Isn’t Wordpress powering like 40% of the internet? PHP isn’t going anywhere anytime soon.
For me the weirder part of that meme is Python in 2022?
IMO, Ruby is a better Python than Python. It’s simpler, has a cleaner syntax, and if you want to do funky stuff metaprogramming can allow you to do cool, and sometimes unspeakable things. Python has great library support, and slowness and Rails did make Ruby unpopular for a bit, but I would love to see a Ruby resurgence that wasn’t to do with Rails, because it is truly a lovely language to use.
Hell, I would say that in 2023, it’s easier/faster to get something set up and working in Rails than it is with frameworks like Symfony, Express, ASP.NET, etc.
There are literally dozens of us.
Ruby feels a lot like writing poetry. Especially with microframeworks like Sinatra.
Python feels more like writing JS/ECMAScript without any punctuation.
Then again I cut my teeth on Actionscript (1 ugh, 2 ooo, and 3 nice—oh the iPhone doesn’t support it…), so my opinion is probably pretty worthless.
I’d wager that most people haven’t used Ruby in anger, so don’t really have the comparison. Those that have used it have probably only used it in a Rails context, which IMO is a fairly limited environment to really play with Ruby.
I definitely love the language, but the ecosystem, library support, and some of the companies that jumped on the initial Rails bandwagon can be extremely backwards and resistant to change in tech.
Can you elaborate on the python part? I’m not a programmer ( I don’t work in the field but I studied programming in high school) but I see python mentioned everywhere, is the language obsolete?
People who say PHP is shit haven’t really used it and are just repeating the memes. It’s a perfectly fine language and there are a number of excellent tools and frameworks for it. It’s reputation is a result of it’s easy entry and widespread use. A whole lot of people who knew just enough to be dangerous made a whole lot of stuff, and it ended up causing a whole lot of problems. But for some reason devs shit on the language instead of shitting on the devs who put them in a mess.
Nah, it’s historically been a special kind of shit. It started life as a Perl templating engine, then grew out to its own language where it repeated all of Perl’s mistakes while adding more of its own. Its community was single-handedly responsible for keeping SQL injection attacks in the OWASP Top 10 list for years. Notice that it’s now bundled with “injection attacks” as a generic label for a wider range of similar issues–SQL injection alone would no longer warrant being there. Its conflation of arrays and hash maps meant it took years to wrestle with algorithmic complexity attacks. Perl kept the two separate, and was able to get a patch out for algorithmic complexity almost immediately (though it turned out to have a few bugs of its own, and a true fix came in a few years later; still faster than PHP solved it).
The web from 1998 through 2010 or so was absolutely riddled with bad PHP programs. “But that’s not the language’s fault”, you say? Doesn’t matter. Community is an important and underappreciated feature of a language, and PHP had a special kind of shit community. It almost seemed designed to suck away the dross from all other communities.
Consider the plugin system for phpBB:
- Its architecture doesn’t have any kind of hook system for plugins; they’re added by patching the code in place
- This naturally leads to different plugins interfering with each other
- Having done that, you might choose one of the patch formats already out there, but phpBB decide to create their own
- There are, at first, no tools available to automatically patch in plugins, so administrators (often not developers themselves) need to hand edit the source files and modify the database (the plugin format specifies both together)
- Tools start to emerge over the years to handle it automatically, but they’re buggy and unusable for a long time
Is it PHP’s fault that one major application was implemented so poorly? YES! Its community is a feature, and its community is what brought us to this.
You want to claim that the language has done better since PHP7? Alright, that’s fine. I still don’t care. There are so many better options available, and I don’t have time to keep up with all of them. I’m happy relegating PHP to being a long-tail language where it trails off slowly over the years like COBOL.
I’d say that PHP allows you to write very bad code (and makes that the default). It’s a language feature.
For example Java has a lot of NullPointerException because it was designed with null and without mechanisms to detect & prevent these errors. Any method can return null and cause a NPE. It’s just easy to ignore them. Modern languages like Go, Rust or Zig force you to handle null errors, and make it easy to do so. NPEs are a lasguage feature in Java.
