Slashdot Mirror

Firstly:

> I'm planning on using the Zend Framework

I understand the Zend Framework is not so much a framework as a tight collection of helper tools. If you want a framework, as in, framework, you'll probably want to look into CakePHP. Symfony is more powerful, but also kind of more complicated. (And declaring my models in XML makes my skin crawl -- but it's just me.)

Secondly:

> Would it be worth my time to learn Python and then do the project in Django?

Short answer: If you know PHP really well and it works for you, it'll be less work (and less risk) to just keep using PHP.

Long answer: If you're a fast learner, and intend to keep using Django afterwards so the overhead of learning it is worth it, then I'd say, absolutely. If I were in your shoes, I believe I would probably create a small functional site in Django in my spare time -- it doesn't take very long at all to get a blog with comments up and running, for instance -- and see how it flies with me. I understand learning Python and Django hand in hand works very fine, although I can't personally comment on that, having been into Python for many years.

If you go the Django road, you'll probably find these resources handy:

The Django community aggregator is at http://www.djangoproject.com/community/ and has many good posts with great insight on how to get the best out of your new Django toy.

The Django Snippets site at http://www.djangosnippets.org/ is a great catalog of small, useful bits of code. I read it in my RSS aggregator, personally.

And of course, there's the #django IRC channel, and the various mailing-lists.

Enjoy exploring Django! I've been following it for a few months already and still don't hate it, and for an old bitter bastard like me, that's the biggest praise.

After a loooong time, 1.0 Alpha was just released.

• An object-relational mapper so you don't have to write SQL. But you can still use SQL if needed;
• Automatic admin interfaces. You never need to write another stinkin' admin interface again.
• It's own template language. Althouh, you can use any other template language you want.
• Support for memcached caches is built-in.
• Built in support for i18n and l10n.

Oh, yeah. And building Django apps is FAST.

What's django?

I'm sure this'll upset someone, but it's rails for python. Django Project Homepage

It's pretty neat and in a couple of evenings reading and experimenting you'll have figured most of it out (even if you're new to python).

I've used it for a few personal projects, but not at work yet so I don't have any experience with it on larger projects. Still, it's pretty neat to get something done quickly.

Once you've gotten past the whitespace thing in Python you'll slap your forehead and say why didn't I use this language before? I do my development in Django and I am far more productive in it than in other web development applications. If you need to work in Java there's Jython. If you need to work in .NET there's IronPython.

There are a lot of other cool Python web technologies out there as well:TurboGears, WSGI, Plone, Zope, Twisted.

What major company hired Guido van Rossum, BDFL? What major company rolled out GoogleAppEngine (based on Django)? Ruby's pretty hot right now but so is Python.

CakePHP Framework (supports PHP5 & PHP4), Version 1.2 Stable due any time soon.
Symfony. PHP 5 Meta Framework using Propel and other layer components. The accompaning book (free PDF, buyable dead-tree) is a very good documentation.
Prado. Event-Oriented PHP 5 Framework. Very interesting.
Code Igniter. Lightweight PHP Framework for smaller stuff. Neat website.

Django. Python Framework.
TurboGears. Python Meta Framework using some 3rd Party stuff like Templating layers and such.
Zope Web Application Server. To date unmatched. What Rails wants to be when it grows up.

Just as one data point: here at SnapLogic, our product is open source. Myself and the other engineers are paid to work on GPLed software full time.

It's not just our core product. I'm responsible for the QA infrastructure, and in that role I've been able to contribute code to other projects we use: Django, Trac (one two three), Figleaf, and Buildbot (one two three four).

That's just what I have done personally, not to mention the other engineers. And it's not just something we do on the side - the company's upper management actively encourages us to contribute code back.

So in our particular case, just day to day operations intrisically seems to benefit the open source commmunity as a side effect. At least from my perspective (and by the way, I don't speak for SnapLogic). If something dramatic happened and we had to shut down, that would obviously stop.

[Holy cow, I'm being paid to write free software in my favorite language. Pinch me.]

There are those of us out there that know how to code PHP in a sane, clear, and secure way. Unfortunately, I have to admit that there are a lot more that don't. I think one of the things you can do is to look for those that have languages like C++ and Java on their CV as well, and also for those that have a portfolio of code to review when they apply for a job. When you actually see the code, it's easy to separate the fly-by-night guys from the actual educated, experienced programmers out there.

By the way, on a somewhat unrelated note, we're using Django for our new web game, and it's both interesting and easy to code, while still (rigorously) maintaining good coding practices. So I think there's also something to be said for those who work with frameworks like CakePHP, Rails, and Django, as those tend to both be object-oriented and to promote good coding practices.

