There's an interesting article titled "How to fix Mom's computer", check it out. This is a ritual many of us go through during visits and this article sums it up beautifully.
Just a FYI, barring any setbacks the PHP 5.0.1 image extension will again have GIF write support and it's always had GIF read support. Also, keep in mind that PHP bundles its own modified version of the GD library (from boutell), it's even recommended/preferred. Minor versions of PHP don't add new features but this is seen as a worthy exception.
As for the code submitted in this thread, just use function_exists() on a GD2 specific function, such as imagecreatetruecolor(), much more efficient;)
The password will never show up in any PHP error, ever. Username, it might. Host, possible. But never the password. Perhaps you mean the error will show a filename that contains the password and if some fool uses, for example, plain text files outside of the docroot to store them...well...they sorta deserve the headache;) I agree about error handling (like not allowing PHP to spew ugly errors) but wanted to make it clear that PHP itself won't emit DB passwords (yes I know it was just an example, but I didn't like the example:).
MySQL client libraries have been included/bundled with PHP for a long time now, and MySQL support was enabled by default. As of PHP 5, these client libraries are no longer bundled, and MySQL is not enabled by default. This essentially makes MySQL support like any other PHP extension, nothing special. To install, simply download MySQL and configure PHP with --with-mysql. Not a big deal. You do the same for PgSQL, CURL, TIDY, GD, etc.
You'll notice that the license issue isn't the only reason PHP 5 stopped bundling these MySQL libraries so I assume despite this license change PHP 5 will not bundle MySQL by default. One might say the marriage continues to exist...but that it's no longer "forced" onto people.
There's a similar Open Source award (although no fat sacks of cash included). Just a few days ago the ActiveState Active Awards were handed out at OSCON. These awards are given to those actively contributing in the Open Source world.
Re:REGISTER_GLOBALS and why fixing is not fixing
on
PHP 5 Beta 1
·
· Score: 1
It doesn't overwrite existing variables, which is why inializing variables is a good thing. register_globals is only dangerous to poorly written code, which sometimes newbies like to do.
Re:REGISTER_GLOBALS and why fixing is not fixing
on
PHP 5 Beta 1
·
· Score: 1
The point isn't that the data is insecure, or that turning it off will magically make scripts more secure, but the point is users can write code with no clue where the variables are coming from, and this is especially dangerous for newbies. How many newbies initialize variables? Or even validate request data? Not very many. One can write insecure code with it on, and insecure code with it off. And secure code with it on or off. Also turning it off makes your PHP consume much less memory from hundreds of variables that you'll never use.
You don't really understand the true argument for the change, or how difficult of a decision it was.
Re:PHP fragmentation, lack of cohesion
on
PHP 5 Beta 1
·
· Score: 2, Insightful
BOGUS.
First of all, the superglobals you speak of were introduced in PHP 4.1.0 not 4.2.0, and register_globals was turned off by DEFAULT (default being the keyword there) as of PHP 4.2.0, not 4.0.6. And this is not the reason why ISP's don't upgrade as configurations can be changed. This is why announcements announce these changes, why./configure mentions it, and why it's so heavily documented. This is also why PHP has a file named php.ini
Regarding complexity, the new PHP 5 features are OPTIONAL, you do NOT have to use OOP at all. It's your choice. You, the user, are given choices, so it's up to you to use whatever you want. The backwards compatibility remark is funny as a typical member of the PHP-DEV team is very aware of BC and tries abnormally hard to keep it. There is even a PHP 5 directive named zend2.implicit_clone to help out with these ZE2 changes.
Basically, this post is silly and the "insightful" rating is bogus. Your typical naysayer hard at work.
This post has some problems as there is no such thing as a CLI dll... In Windows you have two php.exe binaries, the cli in the cli/ folder, and the cgi in the root php source folder. The CLI WILL NOT work with the web server, it's a Command Line Interface.
Regarding the DLL, you are referring to SAPI modules, not CLI. And yes, using them is preferred (although depends on who you ask:) but this topic is not related to this thread on the PHP 5 Beta.
PHP 5 isn't really documented in the PHP 5 manual yet as there are still a few features on the move, and new features to come, but here's a list of PHP 5 related articles and presentations:
Re:Most needed feature for newbies......
on
PHP 4.3.0 Released
·
· Score: 2, Informative
This is on the TODO but all the information is included on every man page currently. New parameters and changes to parameters are in the form of notes on each given doc page. So all the information you ask for is already available, just not in a consistant form. Yet. This is a big job, would you like to help?:)
Check out this interview, it explains a bit about what happened with deja/google :
Interview with Monika Henzinger
Essentially, here's an excerpt :
We had Google engineers working very, very hard to get the service out by the time that Deja said they would shut down, in February.
At first it was not clear when Deja actually would shut down. Suddenly it was like, "Now it's going to happen next week," so we had to go live with whatever we had. We did not want the service to be down at all, so we decided to go live and then gradually improve it. You couldn't post initially, but now people can post again. We had to rewrite all the code.
What is your definition of "non sellout" ? It's easy to say "boo" but how about a potential solution? I guess selling out for you means "earning any sort of revenue" whether for profit or expenses. That said, I disagree and feel you're mixing facts with assumptions.
Slashdot Mirror
A version of the Hardened PHP patch will [most likely] exist in PHP (by default) as of PHP 6.0.0.
