Modern PHP: New Features and Good Practices

Michael Ross writes In recent years, JavaScript has enjoyed a dramatic renaissance as it has been transformed from a browser scripting tool primarily used for special effects and form validation on web pages, to a substantial client-side programming language. Similarly, on the server side, after years as the target of criticism, the PHP computer programming language is seeing a revival, partly due to the addition of new capabilities, such as namespaces, traits, generators, closures, and components, among other improvements. PHP enthusiasts and detractors alike can learn more about these changes from the book Modern PHP: New Features and Good Practices, authored by Josh Lockhart. Keep reading for the rest of Michael's review. Modern PHP: New Features and Good Practices author Josh Lockhart pages 268 publisher O'Reilly Media rating 8/10 reviewer Michael Ross ISBN 978-1491905012 summary Solid advice on some state-of-the-art PHP tools and techniques. Programmers familiar with the language and its community may recognize the author's name, because he is the creator of PHP The Right Way, a website which he describes as "an easy-to-read, quick reference for PHP popular coding standards, links to authoritative tutorials around the Web and what the contributors consider to be best practices at the present time," in 21 different languages.

Yet rest assured that the book under review is not merely a dead-tree version of the website. Instead, the book covers the more recent advancements within the language, while the website covers best practices and standards. This should be borne in mind, otherwise the reader may be baffled by the absence from the book of certain topics on the website essential to the language, such as SPL, PEAR, and PHPDoc. Moreover, of the topics shared between the book and the website, the information is generally organized quite differently, with more example code in the book.

This title was published on 1 March 2015, under the ISBN 978-1491905012, by O'Reilly Media, who kindly provided me with a review copy. Its material is presented in 268 pages, organized into 13 chapters (The New PHP; Features; Standards; Components; Good Practices; Posting; Provisioning; Tuning; Deployment; Testing; Profiling; HHVM and Hack; Community), which are grouped into three parts (Language Features; Good Practices; Deployment, Testing, and Tuning) — as well as two appendices (Installing PHP; Local Development Environments) and an index. The publisher's page does not offer much of interest. However, all of the example code is available from the book's GitHub repository. There are differences between the GitHub code and what is printed in the book, e.g., a baffling require 'vendor/autoload.php'; in the first example code file. The author claims that the reader does not need to know PHP, but at least "a basic understanding of [] fundamental programming concepts" (page xiv). However, anyone without at least intermediate skills and experience with PHP could conceivably struggle with these more advanced subjects.

The first chapter is only a brief overview of the history of PHP, its current state, and some possible future changes to the language's engine. The real content starts in the second chapter, in which the author gives the reader a fast-paced introduction to his seven favorite major new features in PHP: namespaces, class interfaces, traits, generators, closures, Zend OPcache, and the built-in HTTP server. In some regards, the coverage is a bit too fast-paced, as some topics and questions likely in the reader's mind are not addressed — for instance, namespace case-sensitivity and techniques for ensuring that a chosen namespace is globally unique (page 9). For each topic, its purpose and advantages are explained, and sometimes illustrated with code examples, although none are extensive.

The second part of the book opens with a chapter on some of the new standards in the PHP ecosystem that are intended to move the common development process from a reliance upon one isolated framework, with an idiosyncratic coding style, to distributed components that can interoperate through the use of interfaces, industry-wide coding standards, and the use of autoloaders for finding and loading classes, interfaces, and traits at runtime. Components are covered in more detail in the subsequent chapter, as is Composer, for installing components and managing dependencies. The fifth chapter is a lengthy but information-packed exposition of numerous best practices regarding input data sanitization, password handling, dates and times, and safe database queries, among other topics. Some of the advice can be found in other PHP books and online, but all of this is neatly explained, updated with the newer PHP versions, and worthwhile as a refresher.

Deployment, testing, and tuning are the broad subject areas of the third and final part of the book. The author discusses the options for hosting your PHP applications, as well as provisioning any self-managed web server and tuning a server for optimal performance. All of the instructions assume you are using Linux and nginx, and thus would be of less value to those using Windows or Apache, for instance. The material on application deployment is relatively brief, and focuses on use of the Capistrano tool. Testing is often neglected in real-world projects, but certainly not in this book, as the author explains unit and functional testing, illustrated through the use of PHPUnit. This is followed by information on how to use a development or production profiler to analyze the performance of your application, with detailed coverage of Xdebug and XHProf, among other tools. The next two chapters dive into topics related to the (possible) future of PHP — specifically, Facebook's HHVM PHP interpreter and their Hack derivative language. The final chapter briefly discusses the PHP community. The two appendices explain how to install PHP on Linux or OS X for commandline use, and how to set up a local development environment. The author mentions a free edition of Zend Server, but the vendor page mentions no such pricing.

Despite its technical subject matter, this book is not a difficult read. The author's writing style is usually light and friendly, especially in the preface. In a few places, the phrasing is a bit too terse, which might prove momentarily confusing to some readers, e.g., "Function and constant aliases work the same as [those of] classes" (page 11). The text has some errata (aside from the two, as of this writing, already reported): "curl" (pages 15, 220, and 222; should read "cURL"), "a an argument" (page 33), "Prepared statement [to] fetch" (pages 99 and 100), "with [the] php://filter strategy" (page 110), "2 Gb" (page 129; should read "2 GB"), "the the" (page 154), "path to a the code" (page 176), and "Wordpress" (page 190; should read "WordPress").

One weakness with the book is that for several of the topics — including some critical ones — there is not enough detailed information provided that would allow one to begin immediately applying that technique or resource to one's own coding, but instead just enough information to whet one's appetite to learn more (presumably from another book or a website). Secondly, some of the narrative — particularly near the end of the book, when discussing various tools — would be of less value to anyone not developing analytics environment. Beware that some of the tools require numerous dependencies. For instance, do you have Composer, Git, MongoDB, and its PHP extension installed? If not, then you won't be using XHGUI. Also, some of the installation and configuration steps are quite lengthy, with no details provided for troubleshooting issues that might arise. Lastly, despite the promise that any reader with only basic programming knowledge will be able to fully understand the book, such a reader would likely find much of its contents mystifying without further preparation from other sources.

Nonetheless, the book has much to offer, despite its slender size. Numerous resources are recommended — most if not all apparently vetted by the author, who clearly has considerable experience in this arena. Some valuable techniques are presented, such as those instances in the text where the author shows how to use iteration on large data sets to minimize memory usage. In addition, the example code demonstrates that the author has made the effort to produce quality code that can serve as a model to others. Modern PHP does a fine job overall of explaining and advocating the newer capabilities of PHP that would attract developers to choose the language for building state-of-the-art websites and web applications.

Michael Ross is a freelance web developer and writer.

You can purchase Modern PHP: New Features and Good Practices from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

Best practice for PHP...

Best practice for PHP: don't use PHP.

Re:Best practice for PHP...

Best Practice to make PHP run fast:

Run. Fast.

Re:Best practice for PHP...

[Bing+Tsher+E]

It's nice enough for building a Personal Home Page, anyhow.

Re:Best practice for PHP...

Oh, I learned something. I always thought it was Perl's Hairy Palm, but its Personal Home Page. Sweet !

Re:Best practice for PHP...

It's nice enough for building a Personal Home Page, anyhow.

Why would you want that when Wordpress is available - written in PHP so effectively you're still correct! ;-)

Re:Best practice for PHP...

Best practice is to use something else.

Re:Best practice for PHP...

> I didn't know whether to mod your post funny, insightful, or informative...

You forgot "troll."

Re:Best practice for PHP...

Says the troll

Re:PHP: The Good Parts

(correction with the slashcode)
Speed
PHP has been ...

Re:Too little too late

Even Wikipedia's transitioning from PHP to Lua.

[citation needed]

Re:Too little too late

[__aabppq7737]

http://blog.wikimedia.org/2013... (not that I beleive in Lua)

hah

The best practice for using PHP: don't use it at all!

im skeptical...

[nimbius]

....PHP enthusiasts and detractors....

Who is this PHP "enthusiast" and how many drugs does he take to maintain this elaborate illusion...

Re:im skeptical...

We have one on payroll over here.
I love it, because I work in software test, and PHP makes my job really easy. :D

Re:im skeptical...

[gmack]

Someone who hates everything else even more?

It has the advantage that it does backwards compatibility well with advance notice when a feature is about to disappear This means that if I need to upgrade my PHP application, I am sure to have a version that supports both the new interfaces and the old deprecated interfaces and more importantly it means that if I have a number of different apps that I need installed, I am not likely to need to move them each into their own VM. Python as an example of everything I hate doesn't even try. Their "fix" is to install a local copy of python with the app which is great until something needs a security update and now someone must upgrade each app's environment individually.

Re:im skeptical...

It helps develop big and small sites, its easy to use and is powerful. Is shitty and poorly designed, but if you know what you are doing these are not problems that should affect you.

Re:im skeptical...

[drolli]

In my experience people who were too lazy to learn perl in the mid 90s and who are not experienced in Java.

Re:im skeptical...

You get paid per bug found?

Re:im skeptical...

Right, because Java is good for web apps... Anybody using Java as the backend of their web site is crazy. Java web apps are an even more ridiculous mishmash of poor design choices that the PHP standard library.

Re:im skeptical...

[drolli]

Not sure what you mean, i mean there are *bad* java web apps, but if you choose well from the many design paradigms available in the different Java Frameworks/Libraries, then you can obtain pretty well defined web apps.

PHP is fine

[bsdasym]

Blaming the language for bad code is asinine. Blame bad (or inexperienced, or just plain lazy) programmers. I write PHP stuff. I also write Perl, C, C++, C#, Pascal, JS, and recently VHDL. I have written Java and Ruby code as well, but no longer do. Overall PHP is only as bad as the developer makes it. If I could change one thing about it, it would be getting the built in functions more consistent in return types and argument order for similar functions. I'm constantly referring to the documentation because for some particular functions I can't remember if haystack or needle comes first, for example.

It gets the job done quickly and easily, and if you find or write a good foundation of libraries and classes, the code is elegant and easy to understand as well. Just like every other language.

