php和mysql web开发.docx

php和mysql web开发.docx

《php和mysql web开发.docx》由会员分享，可在线阅读，更多相关《php和mysql web开发.docx（14页珍藏版）》请在冰豆网上搜索。

php和mysqlweb开发

一、英文原文

LauraThomson.phpandmysqlwebdevelop

LukeWelling，LauraThomson

PHPisascriptinglanguageoriginallydesignedforproducingdynamicwebpages.Ithasevolvedtoincludeacommandlineinterfacecapabilityandcanbeusedinstandalonegraphicalapplications.

WhilePHPwasoriginallycreatedbyRasmusLerdorfin1995,themainimplementationofPHPisnowproducedbyThePHPGroupandservesasthedefactostandardforPHPasthereisnoformalspecification.PHPisfreesoftwarereleasedunderthePHPLicense,howeveritisincompatiblewiththeGNUGeneralPublicLicense（GPL）,duetorestrictionsontheusageofthetermPHP.

PHPisawidely-usedgeneral-purposescriptinglanguagethatisespeciallysuitedforwebdevelopmentandcanbeembeddedintoHTML.Itgenerallyrunsonawebserver,takingPHPcodeasitsinputandcreatingwebpagesasoutput.Itcanbemillionwebsitesand1millionwebservers.

PHPoriginallystoodforPersonalHomePage.Itbeganin1994asasetofCommonGatewayInterfacebinarieswrittenintheCprogramminglanguagebytheDanish/GreenlandicprogrammerRasmusLerdorf.LerdorfinitiallycreatedthesePersonalHomePageToolstoreplaceasmallsetofPerlscriptshehadbeenusingtomaintainhispersonalhomepage.Thetoolswereusedtoperformtaskssuchasdisplayinghisrésuméandrecordinghowmuchtraffichispagewasreceiving.HecombinedthesebinarieswithhisFormInterpretertocreatePHP/FI,whichhadmorefunctionality.PHP/FIincludedalargerimplementationfortheCprogramminglanguageandcouldcommunicatewithdatabases,enablingthebuildingofsimple,dynamicwebapplications.LerdorfreleasedPHPpubliclyonJune8,1995toacceleratebuglocationandimprovethecode.ThisreleasewasnamedPHPversion2andalreadyhadthebasicfunctionalitythatPHPhastoday.ThisincludedPerl-likevariables,formhandling,andtheabilitytoembedHTML.ThesyntaxwassimilartoPerlbutwasmorelimited,simpler,andlessconsistent.

ZeevSuraskiandAndiGutmans,twoIsraelidevelopersattheTechnionIIT,rewrotetheparserin1997andformedthebaseofPHP3,changingthelanguage'snametotherecursiveinitialismPHP:

HypertextPreprocessor.ThedevelopmentteamofficiallyreleasedPHP/FI2inNovember1997aftermonthsofbetatesting.Afterwards,publictestingofPHP3began,andtheofficiallaunchcameinJune1998.SuraskiandGutmansthenstartedanewrewriteofPHP'score,producingtheZendEnginein1999.TheyalsofoundedZendTechnologiesinRamatGan,Israel.

OnMay22,2000,PHP4,poweredbytheZendEngine1.0,wasreleased.OnJuly13,2004,PHP5wasreleased,poweredbythenewZendEngineII.PHP5includednewfeaturessuchasimprovedsupportforobject-orientedprogramming,thePHPDataObjectsextension（whichdefinesalightweightandconsistentinterfaceforaccessingdatabases）,andnumerousperformanceenhancements.ThemostrecentupdatereleasedbyThePHPGroupisfortheolderPHPversion4codebranch.AsofAugust,2008thisbranchisuptoversion4.4.9.PHP4isnolongerunderdevelopmentnorwillanysecurityupdatesbereleased.

In2008,PHP5becametheonlystableversionunderdevelopment.LatestaticbindinghasbeenmissingfromPHPandwillbeaddedinversion5.3.PHP6isunderdevelopmentalongsidePHP5.Majorchangesincludetheremovalofregister_globals,magicquotes,andsafemode.Thereasonfortheremovalswasbecauseregister_globalshadgivenwaytosecurityholes,andmagicquoteshadanunpredictablenature,andwasbestavoided.Instead,toescapecharacters,magicquotesmaybesubstitutedwiththeaddslashes（）function,ormoreappropriatelyanescapemechanismspecifictothedatabasevendoritselflikemysql_real_escape_string（）forMySQL.

PHPdoesnothavecompletenativesupportforUnicodeormultibytestrings;UnicodesupportwillbeincludedinPHP6.ManyhighprofileopensourceprojectsceasedtosupportPHP4innewcodeasofFebruary5,2008,duetotheGoPHP5initiative,providedbyaconsortiumofPHPdeveloperspromotingthetransitionfromPHP4toPHP1397Itrunsinboth32-bitand64-bitenvironments,butonWindowstheonlyofficialdistributionis32-bit,requiringWindows32-bitcompatibilitymodetobeenabledwhileusingIISina64-bitWindowsenvironment.Thereisathird-partydistributionavailablefor64-bitWindows.

PHPisageneral-purposescriptinglanguagethatisespeciallysuitedforwebdevelopment.PHPgenerallyrunsonawebserver,takingPHPcodeasitsinputandcreatingwebpagesasoutput.Itcanalsobeusedforcommand-linescriptingandclient-sideGUIapplications.PHPcanbedeployedonmostwebservers,manyoperatingsystemsandplatforms,andcanbeusedwithmanyrelationaldatabasemanagementsystems.Itisavailablefreeofcharge,andthePHPGroupprovidesthecompletesourcecodeforuserstobuild,customizeandextendfortheirownuse.

