The general consensus on PHP
-
@ammoQ said:
@Tweenk said:
I think people are hostile towards PHP because it is the first web-oriented language they learn, and they bail out for something they regard "more advanced" before learning how to use PHP well. Therefore, they judge it through their beginner's point of view.
IMO this is not true. You need some experience with other languages to see the deficiencies of PHP.
There I agree.
That PHP is flawed is not wrong. Every language and framework is flawed. There are aspects of PHP -- especially the library -- that I cannot stand. There are others -- speed, simplicity -- that I like.
ASP.NET is equally flawed. My biggest beef with ASP.NET, just like with PHP, is the library. With PHP, the library was built with no guiding principles; people added functions as they saw the need, but failed to follow any standard practice. It's desperately in need of a cleanup. With ASP.NET there *was* a guiding standard that was followed, but it rested on a fatally flawed concept -- the postback. Postbacks are good when you're actually doing a form (i.e. input) that needs validation. They are *not* good for hyperlinks (you should *never* have an HREF attribute that contains javascript!!!). They are *not* good for the tab control. Or for sorting. Or for any of the hundres of other uses that they are put to in the ASP.NET framework library.
Wow, I'm ranting. Just blowing off steam, I guess, since I've been forced to deal with it at work. Sorry!
Anyway, my point is that PHP, as a language/library/framework, is no worse than any other. I prefer C# as a language, but I prefer the PHP way (the *proper* PHP way!) of processing web pages when I do web applications.
-
@Tweenk said:
Use doubleval, intval etc. or C-style casts when you want to be explicit. If it doesn't matter, it doesn't matter!
I chose to use strongly-typed languages wherever I could, saves me the trouble, conversions are explicit and coercion is reduced to very few cases (Int <-> Floats coercion, mainly)
@Tweenk said:$ allows string embedding (looks MUCH cleaner than ".$var1.", ".$var2.", especially when displaying a string with many variable parts, variable variables, and constant / variable separation
Using "$" alone when doing string embedding forbids the embedding of expressions (you can embed values but not function calls for example) as well as strange behaviors and edge-case issues.
And as a matter of fact, it's not required, many other schemes are used and do work e.g. Ruby uses
#{expr}$ irb --simple-prompt >> foo = "whee" => "whee" >> "Test #{foo} bar" => "Test whee bar" >> "Test #{foo.upcase} bar" => "Test WHEE bar" >>Which also shows something interesting: the string embedding syntax and the variable namings are orthogonal, using
@Tweenk said:$as a string-embed construct doesn't mean that you have to use it in the variable's name...C++ also didn't have namespaces for some time, but people were somehow able to manage.
I doubt FORTRAN had namespaces either, I'm not even sure it has them now, but is that really the kind of measuring sticks you want to use? The fact that people were able to manage isn't in any way an excuse not to have them for a language that touts itself as a modern language, especially one born [b]in the second half of the 90s where pretty much every single other language had namespaces[/b].
@Tweenk said:
What do you need anonymous functions and recursion for in a web programming language?
The same reason you use them everywhere else? You may not believe me, but I do heavily rely on anonymous functions and closures in Javacript, and do use some recursion (even though JS is definitely not good at that). Which reasons? More generic code, DRY, higher expressivity, ...
@Tweenk said:Anyway, you can emulate anonymous functions with eval().
Oh god...
@Tweenk said:BTW, dynamically creating anonymous functions borders on self-modifying code
No it doesn't, come back when you've learned about using them.
@Tweenk said:so I don't think it's a good technique to use liberally. It may be useful in some cases, but I'd say it's not the kind of feature you want in a web programming language.
These are typical symptoms of blub programming. Furthermore I'm don't care about what you think, these are the reason why I hate PHP, you may not realize why I consider these important but, frankly, I don't care.
I do find them important enough to despise (or at least have strong feelings against) any language that doesn't have them or a variation of them. And yes this does include Java just in case you were wondering.
@Tweenk said:Somehow the concept that you can use anything as the key aligns netaly with the concept of weak typing, don't you think? If you could use only ints or only strings as keys, now that would a WTF in conjunction with weak typing.
I fail to see the relation here, arrays and maps are fully different construct, a map/hash has keys and an array doesn't (it has indexes at best, and most modern languages try as hard as they can not to use them). Coherent/generic keys on maps are a completely different issue, Python for example does allow you to use any hashable object as a dictionary key (including a function, or a class). This is not an issue of being able to use anything as a key, this is an issue of mixing arrays and hashes. I also strongly object to non-generic keys (even though neither Ruby nor Python, two languages I love dearly, don't have them either...).
