Home :

Updates since publication

Any misprints or factual errors are listed on the book's official corrections page on the friends of ED site. This page is intended to keep you up to date with any new developments since the book's original publication.

Installing Apache and PHP on Windows Vista

Before installing Apache and PHP on Windows Vista, turn off User Access Control (UAC). You can turn UAC on again after installation. If you attempt to install them with UAC enabled, Vista locates vital files in the wrong place.

To disable UAC, log into Vista as an administrator, and open Control Panel. Select Classic View, double-click the User Accounts icon, and then click "Turn User Account Control on or off". Deselect the Use User Account Control (UAC) checkbox, and click OK. Click Restart Now when prompted by Vista.

To turn UAC back on, follow the same procedure, but select the Use User Account Control (UAC) checkbox.

Windows PHP installer now offers full features

The release of PHP 5.2.0 is accompanied by a dramatically improved Windows installer. If you would prefer to automate the installation of PHP, see the full instructions for using the new installer in the Tutorials section of this site.

Enabling PHP on Mac OS X Leopard

When Mac OS X 10.5 was released (26 October 2007), the Mac PHP package created by Marc Liyanage that I recommended in the book was not compatible with Leopard. If a compatible version is still not available, follow the detailed instructions for setting up PHP in Leopard in the Tutorials section. Note: the version of PHP 5.2.4 in Leopard does NOT support PDO-MySQL.

PHP configuration changes since version 5.2

When you run phpinfo(), the location of php.ini is no longer displayed as Configuration File (php.ini) Path, but is in a new section called Loaded Configuration File immediately below.

The changes to allow_url_fopen originally planned for PHP 6 (see pages 180–181) were implemented in PHP 5.2. This means that allow_url_fopen no longer allows the inclusion of remote files. This change has no impact on the code in the book. However, if your hosting company still disables allow_url_fopen after upgrading to PHP 5.2 or later, you should ask it to review its security policy.

The distinction between allow_url_fopen and allow_url_include is subtle, but very important. Including a remote file directly in your scripts is a major security risk, so the default setting for allow_url_include is off. By making allow_url_include a separate configuration directive, the PHP team hopes to encourage administrators to turn on allow_url_fopen so that developers can access remote files such as RSS and XML feeds. Because allow_url_fopen on its own won't let you include such feeds directly in your pages, the responsibility lies on the individual developer to process the content of the feed to ensure that it doesn't contain any malicious script.

MySQL Windows Essentials