Changes In Store For PHP V6

An anonymous reader sends in an IBM DeveloperWorks article detailing the changes coming in PHP V6 — from namespaces, to Web 2.0 built-ins, to a few features that are being removed.

Magic Quotes Removed

[iamhigh]

Citing portability, performance, and inconvenience, the PHP documentation discourages the use of magic_quotes. It's so discouraged that it's being removed from PHP V6 altogether, ... ... If you're using magic_quotes to escape strings for database calls, use your database implementation's parameterized queries, if they're supported. If not, use your database implementation's escape function, such as mysql_escape_string for MySQL or pg_escape_string for PostgreSQL.

This was discussed just a few days ago in the some what wrongly titled 500 Thousand MS Web Servers Hacked [slashdot.org]

Quick summary

[Anonymous Coward]

... for those too lazy to RTFA:
Additions:
Better Unicode support
Namespaces! (this is being backported to PHP 5.3)
SOAP and the XML Writer/Reader modules compiled in and enabled by default (also in PHP 5.3)
Removals:
magic_quotes, register_globals, register_long_arrays, safe_mode
ASP-style short tags ()
Freetype1/GD1 support
ereg (use of preg encouraged instead).

Why PHP sucks

[rootpassbird]

They've fixed a lot of things that were being complained about under the terms "why php sucks" http://www.google.com/search?q=why+php+sucks [google.com] .
Related news is that PHP runs much better now on Windows Server 2008, as per the official Zend statement. But I doubt we will see too many people switch to WISP. This is flambait, agreed.
Also if you now have a PHP-fed brain with no place for anything else, with the new namespaces-on-steroids (http://www.php.net/manual/en/language.namespaces.using.php) change, you'll likely port slashcode to ::\/\.
And otherwise refer to <things like="this" /> :-)

Re:Is this really news?

[NamShubCMX]

Unicode support is reported to become available for 5.3+ later as a module.

What I've heard the developers say, basically, is that there is no real roadmap for 6.0, since 5.3 has most of the planned features and unicode (the big new thing) will be available sometimes, although not built-in.

Re:Is this really news?

[dgatwood]

What makes PHP nice is that, language-wise, it is basically C plus a subset of C++ wrapped up in a scripting language. Almost any code written in C (or C++ without templates/exceptions/other icky stuff) can be trivially ported to PHP by replacing the type names with "var" and adding dollar signs in the right places. (I'm exaggerating slightly, but not much.)

PHP doesn't have any weird syntax like Perl regular expressions---you can do Perl regex, but it is neatly encapsultated into proper strings the way it should be. There's no having to manually re-indent dozens of lines of code because you needed to add another nesting level and whitespace is part of the language, etc. It's just a really clean, lightweight OO language that's exceptionally easy to learn and happens to integrate very well with HTML.

Don't get me wrong, PHP has plenty of weak points when it comes to performance (particularly when dealing with massive complex data structures), availability of modules to do various obscure things, etc., but as a language, it is pretty nice, IMHO---mainly because it isn't a kitchen sink like Perl.... :-)

Re:what's with the 'phpsucks' tag?

[diskofish]

PHP just makes it really easy to write sloppy code. I switched to doing primarily .NET few years back, and I prefer the more structured environment and compiled code. The only time I touch PHP now is to maintain existing code.

Re:Magic Quotes Removed

[jacksonj04]

And even more irritatingly, mysql_escape_string() has been deprecated as well. You should use mysql_real_escape_string().

Re:actually not

[CastrTroy]

Try doing a search on Dice.com, where they post jobs. ASP.Net Developer [dice.com] returns 3626, while PHP developer [dice.com] only returns 1514 jobs. That's less than half. So while PHP may be used by tons of hobbyist coders (I use it myself), ASP.Net is used much more in the business world.

Re:Is this really news?

[natrius]

There's no having to manually re-indent dozens of lines of code because you needed to add another nesting level and whitespace is part of the language, etc.

