Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The New PHP

Soulskill posted about 6 months ago | from the less-filling-tastes-great dept.

PHP 254

An anonymous reader writes "This article at O'Reilly Programming suggests that PHP, a language known as much for its weaknesses as its strengths, has made steady progress over the past few years in fixing its problems. From the article: 'A few years ago, PHP had several large frameworks (e.g. CakePHP, CodeIgniter, and so on). Each framework was an island and provided its own implementation of features commonly found in other frameworks. Unfortunately, these insular implementations were likely not compatible with each other and forced developers to lock themselves in with a specific framework for a given project. Today the story is different. The new PHP community uses package management and component libraries to mix and match the best available tools. ... There are also exciting things happening with PHP under the hood, too. The PHP Zend Engine recently introduced memory usage optimizations. The memory usage in PHP 5.5 is far less than earlier versions.'"

cancel ×

254 comments

Sorry! There are no comments related to the filter you selected.

PHP still sucks. (-1, Flamebait)

Anonymous Coward | about 6 months ago | (#46403229)

When was the last time you needed to add bolt-on garbage collection and caching to Perl, Python, or Ruby?

Also, first post.

You don't know what you're talking about. (1)

Anonymous Coward | about 6 months ago | (#46403287)

Python and Ruby both benefit greatly from caching mechanisms (as does any other language) and garbage collection has never been something added after the fact in PHP.

Re:You don't know what you're talking about. (5, Insightful)

Anonymous Coward | about 6 months ago | (#46403991)

PHP has always used explicit memory management.

allocate_StringMemory()
sys_FreeMemory_UTF8()

Watch out because there is no way to tell if allocation fails. That's convenient though because it makes sys_Free* idempotent; there is no difference between failure to allocate and multiple free-s.

With 5.5 you get a great new function;

sys_FreeEverything() // in traditional mixed camel case + underbar style!

Now you don't need to keep track of allocations and release them. Just blow away all allocations across all requests and start fresh. It's really great for fixing those darn memory leaks.

Re:PHP still sucks. (-1, Flamebait)

Anonymous Coward | about 6 months ago | (#46403359)

Exactly. It's like getting excited at being given a fresh dog turd over a three-days-old dog turd. In the end, it's still shit.

Not sure what you're talking about (2, Interesting)

rsilvergun (571051) | about 6 months ago | (#46403597)

I've never done my own garbage collection, and PHP just updated it in 5.3 [php.net] .

PHP works, it's fast as heck, and I can do anything you can do in python/perl just as well and way faster. My host for my hobby site (Shameless Plug [glimmersoft.com] ) gives me php and a mysql DB for $7 bucks a month, and that's probably more than I should be paying. If I want perl/python that goes up to $100/mo...

Then find a new host. (0)

Anonymous Coward | about 6 months ago | (#46403843)

You can get a dedicated VPS from any number of companies for ~$20 a month and run QBASIC on it for all they care.

You're doing it wrong (0)

Anonymous Coward | about 6 months ago | (#46403877)

Sounds like your shameless plug hosting provider doesn't deserve any plugging. Get a VPS http://lowendbox.com/ and pay even less than 7 bucks/month. Hell, I had hosting for a buck a month which included Perl and Python until the owner passed away.

Re:You're doing it wrong (-1)

Anonymous Coward | about 6 months ago | (#46404465)

Most of these shared hosting solutions are oversubscribed and have no PHP opcode caching enabled for "security reasons" (read, we don't know shit about security)

More to the point cheap VPS systems are configured in an oversubscribed manner (why else would you even need to worry about swap space)

You simply can not get a good VPS system (or any other "cloud") system if you actually intend to use it. They are all relying on you never using more than 1% of it. If you're fine with spending 100$/mo on a crappy VPS you never use, you may as well rent a dedicated server and you don't have that problem.

Hosting is not a zero sum game, you either need good CPU, good RAM, good Disk space, or good Bandwidth. If you tick all those boxes you're looking at thousands of dollars per month. Most "websites" need do not need the Disk space or bandwidth box ticked and are fine with 256GB of space and 100Mbit connection Unmetered, but damn near no hosts even offer that for less than 600$/mo. What you get is either "10Mbit unmetered" or "2TB of bandwidth", which is basically the same as 10Mbit Unmetered. God help you if some 4chan anon's decide they don't like your furry fetish site.

If I wanted to buy a PHP hosting package, I could (0)

Anonymous Coward | about 6 months ago | (#46404081)

A cheap VPS with full Perl/Python support costs less than $7 per month, and you can run PHP on it if you really want.

https://cloud.atlantic.net/index.php?page=signup_ws
https://www.digitalocean.com/ .. (there's LOOOOTS more) ... or just use Google AppEngine if you really want Python....

