Slashdot Mirror
PHP 4.3.2 Released
seldo writes "Everyone's favourite scripting language ;-) has released an update. From their site: 'The PHP developers are proud to announce the immediate availability of PHP 4.3.2. This release contains a huge number of bug fixes and is a strongly recommended update for all users of PHP. Full list of fixes can be found in the NEWS file.' This incremental release also has useful additions, such as updating to support GD 2.0.12."
PHP and Apache 2.0 play together nicely. However, some third-party libraries that extend PHP's core functionality do NOT play nicely in a threaded environment. Solution: Run Apache 2.0 in prefork mode.
I combed through the changenotes and here are the ones that I thought were among the most important:
# Added a new Apache 2 SAPI module (apache2handler) based on the old version (apache2filter).
# Fixed several 64-bit problems
# Fixed bug #22672 (User not logged under Apache2). (Ian)
# Fixed bug #22989 (sendmail not found by configure). (igyu@ionsphere.org)
# Fixed bug #17098 (make Apache2 aware that PHP scripts should not be cached). (Ilia)
# Fixed bug #20802 (PHP would die silently when memory limit reached). (Ilia)
# Fixed bug #21498 (mysql_pconnect connection problems). (Georg)
http://tinyurl.com/4ny52
The last sentence on the right of the main PHP page says:
You're confusing one Apache propject (namely, the webserver) with the entire suite of Apache software.
"The evil of the world is made possible by nothing but the sanction you give it." -- Ayn Rand
The same might be said for C. How many inexperienced C programmers have you seen do something like this:
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[1024];
if (argc > 1)
{
strcpy(buffer, argv[1]);
}
return 0;
}
register_globals was never a good idea. That's why it's been off by default for the past several releases. Unless you're using placeholders in your SQL, nearly every Web app has the potential to be susceptable to bad things:
$db->execute("SELECT * FROM my_table WHERE id = $userInput");
vs.
$db->execute('SELECT * FROM my_table WHERE id =
This is not limited to the 'Nukes or PHP. Perl, Python, C, Java, etc. all suffer from the same problem.
moto411.com
how can this post be modded as troll when he has a very valid point?
.NET, VBScript, and yes PERL. I have seen plenty of bastardized perl. Yes perl monkeys, people can abuse your shitty language too. You can write shitty code in ANY language. (visual c++ comes to mind)
Easy, because the same could be said of ASP,
You'll have that sometimes...
There's a list of commonly used libraries on the Apache Web site, but it's full of question marks, and postgres isn't mentioned.
a d_ safety.html#commonlibs
http://httpd.apache.org/docs-2.1/developer/thre
The list really addresses the issue of linking the libraries directly with Apache, but I presume it's the same issue as indirectly linking through PHP.
libmysqlclient is thread-safe if compiled with the proper flags.
Mainly because $userInput could be something like '"foo" or creditCard not null' to get a listing of every record with a credit card field in that table.
Dewey, what part of this looks like authorities should be involved?