Stop Using PHP 5.2!

As a contributor to the open-source community I often get email from users about errors they get from their server. Most often, a close scrutiny of their server’s configuration leads to finding out they are using PHP 5.2 or earlier. Which would have been fine if we lived in a time period between November 2, 2006 to January 6, 2011. I can give you exact dates because the company that creates and maintains the language gives you guidelines on when to update and migrate to a new release.

PHP 5.2’s end of life date was announced on January 6, 2011. This means the company that created it does not support it anymore and will not take responsibility for any foul play on your site. As a matter of fact many security bugs and concerns lead to stopping support for PHP 5.2 and encouraging users to upgrade to a current version.

From a programmers point of view both major releases after PHP 5.2 namely PHP 5.3 and PHP 5.4 introduces many new features and functionalities. They fixed many security issues and optimized the language from a performance stance. All these additional features has made PHP 5.4 a robust Object Oriented Language. This allows for modular programming, code reusability, maintenance and allows for platforms and code libraries such as Zend Framework to exist.

“But my site works and I have never written a line of code. Why should I bother?” You see. When PHP 5.2 reached its EOL (End of Life) a security issue was found in the code. This bug was later fixed in PHP 5.3 but not in PHP 5.2. If you check the change logs for PHP 5.3 and 5.4 you will see many security fixes that are not reflected in PHP 5.2. The problem with known issues is that they are scientifically proven. This means you can replicate the results every time and it means that a hacker will be able to access your information.

Migrating to a current version of PHP (5.3 | 5.4) could become slightly tricky. However, most hosting companies will do it for you. If your hosting company does not support PHP >5.2 (I have yet to come across one) consider migrating your site to a reputable hosting company. Specially, if you are hosting business information, client lists, clients’ information, … and want to take advantage of some of the new features that are developed that do not support PHP <5.3.

You can find the PHP version installed on your server in many different ways. The first method is to login to your cPanel, Plesk, … and find the PHP version. If you have SSH access to your server you can simply run `php -v` command and that will return the following.

php-version

And finally you can get the PHP version and all sorts of information about your PHP installation and enabled/installed modules. To achieve this you need FTP access to upload a file to your file server. Access the file through your web browser.

// phpinfo.php
<?php phpinfo() ?>

phpinfo
Wondering if your mySql server is safe? Check MySQL Product Support EOL Announcements page.