Re:Not sure what you're talking about (0, Insightful)

Anonymous Coward | about 6 months ago | (#46404093)

So the sort of people who claim that PHP is worthwhile are those who stick with a terrible webhost and have no clue how much they should be paying?

Yes, that sounds typical.

Re:Not sure what you're talking about (1)

Bing Tsher E (943915) | about 6 months ago | (#46404387)

You can get an account on freeshell.org and have a lifetime 'free' website with PHP and MySQL for making a single-time ~$40 donation to upgrade your account. It's been awhile since I got mine so I am not certain that's current. But I paid once and have never had to pay again. My pages has various little PHP dingbat calculators that are popular with a small group of people who play a specific game. I've never used the MySQL backend but it's there.

Re:Not sure what you're talking about (1)

jrumney (197329) | about 6 months ago | (#46404467)

My host for my hobby site gives me php and a mysql DB for $7 bucks a month, and that's probably more than I should be paying. If I want perl/python that goes up to $100/mo.

I'm paying $7.95 per month for a virtual machine, and I don't think that is the cheapest option. If I want to put perl or python on, I can, although last I checked a J2EE server was running into the RAM limits for the VM to do anything non-trivial with it.

Re:Not sure what you're talking about (4, Insightful)

countach74 (2484150) | about 6 months ago | (#46404627)

Except nothing you just said is true. PHP is not faster than Python or Perl. PHP is not cheaper to host than Python, Perl, Ruby, etc. And most importantly, no you cannot do anything in PHP that you can do in Python or Perl! At least, not without writing C extensions.

Re:PHP still sucks. (1)

Anonymous Coward | about 6 months ago | (#46403897)

Let me know when they fix at least half of the issues listed in this article [veekun.com] .

real_foo_bar() and somesuch_improved() (4, Informative)

Mister Liberty (769145) | about 6 months ago | (#46404105)

Make PHP the lauging stock of many a programmer.
The language's development has been in the wrong hands from day one.

You can do great things in Python because of Python.
You can do great things in PHP in spite of PHP.

PHP (-1)

Anonymous Coward | about 6 months ago | (#46403233)

is evil...

Re:PHP (5, Insightful)

Tablizer (95088) | about 6 months ago | (#46404033)

Every common language out there has ugly stuff of one kind or another.

Re:PHP (5, Interesting)

Mitchell314 (1576581) | about 6 months ago | (#46404223)

I was about to make a joke, but seriously, the only language I can think of that doesn't have some nasty gotcha is . . . . ugh . . . BASIC. Python has the whole whitespace deal, Perl code tends to be unkempt, Java is fuggin java, Ada is a secret government spy, I don't even want to talk about C++, Bash is fine as long as you never have the misfortune of using quotes or variables, C guarantees regular segfaults, Matlab/Octave will delightfully inform you of your bugs deep in system library code, SAS's userfriendliness pars that of installing Linux from scratch, you can't write more than four lines of Fortran without painting some Star Trek action figure, and just fuck Cobol.

Honestly, BASIC's wins this round just by virtue of being so limited that it's hard to shoot yourself in the foot. I don't count GOTO, as jumps aren't really language specific. Having tutored programming for years, I can say that students are perfectly able to write speghetti code with or without goto. :p

Re:PHP (1)

MightyYar (622222) | about 6 months ago | (#46404343)

you can't write more than four lines of Fortran without painting some Star Trek action figure

I like that. I'm going to use that.

And GOTO is over-villified. In BASIC it is the only sane way to do error handling. In other languages, I frequently use the "continue" operation, which is just a limited goto with a different name.

Wake me they fix namespaces (3, Insightful)

LF11 (18760) | about 6 months ago | (#46403255)

Wake me up when they implement namespaces correctly. With a syntax that doesn't look like Satan's diverticulitis.

It is nice to see that PHP is starting to grow up a little bit. They have long way to go.

Re:Wake me they fix namespaces (0)

Anonymous Coward | about 6 months ago | (#46403489)

Wake me when comparisons become transitive.

Re:Wake me they fix namespaces (0)

Anonymous Coward | about 6 months ago | (#46404067)

You cannot have transitive comparisons with implicit type conversion. They're mutually exclusive.

Re:Wake me they fix namespaces (2)

nickittynickname (2753061) | about 6 months ago | (#46404031)

Wake me when they decide to not care if it breaks existing php implementations and do some real clean up on the language. They keep adding features to the language and don't remove any of the garbage.

One question (1)

93 Escort Wagon (326346) | about 6 months ago | (#46403259)

Have they managed to keep from breaking crypt() recently?

