PHP

On a web server, the result of the interpreted and executed PHP code—which may be any type of data, such as generated HTML or binary image data—would form the whole or part of an HTTP response.

Additionally, PHP can be used for many programming tasks outside the web context, such as standalone graphical applications[15] and drone control.

PHP development began in 1993[9] when Rasmus Lerdorf wrote several Common Gateway Interface (CGI) programs in C,[20][21] which he used to maintain his personal homepage.

He extended them to work with web forms and to communicate with databases, and called this implementation "Personal Home Page/Forms Interpreter" or PHP/FI.

[1][23] This release included basic functionality such as Perl-like variables, form handling, and the ability to embed HTML.

"[24] A development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997.

[43] PHP received mixed reviews due to lacking native Unicode support at the core language level.

[47] However, a shortage of developers who understood the necessary changes, and performance problems arising from conversion to and from UTF-16, which is rarely used in a web context, led to delays in the project.

It was authored by Dmitry Stogov, Xinchen Hui and Nikita Popov,[53] and aimed to optimize PHP performance by refactoring the Zend Engine while retaining near-complete language compatibility.

[77] Additionally, the JIT compiler provides the future potential to move some code from C to PHP, due to the performance improvements for some use cases.

This short delimiter makes script files less portable since support for them can be disabled in the local PHP configuration and it is therefore discouraged.

[230] The drawback of this method was that code had to make heavy use of PHP's "reference" variables if it wanted to modify an object it was passed rather than creating a copy of it.

There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.

[231] If the developer creates a copy of an object using the reserved word clone, the Zend engine will check whether a __clone() method has been defined.

The Zend Engine compiles PHP source code on-the-fly into an internal format that it can execute, thus it works as an interpreter.

Due to the complex and nuanced semantics of PHP, defined by how Zend works, it is difficult for competing implementations to offer complete compatibility.

Numerous extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats.

[255] By December 2018 the PHP Group consisted of ten people: Thies C. Arntzen, Stig Bakken, Shane Caraveo, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, and Andrei Zmievski.

[276] When PHP is installed and used in cloud environments, software development kits (SDKs) are provided for using cloud-specific features.

[citation needed] For example: Numerous configuration options are supported, affecting both core PHP features and extensions.

It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.

[17] Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting,[285] and it is similar to other server-side scripting languages that provide dynamic content from a web server to a client, such as Python, Microsoft's ASP.NET, Sun Microsystems' JavaServer Pages,[286] and mod_perl.

[287] PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python, Perl, or some mix of the three.

[citation needed] For specific and more advanced usage scenarios, PHP offers a well-defined and documented way for writing custom extensions in C or C++.

[297] PHP received mixed reviews due to lacking support for multithreading at the core language level,[298] though using threads is made possible by the "pthreads" PECL extension.

Technical security flaws of the language itself or of its core libraries are not frequent (22 in 2009, about 1% of the total although PHP applies to about 20% of programs listed).

[313] Recognizing that programmers make mistakes, some languages include taint checking to automatically detect the lack of input validation which induces many issues.

[citation needed] Also, enabling the dynamic loading of PHP extensions (via enable_dl configuration directive)[325] in a shared web hosting environment can lead to security issues.

[326][327] Implied type conversions that result in different values being treated as equal, sometimes against the programmer's intent, can lead to security issues.

[citation needed] In a 2013 analysis of over 170,000 website defacements, published by Zone-H, the most frequently (53%) used technique was the exploitation of file inclusion vulnerability, mostly related to insecure usage of the PHP language constructs include, require, and allow_url_fopen.

This is an example of PHP code for the WordPress content management system .
The elePHPant, PHP mascot
A "Hello, World" application in PHP 7.4 running on its built-in development server
Example output of the phpinfo() function in PHP 7.1
A broad overview of the LAMP software bundle, displayed here together with Squid
Dynamic web page: example of server-side scripting (PHP and MySQL)