But these are irrelevant compared to the much greater issue of randomness:
$ cat > test.php <?php $a = array("1" => "foo", 1 => "bar"); echo $a[1]; echo " "; echo $a["1"]; echo "\n"; print_r($a); ?> ^C $ php test.php bar bar Array ( [1] => bar )You may find that kind of stuff great, I find it utterly retarded.
@Tweenk said:
Auto-escaping? Isn't this magic_quotes you bash in the next point?
Ah no, I badly put it, I was talking about prepared statements and other statements parameters, the stuff that's been introduced in PHP5
@Tweenk said:Anyway, this is relevant only to PHP versions 4 and earlier, which I agree are trash.
Trash that's still used a lot, trash that still makes up most of PHP's tutorial and documentations, and trash which hasn't been removed and doesn't generate as much as a warning when you use them in PHP5 scripts. These kind of stuff is still first-class in PHP5, and it shouldn't be, it should've been move to the trashcan a long time ago.
@Tweenk said:magic_quotes and register_globals allow beginners to create working scripts.
This is not a good enough reason to actually make the language insecure.
@Tweenk said:For beginners, security isn't an issue, because they can't lose much.
Yet it should be, and even if they don't know it no hole should be opened in their apps without them even knowing about it. Plus this was not an issue with beginners (or it wouldn't have finally be turned of by default and scheduled for removal), the biggest issue is that only the experts, which make up a very small fraction of the PHP community, knew about these issues and how to handle them. Everyone else was open to security issues that didn't even come from their code.
@Tweenk said:Nobody forces you to use them, and you can tun them off.
If you know about them, and "insecure by default" is not a default setting I happen to like a lot.
@Tweenk said:Actually, I think that PHP is one of the few languages that scale well with your skills.
What?
@Tweenk said:clean coding is about discipline, and if you lack discipline, a strict language won't help you much.
Sorry about that sir, but you obviously have never used a strict language.
@Tweenk said:You didn't notice mbstring extension, which overloads certain core functions and so works transparently.
This statement of yours is more than debatable.
Want more?
PHP’s character-set support is so bad, I want to scratch my eyes out
Parsing text, HTTP form input, with PHP is incredibly hard to get right. Even if you’ve compiled the mbstring extension and configured PHP to override its string functions (most likely breaking the often-used mail()-function on the way), the character-set support is incredibly bad. I’ll first give you some pointers before I start the head-shaking:
- PHP can supposedly parse XML. It really can’t. It can pattern-match properly structured text files in certain character-sets only used in a small part of the world
- Some security-critical functions in PHP break if used with certain character sets. A list of supported character sets is here, but unfortunately this doesn’t include for example CP850.
Abetting this problem is that many developers, especially beginners with PHP, have absolutely no idea what a character-set really is, so it’s hard to explain the problem. In fact, most of the people teaching courses at the University of Regensburg have no idea what a character-set is. The quote I use most often, comes from the C 101 course that I had to take in 2004: “German Umlaute don’t work in C, so don’t use them”.
If you are one of those people read at least this article by Joel Spolsky and then go to this post by Mark Pilgrim and don’t stop researching the net until you know what it means.
The problem is also supported by the fact that the database most PHP applications are built on (MySQL) has had notoriously bad character-set support up to version 5.0 (the support was phased in in the 4.1 release, but there it only broke lots of Java applications because the standard table collation was Swedish).
While MySQL’s character-set support is not exceptionally bad anymore, it’s still bad!
Interestingly, people with mostly western character-sets never stumble over this problem until their web-application gets so popular that someone from Russia tries to leave a comment in russian (and their forum software suddenly falls apart in that thread). However, people like the makers of ezPublish come from Norway and recognized PHP’s problems right from the start.
Fortunately, these people also try to do something about it. They wrote a completely PHP-based unicode abstraction layer (ezi18n) that extends and can fall back, but does not depend, on the mbstring-extension. In 2004, I met with them on the Systems convention in Munich. They told me that they wanted to contribute ezi18n to the community. As far as I know, that hasn’t happened yet and unfortunately ezi18n also doesn’t seem to be part of the GPL-licensed ezComponents PHP library.
ezPublish is also licensed under the GPL, so you could extract the library and use it, but you’d have to support it yourself, which means applying and testing upstream patches. You also might have a problem with the license. Still, it’s important to know that you don’t have to rely on PHP’s broken built-in functions if you need to do something about them.
