PHP4 to PHP5 - HOW to make the upgrade
Yesterday I wrote up a entry about the why of moving to PHP 5. I figured thats just no fun to read that you need to scrap what you’ve been doing and start over. Well this is a run down on how to make that upgrade seamless as possible. First things first your NOT really going to scrap anything you’ve done. PHP 5 makes very few changes that will have you going ape over making the move.
http://us3.php.net/manual/en/migration5.incompatible.php is the basic starting point when looking at what you will have to do. What does all this giberish mean? Well depending on if you have actually implemented some of the rarely used stuff they changed maybe not much.
One of the things you will also need to note about alot of hosts that are offering PHP 5 accounts. They are not and probably will not set them up to be as open as most PHP 4 installs were. What I mean by that is that alot of hosts are leaving the defaults that have actually been the default for a while alone in php.ini and these things have been set that way by default for security reasons that your again probably not going to talk your way out of. The defaults I refer to are those that effect global variables and the long variables used in alot of applications. Say for examples the current most used version of OsCommerce is still milestone 2 which requires that global variables and the long variables like HTTP_POST_VARS and HTTP_GET_VARS be enabled.
So the first thing to do is on any application still trying to use HTTP_POST_VARS, HTTP_GET_VARS, etc open your favorite IDE and use that global replace to fix these. They all have equivilants in that things like HTTP_POST_VARS is now $_POST and HTTP_GET_VARS is not $_GET or you could use the $_REQUEST variable to receive from either form type. Next up is to get ride of any place you might have gotten (sorry but) a litte lazy and used form content from get or post in variable names with the same name as the form field. This is global variables and this you most likely will not find a good search and replace command for. Hey, what can I say you shouldn’t have been using them in years anyway. Its been a known security risk for quite some time now.
Whats next? In alot of cases nothing. In fact, applications like OsCommerce the above will be all you have to do(as if its not enough).
Oh, and for those that might comment and say just turn on global and long variables here is the php.ini settings that need to be set to do it that way and well stay lazy and insecure.
register_globals = on
And
register_long_arrays = on
Those to settings in your php.ini will save you from doing alot of work but allow for alot of known exploits of your applications.
Steven M.
Owner/Operator Infinifire