I have a simple question why do we need to upgrade PHP version on a live server? Is there any good reason to do so? I'm confused; we're using PHP 5.3 and our CEO doesn't want to update to PHP 5.5 which is recommended in Laravel 5. Can somebody give me reason why we should or we shouldn't do it?
Further to some of the comments on your question:
Do we need to upgrade PHP
The answer to this part of the question is "No". In some cases it might not be possible to upgrade as newer version can cause applications to break if they rely on older features.
Do we need to upgrade PHP for Laravel 5
The answer to this part is "Yes". You will have to upgrade for Laravel 5 as it relies on newer features of PHP that only exist from PHP 5.4 (Laravel 5) and 5.5.9 (Laravel 5.1).
Should we upgrade PHP
You didn't ask this question, but I put it in here because Yes, you should. Versions of PHP have a lifetime. They are supported in full for bugs for a while, and then they are supported for security flaws for slightly longer. However, after a while, versions of PHP will no longer receive any support. Security holes might be found in older version that will never be patched. You should keep your version of PHP up to date in order to remain safe from PHP vulnerabilities that may have been discovered.
As always, the PHP website contains all the information about the currently supported versions of PHP: http://php.net/supported-versions.php
Related
I have a commercial membership site php program on the server, but after the server upgrade it no longer works. The provider has ceased to operate so there is no support. I am using php 7.0.15, but the server wants me to upgrade to a more recent version, 7.4. This breaks the program /all I get is a blank screen)
My level of PHP does not allow me to debug such a complicated program. My question is:
is there any way of instructing php to only use the older version? I imagine that this would have to be done in the php.ini file on the server?
I would like to upgrade to php 7.4 on the server, but have this software run in php 7.0.
Is this possible?
The simple answer is No - PHP does not offer any options to emulate the behaviour of previous versions.
Partly because features are sometimes removed because they prevented changes in the engine, or would need a lot of work to operate with them; partly just because there is only a limited amount of resources available to work on the core of PHP, and maintaining multiple versions of each feature to enable such compatibility would take effort away from improving the current version.
Your short-term option is to find a way to run an actual copy of PHP 7.0 on the server, or a different server that will allow you to run it. You may need to pay someone who provides unofficial long-term support for old versions, since the last official security patch for that version was over 3 years ago. Even PHP 7.4 will only receive official security patches until the end of this year.
In the long term, your only options are to hire someone to update the application to run on a modern version of PHP, or to migrate to a different application which still has a vendor supporting it.
i am thinking about migrating from php 5.3 to php 5.6 on my company's server, but i'm concerned about how it may affect other websites on the server, especially joomla and wordpress app's, which were hosted some few years back, like 2011. I was trying to host a new website that uses 'get_result()' but i was having some errors when hosting it, even though mysqlnd driver was present, i could only fetch my results using'bind_result()'. so i debugged it, and found out that it's because of a certain driver nd_mysqli which is present in php 5.6. So that's why i decided to upgrade. Are there any issues that could come after this upgrade? Or is there another way of getting the nd_mysqli driver? though honestly i'd prefer to upgrade, this is 2017, it's about time for that.
A fair amount has changed between 5.3 and 5.6, so it is hard to say exactly what issues you may face.
If you are running recent versions of joomla and wordpress the chances are they are compatible as the relevant developers will already have fixed any issues, but if they are as old as php 5.3 then you may run into issues.
Whatever you do, you should create a test server to be sure.
The following pages show the changes that have been made:
http://php.net/manual/en/migration54.php
http://php.net/manual/en/migration55.php
http://php.net/manual/en/migration56.php
You really should upgrade though php 5.3 no longer receives security patches and you are likely vulnerable to something.
It depends on the versions of Joomla and WordPress.
For example, it might be possible to get Joomla 1.5 and older versions of WordPress running on PHP 5.6, but you will need to suppress strict errors as per https://stackoverflow.com/a/9984309/1983389 or similar. It will also depend on what extensions / add-ons are being used.
As #Theo says, it is probably best to do this change in a test environment first so that any issues can be identified and resolved before proceeding with the change on the production server.
An alternative and better long term strategy might be to upgrade the Joomla, WordPress and any other applications on the server before upgrading PHP.
I am working on a project which is in php 5.3+. I need to create a separate Api which is to be deployed on same server for which i am using the Symfony2.
As i need to deploy new api on same server i want to use php 5.5+ version Now i need to upgrade my old project to new version of php and mysql as the server currently is on 5,3+. I tried the php 5.4+ and mysql 5.5+ on my local system the project works fine, but when i switched to php 5.5+ it shows me error that states mysql_connect is Deprecated.
I checked on several sites and came across a solution where i can skip the deprecated message on php 5.5 + via doing some ini settings.
