PHP update on Win2k8 IIS server

Hi all,
   I have 3 web servers at a client site that need to be updated, i need to upgrade the php to clear some security issues that have been hilighted.

I am running Server 2008 with IIS, the version of PHP is 5.3.10.0 (from the exe). I want to know the best way to update this and if possible a dummy guide (simple steps) along with knowing the risks to the content already in place.

The servers each are running between 40 and 100 sites so i want to ensure that any changed i make will have a minimal impact. I can take a Snapshot of the machines before hand for a roll back if required but i would like that to be a last resort.

Any support or links here would be much appreciated,
LVL 5
ncomperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
Some "interesting" things may show up in a PHP5.3+ upgrade to PHP 5.4 or PHP 5.5.  For example, call-time-pass-by-reference is no longer deprecated; instead it causes a fatal error.  The definition of error_reporting(E_ALL) has changed.  And the default character set may be different if it is not specified in the function calls.  Unfortunately there is no good way to predict if any of these risks will cause problems, except for the call-time-pass-by-reference (you can scan the PHP code for instances of &$ and & $ to detect this).

PHP has a changelog that details the release differences.  If you're moving up from 5.3.10, you might start your research at 5.3.11.  Example here:
http://www.php.net/ChangeLog-5.php#5.3.11

The MySQL extension is deprecated at PHP 5.5.  What to do here:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave BaldwinFixer of ProblemsCommented:
Replacing your version of PHP is easy.  Knowing the risks is next to impossible with about 200 sites written by many different people.  Which is why I have only seen two hosting companies upgrade their version of PHP on a server in the last 10 years.  In one case we were told it was going to happen.  In the other case, I got a big job fixing old code to work with the new version.  Everyone else has required that you move to a 'new' server with more recent version of PHP.
0
Ray PaseurCommented:
Tell the clients to move to the "new" server -- what a great idea!  It puts the responsibility for compatibility testing and any required upgrades squarely where it belongs - with the owner of the scripts.

That's why I love EE.  Answers that make sense from real-world experience.

Best to all, ~Ray
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

ncomperAuthor Commented:
We have had an additional discussion internal and have put forward the following option.

1) Clone the server and drop into a Test environment
2) Provide access to the test server to 3rd party developers
3) Upgrade server PHP to 5.3
4) Test all sites for compatability
5) If successful Replace live server with Updated VM

Now that is over simplified from the actual steps and my initial concerns are as follows

a) Clone server will need to be placed in the Live network to allow for external access
b) Name of server will need to be changed along with IP addresses to remove conflict

Completing the above could cause issues as i think i will need to Drop the server from the domain to allow for the Name change, the IP addresses are linked to Secure sites within IIS.

As i am not a web developer i am not aware of the impact from the above so any advice here would be much appreciated.

** all site belong to the business we have 3 developer teams that work on various sites so we are not a hosting provider
0
Ray PaseurCommented:
3) Upgrade server PHP to 5.3
I understood that you were already running PHP 5.3.10?

I think you need professional help.  What you have is not a question with an answer, it's a project that needs technical advice and PM skills over time.  Your choices are (1) Hire a professional and move forward with the project or (2) Step away from the project, learn everything a professional already knows, then return to the project.  There are many intricacies involved in the upgrades and the need for precision is important.  You probably do not want to go it alone, with hundreds of web sites hanging in the balance.

As the great firefighter Red Adair famously said, "If you think it's expensive to hire a professional, just wait till you hire an amateur!"  

Best of luck with the project, ~Ray
0
ncomperAuthor Commented:
Ray thanks for the comment,
   As you can see that was only a Typo on the version number. The Developers have been tasked with completing the updates and so "The professionals" will be in charge of the project and deliverable, not myself, as i refused to complete project above for your exact reasons (totally not my area or skill set).

My request above was to find the best way to make a cloned server available for the external company to begin the test works without touching the Live infrastructure.

If this was an internal change/Test i would clone the server, place it on an isolated VM network and complete the test upgrade process. As i need the external company to have access to the machine some kind of connectivity would be required and this is what i need to organize.
0
Dave BaldwinFixer of ProblemsCommented:
I think the 'Test' server idea is a good, there are just a lot of details that have to be taken care of to get it to work.  But not nearly what it would take if you upgraded PHP and the sites failed because then it becomes an emergency to get them back on line.
0
ncomperAuthor Commented:
Overall
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.