I'm running IIS6 on Windows Server 2k3, and currently have PHP installed as a ISAPI module. We're about to upgrade our environment to PHP 5.3.0, and this made me wonder whether I should stick with the ISAPI module or if there was a reason the CGI would be a better fit.
We have one web server for our organization, and do not have to worry about security related to shared hosting; we have several web sites, but they all belong to us.
Is there an advantage to using one method over the other? Is one more secure? Is it simply a matter of preference?
EDIT: PHP 5.3.0 dropped support for ISAPI, so you do need to install it via FastCGI. From the PHP Migration Guide:
Support for the ISAPI module has been dropped. Use the improved FastCGI SAPI module instead.
Best Answer
The Non-Thread-Safe PHP CGI binary for Windows is supposed to give you maximum stability, compatibility and performance as:
However, the performance and stability is susceptible when the CGI binary is used in multi-threaded environments such as IIS. Therefore most people have started using the relatively new FastCGI extension that is available for IIS 5.1/IIS 6.0 as a download and bundled with IIS7.
This guide explains how to install and configure PHP CGI with Microsoft's FastCGI extension.
The second option is to go for PHP ISAPI but be sure to (i) use Thread-Safe builds (ii) use stable and tested extensions -- the PHP ISAPI can otherwise crash and take down IIS as well. A side note is that tread-safety in PHP is like a hand-brake that is always engaged; some even say that it is a myth.Update: PHP ISAPI is not shipped anymore so the question about ISAPI vs. CGI is not a question anymore. FastCGI is recommended.