• mrbubblesort@kbin.social
    link
    fedilink
    arrow-up
    117
    arrow-down
    9
    ·
    1 year ago

    People who say PHP is shit haven’t really used it and are just repeating the memes. It’s a perfectly fine language and there are a number of excellent tools and frameworks for it. It’s reputation is a result of it’s easy entry and widespread use. A whole lot of people who knew just enough to be dangerous made a whole lot of stuff, and it ended up causing a whole lot of problems. But for some reason devs shit on the language instead of shitting on the devs who put them in a mess.

    • frezik@midwest.social
      link
      fedilink
      arrow-up
      45
      arrow-down
      8
      ·
      1 year ago

      Nah, it’s historically been a special kind of shit. It started life as a Perl templating engine, then grew out to its own language where it repeated all of Perl’s mistakes while adding more of its own. Its community was single-handedly responsible for keeping SQL injection attacks in the OWASP Top 10 list for years. Notice that it’s now bundled with “injection attacks” as a generic label for a wider range of similar issues–SQL injection alone would no longer warrant being there. Its conflation of arrays and hash maps meant it took years to wrestle with algorithmic complexity attacks. Perl kept the two separate, and was able to get a patch out for algorithmic complexity almost immediately (though it turned out to have a few bugs of its own, and a true fix came in a few years later; still faster than PHP solved it).

      The web from 1998 through 2010 or so was absolutely riddled with bad PHP programs. “But that’s not the language’s fault”, you say? Doesn’t matter. Community is an important and underappreciated feature of a language, and PHP had a special kind of shit community. It almost seemed designed to suck away the dross from all other communities.

      Consider the plugin system for phpBB:

      • Its architecture doesn’t have any kind of hook system for plugins; they’re added by patching the code in place
      • This naturally leads to different plugins interfering with each other
      • Having done that, you might choose one of the patch formats already out there, but phpBB decide to create their own
      • There are, at first, no tools available to automatically patch in plugins, so administrators (often not developers themselves) need to hand edit the source files and modify the database (the plugin format specifies both together)
      • Tools start to emerge over the years to handle it automatically, but they’re buggy and unusable for a long time

      Is it PHP’s fault that one major application was implemented so poorly? YES! Its community is a feature, and its community is what brought us to this.

      You want to claim that the language has done better since PHP7? Alright, that’s fine. I still don’t care. There are so many better options available, and I don’t have time to keep up with all of them. I’m happy relegating PHP to being a long-tail language where it trails off slowly over the years like COBOL.

      • araozu@lemm.ee
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        I’d say that PHP allows you to write very bad code (and makes that the default). It’s a language feature.

        For example Java has a lot of NullPointerException because it was designed with null and without mechanisms to detect & prevent these errors. Any method can return null and cause a NPE. It’s just easy to ignore them. Modern languages like Go, Rust or Zig force you to handle null errors, and make it easy to do so. NPEs are a lasguage feature in Java.

        In the same way PHP allows you to write any ugly code you want. There are no checks, no safety. People can write bad code, people can be lazy, people can be stupid. PHP allows it and empowers them.

    • Bigworsh@discuss.tchncs.de
      link
      fedilink
      arrow-up
      31
      arrow-down
      8
      ·
      1 year ago

      I used PHP for the past year. And honestly I still think it is not a good language. Just of the top of my head.

      1. By far the biggest culprit. Arrays. This monstrosity is basically everything. Yes, it is fast but it only teaches bad habits. It is a weird combination of Arrays/Lists/(Dictionary/Hashmap) and you can’t know which one it currently is because there are 0 compile time safety checks. Also when used as a parameter it is passing a full copy instead. But the copy of course is only shallow. I have seen so many problems with that. And even worse when someone thinks the way to fix it, is to just json encode/decode the whole thing in order to get a deep copy before passing it.

      2. Generics. I still don’t get why this is such a huge issue. Like I would rather have a half-baked optional compile time implementation then none at all. The worst part is that IDE tools support generics so you end up inplementing them on the comment level. I shouldn’t be forced to use generics through comments.

      3. $ for variables. I know that this is just based on how the language grew. But god do I hate having to type it. It is not an easy to reach letter and just breaks my typing flow the whole time. You get used to it but still.

      4 . The default functions. Yes. You will mostly use framework provided functions or your own stuff. But you still end up in contact with them and the naming schemes are still all over the place, so it is fast to just google it then hope you accidentally stumble upon it through the IDE. And some things are still straight up missing. Like the best way to deep copy an array is json_encode into json_decode. When I saw this the first time I was sure that must be wrong. But no. That is legit the way to do it.

