PHP is a popular, easy-to-learn, server-side scripting language. It is used to build dynamic websites and web applications — from simple contact forms to advanced e-commerce platforms, CMS systems (e.g., WordPress), and entire APIs. In the world of “programming in PHP,” you will find countless code examples, frameworks (Laravel, Symfony), libraries (Composer), and tutorials.

Why is it worth learning?

PHP is stable, fast (especially since PHP 7), well-documented, and supported by a massive community.
Perfect for beginners because you can quickly see results in the browser.
With PHP you’ll understand the basics of web development: HTTP requests, forms, databases, sessions, and security.

In this lesson, you will learn: what PHP is, why and how it was created, its most important versions and what they introduced, and finally — simple code examples, best practices, and a mini quiz.

Basic Explanation of the Topic

What Is PHP?

Full name today: “PHP: Hypertext Preprocessor”.
A server-side scripting language that generates HTML/JSON, which is then sent to the browser.
Most often combined with a web server (e.g., Apache, Nginx) and a database (e.g., MySQL/MariaDB, PostgreSQL).
PHP also supports CLI scripts, cron jobs, and integrations (e.g., job queues).

A Brief History of PHP

1994: Rasmus Lerdorf created a small set of C scripts to track visits to his website — “Personal Home Page Tools”.
1995–1997: The project grew into “PHP/FI” (Forms Interpreter) — adding form processing and dynamic HTML capabilities.
1997–1998: Zeev Suraski and Andi Gutmans rewrote the parser — PHP 3 was born, followed later by the Zend Engine (the language’s execution core).

Today, PHP is a mature language with types, exceptions, object orientation, and — since versions 7 and 8 — very fast, with modern syntax and a strong focus on code quality.

What Was Missing in the 1990s That Led to PHP’s Creation?

Early web pages were static. HTML couldn’t:

generate dynamic content (e.g., personalized pages),
easily handle and process form data,
connect to databases in a straightforward way.

CGI in C/Perl existed, but the entry barrier was high. PHP filled the gap: a simple language that could be embedded directly into HTML, with a fast “save–refresh in browser” cycle. It worked and quickly evolved.

Key PHP Versions and What They Introduced

Here’s a short, practical overview. For beginners, the most important are the “milestones” — versions that truly changed PHP programming.

PHP/FI and PHP 3 (1995–1998) — Birth and Extensibility

PHP/FI: form interpretation, embedding in HTML, first steps toward dynamic web.
PHP 3 (1998): rewritten parser, extension architecture, more consistent language. The start of “real” PHP.

PHP 4 (2000) — Zend Engine 1, Performance, and Popularity

New engine (Zend Engine 1): significant performance boost.
Better integration with web servers.
The time when PHP became massively adopted on hosting servers.

PHP 5 (2004) — A Big Step Toward OOP and Practicality

Zend Engine 2, solid OOP: classes, inheritance, interfaces, abstract classes, visibility (public/protected/private).
Exceptions, PDO (safe database access with prepared statements), SimpleXML, Iterators, SPL.
PHP 5.3 (2009): namespaces, closures, late static bindings — a huge step toward modern development.
PHP 5.4–5.6: traits, short array syntax [], generators yield, finally, variadic arguments, splat operator ....

Why important: the professionalization era — larger projects, standards, testing, frameworks.

PHP 7 (2015) — Performance + Types = Revolution

Dramatic performance boost (often 2× or more vs PHP 5).
Scalar type declarations (int, string, bool, float) for parameters and return types for functions/methods.
New operators: null coalescing ??, spaceship <=>; anonymous classes; better engine errors (Error as Throwable).
PHP 7.1–7.4: nullable types, void, iterable, typed properties (7.4), arrow functions fn, preloading, ??=, performance improvements.

Why important: PHP 7 “dispelled” performance issues and introduced modern type control.