Now my main concern is whether is it a right solution to migrate to php5.5+ and start new feature development out there As i need to use 5.5+ so that i wont face same deprecated issue with any other thing in future in new Apior should i migrate to 5.4+.
Kindly Reply
Upgrade to the latest 5.x branch. Do not upgrade to 7.
A new major version, means that backwards compatibility is broken. You can expected that some deprecated features are dropped. In general upgrading to a new mayor PHP version requires you to upgrade your code base.
When upgrading to a new minor version, you can expect your application to keep working. Typically new functionality is added and some functionality is deprecated, but nothing is removed.
Deprecation is a notification to indicate that functionality might be removed in an upcoming version.
The notifications are meant for you as developer, to know what you need to change to make your code ready for upgrading new major version.
On the production environment you should disable these notifications through error_reporting.
The deprecation notifications should not keep you from upgrading to a new minor version. Without this upgrade it's difficult to know what to change to make your software up to date.
Conclusion: Update to PHP 5.6. Than, when you're ready and have time, change / update your code so you're not using deprecated features. When that's done, you can upgrade to PHP 7.
The question I would ask myself if I were you is how long I would want to maintain a code base with deprecated features... my suggestion is to migrate to PHP 7 (or 5.6 minimum), upgrade projects and start new feature developments... will pay better on the long run.
The short answer is "Move to PHP 5.6 now; then move to PHP 7 later, once you've dealt (or as part of the exercise of dealing with) with all the issues that would break your code in PHP 7.
The changes from PHP 5.3 to 5.6 are not really that big. The really big changes happened between 5.2 and 5.3, but if you're on 5.3 already then you've already dealt with that. Moving up to 5.6 from there is virtually seamless.
Yes, there are some backward-compatibility breaks between every version, and yes, you must read the upgrade notes for each version before you start, but in truth, 5.4, 5.5 and 5.6 were more about adding features and increasing performance than they were about breaking things.
You specifically mention the mysql extension being deprecated in 5.5. This is true, and you will get warnings. Note, however, that these functions will still work in 5.5 and 5.6. The deprecation warning is telling you that they are considered obsolete and will be removed in the future. This has now happened in 7.0. These warnings are basically there to give you fair warning; to give you time to change your code before the next upgrade cycle. Your code will still work for now if you ignore the warnings, but you should start work immediately to fix the problem.
Fixing the problem, in the case of the mysql extension, means replacing your database code so that it uses either the mysqli or PDO extensions.
The mysqli exension is basically a drop-in replacement for the old mysql extension. There are some changes (it adds an OO interface if you want to use it, and it doesn't use a single global connection object as the old library did, so you need to pass the connection object into every call), but it's generally fairly easy to convert from one to the other.
PDO is a more advanced database library which can support a range of different database types including Mysql. It is quite different to the old extension, so converting is a more complex process. But if you can use this one, it's generally considered the preferred option.
I read this article recently on Ars: http://arstechnica.com/security/2014/03/php-bug-allowing-site-hijacking-still-menaces-internet-22-months-on/
I have some very old PHP servers still running some legacy code. They use PHP version 5.2.17
The article above states that PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.
The fact that they mention 5.3.x and 5.4.x, it makes me think that 5.2.x is NOT vulnerable - is this correct?
Thank you to anyone who can confirm and provide a reputable source for this.
PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.
5.2.17 is very much prior to both of those. If you look on http://www.php.net/ChangeLog-5.php#5.4.3, bug #61910 was fixed only in the 5.3 and 5.4 branch.
Having said that, the wording may be ambiguous. PHP 5.2 may be left out because it was not supported anymore. Or it may have been left out because the vulnerability only existed in 5.3+. I can't find definitive proof one way or the other.
I was recently asked about a legacy application that is running on PHP 4.4.2 on IIS 6.0. We were informed that this version of PHP is out of date and contains security vulnerabilities
I personally, have zero experience with PHP.
It has been suggested that we upgrade PHP to a later version. According to Wikipedia, the latest stable version is 5.4. Is version 5.4 backward compatible with 4.4.2?
I assume that there is an installer for PHP 5.4 that we could run that would install the new version of PHP. Would that work safely and the legacy application would still run fine?
Are there any breaking changes in newer versions of PHP that might make upgrading the legacy PHP application risky?
Look at this, check for any deprecated code (especially preg VS ereg ) -
http://www.php.net/manual/en/migration5.incompatible.php
Look for the general differences -
http://www.php.net/manual/en/faq.general.php#faq.general.differences-45
Check about the migration -
http://www.php.net/manual/en/faq.migration5.php
EDIT -
One more general link, may be helpful at times -
Check Change Logs