Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
1. it exists
2. people use it
yeah 5.4 has some moderate changes. array literal syntax! welcome to 1992.
traits should be amusing. even more rOOPe for novices to hang themselves with.
utf8 is now the "default charset" you'll have to explain what that means since php strings still can't natively accept unicode without mb_* hacks.
it has some good points
Posted Mar 2, 2012 10:26 UTC (Fri) by alex (subscriber, #1355)
Instead of sneering at the flaws and non-leetness of it's users we should be offering to show people who have cut their teeth on PHP how things can be achieved on modern server side systems.
PHP 5.4.0 released
Posted Mar 2, 2012 12:55 UTC (Fri) by Kit (guest, #55925)
People bash PHP all the time, and I'm really not a fan of it, but when I get right down to it... it's hard to point to any of the alternatives and say 'this is better'. If you ignore that so many of the people that give PHP advice give absolutely awful advice (such as encouraging the use of the old mysql(i)_* functions, which make SQL injection child's play, instead of PDO), since if it wasn't for PHP they'd likely give awful advice in another language... It's really hard to point to major issues with PHP.
Posted Mar 2, 2012 13:07 UTC (Fri) by Cyberax (✭ supporter ✭, #52523)
Posted Mar 2, 2012 13:20 UTC (Fri) by sorpigal (subscriber, #36106)
Posted Mar 2, 2012 15:50 UTC (Fri) by rfunk (subscriber, #4054)
(I grew up on Perl. Switched to PHP, then to Ruby. When I went back to Perl for a while it was nearly unbearable.)
Posted Mar 3, 2012 15:53 UTC (Sat) by cmccabe (guest, #60281)
Posted Mar 8, 2012 15:08 UTC (Thu) by Los__D (guest, #15263)
Posted Mar 2, 2012 13:24 UTC (Fri) by khim (subscriber, #9252)
So what language is actually better suited for the job that PHP is used for all the time?
Well, PHP is perfect for the “I don't want to learn programming, yet I still want to create something kinda working and I don't care about the fact that my site with be pwned in hurry” work.
People bash PHP all the time, and I'm really not a fan of it, but when I get right down to it... it's hard to point to any of the alternatives and say 'this is better'.
There are tons of better alternatives if your goal is to create something robust. C#, Java, Perl, Python, Ruby, etc. Sure, they don't try to “help” you thus you actually need to think when you use them, but this is the only way to create working programs anyway.
If you ignore that so many of the people that give PHP advice give absolutely awful advice (such as encouraging the use of the old mysql(i)_* functions, which make SQL injection child's play, instead of PDO)
Why these are awful? Don't cry for your hair… when they've chopped your head off. If you are using PHP then your goal is by definition to create something “kinda working… if not stressed” and mysqli functions are easier to use.
The best example of PHP's brain-dead interface (for the sake of simplicity, heh) is not even MySQL. It's pcre. Observe how pcre_compile is missing - for the sake of simplicity, of course. Well, for short strings pcre_compile takes 100 times more resources then pcre_exec so PHP just forced you to waste 99% of resources for the sake of “simplicity”. Congratulations!
Of course if you'll define a typical PHP programmer as someone who can not learn to correctly use couple of functions then there are no alternative to PHP - but is it even possible to create such alternative? Why will you want it?
Posted Mar 3, 2012 19:48 UTC (Sat) by judas_iscariote (subscriber, #47386)
Posted Mar 2, 2012 13:41 UTC (Fri) by osma (subscriber, #6912)
That's a very good question. If the job is to add a little bit of server processing to otherwise static HTML pages (which I think is the original PHP use case that then got a bit out of hand), then there's not much competition. I guess nobody does SSI any more and it's very limited in any case. There's PSP in mod_python, but I doubt it is used much either.
Using all the other languages tends to require more infrastructure. Often you need to run another HTTP server process besides Apache. With PHP, you can just install mod_php and immediately add bits of code into your HTML files. That's not a good idea if you need to do big applications, but it's a very easy way to at least get started with server-side programming (plus with HTML5 you can do a lot on the client side nowadays, so often you just need a little bit of server-side logic). It's also quite easy for ISPs to support running small PHP scripts so it tends to be available in a lot of environments.
