General PHP documentation
PHP is a very popular scripting language, used mainly to generate dynamic web pages. General information can be found on the main PHP web site, including:
Specific information about PHP at Durham
The University's main web servers run PHP, and the preferred way to create dynamic pages on the web service is to use PHP. Any user can create PHP scripts in their
public_html directory (
J:\public_html folder), and use these, for instance, to display and update data held in a MySQL database.
From September 2007 to June 2009, we supported two versions of PHP side by side: PHP 4 and PHP 5. By default, a user's PHP scripts ran in PHP 4, unless they opted to use PHP 5.
On 30 June 2009, support for PHP 4 was withdrawn, and all PHP scripts now run in PHP 5. The withdrawal of version 4 was necessary because it is no longer supported by the PHP Group, who will provide no more bug fixes or security updates for it. CIS also upgraded PHP from version 5.2 to 5.3 on 29 June 2010: please see the note below about deprecated features in PHP 5.3.
For reasons of backward compatibility, we ran PHP 4 with a number of configuration settings which are no longer the defaults recommended by PHP's authors. However, we run PHP 5 with settings that have security, performance and code cleanliness in mind. In addition, whereas all PHP 4 scripts ran under the "httpd" account (and usually with safe mode enabled), a PHP 5 script runs under the login account of the user who owns it (and always with safe mode disabled).
Some of the main PHP 5 configuration settings on our service are listed in the table below, with the corresponding settings we used to use for PHP 4 prior to June 2009. Please also see the note below about deprecated features in PHP 5.3.
|Apache integration mechanism||module||suPHP|
|Scripts run as||httpd||script owner|
|Oracle oci8 support
|ImageMagick (imagick) support
The withdrawal of support for Register Globals is the change most likely to cause migration difficulties, if you used to rely on variables being set in PHP because they were passed as query arguments to the Web URL. For example, a URL such as
http://www.dur.ac.uk/f.a.bloggs/myscript.php?count=3 used to esult in the variable
$count being set to 3 in the PHP script when run in PHP 4, but this doesn't happen in PHP 5. Instead, you will find the value set in the variable
. If you had lots of references to
$count in the script, the best option would be to set this at the start of the script, i.e.
$count = $_REQUEST["count"]; and then use
$count as before in the rest of the script.
Please also be aware of the following:
File and directory permissions
Any PHP 5 script is run using the login account of the user who owns the file. For security reasons, the web server will not run a PHP 5 script if either it, or the directory (folder) containing it, are writable by anyone else. It is necessary for the web server account (httpd) to have read access to the directory (as was the case for PHP 4 scripts, and for static HTML pages and style sheets, etc), but httpd does not need any access to the PHP 5 script itself. However, provided you keep the default permissions for your
public_html directory, as originally set up by CIS, you shouldn't need to explicitly change any file or directory premissions in order for PHP 5 to work.
If writing PHP scripts that use sessions, you are strongly recommended to use a unique session name, to avoid permission clashes that can otherwise prevent sessions working in PHP 5. To achieve this, use the PHP function
session_name() before every call to
session_start(), for example:
MYOWNSID to a name that's likely to be unique.
You are recommended not to make use of the PHP variable
$_SERVER['PATH_TRANSLATED'], as web servers are not required to implement this, and in some cases on our service it may yield entirely the wrong value. To achieve the same result reliably, use
$_SERVER['SCRIPT_FILENAME'], and if
$_SERVER['PATH_INFO'] is set, then append it.
Deprecated features in PHP 5.3
There are a number of features that are defined by PHP's authors as deprecated in PHP 5.3. For full details of these, refer to the page www.php.net/manual/en/migration53.deprecated.php. On the University Web Service, we have configured PHP 5.3 to suppress
E_DEPRECATED warnings when these features are used, so script owners do not need to make any immediate changes to avoid use of these features. However, at some point in the future, they are likely to be completely withdrawn, and so CIS would encourage owners to remove use of these features from their scripts where and when possible.