Re:PHP is fine

[pegr]

PHP is inherently insecure. You can't have a web platform language with constant patches. One day your fine, the next, rooted. Stay away.

Re:PHP is fine

PHP really isn't that great...sure, a good programmer could make a site that works well enough with it, but there really are better choices!

http://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/

Re:PHP is fine

[John+Bokma]

I think the problem a lot of programmers have with PHP is that it originally was written by very inexperienced programmer(s) and it still (?) shows.

Re:PHP is fine

[__aabppq7737]

VHDL.

Wow. Unlike PHP, Perl, C, C++, C#, Pascal, and ECMAScript, VHDL's got a whole new paradigm.

the code is elegant and easy to understand as well. Just like every other language

Maybe I need to learn a new language.

Re:PHP is fine

[jd142]

Oh thank god I'm not the only one. The needle/haystack and whether it is str_foobar or strfoobar drives me nuts. Especially since the phrase is "needle in a haystack" but the function takes haystack, needle. I always want to write find(needle, [in a] haystack). Every language has good and points, and bad coders are bad coders.

Re:PHP is fine

[Bengie]

Not the languages fault, ehh? sounds like a lawyer cop-out for bad design. The owner's manual clearly states that if you put on your turn signal while slowing down, the radio station is at 98.6fm and the temperature outside is between 42f and 50f, the car will deploy the air bags. Clearly the user is at fault for not being ready for airbag deployment.

Re:PHP is fine

> PHP is inherently insecure.

That's not a sensible statement.

> You can't have a web platform language with constant patches.

All evidence to the contrary.

Re:PHP is fine

[TheRealMindChild]

Shit man. We had this argument about VB6 back when rock was cool. No one listened then either

Re: PHP is fine

How the heck is the parent "trolling"?

That comment is completely true!

Go check out the PHP changelogs. Some of the bugs being fixed in the 20th or even 30th or more patch release of the various stable releases are unbelievable.

Clearly there is a quality issue at play when the relatively recent 5.4 version has had 39 patch releases, and the newer 5.5 version has already had 23.

Re:PHP is fine

PHP is inherently insecure.

Inherently? How so?

Re:PHP is fine

Actually, it's sane is to write

      haystack.find(needle)

or

    find(haystack, needle)

for same reasons. Collection first, then operand. If you want "english", use COBOL.

Re:PHP is fine

... the radio station is at 98.6fm ... the car will deploy the air bags.

They knew the risks when they decided to embark on their campaign of aural terrorism.

Re:PHP is fine

I think the problem with PHP is the community. You can write good/bad code in any language. I spent some time trying to like PHP (admittedly not trying very hard) and repeatedly found things that drove me crazy.

Sometimes it was just the way you were encouraged to do things (Wordpress)

Sometimes I found ridiculous security holes (wordpress plugins)

Or practices that I just think are terrible (IIRC I was digging in Joomla code and found an "echo" buried several method calls deep)

Re:PHP is fine

[Zarjazz]

Blaming the language for bad code is asinine.

It's not asinine but it is probably overly harsh.

PHP is popular because it's easy for beginners to learn, easy to get stuff done quickly & simply, and easy for programmers familiar in C & C++ to start web development without having to grok a completely unfamiliar language.

PHP is bad because it's easy for everyone using it to write insecure code.

Re:PHP is fine

[greg1104]

And recently all over again with the EDM kids and their Javascript. My lawn, etc.

Re:PHP is fine

[greg1104]

The problem with the PHP community is that it's filled with the kind of people who feel it's good idea to work on PHP.

Re:PHP is fine

[ArcadeMan]

You clearly never had to use ExpressionEngine. If you think PHP was written by very inexperienced programmers, you're in for the shock of your life.

ExpressionEngine has something called "Global variables" which are in fact CONSTANTS. And that kind of nonsense is just the tip of the iceberg. Look up their "parsing order", it was created by insane people with no previous programming knowledge.

Re:PHP is fine

[UnknownSoldier]

Only a fanboy makes excuses for why they are too blind to see the many ways it is broken. PHP was designed and developed by a complete fucktard. Let's look at some code ...

php -a
echo true . "\n";
echo false . "\n"; // wat
echo TRUE . "\n";
echo FALSE . "\n"; // wat

Note: The online manual is completely useless:

* true http://php.net/manual-lookup.p...

* false http://php.net/manual-lookup.p...

* TRUE http://php.net/manual-lookup.p...

* FALSE http://php.net/manual-lookup.p...

More stupid shit PHP does ...

if( 1 == "1" ) echo "ok!\n";
if( 0 == "0" ) echo "ok!\n";
if( "0" ) echo "nope\n";
if( "00" ) echo "wat\n";
if( "-0" ) echo "wat\n";
if( "0.0" ) echo "wat\n";
if( 0 == "" ) echo "wat\n";
if( 0 == " " ) echo "wat\n";
if( 0 == " wat" ) echo "wat\n";
if( 0 == "\t" ) echo "wat\n";
if( 0 == "\r" ) echo "wat\n";
if( 0 == "\n" ) echo "wat\n";

In what bizarro universe would this stupid shit make _any_ sense??

PHP is just as bad as Javascript's == operator. If you are just going to force people to use === for type safety, then _maybe_ you just rethink what the equality operator is _supposed_ to do.

Re:PHP is fine

> dynamically typed languages are strictly worse than statically typed languages

There's no evidence to support that. Especially with hacked in generics and hash tables to make up for the static typed shortcomings. There is evidence that it takes less code to actualize a nontrivial number of algorithms. There is a statistical paper (why is there only 1? because few people care to do Computer Science) that shows evidence that lines of code are the primary predictor of bugs found (re: https://vimeo.com/9270320). I don't have the paper's name here, but the video speaker references it. So there's conflicting causations at work and no clear winner...until there is one.

Re:PHP is fine

[John+Bokma]

Is that the "general purpose content management system written in object-oriented PHP and using MySQL for data storage"? No, I have no experience with it. I do have (very little) experience with Magento (and like to keep it that way).

Re:PHP is fine

[bad-badtz-maru]

If you write a good foundation of libraries and classes you'll need a hack like APC to get any decent execution speed. It also sucks at memory utilization. Everyone likes to link to that "fractal of bad design" article, but it's pretty much just a bunch of whining. Here's a real article that just plain hurts, it has to do with PHP's memory allocation: https://nikic.github.io/2011/1...

Re:PHP is fine

You really should rethink what the equality operator is for.

You say zero and 0 and "0" the same. Equality is from equivalence and autoboxing is probably really offensive to you. You wanna cry, go look at Lua or Erlang or go back to Haskell and call it a day in your happy hole of irrelevance. Your indignant posture buys you that.

Re:PHP is fine

There's nothing to rethink here. It's clear that PHP's (and JavaScript's) approach is wrong. Instead of fixing their harmful type systems, they've just added in a hack to work around the problems.

Re:PHP is fine

Oh please.

99% of the problems with PHP isn't PHP, but developers being lazy and not updating code. The reason PHP changes something and then depreciates the older function is because the older function can't be made secure.

I manage a dozen web servers, they consist of:
4 servers running a Perl based CMS that generates static pages and two copies of Wiki'sm and two phpbb's, and two alternate php-based BB's
4 servers running a dozen independent copies of Wordpress
1 server running a custom CMS that is PHP based but parses templates from XML

of these, exactly two users out of about 50,000 use ruby. Updating their Ruby crap is horribly broken, versus updating php, which just breaks the users content.

But I hate wordpress so much, because the developers dragged their heels on updating from the mysql to mysqli API, that they waited until php actually started giving depreciation warnings to actually change it. This is reflective of the entire wordpress community, as constantly do the "override base class with this class" OOP mechanic so you can never really figure out where stuff is happening.

Re:PHP is fine

It's not clear at all, sir. You're making blanket statements from some ideology that isn't based in rational discourse.

You believe it's ultimately harmful (wrong is an inappropriate term). I got that. The reasoning continues to escape me. Engineering is about tradeoffs. If you can't articulate what you're trading, nobody can understand what you're against.

The stated weakly typed approach results in functional code at a rate that dwarfs projects with stricter types. PHP, Javascript, Lua (btw where did Perl go wrong?) These problems you are concerned about don't seem to be a problem for small projects because you can be sloppy. Ok, so what? Large collaborative projects have different challenges, so you are probably correct for a specific context. What's that worth? The tossing of codebases because they started in a way that's harmful?

Weak type systems allow for succinctness (usually at the cost of quirks and shortcuts that help work around what they afford). You rather not make that trade, but it's there and wrong is a strange characterization for a useful tool like PHP.

Re:PHP is fine

[mjwalshe]

I looked at the first PHP for my employer at the time my summary was a language for those who couldn't hack Perl

Re:PHP is fine

[UnknownSoldier]

> You say zero and 0 and "0" the same.

No, not me, I'm only listing PHP's stupidity.

Here is a table showing how PHP's == operator is completely fucked up ..
http://habnab.it/php-table.htm...

Of Javascript is just as retarded ...
https://dorey.github.io/JavaSc...

Re:PHP is fine

[UnknownSoldier]

> from some ideology that isn't based in rational discourse. /sarcasm Ah, so consistency is irrational now.

Only in a brain-dead language can you do stupid shit like this:

echo int ."\n"; // OK: int
 
echo (int) int ."\n"; // WAT? 0
var_dump( (int) int ); // WAT? int(0)
 
echo (foo) ."\n"; // OK: foo
echo (int) ."\n"; // WAT: Parse error
 
var_dump( foo ); // OK: string(3) "foo"
var_dump( int ); // WAT: Parse error

You PHP / Javascript apologists crack me up.

Re:PHP is fine

[UnknownSoldier]

Let's talk about a language for noobs designed by a boob:

var_dump( foo ); // OK: string(3) foo
var_dump( int ); // WAT: Parse error
var_dump(/**/int); // WAT? string(3) "int"

Re:PHP is fine

> Ah, so consistency is irrational now.

If you think you can have unmitigated consistency, you are either irrational or ignorant to such efforts (all have failed so far or have been squashed by better performing solutions). Lisp is perfect for you.