First of all, if you don't re-indent your after adding another nesting level, you are making your code hard to read, and if I have to work on it after you, I will hate you for it. This is one of the reasons that Python is so pleasant. It forces people to write decent code.

Secondly, if you're manually indenting each line of code, you should start using a modern text editor.

Re:Is this really news?

[Anonymous Coward]

That's because PCRE syntax is more baroque than most people can remember. /(?i)foo/ is more general but all the code I've ever seen uses /foo/i, so the trailing delim is needed, and the leading delim is there to match it because you could use something other than /.

Re:Magic Quotes Removed

[Quietust]

So does this mean that if you are using magic quotes and you upgrade to PHP6, suddenly you will become vulnerable to SQL injection attack?

It would probably be more accurate to say that you will become more vulnerable to SQL injection attacks, since magic_quotes was never 100% foolproof to begin with.

Re:Is this really news?

[SanityInAnarchy]

And yes, I'm manually indenting. I vi, therefore I am....

Vim can auto-indent. It shouldn't be too hard to find a command, or a script, to indent/unindent large chunks of text.

I use Kate. Click & drag to select a large chunk of text, then tab/shift+tab to indent/unindent it. Trivial.

Re:Is this really news?

[kylehase]

While I agree with your point let's not forget that it can be all things to all people. M0n0wall (and forks like PFsense and FreeNAS) uses PHP for shell scripting [m0n0.ch] like startup and configuration scripts which I thought was pretty cool.

Re:Is this really news?

[RazzleDazzle]

Something like *Tidy is all you need if you don't feel like using some fancy text editor or are too lazy to configure your editor.

http://perltidy.sourceforge.net/ [sourceforge.net]
http://rubyforge.org/projects/tidy [rubyforge.org]
http://tidy.sourceforge.net/ [sourceforge.net]
etc

safe mode hurray!

[remmelt]

Each time I read that they're ditching safe_mode, I do a little happy dance and shed a tear of delight.

All the other stuff is great as well, but safemode has made the quality of my life significantly worse in the past.

Re:Real change

[jyurkiw]

Ever wondered why they picked the '.' for a concatenation operator over the trusty '+'?

PHP is a loosely-typed language.

The '+' is also the arithmetic operator.

Is a line of code reading
$c = $a + $b
adding $a and $b? or is it concatenating them?

What if $a = 513 and $b = 4201?
Are we talking about a phone number? Or am I trying to come up with $c = 4714?

There was a very good reason for having '.' as the concatenation operator.

Re:Why PHP does NOT suck

[bigtrike]

I've used PHP for about 7 years now and I've had the entirely opposite experience.

1. Stability isn't that great. I've run into many glitches over the years and had my share of segmentation faults fixed. Ever run make test on a build? I've never once had PHP pass all of its own unit tests.

2. PHP is so inefficient with memory that anything but the most simple application can take tens to hundreds of megabytes. This isn't a huge deal though, because gigs of ram are pretty cheap these days.

3. PHP seems similar to most anything else, as a lot of the code space is taken up by comments. It seems to require more comments than most languages, as a lot of effort has to be taken to deal with quirks in automatic type conversion and the lack of a fixed point data type. (example: when the quoted string '1' is used as an array key, it's automatically converted numeric, but when the quoted string '1000000000' is used, its left as a string rather converted to a float).

4. This is only true as of PHP 5, because prior to the introduction of PDO there was no portable way to use parameters in queries. PDO creates its own set of headaches however, because it does not properly support many data types such as bool in all supported databases.

5. This flexibility has a lot of quirks. Certain functions behave differently on different platforms (strtothime handles dates prior to 1970 return different results on a redhat system than they do on a debian system due to different LIBC patch sets, although this may have been fixed in 5.2), some functions are only available.

6. My experience with cheap web hosts is limited so I can't comment here.

As far as the suggestion to simply use another language, it's unfortunately not an option.