Not sure how many people have seen http://www.php.net/~derick/meeting-notes.html, or much less care (as long as vB works, right? :P), however some of the proposed changes (http://beeblex.com/lists/index.php/php.internals/17883) will break many a scripts/applications/ugly kludges that should result in the authors being hung at the gallows (I'm not bitter, I swear!).

Some of the proposed changes: remove register_globals remove magic_quotes remove safe_mode

I'm not sure about all of the other changes, but those three that you list are things that should never have been there in the first place imho (well, perhaps safe_mode should have been there to help guard against ill-configured server security a bit but I won't be sorry to see the other two go at all, particularly register_globals).

Just reading the rest of the notes at the moment :)

Don't be bitter. This mean future contracting opportunities when you get to go back and fix everything :)

Is it possible to support multiple PHP versions on a single server?

Don't be bitter. This mean future contracting opportunities when you get to go back and fix everything :)Most of the time, people don't want to pay more to have it done right ;). They want what they have fixed, as long as it works (which means more stupid kludges). This holds true, for pretty much any language in my opinion as well.

Is it possible to support multiple PHP versions on a single server?
Yes, you could run PHP4 as an apache module, and PHP5 as FastCGI, or the other way around, or you could run both as FastCGI binaries. Or you could even setup another apache instance and use mod_proxy to feed things requiring PHP5 to the proxied installation.

The question is, do you want to mess with it. At one point, I did think about doing the above, but more or less said to hell with it, and installed PHP5 (much to Tyler's objections :lol:), which everything worked fine after enabling register_long_arrays (e.g. $HTTP_POST_VARS, etc).

We were faced with the decision to install PHP 4.4.2 or one of the PHP 5 versions just a couple days ago. We fell back to 4.4.2. There are too many unknowns with upgrading a whole server's worth of customers, potentially breaking their sites. I would LOVE to have dual installations available!

From what i've seen, things like vB, phpBB2, Wordpress, phpAdNews (needs register_long_arrays), work fine, or need legacy things like register_long_arrays turned on.

I'd wager (a penny at most) OSCommerce works fine as well.

As for "dual" installations, its possible, just a pain to find any information on doing it :D

OSCommerce is a big question mark. We have an important site on our server running OSCommerce, though older version updated for security. It would be devastating if we upgraded PHP and this site no longer functioned as a result!

Web Calendar, phpMyChat, Coppermine (particularly legacy Coppermine installations) and some other applications are questionable as well. I don't think we have anyone using older CMSs.

considering register_globals, $HTTP_*_VARS, are still available (granted, frowned upon, considering super globals such as $_POST, $_GET, $_COOKIE have been available since 4.1.0), I would imagine even older scripts might work... but, the best way to find that out would be to setup a sandbox and try it using non-public copies.

Good idea. Any hosts out there want to donate a box to IWDN for a couple weeks for PHP testing? :D

OSCommerce is a big question mark. We have an important site on our server running OSCommerce, though older version updated for security. It would be devastating if we upgraded PHP and this site no longer functioned as a result!

That's something you might want to look into because I seem to remember reading a while back that OSCommerce required register globals to be turned on (this is what lead me to looking for alternatives and ultimately working on a custom solution as any script requiring register globals to be on always makes me wary of it). Maybe things have changed since then, but if you're still using an old version it's probably worth checking out so you know in advance if there might need to be some changes.

osCommerce does require register globals on, although there is a mod that will allow you to turn it off. I was too chicken to try, though, because of a few mods that horribly wrecked one of my staging copies (the mod was unrelated to the register globals issue).

Scarily, a lot of web applications written in PHP still require/want register_globals on... At one point, I think MySQL AB's Eventum (http://dev.mysql.com/downloads/other/eventum/) even required it, and this is in the last year at least.

Ergo why i'm writing my own, along with a slew of other things... *brain explodes*

I've worked on custom CMS's before that relied on register_globals. You've got to wonder how these people can call themselves programmers..

I think that even discussing PHP6 is a bad idea right now [for the PHP community] since PHP5 isn't being adopted at all.

Installing it as CGI is an option, like Cameron said, but many hosts still aren't even doing that.

From the list..

#3 is definitely a good thing, it would speed up the design of smaller applications a lot [no need to import an http class].

#5.. won't that allow people to use system() and exec(), which are, well, bad?

#8.. I don't know if I support that or not. There's too much inconsistency in PHP to go around randomly removing functions. I think there needs to be some new standard on how functions are named. It would take a while to re-memorize some of them, but it would make life easier. [and kill half of php.net's traffic from people checking to see how a function is named]

I think that even discussing PHP6 is a bad idea right now [for the PHP community] since PHP5 isn't being adopted at all.Well, in that case, we might as well write PHP6 off as another lame duck. :smash:

#5.. won't that allow people to use system() and exec(), which are, well, bad?
disable_functions and disable_classes are separate from safe_mode, and open_basedir will remain in PHP6, which only allows files to open under the open_basedir. However, safe_mode gives the false assumption that it will make PHP "safe", there are ways around it.

#8.. I don't know if I support that or not. There's too much inconsistency in PHP to go around randomly removing functions. I think there needs to be some new standard on how functions are named. It would take a while to re-memorize some of them, but it would make life easier. [and kill half of php.net's traffic from people checking to see how a function is named] Even if the aliases are removed, you can always respecify them yourself if (!function_exists('sizeof')) {function sizeof($mixedvar) { return count($mixedvar); } }Not exactly brain surgery.