The New PHP

An anonymous reader writes "This article at O'Reilly Programming suggests that PHP, a language known as much for its weaknesses as its strengths, has made steady progress over the past few years in fixing its problems. From the article: 'A few years ago, PHP had several large frameworks (e.g. CakePHP, CodeIgniter, and so on). Each framework was an island and provided its own implementation of features commonly found in other frameworks. Unfortunately, these insular implementations were likely not compatible with each other and forced developers to lock themselves in with a specific framework for a given project. Today the story is different. The new PHP community uses package management and component libraries to mix and match the best available tools. ... There are also exciting things happening with PHP under the hood, too. The PHP Zend Engine recently introduced memory usage optimizations. The memory usage in PHP 5.5 is far less than earlier versions.'"

Wake me they fix namespaces

[LF11]

Wake me up when they implement namespaces correctly. With a syntax that doesn't look like Satan's diverticulitis.

It is nice to see that PHP is starting to grow up a little bit. They have long way to go.

Re:Wake me they fix namespaces

Wake me when comparisons become transitive.

Re:Wake me they fix namespaces

[nickittynickname]

Wake me when they decide to not care if it breaks existing php implementations and do some real clean up on the language. They keep adding features to the language and don't remove any of the garbage.

Re:Wake me they fix namespaces

You cannot have transitive comparisons with implicit type conversion. They're mutually exclusive.

Re:Wake me they fix namespaces

Sure you can.
"string" == TRUE, "string" = 0 and finally 0 == FALSE.
That's just great. Simply turning "string" into FALSE or 0 into TRUE or even "string" into 6 or something would fix this.
Or better yet, get rid of automatic type conversion. It's horrible. You have to try and figure out what something is going to be turned into in a specific circumstance.

Re:Wake me they fix namespaces

Well, Rasmus Lerdorf is a transvestite if that does anything for you...

Re:Wake me they fix namespaces

[lucm]

Wake up time. PHP actually has a pretty decent way to remove "garbage". First they make the compiler (and documentation) warn you about a feature being made obsolete in a future version, and then a few versions later they do remove the feature.

Here is an example (quote from the manual):

As of PHP 5.3.0, you will get a warning saying that "call-time pass-by-reference" is deprecated when you use & in foo(&$a);. And as of PHP 5.4.0, call-time pass-by-reference was removed, so using it will raise a fatal error.

Re:Wake me they fix namespaces

[squiggleslash]

Yes, they've done it once or twice, with a tiny number of the headline issues, took an age to do so, and only did so because people were screaming about it.

Re:Wake me they fix namespaces

[ultranova]

Wake me when they decide to not care if it breaks existing php implementations and do some real clean up on the language.

Every time you break existing applications, you create systms that are stuck with old and buggy versions. That's bad enough normally, but is a terrible idea in a language meant for writing Internet-facing apps. Dealing with detritus is preferable to burning down the house to get rid of it.

Re:Wake me they fix namespaces

[lucm]

That's how it works with technologies that have a huge customer base; it's called "pitchfork-mob-driven release management".

Re:Wake me they fix namespaces

[lucm]

What exactly would be a correct namespace implementation? Are you getting your panties in a bunch because one has to type "use My\Own\Namespace;" instead of "import My.Own.Namespace;"? Because that's basically the only difference with languages like java or C#.

Actually I find PHP namespaces less clunky than the reverse domain notation used in java. I don't know who came up with that idiotic approach but countless man-hours have been wasted in history by people typing the "com." or "org." part of the libraries they imported.

Re:Wake me they fix namespaces

Yeah, because so many useful man hours are by people writing java in text editors.

Who the fuck actually types out import statements?

Re:Wake me they fix namespaces

> Simply turning "string" into FALSE or 0 into TRUE or even "string" into 6 or something would fix this.

All poor solutions.

> Or better yet, get rid of automatic type conversion. It's horrible.

Now you're talking!

Re:Wake me they fix namespaces

[vilanye]

You can't determine equality without checking if they are transitive.

It is fairly basic math, checking if its reflexive, symmetric and transitive all determine equality, all three properties have to be true.

Re:Wake me they fix namespaces

[Xest]

PHP developers.

One question

[93+Escort+Wagon]

Have they managed to keep from breaking crypt() recently?

Re:One question

[dackroyd]

yeah - http://php.net/password_hash

It's now pretty easy to do password hashing correctly.

Re:One question

[Mitchell314]

Password hashing has always been easy: $hash = substr($_GET["password"], 0, 5);

:p

Re:One question

[dackroyd]

That's, er, function hashing - http://news.php.net/php.intern...

Re:One question

Easy if all your projects are in php, but a pain in the ass if you have other systems that must interface with it and have to do their own hashing as this is almost completely a blackbox.

You don't know what you're talking about.

Python and Ruby both benefit greatly from caching mechanisms (as does any other language) and garbage collection has never been something added after the fact in PHP.

Re:You don't know what you're talking about.

PHP has always used explicit memory management.

allocate_StringMemory()
sys_FreeMemory_UTF8()

Watch out because there is no way to tell if allocation fails. That's convenient though because it makes sys_Free* idempotent; there is no difference between failure to allocate and multiple free-s.

With 5.5 you get a great new function;

sys_FreeEverything() // in traditional mixed camel case + underbar style!

Now you don't need to keep track of allocations and release them. Just blow away all allocations across all requests and start fresh. It's really great for fixing those darn memory leaks.

Re:You don't know what you're talking about.

[luxifr]

PHP has always used explicit memory management.

allocate_StringMemory() sys_FreeMemory_UTF8()

Watch out because there is no way to tell if allocation fails. That's convenient though because it makes sys_Free* idempotent; there is no difference between failure to allocate and multiple free-s.

With 5.5 you get a great new function;

sys_FreeEverything() // in traditional mixed camel case + underbar style!

Now you don't need to keep track of allocations and release them. Just blow away all allocations across all requests and start fresh. It's really great for fixing those darn memory leaks.

why this gets moderated Insightful, Interesting and Informative is beyond me... But it shows that slashdotters are now ready for beta becomming release...

parent should have been modded troll or flamebait... or maybe funny if you think it were... or maybe not at all because modding an AC up is pretty pointless...

*sigh* where do you people, who loved how slashdot WAS, go now? I'd like to go there, too

6 scripts at once? HNNNNNNNNNG

[DrPBacon]

It runs like balls on the Raspberry Pi, but that's the Pi's fault.

Re:6 scripts at once? HNNNNNNNNNG

[cheater512]

Yeah. Stupid global weather simulations also run like a dog on the Pi.
When will people start testing their complex simulations on multiple platforms?

Re:6 scripts at once? HNNNNNNNNNG

[DrPBacon]

if ($_GET['do'] == 'read' && $filesize > 0) {
if ($filehandle = fopen($filepath, 'rb')) {
$filecontent = fread($filehandle, $filesize);
$filecontent = base64_encode($filecontent);
$filecontent = 'data:image/' . $filetype . ';base64,' . $filecontent;
fclose($filehandle);
} else $filecontent = 'status:error/readfail';
echo '{ "content": "' . $filecontent . '" }';
}

Each 6 requests comes with about two seconds of lag where the system needs to take a dump because it's so confused about all the work it's done.
(The files are 8kb).

Re:6 scripts at once? HNNNNNNNNNG

[cheater512]

Try:
if ($_GET['do'] == 'read' && file_exists($filepath))
    echo json_encode(array('content' => 'data:image/'.$filetype.';base64,'.base64_encode(file_get_contents($filepath))));

The key bit being file_get_contents. It is a hell of a lot better than using the f functions except for very specific circumstances.
Also check the ram usage on the Pi. It should be able to keep a few 8kb files in the file cache.

Re:6 scripts at once? HNNNNNNNNNG

[DrPBacon]

Note: This function is binary-safe.

Hmmmm.... I didn't think it was.

Re:6 scripts at once? HNNNNNNNNNG

[cheater512]

I've never experienced a binary safeness issue in PHP for some time. The usual stuff I do like file_get_contents, substr, strlen, etc... are all binary safe.

Re:6 scripts at once? HNNNNNNNNNG

Unless you want to use UTF-8, 16-bit unicode, 32-bit unicode, 64-bit unicode, etc.

Inconsistency

If they haven't fixed the horrific inconsistent commands and behaviours with said commands, then every NOPE that my body can muster.

Silently converting things in such awful ways led to a month of headaches with that bullshit.
Never again.
I should never need to use a library to be able to actually get anywhere. A library should make it easier, but it should never have to fix problems with a language.
Even JavaScript isn't as bad as that, there are only a few minor areas where implementation-specific issues pop up, like the awful CSS rule stuff, input codes, and some other stuff, with PHP, it is EVERYWHERE.

Re:Inconsistency

[elfprince13]

Even JavaScript isn't as bad as that, there are only a few minor areas where implementation-specific issues pop up, like the awful CSS rule stuff, input codes, and some other stuff, with PHP, it is EVERYWHERE.

Cute. In JavaScript: "5"-2 = 0 and "5"+2 = "52". Even PHP isn't *that* nut.

Re:Inconsistency

[countach74]

JavaScript's hardly perfect (especially with numbers.. seriously, why the hell would anyone implement loose typing??), but you really can't compare its mess to that of PHP.

Re:Inconsistency

[countach74]

Also, "5"-2 yields 3, not zero. I think the fairly obvious reason for this nonsense is that string concatenation uses the same symbol in JS as adding (+). Combine with a loosely-typed variables, and it's a recipe for stupid things. The solution, of course, is to make sure you're adding numbers to numbers and not to strings, which is hardly unique to JavaScript; you wouldn't do that in C, C++, Python, or any sane language I can think of--except PHP.

Re:Inconsistency

[elfprince13]

Yes, 3, sorry 'bout that. In PHP you are guaranteed arithmetic results when using arithmetic operators. String concatenation is a distinct operator :)

Re:Inconsistency

I agree they are incomparable. Javascript is much worse in so many ways...

Re:Inconsistency

[countach74]

Yes, I am aware; I do believe I mentioned that. Loose typing is still retarded. :)

Re:Inconsistency

If you want it real nutty, try C: "123"+1="23"

Re:Inconsistency

No, but it is *this* nuts: https://eval.in/108854

Re:Inconsistency

Incorrect. "5"-2 evaluates to 3.

If you understand operator precedence and implicit type coercion, the behaviour is quite obvious.

This is just how some languages work. They may appear easy to use, but uninformed programmers can produce really bad code.

