Slashdot Mirror
PHP 5.1.0 Released
kv9 writes "A new release of PHP5 is available. This version includes over 400 bugfixes, performance improvements over the 5.0.x branch, new date handling code, new versions of PCRE/SQLite/PEAR and over 30 new core/extension functions. A number of security fixes are also present and users are recommended to upgrade."
Rails still isn't a language, it's a framework.
(calling Ruby a "toy language" when comparing it to PHP is hillarous though, thanks for the laugh)
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
I was under the impression that when using a x.y.z -versioning scheme, bug fixes should be released with increments of z, new features with increments of y, unless they break compatibility, when x should be increased. But when has even PHP done some something in a standard way.
That's almost certainly a problem with your code, extra headers being injected because of improper input validation.
Always check that your input is well-formed, an email address is actually an email address and so on.
If nothing else, stripping newlines and carriage returns will thwart most of those bots.
Unfortunately it's a common problem, but if you code properly it's entirely avoidable.
"(...)and over 30 new core/extension functions."
Ugh. Adding still to the inconsistent, namespace mess, PHP functions have? Worst. Decision. Ever.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
It's widely known that PHP is used by a lot of "developers" without much background in writing secure software. As such, the coding techniques used are often less than ideal, and have lead to numerous security problems in the past.
Are the PHP developers actively doing anything to help prevent those without much experience from writing code that can lead to a server being compromised? Not that they should restrict those few developers who do know what they're doing, but they should perhaps be taking a look at making it far more difficult to write dangerous code.
On the hardware front we have AMD and Intel adding support for non-executable stacks to their processors, for instance. GCC has StackGuard and StackShield. I think it's time for the PHP developers to step up to the place and try to limit the possible damage that can be done when using PHP incorrectly.
It's easy to continually blame the inexperienced PHP users for writing insecure code. But I do believe that it is up to the PHP developers to use their skills to help mitigate such problems.
Cyric Zndovzny at your service.
It's really vague to compare two languages' "power". The only definitive comparison you can make is whether they're both Turing-complete. In that case, Perl = C = INTERCAL = Unlambda.
Laws do not persuade just because they threaten. --Seneca
What are the backgrounds of the main PHP developers? Do any of them have any serious credentials, or even background in language design at a graduate level, for instance?
One thing I find about PHP is that, rightly or wrongly, we always hear about how it's quite lacking as a language. Could that be because it is designed by people who have very little experience designing modern programming languages?
Cyric Zndovzny at your service.
A lot of people who criticize MySQL have directly used MySQL. What we've found is that for lighter tasks (such as many webpages), SQLite often works quite well. And once/if you need a database system that's more capable, it's best just to move to PostgreSQL.
The recent Oracle/InnoDB and MySQL AB/SCO debacles have also made many potential MySQL users weary. There are many users who are now questioning how viable MySQL will be in the near future, both from a technical standpoint with regards to the InnoDB purchase by Oracle, and from a legal standpoint concerning their dealings with SCO. SQLite and PostgreSQL do not suffer from such unknowns.
Cyric Zndovzny at your service.
If you want cutting edge, then you'll most likely need to run your own server.
Serious hosting companies just can't risk running software that hasn't been widely tested. While there may be benefits from running the new versions of PHP, for instance, it could be a disaster if a security flaw leads to their servers being compromised. An incident like that could financially destroy a small- or medium-sized hosting company. At least the older versions of PHP have undergone more testing than the newer releases.
Cyric Zndovzny at your service.
I wasn't trolling, but you obviously missed the point.
>For read-only, or even read-mostly, MySQL is blisteringly fast. It slows down
>when doing many INSERT or UPDATE queries on large tables because the whole table
>is held in one file, which has to be locked during a write and so slows things
>down.
Sounds like you would be better off using a flat text file. Flat files are FASTER than mysql and can be totally cached in memory and your overall server will perform better without another service running in the background.
For even read-only data you can load the data into shared memory via PHP and get speed that is unmeasurably fast.
Thats the point and the joke about it all.. 95% of what people use mysql for could be done without a database at all, and the other 5% would be better off using a real database.
... still having no namespaces and lacking in full-blown OOP and all.
So what?
PHP is the web generations basic. No more. But no less either.
Given that loads of very usefull webapps out there are built in PHP
I'd say the criticisim is mostly inadequate whining. If PHP doesn't
cut it for your job, take something else. No big deal.
We suffer more in our imagination than in reality. - Seneca
you forgot to add that real programming languages are pretty much backward compatible, whereas php's backward compatibility doesn't just suck, it's nearly non-existant. references, oop parent class calls, global variables etc. this language gets ever more messed up with every new version and with zillion little configuration flags that affect the very basic functions and breaks down even the most patient code.
php has it's good sides but it the long run it's definitely the loser platform from my point of view. even perl is more stable and readable after 3 years of support on the same code (on php you either do very expensive upgrades to the software every time there are some major changes or you do cheap fixes and the code turns into a mess).
have you ever tried to read a well organized OOP php source that is supposed to work with every version from 4.0 to 5.x ? nope ? give it a try, i'm sure you will fall off the fgging chair.
i suggest you use something else, use python, use ruby, if you need to kiss your bosses ass you might even use java but keep your fingers away from php while you can.
I'd tell you the chances of this story being a dupe, but you wouldn't like it.
Now that PHP is popular it is undergoing something of an identity crisis. Rasmus said it was an answer to "the web problem", a very simple answer. A "right to the point" approach, terse rather than elegant.