Every abstraction breaks down in some vector, and you can learn to accept that or continue being sour. Why you think it's a crime for it to be in a state that you don't find consistent (it's not like the interpreter is making arbitrary decisions) is not special, but also hasn't seemed to harm major ecosystems in a traceable manner. I fail to make the connection with harmfulness when I have unit tests that protect me from quirks or project management failures or bad developers. This is common practice for large projects of any breed. *shrug*

Re:PHP is fine

[UnknownSoldier]

> Lisp is perfect for you.

We're not talking about other languages. We're talking about how fucked up PHP is.

> it's not like the interpreter is making arbitrary decisions

Counter-example:

http://3v4l.org/tRieg

if( true OR false ) echo "1st true\n"; // OK
if( false OR true ) echo "2nd true\n"; // OK
 
$bar = true;
$foo = false;
 
$wat = $bar OR $foo;
echo $wat ."\n"; // OK: 1
if( $wat ) echo "wat = T|F\n";
 
$wat = $foo OR $bar;
echo $wat ."\n"; // WAT? doesn't print?
if( false OR $bar ) echo "F | bar\n"; // OK
if( $foo OR $bar ) echo "foo | bar\n"; // OK
if( $wat ) echo "wat = F|T\n"; // WAT? doesn't print?
 
var_dump( false OR true ); // OK: bool(true)
$wat = false OR true;
var_dump( $wat ); // WAT? bool(false)

Is to too much for the fucking language to just work ?

Oh wait, I forgot this was a:

Phucked-Up:
Hopeless-beyond-repair
Piece-of-Shit

"programming" language. That explains it!

--
PHP: Designed by fucktards for fucktards.

Re: PHP is fine

write better code or learn how to secure your site/server... preferably both.

i have 5 year old code running on a nearly-as-old version of php and mysql.. no security issues of any kind... on the same server is a couple ancient joomla (yuk) and wordpress installs.. same deal.. the server is secure, the sites are as well despite their obsolete software, and have a few nifty home-grown security measures in place, even the known exploits in both of those very hacker-friendly applications are totally unexploitable... nothing gets in that shouldn't. NOTHING.

(note that everything will be getting an overhaul soon.. as we migrate to new faster hardware with current versions of software; but i fully expect things to be as reliable and stable after as they are now.)

learn to code, learn to administer and secure sites and servers... php is fine if you know what the fuck you're doing. hell, i even use it (php cli) locally on windows and linux.

Re:PHP is fine

[Bogtha]

Blaming the language for bad code is asinine.

This is bullshit. A shitty language promote shitty code. Aside from the whole taking pride in your work and other "soft" effects, in PHP's case, there are several big, concrete instances of this happening.

For example, older versions of PHP were obviously designed without any clear understanding of how a web request operates. So, for example, you'd have SQL escaping happening in the input layer rather than at the database layer. Nobody who understands what they are doing would design something to work that way. But the core PHP devs totally fucked up in the beginning. They have since started to pull this crap out of PHP, but take a look around. Big, widely-used PHP packages like CodeIgniter have replicated this topsy-turvy design fuckup even in recent versions. That's no coincidence - that's inherited from PHP's design flaws. The blind led the blind into hell, and this crap permeates the PHP developer community as a result.

Likewise with the cavalier attitudes towards correctness. Error handling, character encoding, testing, release management, things like that. Where PHP fucks up, the community is sure to follow. The low quality of PHP has a direct negative effect on the code its fans write.

I'm fed up with the equivocation PHP fans trot out whenever any criticism heads their way. Yes, the quality of a language really does have an effect on the quality of the code you write with it. This is plain for anybody to see, and if you don't see the difference in quality, then you should seriously question your competence.

Re:PHP is fine

Keep dodging your endless list of var_dumps as some rationale for why you're pretending to be informed. The fact the world has not caught on fire from the plague of it, so it looks like you're a 1 trick pony. Amateur.

Re:PHP is fine

Wheres the bug report?

Re:PHP is fine

language is functioning as expected
that particular or operator has a lower precedence than assignment, this is a feature not a bug
do you think its weird if
int a = 5;
int b = a--;
int c = --a;
results in b containing 5 and c containing 3?
use || instead of or (it has higher precedence than assignment) and you'll find your code works fine.
Don't blame your own shortcomings on php.

Re:PHP is fine

[geminidomino]

Bad coders are irrelevant to the fact that PHP is objectively and measurably bad in design and implementation. It started as a toy, and that pedigree still shows.

Not only is it still the mess of internal inconsistency, braindead weak-typing and promotion, and anemic text support, but there's some amazing -- I mean brilliantly, awe-inspiring, mind-boggling -- idiocy in some of its baked in APIs: LDAPs ldap_list() vs ldap_read() vs ldap_search() all perform the same operation but with different scopes, none of which are particularly clear from the function names. Others are incomplete in spite of being for mature protocols: good luck getting a CERT record from a DNS server. And then you've got ones like OpenSSL which combine both into a nonsensical mass of mental anguish that, fortunately, is actually utterly pointless to use anyway because there's no functionality regarding certificate revocation, making the whole thing one big tumor of futility.

Re:PHP is fine

[geminidomino]

Then explain

array_search($needle, $haystack)

Re:PHP is fine

I've never understood why named parameters aren't more popular. Then you don't need to worry about the order.

VB.NET has them, which lets you do stuff like this:

MyFind(Term:=needle, In:=haystack, StartAt:=5)
MyFind(In:=haystack, Term:=needle, StartAt:=5)
MyFind(StartAt:=5 Term:=needle, In:=haystack)

Unfortunately, Microsoft in their wisdom defined their text-search InStr function as:

InStr(Start, String1, String2, Compare)

So you can specify "String1" and "String2" by name, but there's no point in doing so. :-/

Re:PHP is fine

PHP is an enabler, making it easy to write bad code. It's still a tool and you can write good code with it, but that depends on the programmer. There are plenty of bad programmers. If you're a bad programmer, it's easier to make write bad code with PHP than, say, Python.

PHP's best attribute is how easy it is to get to work and deploy on a web server.

Re:PHP is fine

[pspahn]

I have worked extensively with both.

Expression Engine is just a bunch of ... huh?? It's not bad, but anything other than what they give you can be a pain in the ass. CI in general was always sorta good but shoulda been better.

Magento has clearly been something that redefined PHP applications. The 1.x branch is going to go down as some of the least maintainable software ever written, but it was bad in a very productive way. 2.x (which you'll probably be seeing in a /. ad in the next few weeks before the conference) has been thoroughly refactored and presents plenty of great new maintainability features.

On top of all that, the Magento core is actually very secure. There have been a few security patches, and of course warnings about third-party extensions, but the core itself has little to no record of massive vulnerability.

Re:PHP is fine

[pspahn]

I think I've discovered your problem. It seems that the code you write serves no purpose.

If your goal is to write code that serves no purpose, PHP is not for you. You might prefer KAREL.

Re:PHP is fine

[pspahn]

Why are you not using Zend OPCache? Let's go, time to migrate beyond 5.3.

Re:PHP is fine

[goose-incarnated]

I think the problem a lot of programmers have with PHP is that it originally was written by very inexperienced programmer(s) and it still (?) shows.

(1) So was Python.

(2) So does Python.

Python is only slightly more consistent than PHP, but gets much more bad press than PHP. I always wonder why that is.

Re:PHP is fine

[dave420]

You seem to be confusing PHP with Wordpress. Don't do that. It makes you look entirely idiotic.

Re:PHP is fine

[dave420]

Did PHP rape your dad or something? That's the only way I can imagine it makes you this angry. Seriously, this is pathetic. PHP works for many people who don't seem to find fault with the criticisms you've outlined. They either don't notice it, work around it, or work in the language with such a level of abstraction that they are not a problem.

So please grow up - you are just embarrassing yourself now, with your neckbeard coder rage.

Re:PHP is fine

[dave420]

Your arguments sound about 8 years old. Seriously. You might want to brush up on your faux rage :)

Re:PHP is fine

[dave420]

Then use an LDAP library like everyone else and stop whining on Slashdot about it. You not understanding how to use a tool which is being effectively used by plenty of other people reflects poorly on you, not them, and not the tool in question.

Re:PHP is fine

[tigersha]

Suppose all guns came without safety catches. I now go and blame this technical oversight for the increase in people with blown-off heads.

You now claim that blaming the safety-catch-less badly designed guns for the casualties is asinine.

> It gets the job done quickly and easily,

So does a gun without a safety catch.

Re:PHP is fine

You're a known troll from what I've seen in your post history dimwit. You might want to brush up on REAL programming instead of your webdouche bullshit 8 yr. olds can manage to do also.

Re:PHP is fine

You're a perfect example of your kind (fakes) that use others' tools trying to "play programmer" when you're nothing but a webdouche (8 yr. old kids can do what you do).

Re:PHP is fine

Yours obviously raped you repeatedly if you ended up a PHP douche trying to "play programmer" hahahaha.

Re:PHP is fine

You always look idiotic troll. Trying to "play programmer" again, webdouche? Don't do that. It fools nobody but yourself. Especially using a buggy piece of shit in PHP!

Re: PHP is fine

This x100. Have used PHP daily since 4.x without any problems. It will outperform all the other trash out there like Ruby, or even worse JS on a server. And its so nice not needing 3 different versions of the underlying framework, 100's of dependencies from god knows who, and a fake virtual environment to keep them all straight just to get work done.

Developers should actually understand what is under the hood, not just write code. Thats what leads to problems in any language. Stop being a hipster and reading the daily wankfest blog about the latest and greatest and treating it like its gospel. Understand the whole stack from server, to application, to client and its amazing how much easier your life can be with PHP.

Re:PHP is fine

So does a gun without a safety catch.

You do know not all guns come with safety catches right? In fact the ones without them (glocks) are the ones preferred by many professionals (police departments).
  The number one safety in a gun is training. Using the best designed language in the world in an unsafe manner is still worse than using php in a safe manner no matter how much you cry about it.

Re:PHP is fine

Good luck with that argument lmao

Re:PHP is fine

[Zaiff+Urgulbunger]

Must admit that after complaining about PHP for years, I don't mind it so much now. I think each new PHP release should have the strap-line "PHP x. Less shit than the previous version!", because... it's true!