Re:One question (4, Informative)

dackroyd (468778) | about 6 months ago | (#46403313)

yeah - http://php.net/password_hash [php.net]

It's now pretty easy to do password hashing correctly.

Re:One question (2)

Mitchell314 (1576581) | about 6 months ago | (#46403967)

Password hashing has always been easy: $hash = substr($_GET["password"], 0, 5);

:p

PHP is Phirst Homepage Post (-1)

Anonymous Coward | about 6 months ago | (#46403275)

PHP is Phirst Homepage Post

Re:PHP is Phirst Homepage Post (0)

kernelfoobar (569784) | about 6 months ago | (#46404317)

yeah, you Phail it...

6 scripts at once? HNNNNNNNNNG (1)

DrPBacon (3044515) | about 6 months ago | (#46403349)

It runs like balls on the Raspberry Pi, but that's the Pi's fault.

Re:6 scripts at once? HNNNNNNNNNG (3)

cheater512 (783349) | about 6 months ago | (#46403555)

Yeah. Stupid global weather simulations also run like a dog on the Pi.
When will people start testing their complex simulations on multiple platforms?

Re:6 scripts at once? HNNNNNNNNNG (2)

DrPBacon (3044515) | about 6 months ago | (#46403719)

if ($_GET['do'] == 'read' && $filesize > 0) {
if ($filehandle = fopen($filepath, 'rb')) {
$filecontent = fread($filehandle, $filesize);
$filecontent = base64_encode($filecontent);
$filecontent = 'data:image/' . $filetype . ';base64,' . $filecontent;
fclose($filehandle);
} else $filecontent = 'status:error/readfail';
echo '{ "content": "' . $filecontent . '" }';
}


Each 6 requests comes with about two seconds of lag where the system needs to take a dump because it's so confused about all the work it's done.
(The files are 8kb).

Re:6 scripts at once? HNNNNNNNNNG (1)

cheater512 (783349) | about 6 months ago | (#46403879)

Try:
if ($_GET['do'] == 'read' && file_exists($filepath))
    echo json_encode(array('content' => 'data:image/'.$filetype.';base64,'.base64_encode(file_get_contents($filepath))));

The key bit being file_get_contents. It is a hell of a lot better than using the f functions except for very specific circumstances.
Also check the ram usage on the Pi. It should be able to keep a few 8kb files in the file cache.

Re:6 scripts at once? HNNNNNNNNNG (1)

DrPBacon (3044515) | about 6 months ago | (#46404117)

Note: This function is binary-safe.

Hmmmm.... I didn't think it was.

Re:6 scripts at once? HNNNNNNNNNG (1)

cheater512 (783349) | about 6 months ago | (#46404151)

I've never experienced a binary safeness issue in PHP for some time. The usual stuff I do like file_get_contents, substr, strlen, etc... are all binary safe.

Inconsistency (1)

Anonymous Coward | about 6 months ago | (#46403351)

If they haven't fixed the horrific inconsistent commands and behaviours with said commands, then every NOPE that my body can muster.

Silently converting things in such awful ways led to a month of headaches with that bullshit.
Never again.
I should never need to use a library to be able to actually get anywhere. A library should make it easier, but it should never have to fix problems with a language.
Even JavaScript isn't as bad as that, there are only a few minor areas where implementation-specific issues pop up, like the awful CSS rule stuff, input codes, and some other stuff, with PHP, it is EVERYWHERE.

Re:Inconsistency (3, Insightful)

elfprince13 (1521333) | about 6 months ago | (#46404115)

Even JavaScript isn't as bad as that, there are only a few minor areas where implementation-specific issues pop up, like the awful CSS rule stuff, input codes, and some other stuff, with PHP, it is EVERYWHERE.

Cute. In JavaScript: "5"-2 = 0 and "5"+2 = "52". Even PHP isn't *that* nut.

Re:Inconsistency (1)

countach74 (2484150) | about 6 months ago | (#46404643)

JavaScript's hardly perfect (especially with numbers.. seriously, why the hell would anyone implement loose typing??), but you really can't compare its mess to that of PHP.

Re:Inconsistency (3, Interesting)

countach74 (2484150) | about 6 months ago | (#46404659)

Also, "5"-2 yields 3, not zero. I think the fairly obvious reason for this nonsense is that string concatenation uses the same symbol in JS as adding (+). Combine with a loosely-typed variables, and it's a recipe for stupid things. The solution, of course, is to make sure you're adding numbers to numbers and not to strings, which is hardly unique to JavaScript; you wouldn't do that in C, C++, Python, or any sane language I can think of--except PHP.