PHPprimarilyactsasafilter,takinginputfromafileorstreamcontainingtextand/orPHPinstructionsandoutputsanotherstreamofdata;mostcommonlytheoutputwillbeHTML.Itcanautomaticallydetectthelanguageoftheuser.FromPHP4,thePHPparsercompilesinputtoproducebytecodeforprocessingbytheZendEngine,givingimprovedperformanceoveritsinterpreterpredecessor.

Originallydesignedtocreatedynamicwebpages,PHP'sprincipalfocusisserver-sidescripting,anditissimilartootherserver-sidescriptinglanguagesthatprovidedynamiccontentfromawebservertoaclient,suchasMicrosoft'sActiveServerPages,SunMicrosystems'JavaServerPages,andmod_perl.PHPhasalsoattractedthedevelopmentofmanyframeworksthatprovidebuildingblocksandadesignstructuretopromoterapidapplicationdevelopment（RAD）.SomeoftheseincludeCakePHP,Symfony,CodeIgniter,andZendFramework,offeringfeaturessimilartootherwebapplicationframeworks.

TheLAMParchitecturehasbecomepopularinthewebindustryasawayofdeployingwebapplications.PHPiscommonlyusedasthePinthisbundlealongsideLinux,ApacheandMySQL,althoughthePmayalsorefertoPythonorPerl.

AsofApril2007,over20millionInternetdomainswerehostedonserverswithPHPinstalled,andPHPwasrecordedasthemostpopularApachemodule.SignificantwebsitesarewritteninPHPincludingtheuser-facingportionofFacebook,Wikipedia,PHPcanbeusedtocreatestand-alone,compiledapplicationsandlibraries,itcanbeusedforshellscripting,andthePHPbinariescanbecalledfromthecommandline.

Aswithmanyscriptinglanguages,PHPscriptsarenormallykeptashuman-readablesourcecode,evenonproductionwebservers.Inthiscase,PHPscriptswillbecompiledatruntimebythePHPengine,whichincreasestheirexecutiontime.PHPscriptsareabletobecompiledbeforeruntimeusingPHPcompilersaswithotherprogramminglanguagessuchasC（thelanguagePHPanditsextensionsarewrittenin）.

Codeoptimizersaimtoreducethecomputationalcomplexityofthecompiledcodebyreducingitssizeandmakingotherchangesthatcanreducetheexecutiontimewiththeoverallgoalofimprovingperformance.ThenatureofthePHPcompilerissuchthatthereareoftenopportunitiesforcodeoptimization,andanexampleofacodeoptimizeristheZendOptimizerPHPextension.

AnotherapproachforreducingoverheadforhighloadPHPserversisusingPHPaccelerators.ThesecanoffersignificantperformancegainsbycachingthecompiledformofaPHPscriptinsharedmemorytoavoidtheoverheadofparsingandcompilingthecodeeverytimethescriptruns.

 TheNationalVulnerabilityDatabasestoresallvulnerabilitiesfoundincomputersoftware.TheoverallproportionofPHP-relatedvulnerabilitiesonthedatabaseamountedto:

12%in2003,20%in2004,28%in2005,43%in2006,36%in2007,and35%in2008.MostofthesePHP-relatedvulnerabilitiescanbeexploitedremotely:

theyallowhackerstostealordestroydatafromdatasourceslinkedtothewebserver（suchasanSQLdatabase）,sendspamorcontributetoDOSattacksusingmalware,whichitselfcanbeinstalledonthevulnerableservers.

Thesevulnerabilitiesarecausedmostlybynotfollowingbestpracticeprogrammingrules:

technicalsecurityflawsofthelanguageitselforofitscorelibrariesarenotfrequent.Recognizingthatprogrammerscannotbetrusted,somelanguagesincludetaintcheckingtodetectautomaticallythelackofinputvalidationwhichinducesmanyissues.SuchafeatureisbeingdevelopedforPHP.AlthoughitmaybeincludedinmainstreamPHPinafuturerelease,itsinclusionhasbeenrejectedseveraltimesinthepast.

HostingPHPapplicationsonaserverrequiresacarefulandconstantattentiontodealwiththesesecurityrisks.ThereareadvancedprotectionpatchessuchasSuhosinandHardening-Patch,especiallydesignedforwebhostingenvironments.InstallingPHPasaCGIbinaryratherthanasanApachemoduleisthepreferredmethodforaddedsecurity.

Withrespecttosecuringthecodeitself,PHPcodecanbeobfuscatedtomakeitdifficulttoreadwhileremainingfunctional.

Syntax-highlightedPHPcodeembeddedwithinHTMLPHPonlyparsescodewithinitsdelimiters.AnythingoutsideitsdelimitersissentdirectlytotheoutputandisnotparsedbyPHP.Themostcommondelimitersare

phpand?

>,whichareopenandclosedelimitersrespectively.anddelimitersarealsoavailable.ShorttagscanbeusedtostartPHPcode,

or

=（whichisusedtoechobackastringorvariable）andthetagtoendPHPcode,?

>.Thesetagsarecommonlyused,butlikeASP-styletags（<%or<%=and%>）,theyarelessportableastheycanbedisabledinthePHPconfiguration.Forthisreason,theuseofshorttags