Slashdot Mirror
Changes In Store For PHP V6
An anonymous reader sends in an IBM DeveloperWorks article detailing the changes coming in PHP V6 — from namespaces, to Web 2.0 built-ins, to a few features that are being removed.
← Back to Stories (view on slashdot.org)
I know it's mother's day and all, but there's got to be something somewhat interesting going on in the "nerd" world, right? Just sayin', a week old report on the PHP6 *planned* features isn't exactly frontpage news. It's so boring in fact, I felt the need to reply and bash the post just to alleviate my boredom. Neurotic, eh?
mmm...muffins
This looks pretty awesome.
I make websites and stuff. Buy one.
Poop in my Hand, Please, 6 times the usual amount. Thanks!
Crikey, I can't believe I have to RTFA to come up with something funny to say about this short-ass summary!
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
No comprende? Let me type that a little slower for you...
No more magic quotes makes AC a very happy coder.
I don't see why this is a major update (5 => 6).
Soap & XML was already implemented which leaves namespaces and unicode support as new features, and a bunch of stuff removed
... for those too lazy to RTFA:
Additions:
Better Unicode support
Namespaces! (this is being backported to PHP 5.3)
SOAP and the XML Writer/Reader modules compiled in and enabled by default (also in PHP 5.3)
Removals:
magic_quotes, register_globals, register_long_arrays, safe_mode
ASP-style short tags ()
Freetype1/GD1 support
ereg (use of preg encouraged instead).
I make good money on RentACoder coding up web sites that use binary executables and CGI!
Long live C and character arrays!
Better XML support. That's a biggie. Might it mean we can, for a whole heap of projects, discard mysql? Would it make things run faster?
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
Yay! Finally not just having register_globals defaulted to off, but removed altogether.
i am servicing around 350+ clients in a small fish web host. even at that small web host, there are a phletora of different scripts, programs that clients are using to conduct their everyday business, their estores, their livelihood. some of them are dependent and locked-in to the software they are using like a small business company that extensively uses ms products is locked into microsoft.
regardless, backwards compatibility is important for those people. for starters, these are the people who have chosen php as the platform to conduct their business on, making php a de facto dominant language for the web instead of being a small time web language that was used on web savvy, webmasters. the financial impact of this is going to be huge for them, to adopt to that many changes php dev group started to introduce in the span of 1 to 2 years. this is too much.
you gotta slow down. or you are going to alienate the small business community from using php with what you are doing. if you break a small estore owner's store script every 1.5 years for 'upgrading', the second time you do it they will jump the language ship.
do not start to become an elitist group out of touch with the people, increasingly caring for nifty programming issues rather than what would the users think.
Read radical news here
Removing the get_magic_quotes_gpc function altogether seems like the dumb way to handle backwards compatibility, breaking scripts for no good reason. Why not keep the function and just always have it return false?
If they just leave it, people will go on thinking things are good, until they're hacked. By throwing up a hard error, people will be aware there is a problem. If it's really such a problem, don't upgrade immediately, or write your own replacement function.
Unfortunately, everyone has already realized that PHP is an insecure, featureless piece of crap. Real web developers have moved onto other platforms, or stuck with Perl.
It was to protect you from the O'Malleys and O'Connors. The PHP framers were obviously fans of Mel Brooks' film, Blazing Saddles: "We'll take the niggers and the chinks but we don't want the Irish". Or I'm missing something.
THL phish sticks
Make it like a modern language.
Change . (string concat) to +
Change -> (pointer-to-member operator) to .
Done. Huge productivity increases.
Thank you.
They've fixed a lot of things that were being complained about under the terms "why php sucks" http://www.google.com/search?q=why+php+sucks . ::\/\. /> :-)
Related news is that PHP runs much better now on Windows Server 2008, as per the official Zend statement. But I doubt we will see too many people switch to WISP. This is flambait, agreed.
Also if you now have a PHP-fed brain with no place for anything else, with the new namespaces-on-steroids (http://www.php.net/manual/en/language.namespaces.using.php) change, you'll likely port slashcode to
And otherwise refer to <things like="this"
Hackers have long memories. It works both ways.
PHP scripts will still manually implement it, and each one will do it in a slightly different but still broken way, generating hundreds more security vulnerabilities...
So, if you're a developer or architect using a different language, such as the Java programming language, because it has better internationalization (i18n) support than PHP, it'll be time to take another look at PHP when the support improves.
Err, no we're using Java because it's a coherently designed programming language and set of libraries, not just because it's got Unicode support throughout. At least they're removing som of the horrific hacks like "magic_quotes" and "register_globals".
I've noticed that every single article here mentioning PHP is immediately tagged 'phpsucks'. I find PHP incredibly expressive and am always surprised by the incredible variety of libraries/modules/plugins to manipulate graphics, flash, pdfs, to support protocols like SOAP, JSON, etc.
Perhaps we need an article on 'why php sucks' ?
Are short tags being removed, or deprecated? I remember reading that the devs had decided to leave short tags in.