Case in point: PHP's support for unicode is perfect until you start using unicode
@Tweenk said:PHP6 will support Unicode internally.
We'll see about that when PHP6 is out shall we?
@Tweenk said:Compared to what? Don't compare it to Java
Python, for starters, and without even using Psyco
@Tweenk said:I have to argee with this, PHP's APIs are no match to Java's JNI
Which says a lot about PHP's api... (there are many much nicer language <=> C APIs or interfaces than JNI)
@Tweenk said:but I'd say that Win32 programming has more WTFs to it
And you're yet again using the "hey there's stuff even worse than PHP out there so it's ok right? right?" defense. Well no it's not, having something even more horrible doesn't make PHP any less horrible.
@Tweenk said:I think people are hostile towards PHP because it is the first web-oriented language they learn, and they bail out for something they regard "more advanced" before learning how to use PHP well. Therefore, they judge it through their beginner's point of view.
No, people are hostile towards PHP because they learned/got experience with other language and can compare, and can therefore realize how braindead and annoying PHP is.
This is definitely not an issue of "beginner's point of view" as most PHP critics have worked with PHP for a long time (or still are doing it) and they've looked everywhere for ways to ease the pain.
It's fine if you like PHP, it's fine that it's your "weapon of choice". But that doesn't make it a good language.
-
PHP is not my "weapon of choice", I wouldn't use interpreted languages at all if it was up to me. About the "beginner point of view", I meant that people are stopping to use PHP after they really learn it, and therefore remain beginner. But that was my impression only perhaps. After some thought I'll have to agree with some of your points (I won't point out which because this is starting to be truly pointless), but that doesn't mean I must therefore stop using PHP.
If I were aiming to write a very big and complicated server-side application, I probably wouldn't use PHP, but rather take some time to learn Java and use Servlets. However, I think this would mean putting up my own server, because Servlets aren't what most hosting providers have.
By "scaling with skill", I meant that you can write working code when you are a beginner, you are able to write better and more secure code when you learn more, and you definitely are able to write good, efficient and secure code when you are advanced (not that it's easy).
Furthermore I'm don't care about what you think, these are the reason why I hate PHP, you may not realize why I consider these important but, frankly, I don't care.
I see I should word my sentences differently, as "not the kind of feature one would want in a web programming language", because I'm not aiming to impose my views on you or preach the superiority of PHP to you. So relax.
-
@Tweenk said:
By "scaling with skill", I meant that you can write working code when you are a beginner, you are able to write better and more secure code when you learn more, and you definitely are able to write good, efficient and secure code when you are advanced (not that it's easy).
Ok, I see what you mean. But the issue I have with that is that other languages scale with skill (Python, for example, and you could do it in Ruby as well), and don't have near as many warts as PHP does.
-
Dang. A good PHP flamewar, and I missed it.
Well, okay. I'm not really disappointed. Missing the argument is better for my mental state.
However, I have been trying to keep a list of known issues with PHP. Many of the items on it were mentioned in this thread, and I even picked up a couple new bullet points.
For anyone interested, the list of PHP problems is on my site. Let me know if anything on it is incorrect.
-
*sigh*
I use PHP daily for my job, and while it certainly has it quirks, and somtimes makes me want to casually bash in my monitor with my keyboard, it does make it possible to create dynamic webpages. Even pretty complex stuff, if you don't mind remember all the diffrent function names, and the order of there parameters. And of course the "common" pitfalls, of which there are hundreds.
I don't know, but i think php as a language is a insult to the profession, however php as a cheap development tool is pretty good. Just hire some cheap just-out-of-school kids, let them learn php in a week, and you've got some cheap labor to make websites. When the kids start to grumble about how much php actually sucks it's time to let them go, because they where getting a tad expensive anyway.
I think it's a good fit though, the implementations of HTML are a mess and so is php. Here in the netherlands PHP is a defacto standard next to asp(.net), java is only used by enterpisey websites and it seems nobody ever heard about python or ruby.
Perhaps i should ask myself, am i getting too expensive?