Re:Inconsistency

[viperidaenz]

"5"-2 = 3 in Javascript.
parseInt("5")+2=7

You're getting confused with operator overloading. Maybe you should stick to PHP.

Meet the New PHP

[Ignacio]

Same as the Old PHP.

Re:Meet the New PHP

But now with 30% less carbs!

Re:Meet the New PHP

Since it's PHP, the function will be inexplicably called less_crabs().

Re:Meet the New PHP

[tendrousbeastie]

Whereas it should of course be fewer_crabs()

Re:Meet the New PHP

[viperidaenz]

and 50% more fat.

"hello" == 0 is TRUE

Let me know when they stop calling bugs features because they are documented.

https://bugs.php.net/bug.php?id=39579

Re:"hello" == 0 is TRUE

Your lack of understanding of how the language works isn't a bug in PHP.

Re:"hello" == 0 is TRUE

That makes php on par with brainfuck and run for their money

Re:"hello" == 0 is TRUE

It's not a bug. Lets pretend you were a C programmer. You write this: if( var = 12 ) { do_something(); }

Would you complain that it's a bug in C that do_something() always gets called, or is it a failure on your part for not knowing the language?

Re:"hello" == 0 is TRUE

Bullshit. '=' is assignment in all cases - it is predictable behavior.

However, in php:

"hello" == false is FALSE.
0 == false is TRUE
Therefore, "hello" == 0 should be false. But it doesn't.
"hello" == 0 is TRUE.

I understand WHY it happens. My understand why and when doesn't make it right.

Re:"hello" == 0 is TRUE

[Mitchell314]

I personally complain a lot when I see those bugs in C. Great way to troll C newbies though . . .

Re:"hello" == 0 is TRUE

[Mitchell314]

I agree, and as annoying as it is . . . it really is a *very* bad habit to assume transitive property holds for most operations. For example, if a > c and b > c, it's not always the case that a + b > c. Or a * b > c. That's a nasty way to introduce a security exploit when using malloc (eg malloc(sizeOfObject*numberOfObjects)).

Re:"hello" == 0 is TRUE

Yeah, well, if C had a true Boolean type, where "false" is 0 and "true" is non-zero, it would exhibit the exact same behavior as the PHP example you gave... unless you set your compiler to puke on implicit type conversion.

Re:"hello" == 0 is TRUE

This is different than that, mathematically. For your example to be the same, you would have to say a > b and b > c, and then say there are cases where a = c. No one ever said you could assume the transitive property when it comes to addition and multiplication.

Re:"hello" == 0 is TRUE

[jrumney]

It's not the Boolean type that is making the difference here (C99 has one), it is the fact that "hello" == 0 in PHP is doing an implicit atoi("hello").

Re:"hello" == 0 is TRUE

If you can't deal with PHP's type conversion rules, then bypass the issue altogether with the === operator.

The language has had this for only about 10 years or so, so you might not have heard about it yet, but it's there.

Re:"hello" == 0 is TRUE

[ultranova]

For example, if a > c and b > c, it's not always the case that a + b > c. Or a * b > c.

Why would anyone ever assume the latter? It's not true for anything but natural numbers (0.5 > 0.3, 0.5 * 0.5 = 0.25 < 0.3).

Re:"hello" == 0 is TRUE

[Mitchell314]

As in my example, calculating sizes. Often when working with memory buffers, when you multiple the number of something by the size of it.

Too Little, Too Late & MtGox

[scorp1us]

I've been complaining to a friend of mine about PHP. I was an early adopter around 1.0/2.0, avid user at 3, and have fallen out with it since then. PHP was good, even revolutionary at the time because you either had C or perl PHP had a friendliness to it... Something that ended up making it second rate.

It's always been second rate. Even the PHP devs themselves end up coding vulnerabilities. And look at MtGox. What was it coded in? PHP!

Why in 2014, do I have to decorate variables with '$'? Why is the assiciative array syntax take two characters that look a comparison operator? Why do I need == and ===? ANd vaiable confusion between $_GET, $_POST and $_COOKIE

No one can do a safe site in PHP, it's just too much work to 1) know best practices and 2) code it.

Finally the web has changed. Back when it enabled a dynamic site, it was the shit. In a web 2.0 world it is shit. You've got to work with MIME, HTML, PHP CSS, JSON, JavaScript.... There is no "php" solution.

Today, there are many ways to develop dynamic web content. My favorite two are Node[JS] and witty (webtoolkit.eu). While there is no "ace of the page" the Witty apprror say SPDY2.0, approach is best, where you write your application code and it renders code for whatever browser and browser capabilities it has. If Websockets, HTML6, or SPDY2.0 comes out, you just recompile your app against the new library that just uses the new features as appropriate.

In retrospect, there never really was a time when PHP was a "good thing".

Perl vs PHP

[Camel+Pilot]

Being long in the tooth I do all my web development via Perl using my own nice call back templating engine and of course CGI.pm. Nice separation of code and html -neither of the two find themselves in the same file. Once in a while I have to do some repair work for customers in PHP and in horror find the html and code mixed to together with wild abandon and massive uses of global variable and I wonder PHP is so darn popular.

Re:Perl vs PHP

But that's the Old PHP. The New PHP uses templating engines like Twig (http://twig.sensiolabs.org), which comes - like most of the things which define the New PHP - from the Symfony universe. Don't compare a procedural, PHP 4 originated application with a OO, dependency injection based modern PHP application ...

Re:Perl vs PHP

You do not have to mix code and html in PHP. The person who made the code you had to repair did poor job indeed. Don't blame on PHP for what a developer did.

Re:Perl vs PHP

[budgenator]

I've found that using the Smarty template enginr helps me avoid that situation in PHP and the learning curve is fairly shallow.

Re:Perl vs PHP

Only on slashdot could someone claim to take the high ground by using Perl.

Re:Perl vs PHP

[jrumney]

Being long in the tooth I do all my web development via Perl using my own nice call back templating engine and of course CGI.pm.

Having seen some Perl web scripts that very much do not meet this description, and some PHP that was nicely templated I can say with confidence that it is not the language that is at fault here.

Re:Perl vs PHP

[Tumbleweed]

Wow - I'm not sure you should be using the sample of bad existing code as an argument against PHP and FOR perl. Yikes.

Re:Perl vs PHP

I remember Smarty. Oh hey BTW, the last decade called... they want their unnecessary complications back.

Can I get a warning on undefined variable reads?

Until I can get at least a warning on reads to undefined variables I will never use PHP for anything serious again.

Re:Too Little, Too Late & MtGox

[hondo77]

Why in 2014, do I have to decorate variables with '$'?

That is your first complaint about PHP? That? I can't stand PHP but, seriously, that is first on your list of PHP badness?

Why use the Zend engine at all?

[MarkRose]

Many of the problems with PHP are from the crappy language implementation. I recently came across a Java implementation of the language. It's been around forever, but as I hadn't heard of it, I figure many people reading this thread haven't either. It's Quercus. It's certainly worth a look as a Zend alternative.

Re:Why use the Zend engine at all?

[dackroyd]

> Many of the problems with PHP are from the crappy language implementation.

Yes, because switching to a subtly different language implementation is not going to cause any problems running code that was written for the standard PHP implementation.

> It's Quercus [caucho.com]. It's certainly worth a look as a Zend alternative.

That was release 7 years ago. No one appears to really use it.

Do you really think that if it was such a great improvement over the Zend engine that people wouldn't be using it?

Re:Why use the Zend engine at all?

I do agree that the Zend engine is a crappy implementation of PHP. Despite of that the Zend engine is still the only reference quality engine we have because the language has been developing with such a high speed that nobody else has kept up.

However, that is now finally changing with Facebook throwing its money on the problem and we already have hhvm (HipHop Virtual Machine for PHP). See details at http://www.hhvm.com/blog/ -- latest version seems to run 99.3% - 99.89% of unit tests of major PHP frameworks correctly so we're slowly getting there. The actual hhvm virtual machine implementation is somewhere between OpenJDK JIT and Mozilla Tracemonkey; see http://www.hhvm.com/blog/2027/faster-and-cheaper-the-evolution-of-the-hhvm-jit for extra details.

The Facebook has been running all of their site on hhvm for months so I would call it production ready.

Re:Why use the Zend engine at all?

[caseih]

Perhaps people should start using it more. It apparently is capable of running Drupal and Wordpress, and seems to give some significant performance benefits for those apps. For shops that already have a lot of Java infrastructure, and if they need to roll a PHP site with Drupal,Wordpress, or some other framework, using Quercus is a no-brainer (though you can argue that not using Drupal or Wordpress is a no-brainer). A lot of the security problems of PHP are mitigated. IE if you can manipulate bad PHP code, you're not going to get access to the webroot and Apache.

Had I known about Quercus when my employer rolled out its Drupal site a few years ago, I would have given Quercus a seriously try.

Re:Too Little, Too Late & MtGox

[skids]

Especially since it's actually one of the only things that makes PHP (barely) readable.

geeks

I'm sometimes amused by many of the negative emotional reactions to PHP. The best I can guess, having languages around that any joe can pick up reduces some geek's feelings of superiority ('leetness'). Knowing several languages, I can't say that any one of them is perfect, otherwise we wouldn't have so many.

Re:geeks

PHP gets attacked because it rules the web. If you love some obscure language like Go then you're bound to attack PHP in order to gin up Go. The problem is that most lanuages have specific weaknesses. PHP's weaknesses are all over the map, while most languages, like Go, which make academics like them, have huge practical problems for programmers. Perl and Ruby are slow. Perl is incomprehensible when you try to read it. Most languages don't handle string concatenation or white space very well (looking at you, Python). Many require dedicated hosting. The sheer volume of code written in PHP frameworks dwarfs all other languages combined. It has just enough oo to be useful without going insane (java). However, the root of the problem is the weaknesses in HTML and the horror that is javascript. Had HTML been done right, at least as far as mini-XSLT implementation, none of the messy solutions we have now would have been needed.

Re:geeks

No, because someone could have designed a web scripting language that was just as easy to pick as PHP, but did not contain all of PHP's "gotchas" and legacy of terrible design decisions.

In fact many people did invent such environments, but they were proprietary. Microsoft ASP, Sun JSP, etc, etc. PHP did nothing new except create an terribly bad language.

Javascript was hacked together in a couple weeks and is a far better language than PHP (even though it has its own gotchas). If someone had invented an open source "Javascript Server Pages", the world would have been a far better place.

Not sure what you're talking about

[rsilvergun]

I've never done my own garbage collection, and PHP just updated it in 5.3.

