Changes In Store For PHP V6 368
An anonymous reader sends in an IBM DeveloperWorks article detailing the changes coming in PHP V6 — from namespaces, to Web 2.0 built-ins, to a few features that are being removed.
Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?
Re:Lose the M in LAMP? (Score:3, Insightful)
I would think swapping mysql for XML would make things run slower on the whole, especially large databases, but I'm not an expert in that field. XML and mysql really serve different purposes, and I don't think replacing mysql with XML would be a good idea for the vast majority of use cases.
Oh, and what happened to the spiffy discussion2 stuff? Now comments open in new pages again and I can't reply inline. What's up with that?
Re:Is this really news? (Score:5, Insightful)
Re:Major version? (Score:3, Insightful)
Re:Lose the M in LAMP? (Score:3, Insightful)
XML is a format designed to transmit data between machines, not for data storage.
Imagine a 50 gigabyte database. I have one.
Now imagine the same database in XML.
The size would explode and you suddenly have to seek the entire db for a simple select.
Re:Is this really news? (Score:5, Insightful)
Magic Quotes was never a security function. (Score:3, Insightful)
Re:Backwards compatibility is very important (Score:5, Insightful)
That's the way life is, I'm afraid. Most people who are depending upon these sites and software have no control over the vendors and definitely don't have the ability of fixing the code themselves.
Changing the API so greatly and so often in a non-backwardly compatible fashion does cause genuine problems.. and hosting sites can't afford to support multiple versions. Well, not unless they charge their customers too higher price for hosting their pages.
Re:Is this really news? (Score:2, Insightful)
Real change (Score:3, Insightful)
Change . (string concat) to +
Change -> (pointer-to-member operator) to .
Done. Huge productivity increases.
Thank you.
Re:Too Little Too Late (Score:4, Insightful)
That is not the language's fault. Not everyone wants or needs a JBoss server or something equally silly for their website. PHP is still very good. Safe programming in PHP just needs to be preached more to the new users of PHP and some of the self taught people who perhaps learned off the net from someone else with little experience rather than a book since all books I've seen cover the basics on safety.
The only thing that annoys me is the fact it's function naming methods aren't consistent. It shows that it's had input from various places without any thought into standardizing things.
Re:Magic Quotes Removed (Score:3, Insightful)
Re:Too Little Too Late (Score:3, Insightful)
Re:Major version? (Score:5, Insightful)
The stuff addressed are some of the widest security holes. On top of that the old way of programming PHP and most guides out there encouraged the usage of these bad functions, getting them totally removed is a huge step forward.
Re:Too Little Too Late (Score:4, Insightful)
Beyond that, and the pervasive "make it easy to do the WRONG thing" un-philosophy, I still haven't heard about it getting lexical scope, closures, and anonymous functions. Of course, this only matters if you're a good programmer (as opposed to merely a Decently Adequate one).
Re:Major version? (Score:3, Insightful)
Re:Too Little Too Late (Score:5, Insightful)
Re:Too Little Too Late (Score:3, Insightful)
Re:Is this really news? (Score:3, Insightful)
Re:Is this really news? (Score:5, Insightful)
Comment removed (Score:2, Insightful)
Re:Backwards compatibility is very important (Score:3, Insightful)
Re:Is this really news? (Score:3, Insightful)
That's the problem with PHP. It requires all the hard work of writing C-like code, without any of the benefits that one might chose C for.
Re:Is this really news? (Score:2, Insightful)
PHP doesn't have any weird syntax like Perl regular expressions---you can do Perl regex, but it is neatly encapsultated into proper strings the way it should be.
Interesting example of PHP superiority. Perl regular expressions are delimited with / (or another character) because it's part of the language syntax. But if your regular expression is encapsulated in a string, there's no longer a need for it (which would simplify things since you don't need to escape it). Yet the pcre functions use a delimiter. Monkey see, monkey do. Without knowing why.