No offence php, but <?php echo "Hi!"; ?> does not even *begin* to compare to <?= "Hi!"; ?>. Hiding behind "it breaks open xml tags", or that "default configuration has them disabled, so using them is not immediately portable across hosts" is bullshit. If I'm coding for my own environment, *I* will choose which format I use, and I should not be expected to use ugly syntax to make things "portable".
I'm New Here
My biggest issue with new PHP changes is fact that the sheer size of the PHP libraries mean that these new features don't bubble through to the whole core.
For exmaple take the newish try / catch exception features. On first glance you think "finally I can write decent exception handling into my own code" - which is great for your own exceptions but too many of the core functions used by your code or by a framework you're using don't throw exceptions - they indicate an error codition in the function's result.
So now we're seeing loads of code out there by people trying to do things "The right way (tm)" but it's full of bugs as there's exception conditions being raised by core functions that don't get caught by the catch blocks.
The line from TFA that concerns me is "Much improved for PHP V6 is support for Unicode strings in many of the core functions"
Many? That will means developers will start using unicode only to find scattered lines of code throughout the app doesn't work as the core function it uses doesn't support unicode. The overhead of keeping track of which functions do and don't support unicode will be a nightmare.
Apparently writing about PHP automatically allows using dumb code in examples:
;)
function is_authorized() {
if ($expression_that_returns_boolean) {
return true;
} else {
return false;
}
}
and
echo "Welcome, $_GET['cross_site_scripting_attack']!";
I guess PHP needs magic_entities
php's success compared to other languages like asp, which tried to compete with it and came out about the same time into prominence is due to php becoming more than a small nifty toolset for doing knickknacks on hobby sites and forums. php started to be used for business, and this created a demand for php programmers, and this in turn fueled more entry into language. same did not happen for asp. go check elance. youll see zillions of php projects that are put up, and equally many php developers. search for asp and .net stuff. see how many.
the scripts which have a lot of old versions still being used out in the web today were a major cause for this. hell, even many simple forums that were started as hobbies turned into big community forums that do a lot of advertising and generate business, leave aside estores.
its not wise to go trigger happy.
Read radical news here
Comment removed based on user account deletion
Hopefully they can fix exception support in PHP 6. Currently it breaks in a lot of weird ways which can be nearly impossible to debug. For example, the following code:
function a() { new DateTime("2007-02-32"); } register_shutdown_function("a");
Generates:
Fatal error: Exception thrown without a stack frame in Unknown on line 0
Tracking down such an error in PHP 5 can be quite time consuming since current debugging solutions only work in very limited situations.
Depends. Linux 2.4 -> 2.6. Better example: Anything after OS X. We're up to 10.5 now, but everyone's drooling over it. Why? No numbers at all
College-Pages.com - Online Colleges, Degrees, and Programs
...He took the "contract." Nobody was forced.
But his post is inane.
Isn't it about as basic as it gets that code (outside of Java) should be developed on the same platform that it will ultimately be deployed upon?
If he had done that, all he'd have needed to do was get a copy of the binary as compiled for use on the production server, and their php.ini. Install, copy in the php.ini, and he's up and running in an environment identical to the Prod server.
Barring that, if he'd had gotten their php.ini anyone w/ any PHP experience would be able to see what non-std components were included, and the version everything is running at. Download it, compile it, install, and copy-in the php.ini.
If he's spending a "good fraction" to get a "test bed" then he really should stick to tech support or network administration or whatever he's done over the past few years full time for a living.
Well, at least the sample code has clearly been written by a PHP expert. For example, a newbie would write something like
and get paid for just three measly lines of code.
Thank $deity Nathan A. Good (mail@nathanagood.com), Senior Information Engineer, Consultant stepped in and corrected this to
Go, consultant-written code, go!
I've worked with PHP professionally, building a healthy, heavily profitable, and rapidly growing company providing information management services to schools.
.NET wished to be, only cross-platform. It's an excellent tool for developing information-processing applications, very, very rapidly. Yes, it has its weaknesses, and nobody's forcing you to use it, and the devs are working on the weaknesses, too. Go use Ruby if it makes you feel good. But PHP works well on Windows, Mac, Linux, BSD, and many others. Seriously: you really can't go too wrong betting on PHP unless you need 3D graphics!
From the simple standpoint of "concept to implementation" - PHP ROCKS. It's very, very fast, requiring little in the way of "planning" and "structuring" while letting the features come out... FAST. It is, bar none, the best RAD environment I've yet worked with. Not that it's the best in every area, but that it clearly has the best balance between features and "gotchas". It has its weaknesses, such as lousy error reporting, but even that can be largely mitigated with a little intelligence in advance. But it really does have a number of key strengths that I leverage to the hilt:
1) Stability. It just doesn't die. Ever. I've never, ever, ever had a problem with PHP "not working". I don't troubleshoot it. It's there, it works, and I don't sweat it.
2) Scalability. It's "share nothing" approach makes clusting and random-host selection boil all the way down to a simple session manager. Having 1 or 10 application servers running side-by-side is almost trivial!
3) Code density = excellent! It's a fairly dense language, meaning that lots can get done in a few lines. Just for giggles, I've written a self-forking, multi-process daemon with a process manager and hundreds of managed children forks performing a deep-level network scan in like 50 lines!