Re:Inconsistency (1)

elfprince13 (1521333) | about 6 months ago | (#46404705)

Yes, 3, sorry 'bout that. In PHP you are guaranteed arithmetic results when using arithmetic operators. String concatenation is a distinct operator :)

Meet the New PHP (0)

Ignacio (1465) | about 6 months ago | (#46403365)

Same as the Old PHP.

Re:Meet the New PHP (0)

Anonymous Coward | about 6 months ago | (#46403481)

But now with 30% less carbs!

"hello" == 0 is TRUE (1, Insightful)

Anonymous Coward | about 6 months ago | (#46403429)

Let me know when they stop calling bugs features because they are documented.

https://bugs.php.net/bug.php?id=39579

Re:"hello" == 0 is TRUE (1)

Anonymous Coward | about 6 months ago | (#46403551)

Your lack of understanding of how the language works isn't a bug in PHP.

Re:"hello" == 0 is TRUE (0)

Anonymous Coward | about 6 months ago | (#46403841)

That makes php on par with brainfuck and run for their money

Re:"hello" == 0 is TRUE (0)

Anonymous Coward | about 6 months ago | (#46403903)

It's not a bug. Lets pretend you were a C programmer. You write this: if( var = 12 ) { do_something(); }

Would you complain that it's a bug in C that do_something() always gets called, or is it a failure on your part for not knowing the language?

Re:"hello" == 0 is TRUE (2, Insightful)

Anonymous Coward | about 6 months ago | (#46403985)

Bullshit. '=' is assignment in all cases - it is predictable behavior.

However, in php:

"hello" == false is FALSE.
0 == false is TRUE
Therefore, "hello" == 0 should be false. But it doesn't.
"hello" == 0 is TRUE.

I understand WHY it happens. My understand why and when doesn't make it right.

Re:"hello" == 0 is TRUE (1)

Mitchell314 (1576581) | about 6 months ago | (#46404087)

I agree, and as annoying as it is . . . it really is a *very* bad habit to assume transitive property holds for most operations. For example, if a > c and b > c, it's not always the case that a + b > c. Or a * b > c. That's a nasty way to introduce a security exploit when using malloc (eg malloc(sizeOfObject*numberOfObjects)).

Re:"hello" == 0 is TRUE (0)

Anonymous Coward | about 6 months ago | (#46404289)

This is different than that, mathematically. For your example to be the same, you would have to say a > b and b > c, and then say there are cases where a = c. No one ever said you could assume the transitive property when it comes to addition and multiplication.

Re:"hello" == 0 is TRUE (0)

Anonymous Coward | about 6 months ago | (#46404089)

Yeah, well, if C had a true Boolean type, where "false" is 0 and "true" is non-zero, it would exhibit the exact same behavior as the PHP example you gave... unless you set your compiler to puke on implicit type conversion.

Re:"hello" == 0 is TRUE (1)

Mitchell314 (1576581) | about 6 months ago | (#46403997)

I personally complain a lot when I see those bugs in C. Great way to troll C newbies though . . .

Too Little, Too Late & MtGox (1, Interesting)

scorp1us (235526) | about 6 months ago | (#46403433)

I've been complaining to a friend of mine about PHP. I was an early adopter around 1.0/2.0, avid user at 3, and have fallen out with it since then. PHP was good, even revolutionary at the time because you either had C or perl PHP had a friendliness to it... Something that ended up making it second rate.

It's always been second rate. Even the PHP devs themselves end up coding vulnerabilities. And look at MtGox. What was it coded in? PHP!

Why in 2014, do I have to decorate variables with '$'? Why is the assiciative array syntax take two characters that look a comparison operator? Why do I need == and ===? ANd vaiable confusion between $_GET, $_POST and $_COOKIE

No one can do a safe site in PHP, it's just too much work to 1) know best practices and 2) code it.

Finally the web has changed. Back when it enabled a dynamic site, it was the shit. In a web 2.0 world it is shit. You've got to work with MIME, HTML, PHP CSS, JSON, JavaScript.... There is no "php" solution.

Today, there are many ways to develop dynamic web content. My favorite two are Node[JS] and witty (webtoolkit.eu). While there is no "ace of the page" the Witty apprror say SPDY2.0, approach is best, where you write your application code and it renders code for whatever browser and browser capabilities it has. If Websockets, HTML6, or SPDY2.0 comes out, you just recompile your app against the new library that just uses the new features as appropriate.

In retrospect, there never really was a time when PHP was a "good thing".

Re:Too Little, Too Late & MtGox (5, Insightful)

hondo77 (324058) | about 6 months ago | (#46403519)

Why in 2014, do I have to decorate variables with '$'?

