Lusercop wrote: > I think my conclusion for all of this is that I can't trust PHP, because > architecturally, it appears to be designed for use in situations where the > necessity is not for any kind of privilege management, or separation. It > appears to be designed to get dynamic pages up and running as quickly as > possible and as easily as possible.
Absolutely. PHP is, or should be, a quick hack language. The fundamental feature of embedding application code directly in presentation markup is the biggest no-no there is. It leads to a poor (or non-existant) separation of concerns, typified by spaghetti code programs that are all but impossible to read, understand, extend and maintain. PHP is quick, simple and easy to use and ideal for basic one or two page web hacks. But for building larger sites or dynamic web applications? Definately not! Alas, that's what most large dynamic web applications seem to be written in these days. Written by your average Joe who wouldn't know the difference between good programming and bad, and probably wouldn't care much about it if they did :-( ASP is just as bad for much the same reasons. Used by people who don't know any better and don't want to know any better. A