In the same way PHP allows you to write any ugly code you want. There are no checks, no safety. People can write bad code, people can be lazy, people can be stupid. PHP allows it and empowers them.
Exactly. I used PHP for years, I haven’t “not used it.” It was the first programming language I seriously learned. Writing good code was tedious if not impossible and that became even more obvious as I expanded to C#, Java, Python and C++; none of which tolerated any of the bad and unconventional practices I’d inevitably picked up. Keep in mind, I was actively trying to avoid bad practices and pay close attention to types but still got kicked to the curb hard when I tried other languages. I haven’t had that since.
I appreciate it’s changed since, I’m happy to see it’s not the same dumpster fire it once was, I also don’t care. I don’t actively trash it, I just think there’s usually a better option.
I used PHP for the past year. And honestly I still think it is not a good language. Just of the top of my head.
-
By far the biggest culprit. Arrays. This monstrosity is basically everything. Yes, it is fast but it only teaches bad habits. It is a weird combination of Arrays/Lists/(Dictionary/Hashmap) and you can’t know which one it currently is because there are 0 compile time safety checks. Also when used as a parameter it is passing a full copy instead. But the copy of course is only shallow. I have seen so many problems with that. And even worse when someone thinks the way to fix it, is to just json encode/decode the whole thing in order to get a deep copy before passing it.
-
Generics. I still don’t get why this is such a huge issue. Like I would rather have a half-baked optional compile time implementation then none at all. The worst part is that IDE tools support generics so you end up inplementing them on the comment level. I shouldn’t be forced to use generics through comments.
-
$ for variables. I know that this is just based on how the language grew. But god do I hate having to type it. It is not an easy to reach letter and just breaks my typing flow the whole time. You get used to it but still.
4 . The default functions. Yes. You will mostly use framework provided functions or your own stuff. But you still end up in contact with them and the naming schemes are still all over the place, so it is fast to just google it then hope you accidentally stumble upon it through the IDE. And some things are still straight up missing. Like the best way to deep copy an array is json_encode into json_decode. When I saw this the first time I was sure that must be wrong. But no. That is legit the way to do it.
Also I am stuck with PHP7 so some of my other complains seemed to be fixed in later versions. Also please don’t recommend DS for my first issue. I tried to push for it but it got vetoed because “it is too complicated for new devs”.
The language itself is not that bad. Especially the newest releases are really great, thought out DX improvements. What stinks are its legacy parts and how it needs to be run.
My biggest pain is that for it to actually behave like it should it requires some sort of an actual web server like apache or nginx.
Also, servers written in are actually request handlers - every time a request comes, the whole app is reinitialized, because it just can’t hold its state in memory. In many apps every request means reinitializing connection with database. If you want to keep some state, you have to use some caching mechanism like redis or memcached.
Also had one time when Symfony app was crashing, because someone forgot to close class braces, and everything was “working” until some part of code didn’t like it and was just dying without any error.
And one time when someone put two endlines after php closing tag at the end of the file, confusing the entire php interpreter into skipping some lines of code - also without warning, and only in specific php version.
Back in the day, the way it integrated with Apache was an evolutionary advantage to PHP. It found a strategy that worked in its environment and it thrived. That environment no longer exists, but PHP holds on vestigially.
We didn’t have AWS or other cheap, virtualized hosting way back when. It was all shared plans where you had a directory of your stuff, and it was there with a hundred other people on the same server and Apache instance. You could run whatever you wanted as a CGI, but that was even worse; it forks off a whole interpreter for the language, parses the code, and then used STDIN/STDOUT to communicate. Even if you implemented it in compiled C code (which had all the other problems you would expect), that fork is still expensive.
Projects like mod_perl and mod_python built an interpreter directly into Apache, but there was a problem with how it worked: it was too sophisticated. They could hook into the entire Apache API. That meant that there was no way to separate your stuff from every other thing on the same shared hosting plan. Any one instance would be able to fool around in all other accounts. That’s untenable, so your choices for those languages were to either get a dedicated plan at well over $100/month, or stick with a $5/month shared plan and put up with it being unscalable.