Re:Magic Quotes Removed (Score:3, Insightful)
I hope they have some sort of protection against that; specifically, if you have magic_quotes turned on in php.ini (or whatever the linux equivilant is) PHP should refuse to start, perhaps logging an error message which explicitly tells the webmaster magic_quotes is no longer supported, and that it must be turned off, and the possible consequences of using old scripts designed to work with magic_quotes on. This forces the webmaster to actually go into the config file and turn magic_quotes off, and if they didn't fix their scripts or tell their clients to do so it's their own fault. And of course if they have badly configured security, this could mean even bigger consequences, but this is possible even with magic_quotes, depending on the scripts and holes in them. A separate message for safe_mode (also scrapped for 6) would also put the consequences of not properly setting up user permissions and the permissions of the account running the web server in big bold letters.
If they do something like that, no-one can really say they weren't warned, since a webmaster would actually have to go in and turn it off, and would be told exactly what could happen if they don't take the proper steps.
A friend of mine is happy these two settings are being killed, as am I. It can be tough to code with the restrictions put in place by safe_mode and magic_quotes, which as I understand are just to cater to lazy irresponsible server admins and lazy irresponsible programmers, respectively. Although safe_mode does serve a legitimate purpose since currently all scripts, regardless of which user owns it, are run under the permissions of the webserver user. This strikes me as more fo a webserver problem than a PHP problem, though. Not sure how much the PHP team could do... except for maybe safe_mode.
To end my little rant, here's a helpful bit of code pulled from the pastebin source (GPL) to combat magic_quotes in _GET and _POST and _COOKIE:
if (get_magic_quotes_gpc())
{
function callback_stripslashes(&$val, $name)
{
if (get_magic_quotes_gpc())
$val=stripslashes($val);
}
if (count($_GET))
array_walk ($_GET, 'callback_stripslashes');
if (count($_POST))
array_walk ($_POST, 'callback_stripslashes');
if (count($_COOKIE))
array_walk ($_COOKIE, 'callback_stripslashes');
}
Almost.. (Score:3, Insightful)
But his post is inane.
Isn't it about as basic as it gets that code (outside of Java) should be developed on the same platform that it will ultimately be deployed upon?
If he had done that, all he'd have needed to do was get a copy of the binary as compiled for use on the production server, and their php.ini. Install, copy in the php.ini, and he's up and running in an environment identical to the Prod server.
Barring that, if he'd had gotten their php.ini anyone w/ any PHP experience would be able to see what non-std components were included, and the version everything is running at. Download it, compile it, install, and copy-in the php.ini.
If he's spending a "good fraction" to get a "test bed" then he really should stick to tech support or network administration or whatever he's done over the past few years full time for a living.
Re:Magic Quotes Removed (Score:5, Insightful)
It's stupid stuff like that and "Magic Quotes" that make PHP a sad joke.
Magic Quotes = mixing input layer filtering with output layer filtering = bad. You tend to get data corruption amongst other things.
Then there's addslashes and friends.
PHP: "Making The Wrong Ways Easy, and The Right Ways Hard".
Oh well, I guess php6 is where they are finally trying to do things right now.
All the pain is because php coders were doing things terribly wrong in the first place. Don't forget the PHP devs were encouraging them to do things wrong for years.
Re:Is this really news? (Score:5, Insightful)
OO? Only recently.
Clean? Not even close, not when you've used a real OO language.
But you know what? Perl has a little over two hundred functions in the main namespace. PHP has a little over three thousand, according to this page. [www.tnx.nl]
So, it may not have the kitchen sink in the syntax, but it has the kitchen sink, the bathtub, the plumbing, and the neighbor's shower in the core library.
Finally, I call BS on this:
Oh, and does PHP support structs? What about function pointers? I doubt it's "almost any code". It's easy when you understand both C and PHP, but again, I assert that's true for many languages, particularly popular web scripting languages.
Re:Almost.. (Score:3, Insightful)
You're still in school or new to the real world, arent' you?
Of course it should be that way...but, often out there, you run into just this situation. The mgmt. wants a change or something done, but, they don't wanna buy new hardware, etc....
It sucks, but, I've run into systems where the dev. and prod. are on different platforms...and this isnt' just because of cheapness, in the govt. contracts...sometimes one company wins the dev. part of the contract and a different company has the prod. I've seen this where the system is developed and tested in a win environment, but, is to be deployed to a unix environment, yet, they can't understand the inevitable problems that have to be ironed out, but, no time for this was scheduled. And this is on multi-million/billion dollar systems.
This isn't something that is all that rare.