PHP works, it's fast as heck, and I can do anything you can do in python/perl just as well and way faster. My host for my hobby site (Shameless Plug) gives me php and a mysql DB for $7 bucks a month, and that's probably more than I should be paying. If I want perl/python that goes up to $100/mo...

Re:Not sure what you're talking about

So the sort of people who claim that PHP is worthwhile are those who stick with a terrible webhost and have no clue how much they should be paying?

Yes, that sounds typical.

Re:Not sure what you're talking about

[Bing+Tsher+E]

You can get an account on freeshell.org and have a lifetime 'free' website with PHP and MySQL for making a single-time ~$40 donation to upgrade your account. It's been awhile since I got mine so I am not certain that's current. But I paid once and have never had to pay again. My pages has various little PHP dingbat calculators that are popular with a small group of people who play a specific game. I've never used the MySQL backend but it's there.

Re:Not sure what you're talking about

[jrumney]

My host for my hobby site gives me php and a mysql DB for $7 bucks a month, and that's probably more than I should be paying. If I want perl/python that goes up to $100/mo.

I'm paying $7.95 per month for a virtual machine, and I don't think that is the cheapest option. If I want to put perl or python on, I can, although last I checked a J2EE server was running into the RAM limits for the VM to do anything non-trivial with it.

Re:Not sure what you're talking about

[countach74]

Except nothing you just said is true. PHP is not faster than Python or Perl. PHP is not cheaper to host than Python, Perl, Ruby, etc. And most importantly, no you cannot do anything in PHP that you can do in Python or Perl! At least, not without writing C extensions.

Re:Not sure what you're talking about

If I want perl/python that goes up to $100/mo...

Not sure what you are talking about, you can get a DO account for 5 bucks. Linode is 10.

Re:Not sure what you're talking about

PHP is cheper to host. It is very simple to setup a godaddy or hostmonster account for under $10 a month. Where as with ruby (ruby on rails), python (django), and other languages it can cost $30+ with some of those hosts.

Re:Not sure what you're talking about

[lucm]

Getting a VM (VPS) is not the same as shared hosting. WIth a VM you have to install, maintain, patch and monitor everything yourself. Obviously cheap providers that offer PHP/MySQL hosting for $3 a month won't offer terrific performance, the resources will be shared with a lot of other customers, but for a simple website with maybe a shopping cart and a small catalog it's far less overhead to use shared hosting than a VM and there is a big market for that.

This being said, there are lots of cheap hosts that offer not only PHP but also Perl and Python; even Java or .Net providers can be found for $7 per month. So I'm not sure why the OP talks about $100/mo.

As for cheap solutions: OpenShift (Red Hat) has a pretty decent free tier that comes with PHP, Perl, Python, Ruby, Node.js and MySQL, but to run java it gets more expensive quickly (about $50).

Re:Not sure what you're talking about

[jrumney]

I'm aware of the differences in administration load between a VPS and shared hosting, it comes down to how much freedom you want over what you can do with the server vs convenience of not having to deal with administration, but generally shared hosting is a step down on the cost scale from VPS, so the $100 for Python or Perl hosting makes no sense.

Re:Not sure what you're talking about

At least, not without writing C extensions.

Which you can also do in Python (e.g. by using SWIG), and probably Perl, Ruby etc too.

Re:Not sure what you're talking about

[abhi_beckert]

I've never done my own garbage collection, and PHP just updated it in 5.3.

PHP works, it's fast as heck, and I can do anything you can do in python/perl just as well and way faster.

I don't know about python/perl but there are operations in PHP that need 200MB of memory which I could achieve in C with only 20KB of memory.

That's a 10,000x increase in memory consumption for PHP. If this has improved in version 5.5 I can't wait to give it a try.

And it's not just memory consumption, there are times when I run a xhprof on some slow PHP code and find out it's spending 90% of it's time allocating and/or freeing memory. If it used less memory, it would spend less time managing it.

PHP is a great language, but it's definitely not perfect. Memory and performance are "good enough" in most cases, but it's far from great.

Also, I have had to do my own manual garbage collection at times. There are no manual malloc/free API calls but I definitely do need to make use of unset() at times or otherwise refactor my code to reduce memory consumption.

Re:Not sure what you're talking about

[hankwang]

"WIth a VM you have to install, maintain, patch and monitor everything yourself"

My experience with shared hosting is that they change system configuration all the time without informing me and thereby breaking my scripts. Never have that problem with a VM, but I admit that setting up a VM with dns, apache tweaks, iptables, and so on, is a major effort for someone who doesn't do that for a living, like me. But after that it's very little maintenance.

By the way, the site in my sig runs on shared hosting, including perl CGI and ssh, for EUR 7.95/yr. Cheaper than my time in figuring out how to setup multi-domain email in CentOS on my VM. But I had to tweak my scripts to deal with the peculiarities of this hoster and live error logs only available via directadmin...

Re:Not sure what you're talking about

[LordThyGod]

So the sort of people who claim that PHP is worthwhile are those who stick with a terrible webhost and have no clue how much they should be paying?

Yes, that sounds typical.

Actually I think its more that a certain percentage of the population has as the top priority just being able to get something done, and the low level details of this or that's garbage collection and memory management is way, way down the priority list somewhere.

Re:Not sure what you're talking about

[TapeCutter]

low level details of this or that's garbage collection and memory management is way, way down the priority list somewhere

Agreed, any memory leaks or performance problems should fall out in testing. The major problem I have with PHP is it's poor backward compatibility with previous versions, that sort-coming can quickly turn into a giant configuration/maintenance headache. Glad to see they are trying to do something about it.

Re:Not sure what you're talking about

A webpage with an empty HTML body element. At least add some text saying you require JavaScript.

Re:Not sure what you're talking about

[Waldeinburg]

PHP is not cheaper to host than Python, Perl, Ruby, etc.

So you know a company that offers Python hosting for under $2 a month? Please link.

Re:Not sure what you're talking about

[countach74]

If you're after dirt cheap, shitty shared hosting, yes you probably can find PHP hosting cheaper than Python. If you are a sane person who avoids craptastic hosts, the prices even out. If we compare apples to apples, PHP is not cheaper than Python. It's true that Python, like every other language like it, lacks such trivial web host setup as dumping files into public_html, htdocs, or whatever. But that doesn't mean PHP is "cheaper" than Python, it simply means that there's an option available to PHP that isn't available to most other languages (a bad one, at that). But comparing that option to Python is truly comparing apples to oranges; cheap shared hosting with no access to shell, etc. is awful and no one deploying any sort of remotely serious app looks to host that app on such services. If you are to choose a reasonable hosting company or host it yourself, as I do, there is no difference in Python vs PHP pricing (at least, not one in favor of PHP). And no, $100/month is not necessary. Try more like $10.

Still waiting

[Ziest]

I'm still waiting for PHP to be completely case sensitive, a sane scoping scheme and real object oriented (can you say polymorphism)

Re:Still waiting

[Tablizer]

No, case in-sensitive. You got it backward. Case-sensitive derails stuff over persnickity minor differences that my old fogey eyes can't spot.

Re:Still waiting

I'm still waiting for PHP to be completely sane.

Re:Still waiting

If you need your language to be completely case sensitive, then that means you want to have two variables that differ only in capitalization.
You want a variable named "foo" and another variable named "Foo", both with different values?

You Monster.

Re:Still waiting

[creepynut]

PHP already has case sensitive variable names. $Foo and $foo are always different variables.

Function names, class names, keywords (class, function, extends, if, while, etc) are always case insensitive.

However, constants are sometimes case sensitive, depending on their declaration.

I do a lot of PHP development, but these days it's only sane by the fact that I've been doing it so long I understand many of it's weirdness. Also, using frameworks (Symfony 1 & 2) and finally using a template engine (Twig) helps enormously. Helps in the same way jQuery has saved me from writing vanilla JS and trying to deal with browser quirks.

register_globals

[seebs]

The beautiful thing is their lovely page explaining that it wasn't an insecure design, just one which "could be misused".

I'd say that a feature that easy to "misuse" in ways that lead to security holes is, in fact, a pretty good example of an "insecure design".

Re:register_globals

Hey, you go girl. C has it's problems too! Let's be fair about the insecurities involved in malloc, while we're at it. Why hasn't that been dropped?!

You're not remotely aware of what YOU mean by "security", when you're magically turning capabilities into security flaws by fiat.

Re:Too Little, Too Late & MtGox

[RyuuzakiTetsuya]

If you can't tell the difference between GET, POST and COOKIE you have bigger problems.

You complain about that but you suggest Node? Node is fine, but pulling out request variables requires you to parse through the headers and query string.

Further more, sanitizing DB inputs and making sure your logic doesn't suck isn't the worst thing you have to do. Mt.Gox went down because their API was stupid, not because of some fundamental flaw in PHP.

I don't know. php is the Gary busey of programming languages. Used to be kind of crazy. Still slightly temperamental, but getting better.

Personally, I just don't think there are bad languages to develop for. C# is nice, if you don't mind being strapped to IIS or Mono, Python and Ruby are clean and sane, PHP is wacky but gets the job done. Perl is old but dependable and still quite spry. I just don't get the language hate.

A fractal of bad design.

I don't normally like linking to blog posts, but this one pretty much sums up PHP for me:

http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/

His analogy is very apt.

Re:A fractal of bad design.

Rebuttal: http://forums.devshed.com/php-...

Re:A fractal of bad design.

The link there sounds like teh same sort of shit I read when people defend bitcoin. The author has obviously formed some sort of stockholm syndrome like relationship with one of teh world's shittiest languages.

meet the new php, same insecurable, piece of shit language as the old php.

Re:A fractal of bad design.

[TFlan91]

Oh cmon, how many of you out there got into programming solely because PHP was so easy to learn.

Honestly. How many?

Re:A fractal of bad design.

LOL.
His "counter arguments" are basically just saying he already learned this shit language and likes it that way.
I'll agree that a bunch of the arguments in a fractal is just ranting, but there are several very valid arguments, including the argument about certain things being keywords rather than functions, operator consistency, naming consistency.

One of the very amazing things is that the trinary operator just doesn't work properly.
It just shows the kind of mindset the developers have.

Blah blah doesn't understand loosely typed blah.

That statement simply sweeps a whole bunch of complaints away.
NULL < -1, and NULL == 0 isn't a problem with not understanding loose typing.
It's a problem with the basic implementation of the damn language.

Re:A fractal of bad design.

That blog post is so badly written and reasoned, I'm really surprised anyone took it seriously.

Because a syntax works in one (or many languages) it's an expected feature, because it works in PHP differently, it's bad?

