« How to Easily Manage HTML Output in PHP
Code Commenting Dos and Don’ts »

Attacking PHP

I am so tired of people defending PHP.

Note: this is good natured. The guy that wrote the original article — why can I never find names on these things? — makes a few good points. And, for full disclosure, I work with PHP full-time right now, and it’s still my go-to language for knocking out a web application because I’m so familiar with it. (And even then, only with Zend Framework and phpSprockets.)

But seriously, PHP is sickening. I’ve started using Ruby and Python for any tasks I can get away with and they’re really worlds apart. PHP’s got some good in it but it’s all buried under deep layers of hate. That’s right, PHP hates you.

PHP is terrible

Need proof? Here it is, broken down by category:

Language Features

  • So many things evaluate to boolean false or boolean true that there had to be a new operator introduced (=== and !==) to do strict comparisons.
  • You can’t differentiate between a hash or a list or anything. They’re all the same. Even if you know you’ll never need a keyed index, you can’t turn it off.
  • It’s Object Orientation is broken in places (late static binding).
  • It doesn’t support lambas. create_function() is not a lambda.
  • You never know if short_open_tags is on, or if safe_mode is on, or if (ugh) register_globals is on.

Built-in Functionalty

  • It comes with a standard library that has no naming convention. You never know in what order the words will come in or if they’re separated by underscores or not:
    • str_replace()
    • strlen()
    • parse_str()
  • You never know what order the arguments are in:
    • in_array($needle, $haystack)
    • strpos($haystack, $needle)
    • You constantly have to check your output thanks to type restrictions:
    • strpos(’abcd’, ‘a’) will return 0. Don’t test this with if (strpos(’abcd’, ‘a’)) { … } because 0 is secretly false! You’ve got to use if (strpos(’abcd’, ‘a’) !== false).

Common use

A lot of open source projects are written in it, such as Joomla, Wordpress, and MediaWiki. All of their code is hideous, and half of the time there’s random HTML in the middle of their scripts because, of course, we’re working with webpages and why would you ever want to abstract the output from the logic?

Irrelevant praise

Here are some common praises of PHP and why they don’t matter:

PHP is great because it allows the new user to pick it up quickly!

Sure. And if the introductory material available covered good programming style we might not have a problem. In reality, every example PHP script is riddled with SQL Injection vulnerabilities, XSS vulnerabilities, and terrible programming. Most newbs never learn a better way of doing things because this gets them results that look good very quickly.

PHP has classes, it doesn’t need namespaces.

Fail. Use a language with namespaces for a few months and come back to PHP. I did. It’s sickening.

Globals are okay!

Whoever taught you that needs to be shot. Globals are not okay. They are tolerable in certain situations, but if you make blanket statements like “Globals pierce through all the layers of code and get right to the heart of the matter.” then you’re clearly using them too much.

Share This

This entry was posted on Thursday, January 24th, 2008 at 11:08 am and is filed under PHP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

10 Responses to “Attacking PHP”

  1. Sold Out Activist Says:
    January 24th, 2008 at 4:42 pm

    I use PHP for nearly everything, even on my desktop. But that’s not the point:

    Why is it when people talk about namespaces, and they point you to code to demostrate the power of namespaces, almost always, ath the top of the code there is:

    using namespace std; using namespace blah; using namespace this; losing selfrespect; using namepsace that;

    Why tote the power of namespaces if a lot of programmers just throw methods into the global space anyway? (And that’s not a pump for globals either, I’m against them myself).

    I feel that’s the same argument as people who complain about $object->method. If you are too lazy to type std::method (or $object->method), you suck, not the language.

    And I despise both Python and Ruby. Simplicity does not make it easier to use, just Web 2.0 doesn’t make website better. But that’s my opinion and I’ll keep it until it isn’t true.

  2. pcdinh Says:
    January 29th, 2008 at 2:13 am

    Your comments are somewhat terrible :D Need proof? Here it is, broken down by category:

    Language Features

    * So many things evaluate to boolean false or boolean true that there had to be a new operator introduced (=== and !==) to do strict comparisons.

    My comment (1): PHP is dynamically typed by nature. It offers great flexibility but anything comes at a cost. If someone is a PHP developer and does not understand its nature and its cost, he will be killed. Careless and clueless developers go nowhere, don’t they? :D 

    * You can’t differentiate between a hash or a list or anything. They’re all the same. Even if you know you’ll never need a keyed index, you can’t turn it off.

    My comment(2): PHP is great at the feature. I am so tired of Hashtable, Array, ArrayList, and generic type in Java. Complex array style data structure is really productivity killer.