Posted Mar 2, 2012 16:53 UTC (Fri) by jmalcolm (guest, #8876)
I am not here to bash PHP although it might come off a bit like that. I have two answers depending on context:
1) If we mean, "better" at creating "professional" server-side web applications
Depending on your definition of "professional", the answer would be pretty much any other language commonly used on the web. This would include Ruby, Python, Java, C# and others. I think that the reason most people deride PHP is because it's natural style and internal inconsistency does not meet their definition of "professional".
2) If we mean, "better" at cranking out dynamic web pages with a minimum of theory, infrastructure, ceremony, and magic then PHP stands almost alone (which is probably your point). It is worth pointing out though that the primary reason for this is because almost everybody else has abandoned the inline script style of web development. For example, both ASP (Microsoft) and JSP (Sun) are years behind us but both were very PHP-like.
If I remember correctly, Microsoft Web Pages (their Web Matrix intro environment) is a lot like PHP but without so many of it's warts. Also, you can at least mature in that environment to a full ASP.NET MVC paradigm with reasonable continuity. You can do it on Mono as well if you want Open Source. That statement might cause a flame war so I will just point out that Microsoft themselves use Mono in a few places (including tryfsharp.org and some apps/games in the iPhone App Store as examples).
Of course, the PHP community is quite diverse and there are, for example, MVC frameworks available for PHP. At that point though, the uniqueness of PHP goes away. Other than already knowing PHP, I am not sure I see the advantages of a PHP MVC framework over choosing something else.
Posted Mar 2, 2012 17:24 UTC (Fri) by rfunk (subscriber, #4054)
It's easy to find languages that are better at any other attribute you could name, but those two or three are the reasons PHP is still used, even by those who dislike it.
Posted Mar 2, 2012 17:44 UTC (Fri) by niner (subscriber, #26151)
Posted Mar 2, 2012 18:08 UTC (Fri) by jmalcolm (guest, #8876)
If you pick a host at random, I expect that they will support ASP.NET at the same price points as PHP.
"Finding someone who knows it" is an interesting one. Skills in other languages are not exactly rare but I imagine that it is probably true that there are more people exposed to PHP. If we change the task to finding somebody "who knows what they are doing", it could be argued that it is no easier to find this in PHP-land than elsewhere. In fact, the task may even be easier for other languages.
Deployment is also interesting; I could say a lot about it but I will give you that one. Well, I will say that if you find a dev "that knows what they are doing" it pretty much becomes a non-issue. One of the things that many people (that I have known) really love about PHP is the ability to edit in-place in production. That is of course really nice and completely horrifying at the same time.
PHP obviously fills a need as it keeps on going strong. One might expect a competitor to emerge that addresses PHPs warts while offering it's attractive characteristics. I think that your three issues ("broad exposure, ubiquitous hosting, and no-fuss deployment) are big factors. If I create a "better PHP than PHP" I will not attract many Node.js, Rails, or ASP.NET developers. Sadly, the lack of millions of tutorials and hosts for my "better" platform will keep the would-be PHP devs away too.
PHP keeps evolving though. With the addition of traits it has something many languages lack (including C#). The need to stay compatible holds the language back but someday (far from now) there may be a subset of PHP which is nice. Keep your eyes peeled for the book "PHP: The Good Parts".
Posted Mar 3, 2012 0:23 UTC (Sat) by rfunk (subscriber, #4054)
Part of hosting is in the corporate world, where things are slow to change. One major client I work with gives the option of Java or PHP for hosting -- and until recently that was only PHP 5.2.
And that leads into the deployment issue, where PHP is really the only major platform where an Apache module is a viable option. (Yes, mod_perl and mod_python exist; the former is painful in my experience, and I never hear about anyone using the latter. Then again I've never been a Python guy, and I find most Perl work painful anymore.) Everything else either uses CGI (slow), or uses a separate application server architecture, with inherent complexity. With that sort of architecture, having someone who knows what they're doing is necessary, but that doesn't make all the pain go away.
I'll be interested to see if Node.js, or something like it, ends up going more toward the PHP-ish route, or more toward the Ruby/Rails-ish route. (Ruby and Rails are already more on the Java path.)
