People who say PHP is shit haven’t really used it and are just repeating the memes. It’s a perfectly fine language and there are a number of excellent tools and frameworks for it. It’s reputation is a result of it’s easy entry and widespread use. A whole lot of people who knew just enough to be dangerous made a whole lot of stuff, and it ended up causing a whole lot of problems. But for some reason devs shit on the language instead of shitting on the devs who put them in a mess.
Nah, it’s historically been a special kind of shit. It started life as a Perl templating engine, then grew out to its own language where it repeated all of Perl’s mistakes while adding more of its own. Its community was single-handedly responsible for keeping SQL injection attacks in the OWASP Top 10 list for years. Notice that it’s now bundled with “injection attacks” as a generic label for a wider range of similar issues–SQL injection alone would no longer warrant being there. Its conflation of arrays and hash maps meant it took years to wrestle with algorithmic complexity attacks. Perl kept the two separate, and was able to get a patch out for algorithmic complexity almost immediately (though it turned out to have a few bugs of its own, and a true fix came in a few years later; still faster than PHP solved it).
The web from 1998 through 2010 or so was absolutely riddled with bad PHP programs. “But that’s not the language’s fault”, you say? Doesn’t matter. Community is an important and underappreciated feature of a language, and PHP had a special kind of shit community. It almost seemed designed to suck away the dross from all other communities.
Consider the plugin system for phpBB:
Its architecture doesn’t have any kind of hook system for plugins; they’re added by patching the code in place
This naturally leads to different plugins interfering with each other
Having done that, you might choose one of the patch formats already out there, but phpBB decide to create their own
There are, at first, no tools available to automatically patch in plugins, so administrators (often not developers themselves) need to hand edit the source files and modify the database (the plugin format specifies both together)
Tools start to emerge over the years to handle it automatically, but they’re buggy and unusable for a long time
Is it PHP’s fault that one major application was implemented so poorly? YES! Its community is a feature, and its community is what brought us to this.
You want to claim that the language has done better since PHP7? Alright, that’s fine. I still don’t care. There are so many better options available, and I don’t have time to keep up with all of them. I’m happy relegating PHP to being a long-tail language where it trails off slowly over the years like COBOL.
I’d say that PHP allows you to write very bad code (and makes that the default). It’s a language feature.
For example Java has a lot of NullPointerException because it was designed with null and without mechanisms to detect & prevent these errors. Any method can return null and cause a NPE. It’s just easy to ignore them. Modern languages like Go, Rust or Zig force you to handle null errors, and make it easy to do so. NPEs are a lasguage feature in Java.
In the same way PHP allows you to write any ugly code you want. There are no checks, no safety. People can write bad code, people can be lazy, people can be stupid. PHP allows it and empowers them.
Exactly. I used PHP for years, I haven’t “not used it.” It was the first programming language I seriously learned. Writing good code was tedious if not impossible and that became even more obvious as I expanded to C#, Java, Python and C++; none of which tolerated any of the bad and unconventional practices I’d inevitably picked up. Keep in mind, I was actively trying to avoid bad practices and pay close attention to types but still got kicked to the curb hard when I tried other languages. I haven’t had that since.
I appreciate it’s changed since, I’m happy to see it’s not the same dumpster fire it once was, I also don’t care. I don’t actively trash it, I just think there’s usually a better option.
I used PHP for the past year. And honestly I still think it is not a good language. Just of the top of my head.
By far the biggest culprit. Arrays. This monstrosity is basically everything. Yes, it is fast but it only teaches bad habits. It is a weird combination of Arrays/Lists/(Dictionary/Hashmap) and you can’t know which one it currently is because there are 0 compile time safety checks. Also when used as a parameter it is passing a full copy instead. But the copy of course is only shallow. I have seen so many problems with that. And even worse when someone thinks the way to fix it, is to just json encode/decode the whole thing in order to get a deep copy before passing it.
Generics. I still don’t get why this is such a huge issue. Like I would rather have a half-baked optional compile time implementation then none at all. The worst part is that IDE tools support generics so you end up inplementing them on the comment level. I shouldn’t be forced to use generics through comments.
$ for variables. I know that this is just based on how the language grew. But god do I hate having to type it. It is not an easy to reach letter and just breaks my typing flow the whole time. You get used to it but still.
4 . The default functions. Yes. You will mostly use framework provided functions or your own stuff. But you still end up in contact with them and the naming schemes are still all over the place, so it is fast to just google it then hope you accidentally stumble upon it through the IDE. And some things are still straight up missing. Like the best way to deep copy an array is json_encode into json_decode. When I saw this the first time I was sure that must be wrong. But no. That is legit the way to do it.
