【正文】 nder development alongside PHP 5. Major changes include the removal of register_globals, magic quotes, and safe mode. The reason for the removals was because register_globals had given way to security holes, and magic quotes had an unpredictable nature, and was best avoided. Instead, to escape characters, magic quotes may be substituted with the addslashes() function, or more appropriately an escape mechanism specific to the database vendor itself like MySQL_real_escape_string() for MySQL.PHP does not have plete native support for Unicode or multibyte strings。 Unicode support will be included in PHP 6. Many high profile open source projects ceased to support PHP 4 in new code as of February 5, 2008, due to the GoPHP5 initiative, provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP runs in both 32bit and 64bit environments, but on Windows the only official distribution is 32bit, requiring Windows 32bit patibility mode to be enabled while using IIS in a 64bit Windows environment. There is a thirdparty distribution available for 64bit Windows.PHP is a generalpurpose scripting language that is especially suited for web development. PHP generally runs on a web server, taking PHP code as its input and creating web pages as output. It can also be used for mandline scripting and clientside GUI applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems. It is available free of charge, and the PHP Group provides the plete source code for users to build, customize and extend for their own use.PHP primarily acts as a filter, taking input from a file or stream containing text and/or PHP instructions and outputs another stream of data。 most monly the output will be HTML. It can automatically detect the language of the user. From PHP 4, the PHP parser piles input to produce bytecode for processing by the Zend Engine, giving improved performance over its interpreter predecessor.Originally designed to create dynamic web pages, PHP39。s principal focus is serverside scripting, and it is similar to other serverside scripting languages that provide dynamic content from a web server to a client, such as Microsoft39。s Active Server Pages, Sun Microsystems39。 JavaServer Pages, and mod_perl. PHP has also attracted the development of many frameworks that provide building blocks and a design structure to promote rapid application development (RAD). Some of these include CakePHP, Symfony, CodeIgniter, and Zend Framework, offering features similar to other web application frameworks.The LAMP architecture has bee popular in the web industry as a way of deploying web applications. PHP is monly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python or Perl.As of April 2007, over 20 million Internet domains were hosted on servers with PHP installed, and PHP was recorded as the most popular Apache module. Significant websites are written in PHP including the userfacing portion of Facebook, Wikipedia (PHP can be used to create standalone, piled applications and libraries, it can be used for shell scripting, and the PHP binaries can be called from the mand line.As with many scripting languages, PHP scripts are normally kept as humanreadable source code, even on production web servers. In this case, PHP scripts will be piled at runtime by the PHP engine, which increases their execution time. PHP scripts are able to be piled before runtime using PHP pilers as with other programming languages such as C (the language PHP and its extensions are written in).Code optimizers aim to reduce the putational plexity of the piled code by reducing its size and making other changes that can reduce the execution time with the overall goal of improving performance. The nature of the PHP piler is such that there are often opportunities for code optimization, and an example of a code optimizer is the Zend Optimizer PHP extension.Another approach for reducing overhead for high load PHP servers is using PHP accelerators. These can offer significant performance gains by caching the piled form of a PHP script in shared memory to avoid the overhead of parsing and piling the code every time the script runs. The National Vulnerability Database stores all vulnerabilities found in puter software. The overall proportion of PHPrelated vulnerabilities on the database amounted to: 12% in 2003, 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, and 35% in 2008. Most of these PHPrelated vulnerabilities can be exploited remotely: they allow hackers to steal or destroy data from data sources linked tothe webserver (such as an SQL database), send spam or contribute to DOS attacks using malware, which itself can be installed on the vulnerable servers.These vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language itself or of its core libraries are not frequent. Recognizing that programmers cannot be trusted, some languages include taint checking to detect automatically the lack of input validation which induces many issues. Such a feature is being developed for PHP. Although it may be included in mainstream PHP in a future release, its inclusion has been rejected several times in the past.Hosting PHP applications on a server requires a careful and constant attention to deal with these security risks. There are advanced protection patches such as Suhosin and HardeningPatch, especially designed for web hosting environments. Installing PHP as a CGI binary rather than as an Apache module is the preferred method for added security.With respect to securing the code itself, PHP code can be obfuscated to make it difficult to read while remaining functional.Syntaxhighlighted PHP code embedded within HTMLPHP only parses code within its delimiters. Anything outside its delimiters is