    * It’s Object Orientation is broken in places (late static binding).

    My comment: It is hard to say if it is broken or not. Yes, somewhat lack of support until PHP 5.3 * It doesn’t support lambas. create_function() is not a lambda.

    My comment: Closure has its position in programming but do you use it extensively? It is a only nice-to-have feature.

    * You never know if short_open_tags is on, or if safe_mode is on, or if (ugh) register_globals is on.

    My comment: No. Silly programmers can not have their voice in PHP community. Good PHP developers should know know to read php.ini and phpinfo().

    Built-in Functionalty

    * It comes with a standard library that has no naming convention. You never know in what order the words will come in or if they’re separated by underscores or not:
      o str_replace()
      o strlen()
      o parse_str()

    My comment: Yes. It is so true. There is no such a JCP (as in Java) in PHP community. PHP community welcomes all the contributions and sometime accept contributor’s personality to have their contributions. It is hard to claim that it is a mistake. Can PHP grow so fast without such a compromise? However, 10 years of development is enough to look back.

    * You never know what order the arguments are in:
      o in_array($needle, $haystack)
      o strpos($haystack, $needle)

    My comment: Invalid complaint. Why do you expect the same parameter order from different functions?

          o You constantly have to check your output thanks to type restrictions:
      o strpos(’abcd’, ‘a’) will return 0. Don’t test this with if (strpos(’abcd’, ‘a’)) { … } because 0 is secretly false!

    You’ve got to use if (strpos(’abcd’, ‘a’) !== false).

    My comment: See my comment 1. Good developers should understand the nature of implicit and explicit conversion.

    In brief, so no much relevant compaints :D

  3. Jon Canady Says:
    January 29th, 2008 at 10:45 am

    (Sorry about the comments — I changed some widths on the theme and it looks like the old posts/comments are retaining the old width.)

    @pcdinh:

    I disagree completely, but that’s obvious.

    Sure, PHP is dynamically typed. That’s fine. But there are some interesting issues that crop up in PHP but not in other languages.

    Regarding built-in arrays: there are times when you don’t want the overhead of an arraylist or hashtable, although I admit that this usually isn’t a problem in practice.

    Re: php.ini config values (shortopentags, register_globals, etc) You fail. If you’ve ever tried to write code that is to be deployed on multiple servers that you don’t control you’d know that having to code workarounds for language “features” being on or off sucks.

    Re: Standard library naming conventions: this sucks. Python, Ruby, and pretty much every other language have grown without this sort of mess. This is a serious failing of PHP. Same with Argument Order. I expect to have strpos() and in)array() to have arguments in the same order because it makes sense. As it stands I have to consult the manual every time I use one of these functions, which is bullshit. The only saving grace is that the PHP docs are actually good.

    Re: checking output — I know how to check the output of strpos(), but that’s because I’ve been bitten by the issue and checked the manual. Just because I’ve read about how to work around the problem doesn’t mean it isn’t a problem. Trivial solution or no, it sucks.

    In brief, extremely relevant complaints. Program in a language that isn’t PHP for a few months and come back. You’ll notice the issues immediately.

  4. pcdinh Says:
    January 29th, 2008 at 2:41 pm

    I work with PHP and Java extensively both in day job (finance industry) and personal projects and I know there is a lot of thing in PHP that people don’t like it. As web development team leader, I always tell my team members that both Java and PHP suck until they are really versed with them.

    • If PHP’s bad naming convention make them hard to remember all-in-global-level functions together with their parameters and parameter order, code completion will be the rescue. Eclipse PDT is really good at it. Believe me, it is no hassle.

    • If PHP’s dynamically typed nature make them confused, remember the principle of implicit and explicit conversion in PHP to know to use == and ===, (int), (bool) and other casting. I always avoid using ! as many forks do. One thing extremely important to remember is that sometimes, PHP functions returns null when developers failed to pass in a valid parameter instead of false/true and it is not documented. It is much more annoyed :D I have filled a bug report and tony (Margus) said he can not fix it because lots of PHP functions (not all) work like that :D The solution is to know your stuff and make it work right :D

    • I always do the coding with error reporting mode EALL is on, shorttags is off. Using <? or <?= is a bad practice that I avoid: http://www.onlamp.com/pub/a/php/2003/05/29/php_foundations.html?page=last&x-maxdepth=0

    Also, using iniset or .htaccess to turn off shortopentag, registerglobal, displayerrors is a good practice in production as well. Fortunately, PHP allows me to turn on/off some useful options (except safe mode) per user. It is very useful in shared host account. Don’t forget to set errorlog with your own value. At least to me.