There's an interesting article titled "How to fix Mom's computer", check it out. This is a ritual many of us go through during visits and this article sums it up beautifully.
Just a FYI, barring any setbacks the PHP 5.0.1 image extension will again have GIF write support and it's always had GIF read support. Also, keep in mind that PHP bundles its own modified version of the GD library (from boutell), it's even recommended/preferred. Minor versions of PHP don't add new features but this is seen as a worthy exception.
;)
As for the code submitted in this thread, just use function_exists() on a GD2 specific function, such as imagecreatetruecolor(), much more efficient
For a list of PHP 5 related tutorials and articles check out this faqt or simply look around the faqts PHP 5 section.
The password will never show up in any PHP error, ever. Username, it might. Host, possible. But never the password. Perhaps you mean the error will show a filename that contains the password and if some fool uses, for example, plain text files outside of the docroot to store them...well...they sorta deserve the headache ;) I agree about error handling (like not allowing PHP to spew ugly errors) but wanted to make it clear that PHP itself won't emit DB passwords (yes I know it was just an example, but I didn't like the example :).
MySQL client libraries have been included/bundled with PHP for a long time now, and MySQL support was enabled by default. As of PHP 5, these client libraries are no longer bundled, and MySQL is not enabled by default. This essentially makes MySQL support like any other PHP extension, nothing special. To install, simply download MySQL and configure PHP with --with-mysql. Not a big deal. You do the same for PgSQL, CURL, TIDY, GD, etc.
q .databases.mysql.php5
An official FAQ on this issue can be seen here:
http://us2.php.net/manual/en/faq.databases.php#fa
You'll notice that the license issue isn't the only reason PHP 5 stopped bundling these MySQL libraries so I assume despite this license change PHP 5 will not bundle MySQL by default. One might say the marriage continues to exist...but that it's no longer "forced" onto people.
A resource where people post and view "unix tips" can be seen here: www.unixtips.org
Not sure where I got this classic but I believe it's the Microsoft team from 1978:
Microsoft Team - 1978
There's a similar Open Source award (although no fat sacks of cash included). Just a few days ago the ActiveState Active Awards were handed out at OSCON. These awards are given to those actively contributing in the Open Source world.
It doesn't overwrite existing variables, which is why inializing variables is a good thing. register_globals is only dangerous to poorly written code, which sometimes newbies like to do.
The point isn't that the data is insecure, or that turning it off will magically make scripts more secure, but the point is users can write code with no clue where the variables are coming from, and this is especially dangerous for newbies. How many newbies initialize variables? Or even validate request data? Not very many. One can write insecure code with it on, and insecure code with it off. And secure code with it on or off. Also turning it off makes your PHP consume much less memory from hundreds of variables that you'll never use.
b als.php
You should read this:
http://www.php.net/manual/en/security.registerglo
You don't really understand the true argument for the change, or how difficult of a decision it was.
BOGUS.
./configure mentions it, and why it's so heavily documented. This is also why PHP has a file named php.ini
First of all, the superglobals you speak of were introduced in PHP 4.1.0 not 4.2.0, and register_globals was turned off by DEFAULT (default being the keyword there) as of PHP 4.2.0, not 4.0.6. And this is not the reason why ISP's don't upgrade as configurations can be changed. This is why announcements announce these changes, why
Regarding complexity, the new PHP 5 features are OPTIONAL, you do NOT have to use OOP at all. It's your choice. You, the user, are given choices, so it's up to you to use whatever you want. The backwards compatibility remark is funny as a typical member of the PHP-DEV team is very aware of BC and tries abnormally hard to keep it. There is even a PHP 5 directive named zend2.implicit_clone to help out with these ZE2 changes.
Basically, this post is silly and the "insightful" rating is bogus. Your typical naysayer hard at work.
This post has some problems as there is no such thing as a CLI dll... In Windows you have two php.exe binaries, the cli in the cli/ folder, and the cgi in the root php source folder. The CLI WILL NOT work with the web server, it's a Command Line Interface.
:) but this topic is not related to this thread on the PHP 5 Beta.
Regarding the DLL, you are referring to SAPI modules, not CLI. And yes, using them is preferred (although depends on who you ask
PHP 5 isn't really documented in the PHP 5 manual yet as there are still a few features on the move, and new features to come, but here's a list of PHP 5 related articles and presentations:
Faq: Where can I get more information about PHP5?
Enjoy!
It's always been the plan to put the zend2 engine in PHP5. Most likely PHP5 will follow 4.3.x so stay tuned :-)
And for people unable to read a prototype yet, this too is documented here:
How to read a function definition (prototype)
This is on the TODO but all the information is included on every man page currently. New parameters and changes to parameters are in the form of notes on each given doc page. So all the information you ask for is already available, just not in a consistant form. Yet. This is a big job, would you like to help? :)
--
Everyone here is so negative, sheesh.
.sig --
--
What is your definition of "non sellout" ? It's easy to say "boo" but how about a potential solution? I guess selling out for you means "earning any sort of revenue" whether for profit or expenses. That said, I disagree and feel you're mixing facts with assumptions.
.sig --
--
Obviously you've not seen Strange Brew.
.sig --
--
Well, the printable version is one page, read it.
.sig --
--
link: Florida Exit Polls by CNN.
Although imho exit polls are bogus.
.sig --
--
Link : A Vote For Nader Is .36 Of A Vote For Bush
It really is pretty damn funny.
.sig --
--