Enter mod_php. It builds the interpreter into Apache, but that’s all it does. Still have a parsing step, but it doesn’t have to fork. Doesn’t try do anything else. Its fast, and it can be hosted on cheap shared plans.
If you’re a startup at this time, operating on frozen pizza and office chairs from a thrift store, then you could get a cheap plan, develop it under CGI, and hope that you can refactor it later when you can afford a dedicated plan. Oh, and keep in mind that CGI doesn’t lend itself to converting easily to the Apache API or whatever else you’re going to use in the future. Alternatively, you could build it in PHP and it will be fast now and acceptable later.
It’s no great mystery why PHP was chosen at the time. There were limited options, and it was the cheap, get it done now option.
Not sure why you focus on arrays for deep copying. Deep copying objects is a problem in many languages and brings some challenges with itself that make it almost always necessary to delegate it to a library.
Simply because it was an issue that I ran into at work. And the reason I focus on arrays is because of the previously mentioned default behaviour of arrays being cloned when passed as an argument for a function. The issue here was someone unexperienced wrote a bunch of code and used only arrays (deep ugly arrays) and it ended up being a huge mess of some references staying the same while others changed. So the only solution was to deep copy at one place. That way later operations on these arrays didn’t affect the original structure. Not pretty but refactoring would have been too much effort.
$ for variables. I know that this is just based on how the language grew. But god do I hate having to type it. It is not an easy to reach letter and just breaks my typing flow the whole time. You get used to it but still.
I’m assuming you’re not using an English keyboard…? Shift+4 is an extremely key combination for me lol
Can’t open the one response you got. So maybe someone already answered. But this here
The answer for the deep copy would seem to be a combination of a static recursive function to copy the array while cloning the objects inside, with setting the __clone() magic function in your objects to break the references, no? Granted it’s not a built in function, but not difficult to implement.
Arrays are passed by copy by default. Every scalar or array value is copied by value. Every other thing (objects basically) is copied by reference.
Passing array by reference passes everything it used to copy by reference.
Attempting to clone an array will result in an error.
Reassignment of a variable containing an array will do the same as if passed to a function by value.
Reassignment of a variable containing an array using the reference operator will do the same as if passed to a function by reference.
So, in order to deep copy an array, just reassign and recursively traverse the array calling clone
on each object. Of course, this would break (or not, depending on the intended use) when the same object is referenced multiple times under different keys.
Sorry for being lazy so no sources for now. But based on my research back then. Using clone (on arrays) is actually slower then json_encode/json_decode.
So there are some cool optimization tricks going on in the background. But that doesn’t make it any more intuitive for me.
I used to think that php was a bad language until recently (used php5 when i was just learning to program, cooked some delicious spaghetti). But after 5 years I had to use PHP at work. The language has improved a lot, but I think a lot of the bad parts are still there.
Like, why does stdclass exist? Why not just use associative arrays? Why are there warning, error, fatal errors, exceptions? Some functions throw exceptions, other raise errors, others return false, other fail silently and you have to call another function to check if there was an error (last_json_error
). Why do find functions return false
instead of -1
? Like every other language? Why can’t I use strings with numeric values as maps keys? (I can’t have ["001" => value]
, it gets casted to ["1" => value]
.
There are no generics, you have to use mixed
everywhere. The stdlib is an inconsistent mess, some_snake_case, someCamelCase, verb_noun, noun_verb, functions are not namespaced, everything is global. A lot of duplicates: die vs exit, print vs echo, etc. You are forced to use PSR & autoload to be able to use namespaces in a tolerable way, not including_once everywhere. No UTF-8 support, only ascii. You have to manually use mb_ functions. Variable scoping is weird. Variable variables? Why?
And all that is just comparing it to the average language. If compared to a modern language like Rust, Zig, Swift, php is light years behind.