As I've said before, I think PHP can and should be used well; there are just a lot of ways it can be used poorly.

This breaks my brain, even for the normally stereotypically slow, stereotypically technology-shy government (though I will say that a lot of the Government of Canada sites work surprisingly well in my experience).

SQL queries IN THE QUERY STRING. Someone reading their FIRST BOOK on web development would know not to do that! And now God help the people who have been affected by this: try proving to the government that you're not a sexual offender when you're already on their list.

SQL injections. Learn them. Learn how to mitigate them (a PHP-specific example, but there are similar mitigation techniques for other languages). And I mean, hell, in a site like this (and especially with programmers apparently this bad), stored procedures might be the thing to implement. Or even better, use a framework like CakePHP, Rails, or Django with this sort of sanitation built into the queries it generates.

Ugh. I hope someone gets fired for this. I bet, though, that in reality this was programmed by the lowest bidder.

I agree. I ran through the getting started pages and didn't see anything better than http://www.zope.org/ or http://www.djangoproject.com/ (competing python web application stacks).

So, the downside is learning a new application stack and the upside is free hosting for now. This sounds like it is targeting college students who can't afford the quite minimal ISP hosting costs currently available in the market. I can't see building a business around this for the same reason that SaaS has not predominated for mission critical systems.

They make a lot of "scalability for free" claims. If true, then that might make their offering more compelling. What's that old adage? Fantastic claims require fantastic proof. I look forward to seeing where this will go but am weary at "betting the farm" on it at this point in time.

I'm using PHP for my day-to-day work and deal a lot with Ruby fanboys, but I have to say that Python has a special place in my heart.
Here are the upsides (and some things that make Python exceptional) in my book:

1.) Very much like PHP and Perl, Python lacks the academic stench and has a general overall non-challance and n00by friendlyness to it. Things that *really* bug me about C and Java. And a smell that Ruby is gaining due to all the Java people brining their old bad habbits over to ruby.

2.) It's elegant and has a very neat and clean syntax, lacking the bizar and intimidating curly braces and semi-colons strewn all about in classics such as Java or JS. Or PHP for that matter.

3.) Indentation as block delimiter. The most ridiculed thing about Python (ridiculed by people who've never used Python) is acutally one of it's neatest features. Keeps code clean, minimal, human-readably and it's style in sync across many developers. Great for collaboration. And let's not forget that famous Donald Knuth quote: "We will perhaps eventually be writing only small modules which are identified by name as they are used to build larger ones, so that devices like indentation, rather than delimiters, might become feasible for expressing local structure in the source language." ... He said it best back in '74, nothing to add here.

4.) Python is used in serious non-trivial areas and applications in every field I can think of. Gaming, Multimedia/3D, Science, Large Scale HPC (Google f.i.), Embeded and, last but not least, sophisticated web applications. It apparently integrates very well as a scripting language, judging from the countless applications that use it as their choice of script and it also drives large non-trivial applications as core technology. (Googles Deployment Pipeline or, f.e. Blender)

5.) It's the foundation for the most sophisticated web kit to date: Zope. Zope is way ahead of anything in the Rails ballpark (or any other Web-FW), and it's only due to crappy project marketing on Zope's side that it didn't get as much attention in 2001 as Rails did since 2004. Until the MVC+SQL layering crowd catches up with Zope it will be another few years, until then it will remain the bar for any programmers who've ever come across it. (Like many PHP Framework & CMS developers I know)

6.) It's got a regular Webkit called 'Django' (drinking buddies of the Rails crew) which is quite popular and in itself makes me curious enough to want to pick up Python again.

Bottom line:
If you're looking to learn a new PL, give Python a try. And even if you despise that indentation thing I recommend you try coding in it for 20 minutes. You'll notice that it doesn't bother you at all, since programmers who are experienced enough to worry about that indent correctly all the time anyway.

Pure python isn't the best for web dev, but the Django framework is great stuff. Powerful, clean, versatile, and exceptionally well documented.

Python/Django. Beautiful, powerful web development.

You have to be careful, though, not to miss newly-developed cost-cutting/quality-improving technology (e.g. Pylons and Django, neither of which existed in any useful capacity more than 3 years ago) or your competitors will eat your lunch.

Frameworks can't be written successfully in a baby language like PHP, Python frameworks aren't gonna magically appear.

> For example, PSF should start campaigning so that web hosting providers support Python out of the box
Take your poison: mod_python, django, turbogears (and probably a few others that I haven't heard of).