      Also I am stuck with PHP7 so some of my other complains seemed to be fixed in later versions. Also please don’t recommend DS for my first issue. I tried to push for it but it got vetoed because “it is too complicated for new devs”.

      • moriquende@lemmy.world
        link
        fedilink
        arrow-up
        10
        arrow-down
        1
        ·
        1 year ago

        Not sure why you focus on arrays for deep copying. Deep copying objects is a problem in many languages and brings some challenges with itself that make it almost always necessary to delegate it to a library.

        • Bigworsh@discuss.tchncs.de
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Simply because it was an issue that I ran into at work. And the reason I focus on arrays is because of the previously mentioned default behaviour of arrays being cloned when passed as an argument for a function. The issue here was someone unexperienced wrote a bunch of code and used only arrays (deep ugly arrays) and it ended up being a huge mess of some references staying the same while others changed. So the only solution was to deep copy at one place. That way later operations on these arrays didn’t affect the original structure. Not pretty but refactoring would have been too much effort.

      • gornius@lemmy.world
        link
        fedilink
        arrow-up
        10
        arrow-down
        1
        ·
        1 year ago

        The language itself is not that bad. Especially the newest releases are really great, thought out DX improvements. What stinks are its legacy parts and how it needs to be run.

        My biggest pain is that for it to actually behave like it should it requires some sort of an actual web server like apache or nginx.

        Also, servers written in are actually request handlers - every time a request comes, the whole app is reinitialized, because it just can’t hold its state in memory. In many apps every request means reinitializing connection with database. If you want to keep some state, you have to use some caching mechanism like redis or memcached.

        Also had one time when Symfony app was crashing, because someone forgot to close class braces, and everything was “working” until some part of code didn’t like it and was just dying without any error.

        And one time when someone put two endlines after php closing tag at the end of the file, confusing the entire php interpreter into skipping some lines of code - also without warning, and only in specific php version.

        • frezik@midwest.social
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          1 year ago

          Back in the day, the way it integrated with Apache was an evolutionary advantage to PHP. It found a strategy that worked in its environment and it thrived. That environment no longer exists, but PHP holds on vestigially.

          We didn’t have AWS or other cheap, virtualized hosting way back when. It was all shared plans where you had a directory of your stuff, and it was there with a hundred other people on the same server and Apache instance. You could run whatever you wanted as a CGI, but that was even worse; it forks off a whole interpreter for the language, parses the code, and then used STDIN/STDOUT to communicate. Even if you implemented it in compiled C code (which had all the other problems you would expect), that fork is still expensive.

          Projects like mod_perl and mod_python built an interpreter directly into Apache, but there was a problem with how it worked: it was too sophisticated. They could hook into the entire Apache API. That meant that there was no way to separate your stuff from every other thing on the same shared hosting plan. Any one instance would be able to fool around in all other accounts. That’s untenable, so your choices for those languages were to either get a dedicated plan at well over $100/month, or stick with a $5/month shared plan and put up with it being unscalable.

          Enter mod_php. It builds the interpreter into Apache, but that’s all it does. Still have a parsing step, but it doesn’t have to fork. Doesn’t try do anything else. Its fast, and it can be hosted on cheap shared plans.

          If you’re a startup at this time, operating on frozen pizza and office chairs from a thrift store, then you could get a cheap plan, develop it under CGI, and hope that you can refactor it later when you can afford a dedicated plan. Oh, and keep in mind that CGI doesn’t lend itself to converting easily to the Apache API or whatever else you’re going to use in the future. Alternatively, you could build it in PHP and it will be fast now and acceptable later.

          It’s no great mystery why PHP was chosen at the time. There were limited options, and it was the cheap, get it done now option.

      • glimse@lemmy.world
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        $ for variables. I know that this is just based on how the language grew. But god do I hate having to type it. It is not an easy to reach letter and just breaks my typing flow the whole time. You get used to it but still.

        I’m assuming you’re not using an English keyboard…? Shift+4 is an extremely key combination for me lol

      • GombeenSysadmin@feddit.uk
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        The answer for the deep copy would seem to be a combination of a static recursive function to copy the array while cloning the objects inside, with setting the __clone() magic function in your objects to break the references, no? Granted it’s not a built in function, but not difficult to implement.

        • derpgon@programming.dev
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Arrays are passed by copy by default. Every scalar or array value is copied by value. Every other thing (objects basically) is copied by reference.

          Passing array by reference passes everything it used to copy by reference.

          Attempting to clone an array will result in an error.

          Reassignment of a variable containing an array will do the same as if passed to a function by value.