4) Security. Yes, you heard me correctly. Although you can certainly use PHP "wrong", you can also use it "right". Once you do, you discover that PHP has a number of features that make things like SQL injection and shell parameter expansion a thing of the past. Really. Learn your tools!
5) Flexibility. You can run it as a module inside Apache. You can run it as a standalone executable. With tools like Ion Cube and PHP-GTK, you can create a cross-platform GUI application without revealing source.
6) Availability. Any $5/month web hosting company supports PHP, and there are many free ones, as well. You can download a CD, install Linux, and have PHP/Apache up and running in under 10 minutes. There are batrillzions of apps available A LA SourceForge for free. PHP is the most commonly available web development language. And, by no means is it a web-only development language!
Sorry you can't handle a few quirks in the function names. (so write out a file of wrapper functions - DUH!) Sorry that it's attempts to simplify variable management weren't perfect. Geez. Just code in c and be done with it, why don't you?
In short, PHP is everything that VB and
I have no problem with your religion until you decide it's reason to deprive others of the truth.
echo htmlspecialchars($_GET['ekhm!']);
This is complete rubbish. Changing major versions often notifies of backwards incompatibility. Examples:
qt1 -> qt2 -> qt3 -> qt4
gtk1 -> gtk2
linux kernel v1 vs v2.
One can go on forever here...
Each time I read that they're ditching safe_mode, I do a little happy dance and shed a tear of delight.
All the other stuff is great as well, but safemode has made the quality of my life significantly worse in the past.
Sorry but... what are the "Web 2.0 builtins"? I saw none... or is it "goto"?
{{.sig}}
As an experienced PHP developer, who has many websites that I take care of - some of them are ecom sites I manage for relatives- but I didn't write them... this news is kind of a two edged sword for me.
While I'm glad to see some of the more blatant security problems being closed up, and the things that encourage sloppy programming being removed.... I'm not excited about having to go through many hundreds of files of code written by OTHER people, to fix some of these things. Really, what's so wrong about the short php tags? *sigh*
I know it has to be done though. But I just finished cleaning up these sites for PHP5 and mySQL5. Yes, I'm wining.
"Unicode is an industry-standard set of characters, character encoding, and encoding methodologies primarily aimed at enabling i18n and localization (i10n)."
Ha ha... Everybody knows that i10n is shorthand for "intoxication", not "localization"...
Bow-ties are cool.
This attitude - that new versions of the language should always support everything the old versions supported - only makes sense if you assume that the initial design was perfectly sound to begin with.
Had PHP4 been perfectly designed, and perfectly well-suited to what people are now using PHP for, there wouldn't be any need to change it at all. But PHP isn't perfect. They've found ways to make it better. They could fork off a new project containing those changes - but PHP6 is more like PHP5 than not - and if they had to fork off every time they changed things around they'd have a lot of extraneous extra names for basically the same thing.
Also consider - how much time and effort might they have to put in to augmenting PHP6 to be fully backward-compatible, and to maintain that awkwardness - even in the face of new features that may flat-out contradict older policies in the language? How much work would have to be wasted just to make PHP6 a better PHP4 than PHP4 is?
If you wrote your code for PHP4, just keep running it on PHP4 until you're ready to port it.
Bow-ties are cool.
There are a lot of valid points about the short comings of PHP, and how even it's design encourages bad programming practice. The same could be (and was) said about Basic, and Visual Basic (pre .net).
And while I certainly agree that there are "better" languages out there, the one area I strongly believe PHP excels in is ease of use. Why is that important, compared to things like elegance, speed, and security?
Well, because by the time need some of the things PHP lacks - you've already learned how to do quite a bit of programming and are well prepared to address it's short comings, or switch to a more appropriate language.
We *need* a language that can be picked up in a matter of hours to attract casual programmers. Not every program needs to be great, many just need barely work.
I teach "Introduction to PHP" at FIT, and the first thing I tell the students is that should not be such a course; because anyone who knows enough to have a need for PHP should also be comfortable enough to learn PHP through an online tutorial or book. But these students know barely anything - I have to teach them how to write HTML forms, and all about databases (including what databases are) before they can PHP to do any of the things they want it to do. It's only a four session class; but PHP is still easy enough that I can teach them everything they need to know to get started.
Most of them will use it to write little guest book type apps for their personal websites, that run slowly and have huge security holes. But they have neither the traffic to make performance an issue, nor valuable enough information to make hacking their sites remotely worth it. If they like doing that, they can either make use of pre-built PHP modules, or learn how to code things better. But they've started, and I believe that's a good thing.
Programmers used to bash Visual Basic all the time when I was coding in that, but it's tiny learning curve got an awful lot of companies started down the path of in house development that Visual C++ wouldn't have. And that created an awful lot of work for programmers.
It's great that Zend is addressing some of the PHP issues; but I'm glad they're not trying to turn it into Perl. We already have Perl, we don't need another.
I had heard that ereg has better portability. Why would they ax ereg?
No single raindrop believes it is to blame for the flood.