The author was not reasoning like an adult, but I agree that the half-reasoned complaints made for an interesting read.

There's no evidence of which approach (@ or try{...}catch(){} ) is a better way to ignore errors, but he lists it as a bad design choice. He should really grow up.

Re:A fractal of bad design.

I sure as hell didn't. I started with VHDL and moved on to C.

Re:A fractal of bad design.

I'm currently employed as a PHP developer, and I have to agree completely.
Why are people even wasting their time improving PHP, fixing a detail here and there, when it is clear that none of the big problems can ever be fixed without in effect creating a new language? And when it's clear that PHP can never catch up to *any* of the competing languages?
Please, PHP developers, do me and the entire web development community a favour and just tell the world ‘we give up on PHP, please migrate to something else’.

Some more light reading:
http://phpsadness.com
http://www.phpwtf.org
http://quaxio.com/wtf/php.html

Re:A fractal of bad design.

Wow, never seen that one before, I doubt there's any articles out there which refute it piece by piece.

Re:A fractal of bad design.

[abigsmurf]

(Needle, haystack) , (haystack, needle) is something that irritates. Ensures I'm never sure of my syntax when coding.

There are a couple of annoyances outside of that which are trap lots of people learning to code in the language:

"while (fgets($file))" doesn't return false when it should (eg at the end of the file or if there's an issue with the file handler like most readline functions in other languages do. Given this will often cause the server to become completely unresponsive until the script (hopefully) times out, it seems a massive oversight.

if ($variable = 5) . A simple typo that can take hours to debug and spot and most developers fall victim to it at least once. Is a warning really too much to ask?

Re:A fractal of bad design.

That blog post gets linked to death. No need to do it again.

And analogies are never apt. If you don't understand the subject, don't join the discussion. Dumbing something down to an awkward in order to explain something will teach noone anything about the actual subject.

Re:A fractal of bad design.

[DrGamez]

I've literally never seen anyone read this and be able to intelligently disagree with the issues raised.
It all just comes down to "but it works for me, you must be stupid.", which is a shame.

Re:A fractal of bad design.

[viperidaenz]

This part is funny

I'm beginning to think he's never used a programming language at all. Is it just me, or should every web language have server-level error reporting configuration? What does Python do? Just spit all errors to the screen no matter what? If you want to log to a file, you have to do that by hand for every error? That sounds awful. Or he's full of it.

How about.... catch the error and handle it gracefully?

Re:A fractal of bad design.

[caseih]

Just wasted a ton of time reading through that rebuttal thread. Wow. Eevee is very articulate and pleasant. ManiacDan on the other hand tries to turn just about every specific language criticism into, "no it's a feature!" and a personal attack on Eevee. It's clear that Eevee has broad experience in a variety of languages, including PHP, but ManiacDan has had very little recent experience outside of PHP. ManiacDan came off sounding more like a person defending the indefensible. But I suspect the same conversation would play out on the forums of most any language when specific criticisms are addressed.

And remember, whitespace-syntax of Python really *is* a feature. ;)

Re:A fractal of bad design.

The first programming I did involved entering opcodes into a Radio Shack EC-4000 calculator. Two years later during a field trip to the high school, a guidance counselor informed me that people actually do that sort of thing for a living. I've been hooked ever since.

This being slashdot, expect the next poster to regale you with stories of vacuum tubes, paper tape, or punched cards. OK, I've done Fortran 77 on punched cards, but vacuum tubes were before my time.

FWIW, PHP is my least favorite language by far. I would not be surprised if initial exposure to PHP has encouraged some potentially great programmers to pursue careers in marketing or perhaps even janitorial service.

- T

Re:A fractal of bad design.

> I've literally never seen anyone read this and be able to intelligently disagree with the issues raised.

You aren't looking very hard and you probably don't understand that "better" versus "worse" arguments aren't objective. There isn't anything current or informative about the fractal post. PSR attempted to address some of the more practical issues he mentioned, but most conventions are demonstrably unnecessary for an effective language.

I'll just take a moment to go through the points in the "Core Language" section.

> PHP was originally designed explicitly for non-programmers
> PHP is built to keep chugging along at all costs.
> There’s no clear design philosophy
> PHP takes vast amounts of inspiration from other languages, yet still manages to be incomprehensible to anyone who knows those languages
> Weak typing is ... complex
> Little new functionality is implemented as new syntax
> Some of the problems listed on this page do have first-party solutions—if you’re willing to pay Zend
> There is a whole lot of action at a distance
> The language is full of global and implicit state
> There is no threading support whatsoever
> Parts of PHP are practically designed to produce buggy code.
> PHP is a community of amateurs

Explain how any of these assertions are bad? Wat — Destroy All Software Talks is fascinating theater, but has no bearing on engineering process....unless you put forth a definition of "bad". Weak typing is useful and type information is useful. This does not make strong typing good or bad and weak typing good or bad. The burden of proof is a statistical conclusion showing correlation of metrics and not an inflammatory blog posting saying "this is strange". I cannot understand why intelligent people cite arbitrary findings based on thrown bones. The disturbing trend, is when senior personalities use their notoriety to push similarly vapid agendas.

Consistency is related to symbols and naming, so most of arguments are based on the assumption that PHP got it wrong and every other language got it right, despite the fact that naming ALWAYS breaks down in consistency. ie Ruby:

my_param_a ||= 1 # Errors out
my_param_a = my_param_a ? my_param_a : 1 # works

Side effects to solutions are expected. If it blows your mind that practical reality doesn't match theory, it's either your thought process or the language which is has a problem. The reasons that developers are drawn into these arguments, is a fascinating topic related to a social norm (hubris) and lack of critical thought (ignorance).

Your first thought, as a scientist, is to recognize the shocking lack of substance of Fractal. It serves as a tragic example of how a wild rant is considered the current bar for language analysis.

Re:Too Little, Too Late & MtGox

The very fact that several websites exist to document inconsistencies in the language implementation should make you wary.
Where do you find compiler devs who manage to evaluate 0x0+2 to 4?
The fact that there is a function called real_escape_string scares the shit out my me, because it implies there exists a function called escape_string which doesn't really escape strings.

Then find a new host.

You can get a dedicated VPS from any number of companies for ~$20 a month and run QBASIC on it for all they care.

Re:Then find a new host.

You can get 20 dedicated VPSes for ~$20 a month and run them as a beowulf cluster for all they care.

Re:Then find a new host.

[rvw]

You can get 20 dedicated VPSes for ~$20 a month and run them as a beowulf cluster for all they care.

Yeah right! Beobunnies run faster than that!

You're doing it wrong

Sounds like your shameless plug hosting provider doesn't deserve any plugging. Get a VPS http://lowendbox.com/ and pay even less than 7 bucks/month. Hell, I had hosting for a buck a month which included Perl and Python until the owner passed away.

Re:You're doing it wrong

If 4chan decides you're on its shit list, you're probably going to experience downtime no matter what.

You do not, however, need all of what you describe, for almost any given website. A layer of caching will hide a multitude of sins.

Cache, cache, compress, and cache. If it doesn't need to be computed, don't compute it. If it doesn't need to be refreshed, don't refresh it. Farm your comments out to Disqus, generate static HTML, minimize the use of images, and serve as much as possible in a single request.

Your server should not be doing things that spike the CPU utilization, and it definitely should not be doing that regularly. If and when you have to generate content, if the server isn't done with what it needs to do within 200ms, if it uses more than a couple megs doing it, and if disk space is at all a concern, you are doing it wrong. For bandwidth, you may have a point, but if you are doing your job, you're going to try to minimize bandwidth requirements anyway, and if you really need that 100Mbit, [a] one hopes that you're making enough off of that venture so that bandwidth costs are not an issue, and [b] you should probably be dropping that money on a CDN and not a single server. However, most websites will be just fine with a minimum of CPU, 256 MB of RAM, a couple gigs of storage, and a 10Mbit pipe. Keep in mind that the most common platform is Wordpress.

Now, post what sites you think are normal that need 200 GB of space and an unlimited 100Mbit pipe. All I can say is that's one hell of a furry fetish site. Actually, I lied, I'm kinda doubtful that you know as much as you think you do.

... 100$/mo on a crappy VPS you never use ...

Weren't we just talking about lowendbox.com ? Try $10/mo. And yes, that should get you plenty of system.

Hosting is not a zero sum game...

Non sequitur. It is so far from being a zero sum game that it makes literally no sense to include the term. Hosting is also not a game, and also not a jelly donut, nor yet a discreet sex toy. Don't try to rescue it, just accept the rhetoric fail.

Re:PHP still sucks.

Let me know when they fix at least half of the issues listed in this article .

Of course CGI.pm?

You might want to check out Dancer (or Dancer2) or any other modern Perl framework to make life a little easier.

I've heard that before

[Tablizer]

"Magic mix-and-match e-Lego's" == Marketing Buzzshit

Re:Too Little, Too Late & MtGox

[Camel+Pilot]

Why in 2014, do I have to decorate variables with '$'?

Well for one thing effortless string interpolation... and it nicely identifies what is a scalar

Re:Too Little, Too Late & MtGox

[Tablizer]

The fact that there is a function called real_escape_string scares the shit out my me, because it implies there exists a function called escape_string which doesn't really escape strings

That reminds me of people who call a document "x_final", but then change their mind and so create a second one called "x_final_final", and change their mind again to get "x_really_final_this_time_I_promise". I suggest version numbers, but then they say, "But version numbers don't tell me which one is final". I gave up on them.

Re:PHP

[Tablizer]

Every common language out there has ugly stuff of one kind or another.

Re:Too Little, Too Late & MtGox

I used to think there weren't plain bad languages. Now with more experience under my belt, I know better.

Every language has quirks. You get used to them, and do what you need to do. PHP is almost nothing but quirks. The only languages I can think of worse than PHP are those deliberately designed to be bad: Brainfuck, Malbolge, INTERCAL, and the like. I'm not even sure that some of those are worse than PHP.

The entire structure and implementation of PHP screams of hasty decisions by cowboy coders who just decided to write an interpreter one day without sitting down and actually designing anything. Reading almost anything about the language is an exercise in counting and cataloguing "WTF" moments of various magnitudes. There have been many "new PHP" modifications, addressing various numbers of warts in the language. However, there are so many misfeatures and design flaws in PHP that such a process would be effectively unending even if the alterations weren't themselves riddled with defects.

