PHP是一种新型的CGI程序编写语言,易学易用,运行速度快,可以方便快捷地编写出功能强大,运行速度快,并可同时运行于 Windows、Unix、Linux平台的Web后台程序, 内置了对文件上传、密码认证、Cookies操作、邮件收发、动态GIF生成等功能,PHP 直接为很多数据库提供原本的连接,包括Oracle、Sybase、Postgres、Mysql、Informix、Dbase、Solid、 Access等,完全支持ODBC接口,用户更换平台时,无需变换PHP代码,可即拿即用.

Security Enhancements and Fixes in PHP 5.3.9:

Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
Fixed bug 60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
Fixed bug 55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
Fixed bug 55609 (mysqlnd cannot be built shared)
Many changes to the FPM SAPI module

Security Enhancements and Fixes in PHP 5.3.6:

* Enforce security in the fastcgi protocol parsing with fpm SAPI.
* Fixed bug 54247 (format-string vulnerability on Phar).
(CVE-2011-1153)
* Fixed bug 54193 (Integer overflow in shmop_read()).
(CVE-2011-1092)
* Fixed bug 54055 (buffer overrun with high values for precision
ini setting).
* Fixed bug 54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug 53885 (ZipArchive segfault with FL_UNCHANGED on empty
archive). (CVE-2011-0421)

Key enhancements in PHP 5.3.6 include:

* Upgraded bundled Sqlite3 to version 3.7.4.
* Upgraded bundled PCRE to version 8.11.
* Added ability to connect to HTTPS sites through proxy with basic
authentication using stream_context/http/header/

Proxy-Authorization.
* Added options to debug backtrace functions.
* Changed default value of ini directive serialize_precision from
100 to 17.
* Fixed Bug 53971 (isset() and empty() produce apparently spurious
runtime error).
* Fixed Bug 53958 (Closures can't 'use' shared variables by value
and by reference).
* Fixed bug 53577 (Regression introduced in 5.3.4 in open_basedir
with a trailing forward slash).
* Over 60 other bug fixes.

Security Enhancements and Fixes in PHP 5.3.1:

Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
Added missing sanity checks around exif processing.
Fixed a safe_mode bypass in tempnam().
Fixed a open_basedir bypass in posix_mkfifo().
Fixed failing safe_mode_include_dir.
Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.