Re: PHP is fine

Wow, what a pathetic response. you mad at php bro?

Re: PHP is fine

Lol here we go again. Ragers get called out and they resort to attacks. Their first attempt is to post PHP: a fractial of bad design thats 3 years old and contains nothing but little kid rants. If the language doesnt work the way you want it to work, dont use it.

You diehard php haters are hilarious. You are also quite sad in the same breathe.

Re: PHP is fine

LOL this AC has posted this several times. He must have had his childhood taken away by C type languages.

Re:PHP is fine

[bad-badtz-maru]

Damn, snagged!

Re: PHP is fine

Dave420 defends himself by ac posts? Typical. That or his sockpuppets too. Dave420's mommy bans him from weekend posts n' he's too poor to buy a PC n' internet connection. Verify it for yourselves by his trolling post history.

Re: PHP is fine

Dave420 defends himself by ac posts. Transparent and typical. His mommy bans him from weekend posts n' he's too poor to buy a PC n' internet connection. Verify it for yourselves by his trolling post history.

Re: PHP is fine

Dave420's defends himself by ac posts again? Typical + transparent as usual. Dave420's mommy bans him from weekend posts n' he's too poor to buy a PC n' internet connection. Verify it for yourselves by his trolling post history.

Re:PHP is fine

Dave420's mommy bans him from weekend posts n' he's too poor to buy a PC n' internet connection. Verify it for yourselves by his trolling post history.

Re:PHP is fine

> So does a gun without a safety catch.

Thanks for agreeing.

Re:PHP is fine

[UnknownSoldier]

Ad hominem fallacy. The reasons _why_ I hate PHP are irrelevant.

PHP is a shit design language. Education is the only way to get people to see its problems.

> They either don't notice it,

Typical head in the sand. Ignoring a problem doesn't make it go away.

> work around it,

Sometimes you can, however one can't work around fundamental inconsistency embedded in the design.

> or work in the language with such a level of abstraction that they are not a problem.

Exactly; They use a better designed language.

Re:PHP is fine

Education is the only way to get people to see its problems.

Exactly your examples use the wrong operator and complain that an edge case operator that no one uses works the way it's documented to, you need to be educated.

Re:PHP is fine

[Xest]

"I'm fed up with the equivocation PHP fans trot out whenever any criticism heads their way. Yes, the quality of a language really does have an effect on the quality of the code you write with it. This is plain for anybody to see, and if you don't see the difference in quality, then you should seriously question your competence."

Absolutely and evidence of this is always only a Google search away. Search on how to do something with a database and the results you get are riddled with things like SQL injection vulnerabilities, even when the source of the official documentation.

There's a reason why like 90% of websites that get hacked nowadays are running PHP - because the community is full of people who just don't know why their language is bad, and because they don't know why their language is bad, they definitely don't understand why their own code is bad.

Re:PHP is fine

Absolutely and evidence of this is always only a Google search away. Search on how to do something with a database and the results you get are riddled with things like SQL injection vulnerabilities, even when the source of the official documentation.

There's a reason why like 90% of websites that get hacked nowadays are running PHP - because the community is full of people who just don't know why their language is bad, and because they don't know why their language is bad, they definitely don't understand why their own code is bad.

It's quite clear that you for some reason have an axe to grind, search any programming language with sql drivers available for it and you'll find examples riddled with sql injection vulnerabilities by your own argument no one should use java, ruby, C#, C++ or anything out there.

Re:PHP is fine

[Bogtha]

Absolutely and evidence of this is always only a Google search away. Search on how to do something with a database and the results you get are riddled with things like SQL injection vulnerabilities, even when the source of the official documentation.

To follow on from this: Language Community Litmus Test: Database Placeholders. An informal survey shows PHP joint bottom, with all but one of the top 5 hits for "PHP database tutorial" promoting insecure methods.

And, as you mention, the official PHP tutorial had beginner-level security holes in it for YEARS. The whole community is riddled with this crap.

Re:Too little too late

[prod-you]

That post is about enhancing their wiki code templating language, not switching away from PHP. The only thing they're switching is to HHVM, which is still PHP code.

http://blog.wikimedia.org/2014...

Yes.

after years as the target of criticism, the PHP computer programming language is seeing a revival

PHP has a really bad reputation, probably well-deserved. I don't know if it can overcome that at this point.

It can be implemented well. I have seen it. The trouble arises when folks insist on over-engineering their PHP solution. I won't mention the photo project, but one time I was looking for the value of a variable. After days of grepping and sifting through thousands of lines of code, I found out that this variable was nothing but a constant in a very deeply embedded class structure. Why they created this whole class and derivatives just to set a constant, I can only guess that they freebased the OOP Kool-Aid.

I don't give a shit what your CS prof says, there is nothing wrong with defines. Or 'goto's for that matter. There's nothing more annoying than a method/function that's hundreds of lines long just because the programmer didn't want to use a 'goto'.

I'm guilty too because I was shamed one time when I used it. But, where I worked, our productivity was counted by KLOCs. So, it all worked out.

Re:Yes.

[whh3]

after years as the target of criticism, the PHP computer programming language is seeing a revival

PHP has a really bad reputation, probably well-deserved. I don't know if it can overcome that at this point.

It can be implemented well. I have seen it. The trouble arises when folks insist on over-engineering their PHP solution. I won't mention the photo project, but one time I was looking for the value of a variable. After days of grepping and sifting through thousands of lines of code, I found out that this variable was nothing but a constant in a very deeply embedded class structure. Why they created this whole class and derivatives just to set a constant, I can only guess that they freebased the OOP Kool-Aid.

I don't give a shit what your CS prof says, there is nothing wrong with defines. Or 'goto's for that matter. There's nothing more annoying than a method/function that's hundreds of lines long just because the programmer didn't want to use a 'goto'.

If your function is hundreds of lines long just because you didn't use a goto, you're still doing it wrong.

Sometimes bad tools are just bad.

I don't get this it's-never-the-tools-but-always-the-programmer attitude that you have. I've seen it a lot at Y Combinator's Hacker News site, too. It's really a dumb concept.

Some tools are inherently bad, and irreparably broken, even in the hands of the most skilled and experienced practitioners.

Even the best master carpenter can't use a blob of Jello as a hammer or a saw. That doesn't mean the carpenter is no good. This carpenter is the best there is. He's just using a totally inadequate tool.

It's the same for programmers using PHP. PHP is naturally broken in ways that even the greatesr, most skilled programmers can't suitably deal with. PHP is just a bad tool in anyone's hands.

Re:Sometimes bad tools are just bad.

What problem can't you deal with in PHP? It's simpler than JavaScript. Seriously, what are you talking about?

Re: Sometimes bad tools are just bad.

If the many problems afflicting PHP and JavaScript aren't blindingly obvious to you, then you should seriously consider giving up computer programming, or never even attempt to do it in the first place.

Re: Sometimes bad tools are just bad.

If the many problems afflicting PHP and JavaScript aren't blindingly obvious to you, then you should seriously consider giving up computer programming, or never even attempt to do it in the first place.

Then its a simple enough question isn't it. What problem is it that's blindingly obvious.

Re: Sometimes bad tools are just bad.

The fact that we have to hold your hand through this process indicates that you should never be allowed to develop or work on any sort of software, ever.

PHP's broken type system, its broken operators, its remarkably inconsistent standard library, its awkward syntax, its quirky and unexpected semantics, and its buggy implementations are good places to start when learning about its serious problems. The more you look into such things, the more you will learn about how flawed it is.

Re:Sometimes bad tools are just bad.

PHP: a fractal of bad design

Re: Sometimes bad tools are just bad.

All of those problems come together to make it impossible to write secure, safe, maintainable software when using PHP. That's the biggest problem of them all!

Re: Sometimes bad tools are just bad.

Weak points. Next

Re: Sometimes bad tools are just bad.

[Jack9]

If the type system is broken, how is it broken? Broken meaning what? If you're going to make a compelling argument, you might want to start simply and at least give a practical example.

You've failed to come up with reasoning compelling that would cause someone with customers and a revenue stream to take notice. Would you put up with that kind of failure in your utopia?

My classical inheritance is intact, my multi-inheritance via composition (traits) is intact, I have lambdas. I have a lot less than that in other languages.

To whit, what does this have to do with what you or cannot do in PHP?

Re: Sometimes bad tools are just bad.

A lo tof that sounds like the very issues C has, in fact PHP inherited some o fthem from C.

Re: Sometimes bad tools are just bad.

Where in the fuck does the GP's comment state that C is any better than PHP? Where in the fuck does the GP's comment even mention C at all? Look at that, it fucking doesn't! When presented with all of the idiocy of your beloved PHP and JS, why the fuck do you wieners immediately bring up C? We aren't fucking talking about C. We're talking about PHP and JS! Are you too damn illiterate to realize that PHP and JS aren't C? Or are you just applying PHP- and JS-style string comparisons, which are so fucking fucked up that "PHP" == "C" and "JS" == "C" both evaluate to true, so you can't even fucking tell them apart?

- Jeff

Re: Sometimes bad tools are just bad.

> Where in the fuck does the GP's comment even mention C at all

You seem to have failed reading comprehension in middle school. The parent was mentioning the carryovers PHP has from it's implementation in C. Why this makes you so unbelievably upset, that you don't even understand what you're reading, has something to do with your strange fixations opposing imaginary problems.

Re:Sometimes bad tools are just bad.

[Sudline]

Example: Arrays are both simple array and associative arrays. Indices are number, in some occasions they are renumbered from 0, and sometimes not. That is the sort of thing that could defeat the best programmer.

Re: Sometimes bad tools are just bad.

I'm not fan of PHP and don't regularly use it as I do little web work and there are better options for CLI tools, but some of what you mention is outright false and the rest are just annoyances and nothing that makes the language unusable by anyone that can do more than just copy and paste code examples that are riddled with SQL injection attacks.

PHP, like most scripting languages, is a loosely typed language. When a language is in a class of languages that does not have clear types on purpose you can't say that the types are broken.