    • Coding in an abstraction manner as I can. I write my own framework for RAD so I rarely use the native PHP functions. Yes, I love my APIs more than Rasmus and partners’ APIs :D

    It has been 5 years since I learned PHP and I continue to learn it. It does not suck (sometime annoyed) :D

  5. Jon Canady Says:
    January 29th, 2008 at 2:59 pm

    @pcdinh

    Glad PHP works for you. I don’t want to get into another “PHP sucks” debate. My posts speaks for itself.

    I work with PHP every day as well, and it’s the right tool for quite a lot of our jobs. (Check out Zend Framework, it’s a great MVC platform.) But that doesn’t mean it’s good. That just means I know how to use it. Sure, you can learn your way around these problems, but (for example) Python and Ruby don’t have problems at that level. You don’t see them. I never have to worry about short\open\tags. It’s not an option.

    Anyway, no worries. If you like PHP then enjoy! Right tool for the job, as always.

  6. Pain and Glory from the Trenches of the IT World Says:
    February 7th, 2008 at 9:58 pm

    PHP is a complete disgrace for serious Web application development….

    A few days back a colleague forwarded me a link to an article entitled Attacking PHP. It goes through a list of the problems associated with PHP. And based on my past experiences dealing with PHP in corporate environments, the analysis in that article…

  7. Mindblind - making web development suck less » Make PHP Suck Less With a Framework Says:
    February 8th, 2008 at 1:23 am

    [...] established already that PHP sucks. Now, there’s still lots of reasons you might find yourself developing a web app in PHP: you [...]

  8. Jhuni Says:
    February 18th, 2008 at 3:22 pm

    You never know what order the arguments are in:

    Download an IDE please. I like to use Eclipse — PDT, the IDE comes with the PHP Language Model. With such an IDE you can organize your code and your SQL so it shouldn’t look hideous.

  9. Jon Canady Says:
    February 18th, 2008 at 3:31 pm

    @Jhuni:

    I’ve used Eclipse. Now, you respond to the “you never know what order the arguments are in” part of my post, and Eclipse does have a type-ahead feature that reminds you of the order of arguments in the standard PHP library, but that doesn’t mean the language doesn’t suffer from that failure. In fact, I would say if your argument is “Use an IDE” then that’s a larger failure of PHP.

    Specifically, you mention organizing code and SQL, which is easily doable without an IDE.

    IDEs like Eclipse train you to code within the framework of Eclipse. I’d rather code with a standard editor (I use TextMate on a mac and Emacs or Vim everywhere else) and be able to work without those features.

  10. Code Monkey Says:
    April 18th, 2008 at 12:15 pm

    I don’t know that I disagree with your overall point, but your list of complaints seems like more of the same old nit-picking. Thoughts:

    1) PHP 5.3 takes care of name spaces and late static binding for the static inheritance problem (two of the most frequently sited complaints about the language). 5.3 is available now, and will be production ready shortly. If there are good reasons to use other language (which I’m sure there are), these aren’t it.

    2) PHP treats everything as an associative array even though it might be a list. So what? Do we really need two or more data types to accomplish essentially the same thing? Lack of unnecessary complexity is probably what attracts all the inexperienced developers to PHP. Benchmark python lists and PHP arrays. Even with psyco and no op-code caching, PHP is faster.

    3) Bad code examples don’t equate to a bad language. PHP makes the easy stuff easy, and therefore attracts inexperienced developers. This doesn’t mean that it’s incapable of scalable and maintainable code. From an architectural level, bad code can be written in any language.

    4) As for lambdas: every language doesn’t need to be functional, procedural, OO, and declarative. A programming language provides a tool for a job. If you’re looking for a swiss-army knife, Python is probably one of the better choices. this is not what PHP was designed for.

    5) Having things evaluate to boolean is a plus not a minus. The behavior of ruby in this regard (evaluating if(x) where x is zero) seems rather broken coming from — well, every language I’ve ever used. In what case did PHP not evaluate an expression exactly as would be logically expected? I haven’t run into the scenario yet.

    What about the fact that it’s lacking method overloading, multiple inheritance, class redefinition, and nested classes (all for better or worse)? Or the fact that PHP has an ideal architecture of page controller discreet requests versus a front-controller long running process architecture, and how this impacts REST, object persistence, and scalability? What about the fact that PHP actually implements method and property visibility, whereas this isn’t something that Python does cleanly, and is something that Ruby seems to have gotten totally confused about? What about the fact that PHP performance doing like-for-like tasks almost always significantly blows away similar scripted languages (though, what’s with the slow object creation?)

    Aren’t these things a little bit more significant?

Leave a Reply

Close
E-mail It