If I wanted to buy a PHP hosting package, I could

A cheap VPS with full Perl/Python support costs less than $7 per month, and you can run PHP on it if you really want.

https://cloud.atlantic.net/index.php?page=signup_ws
https://www.digitalocean.com/ .. (there's LOOOOTS more) ... or just use Google AppEngine if you really want Python....

real_foo_bar() and somesuch_improved()

[Mister+Liberty]

Make PHP the lauging stock of many a programmer.
The language's development has been in the wrong hands from day one.

You can do great things in Python because of Python.
You can do great things in PHP in spite of PHP.

Re:real_foo_bar() and somesuch_improved()

[dejanc]

mysql_real_escape_string is a wrapper of a C function. Does that make C the laughing stock for you as well?

I keep saying this on Slashdot: PHP has it's weaknesses, but inconsistent naming conventions isn't a major problem. What made PHP the laughing stock is looking at incompetent coders' code and thinking that's how you do things in PHP.

PHP is a good language for web development. It has an easy learning curve and gives you power to shoot yourself in the foot. Combine those two and you get a bunch of atrocious code floating around the web from the hands of incompetent. But you also get rapid development with very readable code where new programmers can easily jump in in the hands of competent.

P.S. mysql_real_escape_string is now deprecated. PHP has come a long way since its atrocious beginnings and TFA talks about that (clue is in the title).

Re:real_foo_bar() and somesuch_improved()

[Chrisq]

mysql_real_escape_string is a wrapper of a C function. Does that make C the laughing stock for you as well?

Wrapping your house in toilet paper would make your house a laughing stock ... that doesn't mean your house is now though

Re:real_foo_bar() and somesuch_improved()

[vilanye]

That mysql_real_escape_string and other abominations such as register globals ever existed is proof of the dev teams incompetence.

The fact that they actually tried to use val > INT_MAX to detect integer overflow is just confirmation of their incompetence.

Re:Too Little, Too Late & MtGox

[scorp1us]

In an object oriented language, as PHP attempts to be, $ is a stupid idea, just like decorating variables with types, like bInstalled (bool installed) it iMaxLength. It's not such a bad idea in JavaScript though, where anything goes.

Love PHP

Why? Because it pays my rent!

Re:Love PHP

[sulfide]

sucking cocks pays rent too probably even better, why not go do that?

Re:Love PHP

The voice of experience addressing us, no doubt.

except...

... I'd rather poke my eyes out with PHP than even think about putting Java on my server.

Re:Too Little, Too Late & MtGox

[scorp1us]

You might not be aware of PHP in the old days, but they used to move all the variables into the script so that
$_GET['x'] and $_POST['y']

would be $x and $y... ("register globals") So yeah, you couldn't tell where they came from. The situation with $_* greatly improved things especially when they deprecated register globals.

Re:Too Little, Too Late & MtGox

There never really was a time when any single programming tool or paradigm was a "good thing".

You also have best practices on Desktop programs. There is nothing that stops desktop devs to concat SQL query from textbox.(get)Text and suffers from SQL Injection, like I did when I was in high school, and like the many production code I have fixed since then.

Windows, Java, Flash, and PDF Readers are not coded in PHP, yet they are also buried neck deep in security patches. Unix/Linux neither, and it's thanks to them how "rootkit" got its name.

Re:Too Little, Too Late & MtGox

[scorp1us]

You never should have to sanitize your db inputs. Why? Because then you have to always unsantize them, else you end up with a crap string because it isn't escaped/unescaped enough times. The right thing to do is to use the database driver's bind interface. Basically, your DB values should be treated as opaque blobs as far as entry and retrieval go. Now if you need to verify a date, that's another matter. But you should be treating them as opaque blobs, full of nulls, quotes, semicolons and unprintable characters.

Re:Too Little, Too Late & MtGox

[Dan+East]

I do a lot of coding in PHP, and there's a lot of things I don't like about it, but your particular dislikes don't make a lot of sense.

Why in 2014, do I have to decorate variables with '$'?

It's not like PHP was written in 1965 and thus there was some hardware (memory footprint, compilation speed, etc) reason variables are prefixed with a dollar sign. It was a design choice. That's so you can do this:
$count=5;
echo "The total is $count.";

And you can use the same variable syntax in your code as in strings that are automatically parsed.

Why is the assiciative array syntax take two characters that look a comparison operator?

It doesn't "look" like a comparison operator if you actually know what the operators are. <= and >= are comparison operators, and => is not a comparison operator in any language I've ever used. A single equal sign looks like a comparison operator too, and woe to the developer that doesn't have the universal C-like basic operators (used in dozens of modern languages) memorized backwards and forwards.

Why do I need == and ===?

For the same reason that Javascript and other scripting languages need it. Those languages do automatic type conversion, and sometimes you don't want that to occur. The alternative is manually casting things, which isn't very script-like at all, and having to explicitly deal with types is more like C than an "easy to use" scripting language. Thus there are two equality operators for the times you don't really want 0 to equal null to equal false.
This one is even more ironic considering Javascript based node.js is your favorite server side platform, and thus you would also have to use both == and === operators in your preferred language anyway.

ANd vaiable confusion between $_GET, $_POST and $_COOKIE

I don't even know where to begin on this one. They are 3 entirely different things, with the most self-explanatory names I can think of. That's exactly as it should be. Look at $_REQUEST if it's too difficult to figure out which you should be using (and woe to your client if that's the case).

Re:PHP

[Mitchell314]

I was about to make a joke, but seriously, the only language I can think of that doesn't have some nasty gotcha is . . . . ugh . . . BASIC. Python has the whole whitespace deal, Perl code tends to be unkempt, Java is fuggin java, Ada is a secret government spy, I don't even want to talk about C++, Bash is fine as long as you never have the misfortune of using quotes or variables, C guarantees regular segfaults, Matlab/Octave will delightfully inform you of your bugs deep in system library code, SAS's userfriendliness pars that of installing Linux from scratch, you can't write more than four lines of Fortran without painting some Star Trek action figure, and just fuck Cobol.

Honestly, BASIC's wins this round just by virtue of being so limited that it's hard to shoot yourself in the foot. I don't count GOTO, as jumps aren't really language specific. Having tutored programming for years, I can say that students are perfectly able to write speghetti code with or without goto. :p

Its you that suck

Take a bad programmer and they can turn anything into a mess. Don't blame it on the language.

Re:Too Little, Too Late & MtGox

[scorp1us]

It's that same easy substitution, i.e. $sql = "SELECT fname, lname from people where id='$id'" that leads to data breaches.

Moving to Python

[EmperorOfCanada]

I have build some very large PHP based web systems(over the last 10 years) and recently dipped my toes into the Python pond. My python skills might be a tiny fraction of my PHP or C++ skills and I doubt that I am using Python anywhere near its potential, yet my productivity is already much higher and getting faster. I am waiting for there to be a catch but so far I haven't found one.

It is shaping up to be one of these things where my only regret is not switching sooner.

I was a huge defender of PHP for a long time but that time is over. There are interesting things like HHVM that are another bandaid for PHP but I am sick of making PHP work. I am sick of typing all those stupid dollar signs. I'll just say what so many have said before, "Python is like typing pseudo code, except you are actually coding." I don't look at my python and shudder.

PHP reminds me of some of my own projects where I changed course many times leaving strange little architectures and changes in philosophy. The longer the project goes on and the more it changes direction the more debris it leaves behind. It is not necessarily broken just sort of all just off.

Where Python is a tiny problem with the web is that setting up a development environment took me a tiny bit more work than the usual LAMP setup. This might make it harder for beginners but maybe that is a good thing. I don't mind leaving the beginners back in PHP land.

Re:Moving to Python

Have you looked at Django for your LAMP setup? https://www.djangoproject.com/ I found this to be a great way to build websites with Python and creating a dev environment was pretty easy.

Re:Moving to Python

[EmperorOfCanada]

The stuff I build is way to custom from start to finish for any framework to be much help and frameworks for my work are generally a hindrance. Right now I am flasking it and looking at Pyramid. My main problem is that WSGI seems to have a happy place with lighthttpd or nginx but with a large legacy php base mod_wsgi will have to do for now.

Re:PHP is Phirst Homepage Post

[kernelfoobar]

yeah, you Phail it...

Re:Too Little, Too Late & MtGox

[Dan+East]

Like making it more difficult syntactically prevents SQL injection attacks either:

var sql="SELECT fname, lname from people where id='"+id+"'";

Same vulnerability in Javascript.

Re:PHP

[MightyYar]

you can't write more than four lines of Fortran without painting some Star Trek action figure

I like that. I'm going to use that.

And GOTO is over-villified. In BASIC it is the only sane way to do error handling. In other languages, I frequently use the "continue" operation, which is just a limited goto with a different name.

Yup, better

[JeremyWH]

We use PHP and have recently moved to the Laravel framework and PHP5.5. Small things like [] for array is great. Fast, and Laravel 4 means MVC. And , off topic, but apache (2.4) configuration is pants and makes no sense!

Ugh

I don't hate PHP, but I hate Frameworks.
As PHP evolved, features kept being depreciated and with 5.5, they will finally break Wordpress. Wordpress started causing problems at 5.3 because of changes to OOP sanity checks.

But seriously, please wean yourself off the OOP teat, Perl was not designed as OOP, and OOP rendered it completely useless as a web language. PHP wasn't OOP, but kept gaining OOP features, and again it's being rendered useless as a web language. Javascript's the only thing that has resisted becoming an unmanageable OOP hellhole.

Package management systems in Perl rendered upgrading any one thing a hazardous house of cards, and we're just content if upgrading Perl itself doesn't catch the server on fire. PHP hasn't adopted this insanity, and I hope it stays this way.

Re:Ugh

[Waltre]

You should really evolve to start making use of the OOP features. Seriously, once you spend a few years applying OOP you will laugh at Wordpress, it's pretty terrible software. I'm not trying to be antagonistic or anything, it's just a step you should be making to be a better developer.

Yeah but

Python will send your future children to college.

Re:Too Little, Too Late & MtGox

[RyuuzakiTetsuya]

You mean like PDO?

By sanitize, I mean, don't just write, "INSERT INTO table (col1, col2, col3, col4) VALUES ($unescapedValue, $hosed, $haxedLol, $bobbyTables)".

Which you can totally do in Ruby, Python, C#, NodeJS, etc.

I know mysql_real_escape_string is kind of a pain in the ass. Not to mention a huge WTF. Is the other one fake or something? Still, it's not perfect, but can you do Real Work in it? YES. It's not MUMPS for god's sake.

Re:Too Little, Too Late & MtGox

[RyuuzakiTetsuya]

register_globals hasn't been part of the default PHP runtime since 2002.

see: http://www.php.net/ChangeLog-4...