How exactly are it's operators broken? They work like every other language I use. The === and !== is silly, but it's not the end of the world.

Yes the language inconsistencies (argument order, return values, use of exceptions) are obnoxious, but all are easy enough to deal with. JavaScript, C, Ruby, Python, etc.. all have various annoyances like that too.

It's "awkward syntax" and "quirky and unexpected semantics"? What the hell are you on about here? Have you written code in anything other than BASIC? It uses the same C based syntax and semantics that most modern languages use.

Other than the inconsistencies, what buggy implementations are you talking about?

PHP certainly has some braindead design decisions (__FILE__ translating symlinks is my pet peeve), but it's a solid tool. The real problem with PHP is all the crap examples out on the web that people find and use as gospel because they don't understand that passing un-vetted form data to your database or into HTML output is an incredibly stupid thing.

PHP has it's place like every other tool and in an experienced and knowledgable hand it is a very powerful and useful tool for the right job.

Re:Sometimes bad tools are just bad.

The best programmer would realize arrays in php are always associative arrays, they just offer a key with a incremental counter as one option.

Re: Sometimes bad tools are just bad.

[Xest]

The problem is that people like you will continue to deflect the problems away because you're not competent enough to understand them in the first place. You don't know your code is broken.

The fact that you don't know that the type system is broken means that you're wholly unaware that any code you have written involving integers can behave completely differently when you move your codebase from a 32bit system to a 64bit system. It means you probably don't realise that your code is failing when you expect '0.0' to translate in a boolean expression to 0.0 as '0' does 0. It means you probably aren't aware of bugs stemming from the fact that the confused implementation of arrays such that they're partially ordered list, partially hash maps, but that the inherent conflicts that arise mean they fail at both can create nonsensical iteration. It means you don't realise that you have to explicitly declare a global as global, but if you do it might not actually be global depending on where you make the declaration.

But perhaps maybe you do know these things, you're just too much of a PHP fanboy to accept that these sorts of gotchas and faults you have to deal with are problems that people using almost any other language do not. Perhaps you've simply sold it to yourself that it's okay that these inconsistencies and this poor design exists on the language, because you've fallen into the trap of becoming a one trick PHP pony and have cornered yourself with nowhere to go. I've yet to meet anyone with a broad amount of experience across multiple languages (and I mean working on multi-year projects with different languages, not just hacking something together for a day) that really believes that PHP is somehow equally as good as everything else - when someone is genuinely experienced enough to be objective, it becomes obvious that PHP is just a poor choice. I know this precisely because I have not just worked on, but led a multi-year PHP project and have worked on multi-year Java, C#, and C++ projects too - I know that PHP is just objectively bad. It didn't stop us delivering on type and on budget, but it did cut our profit margins by about 10 - 15% on the project compared to if we had used C#, Java, or even RoR.

You talk about customers and revenue streams, but that's exactly when PHP's faults matter - what's a customer going to prefer, PHP with it's higher development costs because of the sorts of poor design above requiring greater development effort, greater unit test coverage, and/or greater testing, or the language that doesn't have those problems and lets developers get things done faster because they don't have to deal with them or even a remotely similarly sized amount of equivalent problems as PHP has and still often get a performance boost to boot given how painfully slow PHP is and how terribly it handles threading (meaning it's blocking and limiting requests more than is optimal).

PHP is fine if you want to do a "doesn't matter" hack project quickly and dirtily, but when professionalism and money is involved it's about the worst option going - it's quirks, problems, and low performance add an inherent cost increase to any development done with it. If you don't understand this it's probably because you just don't know any better, as you've proven with having to even ask the question as to what's broken with the PHP type system.

The TCO of PHP is the overriding reason as to why it's a bad choice, and that's why I'm surprised you try and write off it's problems by implying they're not an issue in the real world when money and customers are involved as that's precisely when it's quirks do become a problem. Obviously you've never had any accountability or responsibility for delivering a project with maximised profit margins, maximised customer happiness, and maximised stability, performance and maintainability or you'd know full well that you've spouted an awful lot of nonsense.

Are you down w/ OPP?

[v3xt0r]

I'm not down with Other People's PHP (OPP), knaw me

Never understood the PHP hate

[MBGMorden]

I've written PHP, Java, Javascript, C#, C++, C, and VB (and have dabbled in Ruby and Python), and I still don't get the hate for PHP. Granted, weakly-typed variables are a bit aggravating, but that's the only major complaint I have with it.

Re:Never understood the PHP hate

[Parker+Lewis]

The core is broken. While you have namespaces and patterns to apply inr your code, PHP core functions still don't have namespaces, class, don't even have a pattern in their names/parameters (to not blame the real lack of classes for strings, by example). This only to start. If you want to get deeper: http://me.veekun.com/blog/2012...

PHP is a piece of shit and this is why

[r.freeman]

Some small examples: http://eev.ee/blog/2012/04/09/... and many of http://www.reddit.com/r/lolphp...

Re:PHP is a piece of shit and this is why

[UnknownSoldier]

That's a great list!

Analysis of the PHP source code, showing some of the ways PHP is fucked up and hopeless beyond repair:

http://www.viva64.com/en/b/027...

Re:PHP is a piece of shit and this is why

Hilariously, your link nor the GPs show it's fucked up and hopeless(ly)
beyond repair. Take a look at the Poco library, when you get around to
learning some C.

Couch programmers bashing again.

[kennycoder]

Honestly I'm really tired of reading over and over again about how PHP is bad and is better. I'm working for one of major European companies that have e-commerce businesses all over the world and pretty much everything is developed in PHP. Properly developed. Currently we employ around 3000 devs worldwide and somehow the products are stable, reliable and security wise, we still haven't had much issues except for some mishaps from system administration side. Our code is not all written from scratch because we employ some frameworks that indeed force most of the people to write better code.. Add constant code reviews from professional team leads, some tools that help you hunt bugs and you get yourself a proper platform. And I've seen it all.. Java development, C for embedded systems, .NET for medical development. There is shit everywhere when there is no discipline, so please spare me all the mocking. Don't blame the tool.. blame your laziness for not doing things properly.

Re: Couch programmers bashing again.

How do you know that your code is secure? How do you know that your deployments haven't been compromised?

Those who are so certain that their code and systems are secure are usually the ones who are just the most oblivious to the many serious security problems that are actually present.

Re: Couch programmers bashing again.

[Jack9]

[citation needed]

Re:Couch programmers bashing again.

I know TOTALLY, like we use Visual Basic and we too are sick of hearing how wrong and horrible it is....

With properly typed code we have had no issues maintaining our Access97 databases. Active X plugins are still working just fine.

The fools are the ones who never learned how to properly split up their databases and then use VBA to script the whole thing back together.

We have had zero breaches or crashes despite the vendor telling us the product is EoL. We just hire top notch talent and only write perfect VB6 code......

Really guys just slow down...... We just upgraded from windows 98.

Re:Couch programmers bashing again.

You're using PHP. I fingerprint your server's version (it's in the response hearder by default). Now there is nothing you or your 3000 professional world wide devs can do to prevent me from hacking your system.

Meanwhile, I write my dynamic websites in C, have job security, and secure modular systems that properly separate page generation from logic and don't need to change the caching system if the page layout changes. I can also take advantage of unit testing and input testing with fuzz testing and automatic stub generation. The build management ties into my issue tracker. Native virtualization and compiled code makes this much faster than even cached PHP and has much less RAM overhead for handling heavier loads with more throughput using less hardware.

I used to write enterprise software in Java, but C is every bit as cross platform and actually more secure (since it doesn't bring the whole kitchen sink full of everything in the Java API as an attack surface). PHP also suffers from this same attack surface problem. Even if you're not using the feature the mailing list tells me how to exploit, I can still exploit it. Our coders actually know the danger of doing stupid things and so we're more cautious. We also know exactly what the code is doing -- there's no wondering "what's $SCRIPT_LANG actually doing under the hood here?"

The difference between your 3000 devs and mine is that my devs could work on our copy of PHP's code itself and apply our own patches to keep it secure -- Rather than do that plus maintain our backend, we simply maintain only the backend.

Re:Couch programmers bashing again.

[Xest]

It's got nothing to do with laziness, at the end of the day the fact remains that PHP has an awful lot more inconsistencies, and has an awful track record on security, stability and functionality.

I'm skeptical that anyone who claims to have a good depth of experience of PHP but claims it's as fine as anything else really does have the experience they're claiming. As soon as you need to start doing anything serious, like say, making use of threads, PHP's deficiencies rapidly come to the fore when compared to other technologies like Java and .NET. It's a simple fact that PHP has more inconsistencies in both it's language design and libraries, it's a simple fact that PHP is interpreted not compiled or JIT compiled making it inherently slower, and it's a simple fact

Re:Couch programmers bashing again.

[Xest]

Hmm. No idea what the fuck just happened to the rest of my post, lucky Slashdot isn't written in PHP or I could blame it for that too :)

Anyway, basically my point was that it's really not in question that PHP has a number of problems that it's competition simply does not have, those problems are not caused by the programmer, they're caused by the language and it's libraries.

Yes you can write bad code in .NET, Java, C++ and whatever else, you can also write good code in PHP. None of that is in doubt, but it's a common argument in favour of PHP that sidesteps the fact that like for like, skill for skill, there is a higher cost to PHP- you need to implement more unit tests, you need to spend more time peer reviewing, the code is more verbose and has a higher maintenance burden, and so on and so forth. So yes, you can do things with PHP just fine, but you're paying more to achieve less, and that's really the problem - you're throwing money down the drain by using PHP. It maybe that that's acceptable if you've reached a point where you have so much invested in it that switching would cost too much at that point, but ultimately if you're going to rewrite anything or do it again you're better off switching away from PHP to technologies that are more secure by default, perform better by default, have languages that better support refactoring and maintainability by default, and let you get more done with less cost.

Re:Couch programmers bashing again.

You're using PHP. I fingerprint your server's version (it's in the response hearder by default).

Weird it seems to be missing from my default setup:

HTTP/1.1 200 OK
Date: Tue, 24 Mar 2015 13:48:26 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding,User-Agent
Content-Type: text/html

Now there is nothing you or your 3000 professional world wide devs can do to prevent me from hacking your system.