>/dark gloomy mood<
-
PHP is a piss poor language. I actively avoid 'enterprise' software that uses it because I know, deep down in my heart, that if I deploy it, I will surely be asked to customize something or extend in such a way that I will have to write PHP.
And I just can't do it. I won't. There's plenty of other software out there NOT written in PHP...
For web stuff... perl is okay. Mason is nice. I hear ruby is neato, and python too. And JSPs on top of tomcat or JBoss (so long as it's not WebSphere... *shudder*) is not bad.
I try not to have to make web pages. But I try to do a good job.
You know, I'd probably be okay with ASP.NET and doing web pages in C# if I didn't utterly hate IIS. That and postbacks. The idea is... bad. Using the same framework for web and for applications is a really, really, bad idea. Because they aren't the same thing, and there's a lot of scary, hard to understand code going on behind the scenes to make that illusion a reality.
Such systems are always bound to fuck you when you least expect it; and you can't do anything about it or have to hack together workarounds. I like to avoid that wherever possible.
PHP has such problems. That I have to fucking recompile it to get it to support some feature set is maddening.
-
@stratos said:
it does make it possible to create dynamic webpages. Even pretty complex stuff, if you don't mind remember all the diffrent function names, and the order of there parameters. And of course the "common" pitfalls, of which there are hundreds.
A huge part of the issues is that there are tools that also allow this, more easily, faster, with a more predictable, more secure and more maintainable result.
@stratos said:Just hire some cheap just-out-of-school kids, let them learn php in a week, and you've got some cheap labor to make websites. When the kids start to grumble about how much php actually sucks it's time to let them go, because they where getting a tad expensive anyway.
You do that, and you get a website/webapp with more holes than Emmental cheese
@stratos said:the implementations of HTML are a mess
Excuse me but wtfareyousaying here?
-
@masklinn said:
@stratos said:
it does make it possible to create dynamic webpages. Even pretty complex stuff, if you don't mind remember all the diffrent function names, and the order of there parameters. And of course the "common" pitfalls, of which there are hundreds.
A huge part of the issues is that there are tools that also allow this, more easily, faster, with a more predictable, more secure and more maintainable result.
Never said it was the best tool for the job, i'm just saying that it is possible to do.
@stratos said:
Just hire some cheap just-out-of-school kids, let them learn php in a week, and you've got some cheap labor to make websites. When the kids start to grumble about how much php actually sucks it's time to let them go, because they where getting a tad expensive anyway.
You do that, and you get a website/webapp with more holes than Emmental cheese
yes, that's correct.
@stratos said:
the implementations of HTML are a mess
Excuse me but wtfareyousaying here?
I'm saying that the implementation of HTML of the various browsers are a bit messy.
Of course HTML itself doesn't go scott free either, since HTML 2 and 3 where basically HTML 1 plus what netscape&IE invented and some more.
But HTML 4 was ok i guess, and xhtml will hopefully clean up a lot.But what i'm talking about are mostly the mistakes diffrent broswers made in there implementation of the rules described by HTML.
For instance how IE implemented the box model wrongly by adding the border and padding to the width of the box. (although strictly speaking it's a css bug, but whatever)
-
@Ice^^Heat said:
Then its time to think about something new right?? The revolution starts here!
I better start reading cyberpunk!
There ARE many really interesting projects going on. (XHTML 2.0, RDF, microformats, WIDEX to name only a few). The W3C itself seems to pump out new standards like crazy. And I'd really love if those would establish themself some time but I have that eery feeling that many will go the same way as apparently apache 2.0 (and RDF):
The shiny new standards will be there and everyone will agree that "in theory", "in an ideal world", etc they'd make everything better. However, no one will take the risk of actually using them because they'd lose compatibillity with the old buggy and messy but "established" technologies - and with this actually prevent them from ever being established.
I mean, it's the same way with IE. Even in 2007 it has lots of obnoxious quirks. But because it's still the no.1 browser on the market. Hence web developers need to "code around it" and other people that don't think much about copatibillity and the like even still happily exploit non-standard behavoir. And, well, so since everything seems to work, there is of course no urgent reason for Microsoft to actually fix the quirks. On the contrary even, making it more standard compatible might [i]break[/i] dozends of sites relieing on those quirks.
Ok, this is maybe a bit too pessimistic but from what I've seen so far it really looks like some kind of vicious circle to me...
Also, finally, please forgive that offtopic rant... I guess I had to blow off some steam ... *goes in the corner*
