Slashdot Mirror
PHP5 Co-Creator Interview
mandozcode writes "I came across an interesting interview with PHP co-creator Zeev Suraski at Open Enterprise Trends on the latest upgrades for PHP5's First Release Candidate (just released a week or so ago). Sounds like lots of improvements to help make it in the enterprise, including better bundled support for SQLlite and XML. Also encouraging, looks like Zend is getting more millions in VC investment."
Since its inception, PHP has gone from a simple website templating language and form processing tool, to a semi-OO scripting language hacked onto a bunch of C extensions, and now they expect to become a fully OO, enterprise-ready language?
Scary.
To write web applications properly and efficiently, you need a framework to support you. You do NOT want to be reinventing the wheel. Have you noticed the massive proliferation of database abstraction layers, incompatible form processing libraries, etc. etc. all written in PHP for PHP developers? Libraries of code written in a templating language! Eep. Every reasonably experienced PHP developer has probably tried to create an application framework at some point - if people keep seeing the need for one, it's a good bet PHP needs to supply one. No, PEAR is not an application development framework.
And what is it with all those PHP developers who seem to think a "class" is another term for "static function library"? The concept of using object types is foreign to thse people - they'd rather make huge monster arrays.
Just because the "I Can Use A Database So I Must Be A Web Developer" crowd thinks every web app could and should be written in PHP does NOT mean that that's actually the case.
PHP downright _encourages_ beginners to embed application-logic in HTML pages. I've been through a rewrite of an absolutely MASSIVE PHP site, and it was a year-long affair for five developers. The old site had become impossible to maintain. Talk about a waste of resources.
When PHP adopts a *standard* way of separating content logic from application logic, and enforces that split (kind of the way JSP pages work with servlets), then _maybe_ there will be some hope for it in the enterprise. Until then, Java will continue to dominate. I find it funny that Java interaction is such a high priority for PHP - if Java's installed on a company's hardware, a developer's natural reaction would be to use Java, not write something in some other language.
Eh, this is really outside the scope of PHP to fix; it's something for CGI suexec, FastCGI, Apache's perchild MPM, or some other higher level system for web based scripting to deal with.
If you don't want to take PHP seriously, do so because of it's instability (and poor release engineering), it's lack of speed (which has been partially fixed several times, but hey; Zend need to make their money!), the complete mess it's extensions are in, the inflexibility of the language (again, partially dealt with in Zend 2, but still a world away from some other dynamic languages, with lots held back by the extreme bittersweetness of backwards compatibility, which seems to break a lot anyway), the userbase mostly consisting of programming newbies, the ever-bickering devteam, or any of a thousand other issues you can pick on PHP about.
But hey, I still use it. Doesn't mean I have to like it.
You don't need a "templating engine" to gain that separation. You need a standard, well understood way of organizing your PHP application, and some libraries of code to support that method of organization - that is, you need an application framework. And PHP sorely needs a *standard* one. It may not be the language developers's job to create it, but it would certainly boost PHP's image if they did - imagine the flood of nice, interoperable applications that would emerge!
CPAN is not a framework, it's a massive library of code libraries, same as PEAR on the PHP side. Code libraries are good, but they don't define a way of structuring your application.
Perhaps one of those frameworks you mention will become a standard, but as long as they implement 'templating languages' I'm not going to hold my breath. PHP may be going in the right direction with the new stuff in Zend 2, but it's still way off the mark for serious webapp development.
I can't take PHP seriously for one reason alone: No built in suid mechanism.
. ht ml
You gotta be kidding, right? I mean this isn't even a concern if you aren't running in a shared hosting environment. Seems a bit premature to toss out an entire programming language that could potentially be beneficial because you don't agree with how it's implemented in one particular situation.
That said, it is entirely possible to get PHP working w/Apache suExec and to automatically have it execute php scripts as the User/Group specified in an Apache VirtualHost block.
http://www.localhost.nl/patches/phpsuexec_howto
And how are you going to comprimise the scripts? With good implementation none of the user input data is trusted anyways. PHP is sandboxed and will not allow any scripts outside of a particular directory to execute, and on our systems that directory is on read only media to begin with, SO i suppose yes if you break into the colo facilities manage to find my clusters amongst the racks and change out the storage arrays then I am in trouble otherwise I simply don't see it. Obviously I am not going to disclose details of the system in an open forum other than to say it is built fully from open source, and rivals teh largest listed databases in size and to this day has yet to have a breach. Of course it helps that we are always working to improve it and keep things patched too :) )
You don't like PHP thats fine and dandy. In fact its good because thats why we have a number of diverse languages. However there is no good reason to make such broad sweeping statements, especially when you aren't willing to go on the record as to who you are. I could say things like all windows products suck, but that simply is not true (yes I still like NT3.5x and NT 4 but yu have to know how and where to use them I will stick with my BSD boxes for anything needeing to actually be used). I could say all open source applications are used by terrorists, which would be nearly as silly.
Bad Panda! No Bamboo for you! In matters of importance ACs will not be responded to. Want to say something critical,OK
Ahhh... the search for the "perfect" language continues.
No one language is going to work for everyone. Is PHP the most secure language? Definitely not. Is it one of the easiest to learn languages? Yes.
Hind-sight is 20/20. I am sure that way back when PHP was created, had they known that such a ginormous percentage of websites on the Internet would be using it they might have done things differently. Who knows...
PHP is so popular because it is easy to learn, supported by a massive, massive user base, and is developed rapidly in response to user requests for new features. Is PHP an enterprise language? That is a hot topic of debate.
Some people would argue that Perl is an enterprise language, and that started out as a tool for system admins to make managing *nix servers easier. PHP started out as a tool to make developing dynamic websites easier.
It would be hard to argue against PHP being an extremely powerful language for developing websites. As site developers demand more and more from the language, and build bigger and bigger apps I think it will grow and morph to meet those challenges.
I don't think PHP is going anywhere anytime soon, and I think its only going to improve as more people jump in and help improve it.
Having a bookmark to Google does not make you an expert on everything.