I definitely like the "Good Parts" idea for PHP... except that the book already exists.
Posted Mar 3, 2012 7:47 UTC (Sat) by Cato (subscriber, #7643)
I believe Ruby and Python are often deployed in the same way.
Posted Mar 3, 2012 14:50 UTC (Sat) by rfunk (subscriber, #4054)
I can't speak for Python, but the Ruby world abandoned fastcgi years ago because of its many problems, in favor of Java-style middleware layers.
Posted Mar 3, 2012 15:28 UTC (Sat) by Cato (subscriber, #7643)
suPHP is similar to suexec and often used with CGI but that doesn't change my point that mod_php is not used on shared hosting (or at least responsible shared hosting).
On Python and Ruby, I just meant the principle of having a persistent interpreter process running outside the web server, not FastCGI specifically.
Posted Mar 3, 2012 15:47 UTC (Sat) by rfunk (subscriber, #4054)
I see a big difference between fastcgi and using an application server, possibly because I remember the pain of using fastcgi with Ruby, and the major differences when I set up an application server instead.
Posted Mar 5, 2012 8:39 UTC (Mon) by colo (subscriber, #45564)
Posted Mar 5, 2012 8:50 UTC (Mon) by anselm (subscriber, #2796)
Privilege separation isn't the only advantage of setups like FastCGI or WSGI that keep the language interpreter separate from the web server. Another advantage is that you get to proxy only those requests to the language interpreter that actually need it, while requests for, say, small static image files don't occupy expensive language-interpreter-containing Apache processes. This is probably the #1 thing you can do to speed up dynamic web sites.
There are of course other ways of achieving this – e.g., by putting a more lightweight web server in front of your Apache/mod_php to serve any static content and have that server proxy only the PHP stuff to the actual Apache, or by serving static content from a different server altogether –, but mpm-itk isn't one of them.
Posted Mar 3, 2012 16:47 UTC (Sat) by jmalcolm (guest, #8876)
Is it worth a read? I do not do much PHP but I am curious what that book would have to say.
Posted Mar 5, 2012 8:04 UTC (Mon) by cmccabe (guest, #60281)
Unfortunately, all the pages in the book are blank, for obvious reasons.
Ok, ok, sorry. I couldn't resist.
PHP: The Good Parts
Posted Mar 5, 2012 21:30 UTC (Mon) by rfunk (subscriber, #4054)
Posted Mar 3, 2012 20:28 UTC (Sat) by jmalcolm (guest, #8876)
> PHP is really the only major platform where an Apache module is a viable option
I think that mod_mono makes ASP.NET quite viable on Apache. So, I guess that would be one reason. Technically, mod_mono invokes mod-mono-server so I guess it means what you mean by "application server". As far as complexity goes, it is just a couple of lines in your httpd.conf (or a .conf that httpd.conf refers to).
I need to get off the Mono advocacy stage though. This is a PHP thread.
Posted Mar 2, 2012 21:40 UTC (Fri) by Kit (guest, #55925)
This is exactly what I was getting it. PHP is nice because you can just sprinkle a little bit on some raw (already existing!) HTML and then have some server-side magic on your website. I'm not talking about creating a web _app_, which seems to be the only thing anyone else considers a legitimate use case anymore.
I also see value in allowing non-developers to be able to do server-side processing on websites, without having to spend an inordinate amount of time learning largely superfluous concepts for their actual needs. PHP has never seemed amazing in that regard, due to some simple ways to shoot yourself in the foot (Remote File Inclusion being the biggest IMO)... but, it seems that there's no other language that even tries. It seems everything else targets either very low, or very high, with nothing much really even coming close to that middle ground.
Posted Mar 8, 2012 22:19 UTC (Thu) by HelloWorld (guest, #56129)
Posted Mar 2, 2012 19:36 UTC (Fri) by HelloWorld (guest, #56129)
Posted Mar 2, 2012 21:49 UTC (Fri) by Kit (guest, #55925)
Posted Mar 2, 2012 22:22 UTC (Fri) by khim (subscriber, #9252)
It was discussed many times. PHP is completely build around violation of Rule of Repair - that's what makes it “suitable for non-developers” and that some thing also means it's turing tarpit.