But as more "serious" developers pick it up, more "serious" features are requested.
The fact is, if you're flexible you can build whatever you need in PHP4. It may not always be the way you prefer to code, but you can do it.
PHP is what it is. And it won't appeal to everyone. Fortunately there are many other platforms for the unsatisfied. Take your pick.
If your primary gripe with PHP is that it isn't enough like Java, shut up and use Java. Same for - insert language here -
I am very interested to see the new framework being promised by Zend and IBM. (http://www.zend.com/php-collaboration/) Can they really deliver on their promises? If not, I do predict a mass exodus to ROR. PHP could wind up being relegated to individual scripts or 5 page websites.
Well put.
I find it ironic that PHP came out many years ago as a cheap and easy way to make more dynamic web pages with a simpler structure than perl. It was also a greatly reduced structure from perl.
Then someone added a bunch of MySQL to it, hyped it up as LAMP and now everyone's on that bandwagon. And those that weren't were bitching about how if you want to do a real web application you would be better off using Perl and PostgreSQL.
And now here we are years alter and from the threads I've seen herein:
- PHP has some horrible security pitfalls that are now being addressed.
- MySQL is being dumped for SQLite which is just a flat file system, but then so it Berkeley DB which seems pretty damn fast too
- PostgreSQL is still the last viable option for a real database that you can afford.
- And PHP 6 is talking about adding NameSpaces.
What I see here is that as time marches on, PHP is becoming more difficult to use and more like Perl.So when PHP rivals Perl in capability, it will likely rival Perl in complexity as well, only Perl has had 10+ years to settle out the bugs.
And what simplistic dynamic web page application will come along to replace the original implimentation of PHP? After all, the who reason PHP was so popular was the fact that is was simpler to follow than Perl was. But if it's as complex as Perl.... What next?
I am beginning to thing that PHP would be better off, in the long run, if they just left themselves to the area of making a bitchin' fantastic scripting tool for making dynamic web pages without trying to compete directly with Perl, Java, and C at the same time. It's kind of stupid.
Everything has a place.
Since when has the "If you don't use it, stop complaining" attitude been acceptable? I don't use Windows, but I'm constantly pointing out its faults to people so they're less likely to get infected and have their computer send out spam. I don't smoke, but I'd rather point out the dangers of smoking to someone than let them cut ten years off their life.
A while ago, I tried writing my own blogging system using PHP, because it would be easy to find someone to host me. I kept having to look things up (isnull or is_null? arrlen or array_length? (neither, it's count)), typing mysql_this, mysql_that instead of using namespaces is annoying, lack of a good scoping system very annoying, etc etc. I did want to use PHP, but didn't, because I thought it sucks. Would you prefer it if I didn't say anything, and just let the PHP guys carry on with the mess they've made? Hint: that wouldn't accomplish anything.
"PHP is the web generations basic". Oh great, the web generation is growing up thinking that mysql_query( $_POST['input']) is a good idea. After all, magic quotes will make sure it's safe, so gets(input); system(input); in C should be safe! Intentionally or not, PHP is the first language learned by many people nowadays, so it should at least educate them into good practices instead of just doing stuff for them. (Doing things for the user is one of the things that Microsoft gets flak from here, too). PHP tried this before, with register_globals, and look what that turned out to be.
Surprisingly, people actually want to make PHP a better language, but apparently any complaints should be met with "Don't like it? Then get lost!", leaving PHP as it is. Oh well.
Guy asked me for a quarter for a cup of coffee. So I bit him.
I won't take PHP seriously as long as the core developers continue to think that the lack of an equivalent to asp's "Option Explicit" or perl's "use strict" is a good thing.
PHP's source is available. The bug reporter clearly know how to fix it. Why not fix it themselves, and distribute the patch, and even post a diff on the bug report, and maybe, who knows, it'll be added?!
PHP is getting considerably better actually at being (a) a mess, and (b) making you learn by mistake, (c) providing simpler frameworks.
This is what PHP 5 and PHP 5.1 are all about. Lets fix the problems in the language and those things that go back to it's origins. PHP at one point did little more than a shell script, and now you have endless numbers of modules, extensions, and database backends.
You'll notice they have E_ALL on by default and highly encourage E_ALL|E_STRICT to be used for good coding practice. You'll notice register_globals is off by default. You'll notice countless quirks are virtually eliminated. magic_quotes are off by default because it's become apparent they don't always work and it's better done by the database engine (which can escape what it needs rather than just slashing random things).
You'll notice in 5.0 and 5.1, they pulled out extensions that are specific or not maintained (payflowpro, fileinfo, and many others) to PECL.
You'll notice they are recommending mysql extensions and others aren't use. You'll notice they're even advising that mysqli isn't used. You'll notice they are focusing on PDO to simplify and eliminate the ~10 driving extensions for each database engine with their own unique ways of doing everything with a universal framework (note: PEAR::DB is written in php classes- this is C and good code).
This is all a method to fix those problems everyone keeps complaining about. It's a pain, and creating even more complaints in the process of broken scripts, classes, and tools with the removal of things like is_a, call-time reference passing, and others- but once these scripts get fixed, and over time once everything goes PDO--- You'll find clean and swift code without much trouble at all.
Give it 6mo for the whole php 5.1 thing to migrate into various popular scripts and you'll find the world will be better for it. It's all in the master plan- simplify. Note that while many things have manual sections, much of it is in PECL and not the distro. At some point that should really be pulled into its own manual making it easier to find the core topics. That's just my opininion.
-M
when you see the word 'Linux', drink!