It’s not hot garbage, but I wouldn’t call it “good”. There’s laravel, but not much more. PHP still makes you shoot yourself in the foot by default, unless you spend a lot of time learning its edge cases. Just like javascript.
There are a lot of people who think that if a language or framework doesn’t completely disallow bad practices (and of course the authors have to agree with their very specific subjective ideas of what bad practices are) then it sucks. I’ve always found that weird. Like why are you mad at a tool for being “too flexible”? Why not be okay with learning what not to do?
If you’re going to do that, then you also have to have a community that stresses best practices.
In 1999, Perl was leading the world with a tutorial for DBI (its primary database driver interface then and now) that uses placeholders in its very first code example. The community made that the standard, and it was the first hit on “Perl SQL tutorial” on Google for a long time. Perl applications with SQL injection attacks are out there, but have been relatively uncommon.
Notice that the API doesn’t force you to use placeholders. It’s simply strongly encouraged by the community.
Also in 1999, PHP was leading the world in not having a database driver interface through a common API, but rather a thin wrapper over whatever C libraries were used for individual databases. If that database supported placeholders at all (MySQL didn’t, and guess which database was most popular with PHP?), then it often had a different syntax* for every one. (Note that Perl’s DBI uses a translation interface that can implement “?” as a placeholder for you if the underlying DB doesn’t do anything else or uses weird syntax). You could always use a filtering function, and PHP devs would routinely try to write their own rather than use the one that came with the database API that’s already vetted. Either way, there was no widespread community pressure to use safe practices, and PHP led the world in SQL injection vulnerabilities for well over a decade.
*As a side note, I was recently accused by another dev of having a Python app riddled with SQL injection vulnerabilities. In fact, it was well protected, but it was using the psycopg interface to PostgreSQL, and it has a weird placeholder syntax that the other developer wasn’t familiar with. Thanks, psycopg!
An interesting thing you may have missed is that the PHP community actually aggressively removed posts from stack overflow suggesting the old broken autoquoter approach. I’d say that PHP actually has an incredibly security minded community at this point.
It has also improved a lot in the last years. PHP5 and especially versions older than that weren’t very good and deserved a lot of the criticism. PHP7 and onward are much better languages and don’t deserve the hate.
I worked a lot with PHP3 and 4, they work by the “Here is a flat C style API and here’s all the functions to use.” principle, and a lot of the work was finding the needed function, and how to use it.
I know PHP5 did a lot of redesign especially with classes, but have never used it, hope PHP5+ feels more like Pythons toolbox.
If I should write a web application today, I would start looking at Python based frameworks: Django (I have used it before)/Flask/Etc. as I am not sure I would like to work with JavaScript, or have to re-learn PHP.
I think the worst thing about PHP is all the ancient tutorials that litter the web like landmines. SQL injections everywhere.
And there’s way too many low-budget wannabe web developers who know just enough to blow their own feet off. Or more likely whoever paid for its feet, because that web dev will be nowhere to be seen a week after handing it over.
Honestly, php is actually pretty fucking sweet for functional programming and metaprogramming… other languages wish they had __invoke
and __get
.
I also think it has the “right” balance of library functions built in, you can do pretty much anything common and trivial with built-ins but the function list is short enough that you can comprehend most of it.
__invoke
is just for making a class Callable. Java has those with functional interfaces. __get
is just dynamic property resolution synax sugar. Instead of something like obj.get("property")
you do obj->property
.
Instead, I would like to see ADTs, generics, pattern matching, immutability, expressions everywhere and a better stdlib. Then one could call PHP functional.
It’s like how people say Javascript is functional. Sure, it has lambdas, anonymous functions, closures, const
. But those alone don’t make it functional.
Functional programming is very different (and at times hard). If you have the time you can check out F#, OCaml, Elixir, Erlang, Rust or Haskell (in order of difficulty imo). Those are more “pure” functional, rather than imperative/OOP with a touch of functional.
See how things work, what features they have and don’t have. How problems are solved in these languages. I think learning about one of them can give you a different perspective on what functional means. I discovered F# one day, got curious and discovered a whole different paradigm, a new perspective on programming. And learning about functional programming really made me a better programmer, even on procedural/OOP.
