Following up on my previous post about the differences between the mbstring and iconv international characters libraries (which resulted in a tentative conclusion that nobody knew anything about those differences), and particularly the comments by Nicola, we have combined forces (mostly efforts from Nicola, actually) to provide you with a little benchmarking, if that can help you decide.

His code for the test script is included (for you to gather your own results) and a full listing of his results comparing the effects of possible caching, running up to ten executions. You can download the text file that he ran the script on here.

In PHP 5 you can make your life a lot easier by writing an autoload function. This function will automatically load your classes, so you do not need to repeatedly include classes on every page.

Included are examples of it in action - both a simple definition and as it might be used in an application to conditionally load a class from multiple locations.

According to object-oriented programming expert Martin Fowler, closures are defined as a block of code that can be passed to a function. [...] PHP's upcoming syntax for closures is shaping up to be comparable to the C# 2.0 implementation.

He includes two code examples to compare the two language's methods - one for C# and the other for PHP - that divides the input by a denominator and returns a true or false depending on the result. For more information on closures, see this proposal on the PHP.net wiki.

Although PHP 5.3 is still in alpha stage and certain features like the PHAR extension or the whole namespace support are still topics of endless discussions it already contains smaller changes that could improve the security of PHP applications a lot. [...] With request_order it is now possible to control in what order $_REQUEST is created and what variable sources are taken into account. This finally allows removing cookie data from $_REQUEST without removing them from $_COOKIE also.

He explains why the use of $_REQUEST can lead to such problems (and security holes) and notes that its use makes overriding an application's GET or POST values as simple as adding a cookie. There's even a method for creating a Denial of Service attack against a site using $_REQUEST like this. He points to an example similar to this that happened with phpMyAdmin a while back.

His recommendation?

Once PHP 5.3 is out it is recommended for hosters to set request_order to "GP" on all the servers running arbitrary PHP applications to protect applications [and] application developers on the other hand should finally move away from using $_REQUEST for user input.

I thought I'd share a PHP library implementing this idea by Evans and Fowler. Written for PHP5, it's a library for defining custom specifications using composition and inheritance.

He gives the example of "Person" objects with name and age properties. A search might involve looking directly at the properties to location one that's, say, younger than 35 and has a last name of Johnson. His specification class replaces this and makes it more reusable by applying things like GreaterOrEqualSpecifications and EqualSpecifications to standardize the evaluation. Then its just a quick call to the isSatisfiedBy method to check for correctness.

As I switched my main system recently from Linux to OpenSolaris I compiled PHP. Quiet obvious things are a little bit different on Solaris. The usual ./buildconf && ./configure && make install doesn't work anymore. The good news: It's not much harder.

A few extra packages are required (like SUNWgmake, SUNWgcc and SUNWbison) and the Re2c library, but after that, it's just like a normal install. All commands needed to make the build are included in the post.

Today I discovered a very powerful addition to the PHP world. Phar is an archive extension for PHP that allows an entire PHP application to be packaged into a single file. It's basically PHP's answer to Java's .jar archive format. Don't get excited yet, it gets better...

He mentions the reasons that make it "particularly handy" such as it being integrated into the next major PHP release (5.3) and that it makes deployment quick and easy. He includes a brief code snippet to show how a sample Phar archive could be created (via streams).

I have been critical of ZF in the past because the performance has pretty much been going down every release and I am not the only one seeing this, there have been a number of benchmarks that show this trend. Having contributed to ZF in the past I brought this issue up multiple times both on the mailing list and even during the meetings the past zendcons and it the general response was they where focusing on features not performance.

He points out a few things that were brought up at this year's Zend/PHP Conference & Expo including the performance focus of future releases, a push to 2.0 after PHP 5.3's release and some of the changes that can cause breaks in backwards compatibility.

Be sure to also check out Matthew Weier O'Phinney's response to the post and some of the comments Richard made.

• PHP 4 or 5? - if you haven't made the switch to PHP5, there's no better time
• Linux/Apache - Windows is largely an ASP.NET platform
• Access to outside the document root - it can be very useful for templates, config files and the like
• Scripting requirements - be sure anything you might need for an outside application (like WordPress) is there
• General advice

There's a bit more detail on each of the points to round out the advice.

The timeline stretches all the way from the current PHP 5 release (bye bye PHP 4) back to some of the initial releases Rasmus made as the "PHP Tools version 1.0" back in 1995. Each entry is timestamped with when it was released and some of the more recent ones have "tails" showing how long their life lasted.

Lucas also links to the museum on the PHP.net website where all of these versions can be downloaded.