how to update php

[mike4309]

kaspersky detected vulnerability in my php
Affected products:
PHP versions earlier than 5.4.39
PHP 5.5 versions earlier than 5.5.23
PHP 5.6 versions earlier than 5.6.7

mine is i guess 5.3 bcz it's in c:\program files (x86)\IIS Express\v5.3\php.exe

Solution:
Update to the latest version:  http://php.net/downloads.php

so what am i exactly supposed to do ?
can i remove the 5.3 version and install latest 5.6.8?
how do i remove 5.3. and how do i install 5.6.8 ?  just delete the v5.3 folder and replace it ?
which file from http://php.net/downloads.php do i download ?
or do i download from http://windows.php.net/download#php-5.6   ? also which one ?
i'm on windows 7 using microsoft webmatrix 3 and visual studio express 2013 for web.
 

[Ch0cu3r]

Not a IIS user. But I would assume you should able to download the latest version of PHP and copy the files over to your PHP5.3 installation folder and overwriting any existing files.

• Before doing this first make a copy of your existing PHP5.3 folder
• Download the latest 5.6 Non Thread Safe zipped package from windows.php.net (labelled VC11 x86 Non Thread Safe)
• Stop IIS
• Extract the contents of the zip to your PHP5.3 installation folder
• Restart IIS

PHP should now be updated.

[mike4309]

here
http://stackoverflow.com/questions/7204758/php-thread-safe-and-non-thread-safe-for-windows
the say to use thread safe for iis  and non-thread safe for iis+fast cgi, so i guess i should go thread safe?

also i couldn't find IIS in services so i realized i don't even have IIS turned on (no checkmarks in programs and features-turn windows features on or off) ? should it be on ?

[Ch0cu3r]

I only suggested Non Thread safe as that was what I read from the note on windows.php,net

 

 

Which version do I choose?

 

IIS
If you are using PHP as FastCGI with IIS you should use the Non-Thread Safe (NTS) versions of PHP.

If the non thread safe version does not work then try the thread safe version.

 

 

Also i couldn't find IIS in services so i realized i don't even have IIS turned on (no checkmarks in programs and features-turn windows features on or off) ? should it be on ?

 I only suggested to stop IIS in case Windows complained when you went to overwrite the files that a process was using/reading them.

[mike4309]

it works but there are two files:
php.ini-development
php.ini-production
and i need to rename one of them into php.ini   ,   which one ?
Also a     php-cgi.exe *32    shows up in the processes when i run a php file in webmatrix, but it stays there even after closing Webmatrix. Is that normal ?

[Ch0cu3r]

If you are developing/testing php code then rename php.ini-development to php.ni

 

 

Also a     php-cgi.exe *32    shows up in the processes when i run a php file in webmatrix, but it stays there even after closing Webmatrix. Is that normal ?

Yes php-cgi.exe is most likely being used by IIS. 

[mike4309]

i know, there are also   iisexpress.exe *32   and    iisexpresstray.exe *32   processes   that start when i start webmatrix but they also end when i turn off webmatrix.
php-cgi.exe  doesn't.
is there a way to automatically end it when it's not being used ?

 

and do i also need the debug pack from here

http://windows.php.net/download#php-5.6

?

[mike4309]

does anybody know where do i need to update the path to the php files, because if i change the folders name from

c:\program files (x86)\IIS Express\v5.3

to

c:\program files (x86)\IIS Express\v5.6

php files in webmatrix don't work anymore