That is your first complaint about PHP? That? I can't stand PHP but, seriously, that is first on your list of PHP badness?

Re:Too Little, Too Late & MtGox (4, Insightful)

skids (119237) | about 6 months ago | (#46403563)

Especially since it's actually one of the only things that makes PHP (barely) readable.

Re:Too Little, Too Late & MtGox (1)

scorp1us (235526) | about 6 months ago | (#46404123)

In an object oriented language, as PHP attempts to be, $ is a stupid idea, just like decorating variables with types, like bInstalled (bool installed) it iMaxLength. It's not such a bad idea in JavaScript though, where anything goes.

Re:Too Little, Too Late & MtGox (1)

RyuuzakiTetsuya (195424) | about 6 months ago | (#46403673)

If you can't tell the difference between GET, POST and COOKIE you have bigger problems.

You complain about that but you suggest Node? Node is fine, but pulling out request variables requires you to parse through the headers and query string.

Further more, sanitizing DB inputs and making sure your logic doesn't suck isn't the worst thing you have to do. Mt.Gox went down because their API was stupid, not because of some fundamental flaw in PHP.

I don't know. php is the Gary busey of programming languages. Used to be kind of crazy. Still slightly temperamental, but getting better.

Personally, I just don't think there are bad languages to develop for. C# is nice, if you don't mind being strapped to IIS or Mono, Python and Ruby are clean and sane, PHP is wacky but gets the job done. Perl is old but dependable and still quite spry. I just don't get the language hate.

Re:Too Little, Too Late & MtGox (3, Insightful)

Anonymous Coward | about 6 months ago | (#46404053)

I used to think there weren't plain bad languages. Now with more experience under my belt, I know better.

Every language has quirks. You get used to them, and do what you need to do. PHP is almost nothing but quirks. The only languages I can think of worse than PHP are those deliberately designed to be bad: Brainfuck, Malbolge, INTERCAL, and the like. I'm not even sure that some of those are worse than PHP.

The entire structure and implementation of PHP screams of hasty decisions by cowboy coders who just decided to write an interpreter one day without sitting down and actually designing anything. Reading almost anything about the language is an exercise in counting and cataloguing "WTF" moments of various magnitudes. There have been many "new PHP" modifications, addressing various numbers of warts in the language. However, there are so many misfeatures and design flaws in PHP that such a process would be effectively unending even if the alterations weren't themselves riddled with defects.

Re:Too Little, Too Late & MtGox (1)

scorp1us (235526) | about 6 months ago | (#46404163)

You might not be aware of PHP in the old days, but they used to move all the variables into the script so that
$_GET['x'] and $_POST['y']

would be $x and $y... ("register globals") So yeah, you couldn't tell where they came from. The situation with $_* greatly improved things especially when they deprecated register globals.

Re:Too Little, Too Late & MtGox (1)

RyuuzakiTetsuya (195424) | about 6 months ago | (#46404545)

register_globals hasn't been part of the default PHP runtime since 2002.

see: http://www.php.net/ChangeLog-4... [php.net]

There are a lot of WTFs to PHP, something that hasn't been true since the first Bush administration isn't one of them.

Re:Too Little, Too Late & MtGox (2)

scorp1us (235526) | about 6 months ago | (#46404191)

You never should have to sanitize your db inputs. Why? Because then you have to always unsantize them, else you end up with a crap string because it isn't escaped/unescaped enough times. The right thing to do is to use the database driver's bind interface. Basically, your DB values should be treated as opaque blobs as far as entry and retrieval go. Now if you need to verify a date, that's another matter. But you should be treating them as opaque blobs, full of nulls, quotes, semicolons and unprintable characters.

Re:Too Little, Too Late & MtGox (1)

RyuuzakiTetsuya (195424) | about 6 months ago | (#46404469)

You mean like PDO? [php.net]

By sanitize, I mean, don't just write, "INSERT INTO table (col1, col2, col3, col4) VALUES ($unescapedValue, $hosed, $haxedLol, $bobbyTables)".

Which you can totally do in Ruby, Python, C#, NodeJS, etc.

I know mysql_real_escape_string is kind of a pain in the ass. Not to mention a huge WTF. Is the other one fake or something? Still, it's not perfect, but can you do Real Work in it? YES. It's not MUMPS for god's sake.

Re:Too Little, Too Late & MtGox (2, Insightful)

Anonymous Coward | about 6 months ago | (#46403727)

The very fact that several websites exist to document inconsistencies in the language implementation should make you wary.
Where do you find compiler devs who manage to evaluate 0x0+2 to 4?
The fact that there is a function called real_escape_string scares the shit out my me, because it implies there exists a function called escape_string which doesn't really escape strings.