PHP 8.0–8.3 (2020–2023) — Modern Syntax and JIT

8.0: JIT (Just-In-Time), union types, attributes (annotations), named arguments, match, nullsafe ?->, constructor property promotion, many new functions (e.g., str_contains).
8.1: enums, readonly properties, fibers, intersection types, first-class callable syntax.
8.2: readonly classes, standalone true/false/null types, deprecation of dynamic properties.
8.3: typed class constants, json_validate(), further improvements and stricter diagnostics.

Why important: PHP 8 improved developer experience, safety, and readability while boosting performance.

Historical note: “PHP 6” as a stable release never came out (ambitious Unicode plans were later implemented step by step).

3. PHP Code Examples (with Comments)

The following “PHP code examples” are simple but demonstrate practical basics.

“Hello, World!” and echo

<?php
// Simplest script
echo "Hello, World!"; // Displays text on the page

Embedding PHP in HTML

<!doctype html>
<html lang="en">
  <head><meta charset="utf-8"><title>My PHP Page</title></head>
  <body>
    <h1>Welcome!</h1>
    <p>Today is:
      <?php
        // PHP code inside HTML — the server will insert the result here
        echo date('Y-m-d H:i:s');
      ?>
    </p>
  </body>
</html>

Reading Form Data (Security: Filter Input)

<?php
// Example of handling a POST form with secure data retrieval
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS);
$age  = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (!$name) {
        echo "Please enter a name.";
    } elseif ($age === false) {
        echo "Age must be an integer.";
    } else {
        // Return safe HTML — sanitized data
        echo "Hello, {$name}! You are {$age} years old.";
    }
}

Form HTML (in the same file above PHP or separately):

<form method="post">
  <label>Name: <input name="name"></label>
  <label>Age: <input name="age" type="number"></label>
  <button type="submit">Submit</button>
</form>

Database Connection with PDO and Prepared Statements

<?php
// Best practice: use PDO and prepared statements to avoid SQL Injection
$dsn = 'mysql:host=localhost;dbname=php_course;charset=utf8mb4';
$user = 'db_user';
$pass = 'secret';

try {
    $pdo = new PDO($dsn, $user, $pass, [
        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION, // errors as exceptions
        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,       // results as associative arrays
    ]);

    $email = filter_input(INPUT_GET, 'email', FILTER_VALIDATE_EMAIL);

    $stmt = $pdo->prepare('SELECT id, name FROM users WHERE email = :email');
    $stmt->execute(['email' => $email]);

    $user = $stmt->fetch();
    if ($user) {
        echo "User: {$user['name']} (ID: {$user['id']})";
    } else {
        echo "User not found.";
    }
} catch (PDOException $e) {
    // In production log the error, don’t show details to the user
    error_log($e->getMessage());
    echo "Database connection error.";
}

Basics of OOP: Types, Constructor, readonly, enum, match (PHP 8+)

<?php
declare(strict_types=1); // Enable strict typing

// Enum (PHP 8.1): example order status
enum OrderStatus: string {
    case New     = 'new';
    case Paid    = 'paid';
    case Shipped = 'shipped';
}

// Simple class with constructor property promotion (PHP 8.0)
// and typed properties. 'readonly' (PHP 8.1) for immutables.
final class Order
{
    public function __construct(
        public readonly int $id,
        public string $customerEmail,
        public OrderStatus $status = OrderStatus::New
    ) {}

    public function totalWithTax(float $net, float $taxRate = 0.23): float {
        return $net * (1 + $taxRate);
    }

    public function label(): string {
        // match (PHP 8.0) more readable than multiple if/else
        return match ($this->status) {
            OrderStatus::New     => 'New order',
            OrderStatus::Paid    => 'Paid',
            OrderStatus::Shipped => 'Shipped',
        };
    }
}

$order = new Order(id: 1001, customerEmail: 'client@example.com');
echo $order->label(); // "New order"
echo $order->totalWithTax(100.0); // 123.0

Nullsafe Operator and Modern Helpers (PHP 8.0+)

