PHP 5 has been released for quite some time now, although it still seems to be the latest and greatest version of PHP, at least that is what people tend to think. It’s newer, it must be better, right? Well PHP5 may have been released over 4 years ago (July 14th 2004, for PHP5.0.0, to be exact), but PHP4, which is still in production use in many large web applications was released more than 8 years ago, May 22nd 2000.
So what does that mean? It means that PHP5 is still a “new” version of the language. There are still a great deal of bugs that haven’t been found, or have been found by the wrong people and not yet reported to the right people. Sure, PHP5 has some great new functions such as stripos(), and the new object oriented framework is much more like that of a truly object oriented language, but the fact remains that PHP4 has had 8+ years of extensive testing, and a great deal of it has been in production environments.
So what does that mean for your company? Well, if you’re the type of company that likes to have the latest and greatest versions of software, this could seriously hinder your application development process. Suppose the powers that be were to find a gaping security hole in one of the PHP5 only functions, your website is at risk for being attacked before the PHP community patches it up, and before your network administrator installs the patch. This is not to say gaping security holes are never found in PHP4, but nowadays, the scale tips in the PHP5 direction, and usually in much worse ways.
In short, the latest does not always mean the greatest. Shall I point you in the direction of, say, Windows Vista©, or possibly Internet Explorer© v8? :)