A Decade of PHP

digidave writes "It was slow to catch and a lot of people didn't get it. A lot of people still don't get it, but you can't argue with its success. June 8th, 2005 marks the tenth anniversary of PHP. Here's to ten more wonderful and exciting years."

Re:Congratulations are in order!

[quinto2000]

there are several classes, including the PEAR DB class, that provide a DB abstraction layer.

Re:First AC

[AKAImBatman]

What the hell is PHP?

Probably a troll, but just in case anyone else doesn't know: PHP is a scripting language designed for generating dynamically created web pages. It functions by mixing its scripting in with the HTML, thus allowing programmers to reuse existing page designs. The scripting APIs are centered around those commonly used on Unix systems. PHP is usually bundled with Apache, so no installation tends to be required.

PHP Homepage [php.net]

Re:Congratulations are in order!

[AKAImBatman]

Dude, you need to provide links. I had to *gasp* Google it! ;-)

For others, PEAR can be found here:

PEAR Class Repository [php.net]

The Database classes of PEAR appear to be documented here:

Database Package [php.net]

Looking over the DB classes, it looks like they provide a fairly decent abstraction. Thanks Quinto, that will definitely be nice for future PHP projects. :-)

PHP definitely does not follow the KISS principle

[Peter Cooper]

PHP has long followed the KISS principle

Are you smoking crack? PHP is more inconsistent than any other language I've encountered. I'm not disrespecting the team, as I'm sure they've worked hard, and it's great to celebrate ten years of an admittedly very useful language, but PHP is not an inherently easy language.. it's just one that lets you code sloppily and get away with it.

For a start, PHP functions seem to have no consistency at all. Sometimes you get verb/object, sometimes object/verb. Sometimes you get underscores, sometimes you don't. Consider.. is_object but isset. str_rot13 but strpos. php_uname but phpversion. There are hundreds of these. It's the reason I could never learn PHP, it's like learning Chinese, but I found Perl (and now Ruby) easy due to their relative consistency. Sometimes PHP uses "to", sometimes it uses "2".. huh what's that about?

Unlike Perl which has a few regular expression constructions and a handful of modifiers.. PHP has a whole glut of regular expression functions which have confusing names, some of which take certain modifiers, and some that don't. As someone who has mastered Perl's regular expressions I find it a major struggle when I have to tackle something in PHP (I admit, I've never 'learned' PHP, but I find it a very hard language to make quick fixes on for other people.. compared to, say, C, VB or Python, languages I don't know intimately but can easily hack).

PHP has thousands of core functions.. nuts! And why does PHP have such a bizarre lack of abstraction? PHP often has about 10 functions compared to other languages' single function.. with each of the 10 doing a slightly different thing. When it comes to being overly wordy and inconsistent, I doubt anything can beat PHP, but, well, I'd like to see someone bring up a language that is!

So if you were going to call any language "KISS", it'd be Ruby or Python.. but PHP? No way.

Re:PHP vs JSP

[xannik]

I think the main reason is that OO is just not important when writing simple scripts that are taking information say from an HTML form and inputting into a database or some other simple yet highly used task. Most people that are using PHP on a shared hosting provider will probably not need to use any OO features. Now, the PEAR project for PHP does provide good abstraction for the language and I think makes PHP a much more usable system for higher end projects. I guess what I am trying to say is that for the common joe PHP is simple and gets the job done and if there is an easy way to do something normally people will flock to that solution. And I also think that PHP as of version 5 has become a much more mature option for even high end companies.

Re:Congratulations are in order!

[AKAImBatman]

You can easily code your SQL to be database specific if you need it that way, but that shouldn't in any way stop developers from using a generic DB access API. A DB abstraction is nothing more than a mapping of functions, so there's rarely any performance hits. Which means that applications that don't need a specific database (e.g. PHPBB anyone?) could be portable out of the gate. And even if their SQL isn't portable, that's a far easier thing to fix than attempting to add a DB abstraction after the fact.

Re:What's not to get?

[ajs318]

REGISTER_GLOBALS is not insecure. The default order of fetching -- cookies overwrite sessions, POSTs overwrite cookies, query strings overwrite POSTs -- is potentially insecure. Somebody could use a URL something like http://myisp.co.uk/~myspace/foo.php?auth=1 [myisp.co.uk] and, if you just relied on the value of $auth without regard to where $auth was coming from, you might get hurt.

It did say in the manual that this would happen and how to get at the different data sources if you cared. {And you can do sneaky stuff of your own, like if ($_GET["auth"]) { include "crash_browser.inc.php"; exit(); }; if you really want}.