Re:Too Little, Too Late & MtGox (4, Insightful)

Tablizer (95088) | about 6 months ago | (#46404005)

The fact that there is a function called real_escape_string scares the shit out my me, because it implies there exists a function called escape_string which doesn't really escape strings

That reminds me of people who call a document "x_final", but then change their mind and so create a second one called "x_final_final", and change their mind again to get "x_really_final_this_time_I_promise". I suggest version numbers, but then they say, "But version numbers don't tell me which one is final". I gave up on them.

Re:Too Little, Too Late & MtGox (1)

Camel Pilot (78781) | about 6 months ago | (#46403941)

Why in 2014, do I have to decorate variables with '$'?

Well for one thing effortless string interpolation... and it nicely identifies what is a scalar

Re:Too Little, Too Late & MtGox (0)

Anonymous Coward | about 6 months ago | (#46404169)

There never really was a time when any single programming tool or paradigm was a "good thing".

You also have best practices on Desktop programs. There is nothing that stops desktop devs to concat SQL query from textbox.(get)Text and suffers from SQL Injection, like I did when I was in high school, and like the many production code I have fixed since then.

Windows, Java, Flash, and PDF Readers are not coded in PHP, yet they are also buried neck deep in security patches. Unix/Linux neither, and it's thanks to them how "rootkit" got its name.

Re:Too Little, Too Late & MtGox (5, Insightful)

Dan East (318230) | about 6 months ago | (#46404219)

I do a lot of coding in PHP, and there's a lot of things I don't like about it, but your particular dislikes don't make a lot of sense.

Why in 2014, do I have to decorate variables with '$'?

It's not like PHP was written in 1965 and thus there was some hardware (memory footprint, compilation speed, etc) reason variables are prefixed with a dollar sign. It was a design choice. That's so you can do this:
$count=5;
echo "The total is $count.";

And you can use the same variable syntax in your code as in strings that are automatically parsed.

Why is the assiciative array syntax take two characters that look a comparison operator?

It doesn't "look" like a comparison operator if you actually know what the operators are. <= and >= are comparison operators, and => is not a comparison operator in any language I've ever used. A single equal sign looks like a comparison operator too, and woe to the developer that doesn't have the universal C-like basic operators (used in dozens of modern languages) memorized backwards and forwards.

Why do I need == and ===?

For the same reason that Javascript and other scripting languages need it. Those languages do automatic type conversion, and sometimes you don't want that to occur. The alternative is manually casting things, which isn't very script-like at all, and having to explicitly deal with types is more like C than an "easy to use" scripting language. Thus there are two equality operators for the times you don't really want 0 to equal null to equal false.
This one is even more ironic considering Javascript based node.js is your favorite server side platform, and thus you would also have to use both == and === operators in your preferred language anyway.

ANd vaiable confusion between $_GET, $_POST and $_COOKIE

I don't even know where to begin on this one. They are 3 entirely different things, with the most self-explanatory names I can think of. That's exactly as it should be. Look at $_REQUEST if it's too difficult to figure out which you should be using (and woe to your client if that's the case).

Re:Too Little, Too Late & MtGox (1)

scorp1us (235526) | about 6 months ago | (#46404305)

It's that same easy substitution, i.e. $sql = "SELECT fname, lname from people where id='$id'" that leads to data breaches. [xkcd.com]

Re:Too Little, Too Late & MtGox (2)

Dan East (318230) | about 6 months ago | (#46404337)

Like making it more difficult syntactically prevents SQL injection attacks either:

var sql="SELECT fname, lname from people where id='"+id+"'";

Same vulnerability in Javascript.

Perl vs PHP (3, Interesting)

Camel Pilot (78781) | about 6 months ago | (#46403445)

Being long in the tooth I do all my web development via Perl using my own nice call back templating engine and of course CGI.pm. Nice separation of code and html -neither of the two find themselves in the same file. Once in a while I have to do some repair work for customers in PHP and in horror find the html and code mixed to together with wild abandon and massive uses of global variable and I wonder PHP is so darn popular.

Re:Perl vs PHP (0)

Anonymous Coward | about 6 months ago | (#46403713)

But that's the Old PHP. The New PHP uses templating engines like Twig (http://twig.sensiolabs.org), which comes - like most of the things which define the New PHP - from the Symfony universe. Don't compare a procedural, PHP 4 originated application with a OO, dependency injection based modern PHP application ...

Re:Perl vs PHP (0)

Anonymous Coward | about 6 months ago | (#46403731)

You do not have to mix code and html in PHP. The person who made the code you had to repair did poor job indeed. Don't blame on PHP for what a developer did.

