PHP: Hypertext Preprocessor (PHP) is a widely used, general-purpose server side scripting language that is especially suited for web development. The latest stable release, development changes, and development branches can be found on the PHP website (http://www.php.net/).
See the UPGRADING and UPGRADING.INTERNALS files for release migration instructions.
Community
PHP has many active community forums, including:
Online documentation
The PHP manual is the official documentation for the language syntax, featuring function search and URL shortcuts (for example http://php.net/explode). The API is well documented for native and additional extensions. Most additional extensions can be found in PECL. The PEAR repository contains a plethora of community supplied classes.
Free PHP Programming Books
- PHP Essentials
- Practical PHP Programming (wiki containing O’Reilly’s PHP In a Nutshell)
- Symfony2
- Zend Framework: Survive the Deep End
Database support
PHP supports a wide range of databases, relational and non-relational alike.
PHP is often paired with the MySQL relational database. PHP also includes great database support for PostgreSQL, SQLite, Microsoft SQL Server (API reference), Oracle, IBM DB2 & Cloudscape, Apache Derby and even ODBC.
All modern versions of PHP include PDO, a built-in data-access abstraction library with comprehensive connectivity options. More recently, PECL extensions have surfaced that offer “NoSQL” database support, including Apache Thrift (for Apache Cassandra), MongoDB, Redis, and others.
Useful Third-party Code and Tools
In addition to the vast functionality provided in the PHP Core and through PEAR and PECL, there are a number of noteworthy 3rd party contributions to the PHP world, some of which are listed below.
Frameworks
PHP has a variety of object-oriented web application frameworks that provide a lot of the common functionality required to build modern web application out of the box, with the more well-known being (in alphabetical order) the following ones:
- Agavi
- CakePHP
- CodeIgniter
- Flow3
- Fat-Free
- Kohana
- Laravel
- Lithium
- Symfony
- Yii
- Zend Framework
- Zeta Components (formerly ezComponents)
- xAjax (simplifies AJAX programming using PHP)
- more …
Object-Relational Mapping
Object relational Maps try to solve or mitigate the object-relational impedance mismatch problem by transparently mapping between table structures in a database and business objects in an application. The more prominent ORMs in the PHP world are (in alphabetical order):
Popular questions and answers
Quality Assurance Tools
Over the last years, there has been a steady increase of quality assurance tools in the PHP world. As PHP moved into the professional mainstream, tools to assert certain quality features and metrics were needed and provided by the PHP community. These tools include frameworks for debugging, unit-testing, code analysis and coverage, continuous integration and other aspects of professional development, some of which are listed below:
Popular questions and answers
- Best way to implement unit testing in PHP
- What are unit tests and why should I care?
- Good Free PHP debugger?
- How do you debug PHP scripts?
- Recommended server for continuous integration for a PHP project
IDEs
An Integrated Development Environment (IDE) is software that provides most of the tools needed to produce other software in a convenient package. Standard features of IDEs are usually source code editors with syntax highlighting, code completion as well as debugging functionality, build assistance, version control system integration, etc. Some of the major known PHP IDEs are (in alphabetical order):
- Eclipse with PDT (free)
- NetBeans (free)
- Aptana Studio (free)
- PHP Storm (commercial)
- Zend Studio (commercial, Eclipse-based)
- Coda (commercial, Mac users)
- Sublime Text
- more … (includes editors as well)
Popular questions and answers
Frequently Asked Questions
Find some answers to some of the more frequently asked questions about PHP below.
I have a question about PHP 6
Note that all development on the PHP 6 branch has been canceled. While there is a more or less historical Wiki with a tentative roadmap and feature list for PHP 6, the existing branch in the source code repository has been deleted. There is currently no definite information about PHP 6 so no one will be able to give you factual information. This means all your questions about PHP 6 are not a good fit for Stack Overflow because we want questions to be answerable. Please refrain from asking questions about PHP 6 (yet).
I have a typical “does not work” problem. What should I do before asking a question?
The causes of a typical “does not work” or “works on localhost but does not work on production server” problem can easily be diagnosed by setting the display_errors
value to On
or 1
.
An incorrectly configured development server and a typical production server has this setting turned off. This suppresses all error messages – something you should be looking for when trying to diagnose the problem.
Before you post your question, find all error messages reported by PHP and see if you can fix them yourself. Errors such as “PHP Warning: …” and “You have an error in your SQL syntax; check the manual …” might be fairly simple to fix. Google the error message and search for it on Stack Overflow. Most error messages have well known solutions.
display_errors
can be set to On
via multiple ways. On your development machine you should set the value by editing php.ini file. On a production server, if it is not possible (or desirable) to edit this file, add these line at the beginning of the script:
error_reporting(-1); // to enable all errors
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
Make sure to list any errors you cannot fix on your own in your question.
Make sure you are not suppressing errors by using the @
syntax. This is not good practice, particularly during development when you want to be advised of errors.
From the manual:
Warning
Currently the “@” error-control operator prefix will even disable error reporting for critical errors that will terminate script execution. Among other things, this means that if you use “@” to suppress errors from a certain function and either it isn’t available or has been mistyped, the script will die right there with no indication as to why.
How do I make my database queries secure from SQL injection?
