PHP: Hypertext Preprocessor is a widely used, general-purpose scripting language that was originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document. As a general-purpose programming language, PHP code is processed by an interpreter application in command-line mode performing desired operating system operations and producing program output on its standard output channel. It may also function as a graphical application. PHP is available as a processor for most modern web servers and as a standalone interpreter on most operating systems and computing platforms.
PHP was originally created by Rasmus Lerdorf in 1995[1][2] and has been in continuous development ever since. The main implementation of PHP is now produced by the PHP Group and serves as the de facto standard for PHP as there is no formal specification.[3] PHP is free software released under the PHP License.
Friday, August 27, 2010
WHAT IS PHP
PHP originally stood for personal home page.[3] Its development began in 1994 when the Danish/Greenlandic programmer Rasmus Lerdorf initially created a set of Perl scripts he called 'Personal Home Page Tools' to maintain his personal homepage, including tasks such as displaying his résumé and recording how much traffic his page was receiving.[3][4][5]
He rewrote these scripts as C programming language Common Gateway Interface (CGI) binaries, extending them to add the ability to work with web forms and to communicate with databases and called this implementation 'Personal Home Page/Forms Interpreter' or PHP/FI. PHP/FI could be used to build simple, dynamic web applications. Lerdorf released PHP/FI as 'Personal Home Page Tools (PHP Tools) version 1.0' publicly on June 8, 1995, to accelerate bug location and improve the code.[6] This release already had the basic functionality that PHP has today. This included Perl-like variables, form handling, and the ability to embed HTML. The syntax was similar to Perl but was more limited and simpler, although less consistent.[3] A development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997.
Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism PHP: Hypertext Preprocessor.[3] Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend Engine in 1999.[7] They also founded Zend Technologies in Ramat Gan, Israel.[3]
On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released.[3] As of August 2008 this branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates be released.[8][9]
On July 13, 2004, PHP 5 was released, powered by the new Zend Engine II.[3] PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects (PDO) extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements.[10] In 2008 PHP 5 became the only stable version under development. Late static binding had been missing from PHP and was added in version 5.3.[11][12]
A new major version has been under development alongside PHP 5 for several years. This version was originally planned to be released as PHP 6 as a result of its significant changes, which included plans for full Unicode support. However, Unicode support took developers much longer to implement than originally thought, and the decision was made in March 2010[13] to move the project to a branch, with features still under development moved to a trunk.
Changes in the new code include the removal of register_globals,[14] magic quotes, and safe mode.[8][15] The reason for the removals was that register_globals had given way to security holes, and the use of magic quotes had an unpredictable nature, and was best avoided. Instead, to escape characters, magic quotes may be replaced with the addslashes() function, or more appropriately an escape mechanism specific to the database vendor itself like mysql_real_escape_string() for MySQL. Functions that will be removed in future versions and have been deprecated in PHP 5.3 will produce a warning if used.[16]
Many high-profile open-source projects ceased to support PHP 4 in new code as of February 5, 2008, because of the GoPHP5 initiative,[17] provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.[18][19]
PHP currently does not have native support for Unicode or multibyte strings; Unicode support is under development for a future version of PHP and will allow strings as well as class, method, and function names to contain non-ASCII characters.[20][21]
PHP interpreters are available on both 32-bit and 64-bit operating systems, but on Microsoft Windows the only official distribution is a 32-bit implementation, requiring Windows 32-bit compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform. As of PHP 5.3.0, experimental 64-bit versions are available for MS Windows.[22]
[edit] Licensing
PHP is free software released under the PHP License, which insists that:
• The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission.[23]
This makes it incompatible with the GNU General Public License (GPL) because restrictions exist regarding the use of the term PHP.[24]
[edit] Release history
[edit] Usage
PHP is a general-purpose scripting language that is especially suited to server-side web development where PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content. It can also be used for command-line scripting and client-side GUI applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems. It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.[31]
PHP primarily acts as a filter,[32] taking input from a file or stream containing text and/or PHP instructions and outputs another stream of data; most commonly the output will be HTML. Since PHP 4, the PHP parser compiles input to produce bytecode for processing by the Zend Engine, giving improved performance over its interpreter predecessor.[33]
Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting,[34] and it is similar to other server-side scripting languages that provide dynamic content from a web server to a client, such as Microsoft's Active Server Pages, Sun Microsystems' JavaServer Pages,[35] and mod_perl. PHP has also attracted the development of many frameworks that provide building blocks and a design structure to promote rapid application development (RAD). Some of these include CakePHP, Symfony, CodeIgniter, and Zend Framework, offering features similar to other web application frameworks.
The LAMP architecture has become popular in the web industry as a way of deploying web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python or Perl or some combination of the three. WAMP packages (Windows/ Apache/ MySQL / PHP) are also available.
As of April 2007, over 20 million Internet domains had web services hosted on servers with PHP installed and mod_php was recorded as the most popular Apache HTTP Server module.[36] Significant websites are written in PHP including the user-facing portion of Facebook,[37] Wikipedia (MediaWiki),[38] Digg,[39] Joomla, eZ Publish, WordPress,[40] Drupal [41] and Moodle.[42]
[edit] Security
The National Vulnerability Database maintains a list of vulnerabilities found in computer software. The overall proportion of PHP-related vulnerabilities on the database amounted to: 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, 35% in 2008, and 30% in 2009.[43] Most of these PHP-related vulnerabilities can be exploited remotely: they allow crackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.
These vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language itself or of its core libraries are not frequent (23 in 2008, about 1% of the total). [44][45] Recognizing that programmers cannot be trusted, some languages include taint checking to detect automatically the lack of input validation which induces many issues. Such a feature is being developed for PHP,[46] but its inclusion in a release has been rejected several times in the past.[47][48]
Hosting PHP applications on a server requires a careful and constant attention to deal with these security risks.[49] There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.[50]
[edit] Syntax
Main article: PHP syntax and semantics
PHP Test
echo "Hello World";
/* echo("Hello World"); works as well, although echo isn't a
function, but a language construct. In some cases, such
as when multiple parameters are passed to echo, parameters
cannot be enclosed in parentheses. */
?>
PHP code embedded within HTML code
PHP only parses code within its delimiters. Anything outside its delimiters is sent directly to the output and is not processed by PHP (although non-PHP text is still subject to control structures described within PHP code). The most common delimiters are to close PHP sections. delimiters are also available, as are the shortened forms as well as ASP-style short forms <% or <%= and %>. While short delimiters are used, they make script files less portable as their purpose can be disabled in the PHP configuration, and so they are discouraged.[51] The purpose of all these delimiters is to separate PHP code from non-PHP code, including HTML.[52]
The first form of delimiters, , in XHTML and other XML documents, creates correctly formed XML 'processing instructions'.[53] This means that the resulting mixture of PHP code and other markup in the server-side file is itself well-formed XML.
Variables are prefixed with a dollar symbol and a type does not need to be specified in advance. Unlike function and class names, variable names are case sensitive. Both double-quoted ("") and heredoc strings allow the ability to embed a variable's value into the string.[54] PHP treats newlines as whitespace in the manner of a free-form language (except when inside string quotes), and statements are terminated by a semicolon.[55] PHP has three types of comment syntax: /* */ marks block and inline comments; // as well as # are used for one-line comments.[56] The echo statement is one of several facilities PHP provides to output text (e.g. to a web browser).
