The so-called "PHP" is an open source web application development/running environment. Recently, a reporter from "Nikkei Open System" interviewed Zeev Suraski, a member of the center, about the future development plans of the PHP development center. Zeev Suraski said that the new version of PHP will import try, catch and other statements, making it closer to Java and making it easier to develop large systems. (Interviewer: Nobu Takahashi)
--Please tell us about the reasons why you decided to develop PHP.
Rasmus Lerdorf first announced PHP in 1995. In 1997, when I was making the Israeli University web page and online store site, I used a tool called PHP/FI (Personal Home Page/Form Interpreter) at the time, and that's when I started to come into contact with PHP. During the use, a big bug was discovered. Since the source code is public, I investigated the cause of the bug and made modifications. During the investigation, I found that there is still a lot of room for improvement. So I modified the PHP/FI script execution engine with Andi Gutmans, who was working on the project together at the time. After the modified execution engine was handed over to Lerdorf, it became the official execution engine of the new version of PHP3.0.
By improving the script execution engine, we have developed a faster Zend Engine. The name Zend is a combination of Zeev and Andi. PHP embedded with Zend Engine is the current version PHP4. The original program was interpreted and executed while being read, but later it was changed to interpreted once per execution cycle. Therefore, the same interpretation process must be performed 100 times to execute 100 cycles. Zend Engine interprets the script of the entire file at the beginning and then starts execution. Because the interpretation process is significantly reduced, execution speed is greatly improved.
PHP4 was downloaded 265,000 times within 2 months after its release. According to statistics from the American research company Netcraft, PHP is currently installed on at least 6 million domain name servers.
I think the main reason why PHP is popular among people is that it is simple and practical. Someone once said in an email to me: "Although I have no programming experience, I wrote a simple program using PHP in only 3 hours." This is not possible with Java. In addition, PHP was developed for the WWW, so it can also handle cookies and forms easily.
PHP is free and will continue to be released for free in the future. However, considering the requirements of commercial costs and supporting products, Zend Israel was established in 1999 and developed high-speed PHP software and comprehensive development tools for sale.
--What functions are planned to be expanded in the new version of PHP5 scheduled to be released at the end of 2002?
Object-oriented functionality will be further improved to make the development of large systems easier. Although PHP already has classes and subclasses, etc., PHP5 will be closer to Java. Special processing statement structures in Java such as try and catch will be introduced.
In PHP4, functions are used as variables and will not change even if an object is given. PHP can perform standard assignment, and objects can also be assigned values, so the function value is not the object itself, but a copied value. When a function needs to be changed to an object value, it is necessary to add an "&" symbol before the object as a variable to specifically prompt it. There is no need for such a prompt in Java, and PHP5 uses the same pattern as Java.
In addition, PHP5 also imports name space (Name Space). After the name space is determined, the valid range of functions, variables, and class names are limited to the name space. When the name range is clear, duplicate names can be ignored when using variable and function names, which also facilitates the development of large programs.
The new feature called "stream" is also a convenient feature. It allows files on the WWW server and ftp server to use the same function as local files. That is, fopen(local filename) can be used like fopen(hppt://hostname/filename). Compressed files can be processed like normal non-compressed files. And there is no need to wait for PHP5, "stream" will be installed in PHP4 released in the future.
--Some people pointed out that because PHP is HTML embedded, it is difficult to separate the presentation from the logical part like Java, and it is difficult to achieve modularization.
In fact, using PHP can completely separate the display and logic parts. PHP has a function to call out Java objects. You can use PHP as the display layer and Java objects as the logic layer.
Another method is to use the template library Smarty. Smarty is a tool for dynamically generating HTML from HTML templates. Even if there is no PHP logic written in HTML, PHP running results that conform to HTML can still be generated.
However, this does not mean that it is advantageous to separate display and logic in any case. For example, when developing a small system, it becomes more complex after separation, making it difficult to grasp the whole, which ultimately affects development efficiency. This is the disadvantage.
--At the end of February 2002, PHP was found to have serious security vulnerabilities.
PHP has not had a serious security vulnerability in 5 years, but unfortunately, a problem with the file upload function was discovered at the end of February.
We believe that security is of paramount importance and have taken 2 measures: First, we produced and published a patch within 30 hours of receiving the security vulnerability report. No software can guarantee that security vulnerabilities will never occur. If serious security vulnerabilities are discovered in the future, we will still do our best to take remedial measures quickly.
Secondly, we have started to check the source code of PHP and launched security checks. Even if it is not your own security vulnerability, you should check and correct the parts that may cause problems.