<?php
// Nullsafe ?-> prevents errors when something is null
$user = getCurrentUser(); // may return null

// If $user is null, the whole expression returns null without Fatal Error
$city = $user?->address?->city ?? 'Unknown city';

echo $city;

Password Hashing and Verification (Security)

<?php
$password = 'secret_password';
// Default secure algorithm (bcrypt/Argon2 — depending on configuration)
$hash = password_hash($password, PASSWORD_DEFAULT);

if (password_verify('secret_password', $hash)) {
    echo "Password correct";
} else {
    echo "Incorrect password";
}

4. Best Practices and Common Mistakes

Best Practices (What to Apply)

Use up-to-date PHP versions (7.4 is EOL, PHP 8.x recommended). Gain performance, security, and new features.
Enable strict typing: declare(strict_types=1); + parameter and return types. Code is clearer and more stable.
Use PDO with prepared statements for databases — protection against SQL Injection.
Validate and filter input (filter_input, validation libraries).
Passwords: password_hash() and password_verify(); don’t write your own algorithms.
Organize code:

* Namespaces, autoloader (Composer), layered structure (controllers, services, repositories). * PSR standards (PSR-1/PSR-12 — coding style, PSR-4 — autoloading).

Testing and quality:

* PHPUnit / Pest for tests. * PHPStan / Psalm (static analysis), PHP_CodeSniffer (style).

Error logging and monitoring:

* In dev: error_reporting(E_ALL), display errors; in production — log to files/ELK.

Security:

* Escape data in HTML (e.g., htmlspecialchars()). * CSRF tokens in forms. * Limit uploads (size/type), check MIME, save outside the public folder.

Performance:

* OPcache (default since 7+), cache results, avoid unnecessary DB queries. * Profile (Xdebug, Blackfire) and measure, don’t guess.

Use frameworks (Laravel, Symfony) for larger projects — ready-made patterns, security, ecosystem.

Common Mistakes (What to Avoid)

Using old, unsupported PHP versions — security risks and library issues.
Mixing business logic with HTML in an uncontrolled way (spaghetti code). Use layers and templating.
No prepared SQL statements (injection risk), no data validation.
Showing detailed errors to users (stack trace in production) — security risk.
Using deprecated functions (e.g., mysql_*, magic quotes — removed).
Relying on dynamic class properties — deprecated in PHP 8.2 (will become errors).
No encoding and timezone setup:

* Set mb_internal_encoding('UTF-8'); and date_default_timezone_set('Europe/Warsaw'); (e.g., in bootstrap).

Ignoring Composer and packages — don’t reinvent the wheel.
No tests and no code review — harder to maintain quality and stability.

---

5. Summary

PHP is a server-side scripting language created for dynamic web pages. It was born because the 1990s web needed a simple way to connect HTML with logic and data.
Key milestones:

* PHP 3 (extension architecture), * PHP 5 (full OOP, PDO, exceptions), * PHP 7 (performance + types), * PHP 8 (JIT, modern syntax, enums, attributes).

In practice, PHP programming relies on good habits: types, PDO, validation, testing, PSR, Composer, security.
Modern PHP is fast, developer-friendly, and strongly supported. Great both for beginners and large systems.

---

6. Mini Quiz (Control Questions)

Who created PHP and for what purpose?
How does PHP differ from JavaScript in terms of execution environment?
Why are PHP 5 and PHP 7 considered groundbreaking? Provide 2–3 reasons each.
What is PDO used for and why are prepared statements important?
What are “types” in PHP 7+ and what does declare(strict_types=1); do?
What does the nullsafe operator ?-> do and when would you use it?
How should passwords be securely stored in PHP? Name the key functions.
List 3 best practices and 3 common mistakes in PHP projects.
What new features/syntax were introduced in PHP 8.0–8.3 (at least 3 examples)?
What are your methods for improving performance in PHP applications?

Good luck! If you can answer briefly and clearly, you’ve mastered the basics and history of PHP.