          Reassignment of a variable containing an array using the reference operator will do the same as if passed to a function by reference.

          So, in order to deep copy an array, just reassign and recursively traverse the array calling clone on each object. Of course, this would break (or not, depending on the intended use) when the same object is referenced multiple times under different keys.

        • Bigworsh@discuss.tchncs.de
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Sorry for being lazy so no sources for now. But based on my research back then. Using clone (on arrays) is actually slower then json_encode/json_decode.

          So there are some cool optimization tricks going on in the background. But that doesn’t make it any more intuitive for me.

    • TrickDacy@lemmy.world
      link
      fedilink
      arrow-up
      15
      arrow-down
      1
      ·
      1 year ago

      There are a lot of people who think that if a language or framework doesn’t completely disallow bad practices (and of course the authors have to agree with their very specific subjective ideas of what bad practices are) then it sucks. I’ve always found that weird. Like why are you mad at a tool for being “too flexible”? Why not be okay with learning what not to do?

      • frezik@midwest.social
        link
        fedilink
        arrow-up
        9
        arrow-down
        3
        ·
        edit-2
        1 year ago

        If you’re going to do that, then you also have to have a community that stresses best practices.

        In 1999, Perl was leading the world with a tutorial for DBI (its primary database driver interface then and now) that uses placeholders in its very first code example. The community made that the standard, and it was the first hit on “Perl SQL tutorial” on Google for a long time. Perl applications with SQL injection attacks are out there, but have been relatively uncommon.

        Notice that the API doesn’t force you to use placeholders. It’s simply strongly encouraged by the community.

        Also in 1999, PHP was leading the world in not having a database driver interface through a common API, but rather a thin wrapper over whatever C libraries were used for individual databases. If that database supported placeholders at all (MySQL didn’t, and guess which database was most popular with PHP?), then it often had a different syntax* for every one. (Note that Perl’s DBI uses a translation interface that can implement “?” as a placeholder for you if the underlying DB doesn’t do anything else or uses weird syntax). You could always use a filtering function, and PHP devs would routinely try to write their own rather than use the one that came with the database API that’s already vetted. Either way, there was no widespread community pressure to use safe practices, and PHP led the world in SQL injection vulnerabilities for well over a decade.

        *As a side note, I was recently accused by another dev of having a Python app riddled with SQL injection vulnerabilities. In fact, it was well protected, but it was using the psycopg interface to PostgreSQL, and it has a weird placeholder syntax that the other developer wasn’t familiar with. Thanks, psycopg!

        • xmunk
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          An interesting thing you may have missed is that the PHP community actually aggressively removed posts from stack overflow suggesting the old broken autoquoter approach. I’d say that PHP actually has an incredibly security minded community at this point.

          • frezik@midwest.social
            link
            fedilink
            arrow-up
            7
            arrow-down
            2
            ·
            1 year ago

            I don’t doubt the language has improved. I just don’t see a point when there’s a million other options. In the 90s/early 2000s, you had Perl, Python, Java, and PHP. Ruby was playing around the fringes. There had been some attempts at server side JavaScript, but they weren’t well developed or integrated with the frontend the way it is today.

            We’re now spoiled for choice, and I see no reason to give PHP any of my time over Elixir, Rust, Go, or TypeScript.

    • ahto@feddit.de
      link
      fedilink
      arrow-up
      13
      ·
      1 year ago

      It has also improved a lot in the last years. PHP5 and especially versions older than that weren’t very good and deserved a lot of the criticism. PHP7 and onward are much better languages and don’t deserve the hate.

      • BeigeAgenda@lemmy.ca
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        I worked a lot with PHP3 and 4, they work by the “Here is a flat C style API and here’s all the functions to use.” principle, and a lot of the work was finding the needed function, and how to use it.

        I know PHP5 did a lot of redesign especially with classes, but have never used it, hope PHP5+ feels more like Pythons toolbox.

        If I should write a web application today, I would start looking at Python based frameworks: Django (I have used it before)/Flask/Etc. as I am not sure I would like to work with JavaScript, or have to re-learn PHP.

        • pingveno@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          A fun story about the origin of some of PHP’s first function names. The hash function in the table for function names in the interpreter was strlen(), so names were chosen to have a wide distribution of lengths.

          (source)

        • pingveno@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          A fun story about the origin of some of PHP’s first function names. The hash function in the table for function names in the interpreter was strlen(), so names were chosen to have a wide distribution of lengths.

          (source)

    • araozu@lemm.ee
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      I used to think that php was a bad language until recently (used php5 when i was just learning to program, cooked some delicious spaghetti). But after 5 years I had to use PHP at work. The language has improved a lot, but I think a lot of the bad parts are still there.

