Which one would you choose to use and why?

I know I like PHP4 since it's easier to code with, although, as I've heard.. it isn't as secure. I'll have to rack up for PHP5 as the support for PHP4 ends the end of this year. :-/

Easier to code with...? I am not sure what you mean; can you clarify?

PHP 5 is (almost completely (http://us3.php.net/manual/en/migration5.incompatible.php)) backwards-compatible with PHP 4. Five introduces a number of *new* constructs to the language, but it does not remove any. It runs faster than four, and as you pointed out, support for PHP 4 is being reduced at the end of the year and completely dropped mid-2008.

As far as security goes - I will remind everyone that your code is only as secure as you make it. Using 5 over 4 goes not grant you any special security benefits, just because you are using a newer version of the language.

The benefits to using PHP 5's new object model are tremendous, though. With PHP 4, implementing something like Ruby on Rails' ActiveRecord library would be a hideous hack (delicious, let's eval about three hundred different methods into existence after we instantiate the object! great idea!). With PHP 5, you get visibility for your methods/attributes and you get a bunch of excellent 'magic methods' - things you can use to create something comparable to ActiveRecord (http://aphp.yasashiisyndicate.org) with (warning: shameless plug).

This is something I doubt many people here are concerned about, but PHP 5 includes a DOM implementation, too. I <3 DOM.

Easier to code with...? I am not sure what you mean; can you clarify?

Well, when I first started coding, register_globals and several other features were enabled by default and not described as a security hazard. Therefore, I learned to use the normal variables register_global provides. $_GET and $_POST are not really my nature from the start, and my session codes seem to hate PHP5 for some odd reason. *will have to debug something, somewhere* But nevertheless, it's just simply less coding to do.. in my opinion. :)

The PHP 4 manual describes register_globals as a potential avenue of attack, and every version of PHP starting at 4.2 had it turned off by default. Register globals is still present in PHP 5, too, albeit off by default.

If you're on shared hosting, then yes, it's probably turned on because there are *still* some applications that people may install which require the use of register globals.

But, PHP's perceived security issues, much like Perl's perceived ugliness issues, have a lot more to do with programmers not being informed of Best Practice (declare your variables before using them = the register_globals attack vector mitigated - or just force register_globals off).

This has a lot to do with the low barrier of entry to PHP and Perl - a quick Google search for a few (poor?) tutorials is all someone really needs to get a good working knowledge of the language, whereas with more complicated languages, you are more likely to get better training (books, classes, training workshops, etc).

At the end of the day, you wouldn't upgrade from 4 to 5 for security benefits. There's more to be said about the performance boost, new object model, SQLite support, MySQLi, and the DOM.

PHP5 is better, it is newer, and a more secure language. In the next year or so PHP 4 is going to be obsolete just like PHP3 was. So I suggest porting all to PHP5 and learning the ins and outs of it ASAP (within the year)

Also OOP can make your life easier if you do it correctly.

PHP5 is better, it is newer, and a more secure language. In the next year or so PHP 4 is going to be obsolete just like PHP3 was. So I suggest porting all to PHP5 and learning the ins and outs of it ASAP (within the year)

Also OOP can make your life easier if you do it correctly.

'more secure'? That's very inacurate. It's not more secure than php4. OwlManAtt already posted that it isn't.

Also, transitioning from php4 to php5 isn't that hard. People should be able to just do it if they've been using php4. As OwlManAtt said:



PHP 5 is (almost completely (http://us3.php.net/manual/en/migration5.incompatible.php)) backwards-compatible with PHP 4. Five introduces a number of *new* constructs to the language, but it does not remove any. It runs faster than four, and as you pointed out, support for PHP 4 is being reduced at the end of the year and completely dropped mid-2008.

As far as security goes - I will remind everyone that your code is only as secure as you make it. Using 5 over 4 goes not grant you any special security benefits, just because you are using a newer version of the language.