It's much easier to create half-working prototype in PHP, but to create production-quality code you need not only fight the task at hand but you need to somehow curb this insane tendency to “help you”… by adding security holes to perfectly valid algorithm.
Think about it: how many things may fail if the result of sort() is not, in fact, sorted? Regular expressions are pretty fundamental - yet PHP screws them, too. And so on.
Posted Mar 3, 2012 0:03 UTC (Sat) by rfunk (subscriber, #4054)
- Rule of Repair violation. The only place I really see this is in the fact that it's a loosely-typed (and dynamically-typed) language with implicit conversion. While these attributes certainly annoy programmers used to a different type of language, there's nothing inherently wrong with them.
- Turing tarpit. Not even close; in fact it's more of a kitchen-sink language, with everything thrown in with little regard to consistency.
- "help you by adding security holes". Very true, but most of this can be avoided with proper php.ini configuration (though the existence of such a thing is itself a big problem) combined with a "good parts" approach to the language. This is where a novice really causes havoc with PHP, and why I cringe at its common "non-programmer" uses.
- Regular expressions. OK, so they don't perform as well as they could. So what? If you want performance you're looking in the wrong place anyway, and if you're coming from Perl and want a little more speed you just need to use regexes a little less.
Posted Mar 3, 2012 1:00 UTC (Sat) by elanthis (guest, #6227)
1) Identifiers magically turn into strings, mostly I believe because function handlers have just been strings until relatively recently.
echo FOO; // prints FOO
2) Magic quotes. Yes, they're finally gone, but the fact that some dork put them in there in the first place proves that said dork had no business designing, implementing, distributing, and promoting a language.
Posted Mar 3, 2012 14:56 UTC (Sat) by rfunk (subscriber, #4054)
I loosely put magic quotes in the "help you by adding security holes" category. I'm glad they're finally gone, but I agree that their existence says nothing good about the language designer, or at least the language's aspirations beyond "Personal Home Pages".
Posted Mar 3, 2012 2:42 UTC (Sat) by HelloWorld (guest, #56129)
But please, answer me one question: what is PHP actually better at than the alternatives I've pointed out? Because I can't think of anything.
Posted Mar 3, 2012 11:19 UTC (Sat) by ggiunta (guest, #30983)
1. It's easy
2. It's powerful
3. It's fast enough for most tasks
Developers moaned about language inconsistencies since about forever, but the fact is that this is not a big problem as some think it is.
Q: Is it find(haystack, needle), or find(needle, haystack)? A: I do not care. I can not remember syntax of all functions in the language anyway, not to mention frameworks, but the online documentation for that function is one click away. And if I'm using an IDE, I get a tooltip to tell me.
I can pick up most php libraries / frameworks out there, plug them in my app, and if I find a problem debug it and patch it in half an hour. This might be true for other languages, but definitely not Java or Perl.
Loose typing is actually a good choice 99% of the time when writing an app. When writing a framework/library it's probably the opposite. But how many developers are writing apps compared to frameworks?
Think about the function validatePassword(string $p1, string $p2) versus validatePassword($username, $password)
. Which one is typesafe? Which one is gonna be abused by the caller?
Heck, even the choice not to have private/protected/public members in classes (for php4) really makes sense in the context of an application. How many times are you going to subclass a class which is specific to the business-logic problem at hand? If you're not going to subclass, all the time you spend thinking about this particular aspect is wasted.
Making the language clean up for yourself at the end of every web page means that things like global variables, generally despised in other languages, are not a bad practice anymore. Purists yell when they see it, but it's only because they have not yet understood the scoping implication of the one-page-one-scrip approach.
Want to hack a bit of script in an html page? super fast.
Want to code purely oop? can be done.
Like lambdas and closure? Can be done too (ok, not the best implementation out there, but still...)
I like my hashes to be as simple as arrays. I rarely mix them up - depending on context (or the value of the variable at hand) I can figure out which one of the two is in use. So my array construct is slower than in any other known language. Thing is, for making websites the page speed is nowadays wasted mostly 1-in frontend rendering of all the js and css, and 2-in the db query or nosql fetch. Array manipulation is gonna be 0.1% of it.
