[32203 views]

[]

[toggle ads]

On PHP

This is a (quite dated) criticism of the PHP language. A more uptodate and complete criticism by Eevee is found here: PHP - a fractal of bad design. PHP 4 is obviously frequently used by unexperienced programmers such as non-software engineers, web designers, hobbyists and students. The main reason for that is probably that PHP is easily and quickly learnt, doesn't need a complex IDE to develop with, and doesn't need to be compiled. Most web hosting providers offer PHP support in their cheapest package.
Zend took a survey among 10'000 PHP programmers. The main results are: This contrasts with: The fact that unexperienced programmers use PHP, has a significant influence on the quality, maintainability, flexibility and integrity of the code that is beeing written. This has even impacted the PHP language itself (I leave it up to the reader if this is a good or bad thing).

How PHP was influenced by its users

Let me show you a brief example of how the PHP users have influenced the design of PHP:
PHP is typically used together with a MySQL database - a free, easy to install, use and maintain RDBMS. The database is accessed through SQL statements. Typically data from a web form is stored into the database. An SQL statement that does this might look like this:

$sql = "INSERT INTO Subscription (name, email) VALUES ('$name', '$email')";

Code like this makes every Java Developer jump of course. We are used to prepared statements where we do not need to care about properly escaping strings. Prepared statements are not supported by PHP unfortunately. So what's wrong with the above code you ask? Well, what happens if the user enters a single quote (') in the name form field (Irish people have names like O'Brian)? Uhm.. err.. I have never thought about this you may anser now. And that is exactly the point! Any unwary programmer will write code like the line above and introduce severe security and stability problems in his code.

Now, the PHP inventors know that and they have included a feature in PHP to avoid problems like the above without the programmer having to care: magic quotes. In short every parameter passed from a form to PHP will be run through addslashes before the parameter is made available to the PHP programmer.
While this 'solves' the SQL injection problem it is very annoying in other places where you do not pass the parameter into a SQL query. But this is another story.
So this is a feature in PHP that is specifically tailored for the unwary programmer.

Have you ever asked yourself why PHP requires you to import global variables with the global keyword? It's to protect unexperienced programmers from accidentially overwriting global variables. All variables are function local by default. No major other language requires you to redeclare global variables inside a function...

Why designers should not code

Knowing the syntax of a language is not enough. It's like playing the guitar on stage when your only 'experience' is having read a book on how to play the guitar.

Software development is a craft. A craftsman needs talent, skill and experience to be a good craftsman. The unexperienced programmer usually does not know or care about: I have seen awful code by PHP programmers that does database access, business logic and presentation all in one single file with no function definitions at all! When their 'page' becomes large they get lost, usually calling an experienced developer for help. I am writing this guide to provide useful ways how to best structure your code. It is basically meant for the experienced developer. But also unexperienced PHP programmers should read this guide and try to get the concepts.

Why PHP 4 is a pain

First, consider NOT to use PHP in large projects for the following reasons:

What about PHP 5?

The upcoming release of PHP 5 will include some of the missing features mentioned above. To me it looks like the PHP team is trying to copy Java. I guess they will end up with a Java-syntax-like PHP that lacks: Will they include all that in PHP 6? Well, the PHP team should realize that what they are approaching already exists: Java. I can only cite Gandalf (of LOTR) here: You do not know your peril! Conclusion: There is NO reason to use PHP 5. Proceed to PHP best practices.

Conclusion

Most of the above facts lead to insufficient product quality. Some problems are caused by the design of PHP, others are caused by the lack of knowledge and experience of the typical PHP programmer. As en employer or project manager you should therefor consider carefully a) if to use PHP for your project and b) who will write the code. The cheaper solution most often means the lower quality.