, we run PHP 5  with settings that have security, performance and code cleanliness in mind.  In addition, whereas all PHP 4 scripts ran under the "httpd" account (and usually with safe mode enabled), a PHP 5 script runs under the login account of the user who owns it (and always with safe mode disabled).

Some of the main PHP 5 configuration settings on our service are listed in the table below, with the corresponding settings we used to use for PHP 4 prior to June 2009.  Please also see the note below about deprecated features in PHP 5.3.

ConfigPHP4PHP5
PHP version 4.4 5.3
Apache integration mechanism module suPHP
Scripts run as httpd script owner
safe_mode On Off
register_argc_argv On Off
register_globals On Off
register_long_arrays - Off
asp_tags On Off
allow_call_time_pass_reference On Off
memory_limit 32M 48M
upload_max_filesize 10M 10M
MySQLi support No Yes
PDO-MySQL support No Yes
Oracle oci8 support
 No
Yes
ImageMagick (imagick) support
 No
Yes
GnuPG support
 No
Yes
XML support Expat libXML

The withdrawal of support for Register Globals is the change most likely to cause migration difficulties, if you used to rely on variables being set in PHP because they were passed as query arguments to the Web URL.  For example, a URL such as http://www.dur.ac.uk/f.a.bloggs/myscript.php?count=3 used to esult in the variable $count being set to 3 in the PHP script when run in PHP 4, but this doesn't happen in PHP 5.  Instead, you will find the value set in the variable $_REQUEST["count"].  If you had lots of references to $count in the script, the best option would be to set this at the start of the script, i.e. $count = $_REQUEST["count"]; and then use $count as before in the rest of the script.

Please also be aware of the following:

File and directory permissions

Any PHP 5 script is run using the login account of the user who owns the file. For security reasons, the web server will not run a PHP 5 script if either it, or the directory (folder) containing it, are writable by anyone else. It is necessary for the web server account (httpd) to have read access to the directory (as was the case for PHP 4 scripts, and for static HTML pages and style sheets, etc), but httpd does not need any access to the PHP 5 script itself. However, provided you keep the default permissions for your public_html directory, as originally set up by CIS, you shouldn't need to explicitly change any file or directory premissions in order for PHP 5 to work.

Sessions

If writing PHP scripts that use sessions, you are strongly recommended to use a unique session name, to avoid permission clashes that can otherwise prevent sessions working in PHP 5. To achieve this, use the PHP function session_name() before every call to session_start(), for example:

session_name("MYOWNSID");
session_start();

but changing MYOWNSID to a name that's likely to be unique.

PATH_TRANSLATED

You are recommended not to make use of the PHP variable $_SERVER['PATH_TRANSLATED'], as web servers are not required to implement this, and in some cases on our service it may yield entirely the wrong value.  To achieve the same result reliably, use $_SERVER['SCRIPT_FILENAME'], and if $_SERVER['PATH_INFO'] is set, then append it.

Deprecated features in PHP 5.3

There are a number of features that are defined by PHP's authors as deprecated in PHP 5.3.  For full details of these, refer to the page www.php.net/manual/en/migration53.deprecated.php. On the University Web Service, we have configured PHP 5.3 to suppress E_DEPRECATED warnings when these features are used, so script owners do not need to make any immediate changes to avoid use of these features.  However, at some point in the future, they are likely to be completely withdrawn, and so CIS would encourage owners to remove use of these features from their scripts where and when possible.