Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP5 Co-Creator Interview

Posted by timothy on from the are-you-going-to-disneyland dept.

mandozcode writes "I came across an interesting interview with PHP co-creator Zeev Suraski at Open Enterprise Trends on the latest upgrades for PHP5's First Release Candidate (just released a week or so ago). Sounds like lots of improvements to help make it in the enterprise, including better bundled support for SQLlite and XML. Also encouraging, looks like Zend is getting more millions in VC investment."

5 of 53 comments (clear)

  1. PHP's broken security model by Mr.+Darl+McBride · · Score: 3, Interesting
    I can't take PHP seriously for one reason alone: No built in suid mechanism.

    If you enable PHP on your apache server, all PHP runs as the same user. That means any files writable by one PHP script are writable by all PHP scripts. There's no such thing as a secure apache PHP installation unless you run in feature limited mode which breaks virtually all PHP scripts and makes it unusable for most tasks.

    Until PHP adds suid so PHP runs as the user owning the script, it's a no-go. Run in high security mode it's usable as a toy at best, or run in default mode, it's a security nightmare.

    I've spoken with the PHP developers about this at several conferences. Their solution is that you have each user run their own copy of apache or have each user create their own PHP installation and run everything as CGI, launching the local PHP copy. I'm sorry, but that's insane.

    I don't give a lick about new features if you can't get the foundation fixed. Take care of the wet sand base before you up the supported database count or make grand announcements about clever new scripting keywords.

  2. Re:Php in the enterprise? Scary thought. by wan-fu · · Score: 4, Interesting

    I do agree that all too often applications are rammed into PHP without too much forethought; however, I think PHP is already going in the right direction for enterprise level development. The object orientedness of the language is much improved since PHP3. They have the Smarty template engine which does a fairly good job of separating presentation from application. People should be encouraged to use it and I think as PHP apps get bigger, people will begin to realize the advantage to separating design logic from application logic. Most importantly, there are a variety of third-party developers creating frameworks such as the Horde framework or Blueshoes framework (I no affiliation with either). And that's great that there are such frameworks. It's not the job of the language developer to create the framework imho (e.g. CPAN does a great job supplementing Perl)

  3. Re:Bunch of Perl haters by sumbry · · Score: 2, Interesting

    I mean, let's get serious, Perl allows GUI apps with Tk, writing your own custom servers, parsing local files via command prompt and what not

    PHP GTK - http://gtk.php.net/
    Sockets for PHP - http://php.net/manual/sv/ref.sockets.php
    PHP Process Control Functions (fork, etc) - http://php.net/manual/en/ref.pcntl.php
    PHP Functions to Parse Conf/Ini Files - http://php.net/manual/en/function.parse-ini-file.p hp

    PHP also builds a CLI (command line interface) everytime you compile it enabling you to do perl style #/usr/bin/php and writing command line scripts (even full argc/argv support).

    I'm a PHP developer - I do not think "Perl sucks" but I do think developing web applications on PHP is quicker and easier (for me) than in Perl, especially since I'm a native C coder.

    To each is own.

  4. I write web apps efficiently... by Phil+John · · Score: 2, Interesting

    ...using n-tiered when it suits the domain (just finished a rather tasty J2EE system for a large client). Even a fairly complicated e-commerce engine can be done quickly and efficiently in PHP though if it's being done by someone who has years of "real programming" experience, not someone who comes along and hacks together a personal webpage or pet project (which invariably requies register_globals to be on, yuck).

    There is a framework out there that is proven, reliable and very easy to start using, it's called Fusebox.

    It has increased our productivity, encouraged code-reuse (instead of write-once never touch again hacks) and meant we get every single project out of the door on time and under budget.

    And now with Smarty being taken under PHP's wing so to speak (http://smarty.php.net) you can truly separate display from business logic in a nice simple way.

    But once again it comes down to this: Use the right tool for the job! I would never think of using PHP to power an online banking system, but then again I wouldn't use a 3-tiered enterprise system to run a bulletin board.

    --
    I am NaN
  5. Re:Php in the enterprise? Scary thought. by natmsincome.com · · Score: 2, Interesting

    Your arguments are great but they apply for almost every lanugage I know of.

    As for frameworks look at apache. Have you seen how many frameworks it has for java? What about Swing, AWT, SWT etc? Just because they're are lots of frame works doesn't mean it bad.

    I agree with your class as a static function library but that's not PHP's fault. C++, Java and Perl have the same problem. When people learn C or VB first and then go to an OO langauge they generally get it wrong.

    As for bad projects I sure if you did an "Ask Slashdot" they'd be able to tell you about bad projects C, C++, Lisp, PHP, Java, J2EE, .NET, etc.

    As for a standard was of seperating logic from content lots of people say that JSP isn't enough that's why you have stuff like Velocity and all the other framework template engines. If you want a template engine for php the default one is Smarty.

    When it come down to it the problem you have with PHP is that it has a lot of newbie programers that use it. Which is good and bad. Try making a simple form in JSP then do the same thing in PHP. PHP is ALOT easier. That doesn't mean it's better but it does mean people with a lower skill can do it. I'm using templates for our internal site and when other people edit it half the time the escape and got back to raw PHP and it's a mess so I fix it up and it's all clean again but they just don't get it untill after I show them then it make sense and they can do it but the next time they can't figure it out so it happens again etc.

    Does it mean you get lots of bad half baked libraries YES does it mean you get good libraries and frameworks YES (because more poeple start, so more people get good at it).

    If you want to look at good php projects check out:
    * Smarty
    * Mambo
    * Gallery
    * phpBB
    * JpGraph
    * phpMyAdmin

    That being said at what level do you move someone from a "HTML + PHP Hack" to a "Web Developer"?

    What makes a lanuage "enterprise-ready"? Does an "enterprise" company just have to use it (IE Yahoo and PHP). Or does it have to have faetures?

    Where I work we still use PROC and PIC which is a 40 year old language that doesn't have:
    * Variable Names - Only numbers!
    * Functions - Only GOTO and GO SUB (again numbers no names)
    * All variables are global!
    * No loops!
    * No else - You have to use IF and GOTO!

    Yet this is still being used in thousands of companies all over the world! Sure it's legacy but it's enterprise ready and still being used!

    So could it be used on a massive site handling 1,000 of concurrent users? Yes, IF IT WAS DESIGNED IN THE RIGHT WAY. It wouldn't be the same design as you'd use for .NET or the same as you'd use for J2EE but it would work. It might not be the best but that depends on the problem. (Same as Clusters vs Grid)

    I've ranted engough ... have fun pulling my comments to peices.