Considering that the former hasn't really gained much steam, and the latter two are relatively new players (see http://www.djangoproject.com/weblog/2006/aug/07/guidointerview/ , was only a little more than a year ago), fragmented into two (or more) communities, I can't see web hosting providers would have scrambled to add support for python.

Having more hosting support for Python would be nice, but actually doing it would be much more fuss than simply installing PHP with a single command on the hosting server. I've written non-trivial things on django, I love its simplicity, but if I were to make decisions for a hosting company I wouldn't be hosting python for those There needs to be a major effort in making it easier to install, get started with, and deploy Python
I can't imagine how it could be made significantly easier. And considering, say, Java's success (in the corporate world), I think ease of installation/deployment is not a really deciding factor...

> Why do you think PHP, despite it's obvious drawbacks, is so popular?
Because it's "easy to learn", and allows you to add a XSS/SQL code injection hole to your site within 5 minutes. Makes the kiddies feel 1337.

What about django ? It is bettart ! This allows python fan mods to give me mod points, do fast.

I would pick Django. Scales better than most interpreted languages, and offers the chance to write more maintainable code than PHP.

Oh, and be aware, the Django documentation online is for their SVN version!

Well, you can start the tutorial here for the SVN version, or you can read the big warning at the top of the page which links to documentation for the various releases, and find:

• The tutorial for Django 0.96
• The tutorial for Django 0.95
• The tutorial for Django 0.91
• The tutorial for Django 0.90

So long as you can read large text at the top of every page, and click clearly-offered links, you can read the documentation for dev version, or for any stable release we've ever done.

Oh, and be aware, the Django documentation online is for their SVN version!

Well, you can start the tutorial here for the SVN version, or you can read the big warning at the top of the page which links to documentation for the various releases, and find:

• The tutorial for Django 0.96
• The tutorial for Django 0.95
• The tutorial for Django 0.91
• The tutorial for Django 0.90

So long as you can read large text at the top of every page, and click clearly-offered links, you can read the documentation for dev version, or for any stable release we've ever done.

Oh, and be aware, the Django documentation online is for their SVN version!

Well, you can start the tutorial here for the SVN version, or you can read the big warning at the top of the page which links to documentation for the various releases, and find:

• The tutorial for Django 0.96
• The tutorial for Django 0.95
• The tutorial for Django 0.91
• The tutorial for Django 0.90

So long as you can read large text at the top of every page, and click clearly-offered links, you can read the documentation for dev version, or for any stable release we've ever done.

Oh, and be aware, the Django documentation online is for their SVN version!

Well, you can start the tutorial here for the SVN version, or you can read the big warning at the top of the page which links to documentation for the various releases, and find:

• The tutorial for Django 0.96
• The tutorial for Django 0.95
• The tutorial for Django 0.91
• The tutorial for Django 0.90

So long as you can read large text at the top of every page, and click clearly-offered links, you can read the documentation for dev version, or for any stable release we've ever done.

How about using Python and Django? Python is a much cleaner language than both PHP and Ruby, and Django makes it a joy to build web-sites.

I've been lead developer of a large enterprise system written in PHP for the last few years, and grown increasingly frustrated with just how ugly PHP is. Object-orientation has been tacked on as an after-thought (almost all of the API is procedural, without using exceptions for error-handling), the API is messy and inconsistent, it's somewhat inefficient (has to parse all the code for each request, unless you use an opcode cache), and the syntax is just plain ugly when compared to Python.

Never tried Ruby on Rails, but you should at least give Django a spin before deciding.

Given complete freedom, my choice is Django: http://www.djangoproject.com/

Check out the tutorial, and you'll know why: http://www.djangoproject.com/documentation/tutoria l01/

Given complete freedom, my choice is Django: http://www.djangoproject.com/

Check out the tutorial, and you'll know why: http://www.djangoproject.com/documentation/tutoria l01/

Django anyone ?

Exactly. If you're using Python, you're not allowed to complain about SQL because there are good alternatives. Besides Alchemy, Django has a very nice object mapper of its own. Both of those have progressed to the point that writing raw SQL is simple unnecessary for almost any application development.

If you're interested in Python Web development, you'll find a host of network and Web specific frameworks. I suggest checking out Twisted, Zope, Plone, and Django for examples. You may also find some other goodies when you explore the Python Cheese Shop.

Of course, no mention of Python can pass by without someone bringing up Ruby on Rails, so I'll just do that right now. :) However, I have no experience with it whatsoever, so I'll withhold any opinion.

Like Python with TurboGears or Django?

Zope. - What Rails wants to be when it grows up.

Also be sure to check out Plone, Symfony, Django, CakePHP, Prado and Turbogears before you blindly join the overhyped Rails bandwagon.

