The New PHP

An anonymous reader writes "This article at O'Reilly Programming suggests that PHP, a language known as much for its weaknesses as its strengths, has made steady progress over the past few years in fixing its problems. From the article: 'A few years ago, PHP had several large frameworks (e.g. CakePHP, CodeIgniter, and so on). Each framework was an island and provided its own implementation of features commonly found in other frameworks. Unfortunately, these insular implementations were likely not compatible with each other and forced developers to lock themselves in with a specific framework for a given project. Today the story is different. The new PHP community uses package management and component libraries to mix and match the best available tools. ... There are also exciting things happening with PHP under the hood, too. The PHP Zend Engine recently introduced memory usage optimizations. The memory usage in PHP 5.5 is far less than earlier versions.'"

Re:One question

[dackroyd]

yeah - http://php.net/password_hash

It's now pretty easy to do password hashing correctly.

Re:Too Little, Too Late & MtGox

[hondo77]

Why in 2014, do I have to decorate variables with '$'?

That is your first complaint about PHP? That? I can't stand PHP but, seriously, that is first on your list of PHP badness?

Re:Too Little, Too Late & MtGox

[skids]

Especially since it's actually one of the only things that makes PHP (barely) readable.

A fractal of bad design.

I don't normally like linking to blog posts, but this one pretty much sums up PHP for me:

http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/

His analogy is very apt.

Re:You don't know what you're talking about.

PHP has always used explicit memory management.

allocate_StringMemory()
sys_FreeMemory_UTF8()

Watch out because there is no way to tell if allocation fails. That's convenient though because it makes sys_Free* idempotent; there is no difference between failure to allocate and multiple free-s.

With 5.5 you get a great new function;

sys_FreeEverything() // in traditional mixed camel case + underbar style!

Now you don't need to keep track of allocations and release them. Just blow away all allocations across all requests and start fresh. It's really great for fixing those darn memory leaks.

Re:Too Little, Too Late & MtGox

[Tablizer]

The fact that there is a function called real_escape_string scares the shit out my me, because it implies there exists a function called escape_string which doesn't really escape strings

That reminds me of people who call a document "x_final", but then change their mind and so create a second one called "x_final_final", and change their mind again to get "x_really_final_this_time_I_promise". I suggest version numbers, but then they say, "But version numbers don't tell me which one is final". I gave up on them.

Re:PHP

[Tablizer]

Every common language out there has ugly stuff of one kind or another.

real_foo_bar() and somesuch_improved()

[Mister+Liberty]

Make PHP the lauging stock of many a programmer.
The language's development has been in the wrong hands from day one.

You can do great things in Python because of Python.
You can do great things in PHP in spite of PHP.

Re:Too Little, Too Late & MtGox

[Dan+East]

I do a lot of coding in PHP, and there's a lot of things I don't like about it, but your particular dislikes don't make a lot of sense.

Why in 2014, do I have to decorate variables with '$'?

It's not like PHP was written in 1965 and thus there was some hardware (memory footprint, compilation speed, etc) reason variables are prefixed with a dollar sign. It was a design choice. That's so you can do this:
$count=5;
echo "The total is $count.";

And you can use the same variable syntax in your code as in strings that are automatically parsed.

Why is the assiciative array syntax take two characters that look a comparison operator?

It doesn't "look" like a comparison operator if you actually know what the operators are. <= and >= are comparison operators, and => is not a comparison operator in any language I've ever used. A single equal sign looks like a comparison operator too, and woe to the developer that doesn't have the universal C-like basic operators (used in dozens of modern languages) memorized backwards and forwards.

Why do I need == and ===?

For the same reason that Javascript and other scripting languages need it. Those languages do automatic type conversion, and sometimes you don't want that to occur. The alternative is manually casting things, which isn't very script-like at all, and having to explicitly deal with types is more like C than an "easy to use" scripting language. Thus there are two equality operators for the times you don't really want 0 to equal null to equal false.
This one is even more ironic considering Javascript based node.js is your favorite server side platform, and thus you would also have to use both == and === operators in your preferred language anyway.

ANd vaiable confusion between $_GET, $_POST and $_COOKIE

I don't even know where to begin on this one. They are 3 entirely different things, with the most self-explanatory names I can think of. That's exactly as it should be. Look at $_REQUEST if it's too difficult to figure out which you should be using (and woe to your client if that's the case).

Re:PHP

[Mitchell314]

I was about to make a joke, but seriously, the only language I can think of that doesn't have some nasty gotcha is . . . . ugh . . . BASIC. Python has the whole whitespace deal, Perl code tends to be unkempt, Java is fuggin java, Ada is a secret government spy, I don't even want to talk about C++, Bash is fine as long as you never have the misfortune of using quotes or variables, C guarantees regular segfaults, Matlab/Octave will delightfully inform you of your bugs deep in system library code, SAS's userfriendliness pars that of installing Linux from scratch, you can't write more than four lines of Fortran without painting some Star Trek action figure, and just fuck Cobol.

