On Mon, Nov 04, 2002 at 12:44:00AM +0000, Paul Makepeace wrote:
> "According to a Netcraft survey published in April 2002, PHP is now
> being used by over 24% of the sites on the Internet. Of the 37.6 million
> web sites reported worldwide
> (http://www.netcraft.com/Survey/index-200204.html), PHP is running on
> over 9 million sites and continues to grow at an explosive rate. Over
> the past two years PHP has averaged a 6.5% monthly growth rate."
> That's an enormous number of hobby sites :-)
> Oh well, who knows - my basic point is that for all the interesting
> discussion about how bad PHP is there's an awful lot of productive work
> going on with it, that same work that probably wouldn't've happened with
> perl. (I know at least half a dozen PHPers who were too scared by perl.)
I think the bad publicity that PHP gets is largely due to two/three things:
a) The speed at which it evolves:
PHP has went through a crazy development cycle in the last year or
two.. quite a bit of the API changed to be more uniform, and other
such language enhancements. This period is not over, Zend2 is on the
way which will change some of the language syntax, although on saying
that, perl6 is on the way too, and perl's syntax will probably change
more than PHP's will with this upgrade.
b) The number of bad PHP programmers:
PHP is probably one of the easiest web languages in the world to pick
up. Given that, and the number of ".* in 24 hours" books available
for it, the universe now has a surplus of PHP coders who don't really
know what they are doing.
As a result of this, we now have a steady stream of security
vulnerabilities published on major security mailling lists daily
about insecure PHP packages (I think this is how the discussion
started?).
The actual PHP codebase itself has only had a few insecurities -- I
haven't looked at the figures, but at a guess I'd say less than the
likes of suidperl (which has been around for quite a long time I must
admit, but I'm trying to make PHP look good here).
A properly coded PHP project should be just as secure as it's perl or
C (or insert-language-here) counterparts. It is the
"In-24-hrs-Newbie" who is writing code like
'system(getenv("USERNAME"));'. This could just as easily be done in
any other language. (please skip the perl tainting rants :).
c) Lack of traditions regarding project management and syntax style:
Well organized PHP projects are few and far between; I've heard
hundreds of anti-PHP arguments, most of them valid, but a large
number have been that PHP does not cope well when given a large
codebase (1000+ lines).
If your PHP codebase has got messy, that is your fault, not the
languages. PHP doesn't have a recognized way of organizing code
(like Perl or Python modules), it leaves it up to you to be creative
in finding a way.
As a side note, there is a CPAN clone well under way, however, PEAR.
The only real complaint I have with PHP is the memory management, which
I have seen get messy in really simple situations. Apart from that, it's
a nice neat little language. If you keep up with the development of the
language (like any good programmer should anyway), you're sorted.
Admittedly, PHP language development moves about 100 times faster then
any other language at times, but thats just it's nature.
</rant>
Dave.