This has been old news for years, there are much bigger and more real problems out there in commercial sites. Before I worry about CSRF, I'd far rather people sorted out SQL injection and XSS which are ridiculously common. If a site is (reasonably) secure (something I rarely see) then modern frameworks like django already provide tools that eliminate this issue see http://www.djangoproject.com/documentation/csrf/

the real reason I don't use python is I have never seen any real major advantage in using it over Perl/PHP/Java

As a good start, i recommend Django. It's a nice framework that takes care of a lot for you, but still lets you write Python. They have a few tutorials as well as a good community and an ongoing project, The Django Book. I transitioned directly from PHP to Python without any books. Most coding forms transition directly over to Python. As you learn more Python, you'll find shortcuts, e.g., the list constructs and lambda functions.

I also recommend reading over PEP 0008, the "standard" coding structure for the Python core libraries. It may seem restrictive limiting yourself to 79 character columns, but you get used to being able to read your code very quickly, especially if you come from PHP or Perl. (Tip: USE SPACES FROM THE START! You'll thank me later.) I can't underestimate the awesomeness of the interactive Python shell, either, especially for beginners.

There are also other platforms out there, Turbogears and Pylons being two notable ones. I think the Django documentation is a bit better, though.

You may also look up Web.py, which is as close to "drop and run" PHP as you'll get without going to pure CGI.

Python takes a little more care to set up at the server level, and you won't find may $1 hosts that support it.

...isn't it interesting the lines that are most common?

I can tell that you're coding in C++ because of the private/public and the }/}; (that inconsistency has always bothered me: is it a statement or not?).

I ran this* on the Python files of the Django project, and got some interesting results:

11185:
2314: """
1205: else:
1063: try:
288: pass
269: ...
235: Traceback (most recent call last):
226: from django.conf import settings
185: }
164: )
148: def __str__(self):

Interesting comments:

• Yes, that's right, 11,185 empty lines. We programmers sure like our whitespace.
• """ is the delimiter for Python-friendly documentation. (Think javadocs.) If they documented each method and class, you could grep for def and class and get an estimate of how documented the project is.
• pass basically marks an abstract/unimplemented method. I'm running straight from Subversion, so that may have something to do with it.
• While Python doesn't use {} for methods, it does use them for dictionaries. The convention for multi-line dictionaries is to have the closing bracket on its own line.
• __str__(self) is Python's analog to Java's toString or Ruby's to_s.

Interesting stuff. I wonder what it would look like in Haskell, or Lisp...

* I wrote a modified version in Python that walked the directory tree and stripped lines of whitespace, otherwise it was pretty much the same: Simple statistics. Yes, I know it's somewhat messy. I tried to clean it up a bit before putting it up. A few simple modifications would make it work with any extension.

Python. I had used Python for a while for shell/cron scripts, so it made for an easy transition. Specifically using the Django framework.

Note that I did try Ruby for a while, and it was fun, but felt like too much magic. Python's syntax is a little more expressive and more closely matches natural English.

The biggest attractions were automatic disk-based script compiling (there are PHP cachers and such that do this, but Python does it natively) and module separation (namespaces). One of my biggest gripes about PHP was that everything was in the same namespace, and not everything was consistent (substr vs. str_replace, note the position of "str" and the varied use of "_"). In Python, you can easily split into multiple named modules, for instance, if I have a "date" module with "class date" in it, I can import the default date-handlers as "from datetime import date as pythondate". This also means that if I never do anything with date handling, my Python code never has to load the information for it -- unlike PHP, where you have access to everything in every process whether you need it or not.

Performance-wise, I think they are roughly the same in the hands of a capable developer. I'd wager PHP might be faster for smaller scripts, but once you get into the large application realm, the difference approaches nil.

If you're going to mention Web Python Frameworks, don't forget Django. Honestly they are all really good choices (Pylons, TG, Django, etc). I know you mention it in your "why py?" post, well, assuming it's the same post I read a few months back. :)

A framework forces everyone to "stay in bounds."

Django doesn't use SQLObject. You can, as a programmer, use it of course, since everything in Django is nicely decoupled, but Django uses it's own ORM. The main advantage of using this ORM is of course the production ready administration interface that you get for free, but if you don't need that, there is nothing stoping you from using SQLObject or even better, SQLAlchemy. In fact, there is even a branch in Django to have SQLAlchemy support in the framework.

Using a different ORM, template engine, etc in Django is just a import statement away.

Django doesn't use SQLObject. You can, as a programmer, use it of course, since everything in Django is nicely decoupled, but Django uses it's own ORM. The main advantage of using this ORM is of course the production ready administration interface that you get for free, but if you don't need that, there is nothing stoping you from using SQLObject or even better, SQLAlchemy. In fact, there is even a branch in Django to have SQLAlchemy support in the framework.

