Slashdot Mirror

← Back to Stories (view on slashdot.org)

As PHP 5.6, Still Used By a Large Number of Websites, Approaches Its End of Life Deadline, Some Worry About the Consequences (linkedin.com)

Posted by msmash on from the ticking-time-bomb dept.

An anonymous reader writes: I know PHP isn't to some devs liking, but chances are you know people who work with PHP or have sites that are built with it. PHP 5.6 and 7.0 are shortly coming to the end of the support period for security patches, so what plans have you made to migrate code and sites to newer platforms? With apparently huge numbers (80%) of sites still running PHP 5.6, there appears to be little industry acknowledgement of the issue. Is there a ticking PHP Time Bomb waiting to go off?

5 of 151 comments (clear)

  1. Not just 5.6 by Ubi_NL · · Score: 4, Interesting

    The current RedHat 7 ships PHP5.4 (or lower) by default. Adding 5.6 means adding a non-standard repo and thus tainting your update environment. Can be done but not classy.

    Having said that, I run a small ISP with many tiny NGOs as customers. All these sites were developed for PHP5.2 or something by "Bob" who left and nobody has the money or expertise to update the site to PHP5.6 or higher. If I force an upgrade I effectively kill over 300 websites that are pretty much running fine, despite the vulnerabilities puslished. Remember that most of these customers have ever even heard of PHP or what it is supposed to be doing, and they care even less as they are not IT people.

    --

    If an experiment works, something has gone wrong.
    1. Re:Not just 5.6 by citylivin · · Score: 4, Informative

      "Besides... Didn't 'Bob' document what he did? If not why wasn't he made to?

      I get kinda tired of this 'no money, no expertise, no documentation, but it has to be kept running!'. No, it doesn't."

      Just wondering if you or anyone else that blames this sysadmin has ever done tech support for small businesses or non profits. They aren't going to spend 10k redoing their websites that are currently working fine.

      I can tell them they should do it all day and night and they will say "thank you for the info, but we have other priorities". So there is only so much a sysadmin can do. Charities do not have money. I assume NGO means charity in some respect. They are not proactive at all and generally know nothing about technology. You can make the director aware of the issue, but thats about it. Unless you want to be fixing it for free.

      And yeah no one makes any documentation. That's the real world yo, not some kind of college course textbook fantasy where your knowledge evidently comes from. Charities often get things like web development done for free or extremely cheap. There is no budget to maintain the site and certainly not to hire a web developer for anything more than a small contract.

      --
      As a potential lottery winner, I totally support tax cuts for the wealthy
  2. Explain That to Clients... by michiganbob · · Score: 5, Insightful

    I know there are still sites out there that run on PHP 5.6 (and earlier!) that should really be moved on, either updated for PHP 7.2 or if the code is unmaintainable due to years of abuse by developers, simply rebuilt in a modern framework.

    Sure, let me just go back to the hundreds of small businesses we've built websites for over the past 10 years and tell them their sites need to be "simply rebuilt". I promise you that 95% of them will see no problem with leaving their PHP 5.6, 5.4, 5.2, etc... websites alone because "they still work fine". Why would they pay us money to rebuild them?

    The older websites probably have horrible looking admin interfaces making work flow slow and cumbersome...

    Maybe, but the site owners know how to use that admin interface, and getting them to that point was like pulling teeth. Now you want to train them on a brand new interface? Good luck.

    I'm not saying this guy doesn't have some points, just that he doesn't seem to live in the real world.

  3. Migrating to PHP 7: Backward incompatible changes by tepples · · Score: 5, Informative

    I would expect a simple update guide with breaking changes and simple resolutions.

    Expected it, got it. Google Search for php 7.0 breaking changes returned this section of the official migration guide as the first result.

  4. Re:error_reporting by eriks · · Score: 4, Interesting

    That's true, unless the code uses the (LONG deprecated) mysql_* functions. Though even that is actually trivial to fix, since PHP7 supports built-in function overloading, and since good code will abstract database calls anyway, even switching to one of the newer DB methods should be pretty straightforward.

    I maintain code that was actually written for PHP3/4. Migrating to PHP5 was frustrating, mostly because some of the the breaking changes involved REALLY basic stuff (they broke array indexing!), and weren't rolled out with the first version of PHP5, but came out in dribs and drabs in the point releases. Migrating to PHP7 is really not that bad by comparison, and PHP7 fixes most of the really bad warts in the language.

    Granted this code was originally written almost exclusively by me, and I was/am a Perl/C programmer so the code looks more like C-style Perl than most PHP code.

    PHP3 was *nasty* and I went into the project kicking and screaming, but I was part of a team that outvoted me. I wanted to write the thing in Perl. Almost 20 years later, the code still works, is maintainable/customizable, and the language itself is much less nasty than it was then.