      Like, why does stdclass exist? Why not just use associative arrays? Why are there warning, error, fatal errors, exceptions? Some functions throw exceptions, other raise errors, others return false, other fail silently and you have to call another function to check if there was an error (last_json_error). Why do find functions return false instead of -1? Like every other language? Why can’t I use strings with numeric values as maps keys? (I can’t have ["001" => value], it gets casted to ["1" => value].

      There are no generics, you have to use mixed everywhere. The stdlib is an inconsistent mess, some_snake_case, someCamelCase, verb_noun, noun_verb, functions are not namespaced, everything is global. A lot of duplicates: die vs exit, print vs echo, etc. You are forced to use PSR & autoload to be able to use namespaces in a tolerable way, not including_once everywhere. No UTF-8 support, only ascii. You have to manually use mb_ functions. Variable scoping is weird. Variable variables? Why?

      And all that is just comparing it to the average language. If compared to a modern language like Rust, Zig, Swift, php is light years behind.

      It’s not hot garbage, but I wouldn’t call it “good”. There’s laravel, but not much more. PHP still makes you shoot yourself in the foot by default, unless you spend a lot of time learning its edge cases. Just like javascript.

    • xmunk
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      1 year ago

      Honestly, php is actually pretty fucking sweet for functional programming and metaprogramming… other languages wish they had __invoke and __get.

      I also think it has the “right” balance of library functions built in, you can do pretty much anything common and trivial with built-ins but the function list is short enough that you can comprehend most of it.

      • araozu@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        __invoke is just for making a class Callable. Java has those with functional interfaces. __get is just dynamic property resolution synax sugar. Instead of something like obj.get("property") you do obj->property.

        Instead, I would like to see ADTs, generics, pattern matching, immutability, expressions everywhere and a better stdlib. Then one could call PHP functional.

        It’s like how people say Javascript is functional. Sure, it has lambdas, anonymous functions, closures, const. But those alone don’t make it functional.

        Functional programming is very different (and at times hard). If you have the time you can check out F#, OCaml, Elixir, Erlang, Rust or Haskell (in order of difficulty imo). Those are more “pure” functional, rather than imperative/OOP with a touch of functional.

        See how things work, what features they have and don’t have. How problems are solved in these languages. I think learning about one of them can give you a different perspective on what functional means. I discovered F# one day, got curious and discovered a whole different paradigm, a new perspective on programming. And learning about functional programming really made me a better programmer, even on procedural/OOP.

    • Blackmist@feddit.uk
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      I think the worst thing about PHP is all the ancient tutorials that litter the web like landmines. SQL injections everywhere.

      And there’s way too many low-budget wannabe web developers who know just enough to blow their own feet off. Or more likely whoever paid for its feet, because that web dev will be nowhere to be seen a week after handing it over.

    • Fushuan [he/him]@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It’s also funny how they mention languages and frameworks, but php is just php. No symphony or whatever people use now, php. And somehow people whlent from using frameworks in python to not using them? It makes little sense.

    • Pipoca@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I’ve never actually used PHP.

      Does it still have random Hebrew in error messages like ‘unexpected T_PAAMAYIM_NEKUDOTAYIM’?

    • z3bra@lemmy.sdf.org
      link
      fedilink
      arrow-up
      8
      arrow-down
      6
      ·
      1 year ago

      One could argue that people who say PHP is fine only suffer Stockholm syndrome !

    • jungle@lemmy.world
      link
      fedilink
      arrow-up
      9
      arrow-down
      22
      ·
      1 year ago

      I think PHP is shit because I used it about 14 years ago (+/- 1/2 years), where it was crystal clear that the language was written by a complete amateur. I’ve example off the top of my head: you couldn’t reference an element of an array returned by a function in the same line, you had to first assign the function’s output to a variable and only then were you able to reference an element of the array in the variable. Like, WTF!!!???

      It may have improved over time, I just don’t care enough to find out. It doesn’t deserve my attention.

      • xmunk
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Yea, I used Rust 14 years ago and it didn’t even have a compiler, what a fucking clown car of a language!

        (Also, they fixed that with a really smooth syntax… and 14 years ago, you actually could do it with list())

        • jungle@lemmy.world
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          I’ve designed languages from the ground up, and written interpreters and compilers, so maybe I’m a bit of a snob regarding that kind of thing.

          With all the levels of abstraction nowadays it’s impossible for anyone to understand the whole stack, so I don’t blame you for not caring how things are implemented under the hood.

          But that issue with PHP (one of many) made me want to find the person who wrote that abomination and slap them with a baseball bat.