[45846 views]

[]

Skip navigation

• Blog
  • All
• Articles
  • Java Anti-Patterns
  • Date and time
  • Linux shell
  • Git
  • IPv6
  • CSS Navigation
  • AJAX Navigation
  • JTA JMS
  • Singleton Applied
• Linux
  • Kernel Config
  • UEFI Boot
  • Gentoo on Zenbook
  • Gentoo on MacBook
  • Gentoo on iMac
  • Acer TM630
  • Gentoo on TM630
  • SuSE on TM630
• Software Projects
  • JAAS-PAM
  • Utilities
    • LFN Tools
    • Timeout kill
    • Thumbnail
    • Stripatt
    • POV Tools
• Contact

On PHP

This is a (quite dated) criticism of the PHP language. A more uptodate and complete criticism by Eevee is found here: PHP - a fractal of bad design. PHP 4 is obviously frequently used by unexperienced programmers such as non-software engineers, web designers, hobbyists and students. The main reason for that is probably that PHP is easily and quickly learnt, doesn't need a complex IDE to develop with, and doesn't need to be compiled. Most web hosting providers offer PHP support in their cheapest package.
Zend took a survey among 10'000 PHP programmers. The main results are:

• Most (45 %) PHP programmers have little experience (2-5 years)
• The vast majority (89 %) chose PHP because it is easy to program with (which is a misconception really)
• A majority of PHP developers has no experience with higher programming languages (so how do they know PHP is easy to program with?)
• Almost 30 % of PHP programmers work alone (no team background)
• Most PHP programmers work for Webdesign companies

This contrasts with:

• Most PHP applications are between 1'000 to 10'000 lines of code.
• 30 % of PHP applications integrate with more than 2 external applications

The fact that unexperienced programmers use PHP, has a significant influence on the quality, maintainability, flexibility and integrity of the code that is beeing written. This has even impacted the PHP language itself (I leave it up to the reader if this is a good or bad thing).

How PHP was influenced by its users

Let me show you a brief example of how the PHP users have influenced the design of PHP:
PHP is typically used together with a MySQL database - a free, easy to install, use and maintain RDBMS. The database is accessed through SQL statements. Typically data from a web form is stored into the database. An SQL statement that does this might look like this:

$sql = "INSERT INTO Subscription (name, email) VALUES ('$name', '$email')";

Code like this makes every Java Developer jump of course. We are used to prepared statements where we do not need to care about properly escaping strings. Prepared statements are not supported by PHP unfortunately. So what's wrong with the above code you ask? Well, what happens if the user enters a single quote (') in the name form field (Irish people have names like O'Brian)? Uhm.. err.. I have never thought about this you may anser now. And that is exactly the point! Any unwary programmer will write code like the line above and introduce severe security and stability problems in his code.

Now, the PHP inventors know that and they have included a feature in PHP to avoid problems like the above without the programmer having to care: magic quotes. In short every parameter passed from a form to PHP will be run through addslashes before the parameter is made available to the PHP programmer.
While this 'solves' the SQL injection problem it is very annoying in other places where you do not pass the parameter into a SQL query. But this is another story.
So this is a feature in PHP that is specifically tailored for the unwary programmer.

Have you ever asked yourself why PHP requires you to import global variables with the global keyword? It's to protect unexperienced programmers from accidentially overwriting global variables. All variables are function local by default. No major other language requires you to redeclare global variables inside a function...

Why designers should not code

Knowing the syntax of a language is not enough. It's like playing the guitar on stage when your only 'experience' is having read a book on how to play the guitar.

Software development is a craft. A craftsman needs talent, skill and experience to be a good craftsman. The unexperienced programmer usually does not know or care about:

• separating presentation from code
• separating business logic from persistence
• data types
• object oriented programming
• efficient algorithms
• design patterns
• character encodings
• escaping
• regular expressions
• boolean algebra
• boundary conditions
• security
• unit tests
• portability
• reusability
• modularity
• code duplication
• source code formatting
• source code management (CVS)

I have seen awful code by PHP programmers that does database access, business logic and presentation all in one single file with no function definitions at all! When their 'page' becomes large they get lost, usually calling an experienced developer for help. I am writing this guide to provide useful ways how to best structure your code. It is basically meant for the experienced developer. But also unexperienced PHP programmers should read this guide and try to get the concepts.

Why PHP 4 is a pain

First, consider NOT to use PHP in large projects for the following reasons:

• No stack traces
• No compile time checking across files
• No strong typing
• No exceptions / poor error handling
• No threads (no background processing)
• No support for character encodings (Unicode!)
• No support for localization
• No namespaces apart from classes
• Poor OO support: no interfaces, no real object references, no access modifiers, no statics
• No application wide variables / state
• Source code location dependency
• Too many configuration options
• Can not run different PHP 4 version modules inside the same Apache Httpd
• Can not run different PHP 4 versions as CGI on the same machine

What about PHP 5?

The upcoming release of PHP 5 will include some of the missing features mentioned above. To me it looks like the PHP team is trying to copy Java. I guess they will end up with a Java-syntax-like PHP that lacks:

• Java's enormous class library - forget PEAR, nobody uses it
• type safety
• a well performing garbage collector
• a JIT

Will they include all that in PHP 6? Well, the PHP team should realize that what they are approaching already exists: Java. I can only cite Gandalf (of LOTR) here: You do not know your peril! Conclusion: There is NO reason to use PHP 5. Proceed to PHP best practices.

Conclusion

Most of the above facts lead to insufficient product quality. Some problems are caused by the design of PHP, others are caused by the lack of knowledge and experience of the typical PHP programmer. As en employer or project manager you should therefor consider carefully a) if to use PHP for your project and b) who will write the code. The cheaper solution most often means the lower quality.