My issue with PHP isn’t the language, it’s the developers. PHP developer culture is much like C# and Java culture.
I could bring a million reasons I don’t want to program in PHP and every time we talk about it, the PHP developer tells me I should be using it for everything. If I suggest that it may not be the best tool for a particular task at hand, the PHP developer tells me it’s the only language they know so they will use PHP.
The issue is that this type of culture closes doors mentally. In any craft, we should try to use the best tool available for the task at hand. In carpentry you’d use a hammer with nails and a screwdriver with screws. In programming, there are times using PHP makes sense and times it doesn’t.
In container based services, I tend to lean toward a compiled binary because it reduces the size of the container at run time and most modern languages don’t require tons of heavy duty frameworks to scale well there.
In a monolith, a fully interpreted language with an MVC framework could make sense.
I’ll never understand devs that go “I don’t know that language”. PHP is one of the only languages used in production I don’t know. I have read examples and it looks like you bastardized a Java/c# clone with bash or a string templating language, which isn’t very appealing. But like, if I had to learn it, I’d do so in a month, functionally writing it in a week tops. Learning languages is part of the job, and they all add something to your understanding of paradigms.
I think we need to keep in mind that a programming language isn’t learned in a day whereas the use of most tools can be learnt within minutes, albeit not perfected of course.
The hurdle to learn a new language is higher and also there is only so many langauges you can be fluent in at the same time, until you start mixing stuff up and causing more problems for yourself than being proficient in just a few languages.
It’s fine to not know every language. I’m not saying you must know every language. I’m saying that only knowing one and refusing to use another is a problem I’ve seen from PHP, Java, and C# cultures almost exclusively.
The only exception I’d say that makes sense is people who are using coding for a small part of their overall job. But full time software engineers should have at least a few options in their belt for backend that they understand and can use in different scenarios.
I think PHP is shit because I used it about 14 years ago (+/- 1/2 years), where it was crystal clear that the language was written by a complete amateur. I’ve example off the top of my head: you couldn’t reference an element of an array returned by a function in the same line, you had to first assign the function’s output to a variable and only then were you able to reference an element of the array in the variable. Like, WTF!!!???
It may have improved over time, I just don’t care enough to find out. It doesn’t deserve my attention.
Yea, I used Rust 14 years ago and it didn’t even have a compiler, what a fucking clown car of a language!
(Also, they fixed that with a really smooth syntax… and 14 years ago, you actually could do it with list()
)
I’ve designed languages from the ground up, and written interpreters and compilers, so maybe I’m a bit of a snob regarding that kind of thing.
With all the levels of abstraction nowadays it’s impossible for anyone to understand the whole stack, so I don’t blame you for not caring how things are implemented under the hood.
But that issue with PHP (one of many) made me want to find the person who wrote that abomination and slap them with a baseball bat.
There are two kind of programming languages:
- The ones everyone complaints about
- The ones nobody uses.
It’s hard to justify using anything other than JS or if you wanna be fancy, Web Assbly, for the FE.
Any other front end language involves generating Javascript from your language, which inevitably ends up with you making a weird Frankenstein project that mixes the two.
I’d rather just use stuff like Webpack or Vite to compile my JS front-end out of JS (or TS) from the start. It always ends up being a cleaner result.
My backend though can be whatever the fuck I want it to be.
But if you ever think dynamically compiling/transpiling a JS front end on the fly on demand is a good idea, instead of simply just delivering static pre-compiled/transpiled pages, you’re part of the problem for why the web is so slow and bloated.
It’s wild how crazy of projects people will build that take 3 entire seconds to just deliver a 500kb static form that doesn’t even need angular to do anything. They turn a couple hundred kb into several mb for no useful reason, it’s wild.
On that last bit. I agree with you, but people are getting paid to produce, and since they probably just know angular, they use angular everywhere.
I prefer html personally :x
But yeah, I mostly blame the project managers that encourage this behavior, it’s wild how much overengineering goes into basic stuff like making mostly static websites.