In terms of keywords and language syntax, PHP is similar to most high level languages that follow the C style syntax. If conditions, for and while loops, and function returns are similar in syntax to languages such as C, C++, Java and Perl.
[edit] Data types
PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Unsigned integers are converted to signed values in certain situations; this behavior is different from other programming languages.[57] Integer variables can be assigned using decimal (positive and negative), octal, and hexadecimal notations. Floating point numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation.[58] PHP has a native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C++.[58] The null data type represents a variable that has no value. The only value in the null data type is NULL.[58] Variables of the "resource" type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension; examples include file, image, and database resources.[58] Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled.[58] PHP also supports strings, which can be used with single quotes, double quotes, or heredoc syntax.[59]
The Standard PHP Library (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.[60]
[edit] Functions
PHP has hundreds of base functions and thousands more via extensions. These functions are well documented on the PHP site; however, the built-in library has a wide variety of naming conventions and inconsistencies. PHP currently has no functions for thread programming, although it does support multiprocess programming on POSIX systems.[61]
[edit] 5.2 and earlier
Functions are not first-class functions and can only be referenced by their name, directly or dynamically by a variable containing the name of the function.[62] User-defined functions can be created at any time without being prototyped.[62] Functions can be defined inside code blocks, permitting a run-time decision as to whether or not a function should be defined. Function calls must use parentheses, with the exception of zero argument class constructor functions called with the PHP new operator, where parentheses are optional. PHP supports quasi-anonymous functions through the create_function() function, although they are not true anonymous functions because anonymous functions are nameless, but functions can only be referenced by name, or indirectly through a variable $function_name();, in PHP.[62]
[edit] 5.3 and newer
PHP gained support for closures. True anonymous functions are supported using the following syntax:
function getAdder($x) {
return function ($y) use ($x) {
return $x + $y;
};
}
$adder = getAdder(8);
echo $adder(2); // prints "10"
Here, the getAdder() function creates a closure using the parameter $x (the keyword "use" imports a variable from the lexical context), which takes an additional argument $y and returns it to the caller. Such a function is a first class object, that means, it can be stored, passed as a parameter to other functions, etc. For more details see Lambda functions and closures RFC.
The goto flow control statement is used as follows:
function lock() {
$file = fopen('file.txt', 'r+');
retry:
if (!flock($file, LOCK_EX)) {
goto retry;
}
fwrite($file, 'Success!');
fclose($file);
return 0;
}
When lock() is called, PHP opens a file and tries to lock it. retry:, the target label, defines the point to which execution should return if flock() is unsuccessful and the goto retry; is called. goto is restricted and requires that the target label be in the same file and context.
[edit] Objects
Basic object-oriented programming functionality was added in PHP 3 and improved in PHP 4.[3] Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance.[63] In previous versions of PHP, objects were handled like value types.[63] The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and final classes as well as abstract methods and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with array syntax and objects implementing Iterator or IteratorAggregate can be used with the foreach language construct. There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.[64]
If the developer creates a copy of an object using the reserved word clone, the Zend engine will check if a __clone() method has been defined or not. If not, it will call a default __clone() which will copy the object's properties. If a __clone() method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports the properties of the source object, so that the programmer can start with a by-value replica of the source object and only override properties that need to be changed.[65]
Basic example of object-oriented programming as described above:
class Person {
public $first;
public $last;
public function __construct($f, $l) {
$this->first = $f;
$this->last = $l;
}
public function greeting() {
return "Hello, my name is {$this->first} {$this->last}.";
}
static public function staticGreeting($first, $last) {
return "Hello, my name is {$first} {$last}.";
}
}
$him = new Person('John', 'Smith');
$her = new Person('Sally', 'Davis');
echo $him->greeting(); // prints "Hello, my name is John Smith."
echo '
';
echo $her->greeting(); // prints "Hello, my name is Sally Davis."
echo '
';
echo Person::staticGreeting('Jane', 'Doe'); // prints "Hello, my name is Jane Doe."
[edit] Visibility of properties and methods
The visibility of PHP properties and methods refers to visibility in PHP. It is defined using the keywords "public," "private," and "protected." The default is public, if only var is used; "var" is a synonym for "public." Public declared items can be accessed everywhere. Protected limits access to inherited classes (and to the class that defines the item). Private limits visibility only to the class that defines the item.[66] Objects of the same type have access to each others private and protected members even though they are not the same instances. PHP's member visibility features have sometimes been described as "highly useful."[67] However, they have also sometimes been described as "at best irrelevant and at worst positively harmful."[68]
[edit] Speed optimization
PHP source code is compiled on-the-fly to an internal format that can be executed by the PHP engine.[69][70] In order to speed up execution time and not have to compile the PHP source code every time the webpage is accessed, PHP scripts can also be deployed in executable format using a PHP compiler.
Code optimizers aim to reduce the runtime of the compiled code by reducing its size and making other changes that can reduce the execution time with the goal of improving performance. The nature of the PHP compiler is such that there are often opportunities for code optimization,[71] and an example of a code optimizer is the eAccelerator PHP extension.[72]
Another approach for reducing overhead for high load PHP servers is using an opcode cache. Opcode caches work by caching the compiled form of a PHP script (opcodes) in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. An opcode cache, APC, will be built into an upcoming release of PHP.[73] Opcode caching is also available in Zend Server Community Edition.
[edit] Compilers
The PHP language was originally implemented using a PHP interpreter. Several compilers now exist, which decouple the PHP language from the interpreter:
• phc - a C++ based compiler for PHP, using the Zend run-time for maximum compatibility
• Roadsend - achieves native compilation by compiling to bigloo scheme, which in turn is compiled to C, then to machine code
• Raven - a rewrite of Roadsend PHP (rphp), based on LLVM and a new C++ runtime
• Phalanger - compiles source code written in the PHP scripting language into CIL byte-code
• Caucho Resin/Quercus - compiles PHP to Java bytecode
• HipHop - developed at Facebook and now available as open source, transforms the PHP Script into C++, then compiles it.
• php-to-scala - converts PHP to human-readable Scala source code, which the developer can compile to Java bytecode
Advantages of compilation include not only better execution speed, but also obfuscation, static analysis, and improved interoperability with code written in other languages.[74]
[edit] Resources
PHP includes free and open source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing FTP servers, many database servers, embedded SQL libraries such as embedded PostgreSQL, MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as those in the stdio family are available in the standard PHP build.[75]
PHP allows developers to write extensions in C to add functionality to the PHP language. These can then be compiled into PHP or loaded dynamically at runtime. Extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Some more unusual features include integration with Internet Relay Chat, dynamic generation of images and Adobe Flash content, and even speech synthesis. The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.[76]
[edit] Background of phpWebSite
PhpWebSite began with the release of version 0.7.0 on January 29, 2001 as a fork of Phpnuke.
PhpWebSite 0.8.x implemented broad changes to Phpnuke, including the ability to install modules.
A complete rewrite of the phpWebSite began in March 2002. The goals were to remove all Phpnuke code, increase modularity, and allow multiple installs to run off a single hub of code. The developers released the rewrite as phpWebsite 0.9.0 stable on February 2, 2003.
0.10.0 was released on November 24, 2005. It contained the same core as 0.9.x, but new default modules, themes, features and bug fixes. The final release in this series was 0.10.2, which was not compatible with php5. An unreleased version .11 fixed compatibility issues, but development on this series has ceased.