There are a lot of WTFs to PHP, something that hasn't been true since the first Bush administration isn't one of them.

It's still unmaintainable crap

[msobkow]

PHP's biggest problem is lack of modularization and encouragement of inline script hacking. It suffers from SQL that lacks proper commit controls. Implementations I've used leak connections like a seive, forcing restarts of the database servers on a regular basis.

Bottom line: PHP is the one tool I've used that I hate more than JavaScript. JS is functional elegance compared to PHP spaghetti.

Re:It's still unmaintainable crap

[dackroyd]

> It suffers from SQL that lacks proper commit controls.

Wat?

> Implementations I've used leak connections like a seive, forcing restarts of the database servers on a regular basis.

While that must have been frustrating for you - that's not a common complaint, so was probably specific to either your DB or configuration.

> PHP's biggest problem is lack of modularization and encouragement of inline script hacking.

You mean you suck at writing decent code, without being forced to do things 'properly' ?

Re:It's still unmaintainable crap

[Dynedain]

Implementations I've used leak connections like a seive, forcing restarts of the database servers on a regular basis.

The only time I've seen this was when a "Java Expert" built out a platform using PHP, and tried to make it jump through hoops to work like Java. Net result? Factory factory factories (not exaggerating) that resulted to an amazing kludge of massive memory-hogging threads which brought the servers down on a 2-3 hour cycle. Took massive refactoring to clean up that mess.

A scripted language fundamentally works different than a compiled language, and trying to force one to be structured like the other is a recipe for disaster no matter which way you go.

Re:It's still unmaintainable crap

[msobkow]

No, it means people keep demanding that I work on PHP I didn't create and it's all steaming piles of SHIT.

Like PERL, you can create maintainable and readable PHP. Most people don't. They hack something together thinking they'll need it for a month and be done with it, and the steaming turd keeps on in production for years afterwards.

And then some poor fellow like yours truly is expected to enhance the god damned thing which has no comments, uses perverse libraries that no one else uses and which haven't been maintained in a long time, and best of all, you're expected to do so in record time because it "only took a week" to write the festering gob originally.

Re:It's still unmaintainable crap

[msobkow]

My response to those demands nowadays?

"Yes, I know PHP. That's why I won't work with it. You couldn't pay me enough to take on a PHP project."

Re:It's still unmaintainable crap

[msobkow]

The fellow who wrote the original code used a library I'd never heard of for MySQL connectivity. They didn't know how to use SQL properly. They didn't know how to error check results. Hell, they didn't even know how to sort data for the users as they'd been asking him to for months before.

But no, he left the company and the steaming pile of crud was dropped in my lap to fix.

By the time I was done stabilizing the thing, there must have been a whole 10% of the original code left.

Just because it's possible to write readable and maintainable PHP doesn't mean it happens any more often than with PERL.

I've never started a PHP project, but I've been called on to fix several.

Nowadays I deny any and all knowledge of PHP and refuse to get suckered into fixing someone else's hack job of code ever again.

PHP sucks farts off dead chickens in the hands of an amateur, and 99% of the people who "recommend" PHP are amateurs.

Re:It's still unmaintainable crap

[DrGamez]

You do realize PHP function calls are more expensive than other languages right?

Why are you taking assumptions on how this person writes their code? How is "inline script hacking" not the definition of doing things the un-proper way?

Re:Can I get a warning on undefined variable reads

[webnut77]

Until I can get at least a warning on reads to undefined variables I will never use PHP for anything serious again.

Look into ini_set. Specifically 'error_reporting'.

Re: Can I get a warning on undefined variable read

Actually you can....change the error setting level in the php.ini file.....

Sounds like that old Ford commercial

[defcon-11]

Have you coded PHP lately?

bacony

"no you cannot do anything in PHP that you can do in Python or Perl!"

that statement in itself is true, but PHP is a web language and as for things to do ON THE WEB yes I would argue it is more feature rich.

Even if you disagree with the Python comparison it certainly beats the current state of Perl all the hell.

Source: I've developed in all three for work.

Re:bacony

[abhi_beckert]

"no you cannot do anything in PHP that you can do in Python or Perl!"

that statement in itself is true, but PHP is a web language and as for things to do ON THE WEB yes I would argue it is more feature rich.

Even if you disagree with the Python comparison it certainly beats the current state of Perl all the hell.

Source: I've developed in all three for work.

I've only ever developed in PHP (well, I tried ruby for a few months then ran away screaming in frustration), but I know of things in python/perl that PHP is missing.

For example PHP doesn't begin executing your code until after the browser has sent _all_ of the post data. This makes it impossible to create a file upload progress bar in PHP. You can do it in modern browsers with javascript now, but previously it had to be done server side and only languages like perl can handle that - because they begin executing the code before the browser has finished sending all the post data, allowing the perl script to communicate progress updates back to the browser.

Re:bacony

[wonkey_monkey]

http://www.php.net/manual/en/s...
http://pecl.php.net/package/up...

Re:bacony

[Hognoxious]

"no you cannot do anything in PHP that you can do in Python or Perl!"

that statement in itself is true

Actually it isn't. Read it again, carefully.

Re:bacony

I've only ever developed in PHP (well, I tried ruby for a few months then ran away screaming in frustration)

So you are a technically illiterate fucktard.

Good to know

fanboys

here is where all the fanboys come out. there is a reason PHP is the most popular language on the planet. Easy to learn and gets the job done. deal with it. Use a good framework like Laravel or CodeIgniter and life is good. happy coding.

Re:Too Little, Too Late & MtGox

[Atzanteol]

Don't you mean "mysqli_real_escape_string?"

http://us3.php.net/mysql_real_...

I kinda liked PHP but this stuff started to annoy me. Not only are these methods database specific, but there are tons of deprecated functions in PHP. Sure it's usable - but it's very easy to use functions you're "just not supposed to." Though perhaps that's something they're trying to change as well?

Re:PHP

[lucm]

As soon as the BASIC ecosystem gets a good templating framework like Twig, a good package management system like Composer or PEAR, convenient SDKs for most cloud providers like AWS or Azure, native support for JSON and easy access to mainstream database drivers (RDBMS and NoSQL), I'm definitely jumping on the BASIC bandwagon!

Seriously, if you compare programming languages based on HelloWorld, it's easy to come out with worthless conclusions such as BASIC > $ANYTHING or $ANYTHING > PHP, but when you have to deliver web solutions quickly for clients who frequently change their mind about fundamental aspects of their business or expect your solution to support the latest fad of the week (be it a new social network or a new trend in web design), PHP is pretty convenient. On the other hand I have yet to find a situation where BASIC would allow someone to solve a real world problem except maybe fixing that bug in Gorilla.bas, which is a bit of an edge case.

Re:Too Little, Too Late & MtGox

No one can do a safe site in PHP, it's just too much work to 1) know best practices and 2) code it.

Nobody? Look, just because you are either 1) too stupid, or 2) too lazy [or maybe 3) both] to make a website secure does not mean that nobody else is capable.

Re:PHP

[nickittynickname]

These languages you are referring to are at least consistent. PHP's only consistency is knowing your going to have to look up what ever method you want to use because there isn't a real naming convention, or even parameter ordering. The other horror of PHP is they throw in features to try to make it look like it has features other languages have. It's like someone says, hey that popular, lets throw it in PHP. Then they do a horrible implementation of it. (See namespacing, PHP OO, etc) Much like basic once had, the only thing it has going for it is its ubiquity.

No excusing PHP. No pretending its just as bad as any other language. It is a horrible nightmare to work with.

Re:Too Little, Too Late & MtGox

[lucm]

You complain about == and === in PHP, but then you bring up a javascript solution (Node.js) as an alternative. This leads me to believe that if *you* decided to rewrite Mt Gox using your beloved Node, another hacker would probably get rich pretty soon. And just as it happened with the PHP version of Mt Gox, the problem would lie in the implementation not in the language.

Re:PHP

[phantomfive]

Oh, Dijkstra did it for you:

"It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration."

Re:Too Little, Too Late & MtGox

[snookiex]

There's another (minor) reason to prefix variables with $: That way you can use "reserved" words as variable or field names, say $class, $abstract, etc.

Re:Too Little, Too Late & MtGox

[phantomfive]

Why do I need == and ===?...........My favorite two are Node[JS]

Uh........there's something you need to know about Javascript..........

What alternative to PHP is there?

And I mean an actual alternative with extremely wide-ranging support, ease of deployment in variety of environments (both *nix and windows servers, both dedicated/vps/shared hosting), already has existing large and stable software from framework level to whole off-shelf products for quickly putting a site onto market, large pool of developers, and just generally be production ready, without resorting to deploying your own server and then adding overhead of a system administration? Something actually usable for web-based applications right now for majority of users who just wants something drawn up quick and marketed quickly?

There isn't any beside PHP, and PHP is pretty much the best you have. It can only be a good thing that PHP is improving constantly.

Re:What alternative to PHP is there?

Um, how about Java and Ruby? And to a lesser extent (not quite as much existing code out there) Python, Perl, and Node.js. And if you remove the *nix requirement, ASP.NET as well. There are plenty of Windows hosting services out there for folks who want to use ASP.

The problem isn't a lack of options: Bad programmers stick with PHP because they are afraid of having to learn a new language. Most of the good programmers have already left for greener pastures

Re:Too Little, Too Late & MtGox

[RyuuzakiTetsuya]

They're driver dependent. If you don't want the mysqli set of methods, don't enable the driver.

self created problems

[otc-lame]

A few years ago, PHP had several large frameworks (e.g. CakePHP, CodeIgniter, and so on). Each framework was an island and provided its own implementation of features commonly found in other frameworks.

More like frameworks deliberately exist to create islands with their own implementation of features commonly found in the language itself:

• this vs this
• this vs this
• this vs this

and on, and on, and on...

The headline should read, "Derps fall for new patchwork to solve self-inflicted fracturing problem, film at 11"

Re:Too Little, Too Late & MtGox

[Dynedain]

In PHP this is now solved with parameterized queries. Plus any framework or CMS worth it's salt was doing it already:

$sql = $dbConnection->prepare("SELECT fname, lname FROM people WHERE id = ?");
$sql->bind_param('s', $id);
$sql->execute();

If you're rolling your own DB connection layer in modern PHP, you're doing it wrong.

Re:Too Little, Too Late & MtGox

[Zontar+The+Mindless]

Hello, JavaScript is object-oriented. This is because, in JavaScript, everything is an object. Period. Loose typing and prototype inheritance do not alter this fact.

And you do not need to decorate your variable names with anything in JS.

Returning to the topic: Back in the day, PHP was sort of awesome for those of us who weren't C or Perl gurus, but those times have passed.

Today I don't use it for anything other than the occasional shell script and simple websites that do not involve the transfer of goods, funds, or private info. But I'm sticking to bash more and more for the former, and I don't do much of the latter anymore.

Re:Too Little, Too Late & MtGox

[Zontar+The+Mindless]

Rasmus Lerdorf told me at a con some years ago that he was still amazed at how PHP had taken off: "It was just a hack so I could get some things done, and still, that is all it is now, really."

Re:Too Little, Too Late & MtGox

[Zontar+The+Mindless]

I suggest version numbers, but then they say, "But version numbers don't tell me which one is final". I gave up on them.

I work daily with a codebase full of methods like connect_v1(), connect_v2(), connect_v3(), ... .

You do *not* want to go there. Please trust me on this.

Re:Too Little, Too Late & MtGox

[Zontar+The+Mindless]

Why in 2014, do I have to decorate variables with '$'?

Not a big fan of variable interpolation, I'm guessing?

Why is the assiciative array syntax take two characters that look a comparison operator?

Don't forget to ask Perl the same question.

Why do I need == and ===?

Because the language is loosely typed. There are other loosely-typed scripting languages that have both of these operators as well.

ANd vaiable confusion between $_GET, $_POST and $_COOKIE

So you would prefer to have them all in one array? Or as global scalars?

Seems to me you're complaining about PHP because it's a scripting language and not C or Java.

Here's a suggestion for you: If you don't like the syntax, or if you want strict typing, use something else. If you don't have a choice in the matter, then maybe you should think about looking for another job. Cheers.

Re:Too Little, Too Late & MtGox

[ignavus]

Why in 2014, do I have to decorate variables with '$'?

That is your first complaint about PHP? That? I can't stand PHP but, seriously, that is first on your list of PHP badness?

Maybe he is poor and seeing all those dollar signs depresses him.

the real horror of MtGox

[SethJohnson]

Ok. So yeah. MtGox was coded in PHP and it was compromised recently in a high-profile incident.

And look at MtGox. What was it coded in? PHP!

Sure, some people lost some bitcoins. But what are those?!?!? Intangible sets of numbers and letters that don't exist in the real world. Not to be insensitive, but boo-hoo!

The bigger tragedy here is that the MtGox site had a vulnerability that has probably been exploited for more than a decade by some nefarious organization to steal peoples' Magic The Gathering Cards. These things exist in the real world!!

Re:PHP

The problem was that beginners used goto all the time, and would wind up writing crap. They would use goto in places where other data structures should be, and their code became utter garbage. So goto was villified. Now when writing operating system software, there are data structures that are unique to that type of software. Languages may not natively support those data structures, so developers will use goto's to efficiently exit a routine (and some of their routines are very time critical and can also include logic races and bit banging). If you are writing system software, you are writing software at a different level than an application programmer. You likely have the understanding that the data structures provided by high level languages are basically goto's but wrapped in a package that the programmer cannot break (while or do loops compile to a jump or jump-relative which is a machine lanaguage 'goto', and ultimately the binary winds up setting a new address in the instruction pointer (program counter).

Re:PHP

[Blaskowicz]

BASIC is just imperative programming, and I find it similar to simple assembly programs by the way. It gives you understanding of both and doesn't teach much. C is just BASIC with pointers and functions.
Today that "seminal article" would be called a rant :) and why just stop at defaming BASIC. All imperative programming is like BASIC, some will argue functional programming should be taught instead.

Re:PHP

[phantomfive]

and why just stop at defaming BASIC

He didn't

Re:Too Little, Too Late & MtGox

If you're rolling your own DB connection layer in modern PHP, you're doing it wrong.

The real issue is there's too many PHP shitheads out there still doing it wrong. I just did some maintenance on code that was written in 2012 that had a handrolled db layer full of injection holes. (And a half-assed 'controller' system and all sorts of other common PHP anti-patterns that were popular not more than 5 years ago.)

Note if you google "PHP MySQL" you will get a bunch of tutorials teaching the wrong way to do it even to this day.

Lousy coders will be lousy coders

[SmallFurryCreature]

And how is this different from "SELECT yada yada " . id . " yada yada"

How exactly does ANY language that allows catenation not allow you to enable sql injection attacks?

"Coders" like you want a language to protect you from being stupid because you are stupid. It is your kind that insists everything be made child proof because you are a child yourself.

Re:Lousy coders will be lousy coders

[scorp1us]

Well, it's like giving children knives and telling them to go play. They are too inexperienced to know the possible outcomes of knife usage. Whose fault is that? If you're going to give them a knife, make sure it at least has a sheath with it. The simple way to do this is to only give them a prepare/bind interface.

Meanwhile in PHP every sql demo and intro I see is gluing SQL together. You have to go looking for the bind interface.

Re:Lousy coders will be lousy coders

[ultranova]

"Coders" like you want a language to protect you from being stupid because you are stupid. It is your kind that insists everything be made child proof because you are a child yourself.

Coding is a bit like driving: everyone is better than average and doesn't need safety features, but amazingly enough, those features still save lives. Now, of course you don't ever make mistakes, but mere mortals do, so programming languages that come with mandatory training wheels are a sad necessity to limit the havoc.

Taking into account Murphy's law is neither childish nor stupid, it's just good engineering. Name-calling, however, is both. You're exactly the kind of "l33t h4x0r c0d3r" who'll end up coding the next Mt.Gox.

That URL brings up a question

How many of those things are fixable while PHP still remaining recognisable as PHP, or even reasonably compatible with existing code?

Re:Too Little, Too Late & MtGox

And variable-variables. $foo = 'bar'; $bar = 'lol'; echo $$foo;

And a possibility to access variable object properties without having to treat objects like associative arrays or vice versa. $obj->$prop;

Frameworks

I don't see the need for PHP frameworks in the first place. They add zero functionality, they make the code a mess and PHP itself is pretty complete and versatile in the first place.

Re:PHP

Every common language out there has ugly stuff of one kind or another.

The usual excuse... Because no language is perfect does not mean we have to use the worst one.

Re:PHP

[TeknoHog]

Python has the whole whitespace deal, Perl code tends to be unkempt

Now this is a great comparison. One language is bad because it enforces tidiness, and the other is bad because it doesn't.

Re:Too Little, Too Late & MtGox

[drinkypoo]

The real issue is there's too many PHP shitheads out there still doing it wrong.

What I don't get is why the PHP shitheads don't use a framework. I am a PHP shithead so I use Drupal. I know I don't know a lot of PHP. I don't want to. But I wanted something I could conveniently host anywhere and I've got it.

Re:PHP

[Max_W]

I would say even more. Any language has its weaknesses. Even Great English Language. For example, a tower dispatcher says to pilot: "Turn left. Right now!"

PHPs badness is its advantage.

[Qbertino]

I love Python, I think JavaScript is sort of OK and I did a lot of serious programming in ActionScript 2&3, both of which are quite simular to JS. I was basically forced into doing PHP by the market. I never really liked PHP but I really never hated it either. The thing about PHP is that it's so specific in its domain and such a hack that no one doing PHP development for a living will go around boasting about the greatness of the language. There is a refreshing lack of arrogance in the PHP community which, in my observation, makes it very easy for n00bs to pick up. As a result we get countless people reinventing the wheel in PHP and discovering basic programming patters anew for them selves and starting yet another Framework/CMS/Whatnot and the results often are really bizar. But the community remains alive that way.

F.I. I'm working myself into Drupal at my current employer because it's the prime go-to CMS here. It's like a live alice in wonderland trip. A strange historically grown mess, barely tamed by sanitiy and a relentless chaotic community that all by accident seem to come up with hacks that somehow solve the problem in some way. And yet there's a solid global corporation building its business all around Drupal. The surreal hacks with which the Drupal people solve their problems are mindboggling, and yet everybody seems totally OK with it. And Drupals track record of deployments is impressive.

I guess with PHP it's somehow like the C vs. Lisp argument: C is so shitty compared to Lisp that you have to get yourself together and work as a team, or you won't get anything done. Hence Lisp has this loner exisitance on the side and all the real work gets done in this ancient C thing.

PHP is a simular thing. It is so bad that no respectable programmer would pick it up voluntarly nowadays, but yet it grew out of Perl (which is worse in some ways), was somewhat of an improvement and was at the right place at the right time. The badness of PHP accounts for its considerable lack of arrogance (compare the PHP community to the Ruby community for instance) and for no one feeling guilty when he does a quick bad hack.

As a programmer you don't feel dirty when you do bad programming in PHP, you already felt that when you picked PHP as the solution. Hence quite a bit of work gets done in PHP. That's why PHP has Drupal and Typo3 and Joomla and the Java Community has nothing of that proportions. The barrier of entry into PHP is *very* low which gives it its momentum.

My 2 cents.

Re:PHPs badness is its advantage.

[abigsmurf]

Drupal is great in that it's gotten me lots of jobs and also lessens the whole "we need you to learn the structure of our horrible proprietary CMS" situation.

It is depressing just how many horrible hacks you find you need to do for 'basic' things. At the end of large projects I always tend to find I've a huge number of indecipherable preprocess functions in template files and custom modules.

At least 99% of the time, someone has had the exact same issue you're having. Just a shame you have to sift through 100 post threads with dozens of different patches to try or people who fixed the problem but in Drupal 6 (it's going to be fun when Drupal 8 arrives and 99% of the message board becomes unhelpful)

Re:PHPs badness is its advantage.

[Dynedain]

As somehone who's done a lot of CMS implementations, the Java community does have things comperable (in scale and functionality) to Drupal, Joomla, Typo3 (god I really hate that last one). But because of the infrastructure and development costs (instead of shared hosting and the kid next door), Java CMS stacks are typically very large "enterprise" solutions with big licensing costs. Adobe AEM (formerly CQ) comes to mind.

Re:PHP

Every common language out there has ugly stuff of one kind or another.

The usual excuse... Because no language is perfect does not mean we have to use the worst one.

Exactly the same excuse used by Muslims. "Yes we blow people up, rape, and murder but some Christians did the same thing in medieval times"

several large frameworks

Having "several large frameworks" is the biggest problem in software development today. For any problem, there are several large solutions that all do the same thing in different ways, and no matter what you learn to use, the next person always wants the same thing done with a different package. This is not good for programmer's brains, especially coupled with the Cambrian explosion of languages recently. I get to where I can't even remember what language I'm using, since they're all the same but different. (Mostly all using some kind of C or Java syntax, but each different from the other.) No wonder software development is in decline and people are avoiding it as a career or dropping out.

encouraging good programming practices matters

> You mean you suck at writing decent code, without being forced to do things 'properly' ?

You don't always write all the code you use. That's why encouraging* bad code practices the way PHP does is not a good idea.

What do you do when you find a library that does the job but is poorly coded? You are practically screwed. Good luck arguing with your boss that despite that the library works it should not be used. And after you lose the argument, good luck fixing any unforseen bugs that come up.

*I would say "allowing" here, but looking the code snippets displayed all along php.net "encouraging" sounds more apt.

Re:PHP

There is nothing ugly in Brainfuck.

Re:PHP

Not to be taken the wrong way, but just one minor correction: You can deal with JSON natively in VB.NET :)

Clearly this means BASIC is superior in every possible way (sarcasm)

Re:Too Little, Too Late & MtGox

[i.r.id10t]

And there used to be an import_request_variables() function that would allow you to define which request vars (get, post, cookie) you wanted and a prefix for them.

import_request_variables("rvar_","p");

Would make

$_POST['foo']==$rvar_foo

Re:PHP

[neoform]

>Java is fuggin java

As someone currently learning java after 14+ years of PHP coding, what do you mean?

BASIC has not been a "GOTO" language for 40 years

[walterbyrd]

Unknown to many slashdot posters (apparently).

For about 40 years now:

1) There have been versions of BASIC that can be complied
2) BASIC has had FOR loops, WHILE loops, procedures, and functions
3) Line numbers have not been needed in many versions of BASIC

Sadly, most slashdot posters do not know BASIC beyond GW-BASIC.

BTW: for over 20 years, there have been object-oriented versions of BASIC.

BTW also: other languages also have GOTOs.

BASIC is not perfect, but then, what is?

Re:Too Little, Too Late & MtGox

[ultranova]

In PHP this is now solved with parameterized queries.

It's solved everywhere with parameterized queries, but we still get SQL injection attacks since people insist on passing parameters inline. At this point I'm convinced that SQL drivers for scripting languages should simply disallow sending SQL queries as strings and instead have an API to build parse trees programmatically. But of course some laserbrain would insist on adding "parseSQLtext" function...

hammers and screwdrivers

[hagnat]

Programming Languages are tools. And tools serve a purpose and are better doing one task than other tools, even those which could be used to serve that task.
I have been coding in PHP for the past 8 years or so. Its really easy to code in PHP, but it has several known flaws which i have to manage to work around.
Last year i got a job that required me to code in Perl. Its ugly as a baboon's ass, but its perfect to work with regex and huge text files.
Recently i have been coding in Python, and its god damn fast! But there are several quirks in the language that i can't stop hating, specially its "We're all consenting adults here" slogan. I have been looking forward to learn Ruby and Java now, or even to get back to my academic days and code something in C/C++

So, stop being a language fanboy, and know your 'enemy' and learn that they are better suited to do some tasks than your favored language.

Here's your problem

You are the bad PHP programmer everyone else is talking about.

Wordpress has always been shit code. Javascript has always been Object Oriented. PHP has at least a couple good package mangement systems.

Re:PHP

[Mitchell314]

Who said they were bad?

Re:Too Little, Too Late & MtGox

Drupal itself is full of horrific PHP anti-patterns: homebrew sql escape regexes, opaque arrays instead of data objects, using the database to store serialized php objects, ridiculous "hook" request flow processing, etc etc. (Or a least Drupal 6 did, I'm never touching that pileof shit ever again.)

PHP does have a few good MVC frameworks, but the community is split between them and those doing it the buggy old-fashioned ways, so there's no broad consensus on the 'right way to do it'.

Re:PHP

[jasonla]

I've done PHP for 10 years, and then switched to C#, and I'm never looking back. EVER. Not only is the language shit, but look at the implementation: http://use.perl.org/use.perl.o... If the value of the variable is larger than INT_MAX .... do this... there we go, overflow averted... -_-

Re:Too Little, Too Late & MtGox

[viperidaenz]

Hello RyuuzakiTetsuya, welcome to $_REQUEST
Where $_GET $_POST and $_COOKIE are all mashed together, overwriting each other in an order defined either a system file or by another piece of code that may or may not have executed in this request yet...there is also more than one config option that effects it too.

PHP makes me sad.

[andrew.lanz.obrien]

This article explains why: http://me.veekun.com/blog/2012... I've since moved onto Python for all new webdev projects.

Re:Too Little, Too Late & MtGox

> It was just a hack so I could get some things done, and still, that is all it is now, really.

Same thing can be said of a nuclear reaction. Demonstrably, intent has no impact on efficacy.

Re:PHP

[Tablizer]

What we all really want is a language that fits our own head, not somebody else's head.

Re:Too Little, Too Late & MtGox

[Dynedain]

Drupal 7 and 8 got a lot better.... but Drupal does have a lot of that stuff as legacy specifically because they were working around those kinds of limitations in older versions of PHP. Switching out those patterns across something as big as Drupal is a massive undertaking that fundamentally changes how Drupal works.

Re:Too Little, Too Late & MtGox

[Tablizer]

instead have an API to build parse trees programmatically.

A Bloat-A-Matic? Like this?

Normal:

      A = B + C * D

Bloated:

      adder = new Adder(new FloatManager())
      multiplier = new Multiplier(new FloatManager())
      temp = new Float()
      result = new Float()
      temp.setValue(multipler.multiply(C, D))
      result.setValue(adder.add(B, temp))

Re: If I wanted to buy a PHP hosting package, I co

[techprophet]

I use digitalocean for my web hosting and several other things. It's a really nice platform.

Re:Too Little, Too Late & MtGox

> And you do not need to decorate your variable names with anything in JS.

What is the proof that one way is better than another and what is the metric for "better"? If you want to talk about languages from an engineering standpoint... like everything in javascript is an object in practical sense (truly oo), then you have to rationally be able to explain why a variable identifier is bad and what bad is supposed to mean.

I happen to think an identifier is preferred. I'm trading mandatory (syntax) keystrokes for valuable information. Type systems reduce bugs at the cost of abstraction complexity. So I'm biased toward always using as much type information as possible.

For interpolation of strings (still important to PHP's design), identifiers make sense. In javascript you have to have a library to do an application/library dependent search and replace syntax. I'll take consistent PHP templates over JS templating anyday.

Re:Too Little, Too Late & MtGox

[RyuuzakiTetsuya]

So don't use $_REQUEST.

If you absolutely have to pull something out of a POSTed form, use $_POST.

Re:PHP

[Tablizer]

and still are

Re:Too Little, Too Late & MtGox

[Zontar+The+Mindless]

I was not offering a value judgement. I was merely stating facts.

FWIW, I have more than a decade of experience using both languages, have written well-received books on both of them, and I like and dislike each of them for various reasons.

Re:Too Little, Too Late & MtGox

[master_kaos]

I agree completely back in the 4.x days, even early 5.x, But since 5.3 I think they are actually starting to develop the language seriously. The main problem is you have a TON of code out there, so you REALLY have to think of the risks, pros, and cons of doing a BC break. Really what they should do is just make version 6 already FIX all of the bullshit in the language and not care about the many many BC breaks. Actively release fixes for 5.x branch for a few years while people transition to the 6.x branch

Re:PHP

[Gondola]

> One language is bad because it enforces tidiness

When you have to scroll sideways to look at your code because of all the tabs, it's an aesthetic issue that encumbers a potentially great language.

Re:PHP

Java is fuggin java

As someone currently learning java after 14+ years of PHP coding, what do you mean?

Most criticisms vary depending on prior language experience. For example, someone coming to Java from a primarily C++ background might criticize Java's lack of operator overloading, while someone coming from a primarily OCaml background might criticize Java's severely limited type inference. These criticisms are often highly subjective; for example, whether or not operator overloading is a desirable language feature is a hotly debated topic on its own.

Some criticisms of Java can be considered to be objectively valid, such as specific cases of needlessly verbose language syntax, or the annoyances associated with interfacing to native code through JNI or JNA.

There can also be non-technical, sometimes purely emotional, criticisms. Some people despise Oracle, and therefore Java by association ever since Oracle bought Sun and acquired Sun's rights to Java. Some people deride Java as a "modern COBOL".

- T

Still sucks

Until they toss out all the bullshit, start fresh PHP is not worth using in any use case.

They don't have anything like Rack yet, which is the #1 thing that makes Ruby for web usage so awesome.

Re:PHP

[vilanye]

Just because all languages have flaws that does not mean that all languages are equally flawed.

PHP flaws >>>>>>>>>> <insert any non-esoteric language here>

Re:Too Little, Too Late & MtGox

[vilanye]

Rasmus couldn't figure out how to write a parser to detect variables without appending a $ on it. There is no other reason.

At least other languages that have sigils in variable names exist for semantic reasons, not to make your crappy parser happy. For example Ruby, $, @ and @@ all have semantic meaning as do variable that have no sigil.

Re:Too Little, Too Late & MtGox

[ultranova]

A Bloat-A-Matic? Like this?

"Bloat" is unnecessary code that makes a program run slower. Your example is not bloated, just verbose. Given a suitable wire API, it'll likely run faster than parsing SQL requsts sent as text strings. Also, do note that dynamically building complex expressions is far more convenient when you can treat subtrees as objects. Building strings representing complex logic programmatically quickly becomes a complete mess.

However, if you really want to compile said text strings while serving user requests, do something like

compiled_sql = sql_compile("Select blah blah")

And have sql_compile throw an exception if the expression contains string literals. In other words, remove the ability to use anything but prepared statements and the ability to use string literals in said prepared statements, and SQL injection attacks go away.

Bloated:

Verbose, and ridiculously so. Do you think intentionally making up a convoluted interface refutes anything? Especially since you're applying an API meant for preventing SQL injection attacks to mathematical expressions, where it's presumably impossible to wreak havoc no matter what values of B, C or D you supply.

Well done, the man of straw is dead.

I hate PHP

[borfast]

PHP is getting better but still has a long way to go before I can say I would choose it over other languages. Besides many of the things already mentioned here, I have a few more basic gripes with the language, namely its community/"ecosystem", Composer, namespaces and autoloading. I wrote about it in more detail and as expected (unfortunately), it generated lots of criticism from some fan boys, as well as some other more rational defensive comments from not-so-fired-up readers. I also wrote about what I consider to be the mentality of these folks who defend PHP as if their life depended on it, and how I hope they someday can see the light.