Posted Mar 4, 2012 1:57 UTC (Sun) by tialaramex (subscriber, #21167)
PHP encourages spaghetti, encourages bad practices like using string concatenation instead of parameter binding, even encourages the "copy paste" approach to code-reuse. And so on through a litany of maintenance-hostile behaviours.
It has taken long painful years to beat the worst security mis-features out of PHP. It may be decades before the knock-on effects reach the many PHP "applications" (if piles of accumulated PHP may be so-called) that have grown up while such mis-features existed.
Posted Mar 4, 2012 12:59 UTC (Sun) by DG (subscriber, #16978)
I'm not sure why you think PHP encourages copy+paste coding more than any other language. If it does, it's probably because of it's low barrier to entry which results in some less skilled/proficient people writing it.
Posted Mar 4, 2012 15:41 UTC (Sun) by anselm (subscriber, #2796)
PHP is maintainable - if you set about it in the right way using good software engineering practices - code style guidelines, unit tests, reviews, CI etc.
Anything is maintainable if you're investing enough care and effort. People are maintaining large assembly language programs, after all. The real question is whether maintaining something in PHP or assembly language is worth the trouble when there are lots of other approaches that let you achieve the same level of maintainability with less effort (while probably also improving all sorts of other quality metrics to boot). In the case of assembly language, most people have figured out for themselves what they prefer, which is why there are much fewer large assembly language programs around than there used to be.
Having said that, PHP is great. It is the best thing since the invention of sliced bread. Everybody should be using PHP all the time. It would make us Django people look so much more competent and efficient by comparison.
Posted Mar 4, 2012 17:45 UTC (Sun) by man_ls (subscriber, #15091)
Posted Mar 4, 2012 16:26 UTC (Sun) by HelloWorld (guest, #56129)
About 2: embedding Python (or Ruby or Perl) is trivial using modules such as Spyce. And of course, Python has had lambdas, closures and proper OOP for way longer than PHP.
About 3: there's no sensible reason for mixing up arrays with dictionaries, they're simply different things. That doesn't imply that one is harder to use than the other (as can be seen in Python).
So sorry, but I don't buy those arguments. IMO, PHP does nothing better than the alternatives I've listed, and you haven't proven otherwise.
Posted Mar 5, 2012 9:07 UTC (Mon) by ggiunta (guest, #30983)
But to each its own, I guess
Posted Mar 5, 2012 12:40 UTC (Mon) by HelloWorld (guest, #56129)
Posted Mar 8, 2012 18:01 UTC (Thu) by sorpigal (subscriber, #36106)
So what language is actually better suited for the job that PHP is used for all the time
Perl is better.
But Perl by itself is an incomplete solution. Almost all competing 'better' languages are incomplete solutions compared to PHP. Today I would advocate Mojolicious::Lite as a Perl-based simple PHP alternative.
It allows the 'developer' to write in one file the template and the code and it makes viewing the result in a web browser equally trivial.
# aptitude install libmojolicious-perl
$ mojo generate lite_app HelloWorld
$ ./HelloWorld daemon -l http://*:8080 & firefox http://127.0.0.1:8080/welcome & gedit HelloWorld
And I'm viewing and editing my one-page quick and dirty web site. Initially it's slightly more trouble than PHP for vastly superior results, making it very nearly as good for the ignorant beginner.
Posted Mar 9, 2012 1:25 UTC (Fri) by Cyberax (✭ supporter ✭, #52523)
apt-get install python-django
django-admin.py startproject mysite
python manage.py runserver
Posted Mar 9, 2012 22:56 UTC (Fri) by sorpigal (subscriber, #36106)
Posted Mar 12, 2012 21:54 UTC (Mon) by dmarti (subscriber, #11625)
Posted Mar 2, 2012 17:58 UTC (Fri) by tjc (subscriber, #137)
the two big php bugs are still open:
1. it exists
2. people use it
0 2 4 6 8 10
Posted Mar 2, 2012 22:46 UTC (Fri) by Cyberax (✭ supporter ✭, #52523)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds