Slashdot Mirror
Changes In Store For PHP V6
An anonymous reader sends in an IBM DeveloperWorks article detailing the changes coming in PHP V6 — from namespaces, to Web 2.0 built-ins, to a few features that are being removed.
← Back to Stories (view on slashdot.org)
... for those too lazy to RTFA:
Additions:
Better Unicode support
Namespaces! (this is being backported to PHP 5.3)
SOAP and the XML Writer/Reader modules compiled in and enabled by default (also in PHP 5.3)
Removals:
magic_quotes, register_globals, register_long_arrays, safe_mode
ASP-style short tags ()
Freetype1/GD1 support
ereg (use of preg encouraged instead).
Especially since most of the "new" features are either already available or will be included in v5.3. There's literally nothing new here except better Unicode support.
Developers: We can use your help.
i am servicing around 350+ clients in a small fish web host. even at that small web host, there are a phletora of different scripts, programs that clients are using to conduct their everyday business, their estores, their livelihood. some of them are dependent and locked-in to the software they are using like a small business company that extensively uses ms products is locked into microsoft.
regardless, backwards compatibility is important for those people. for starters, these are the people who have chosen php as the platform to conduct their business on, making php a de facto dominant language for the web instead of being a small time web language that was used on web savvy, webmasters. the financial impact of this is going to be huge for them, to adopt to that many changes php dev group started to introduce in the span of 1 to 2 years. this is too much.
you gotta slow down. or you are going to alienate the small business community from using php with what you are doing. if you break a small estore owner's store script every 1.5 years for 'upgrading', the second time you do it they will jump the language ship.
do not start to become an elitist group out of touch with the people, increasingly caring for nifty programming issues rather than what would the users think.
Read radical news here
Um, no it's not. It's only downfall is that it's too easy to do powerful things so idiots make dangerous code.
That is not the language's fault. Not everyone wants or needs a JBoss server or something equally silly for their website. PHP is still very good. Safe programming in PHP just needs to be preached more to the new users of PHP and some of the self taught people who perhaps learned off the net from someone else with little experience rather than a book since all books I've seen cover the basics on safety.
The only thing that annoys me is the fact it's function naming methods aren't consistent. It shows that it's had input from various places without any thought into standardizing things.
"and a bunch of stuff removed"
The stuff addressed are some of the widest security holes. On top of that the old way of programming PHP and most guides out there encouraged the usage of these bad functions, getting them totally removed is a huge step forward.
I've noticed that every single article here mentioning PHP is immediately tagged 'phpsucks'. I find PHP incredibly expressive and am always surprised by the incredible variety of libraries/modules/plugins to manipulate graphics, flash, pdfs, to support protocols like SOAP, JSON, etc.
Perhaps we need an article on 'why php sucks' ?
My biggest issue with new PHP changes is fact that the sheer size of the PHP libraries mean that these new features don't bubble through to the whole core.
For exmaple take the newish try / catch exception features. On first glance you think "finally I can write decent exception handling into my own code" - which is great for your own exceptions but too many of the core functions used by your code or by a framework you're using don't throw exceptions - they indicate an error codition in the function's result.
So now we're seeing loads of code out there by people trying to do things "The right way (tm)" but it's full of bugs as there's exception conditions being raised by core functions that don't get caught by the catch blocks.
The line from TFA that concerns me is "Much improved for PHP V6 is support for Unicode strings in many of the core functions"
Many? That will means developers will start using unicode only to find scattered lines of code throughout the app doesn't work as the core function it uses doesn't support unicode. The overhead of keeping track of which functions do and don't support unicode will be a nightmare.
What makes PHP nice is that, language-wise, it is basically C plus a subset of C++ wrapped up in a scripting language. Almost any code written in C (or C++ without templates/exceptions/other icky stuff) can be trivially ported to PHP by replacing the type names with "var" and adding dollar signs in the right places. (I'm exaggerating slightly, but not much.)
PHP doesn't have any weird syntax like Perl regular expressions---you can do Perl regex, but it is neatly encapsultated into proper strings the way it should be. There's no having to manually re-indent dozens of lines of code because you needed to add another nesting level and whitespace is part of the language, etc. It's just a really clean, lightweight OO language that's exceptionally easy to learn and happens to integrate very well with HTML.
Don't get me wrong, PHP has plenty of weak points when it comes to performance (particularly when dealing with massive complex data structures), availability of modules to do various obscure things, etc., but as a language, it is pretty nice, IMHO---mainly because it isn't a kitchen sink like Perl.... :-)
Check out my sci-fi/humor trilogy at PatriotsBooks.
Did you have to shower after writing this? Did you at least burn the keyboard?
how to invest, a novice's guide
Of course not! Since no one has been stupid enough to directly insert submitted strings into SQL before sending it to the server for at least 5 years now, this won't affect any modern code in the slightest.
Dewey, what part of this looks like authorities should be involved?
But shouldn't you be using mysql_genuine_advantage_escape_string() instead ;).
It's stupid stuff like that and "Magic Quotes" that make PHP a sad joke.
Magic Quotes = mixing input layer filtering with output layer filtering = bad. You tend to get data corruption amongst other things.
Then there's addslashes and friends.
PHP: "Making The Wrong Ways Easy, and The Right Ways Hard".
Oh well, I guess php6 is where they are finally trying to do things right now.
All the pain is because php coders were doing things terribly wrong in the first place. Don't forget the PHP devs were encouraging them to do things wrong for years.
OO? Only recently.
Clean? Not even close, not when you've used a real OO language. and happens to integrate very well with HTML. So does everything else, now. I'd argue Ruby is actually better at this than PHP. Don't get me wrong, PHP has plenty of weak points when it comes to performance My language of choice right now is Ruby, so I don't really care about that. availability of modules to do various obscure things Considering the amount of crap built-in to the language, I doubt that's a huge stumbling block, either. I like CPAN, but it does help when the language itself is clean enough that I'll happily write a library of my own. But most that I'd need to do with a C library has bindings everywhere I really want to do it. mainly because it isn't a kitchen sink like Perl I think Perl has too many built-in functions, available everywhere, completely un-namespaced, compared to Ruby.
But you know what? Perl has a little over two hundred functions in the main namespace. PHP has a little over three thousand, according to this page.
So, it may not have the kitchen sink in the syntax, but it has the kitchen sink, the bathtub, the plumbing, and the neighbor's shower in the core library.
Finally, I call BS on this: Almost any code written in C (or C++ without templates/exceptions/other icky stuff) can be trivially ported to PHP by replacing the type names with "var" and adding dollar signs in the right places. (I'm exaggerating slightly, but not much.) Is there a language, other than Python, that this isn't true of, for very simple, "Hello World" or "My first HMAC implementation" examples? Sure, the rules would be different, but dropping all the type declarations (swapping for "var") and adding dollar signs is significant.
Oh, and does PHP support structs? What about function pointers? I doubt it's "almost any code". It's easy when you understand both C and PHP, but again, I assert that's true for many languages, particularly popular web scripting languages.
Don't thank God, thank a doctor!
Loose typing and non-strict syntax in general is particularly well suited to the internet because each request generates a completely new environment. Something that was wrong with the previous request, unless specifically stored, doesn't affect the next request. Strictness in programming stems from the need to keep far flung parts from affecting each other; the web is modular by nature and thus resistant to wide spread bugs. Thus, loose typing and other, less strict forms of programming that make life easier at the expense of fragility is counterbalanced by the modular nature.
Many won't agree with that analysis, and that's fine. Sloppy coding has gotten more than one web project in trouble, and more than one feature of PHP's that was intended to make life easier ended up going to far and introducing security holes. But that doesn't change the simple fact that PHP was made for the web and has conveniences built into the core that other languages either don't have or require an add on for.