PhpWebSite 1.x (codename:Fallout) began development in 2003 with the core and core modules rewritten again for new functionality and ease-of-use issues. The first edition 1.0.0 has been available since November 2006. The current version is 1.6.3, released in June 2009.
[edit] Features of phpWebSite
PhpWebSite is programmed using the PHP scripting language and utilizes PHP Extension and Application Repository (or PEAR) libraries. Versions 0.7.x to 0.10.x require a MySQL database. PhpWebSite 1.x.x supports PostgreSQL as well. It was written to run under the Apache HTTP Server.
PhpWebSite is a content management system (CMS) which is often used by community groups and education users. Although offered to the public, its focus is serving Appalachian State University. Electronic Student Services (ESS), a department at Appalachian State, developed phpWebSite to make it easier for staff to build and update their web sites. ESS also wished to standardize the Student Development web presence and make sure it complied with the Web Accessibility Initiative (WAI).
PhpWebSite is a customizable, modular package; each component can be installed, updated, or modified by the phpWebSite administrator. PhpWebSite extends the customization to the user with selectable themes and HTML templates.
Although PhpWebSite modules cover functions like blogging, photo galleries, and bulletin boards, they often are not as feature-rich as dedicated web programs such as Word Press, Gallery Project, or phpBB. ESS focuses on the core library files in order to ease internal module development. Since many modules focus on university users, the content modules suffer in complexity.
For more information, see the Features page at http://phpwebsite.appstate.edu/.
[edit] Major Components
phpWebSite provides components in these general categories:
[edit] Content Creation and Management Tools
These features enable administrators and users to create, display, and maintain online-accessible content including text, documents, files, images, links, and more.
[edit] Content Organization Tools and Navigation Aids
These features enable administrators and users to organize, structure, and present content in a manageable way.
[edit] Communication Tools
These features enable administrators and users to communicate with each other (and the outside world) by means of numerous media, including internal messaging, email, data interchange, and more.
[edit] Configuration Tools and Administration Tools
These features enable administrators (and users who have been given the appropriate permissions) to configure and administer all aspects of a phpWebSite site.
phpWebsite utilizes a control panel approach to manage content and administer the system. Permissions are granular meaning general content contributors have no access to the administrative functions.
There is some work to be done prior to installing, but phpWebsite does checks for you to determine if your version of PHP meets the minimum requirements and whether certain features are enabled/disabled. Once you get past that initial screen, installing is nearly automatic. phpWebsite requires a backend database, most commonly used is MySQL.
[edit] Development Tools
These features enable administrators (and users who have been given the appropriate permissions) to develop modules for phpWebSite.
In addition, phpWebSite allows each user to choose from several different pre-defined visual styles/themes/skins. These themes are implemented using CSS and template files. Additional themes can be created by the phpWebSite administrator for branding or customizing the look of their website. This requires familiarity with CSS and templates. There are a number of themes to choose from and these can be previewed online. A large proportion of the themes are free to download and use. Commercial themes exist for purchase and commercial theme design services are also available.
[edit] Third Party Tools
A large number of third party modules exist for phpWebSite. These tools extend the capabilities of phpWebSite and because it uses an object-oriented framework the modules work together to build a customized CMS. These modules include tools across all major component categories and are constantly being updated and extended by the developer community. For more information, an extensive listing of third party modules can be found on the official phpWebSite web site.
He rewrote these scripts as C programming language Common Gateway Interface (CGI) binaries, extending them to add the ability to work with web forms and to communicate with databases and called this implementation 'Personal Home Page/Forms Interpreter' or PHP/FI. PHP/FI could be used to build simple, dynamic web applications. Lerdorf released PHP/FI as 'Personal Home Page Tools (PHP Tools) version 1.0' publicly on June 8, 1995, to accelerate bug location and improve the code.[6] This release already had the basic functionality that PHP has today. This included Perl-like variables, form handling, and the ability to embed HTML. The syntax was similar to Perl but was more limited and simpler, although less consistent.[3] A development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997.
Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism PHP: Hypertext Preprocessor.[3] Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend Engine in 1999.[7] They also founded Zend Technologies in Ramat Gan, Israel.[3]
On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released.[3] As of August 2008 this branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates be released.[8][9]
On July 13, 2004, PHP 5 was released, powered by the new Zend Engine II.[3] PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects (PDO) extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements.[10] In 2008 PHP 5 became the only stable version under development. Late static binding had been missing from PHP and was added in version 5.3.[11][12]
A new major version has been under development alongside PHP 5 for several years. This version was originally planned to be released as PHP 6 as a result of its significant changes, which included plans for full Unicode support. However, Unicode support took developers much longer to implement than originally thought, and the decision was made in March 2010[13] to move the project to a branch, with features still under development moved to a trunk.
Changes in the new code include the removal of register_globals,[14] magic quotes, and safe mode.[8][15] The reason for the removals was that register_globals had given way to security holes, and the use of magic quotes had an unpredictable nature, and was best avoided. Instead, to escape characters, magic quotes may be replaced with the addslashes() function, or more appropriately an escape mechanism specific to the database vendor itself like mysql_real_escape_string() for MySQL. Functions that will be removed in future versions and have been deprecated in PHP 5.3 will produce a warning if used.[16]
Many high-profile open-source projects ceased to support PHP 4 in new code as of February 5, 2008, because of the GoPHP5 initiative,[17] provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.[18][19]
PHP currently does not have native support for Unicode or multibyte strings; Unicode support is under development for a future version of PHP and will allow strings as well as class, method, and function names to contain non-ASCII characters.[20][21]
PHP interpreters are available on both 32-bit and 64-bit operating systems, but on Microsoft Windows the only official distribution is a 32-bit implementation, requiring Windows 32-bit compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform. As of PHP 5.3.0, experimental 64-bit versions are available for MS Windows.[22]
[edit] Licensing
PHP is free software released under the PHP License, which insists that:
• The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission.[23]
This makes it incompatible with the GNU General Public License (GPL) because restrictions exist regarding the use of the term PHP.[24]
[edit] Release history
[edit] Usage
PHP is a general-purpose scripting language that is especially suited to server-side web development where PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content. It can also be used for command-line scripting and client-side GUI applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems. It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.[31]
PHP primarily acts as a filter,[32] taking input from a file or stream containing text and/or PHP instructions and outputs another stream of data; most commonly the output will be HTML. Since PHP 4, the PHP parser compiles input to produce bytecode for processing by the Zend Engine, giving improved performance over its interpreter predecessor.[33]
Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting,[34] and it is similar to other server-side scripting languages that provide dynamic content from a web server to a client, such as Microsoft's Active Server Pages, Sun Microsystems' JavaServer Pages,[35] and mod_perl. PHP has also attracted the development of many frameworks that provide building blocks and a design structure to promote rapid application development (RAD). Some of these include CakePHP, Symfony, CodeIgniter, and Zend Framework, offering features similar to other web application frameworks.
The LAMP architecture has become popular in the web industry as a way of deploying web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python or Perl or some combination of the three. WAMP packages (Windows/ Apache/ MySQL / PHP) are also available.
