PHP: Does PEAR really INSTALL, or does it simply download and unpack a library of PHP code?

Background: Hi, I'm using PHP 5.3 on a Windows 7 machine as a part of the WAMP server package. I've been trying to get my PHP code to send a verification email to newly registered users, but I've stumbled upon a problem that is the mail()-function. As you probably know, the mail()-function is really basic, and doesn't use SMTP Authentication. Since I'm only using this platform while developing my web application, and don't know where it'll run in the end, I should probably prepare for having to use SMTP Authentication.

The problem: After a few Google searches it seems like the only widely used method is PEAR's Mail package. Now, I don't know if I'm stupid or if it really has to do with the language barrier (English isn't my mothern tongue), but even after being on PEAR's website and reading about what it is, I still don't understand it completely. So, there is this PEAR Package Manager which "installs" whatever PEAR package y开发者_如何学Pythonou want, right? How exactly does it do that? Is it simply extracting PHP code into some folder, for me to include later in my .php files? Does it alter any default PHP stuff (like functions) that I should be aware of? I mean, if I never include any PEAR libraries in my code, will the code run like PEAR would never have been "installed"? If not, is there any significant performance issues I should be aware of (like a default PHP function taking longer to execute now that PEAR is installed)? What about vulnerabilities for some kind of injection (like SQL Injection)?

PEAR is a number of things, and in the context of your question you seem to be asking about both the PEAR installer (which you are calling the PEAR Package Manager) and PEAR packages (libraries). The installer downloads the compressed packages from whichever channel is specified (by default it installs from the pear.php.net channel) and extracts them into a directory that is typically referenced in your include path. When it does this it also takes interdependencies into account. For large or complex packages which might have a number of dependencies it certainly makes sense to use it rather than downloading and unpacking packages manually.

It doesn't alter anything, so if you don't include anything from PEAR there's no impact whatsoever. There are packages which can be used to guard against certain types of vulnerabilities; MDB2 can be used to protect against SQL Injections for example. The mail package checks that out-going emails aren't sent to addresses that are invalid, so you might consider that another type of safe-guard. There are also a number of validation packages available that you could use to check input data - that a given phone number is valid in a specified country for example.

Of course, if you do find a problem with any of these you are more than welcome to file a bug report or a feature request.

PEAR "installs" just download and extract the PHP code to a directory in the include path.

PECL on the other hand downloads, compiles and delivers the executable extension.

On a sidenote, you probably don't want to use PEAR Mail, SwiftMailer is regarded as the best ATM.