Often, you don't really care where your data is coming from anyway. I personally would have had POSTs overwrite query strings, cookies overwrite POSTs and sessions overwrite cookies. That would have dealt with it even more simply -- though it probably would have made debugging a 'mare.

Re:One of pillars of success: manual

[A beautiful mind]

Um, what are you talking about? 'perldoc' seems pretty good for me.

As i recall, when i first started to get familiar with perl, i was using perl in 21 days, then switched to perldoc and cpan.org documentation.

Also, please note the difference between a manual, a book and a guide. Manuals don't necessarily need to be easy to understandable, just coherent and clear. They are intended for those already familiar with the language, or at least some degree familiar with it. Given that php has so many functions, i'd say it's pretty needed.

Re:PHP definitely does not follow the KISS princip

[bobdinkel]

As someone who has mastered Perl's regular expressions I find it a major struggle when I have to tackle something in PHP (I admit, I've never 'learned' PHP, but I find it a very hard language to make quick fixes on for other people.. compared to, say, C, VB or Python, languages I don't know intimately but can easily hack).

Just a quick point--you can use Perl's regular expressions in PHP. And that's usually what I see people doing. As a matter of fact, it is recommended in the PHP documentation that Perl's regular expressions be used: Note: preg_match(), which uses a Perl-compatible regular expression syntax, is often a faster alternative to ereg().

Actually I can argue with it

[Soong]

PHP is a horrible language. Even perl is a better programming language. Java and Python blow it away in ability to create easy to maintain and efficient data structures. I'm amazed and fearful of the monstrosities that have been cobbled together with PHP (I'm talking about you Mediawiki [sourceforge.net] and Drupal [drupal.org]).

PHP is to web programming as x86 is to microprocessor architecture. It's nasty and inefficient and I can't figure out why so many people use it.

And like many other no-declaration scripting languages PHP is sorely lacking in warnings and errors. Forgot a dollarsign or typoed your variable name? Sorry, yer screwed!

To let you know where I'm coming from, Apache Tomcat [apache.org] is my favorite solution. But it seems that the project I most want to tinker with is Scoop [kuro5hin.org] and I'm finding mod_perl pretty workable and the way they architected that giant mass of perl is pretty reasonable.
</rant>

Re:PHP definitely does not follow the KISS princip

[bigman2003]

Well, your anecdote of 2 ColdFusion sites that crashed doesn't really prove much.

I've been working with ColdFusion for about 5 years now. My sites don't crash- and I get 10-20 million hits per month. Not huge, but a pretty good number. (No...this is not the site that is in my sig...)

I *might* get 2 or 3 'unhandled exceptions' in a day. And those are always caused by search engines that are hitting templates with bad queries. It is interesting to see the queries they send, "hmm...why did they decide to make the usernumber 99A4 this time instead of 994" the error is caused because *I* foolishly forgot to put a val() function around the number in a query. So I fix it, and move on.

If the person running the server has half of a brain, their sites won't crash. I've used ColdFusion from version 3, on up to 7. And they always put in great new features and capabilities that other web programmers need to work hours to duplicate- but for ColdFusion it is a built-in function.

Yes, people have been making fun of it for years- and it reached a peak when FuckedCompany was complaining about it a lot. But there are so many good things about it a lot of people turn a blind eye to. Hell, the Verity engine itself is worth the entire package price. I can set up a searchable index of PDF, Word, Text, files in about 30 minutes. This is stuff that people want, and really appreciate.

Why I Like PHP

[ajs318]

I like PHP because it's basically a bastardised dialect of Perl, and I like Perl.

I like Perl because it uses different operators for string concatenation and addition. That doesn't sound like much of a reason, but a lot of the programming I'm doing seems to call for either adding numbers or concatenating strings.

Now, in some languages, strings and numbers are completely different types. Then it's sort-of OK to recycle an operator to mean something completely different, because the computer knows what you mean. But there are several dynamically-typed languages which use + to concatenate strings. Then the magic guesser gets its knickers in a twist with not being able to work out whether something is really a number or just a string that looks like a number. This causes problems when you try to add numbers and find yourself concatenating strings. I wasted the best part of a day on a stupid bit of JavaScript for a DHTML application with increment/decrement buttons.

In Perl {and in PHP}, 3 + 4 gives 7. "3" + 4 gives 7. 3 + "4" gives 7. And "3" + "4" gives 7. If you actually want to concatenate the 4 onto the end of the 3, you have to use the concatenation operator . instead of the addition operator +. 3 . 4 gives "34". "3" . 4 gives "34". 3 . "4" gives 34. And "3" . "4" gives "34". That is simple.