As of April 2007, over 20 million Internet domains had web services hosted on servers with PHP installed and mod_php was recorded as the most popular Apache HTTP Server module.[36] Significant websites are written in PHP including the user-facing portion of Facebook,[37] Wikipedia (MediaWiki),[38] Digg,[39] Joomla, eZ Publish, WordPress,[40] Drupal [41] and Moodle.[42]
[edit] Security
The National Vulnerability Database maintains a list of vulnerabilities found in computer software. The overall proportion of PHP-related vulnerabilities on the database amounted to: 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, 35% in 2008, and 30% in 2009.[43] Most of these PHP-related vulnerabilities can be exploited remotely: they allow crackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.
These vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language itself or of its core libraries are not frequent (23 in 2008, about 1% of the total). [44][45] Recognizing that programmers cannot be trusted, some languages include taint checking to detect automatically the lack of input validation which induces many issues. Such a feature is being developed for PHP,[46] but its inclusion in a release has been rejected several times in the past.[47][48]
Hosting PHP applications on a server requires a careful and constant attention to deal with these security risks.[49] There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.[50]
[edit] Syntax
Main article: PHP syntax and semantics
echo "Hello World";
/* echo("Hello World"); works as well, although echo isn't a
function, but a language construct. In some cases, such
as when multiple parameters are passed to echo, parameters
cannot be enclosed in parentheses. */
?>
PHP code embedded within HTML code
PHP only parses code within its delimiters. Anything outside its delimiters is sent directly to the output and is not processed by PHP (although non-PHP text is still subject to control structures described within PHP code). The most common delimiters are to close PHP sections. delimiters are also available, as are the shortened forms as well as ASP-style short forms <% or <%= and %>. While short delimiters are used, they make script files less portable as their purpose can be disabled in the PHP configuration, and so they are discouraged.[51] The purpose of all these delimiters is to separate PHP code from non-PHP code, including HTML.[52]
The first form of delimiters, , in XHTML and other XML documents, creates correctly formed XML 'processing instructions'.[53] This means that the resulting mixture of PHP code and other markup in the server-side file is itself well-formed XML.
Variables are prefixed with a dollar symbol and a type does not need to be specified in advance. Unlike function and class names, variable names are case sensitive. Both double-quoted ("") and heredoc strings allow the ability to embed a variable's value into the string.[54] PHP treats newlines as whitespace in the manner of a free-form language (except when inside string quotes), and statements are terminated by a semicolon.[55] PHP has three types of comment syntax: /* */ marks block and inline comments; // as well as # are used for one-line comments.[56] The echo statement is one of several facilities PHP provides to output text (e.g. to a web browser).
In terms of keywords and language syntax, PHP is similar to most high level languages that follow the C style syntax. If conditions, for and while loops, and function returns are similar in syntax to languages such as C, C++, Java and Perl.
[edit] Data types
PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Unsigned integers are converted to signed values in certain situations; this behavior is different from other programming languages.[57] Integer variables can be assigned using decimal (positive and negative), octal, and hexadecimal notations. Floating point numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation.[58] PHP has a native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C++.[58] The null data type represents a variable that has no value. The only value in the null data type is NULL.[58] Variables of the "resource" type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension; examples include file, image, and database resources.[58] Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled.[58] PHP also supports strings, which can be used with single quotes, double quotes, or heredoc syntax.[59]
The Standard PHP Library (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.[60]
[edit] Functions
PHP has hundreds of base functions and thousands more via extensions. These functions are well documented on the PHP site; however, the built-in library has a wide variety of naming conventions and inconsistencies. PHP currently has no functions for thread programming, although it does support multiprocess programming on POSIX systems.[61]
[edit] 5.2 and earlier
Functions are not first-class functions and can only be referenced by their name, directly or dynamically by a variable containing the name of the function.[62] User-defined functions can be created at any time without being prototyped.[62] Functions can be defined inside code blocks, permitting a run-time decision as to whether or not a function should be defined. Function calls must use parentheses, with the exception of zero argument class constructor functions called with the PHP new operator, where parentheses are optional. PHP supports quasi-anonymous functions through the create_function() function, although they are not true anonymous functions because anonymous functions are nameless, but functions can only be referenced by name, or indirectly through a variable $function_name();, in PHP.[62]
[edit] 5.3 and newer
PHP gained support for closures. True anonymous functions are supported using the following syntax:
function getAdder($x) {
return function ($y) use ($x) {
return $x + $y;
};
}
$adder = getAdder(8);
echo $adder(2); // prints "10"
Here, the getAdder() function creates a closure using the parameter $x (the keyword "use" imports a variable from the lexical context), which takes an additional argument $y and returns it to the caller. Such a function is a first class object, that means, it can be stored, passed as a parameter to other functions, etc. For more details see Lambda functions and closures RFC.
The goto flow control statement is used as follows:
function lock() {
$file = fopen('file.txt', 'r+');
retry:
if (!flock($file, LOCK_EX)) {
goto retry;
}
fwrite($file, 'Success!');
fclose($file);
return 0;
}
When lock() is called, PHP opens a file and tries to lock it. retry:, the target label, defines the point to which execution should return if flock() is unsuccessful and the goto retry; is called. goto is restricted and requires that the target label be in the same file and context.
[edit] Objects
Basic object-oriented programming functionality was added in PHP 3 and improved in PHP 4.[3] Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance.[63] In previous versions of PHP, objects were handled like value types.[63] The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and final classes as well as abstract methods and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with array syntax and objects implementing Iterator or IteratorAggregate can be used with the foreach language construct. There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.[64]
If the developer creates a copy of an object using the reserved word clone, the Zend engine will check if a __clone() method has been defined or not. If not, it will call a default __clone() which will copy the object's properties. If a __clone() method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports the properties of the source object, so that the programmer can start with a by-value replica of the source object and only override properties that need to be changed.[65]
Basic example of object-oriented programming as described above:
class Person {
public $first;
public $last;
public function __construct($f, $l) {
$this->first = $f;
$this->last = $l;
}
public function greeting() {
return "Hello, my name is {$this->first} {$this->last}.";
}
static public function staticGreeting($first, $last) {
return "Hello, my name is {$first} {$last}.";
}
}
$him = new Person('John', 'Smith');
$her = new Person('Sally', 'Davis');
echo $him->greeting(); // prints "Hello, my name is John Smith."
echo '
';
echo $her->greeting(); // prints "Hello, my name is Sally Davis."
echo '
';
echo Person::staticGreeting('Jane', 'Doe'); // prints "Hello, my name is Jane Doe."
[edit] Visibility of properties and methods
The visibility of PHP properties and methods refers to visibility in PHP. It is defined using the keywords "public," "private," and "protected." The default is public, if only var is used; "var" is a synonym for "public." Public declared items can be accessed everywhere. Protected limits access to inherited classes (and to the class that defines the item). Private limits visibility only to the class that defines the item.[66] Objects of the same type have access to each others private and protected members even though they are not the same instances. PHP's member visibility features have sometimes been described as "highly useful."[67] However, they have also sometimes been described as "at best irrelevant and at worst positively harmful."[68]
[edit] Speed optimization
PHP source code is compiled on-the-fly to an internal format that can be executed by the PHP engine.[69][70] In order to speed up execution time and not have to compile the PHP source code every time the webpage is accessed, PHP scripts can also be deployed in executable format using a PHP compiler.
