Zend took a survey among 10'000 PHP programmers. The main results are:
- Most (45 %) PHP programmers have little experience (2-5 years)
- The vast majority (89 %) chose PHP because it is easy to program with (which is a misconception really)
- A majority of PHP developers has no experience with higher programming languages (so how do they know PHP is easy to program with?)
- Almost 30 % of PHP programmers work alone (no team background)
- Most PHP programmers work for Webdesign companies
- Most PHP applications are between 1'000 to 10'000 lines of code.
- 30 % of PHP applications integrate with more than 2 external applications
How PHP was influenced by its usersLet me show you a brief example of how the PHP users have influenced the design of PHP:
PHP is typically used together with a MySQL database - a free, easy to install, use and maintain RDBMS. The database is accessed through SQL statements. Typically data from a web form is stored into the database. An SQL statement that does this might look like this:
$sql = "INSERT INTO Subscription (name, email) VALUES ('$name', '$email')";
Code like this makes every Java Developer jump of course. We are used to prepared statements where we do not need to care about properly escaping strings. Prepared statements are not supported by PHP unfortunately. So what's wrong with the above code you ask? Well, what happens if the user enters a single quote (') in the name form field (Irish people have names like O'Brian)? Uhm.. err.. I have never thought about this you may anser now. And that is exactly the point! Any unwary programmer will write code like the line above and introduce severe security and stability problems in his code.
Now, the PHP inventors know that and they have included a feature in PHP to avoid problems like the above without the programmer having to care: magic quotes. In short every parameter passed from a form to PHP will be run through
addslashesbefore the parameter is made available to the PHP programmer.
While this 'solves' the SQL injection problem it is very annoying in other places where you do not pass the parameter into a SQL query. But this is another story.
So this is a feature in PHP that is specifically tailored for the unwary programmer.
Have you ever asked yourself why PHP requires you to import global variables with the
globalkeyword? It's to protect unexperienced programmers from accidentially overwriting global variables. All variables are function local by default. No major other language requires you to redeclare global variables inside a function...
Why designers should not codeKnowing the syntax of a language is not enough. It's like playing the guitar on stage when your only 'experience' is having read a book on how to play the guitar.
Software development is a craft. A craftsman needs talent, skill and experience to be a good craftsman. The unexperienced programmer usually does not know or care about:
- separating presentation from code
- separating business logic from persistence
- data types
- object oriented programming
- efficient algorithms
- design patterns
- character encodings
- regular expressions
- boolean algebra
- boundary conditions
- unit tests
- code duplication
- source code formatting
- source code management (CVS)
Why PHP 4 is a painFirst, consider NOT to use PHP in large projects for the following reasons:
- No stack traces
- No compile time checking across files
- No strong typing
- No exceptions / poor error handling
- No threads (no background processing)
- No support for character encodings (Unicode!)
- No support for localization
- No namespaces apart from classes
- Poor OO support: no interfaces, no real object references, no access modifiers, no statics
- No application wide variables / state
- Source code location dependency
- Too many configuration options
- Can not run different PHP 4 version modules inside the same Apache Httpd
- Can not run different PHP 4 versions as CGI on the same machine
What about PHP 5?The upcoming release of PHP 5 will include some of the missing features mentioned above. To me it looks like the PHP team is trying to copy Java. I guess they will end up with a Java-syntax-like PHP that lacks:
- Java's enormous class library - forget PEAR, nobody uses it
- type safety
- a well performing garbage collector
- a JIT