Perl is a bit of a 'mare for n00bs because everything is a shorthand representation. There is the wonderful $_ which avoids cluttering up your script with temporary variables. You don't need brackets round function arguments {like the British BASIC dialects of the '80s}. Everything is optimised for the hardcore hacker, not the beginner. It only looks pretty when you realise that simplicity is beauty.

PHP has a more consistent interface than Perl. So you can't just drop in a regular expression, you have to call a function with the regular expression inside a string. It also does more stuff automagically for you, like keeping hashes ordered {Perl doesn't bother, expecting you to keep a separate array if you really care} and dereferencing everything {Perl expects you to manually create and dereference references when you make multidimensional arrays}. So it's probably a bit slower running, but it's quicker to get an app up and running.

Re:Database independence

[3770]

Here is a good comparison that I use:

http://developer.mimer.com/validator/comparison/up d_comparison_chart.tml [mimer.com]

Easy php installation

[PsiPsiStar]

If anyone needs an easy installation of PHP on a windows platform, try EasyPHP. The site is all in french, but it's free and good. It automatically installs and integrates PHP, MySQL and an Apache server.

Personally, I've set up a lot of moodle sites (www.moodle.org) which is the best free LMS I've found.

Check it out if anyone is into e-learning or web based training.

(Make sure you have a fast server if you want to put a lot of students on it. The quiz modules are very useful, but they use an ungodly amout of resources if you're teaching a class of +30 students.)

There's also ADOdb

[Mitchell Mebane]

ADOdb Site [sourceforge.net]

I've never used PEAR, so I can't compare the two, but ADOdb is quite nice from my experience.

Re:Looking forward

[kuzb]

meh, you guys always do it wrong. Here is the *right* way:

<?php

/* Use this to normalize incoming data. Don't rely on server settings! Always test! */
function fixSlash($in)
{
return get_magic_quotes_gpc() ? stripslashes($in) : $in;
}

/* if you're expecting an int, best to cast it. same idea for floats. another method is to use ctype_number() to test to see if something is all digits. DO NOT use is_numeric() or is_int() as is_numeric tests for many different numeric representations and is_int() only works on real integers, not the strings that come back from a GET or POST */
$fromUser = (int)$_GET['someNumber'];

/* if you're expecting text, normalize it */
$fromUser = fixSlash($_GET['someEvilValue']);

/* now, use the escaping functions SPECIFIC to the database server used. In this case, we'll use MySQL */
$fromUser = mysql_escape_string($fromUser);

/* lastly, make the query. Standard SQL doesn't quote numbers; if this is a number, and not a string, remove the quotes */
$query = sprintf("SELECT * FROM foo WHERE bar='%s'", $fromUser);

?>

Also notice how we use the superglobals for everything (superglobals are $_GET, $_POST, $_COOKIE, $_SERVER, etc..) these will always work, regardless of the register_globals setting.

If you code in this manner, it doesn't matter what magic_quotes_gpc is set to, at all, ever. This method is primarily procedural, but if you have an OOP structure in place, it's a good idea to build a filter object. This object can then be called from setters to perform these tasks for you which can make it all very transparent once set up.

If you always code in a portable manner, you'll have fewer surprises later on.

Re:Database independence

[stephenbooth]

Looks interesting. It doesn't appear to be 100% accurate though. There are a number of features (e.g. E051-08, E021-06 and E021-04) that it says that Oracle 9 does not have but I know it does, or at least it has something matching the description given (maybe I'm misunderstanding something).

Stephen

Re:Database independence

[3770]

I think that the chart is rather accurate. I know the people that made it and one of them is in the SQL Standards committee (Åke Persson).

It may be really picky and unforgiving, however, and even a minor deviation from the standard might disqualify a feature from being listed as supported for a certain database. I can't say that that isn't the case. All I'm saying is that they guys that made the list know what they are talking about.

Åke Persson is also a compiler expert and he wrote this tool:

http://developer.mimer.com/validator/index.htm [mimer.com]

You can use it to validate your SQL to SQL-92, -99 and 2003. Pretty nifty if I may say so.

Re:PHP definitely does not follow the KISS princip

[jez9999]

2. session-handling

CGI::Session [cpan.org].

Re:Congratulations are in order!

[melstav]

Well, maybe for the same reason that This guy [planetmirror.com] wrote a webserver using Postscript.