PHP 4.2: What's New, Release History & Support Lifecycle

Q: Can I turn register_globals back on?

Yes, you can set register_globals = On in your php.ini file. However, this is a major security risk and strongly discouraged. The better approach is to fix your code.

Latest in branch 4.2

4.2.3

Released 06 Sep 2002
(23 years ago)

Software	PHP
Version	4.2
Status	End of life
Initial release	4.2.0 22 Apr 2002 (24 years ago)
Latest release	4.2.3 06 Sep 2002 (23 years ago)
End of bug fixes	06 Sep 2001 (Ended 24 years, 9 months ago)
End of security fixes	06 Sep 2002 (Ended 23 years, 9 months ago)
Release notes	https://www.php.net/ChangeLog-4.php#4.2.3
Source code	https://github.com/php/php-src/tree/php-4.2.3
Documentation	https://www.php.net/manual/en/
Download	https://www.php.net/releases/4.2.3
PHP 4.2 Releases	View full list

What Is New in PHP 4.2

Category	Key Changes
Security	Changed default for register_globals to OFF
New Features	Added ob_iconv_handler() output handler
Bug Fixes	Numerous fixes across extensions and core

Why did PHP 4.2 change the default for register_globals?

PHP 4.2 flipped the default value of the register_globals directive from ON to OFF. This was a major security-focused change to prevent variables from user input (like GET, POST, and COOKIE data) from being automatically created as global variables.

In practice, this meant developers had to explicitly access user data through the $_GET, $_POST, and $_COOKIE superglobal arrays instead of relying on magically created variables. This change forced better coding habits and significantly reduced a common class of security vulnerabilities.

What new output handler was introduced?

The ob_iconv_handler() output handler was added. This function works with PHP's output buffering system to convert character encoding on the fly.

You use it with ob_start() to automatically convert the internal character set of your script to a different one before sending it to the browser. This was particularly useful for ensuring consistent character encoding in multilingual applications.

ob_start("ob_iconv_handler");
// Output some content in internal encoding
echo $content;
// The buffer is converted and sent to the browser
ob_end_flush();

Were there other notable changes in this release?

Beyond the headline security change, PHP 4.2 included a range of bug fixes and minor improvements. The release focused on stability and closing potential issues that existed in previous 4.x versions.

Fixes were applied across various extensions and the core engine. This maintenance work was crucial for the overall health of the PHP ecosystem at the time, even if the register_globals shift was the most talked-about feature.

FAQ

Will my old scripts break with register_globals off?
Yes, scripts that relied on variables automatically being created from form inputs will break. You must modify them to use the superglobal arrays like $_POST['varname'] instead of just $varname.

Can I turn register_globals back on?
Yes, you can set register_globals = On in your php.ini file. However, this is a major security risk and strongly discouraged. The better approach is to fix your code.

What is the ob_iconv_handler used for?
It's an output buffer handler that converts character encoding. If your script uses one encoding (like ISO-8859-1) but needs to output another (like UTF-8), this handler automates the conversion.

Is PHP 4.2 a major version jump?
No, it's a point release in the PHP 4 series. The version numbering follows a major.minor[.release] format, so 4.2 is an incremental update from 4.1.x, not a complete overhaul.

Where can I find the full list of changes?
The complete changelog is available on the PHP website. It details all the bug fixes and minor adjustments made for this specific release.

Releases In Branch 4.2

Version	Release date
4.2.3	06 Sep 2002 (23 years ago)
4.2.2	22 Jul 2002 (23 years ago)
4.2.1	13 May 2002 (24 years ago)
4.2.0	22 Apr 2002 (24 years ago)