Using a different ORM, template engine, etc in Django is just a import statement away.

Django doesn't use SQLObject. You can, as a programmer, use it of course, since everything in Django is nicely decoupled, but Django uses it's own ORM. The main advantage of using this ORM is of course the production ready administration interface that you get for free, but if you don't need that, there is nothing stoping you from using SQLObject or even better, SQLAlchemy. In fact, there is even a branch in Django to have SQLAlchemy support in the framework.

Using a different ORM, template engine, etc in Django is just a import statement away.

It's not trivial to just install "mod" modules to get Rails and Django to work

and you have to own root permissions to do that.

I'd sure love to see the folks who are writing the Django book drop whatever chapter they are writing and move on to the deployment chapter.

Since I'm already familiar with Python and use it on a daily basis, my experience with Ruby has been pretty limited. This puts Ruby on Rails just out of my reach for a new project.

Thankfully, there's I guess what you'd call a rough equivalent, Django which is the first framework I've ever used that hasn't frustrated the hell out of me.

You've got no excuses left, check it out.

The Django web framework added support for 'google sitemaps' over a month ago. Google anounced the details of sitemaps over 3 months ago. Django Sitemaps: http://www.djangoproject.com/documentation/sitemap s/

django and turbogears both run fine on apache1 too. or on lighttpd... or basically anywhere where there is fastcgi or scgi:

http://code.djangoproject.com/wiki/ServerArrangeme nts

http://docs.turbogears.org/1.0#deployment

generally speaking, when you want to run a python web-application, you want to avoid to have to reload the whole application by every request.
because of this, CGI is not suitable, but there are many other ways:

- scgi
- fastcgi
- mod_python
- standalone python http servers (afaik turbogears and zope do this)

(of course, it's still true, that it's easier to find php-hosting than python hosting)

What I'd like to know is if anyone here has used django, a python framework. I myself am not a fan of any frameworks for web development (I value full control of everything), but I was wondering what you guys thought of the framework as some of my colleagues at work seem to talk it up a bit. What about coldfusion? I like neither, I'm a PHP man.

OK, mildly funny, but do we have to take sides?

Tell you what. The other day I was on #rubyonrails at irc.freenode.net, and I (bravely) stated I didn't get why wouldn't they code the framework's website using it. OR, at least, using Ruby on FastCGI.

The answer I got was "Because RoR isn't supposed to be used to make brochures". That kind of annoyed me, as it not only sounded arrogant, but coming from a channel operator which ALSO happens to be one of the core developers (not mentioning the nick here), I found that to be even more stupid than if a "regular" user said so. I told him "well, it CAN be used for that, you don't even need ActiveRecord in that case ... it would be nice to show people that there's real websites out there using it ... the more the better". His reply was simply "We're past the point of having to prove anything".

If I wasn't too much into Rails (and Ruby, but that IS a different story) already, that would have been the day I would stop using it and start dedicating 30 minutes every day to tell the world how they can be idiots. He's clearly the sort that refuses to get what people hint at him. Like there's no equivalent (I'll dare to say better) around, that is at the very least more suitable for real world projects, and not your own blog with 10 hits a day from your friends.

If you're like me and you love Rails without the stupidities, check this guy's blog. He gives some nice tips on performance and smarter coding in Rails (there's some presentations there for downloading who are definitely worth the time). And take your time to really get into Ruby. That will allow you to see through the pile of BS that's suggested around as "good Rails code practices".

Nope. $LOAD_PATH contains the directories Ruby searches for libraries (@INC in perl, I don't know the equivalent in Python).

sys.path in Python, which is initialized from the environment variable PYTHONPATH.

It's doubtful Rails would have a '../../etc/passwd' type bug since very few of the urls have any direct correspondence to the filesystem. (e.g. mail/send/1 executes the send method of an instance of the MailController class).

But... the default setup for Rails (or at least, last time I played with it) is to map /controller/action/-style URLs for you, so if you managed to upload a Ruby file which just happens to contain your malicious subclass of ActionController, well, you'd pretty much own the site.

This is why I don't like automatic URL mapping; only the URLs I've explicitly laid out should ever respond, and only the code I've explicitly pointed them to should ever be executed. I know Rails has other ways of mapping your URLs, but I don't know off the top of my head if you can disable the default controller-name/action-name mapping; even scarier is that a number of other frameworks have emulated that.

(Disclaimer: I work for the company which developed Django, and am an active user of and contributor to it)