You know of some remote shell AND privilege escalation involving php? that would be impressive since it's running chrooted, non root AND namespaced on my production systems.

and secure modular systems that properly separate page generation from logic and don't need to change the caching system if the page layout changes. I can also take advantage of unit testing and input testing with fuzz testing and automatic stub generation. The build management ties into my issue tracker.

Weird I get all of that with php as well. You must be doing something wrong if you dont.

PHP also suffers from this same attack surface problem. Even if you're not using the feature the mailing list tells me how to exploit, I can still exploit it

Oh ok you're just inexperienced with setting up secure web servers. Those features can be stripped out from php. My production servers only include the modules relevant to the software i'm running on that system

Re:Couch programmers bashing again.

it's a simple fact that PHP is interpreted not compiled or JIT compiled making it inherently slower

You may want to stay away from this one. While it's true raw benchmarks show php being 10-20 times slower than .net or java or many other things. The fact is in actual production the speed difference is 9% and when you throw in HHVM there is virtually no speed difference for a primed cache. The reason being most web applications are not cpu bound, they're io bound by database access. So while php code may be many times slower than equivalent .net code they both only make up 10% of the execution time of your software, the rest is spent waiting on the database to do its job. This is why a good DBA is so important for enterprise systems.

Re:Couch programmers bashing again.

[Xest]

That requires a few assumptions though, that you're using HHVM rather than the official PHP interpreter and that your application really is IO bound (which is entirely application dependent), and finally that you're not fully optimising your .NET, Java, or whatever else environment too.

Even given these assumptions though, there's still the problem that PHP simply doesn't offer the breadth of support for hosting your application to optimally cater to different cases in the first place. For example, with WCF you can configure it to support node.js style event based programming with few threads rapidly offloading incoming requests, or lots of threads to handle long running IO bound processing requests concurrently.

For typical SMEs and even quite a few large companies you're rarely optimising to this degree, but for those where you are you're still left with far more tools in the .NET and Java world and the divide is typically growing, with improved support for things like .NET native. Effectively you're comparing an optimised PHP environment against a typical .NET/Java environment, rather than comparing two optimised environments where both are using the most cutting edge optimisation options available.

To me the performance benefits of not going with PHP and going for something faster would be an acceptable loss if PHP offered some compelling benefit on top, but the problem is that it really doesn't - the language is more poorly designed, the libraries are more inconsistent, often less useful, and even the toolchain available is typically worse. As such the problem is that the .NET/Java JIT advantage is effectively just a free bonus for using those platforms over PHP which just makes PHP that much less compelling again.

There's a fair argument that with C++ the performance advantage it has over say, .NET really isn't worth it because .NET offers more rapid development (though that's ultimately going to depend on how high performance rates on your scale), but PHP just does not have that same advantage - any initial up and running advantage with PHP is rapidly lost by way of the requirement for more intricate unit test coverage and/or greater testing and more time consuming debugging. PHP is fundamentally both slower to develop with and slower to execute, and that's the problem.

I agree with you about the importance of a good DBA, all too often the benefits of having one is painfully under-appreciated by many companies.

Re:Couch programmers bashing again.

That requires a few assumptions though, that you're using HHVM rather than the official PHP interpreter

No it doesn't in the real world official PHP interpreter shows approximately 9% lower throughput on the high end of things, HHVM just closes that gap entirely and things will be a whole lot more interesting when PHP 7 and beyond come out, without even going to JIT they're showing better performance than JIT'd code, ie PHP will outperform .net in real world and many micro benchmarks.

and that your application really is IO bound (which is entirely application dependent), and finally that you're not fully optimising your .NET, Java, or whatever else environment too.

These are web apps not 3d games, io is your limiting factor in almost all instances, even if you're cracking md5 passwords in php you're still going to be using a rainbow table and hence io bound.

For example, with WCF you can configure it to support node.js style event based programming with few threads rapidly offloading incoming requests, or lots of threads to handle long running IO bound processing requests concurrently.

When it comes to web applications running on Linux usually they're under Apache which unless specifically configured in the right way does not cope with long running requests, the typical solution is to move to node.js for those long running event based requests anyway. This isn't so much a failure of php as it is a design flaw in the typical Linux hosting setup.

To me the performance benefits of not going with PHP and going for something faster would be an acceptable loss if PHP offered some compelling benefit on top, but the problem is that it really doesn't

For linux hosting .net is a pain in the ass, it requires a high degree of compatibility testing to ensure mono implements everything you need. now that has changed and is likely to get a whole lot better with microsoft open sourcing the stack but its not a complete open source at this point.
Further PHP deployment is very nice, hence why Facebook abandoned HipHop and went with HHVM, it's hard to beat being able to rsync (or git pull) to update your application, no need to recompile after that or restart any services, you do a git pull and instantly you're up to date. For windows based hosting i'd go with .net but fortunately i'm not stuck with windows, the advantages of using a Linux server make the small downsides of PHP well worthwhile.

- the language is more poorly designed, the libraries are more inconsistent, often less useful, and even the toolchain available is typically worse. As such the problem is that the .NET/Java JIT advantage is effectively just a free bonus for using those platforms over PHP which just makes PHP that much less compelling again.

The language itself being poorly designed generally boils down to preference, that php is a fractal of bad design site whines about the syntax of the array push operators and how when people put == they really mean ===, these aren't legitimate complaints, i've seen real world bugs in other languages where people put = instead of == or := instead of =, typos and inexperienced developers happen, get over it.
The libraries being inconsistent does suck, that's why i never use them directly, I have my own framework that abstracts it away entirely no library inconsistencies to deal with.

Re:Couch programmers bashing again.

[Xest]

"HHVM just closes that gap entirely"

This is wholly false, HHVM is still a long way behind the level of JIT optimisation that both the JVM and the CLR perform, in part because PHP was never designed with the intention of being JIT'd from the outset making it much harder to JIT well in the first place. The amount of language inconsistency, edge cases where it contradicts itself and general design whereby things have been bolted on unplanned and ad-hoc all but guarantees you'll never write a JIT compiler for PHP that can be as effective as the CLR and JVM. The only way you'll get PHP to the point it's a serious competitor for .NET, Java, and C++ is if you create a version of the language that completely breaks free from it's past, tightens up the rules and changes the way things work- it can't even be backwards compatible, put simply, it wont even really be PHP anymore. IIRC someone started a project to do exactly this, maybe it'll bear fruit, though I'd question if it's even necessary when the JVM and now CLR are open source.

"These are web apps not 3d games, io is your limiting factor in almost all instances, even if you're cracking md5 passwords in php you're still going to be using a rainbow table and hence io bound."

Even if you are IO bound this still highlights the problem with PHP thinking- the idea that you can only do one thing at a time, it's nonsense. In .NET, in Java, even in node.js and of course in C++ with IOCP (which node uses on Windows anyway) you don't just sit and wait for IO completion, you process other things. If you're genuinely working in a high end environment the CPU will be kept busy regardless of what IO waits are occuring. The fact that these technologies can get much more done whilst waiting is still wholly relevant. If you think all processing should be done in serial then you really don't understand the way high end server processing is done. If you're only using the CPU 10% of the time and waiting for IO the other 90% of the time you're doing it very wrong.

"The language itself being poorly designed generally boils down to preference, that php is a fractal of bad design site whines about the syntax of the array push operators and how when people put == they really mean ===, these aren't legitimate complaints, i've seen real world bugs in other languages where people put = instead of == or := instead of =, typos and inexperienced developers happen, get over it."

It's got nothing to do with preference. Inconsistencies, additional verbosity and so forth inherently increase the risk of mistakes no matter how good you are (or think you are). Much of it is a result of the fact that many of PHP's key features were bolted on after the fact (like OO for example). It's absurd to suggest that a language that has had things bolted on that it was never designed for from the outset is no worse than a language that was properly planned and thought through from the outset. You cannot increase the complexity of a language without adding anything beneficial in the process and expect it to be just as good for writing software as something more streamlined and better designed from the outset, this is objective fact - more room for mistakes is more room for mistakes and the quality of programmer is irrelevant as the perfect programmer is a myth.

I've always said you can get things done with PHP, I have, I've delivered a large multi year project with it - it's faults aren't crippling. But there's a cost- more development time, or more bugs. Dollar for dollar, pound for pound, you'll get more for you money if you use one of PHP's competitors rather than PHP whether that's faster development time, lower defect rates, better performance, better maintainability, or a combination of these factors - the fact you admit you have your own framework highlights this sort of issue that you face with PHP, you've had to spend time building something that is unnecessary in something like .NET where the framework is

Re:Couch programmers bashing again.

This is wholly false, HHVM is still a long way behind the level of JIT optimisation that both the JVM and the CLR perform, in part because PHP was never designed with the intention of being JIT'd from the outset making it much harder to JIT well in the first place. The amount of language inconsistency, edge cases where it contradicts itself and general design whereby things have been bolted on unplanned and ad-hoc all but guarantees you'll never write a JIT compiler for PHP that can be as effective as the CLR and JVM. The only way you'll get PHP to the point it's a serious competitor for .NET, Java, and C++ is if you create a version of the language that completely breaks free from it's past, tightens up the rules and changes the way things work- it can't even be backwards compatible, put simply, it wont even really be PHP anymore. IIRC someone started a project to do exactly this, maybe it'll bear fruit, though I'd question if it's even necessary when the JVM and now CLR are open source.

I take it you're enitrely unfamiliar with HHVM then. The second half of your paragraph proves it.

Re:Couch programmers bashing again.

[Xest]

The second half of the paragraph proves that I understand VM technology in quite a lot of detail, and understand the sorts of difficulties involved in moving from a language to executable code through an intermediate form.

I know that HHVM doesn't support strict PHP which is presumably what you're referring to, but if you're confusing the moderate changes made to make it work in a JIT at all with the complete break needed to be able to act in a competitively optimised JITted environment then it's not me that doesn't know the topic, it's you.

Re:Couch programmers bashing again.

