This entry is all about web hosting. We do all of our off-line development on Apple Macintosh computers that run PHP 4.3.9, and commensurately up-to-date versions of Apache and MySQL (v2 and v4-something respectively).

This is fine until we move to our web host servers. They run PHP 4.1.2. There have been a lot of changes to PHP since then, which can be problematic when moving from off-line to on-line. Some of these I found out yesterday, which is why this blog entry is here.

I’m sure that upgrading PHP to a later version would be a nightmare for support – not least the fact that register_globals in PHP 4.2 or above is off by default.

So far, the things that caused me hiccups are:

1. There’s a bug in 4.1.2 (and probably other versions) which is related to register_globals. This setting automatically creates global variables for anything that is set by the server: cookies, form fields and session variables, for example. Obviously this compromises security, particularly if you don’t always initialise your own variables. But about this bug:
   
   You can clear a session variable with the code unset (_$SESSION["variable_name"]), but the bug only unsets the session variable if it has never been read. But because register_globals is set, session variables are always read to put them into global variables.
   
   The solution is to ensure that register_globals is set to Off in php.ini or .htaccess.
2. Our web host uses an old version of the GD library. So all the image manipulation functions needed updating. We use GD 2, they use GD 1.6.2. Unfortunately, reverting to an earlier version of GD means changing the functions that resize and create image resources. A side-effect of this means that the images themselves aren’t as good as they could be since the version of GD doesn’t use true colour maps or pixel interpolation.
3. It also appears that the formats supported by sprintf have changed. The PHP manual notes that floating point formats of the form %n.mf have n as the overall minimum width of display, so %5.2f should give you something like nn.mm. On our web host this is interpreted as nnnnn.mm. I haven’t found any evidence of this problem except a comment dating back to March 2001 on the PHP sprintf Page and this.