To my understanding, you can’t really use WebAssembly for the frontend - it doesn’t support manipulating the DOM, so you still need to offload a lot of the work to JS. It’s an uncontested language when it comes to web frontend.
I find that the only reason for SSR existence is to be able to just move a JS frontend to the backend for SEO/client performonce reasons with almost no effort. If the frontend really needs to be highly interactive then yeah, a FE framework makes things easier. But then you are locking yourself to using JS in the backend. Voluntarily locking yourself to use an objectively bad language.
Then there are the react/angular/other people, who build everything in these frontends.
I really hope tools like htmx gain traction, since it looks like a model able to solve the current JS madness.
I’m not liking htmx, I checked it out, it seemed promising, but it has giant gaping security holes in it so I can’t endorse it.
I have been sticking to using Ejs with html-bundler-webpack
The combo is lightning fast and gives me a solid usability of html partials so I can modularize my front end in re-useable chunks.
It compiles to the static site fast for iterative development, it has everything I need baked in for common needs (minification, bundling, transpiling, cache busting, integrity, crossorigin, tree shaking, etc etx)
I like how it let’s me just focus on actually writing the html + js + css and not have to muck around with thirty boilerplate steps to just make the app run.
If I need a lot of reactivity I’ll use vue or angular but I so so rarely need that.
And now with the template element, half the time reactivity can just be done with those.
Only time I actually need react/vue is when I have to frequently mutate/delete in the DOM.
But if I purely am additive, adding things to the DOM, template elements are plenty.
Could you elaborate on the htmx security holes? I only know about xss attacks, and for those it’s trivial to sanitize in the backend.
I too gravitate towards just templating for static or simple interactivity, but for pages that need SEO and interactivity I’m still wondering what’s a good solution that doesn’t involve SSR and a js framework. For a recent project I had I generated the html in php and sent a lot of pure js for dom manipulation
PHP is amazing
If you’re thinking of PHP version less than 8 you need to have another look
Totally stateless. Uncached server side rendered response times in double digit milliseconds.
Types
Extremely battle, highly tested frameworks.
Excellent tooling for tdd, bdd, static analysis, automated browser testing, coding standards and auto fixing. Even fully automated refactoring for things like package upgrades (Rector)
Regular, solid, releases bringing updates and fixes
Arguably one of the best package management systems, Composer. And only one, none of this constantly changing tooling that some other ecosystems seem to do
Properly open source platforms to power all kinds of web projects from e-commerce, CRM, social, scraping, analytics, monitoring, API, CMS, blogging
Basically if your target is server side web stuff then it’s really good
Or, you can continue to demonstrate how out of touch you are by continuing with the old “PHP bad” jokes if you want!
Uncached server side rendered response times in double digit milliseconds.
Thirst thought, that sounds slow. But for the use case of delivering html over the Internet it is fast enough.
For a bit of templating? Yes! What drives response times up is typically the database or some RPC, both of which are out of control of PHP, so I assume these were not factored in (because PHP can’t win anything there in a comparison).
not only that but you just install it with the lamp stack setting in ubuntu tasksel with apache and mariadb. the beating that these can take (except maybe the sql) and survive is great. you also have access to the whole of linux to do more advanced stuff, while other languages/ stacks shy away from exec
All of that can be the same as other stacks except the Apache bit. You can stand up a Go application on Ubuntu hitting MariaDB as its persistence layer. Or Python. Or Node. Or Java. Or even Ruby. Shit, Haskell can do it.
Also, exec
is a code smell. Arbitrary code execution is a massive security risk, and the effort to mitigate that risk is often less than explicitly building out the required functionality.
I think you need to explore more technologies, my friend. And read up on some security things
Edit: I now realize you mean exec
as in calling out to a shell. All languages have this. Still, the overhead of spawning and managing a new process is often more than just implementing the logic in your application itself.
Dude was saying that 8 is good, but people still think of version 5 when talking about PHP. Not recommended to still use in 2023.