Even if you are IO bound this still highlights the problem with PHP thinking- the idea that you can only do one thing at a time, it's nonsense. In .NET, in Java, even in node.js and of course in C++ with IOCP (which node uses on Windows anyway) you don't just sit and wait for IO completion, you process other things. If you're genuinely working in a high end environment the CPU will be kept busy regardless of what IO waits are occuring. The fact that these technologies can get much more done whilst waiting is still wholly relevant. If you think all processing should be done in serial then you really don't understand the way high end server processing is done. If you're only using the CPU 10% of the time and waiting for IO the other 90% of the time you're doing it very wrong.

You seem to be confusing multithreading with asynchronous IO, PHP most certainly can do asynchronous IO for most of the common apis, sockets, database, curl all support asynchronous IO. You seem wholly inexperienced with PHP. You don't have to just sit and wait for IO completion in PHP you most certainly can continue to do other things.

Re:Couch programmers bashing again.

I know that HHVM doesn't support strict PHP which is presumably what you're referring to, but if you're confusing the moderate changes made to make it work in a JIT at all with the complete break needed to be able to act in a competitively optimised JITted environment then it's not me that doesn't know the topic, it's you.

HHVM does support plain old PHP, it also supports the complete break required for a fully optimized JIT environment. Further the biggest slowdown with PHP and JIT is that it's dynamically typed. That's not a bug in PHP it's a feature all dynamically typed languages have the same problems with being JIT'd but in practice there has been a lot of research in dynamically typed languages and JIT (much of it from microsoft and has gone into the .net CLR) to the point that that gap is quite narrow. The second half of your paragraph shows that you are parroting what someone else told you about HHVM, it passes the code through multiple optimizing steps that are able to figure out what variables aren't truly being dynamically typed and are really secretly statically typed and it is able to apply the same standard JIT optimizations that all other JIT compilers are able to perform. It essentially re-compiles the PHP into a statically typed form that lends itself well to being JIT'd after that you're left with bits and pieces here and there that do require a lower performing dynamic JIT, but the portion of code left to that other code path is quite low.

Re:Couch programmers bashing again.

[Xest]

Yeah you're right, I haven't touched PHP in a couple of years now so I haven't seen anything about (nor can I find anything even now) PHP's new async support for the things you list. Yes I'm aware it's now got some half-arsed threading support hacked in to move away from basing attempts at multi-threading on curl hacks, but it's not me you need to be telling this to - it's the other guy whose argument that PHP is fine performance wise is because you're spending 90% of the timing waiting on blocking IO, which is obviously nonsense. This was historically the PHP way and it shouldn't come as a surprise to someone claiming to be well versed in PHP that this is a deeply entrenched way of doing things in the PHP community for that very reason, but it's never been the way of doing things in the languages I mentioned because they've all been designed to support it from the outset.

At the end of the day, in things like C++, Java and .NET you've got control of asynchronicity through the entire stack, but with PHP you're still limited by a strict bunch of fudges.

Re:Couch programmers bashing again.

I haven't seen anything about (nor can I find anything even now) PHP's new async support for the things you list.

Then why does your very next sentence mention people using async curl support to hack in multithreading?

Yes I'm aware it's now got some half-arsed threading support hacked in to move away from basing attempts at multi-threading on curl hacks.

How do you think those curl hacks worked if not asynchronous io? if they were blocking they wouldnt do what they were intended to.
and stop conflating multi threading and asychronous io they are NOT the same thing.

but it's not me you need to be telling this to - it's the other guy

I'll uh not be talking to myself like a raving lunatic tyvm. But I did tell you ,the guy who argued it didnt exist

PHP is fine performance wise is because you're spending 90% of the timing waiting on blocking IO, which is obviously nonsense.

You're still going to spend 90% of your time waiting on blocking io. you can't complete your request until that io request is done, sure if i have 30ms of php code executing and a 180ms sql query I can use asynchronous io to make that entire request take 180ms instead of 210ms, but you're still spending the bulk of your time waiting for that 180ms sql query. and don't forget if you're doing anything with the results of the sql query you cant do the entirety of the 30ms php work inside the wait time for the sql query, so your page query will be closer to 200ms using async io

At the end of the day, in things like C++, Java and .NET you've got control of asynchronicity through the entire stack, but with PHP you're still limited by a strict bunch of fudges.

PHP has had asynchronicity for some time, it does not have multi threading the two are not the same thing, you can use multithreading to achieve asynchronicity as .NET does but it is not a requirement (see node.js and php).

Re:Couch programmers bashing again.

[Xest]

Okay, so it sounds like I was right then after all if you're conflating curl hacks which require the spawning of a completely different process and a full blown TCP connection to achieve anything with an actual proper threading solution or async IO implementation (FWIW I find it amusing that you claim multithreading and async IO are completely unrelated things and then pretend curl is an async IO implementation- facepalm. You don't even know how PHP's curl library works).

I was going to reply in a bit more detail to everything in between, but then I got to this section of your post and realised it's fruitless as you don't even understand the basics:

"You're still going to spend 90% of your time waiting on blocking io. you can't complete your request until that io request is done, sure if i have 30ms of php code executing and a 180ms sql query I can use asynchronous io to make that entire request take 180ms instead of 210ms, but you're still spending the bulk of your time waiting for that 180ms sql query."

There's two problems with this:

1) You still demonstrate that your knowledge doesn't stretch beyond basic CRUD environments, you believe that everything you do on the web is simplistic web front-end, database backend CRUD type stuff. This is false, and if you had any worthwhile professional experience you'd know that a lot more typically goes on behind the scenes than my first website type setups (but that's probably also why you think PHP is acceptable, because you're not doing anything that matters).

2) On one hand you're talking about high throughput environments, and on the other you're talking about a process only handling one client at a time, which is what I was referring to when I talked about the PHP way. In more professional environments you don't need a whole new process for each concurrent request. That's a massive amount of unnecessary overhead, and environments like .NET and Java allow you to simply process other incoming requests in the same process whilst one is awaiting IO.

You seem to completely lack any grasp of the cost of firing up processes, as you seem to believe that spawning a process is an equivalently performant thing to do as firing off a new thread. It's sad, and you just prove my point that PHP folks only support PHP so vehemently because they don't know any better.

There's a reason that PHP stirs up hatred towards it more than anything else (well, except maybe Javascript) - it's because it's objectively shit, and the only ones that can't see that are those that are inexperienced and don't know any better. Languages like C# and so on just aren't even close to as controversial because for the most part they largely just work as you expect them to, and aren't as poorly designed.

Re:Couch programmers bashing again.

Okay, so it sounds like I was right then after all if you're conflating curl hacks which require the spawning of a completely different process and a full blown TCP connection to achieve anything with an actual proper threading solution or async IO implementation

No, theres still implementations in both mysql and postgresql implementations that dont involve curl at all, loo kat the documentation.

(FWIW I find it amusing that you claim multithreading and async IO are completely unrelated things and then pretend curl is an async IO implementation- facepalm. You don't even know how PHP's curl library works).

multithreading can be used to implement async io but it is not a requirement, see node.js.
I would bother responding to the rest of your post but given the content of it and your other posts how blatantly false and how they ignore entirely what I way it's obvious you're just trolling. I bid thee adieu

Re:Couch programmers bashing again.

[Xest]

"multithreading can be used to implement async io but it is not a requirement, see node.js."

Oh god. Node.js uses IOCP, which implements a thread based model. Did you think it used magic or something?

No wonder you're posted AC, you're just embarrassing yourself. Acting as living proof that PHP developers are clueless. Well done, you've successfully proven my points throughout.

Re:Couch programmers bashing again.

Oh god. Node.js uses IOCP, which implements a thread based model. Did you think it used magic or something?

All of your events in node.js take place within the same thread IOCP's threading takes place outside of the context of node.js. If you're going to call node.js applications multithreaded then php applications are multithreaded as well because my fpm process runs multiple children to handle multiple requests at the same time.

Re:Couch programmers bashing again.

[Xest]

Oh are you still here embarassing yourself? I thought you'd gone. Processes != threads. This is CS101.

P.S. The way you speak of IOCP shows you don't even know what IOCP is or how it works.

Is that you Bronscon?

Re:Couch programmers bashing again.

Processes != threads. This is CS101.

And it's about as relevant as calling node.js multithreaded because it uses IOCP. When it comes to writing the actual code in node.js you're doing everything in a single thread, if you block in one of your callbacks no other callbacks can run until the block has cleared, the io itself may be multi threaded (as it is in php when using any of the multiple asynchronous io apis) but the main code is single threaded (as it is in php) unless of course you use an actual threading api in node.js (just like what happens in php when you use one of the actual threading apis). holy shit would you look at that, your imaginary differences are just that, imaginary.

Re:Couch programmers bashing again.

[Xest]

You still seem to think spawning new processes is in any way a passable form of multi-threading in a high load environment as opposed to spawning new threads. This alone shows you're not fit to have any kind of discussion on this topic.

For starters, it means you can handle drastically fewer concurrent tasks because it has by far a higher memory and CPU footprint to do so. That's before you factor in the problems of shared data meaning you're probably also duplicating data in your separate processes (i.e. each process will probably have to have it's own copy of any configuration data).

But this is just one of many reasons why PHP is shit, stop trying to claim it's not whilst basically inadvertently arguing that it is.

PHP is for fags and housewives

Real programmers create web technologies using FORTRAN. Fuck all this API object-oriented horseshit.

A better model for Dynamic Typing

[Tablizer]

weakly-typed variables are a bit aggravating

A lot of that can be alleviated simply by having a language that does not overload operators across types, such as "+" for addition and concatenation, and by having optionally type-validated parameters.

ColdFusion may suck in other ways, but it got these two things mostly right. Witness the function parameter (argument) declaration definition:

<cfargument
    name="string"
    default="default value"
    displayname="descriptive name"
    hint="extended description"
    required="yes|no"
    type="data type">

Example code:

<cfArgument name="amount" type="numeric" required="yes">
<cfArgument name="deadline" type="date" required="false" default="12/31/2015">

You don't have to declare type and required status if you don't want to, but the feature is there IF you want tighter typing. (There is no compiler to check up-front, it's still dynamic, but I imagine a "lint" like warning system could be built that can spot suspicious type usage before a run.)

