Monday, July 18, 2011

Introduction to PHP 6

New PHP V6 features:
PHP V6 is currently available as a developer snapshot, so you can download and try out many of the features and changes listed in this article.

Improved Unicode support:
Much improved for PHP V6 is support for Unicode strings in many of the core functions. This new feature has a big impact because it will allow PHP to support a broader set of characters for international support. So, if you're a developer or architect using a different language, such as the Java™ programming language, because it has better internationalization (i18n) support than PHP, it'll be time to take another look at PHP when the support improves.
Because you can download and use a developer's version of PHP V6 today, you will see some functions already supporting Unicode strings.

What is Unicode? 

Unicode is an industry-standard set of characters, character encoding, and encoding methodologies primarily aimed at enabling i18n and localization (i10n). The Unicode Transformation Format (UTF) specifies a way to encode characters for Unicode.

Namespaces are a way of avoiding name collisions between functions and classes without using prefixes in naming conventions that make the names of your methods and classes unreadable. So by using namespaces, you can have class names that someone else might use, but now you don't have to worry about running into any problems. Listing 1 provides an example of a namespace in PHP.
You won't have to update or change anything in your code because any PHP code you write that doesn't include namespaces will run just fine. Because the namespaces feature appears to be back-ported to V5.3 of PHP, when it becomes available, you can start to introduce namespaces into your own PHP applications.

Depending on how you use PHP and what your scripts look like now, the language and syntax differences in PHP V6 may or may not affect you as much as the next features, which are those that directly allow you to introduce Web 2.0 features into your PHP application.

SOAP is one of the protocols that Web services "speak" and is supported in quite a few other languages, such as the Java programming language and Microsoft® .NET. Although there are other ways to consume and expose Web services, such as Representational State Transfer (REST), SOAP remains a common way of allowing different platforms to have interoperability. In addition to SOAP modules in the PHP Extension and Application Repository (PEAR) library, a SOAP extension to PHP was introduced in V5. This extension wasn't enabled by default, so you have to enable the extension or hope your ISP did. In addition, PEAR packages are available that allow you to build SOAP clients and servers, such as the SOAP package.
Unless you change the default, the SOAP extension will be enabled for you in V6. These extensions provide an easy way to implement SOAP clients and SOAP servers, allowing you to build PHP applications that consume and provide Web services.
If SOAP extensions are on by default, that means you won't have to configure them in PHP. If you develop PHP applications and publish them to an ISP, you may need to check with your ISP to verify that SOAP extensions will be enabled for you when they upgrade.

As of PHP V5.1, XMLReader and XMLWriter have been part of the core of PHP, which makes it easier for you to work with XML in your PHP applications. Like the SOAP extensions, this can be good news if you use SOAP or XML because PHP V6 will be a better fit for you than V4 out of the box.
The XMLWriter and XMLReader are stream-based object-oriented classes that allow you to read and write XML without having to worry about the XML details.

In addition to having new features, PHP V6 will not have some other functions and features that have been in previous versions. Most of these things, such as register_globals and safe_mode, are widely considered "broken" in current PHP, as they may expose security risks. In an effort to clean up PHP, the functions and features listed in the next section will be removed, or deprecated, from PHP. Opponents of this removal will most likely cite issues with existing scripts breaking after ISPs or enterprises upgrade to PHP V6, but proponents of this cleanup effort will be happy that the PHP team is sewing up some holes and providing a cleaner, safer implementation.
Features that will be removed from the PHP version include:
  • magic_quotes
  • register_globals
  • register_long_arrays
  • safe_mode

    ::Examples::
Using magic_quotes (discouraged):
<?php
// Assuming magic_quotes is on...
$sql = "INSERT INTO USERS (USERNAME) VALUES $_GET['username']";
?>

After preparing your PHP code for the new versions of PHP, your code should look like this,

Using parameterized queries (recommended)
<?php
// Using the proper parameterized query method for MySQL, as an example
$statement = $dbh->prepare("INSERT INTO USERS (USERNAME) VALUES ?");
$statement->execute(array($_GET['username']));
?>
 
 Using register_globals (discouraged):
<?php
// A security hole, because if register_globals is on, the value for 
   user_authorized
// can be set by a user sending them on the query string 
// (i.e., http://www.example.com/myscript.php?user_authorized=true)

if ($user_authorized) {
    // Show them everyone's sensitive data...
}
?>
 
 Being specific instead (recommended):
<?php
function is_authorized() {
    if (isset($_SESSION['user'])) {
        return true;
    } else {
        return false;
    }
}

$user_authorized = is_authorized();
?>
 
Using deprecated registered arrays (discouraged):
<?php
    // Echo's the name of the user value given on the query string, like
    // http://www.example.com/myscript.php?username=ngood
    echo "Welcome, $HTTP_GET_VARS['username']!";
?>

Using $_GET (recommended):
<?php
    // Using the supported $_GET array instead.
    echo "Welcome, $_GET['username']!";
?>
 
safe_mode:
The safe_mode configuration key, when turned on, ensures that the owner of a file being operated on matches the owner of the script that is executing. It was originally a way to attempt to handle security when operating in a shared server environment, like many ISPs would have. Your PHP code will be unaffected by this change, but it's good to be aware of it in case you're setting up PHP in the future or counting on safe_mode in your scripts. 

::Use this link for your reference::




No comments:

Post a Comment