Why PHP does NOT suck (Score:4, Insightful)
From the simple standpoint of "concept to implementation" - PHP ROCKS. It's very, very fast, requiring little in the way of "planning" and "structuring" while letting the features come out... FAST. It is, bar none, the best RAD environment I've yet worked with. Not that it's the best in every area, but that it clearly has the best balance between features and "gotchas". It has its weaknesses, such as lousy error reporting, but even that can be largely mitigated with a little intelligence in advance. But it really does have a number of key strengths that I leverage to the hilt:
1) Stability. It just doesn't die. Ever. I've never, ever, ever had a problem with PHP "not working". I don't troubleshoot it. It's there, it works, and I don't sweat it.
2) Scalability. It's "share nothing" approach makes clusting and random-host selection boil all the way down to a simple session manager. Having 1 or 10 application servers running side-by-side is almost trivial!
3) Code density = excellent! It's a fairly dense language, meaning that lots can get done in a few lines. Just for giggles, I've written a self-forking, multi-process daemon with a process manager and hundreds of managed children forks performing a deep-level network scan in like 50 lines!
4) Security. Yes, you heard me correctly. Although you can certainly use PHP "wrong", you can also use it "right". Once you do, you discover that PHP has a number of features that make things like SQL injection and shell parameter expansion a thing of the past. Really. Learn your tools!
5) Flexibility. You can run it as a module inside Apache. You can run it as a standalone executable. With tools like Ion Cube and PHP-GTK, you can create a cross-platform GUI application without revealing source.
6) Availability. Any $5/month web hosting company supports PHP, and there are many free ones, as well. You can download a CD, install Linux, and have PHP/Apache up and running in under 10 minutes. There are batrillzions of apps available A LA SourceForge for free. PHP is the most commonly available web development language. And, by no means is it a web-only development language!
Sorry you can't handle a few quirks in the function names. (so write out a file of wrapper functions - DUH!) Sorry that it's attempts to simplify variable management weren't perfect. Geez. Just code in c and be done with it, why don't you?
In short, PHP is everything that VB and
Re:Is this really news? (Score:3, Insightful)
Personally, I like things like integrated FTP, integrated subversion, integrated unit testing, and, most of all, an integrated server-side debugger w/ all expected function: breakpoint/play/step control, stack and heap manipulation, etc.
The debugger is the only thing I miss from a "real" IDE.
Subversion is garbage, of the "at least it's not CVS" variety. There are at least some ten or twenty distributed version control systems out there, at least one of which has got to work well for you.
FTP is garbage. Use anything else. Yes, anything else.
These are actually related. I don't really like most of the stuff you mentioned "integrated", as that usually means things like "I have a keyboard shortcut to run unit tests!" Great, but I'm comfortable on the commandline. Let me switch between my editor and terminal easily, and I'll run unit tests, run a development server, and anything else I feel like.
The other reason is that I can then switch to pretty much anything else without having to switch IDEs. I know just about everything is supported on Eclipse, but "just about" isn't everything. I don't have to choose between Git and Subversion -- I can use bzr, hg, darcs, or really whatever the fsck I want. I don't have to use FTP because it's got the prettiest interface -- I'm just as comfortable with scp -- or, when it makes sense, Capistrano -- I can even use things like KDE's fish GUI for ssh.
All of these are possible using a text editor, but you need 5 different applications
Yes, that's the Unix Way.
and none of it works together.
Wrong, wrong, WRONG!
All of it works very well together. On the occasions where it doesn't, I can hack together the glue require reasonably quickly, and be back to being as productive as I was before -- but these cases are also times when an IDE wouldn't be able to work with them at all, and I know a lot more about hacking together scripts (shell and similar) than I do about writing Eclipse plugins.
Not to mention: INTELLISENSE
Useless, unless it's linked to documentation. And then, still useless, compared to flipping over to my browser and asking Google, since I probably don't actually know what I want there.
Not that I would be against having it, but I'm not willing to fire up Eclipse (and burn all my RAM, and still have it be sloppy and inaccurate due to being a dynamic language) just for Intellisense.
And then there's workspace management, and keeping plugins in sync, and dealing with when plugins go bad -- can't start Eclipse until I figure out which plugin is making it crash, or, more likely, wipe it and reinstall from scratch -- and it'll autodetect the file as the wrong type, so now I have to go fuck with its filetype associations, and set keyboard shortcuts -- whoops, the shortcuts I want aren't there...