Re:Perl vs PHP (2)

budgenator (254554) | about 6 months ago | (#46403759)

I've found that using the Smarty [wikipedia.org] template enginr helps me avoid that situation in PHP and the learning curve is fairly shallow.

Of course CGI.pm? (0)

Anonymous Coward | about 6 months ago | (#46403905)

You might want to check out Dancer (or Dancer2) or any other modern Perl framework to make life a little easier.

Re:Perl vs PHP (1)

Anonymous Coward | about 6 months ago | (#46404441)

Only on slashdot could someone claim to take the high ground by using Perl.

Can I get a warning on undefined variable reads? (0)

Anonymous Coward | about 6 months ago | (#46403487)

Until I can get at least a warning on reads to undefined variables I will never use PHP for anything serious again.

Re:Can I get a warning on undefined variable reads (1)

webnut77 (1326189) | about 6 months ago | (#46404651)

Until I can get at least a warning on reads to undefined variables I will never use PHP for anything serious again.

Look into ini_set [php.net] . Specifically 'error_reporting'.

Re: Can I get a warning on undefined variable read (0)

Anonymous Coward | about 6 months ago | (#46404657)

Actually you can....change the error setting level in the php.ini file.....

Why use the Zend engine at all? (3, Interesting)

MarkRose (820682) | about 6 months ago | (#46403533)

Many of the problems with PHP are from the crappy language implementation. I recently came across a Java implementation of the language. It's been around forever, but as I hadn't heard of it, I figure many people reading this thread haven't either. It's Quercus [caucho.com] . It's certainly worth a look as a Zend alternative.

Re:Why use the Zend engine at all? (1)

dackroyd (468778) | about 6 months ago | (#46404057)

> Many of the problems with PHP are from the crappy language implementation.

Yes, because switching to a subtly different language implementation is not going to cause any problems running code that was written for the standard PHP implementation.

> It's Quercus [caucho.com]. It's certainly worth a look as a Zend alternative.

That was release 7 years ago. No one appears to really use it.

Do you really think that if it was such a great improvement over the Zend engine that people wouldn't be using it?

except... (0)

Anonymous Coward | about 6 months ago | (#46404129)

... I'd rather poke my eyes out with PHP than even think about putting Java on my server.

geeks (0)

Anonymous Coward | about 6 months ago | (#46403587)

I'm sometimes amused by many of the negative emotional reactions to PHP. The best I can guess, having languages around that any joe can pick up reduces some geek's feelings of superiority ('leetness'). Knowing several languages, I can't say that any one of them is perfect, otherwise we wouldn't have so many.

Re:geeks (0)

Anonymous Coward | about 6 months ago | (#46404119)

PHP gets attacked because it rules the web. If you love some obscure language like Go then you're bound to attack PHP in order to gin up Go. The problem is that most lanuages have specific weaknesses. PHP's weaknesses are all over the map, while most languages, like Go, which make academics like them, have huge practical problems for programmers. Perl and Ruby are slow. Perl is incomprehensible when you try to read it. Most languages don't handle string concatenation or white space very well (looking at you, Python). Many require dedicated hosting. The sheer volume of code written in PHP frameworks dwarfs all other languages combined. It has just enough oo to be useful without going insane (java). However, the root of the problem is the weaknesses in HTML and the horror that is javascript. Had HTML been done right, at least as far as mini-XSLT implementation, none of the messy solutions we have now would have been needed.

Still waiting (3, Interesting)

Ziest (143204) | about 6 months ago | (#46403629)

I'm still waiting for PHP to be completely case sensitive, a sane scoping scheme and real object oriented (can you say polymorphism)

Re:Still waiting (1)

Tablizer (95088) | about 6 months ago | (#46403957)

No, case in-sensitive. You got it backward. Case-sensitive derails stuff over persnickity minor differences that my old fogey eyes can't spot.

Re:Still waiting (0)

Anonymous Coward | about 6 months ago | (#46404077)

I'm still waiting for PHP to be completely sane.

Re:Still waiting (0)

Anonymous Coward | about 6 months ago | (#46404351)

If you need your language to be completely case sensitive, then that means you want to have two variables that differ only in capitalization.
You want a variable named "foo" and another variable named "Foo", both with different values?

You Monster.

register_globals (1)

seebs (15766) | about 6 months ago | (#46403641)

The beautiful thing is their lovely page explaining that it wasn't an insecure design, just one which "could be misused".

I'd say that a feature that easy to "misuse" in ways that lead to security holes is, in fact, a pretty good example of an "insecure design".