Code optimizers aim to reduce the runtime of the compiled code by reducing its size and making other changes that can reduce the execution time with the goal of improving performance. The nature of the PHP compiler is such that there are often opportunities for code optimization,[71] and an example of a code optimizer is the eAccelerator PHP extension.[72]
Another approach for reducing overhead for high load PHP servers is using an opcode cache. Opcode caches work by caching the compiled form of a PHP script (opcodes) in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. An opcode cache, APC, will be built into an upcoming release of PHP.[73] Opcode caching is also available in Zend Server Community Edition.
[edit] Compilers
The PHP language was originally implemented using a PHP interpreter. Several compilers now exist, which decouple the PHP language from the interpreter:
• phc - a C++ based compiler for PHP, using the Zend run-time for maximum compatibility
• Roadsend - achieves native compilation by compiling to bigloo scheme, which in turn is compiled to C, then to machine code
• Raven - a rewrite of Roadsend PHP (rphp), based on LLVM and a new C++ runtime
• Phalanger - compiles source code written in the PHP scripting language into CIL byte-code
• Caucho Resin/Quercus - compiles PHP to Java bytecode
• HipHop - developed at Facebook and now available as open source, transforms the PHP Script into C++, then compiles it.
• php-to-scala - converts PHP to human-readable Scala source code, which the developer can compile to Java bytecode
Advantages of compilation include not only better execution speed, but also obfuscation, static analysis, and improved interoperability with code written in other languages.[74]
[edit] Resources
PHP includes free and open source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing FTP servers, many database servers, embedded SQL libraries such as embedded PostgreSQL, MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as those in the stdio family are available in the standard PHP build.[75]
PHP allows developers to write extensions in C to add functionality to the PHP language. These can then be compiled into PHP or loaded dynamically at runtime. Extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Some more unusual features include integration with Internet Relay Chat, dynamic generation of images and Adobe Flash content, and even speech synthesis. The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.[76]
[edit] Background of phpWebSite
PhpWebSite began with the release of version 0.7.0 on January 29, 2001 as a fork of Phpnuke.
PhpWebSite 0.8.x implemented broad changes to Phpnuke, including the ability to install modules.
A complete rewrite of the phpWebSite began in March 2002. The goals were to remove all Phpnuke code, increase modularity, and allow multiple installs to run off a single hub of code. The developers released the rewrite as phpWebsite 0.9.0 stable on February 2, 2003.
0.10.0 was released on November 24, 2005. It contained the same core as 0.9.x, but new default modules, themes, features and bug fixes. The final release in this series was 0.10.2, which was not compatible with php5. An unreleased version .11 fixed compatibility issues, but development on this series has ceased.
PhpWebSite 1.x (codename:Fallout) began development in 2003 with the core and core modules rewritten again for new functionality and ease-of-use issues. The first edition 1.0.0 has been available since November 2006. The current version is 1.6.3, released in June 2009.
[edit] Features of phpWebSite
PhpWebSite is programmed using the PHP scripting language and utilizes PHP Extension and Application Repository (or PEAR) libraries. Versions 0.7.x to 0.10.x require a MySQL database. PhpWebSite 1.x.x supports PostgreSQL as well. It was written to run under the Apache HTTP Server.
PhpWebSite is a content management system (CMS) which is often used by community groups and education users. Although offered to the public, its focus is serving Appalachian State University. Electronic Student Services (ESS), a department at Appalachian State, developed phpWebSite to make it easier for staff to build and update their web sites. ESS also wished to standardize the Student Development web presence and make sure it complied with the Web Accessibility Initiative (WAI).
PhpWebSite is a customizable, modular package; each component can be installed, updated, or modified by the phpWebSite administrator. PhpWebSite extends the customization to the user with selectable themes and HTML templates.
Although PhpWebSite modules cover functions like blogging, photo galleries, and bulletin boards, they often are not as feature-rich as dedicated web programs such as Word Press, Gallery Project, or phpBB. ESS focuses on the core library files in order to ease internal module development. Since many modules focus on university users, the content modules suffer in complexity.
For more information, see the Features page at http://phpwebsite.appstate.edu/.
[edit] Major Components
phpWebSite provides components in these general categories:
[edit] Content Creation and Management Tools
These features enable administrators and users to create, display, and maintain online-accessible content including text, documents, files, images, links, and more.
[edit] Content Organization Tools and Navigation Aids
These features enable administrators and users to organize, structure, and present content in a manageable way.
[edit] Communication Tools
These features enable administrators and users to communicate with each other (and the outside world) by means of numerous media, including internal messaging, email, data interchange, and more.
[edit] Configuration Tools and Administration Tools
These features enable administrators (and users who have been given the appropriate permissions) to configure and administer all aspects of a phpWebSite site.
phpWebsite utilizes a control panel approach to manage content and administer the system. Permissions are granular meaning general content contributors have no access to the administrative functions.
There is some work to be done prior to installing, but phpWebsite does checks for you to determine if your version of PHP meets the minimum requirements and whether certain features are enabled/disabled. Once you get past that initial screen, installing is nearly automatic. phpWebsite requires a backend database, most commonly used is MySQL.
[edit] Development Tools
These features enable administrators (and users who have been given the appropriate permissions) to develop modules for phpWebSite.
In addition, phpWebSite allows each user to choose from several different pre-defined visual styles/themes/skins. These themes are implemented using CSS and template files. Additional themes can be created by the phpWebSite administrator for branding or customizing the look of their website. This requires familiarity with CSS and templates. There are a number of themes to choose from and these can be previewed online. A large proportion of the themes are free to download and use. Commercial themes exist for purchase and commercial theme design services are also available.
[edit] Third Party Tools
A large number of third party modules exist for phpWebSite. These tools extend the capabilities of phpWebSite and because it uses an object-oriented framework the modules work together to build a customized CMS. These modules include tools across all major component categories and are constantly being updated and extended by the developer community. For more information, an extensive listing of third party modules can be found on the official phpWebSite web site.
WHAT IS ASP AND ASP.NET
History
After the release of Internet Information Services 4.0 in 1997, Microsoft began researching possibilities for a new web application model that would solve common complaints about ASP, especially with regard to separation of presentation and content and being able to write "clean" code.[1] Mark Anders, a manager on the IIS team, and Scott Guthrie, who had joined Microsoft in 1997 after graduating from Duke University, were tasked with determining what that model would look like. The initial design was developed over the course of two months by Anders and Guthrie, and Guthrie coded the initial prototypes during the Christmas holidays in 1997.[2]
Scott Guthrie (Microsoft Developer Division VP) in 2007
The initial prototype was called "XSP"; Guthrie explained in a 2007 interview that, "People would always ask what the X stood for. At the time it really didn't stand for anything. XML started with that; XSLT started with that. Everything cool seemed to start with an X, so that's what we originally named it."[1] The initial prototype of XSP was done using Java,[3] but it was soon decided to build the new platform on top of the Common Language Runtime (CLR), as it offered an object-oriented programming environment, garbage collection and other features that were seen as desirable features that Microsoft's Component Object Model platform didn't support. Guthrie described this decision as a "huge risk", as the success of their new web development platform would be tied to the success of the CLR, which, like XSP, was still in the early stages of development, so much so that the XSP team was the first team at Microsoft to target the CLR.
With the move to the Common Language Runtime, XSP was re-implemented in C# (known internally as "Project Cool" but kept secret from the public), and the name changed to ASP+, as by this point the new platform was seen as being the successor to Active Server Pages, and the intention was to provide an easy migration path for ASP developers.[4]
Mark Anders first demonstrated ASP+ at the ASP Connections conference in Phoenix, Arizona on May 2, 2000. Demonstrations to the wide public and initial beta release of ASP+ (and the rest of the .NET Framework) came at the 2000 Professional Developers Conference on July 11, 2000 in Orlando, Florida. During Bill Gates' keynote presentation, Fujitsu demonstrated ASP+ being used in conjunction with COBOL,[5] and support for a variety of other languages was announced, including Microsoft's new Visual Basic .NET and C# languages, as well as Python and Perl support by way of interoperability tools created by ActiveState.[6]
Once the ".NET" branding was decided on in the second half of 2000, it was decided to rename ASP+ to ASP.NET. Mark Anders explained on an appearance on The MSDN Show that year that, "The .NET initiative is really about a number of factors, it's about delivering software as a service, it's about XML and web services and really enhancing the Internet in terms of what it can do ... we really wanted to bring its name more in line with the rest of the platform pieces that make up the .NET framework."[4]
After four years of development, and a series of beta releases in 2000 and 2001, ASP.NET 1.0 was released on January 5, 2002 as part of version 1.0 of the .NET Framework. Even prior to the release, dozens of books had been written about ASP.NET,[7] and Microsoft promoted it heavily as part of their platform for web services. Guthrie became the product unit manager for ASP.NET, and development continued apace, with version 1.1 being released on April 24, 2003 as a part of Windows Server 2003. This release focused on improving ASP.NET's support for mobile devices.
[edit] Characteristics
[edit] Pages
.NET pages, known officially as "web forms", are the main building block for application development.[8] Web forms are contained in files with an ".aspx" extension; these files typically contain static (X)HTML markup, as well as markup defining server-side Web Controls and User Controls where the developers place all the required static and dynamic content for the web page. Additionally, dynamic code which runs on the server can be placed in a page within a block <% -- dynamic code -- %> which is similar to other web development technologies such as PHP, JSP, and ASP, but this practice is generally discouraged except for the purposes of data binding since it requires more calls when rendering the page.[citation needed]
Note that this sample uses code "inline", as opposed to code-behind.
<%@ Page Language="C#" %>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Sample page
[edit] Code-behind model
Microsoft recommends dealing with dynamic program code by using the code-behind model, which places this code in a separate file or in a specially designated script tag. Code-behind files typically have names like MyPage.aspx.cs or MyPage.aspx.vb while the page file is MyPage.aspx (same filename as the page file (ASPX), but with the final extension denoting the page language). This practice is automatic in Microsoft Visual Studio and other IDEs. When using this style of programming, the developer writes code to respond to different events, like the page being loaded, or a control being clicked, rather than a procedural walk through the document.
ASP.NET's code-behind model marks a departure from Classic ASP in that it encourages developers to build applications with separation of presentation and content in mind. In theory, this would allow a web designer, for example, to focus on the design markup with less potential for disturbing the programming code that drives it. This is similar to the separation of the controller from the view in model-view-controller frameworks.
[edit] Example
<%@ Page Language="C#" CodeFile="SampleCodeBehind.aspx.cs" Inherits="Website.SampleCodeBehind"
AutoEventWireup="true" %>
The above tag is placed at the beginning of the ASPX file. The CodeFile property of the @ Page directive specifies the file (.cs or .vb) acting as the code-behind while the Inherits property specifies the Class the Page derives from. In this example, the @ Page directive is included in SampleCodeBehind.aspx, then SampleCodeBehind.aspx.cs acts as the code-behind for this page:
using System;
namespace Website
{
public partial class SampleCodeBehind : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write("Hello, world");
}
}
}
In this case, the Page_Load() method is called every time the ASPX page is requested. The programmer can implement event handlers at several stages of the page execution process to perform processing.
[edit] User controls
User controls are encapsulations of sections of pages which are registered and used as controls in ASP.NET. User controls are created as ASCX markup files. These files usually contain static (X)HTML markup, as well as markup defining server-side web controls where the developers place all the required static and dynamic content. A user control is compiled when its containing page is requested and is stored in memory for subsequent requests. User controls have their own events which are handled during the life of ASP.NET requests. An event bubbling mechanism provides the ability to pass an event fired by a user control up to its containing page. Unlike an ASP.NET page, a user control cannot be requested independently; one of its containing pages is requested instead.
[edit] Custom controls
Programmers can also build custom controls for ASP.NET applications. Unlike user controls, these controls don't have an ASCX markup file, having all their code compiled into a DLL file. Such custom controls can be used across multiple web applications and Visual Studio projects (which is not allowed with user controls). By using a Register directive, the control is loaded from the DLL.
[edit] Rendering technique
ASP.NET uses a visited composites rendering technique. During compilation, the template (.aspx) file is compiled into initialization code which builds a control tree (the composite) representing the original template. Literal text goes into instances of the Literal control class, and server controls are represented by instances of a specific control class. The initialization code is combined with user-written code (usually by the assembly of multiple partial classes) and results in a class specific for the page. The page doubles as the root of the control tree.
Actual requests for the page are processed through a number of steps. First, during the initialization steps, an instance of the page class is created and the initialization code is executed. This produces the initial control tree which is now typically manipulated by the methods of the page in the following steps. As each node in the tree is a control represented as an instance of a class, the code may change the tree structure as well as manipulate the properties/methods of the individual nodes. Finally, during the rendering step a visitor is used to visit every node in the tree, asking each node to render itself using the methods of the visitor. The resulting HTML output is sent to the client.
After the request has been processed, the instance of the page class is discarded and with it the entire control tree. This is a source of confusion among novice ASP.NET programmers who rely on class instance members that are lost with every page request/response cycle.
[edit] State management
ASP.NET applications are hosted by a web server and are accessed using the stateless HTTP protocol. As such, if an application uses stateful interaction, it has to implement state management on its own. ASP.NET provides various functions for state management. Conceptually, Microsoft treats "state" as GUI state. Problems may arise if an application needs to keep track of "data state"; for example, a finite state machine which may be in a transient state between requests (lazy evaluation) or which takes a long time to initialize.
[edit] Application state
Application state is held by a collection of shared user-defined variables. These are set and initialized when the Application_OnStart event fires on the loading of the first instance of the application and are available until the last instance exits. Application state variables are accessed using the Applications collection, which provides a wrapper for the application state variables. Application state variables are identified by name.[9]
[edit] Session state
Server-side session state is held by a collection of user-defined session variables that are persisted during a user session. These variables, accessed using the Session collection, are unique to each session instance. The variables can be set to be automatically destroyed after a defined time of inactivity even if the session does not end. Client-side user session is maintained by either a cookie or by encoding the session ID in the URL itself.[9]
ASP.NET supports three modes of persistence for session variables:[9]
In-Process Mode
The session variables are maintained within the ASP.NET process. This is the fastest way; however, in this mode the variables are destroyed when the ASP.NET process is recycled or shut down.
ASPState Mode
ASP.NET runs a separate Windows service that maintains the state variables. Because state management happens outside the ASP.NET process, and because the ASP.NET engine accesses data using .NET Remoting, ASPState is slower than In-Process. This mode allows an ASP.NET application to be load-balanced and scaled across multiple servers. Because the state management service runs independently of ASP.NET, the session variables can persist across ASP.NET process shutdowns. However, since session state server runs as a single instance, it is still a single point of failure for session state. The session-state service cannot be load-balanced, and there are restrictions on types that can be stored in a session variable.
SqlServer Mode
State variables are stored in a database, allowing session variables to be persisted across ASP.NET process shutdowns. The main advantage of this mode is that it allows the application to balance load on a server cluster, sharing sessions between servers. This is the slowest method of session state management in ASP.NET.
[edit] View state
View state refers to the page-level state management mechanism, utilized by the HTML pages emitted by ASP.NET applications to maintain the state of the web form controls and widgets. The state of the controls is encoded and sent to the server at every form submission in a hidden field known as __VIEWSTATE. The server sends back the variable so that when the page is re-rendered, the controls render at their last state. At the server side, the application may change the viewstate, if the processing requires a change of state of any control. The states of individual controls are decoded at the server, and are available for use in ASP.NET pages using the ViewState collection.[10] [11]
The main use for this is to preserve form information across postbacks. View state is turned on by default and normally serializes the data in every control on the page regardless of whether it is actually used during a postback. This behavior can (and should) be modified, however, as View state can be disabled on a per-control, per-page, or server-wide basis.
Developers need to be wary of storing sensitive or private information in the View state of a page or control, as the base64 string containing the view state data can easily be de-serialized. By default, View state does not encrypt the __VIEWSTATE value. Encryption can be enabled on a server-wide (and server-specific) basis, allowing for a certain level of security to be maintained.[12]
[edit] Server-side caching
ASP.NET offers a "Cache" object that is shared across the application and can also be used to store various objects. The "Cache" object holds the data only for a specified amount of time and is automatically cleaned after the session time-limit elapses.
[edit] Other
Other means of state management that are supported by ASP.NET are cookies, caching, and using the query string.
[edit] Template engine
When first released, ASP.NET lacked a template engine. Because the .NET framework is object-oriented and allows for inheritance, many developers would define a new base class that inherits from "System.Web.UI.Page", write methods there that render HTML, and then make the pages in their application inherit from this new class. While this allows for common elements to be reused across a site, it adds complexity and mixes source code with markup. Furthermore, this method can only be visually tested by running the application - not while designing it. Other developers have used include files and other tricks to avoid having to implement the same navigation and other elements in every page.
ASP.NET 2.0 introduced the concept of "master pages", which allow for template-based page development. A web application can have one or more master pages, which, beginning with ASP.NET 3.5, can be nested.[13] Master templates have place-holder controls, called ContentPlaceHolders to denote where the dynamic content goes, as well as HTML and JavaScript shared across child pages.
Child pages use those ContentPlaceHolder controls, which must be mapped to the place-holder of the master page that the content page is populating. The rest of the page is defined by the shared parts of the master page, much like a mail merge in a word processor. All markup and server controls in the content page must be placed within the ContentPlaceHolder control.
When a request is made for a content page, ASP.NET merges the output of the content page with the output of the master page, and sends the output to the user.
After the release of Internet Information Services 4.0 in 1997, Microsoft began researching possibilities for a new web application model that would solve common complaints about ASP, especially with regard to separation of presentation and content and being able to write "clean" code.[1] Mark Anders, a manager on the IIS team, and Scott Guthrie, who had joined Microsoft in 1997 after graduating from Duke University, were tasked with determining what that model would look like. The initial design was developed over the course of two months by Anders and Guthrie, and Guthrie coded the initial prototypes during the Christmas holidays in 1997.[2]
Scott Guthrie (Microsoft Developer Division VP) in 2007
The initial prototype was called "XSP"; Guthrie explained in a 2007 interview that, "People would always ask what the X stood for. At the time it really didn't stand for anything. XML started with that; XSLT started with that. Everything cool seemed to start with an X, so that's what we originally named it."[1] The initial prototype of XSP was done using Java,[3] but it was soon decided to build the new platform on top of the Common Language Runtime (CLR), as it offered an object-oriented programming environment, garbage collection and other features that were seen as desirable features that Microsoft's Component Object Model platform didn't support. Guthrie described this decision as a "huge risk", as the success of their new web development platform would be tied to the success of the CLR, which, like XSP, was still in the early stages of development, so much so that the XSP team was the first team at Microsoft to target the CLR.
With the move to the Common Language Runtime, XSP was re-implemented in C# (known internally as "Project Cool" but kept secret from the public), and the name changed to ASP+, as by this point the new platform was seen as being the successor to Active Server Pages, and the intention was to provide an easy migration path for ASP developers.[4]
Mark Anders first demonstrated ASP+ at the ASP Connections conference in Phoenix, Arizona on May 2, 2000. Demonstrations to the wide public and initial beta release of ASP+ (and the rest of the .NET Framework) came at the 2000 Professional Developers Conference on July 11, 2000 in Orlando, Florida. During Bill Gates' keynote presentation, Fujitsu demonstrated ASP+ being used in conjunction with COBOL,[5] and support for a variety of other languages was announced, including Microsoft's new Visual Basic .NET and C# languages, as well as Python and Perl support by way of interoperability tools created by ActiveState.[6]
Once the ".NET" branding was decided on in the second half of 2000, it was decided to rename ASP+ to ASP.NET. Mark Anders explained on an appearance on The MSDN Show that year that, "The .NET initiative is really about a number of factors, it's about delivering software as a service, it's about XML and web services and really enhancing the Internet in terms of what it can do ... we really wanted to bring its name more in line with the rest of the platform pieces that make up the .NET framework."[4]
After four years of development, and a series of beta releases in 2000 and 2001, ASP.NET 1.0 was released on January 5, 2002 as part of version 1.0 of the .NET Framework. Even prior to the release, dozens of books had been written about ASP.NET,[7] and Microsoft promoted it heavily as part of their platform for web services. Guthrie became the product unit manager for ASP.NET, and development continued apace, with version 1.1 being released on April 24, 2003 as a part of Windows Server 2003. This release focused on improving ASP.NET's support for mobile devices.
[edit] Characteristics
[edit] Pages
.NET pages, known officially as "web forms", are the main building block for application development.[8] Web forms are contained in files with an ".aspx" extension; these files typically contain static (X)HTML markup, as well as markup defining server-side Web Controls and User Controls where the developers place all the required static and dynamic content for the web page. Additionally, dynamic code which runs on the server can be placed in a page within a block <% -- dynamic code -- %> which is similar to other web development technologies such as PHP, JSP, and ASP, but this practice is generally discouraged except for the purposes of data binding since it requires more calls when rendering the page.[citation needed]
Note that this sample uses code "inline", as opposed to code-behind.
<%@ Page Language="C#" %>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
[edit] Code-behind model
Microsoft recommends dealing with dynamic program code by using the code-behind model, which places this code in a separate file or in a specially designated script tag. Code-behind files typically have names like MyPage.aspx.cs or MyPage.aspx.vb while the page file is MyPage.aspx (same filename as the page file (ASPX), but with the final extension denoting the page language). This practice is automatic in Microsoft Visual Studio and other IDEs. When using this style of programming, the developer writes code to respond to different events, like the page being loaded, or a control being clicked, rather than a procedural walk through the document.
ASP.NET's code-behind model marks a departure from Classic ASP in that it encourages developers to build applications with separation of presentation and content in mind. In theory, this would allow a web designer, for example, to focus on the design markup with less potential for disturbing the programming code that drives it. This is similar to the separation of the controller from the view in model-view-controller frameworks.