Note that ColdFusion has no (detectable) type "tag", and validation is done by parsing, or what resembles parsing. It perhaps may use tags under the hood for performance reasons, but they are not visible to programmers. (Thus, a clone interpreter without tags would produce the same result, ignoring performance.)

That simplifies things in my opinion. It's "WYSIWYG" typing. Tag-based typing is trickier to manage in my opinion. I much prefer tag-free (including my mattress). ColdFusion thought dynamic typing through.

Re:A better model for Dynamic Typing

A lot of that can be alleviated simply by having a language that does not overload operators across types, such as "+" for addition and concatenation, and by having optionally type-validated parameters.

You're on the wrong article this article is about php not javascript.

Re:A better model for Dynamic Typing

[Tablizer]

The summary does mention JavaScript. And Php still has the problem for equality operators (greater than, equal, etc.). Then again, ColdFusion didn't quite settle equality comparing either.

I miss Slashdot / get off my lawn

The comments on this article are a horrible cesspool worthy of Youtube commenters.

PHP hatred is the in thing, I get it. But what do these comments have to do with the fine article? How are we improving as an industry by hating on PHP? How are we encouraging the next generation of coders by these vapid, ignorant comments?

If you agree, I invite you to join the rest of us Slashdot refugees at HN. Ouch. So sad.

Not By Choice

[Tablizer]

JavaScript has enjoyed a dramatic renaissance as it has been transformed from a browser scripting tool...to a substantial client-side programming language

This is mostly because there are few practical alternatives on the client side. You can't have the user install say Python on the client side if you want to use Python. It's the QWERTY of programming languages: you are stuck with it because everybody else is also stuck with it. They are not going to fudge their browser just for your particular site.

While JavaScript may be fine for a light-duty glue language, it sucks big juicy ones for large interconnected libraries, such as GUI engines. A strong-typed language is much better suited for large libraries.

It's backwards to load an entire GUI engine just for one app. It's almost as bad as DLL-Hell. Time to rethink web GUI standards (or lack of).

Re:Not By Choice

[Bing+Tsher+E]

Javascript is what makes pages load on peoples' browsers in seconds instead of milliseconds. It can turn a relatively recent computer or tablet into a slug.

Keep your 'code' outta the marked up text that I'm trying to read. Nobody cares that you think you're a 'web developer' because you can slow down a stream of text that your 'users' are trying to fricking read.

Re:Not By Choice

Weird, despite having extremely heavy javascript that even sometimes requires a backend recompile that results in the server waiting around 2 seconds just to even begin serving the javascript, my own pages load up in under 100 milliseconds and work fine even during that backend recompile.
Properly designed javascript can be loaded asynchronously and with progressive enhancement the pages themselves continue to work fine until the javascript is ready, they just require a full page refresh for saving input in that time or will auto fill out their fields later after a slight delay

Re:Not By Choice

[dave420]

OK, Grandpa. Sorry. We'll get off your lawn now.

You can install NoScript and have to refresh your pages time and time again any time you want to use them, wasting seconds and many KB in the process. The rest of us will keep using the tools which give us the web we want to use.

Shouldn't you be napping somewhere?

Re:Not By Choice

Javascript not only slows pages but also's a huge malicious exploit deliverer. Keep using that crap since you're stupid enough to (especially where it's not really needed), Shouldn't you just fuck off now? Yes.

Re:Not By Choice

> Javascript not only slows pages but also's a huge malicious exploit deliverer.

The language isn't; the browser is.

Install

I found the install of php on windows to be so much of a pain in the ass that I avoid it for that reason alone. No linux here... can't get it onto a unix box.

This mismatch of httpd and php situation is terrible.

Re:Install

[ericlondaits]

Just install one of the many many WAMP packages (WAMP = Windows + Apache + MySQL + PHP). Typically you just run a setup executable and get a ready to use installation of Apache with PHP and a MySQL server, which normally includes phpMyAdmin and some other helpful stuff.

Re:Too little too late

ORLY?

I've never seen PHP in decline at all. People still rolling out Wikimedia Wiki's and Wordpress sites like there's no tomorrow.

A lot of BS about PHP comes from developers of more OOP/MVC coding designs using Ruby on Rails, where as I think Ruby on Rails is a mess.

PHP lets developers do what they want to do, if that means combining html and a pile of includes to use it as an efficient SSI, so let them. That's what it's really good for.

What PHP is really bad for is beginner developers who put stuff on the web without taking into consideration security (never use $_GET directly in a SQL query for example)

Facebook was written in PHP

now all of you haters can properly go fuck yourselves.

Re: Facebook was written in PHP

[corychristison]

Disclaimer: I genuinely like PHP.

Facebook was originally written in Facebook, yes. However, you are missing the important fact Facebook took it upon themselves to fix a bunch of PHP's mistakes with HipHop PHP, later named HHVM.

I've actually played with HHVM a bit. It maintains mostly backwards compatability with PHP code, but adds optional static typing and a few other goodies.

No Static Typing

[aberglas]

For all of PHPs many, many horrors, the one that actually got me the most is the lack of static typing when working with a large body of PHP code (Wordpress). One can wonder at many of the details of arrays etc, but once you know all the gotchas then you can work with them. But no static typing gets you over and over.

It is also interesting that 40 years of careful research into programming language design, including very sophisticated systems such as Algol 68 and Common Lisp, had absolutely no effect on the design of what are the most commonly used hack languages today. (PHP and C.)

Re:No Static Typing

[rs79]

"It is also interesting that 40 years of careful research into programming language design, including very sophisticated systems such as Algol 68 and Common Lisp, had absolutely no effect on the design of what are the most commonly used hack languages today. (PHP and C.)"

You may have won the Internet today. I salute you sir.

(btw I'm totally stealing this)

Re:No Static Typing

[dargaud]

It is also interesting that 40 years of careful research into programming language design, including very sophisticated systems such as Algol 68 and Common Lisp, had absolutely no effect on the design of what are the most commonly used hack languages today. (PHP and C.)

Thank god for that.

Re:No Static Typing

[Jack9]

Without any actual evidence, the 40 years of careful research is nothing more than navel gazing. This research has been the equivalent of "don't you think this is true? here's why" which is not how any kind of science is established.

Re:No Static Typing

Static typing was just approved for PHP 7 last week.

I'm just here for the flames

and, yeah, I'm sick of php but still writing it

I CAN tell you. Autoglobals, for 1. Much better

[raymorris]

I CAN tell you why PHP 3.x and 4.x were used in a lot of projects with security problems. I've made many posts here going into detail. The biggest thing was probably autoglobals. That was insane for a WEB language, even one then intended to be easy. It might make sense for local macros (vbscript) that are supposed to be written by non-programmers.

If you combined few of PHP 4.x blind spots with stupid Plesk running the script via suexec, you either found out you quickly got owned, or more often got owned and didn't even know it.

PHP really sucked in terms of security and there were several very clear reasons for that. Some will say even old PHP could be used to write secure software. Nope, not with the default PHP.INI configuration. Even a blank, empty PHP script contained a significant security risk.

Things are MUCH improved. People who actually know something about language design have gotten involved. Rasmus has said publicly that he doesn't know anything about language design and early versions of PHP proved that. Of course, he wasn't originally creating a programming language, PHP was a CMS, written in Perl. It was ABused as a general purpose programming language, and it didn't do a good job in that role, because it wasn't designed for that role. The newer versions ARE designed as a general purpose web programming language, and they are much better suited to the task.

Re:Too little too late

[OutOnARock]

A lot of BS about PHP comes from developers of more OOP/MVC coding designs using Ruby on Rails, where as I think Ruby on Rails is a mess.

look at the mess calling the mess a mess!

PHP best practice

[msobkow]

Don't.

:P :P :P

PHP - Best common practices:

[rs79]

Don't use PHP. Use node. If you can't do that, use C. Not C# or C++, C. What, are you eight or something?

Comment removed

[account_deleted]

Comment removed based on user account deletion

"A fractal of bad design"

Ohhh come on ! It's 2015, and this is still true: http://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/

Disclaimer: I didn't write this, but it summarizes pretty much what I thought of PHP.
(the incoherent libraries are a show stopper for me)

Re: "A fractal of bad design"

LOLOL that article is a bunch of whining. If the language doesn't work the way you want it to, dont use it. That article is 3 years old and has been debunked over and over. The fact that your still posting it, proves you know shit about php. You probably never touched php, you read that article and believed every word of it without actually testing for yourself.

Shame on you sir.

What's the title of this article here?

JavaScript opens doors to browser-based attacks http://news.cnet.com/JavaScrip...

Fact: Javascript's DOM model is fucked.

So, don't even try to tell us that completely utter bullshit webboy. Your "Web 2.0" is purest bullshit and a privacy nightmare too!

I can literally post another 55++ like articles here easily with more specific javascript driven exploits.

The problem?

You web dumbos are not real programmers. That's right. You have no clue. If you're not aware of javascript's issues, you're clueless. Period.

Dimwits like yourself don't realize a lesson from history. Microsoft's history of all places. The second you introduced scripting into documents (ala Word, or Excel macros in their compound object document model to attempt to be a datacentric, rather than app centric model)? The trash came blowing in.

Is scripting web documents any better? Read the article above, tell us differently.

Attempting to spout b.s. to further your agenda & 'career' now? It's not working vs. fact. It's that, in your utter lies, or you are ignorant of history.

Re:What's the title of this article here?

> Fact: Javascript's DOM model is fucked.

Jeez, don't get so bent out of shape. All I'm saying is it's not the language's fault that the browser makers have used it in this way. Yes, I know JS started out in the browser, but it's not limited to that context.

You do know the DOM is a browser thing, right?

Re:Too little too late

PHP has earned all the scorn it gets and than some.

It is developed by amatuers, for amatuers.

I am glad it exists because its exsistence on a resume gets it deleted with prejeduce.

Sure there might be one or two programmers worth hiring with PHP on their resume, but I would rather miss those two than have to deal with 100,000 PHP cretins to find them