There's a whole new level of bullshit I'd have to deal with if I was using an IDE. I know, I was for awhile.
and DATA TYPE DISCOVERY! (on a loosely typed language that's a big help).
If I understand this, it might be a help if I had functions so massive I can actually lose track of a variable, or if you're talking about the whole built-in debugger feature.
Instead of having to basically memorize or manually lookup class names, method names, and method arguments, I just begin typing the class name, use some arrow keys, and be done w/ it.
Except that by the time I'm doing that, I probably want to know more about it. For example: Is this indexed from zero, or one? How do I create a has_many relationship with an order clause? Does that have to be a string, or can it also be some other cool data structure?
Let me know if you find an IDE that can handle Intellisense in Ruby and actually make me more productive.
Oh, also, a fair amount of what you're doing probably should fit in your head. If you're not doing PHP and needing to know things like mysql_real_
Re:Magic Quotes Removed (Score:3, Insightful)
"The Management would like to announce that we're switching to slot-loading CD-ROM drives next week. We will be reserving more burn ointments in the first aid room for the next week or so and the janitor has been instructed to stock extra tissues in the bathrooms, but people who have been using CD-ROM drives as coffee cup holders should seriously stop using them as coffee cup holders ASAP."
Magic quotes did the wrong fix that incidentally happened to work for some people. The problem was that people had been concatenating (unprocessed) parameters to SQL queries; the right solution would have been to process the quoting in the place where it's supposed to be processed (query parametrisation, right before the query actually goes to the DB, automagically using the method that works appropriately for the DBMS in question), but instead, the developers just said "well, we're letting you continue your dangerous way of coding, here's a band-aid fix".
I've viewed magic quotes as a feature for legacy code that seriously needs to be fixed: "people used to code completely freaking headlessly back in the day because we didn't have real security back then and this was the ONLY way to do things - this feature is a temporary security feature so that they have time to port their utterly reeking PHP3-era string concatenation crap to use DB-specific quote calls or, far better yet, PDO and prepared statements." Using prepared statements makes the code look more manageable and more in line with the stuff you see in other programming languages, which have used prepared statements for a long time now - porting old code over is more than entirely justifiable.
Re:Is this really news? (Score:4, Insightful)
What if you want to append a number to a string? Given that standard C doesn't support overloading, would you have to write a new *differently-named* method? It'd be a nuisance to have to keep track of all the different methods when (e.g.) PHP can simply do the whole lot using the '+' operator.
Visual Basic's syntax is different, and I had to learn this all over again when I used it for the first time, because I'm used to C-influenced languages. The mental context switch required and my tendency to keep inadvertantly using C-style syntax (leading to syntax errors) is a PITA.
I wouldn't mind if the VB syntax was nice to begin with, but it's not. It's inelegant and clunky; probably not bad considering it was derived from BASIC, but still inelegant and clunky. It probably got that way because it mutated from BASICs MS-DOS/PC programmers were familiar with, carrying them along with it. However, if (like me) you're not already used to that flavour of BASIC and haven't even used BASIC for years, it's not easy to use at all. It's not even that much like the old BASICs I used to use. Though this is getting away from the main point...
There may be valid reasons for using a different syntax, but those should reflect underlying differences in the structure/approach of the language (even Perl syntax is somewhat C-flavoured in various respects). However, using a fundamentally different syntax just for the sake of it is a Bad Idea. PHP is easier to use because it has a C-derived syntax.
Re:Stop calling it PHP (Score:3, Insightful)
Had PHP4 been perfectly designed, and perfectly well-suited to what people are now using PHP for, there wouldn't be any need to change it at all. But PHP isn't perfect. They've found ways to make it better. They could fork off a new project containing those changes - but PHP6 is more like PHP5 than not - and if they had to fork off every time they changed things around they'd have a lot of extraneous extra names for basically the same thing.
Also consider - how much time and effort might they have to put in to augmenting PHP6 to be fully backward-compatible, and to maintain that awkwardness - even in the face of new features that may flat-out contradict older policies in the language? How much work would have to be wasted just to make PHP6 a better PHP4 than PHP4 is?
If you wrote your code for PHP4, just keep running it on PHP4 until you're ready to port it.