[edit] Example
<%@ Page Language="C#" CodeFile="SampleCodeBehind.aspx.cs" Inherits="Website.SampleCodeBehind"
AutoEventWireup="true" %>
The above tag is placed at the beginning of the ASPX file. The CodeFile property of the @ Page directive specifies the file (.cs or .vb) acting as the code-behind while the Inherits property specifies the Class the Page derives from. In this example, the @ Page directive is included in SampleCodeBehind.aspx, then SampleCodeBehind.aspx.cs acts as the code-behind for this page:
using System;
namespace Website
{
public partial class SampleCodeBehind : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write("Hello, world");
}
}
}
In this case, the Page_Load() method is called every time the ASPX page is requested. The programmer can implement event handlers at several stages of the page execution process to perform processing.
[edit] User controls
User controls are encapsulations of sections of pages which are registered and used as controls in ASP.NET. User controls are created as ASCX markup files. These files usually contain static (X)HTML markup, as well as markup defining server-side web controls where the developers place all the required static and dynamic content. A user control is compiled when its containing page is requested and is stored in memory for subsequent requests. User controls have their own events which are handled during the life of ASP.NET requests. An event bubbling mechanism provides the ability to pass an event fired by a user control up to its containing page. Unlike an ASP.NET page, a user control cannot be requested independently; one of its containing pages is requested instead.
[edit] Custom controls
Programmers can also build custom controls for ASP.NET applications. Unlike user controls, these controls don't have an ASCX markup file, having all their code compiled into a DLL file. Such custom controls can be used across multiple web applications and Visual Studio projects (which is not allowed with user controls). By using a Register directive, the control is loaded from the DLL.
[edit] Rendering technique
ASP.NET uses a visited composites rendering technique. During compilation, the template (.aspx) file is compiled into initialization code which builds a control tree (the composite) representing the original template. Literal text goes into instances of the Literal control class, and server controls are represented by instances of a specific control class. The initialization code is combined with user-written code (usually by the assembly of multiple partial classes) and results in a class specific for the page. The page doubles as the root of the control tree.
Actual requests for the page are processed through a number of steps. First, during the initialization steps, an instance of the page class is created and the initialization code is executed. This produces the initial control tree which is now typically manipulated by the methods of the page in the following steps. As each node in the tree is a control represented as an instance of a class, the code may change the tree structure as well as manipulate the properties/methods of the individual nodes. Finally, during the rendering step a visitor is used to visit every node in the tree, asking each node to render itself using the methods of the visitor. The resulting HTML output is sent to the client.
After the request has been processed, the instance of the page class is discarded and with it the entire control tree. This is a source of confusion among novice ASP.NET programmers who rely on class instance members that are lost with every page request/response cycle.
[edit] State management
ASP.NET applications are hosted by a web server and are accessed using the stateless HTTP protocol. As such, if an application uses stateful interaction, it has to implement state management on its own. ASP.NET provides various functions for state management. Conceptually, Microsoft treats "state" as GUI state. Problems may arise if an application needs to keep track of "data state"; for example, a finite state machine which may be in a transient state between requests (lazy evaluation) or which takes a long time to initialize.
[edit] Application state
Application state is held by a collection of shared user-defined variables. These are set and initialized when the Application_OnStart event fires on the loading of the first instance of the application and are available until the last instance exits. Application state variables are accessed using the Applications collection, which provides a wrapper for the application state variables. Application state variables are identified by name.[9]
[edit] Session state
Server-side session state is held by a collection of user-defined session variables that are persisted during a user session. These variables, accessed using the Session collection, are unique to each session instance. The variables can be set to be automatically destroyed after a defined time of inactivity even if the session does not end. Client-side user session is maintained by either a cookie or by encoding the session ID in the URL itself.[9]
ASP.NET supports three modes of persistence for session variables:[9]
In-Process Mode
The session variables are maintained within the ASP.NET process. This is the fastest way; however, in this mode the variables are destroyed when the ASP.NET process is recycled or shut down.
ASPState Mode
ASP.NET runs a separate Windows service that maintains the state variables. Because state management happens outside the ASP.NET process, and because the ASP.NET engine accesses data using .NET Remoting, ASPState is slower than In-Process. This mode allows an ASP.NET application to be load-balanced and scaled across multiple servers. Because the state management service runs independently of ASP.NET, the session variables can persist across ASP.NET process shutdowns. However, since session state server runs as a single instance, it is still a single point of failure for session state. The session-state service cannot be load-balanced, and there are restrictions on types that can be stored in a session variable.
SqlServer Mode
State variables are stored in a database, allowing session variables to be persisted across ASP.NET process shutdowns. The main advantage of this mode is that it allows the application to balance load on a server cluster, sharing sessions between servers. This is the slowest method of session state management in ASP.NET.
[edit] View state
View state refers to the page-level state management mechanism, utilized by the HTML pages emitted by ASP.NET applications to maintain the state of the web form controls and widgets. The state of the controls is encoded and sent to the server at every form submission in a hidden field known as __VIEWSTATE. The server sends back the variable so that when the page is re-rendered, the controls render at their last state. At the server side, the application may change the viewstate, if the processing requires a change of state of any control. The states of individual controls are decoded at the server, and are available for use in ASP.NET pages using the ViewState collection.[10] [11]
The main use for this is to preserve form information across postbacks. View state is turned on by default and normally serializes the data in every control on the page regardless of whether it is actually used during a postback. This behavior can (and should) be modified, however, as View state can be disabled on a per-control, per-page, or server-wide basis.
Developers need to be wary of storing sensitive or private information in the View state of a page or control, as the base64 string containing the view state data can easily be de-serialized. By default, View state does not encrypt the __VIEWSTATE value. Encryption can be enabled on a server-wide (and server-specific) basis, allowing for a certain level of security to be maintained.[12]
[edit] Server-side caching
ASP.NET offers a "Cache" object that is shared across the application and can also be used to store various objects. The "Cache" object holds the data only for a specified amount of time and is automatically cleaned after the session time-limit elapses.
[edit] Other
Other means of state management that are supported by ASP.NET are cookies, caching, and using the query string.
[edit] Template engine
When first released, ASP.NET lacked a template engine. Because the .NET framework is object-oriented and allows for inheritance, many developers would define a new base class that inherits from "System.Web.UI.Page", write methods there that render HTML, and then make the pages in their application inherit from this new class. While this allows for common elements to be reused across a site, it adds complexity and mixes source code with markup. Furthermore, this method can only be visually tested by running the application - not while designing it. Other developers have used include files and other tricks to avoid having to implement the same navigation and other elements in every page.
ASP.NET 2.0 introduced the concept of "master pages", which allow for template-based page development. A web application can have one or more master pages, which, beginning with ASP.NET 3.5, can be nested.[13] Master templates have place-holder controls, called ContentPlaceHolders to denote where the dynamic content goes, as well as HTML and JavaScript shared across child pages.
Child pages use those ContentPlaceHolder controls, which must be mapped to the place-holder of the master page that the content page is populating. The rest of the page is defined by the shared parts of the master page, much like a mail merge in a word processor. All markup and server controls in the content page must be placed within the ContentPlaceHolder control.
When a request is made for a content page, ASP.NET merges the output of the content page with the output of the master page, and sends the output to the user.
Subscribe to:
Posts (Atom)