In a nutshell, use proper escaping techniques using prepared statements and placeholders. Each database interface follows the same general pattern:
- Prepare a SQL statement containing placeholders
- Bind PHP variables to those placeholders
- Execute the prepared statement
Some interfaces allow you to skip the bind step by providing the list of replacements for the placeholders during execute. For your reference:
- PDO prepare, bind (optional), execute
- MySQLi prepare, bind, execute
- PostgreSQL prepare, bind (none), execute
- SQLite 3 prepare, bind, execute
- MS SQL Server (5.3+) prepare and bind (combined), execute
- Oracle prepare, bind, execute
- IBM DB2 prepare, bind, execute
Note that the old ext/mysql extension does not support prepared statements and is generally discouraged to use nowadays. Use PDO or MySqli instead.
See Also
My special characters come out all screwed up. Why?
Welcome to charset hell. This PHP charset/encoding FAQ may be some help.
“Headers have already been sent…”
You’re outputting content and triggering PHP’s default content-type:text/html header before making your own call to header()
. There are a few ways this can happen, check for a stray echo
or print
, whitespace before and after the <?php
and ?>
tags or maybe a Unicode BOM. Consider using output buffering. With many scripts, there is no need to include the ending ?>
and the problem is easily fixed by removing the ending ?>
tag from your files. See "Warning: Headers already sent" in PHP.
How do I make my E-Mails secure from E-Mail injection?
Validate your input! In recent versions of PHP, mail() is no longer vulnerable to e-mail header injection through the subject line or receiver, as it removes all the control characters, but you may want to make sure the receivers’ list doesn’t include multiple addresses if that’s not what you desire.
If you allow the user to specify part of the body of the message, you must also validate or sanitize it so that he’s unable to, e.g. add new MIME parts or end any prematurely. Therefore, for building MIME messages, you’re strongly encouraged to use a library. See, for instance, PEAR Mail_Mime.
Can I protect my PHP code from theft? If so, how?
There is no effective technical solution to protect, encode or encrypt PHP source code. There are many products that offer some levels of protection, like IonCube (commercial) and Zend Guard (commercial), but all can be broken with time and effort. Your best option is not a technical solution, but a legal solution in the form of a license agreement.
How can strings be written in PHP?
There are four ways to write strings literals in PHP. Each method is slightly different in terms of escape sequences and string interpolation. For instance, '\n'
is a literal two-character string with characters \
and n
, while "\n"
is a one-character string with a LF character. All of them produce values of type string
(which is actually a byte array, as it completely encoding unaware).
What does a specific Operator mean in PHP?
See this Community Wiki for a helpful list.
How do I parse HTML/XML with PHP?
See How to parse and process HTML with PHP? and Best XML Parser for PHP.
How do I turn on error reporting to find the source of problems?
See PHP production server – turn on error messages. You typically need just error_reporting(E_ALL);
at the top of your script, unless it’s a parsing error there. As very crude method set_error_handler("var_dump");
overrides all uncommon disable options. And in case of a HTTP 500 internal server error, or a completely blank page, you often want to look into the web servers error.log
first.
How do I fix “eregi is deprecated” messages and switch to preg_match()
?
See How can I convert ereg expressions to preg in PHP?.
Why does mysql_fetch_array()
or mysql_fetch_assoc()
return only one row?
Many RDBMS fetching functions must be called in a loop until the query result resource returns FALSE
.
// A common looping pattern, appending result rows onto the array $rowset
$result = mysql_query("SELECT column1, column2 FROM table");
if ($result) {
$rowset = array();
while ($row = mysql_fetch_array($result)) {
// Append the current row onto $rowset
$rowset[] = $row;
}
}
else {
echo mysql_error();
}
Can I fill class properties with new object()
calls or function calls?
No. See Instance as a static class property; see Why don't PHP attributes allow functions? for an attempt at an explanation.
How do I fix the error mysql_fetch_array()
or mysql_num_results()
or mysql_fetch_assoc() expects parameter 1 to be resource, boolean given
?
This is caused by a failed query, which is typically indicative of a syntax error in the SQL statement. Another common cause is using a MySQL reserved keyword as a table or column name without surrounding it with backticks. For example:
$query = 'SELECT order FROM my_table'; // This will fail
$query = 'SELECT `order` FROM my_table'; //This will work
Use echo mysql_error()
to view the error message that was generated by MySQL.
How do I validate an email address?
See How to validate an email address in PHP. As of PHP 5.2 you can simply use the filter_var()
function with the FILTER_VALIDATE_EMAIL
filter.
Why does my assigned session-variable not appear in the next script?
Session-variable require a session to be started. Please review the manual-page of session_start().
Additionally, cookies need to be enabled, as explained on this Google page.
NOTE: The content of this tag was originally posted at StackOverflow.com
- Wayne asked 13 years ago
- last active 10 years ago
- Laurie asked 14 years ago
- last active 12 years ago
- Arthur asked 14 years ago
- last active 6 years ago
- Sherry asked 14 years ago
- last active 3 years ago
- Rhonda asked 14 years ago
- last active 3 years ago
- Betty asked 15 years ago
- last active 15 years ago
- Michele asked 15 years ago
- last active 8 months ago
- Vicki asked 16 years ago
- last active 9 years ago
- Wayne asked 16 years ago
- last active 12 years ago
- Tom asked 16 years ago
- last active 1 year ago