A fractal of bad design. (5, Insightful)

Anonymous Coward | about 6 months ago | (#46403705)

I don't normally like linking to blog posts, but this one pretty much sums up PHP for me:

http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/

His analogy is very apt.

Re:A fractal of bad design. (1)

Anonymous Coward | about 6 months ago | (#46403791)

Rebuttal: http://forums.devshed.com/php-... [devshed.com]

Re:A fractal of bad design. (0)

Anonymous Coward | about 6 months ago | (#46404769)

The link there sounds like teh same sort of shit I read when people defend bitcoin. The author has obviously formed some sort of stockholm syndrome like relationship with one of teh world's shittiest languages.

meet the new php, same insecurable, piece of shit language as the old php.

I've heard that before (1)

Tablizer (95088) | about 6 months ago | (#46403939)

"Magic mix-and-match e-Lego's" == Marketing Buzzshit

Love PHP (1)

Anonymous Coward | about 6 months ago | (#46404125)

Why? Because it pays my rent!

Yeah but (0)

Anonymous Coward | about 6 months ago | (#46404419)

Python will send your future children to college.

Its you that suck (0)

Anonymous Coward | about 6 months ago | (#46404303)

Take a bad programmer and they can turn anything into a mess. Don't blame it on the language.

Moving to Python (4, Informative)

EmperorOfCanada (1332175) | about 6 months ago | (#46404311)

I have build some very large PHP based web systems(over the last 10 years) and recently dipped my toes into the Python pond. My python skills might be a tiny fraction of my PHP or C++ skills and I doubt that I am using Python anywhere near its potential, yet my productivity is already much higher and getting faster. I am waiting for there to be a catch but so far I haven't found one.

It is shaping up to be one of these things where my only regret is not switching sooner.

I was a huge defender of PHP for a long time but that time is over. There are interesting things like HHVM that are another bandaid for PHP but I am sick of making PHP work. I am sick of typing all those stupid dollar signs. I'll just say what so many have said before, "Python is like typing pseudo code, except you are actually coding." I don't look at my python and shudder.

PHP reminds me of some of my own projects where I changed course many times leaving strange little architectures and changes in philosophy. The longer the project goes on and the more it changes direction the more debris it leaves behind. It is not necessarily broken just sort of all just off.

Where Python is a tiny problem with the web is that setting up a development environment took me a tiny bit more work than the usual LAMP setup. This might make it harder for beginners but maybe that is a good thing. I don't mind leaving the beginners back in PHP land.

Yup, better (1)

JeremyWH (1354361) | about 6 months ago | (#46404353)

We use PHP and have recently moved to the Laravel framework and PHP5.5. Small things like [] for array is great. Fast, and Laravel 4 means MVC. And , off topic, but apache (2.4) configuration is pants and makes no sense!

Ugh (1)

Anonymous Coward | about 6 months ago | (#46404377)

I don't hate PHP, but I hate Frameworks.
As PHP evolved, features kept being depreciated and with 5.5, they will finally break Wordpress. Wordpress started causing problems at 5.3 because of changes to OOP sanity checks.

But seriously, please wean yourself off the OOP teat, Perl was not designed as OOP, and OOP rendered it completely useless as a web language. PHP wasn't OOP, but kept gaining OOP features, and again it's being rendered useless as a web language. Javascript's the only thing that has resisted becoming an unmanageable OOP hellhole.

Package management systems in Perl rendered upgrading any one thing a hazardous house of cards, and we're just content if upgrading Perl itself doesn't catch the server on fire. PHP hasn't adopted this insanity, and I hope it stays this way.

It's still unmaintainable crap (1)

msobkow (48369) | about 6 months ago | (#46404571)

PHP's biggest problem is lack of modularization and encouragement of inline script hacking. It suffers from SQL that lacks proper commit controls. Implementations I've used leak connections like a seive, forcing restarts of the database servers on a regular basis.

Bottom line: PHP is the one tool I've used that I hate more than JavaScript. JS is functional elegance compared to PHP spaghetti.

Re:It's still unmaintainable crap (2)

dackroyd (468778) | about 6 months ago | (#46404689)

> It suffers from SQL that lacks proper commit controls.

Wat?

> Implementations I've used leak connections like a seive, forcing restarts of the database servers on a regular basis.

While that must have been frustrating for you - that's not a common complaint, so was probably specific to either your DB or configuration.

> PHP's biggest problem is lack of modularization and encouragement of inline script hacking.

You mean you suck at writing decent code, without being forced to do things 'properly' ?

Sounds like that old Ford commercial (1)

defcon-11 (2181232) | about 6 months ago | (#46404803)

Have you coded PHP lately?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>