Honestly, BASIC's wins this round just by virtue of being so limited that it's hard to shoot yourself in the foot. I don't count GOTO, as jumps aren't really language specific. Having tutored programming for years, I can say that students are perfectly able to write speghetti code with or without goto. :p

Moving to Python

[EmperorOfCanada]

I have build some very large PHP based web systems(over the last 10 years) and recently dipped my toes into the Python pond. My python skills might be a tiny fraction of my PHP or C++ skills and I doubt that I am using Python anywhere near its potential, yet my productivity is already much higher and getting faster. I am waiting for there to be a catch but so far I haven't found one.

It is shaping up to be one of these things where my only regret is not switching sooner.

I was a huge defender of PHP for a long time but that time is over. There are interesting things like HHVM that are another bandaid for PHP but I am sick of making PHP work. I am sick of typing all those stupid dollar signs. I'll just say what so many have said before, "Python is like typing pseudo code, except you are actually coding." I don't look at my python and shudder.

PHP reminds me of some of my own projects where I changed course many times leaving strange little architectures and changes in philosophy. The longer the project goes on and the more it changes direction the more debris it leaves behind. It is not necessarily broken just sort of all just off.

Where Python is a tiny problem with the web is that setting up a development environment took me a tiny bit more work than the usual LAMP setup. This might make it harder for beginners but maybe that is a good thing. I don't mind leaving the beginners back in PHP land.

Re:Not sure what you're talking about

[countach74]

Except nothing you just said is true. PHP is not faster than Python or Perl. PHP is not cheaper to host than Python, Perl, Ruby, etc. And most importantly, no you cannot do anything in PHP that you can do in Python or Perl! At least, not without writing C extensions.

Re:Too Little, Too Late & MtGox

[Dynedain]

In PHP this is now solved with parameterized queries. Plus any framework or CMS worth it's salt was doing it already:

$sql = $dbConnection->prepare("SELECT fname, lname FROM people WHERE id = ?");
$sql->bind_param('s', $id);
$sql->execute();

If you're rolling your own DB connection layer in modern PHP, you're doing it wrong.

PHPs badness is its advantage.

[Qbertino]

I love Python, I think JavaScript is sort of OK and I did a lot of serious programming in ActionScript 2&3, both of which are quite simular to JS. I was basically forced into doing PHP by the market. I never really liked PHP but I really never hated it either. The thing about PHP is that it's so specific in its domain and such a hack that no one doing PHP development for a living will go around boasting about the greatness of the language. There is a refreshing lack of arrogance in the PHP community which, in my observation, makes it very easy for n00bs to pick up. As a result we get countless people reinventing the wheel in PHP and discovering basic programming patters anew for them selves and starting yet another Framework/CMS/Whatnot and the results often are really bizar. But the community remains alive that way.

F.I. I'm working myself into Drupal at my current employer because it's the prime go-to CMS here. It's like a live alice in wonderland trip. A strange historically grown mess, barely tamed by sanitiy and a relentless chaotic community that all by accident seem to come up with hacks that somehow solve the problem in some way. And yet there's a solid global corporation building its business all around Drupal. The surreal hacks with which the Drupal people solve their problems are mindboggling, and yet everybody seems totally OK with it. And Drupals track record of deployments is impressive.

I guess with PHP it's somehow like the C vs. Lisp argument: C is so shitty compared to Lisp that you have to get yourself together and work as a team, or you won't get anything done. Hence Lisp has this loner exisitance on the side and all the real work gets done in this ancient C thing.

PHP is a simular thing. It is so bad that no respectable programmer would pick it up voluntarly nowadays, but yet it grew out of Perl (which is worse in some ways), was somewhat of an improvement and was at the right place at the right time. The badness of PHP accounts for its considerable lack of arrogance (compare the PHP community to the Ruby community for instance) and for no one feeling guilty when he does a quick bad hack.

As a programmer you don't feel dirty when you do bad programming in PHP, you already felt that when you picked PHP as the solution. Hence quite a bit of work gets done in PHP. That's why PHP has Drupal and Typo3 and Joomla and the Java Community has nothing of that proportions. The barrier of entry into PHP is *very* low which gives it its momentum.

My 2 cents.

Re:Not sure what you're talking about

[LordThyGod]

So the sort of people who claim that PHP is worthwhile are those who stick with a terrible webhost and have no clue how much they should be paying?

Yes, that sounds typical.

Actually I think its more that a certain percentage of the population has as the top priority just being able to get something done, and the low level details of this or that's garbage collection and memory management is way, way down the priority list somewhere.