Also I am stuck with PHP7 so some of my other complains seemed to be fixed in later versions. Also please don’t recommend DS for my first issue. I tried to push for it but it got vetoed because “it is too complicated for new devs”.
The language itself is not that bad. Especially the newest releases are really great, thought out DX improvements. What stinks are its legacy parts and how it needs to be run.
My biggest pain is that for it to actually behave like it should it requires some sort of an actual web server like apache or nginx.
Also, servers written in are actually request handlers - every time a request comes, the whole app is reinitialized, because it just can’t hold its state in memory. In many apps every request means reinitializing connection with database. If you want to keep some state, you have to use some caching mechanism like redis or memcached.
Also had one time when Symfony app was crashing, because someone forgot to close class braces, and everything was “working” until some part of code didn’t like it and was just dying without any error.
And one time when someone put two endlines after php closing tag at the end of the file, confusing the entire php interpreter into skipping some lines of code - also without warning, and only in specific php version.
Back in the day, the way it integrated with Apache was an evolutionary advantage to PHP. It found a strategy that worked in its environment and it thrived. That environment no longer exists, but PHP holds on vestigially.
We didn’t have AWS or other cheap, virtualized hosting way back when. It was all shared plans where you had a directory of your stuff, and it was there with a hundred other people on the same server and Apache instance. You could run whatever you wanted as a CGI, but that was even worse; it forks off a whole interpreter for the language, parses the code, and then used STDIN/STDOUT to communicate. Even if you implemented it in compiled C code (which had all the other problems you would expect), that fork is still expensive.
Projects like mod_perl and mod_python built an interpreter directly into Apache, but there was a problem with how it worked: it was too sophisticated. They could hook into the entire Apache API. That meant that there was no way to separate your stuff from every other thing on the same shared hosting plan. Any one instance would be able to fool around in all other accounts. That’s untenable, so your choices for those languages were to either get a dedicated plan at well over $100/month, or stick with a $5/month shared plan and put up with it being unscalable.
Enter mod_php. It builds the interpreter into Apache, but that’s all it does. Still have a parsing step, but it doesn’t have to fork. Doesn’t try do anything else. Its fast, and it can be hosted on cheap shared plans.
If you’re a startup at this time, operating on frozen pizza and office chairs from a thrift store, then you could get a cheap plan, develop it under CGI, and hope that you can refactor it later when you can afford a dedicated plan. Oh, and keep in mind that CGI doesn’t lend itself to converting easily to the Apache API or whatever else you’re going to use in the future. Alternatively, you could build it in PHP and it will be fast now and acceptable later.
It’s no great mystery why PHP was chosen at the time. There were limited options, and it was the cheap, get it done now option.
Not sure why you focus on arrays for deep copying. Deep copying objects is a problem in many languages and brings some challenges with itself that make it almost always necessary to delegate it to a library.
Simply because it was an issue that I ran into at work. And the reason I focus on arrays is because of the previously mentioned default behaviour of arrays being cloned when passed as an argument for a function. The issue here was someone unexperienced wrote a bunch of code and used only arrays (deep ugly arrays) and it ended up being a huge mess of some references staying the same while others changed. So the only solution was to deep copy at one place. That way later operations on these arrays didn’t affect the original structure. Not pretty but refactoring would have been too much effort.
$ for variables. I know that this is just based on how the language grew. But god do I hate having to type it. It is not an easy to reach letter and just breaks my typing flow the whole time. You get used to it but still.
I’m assuming you’re not using an English keyboard…? Shift+4 is an extremely key combination for me lol
The answer for the deep copy would seem to be a combination of a static recursive function to copy the array while cloning the objects inside, with setting the __clone() magic function in your objects to break the references, no? Granted it’s not a built in function, but not difficult to implement.
Arrays are passed by copy by default. Every scalar or array value is copied by value. Every other thing (objects basically) is copied by reference.
Passing array by reference passes everything it used to copy by reference.
Attempting to clone an array will result in an error.
Reassignment of a variable containing an array will do the same as if passed to a function by value.
Reassignment of a variable containing an array using the reference operator will do the same as if passed to a function by reference.
So, in order to deep copy an array, just reassign and recursively traverse the array calling clone on each object. Of course, this would break (or not, depending on the intended use) when the same object is referenced multiple times under different keys.
Sorry for being lazy so no sources for now. But based on my research back then. Using clone (on arrays) is actually slower then json_encode/json_decode.
So there are some cool optimization tricks going on in the background. But that doesn’t make it any more intuitive for me.
There are a lot of people who think that if a language or framework doesn’t completely disallow bad practices (and of course the authors have to agree with their very specific subjective ideas of what bad practices are) then it sucks. I’ve always found that weird. Like why are you mad at a tool for being “too flexible”? Why not be okay with learning what not to do?
If you’re going to do that, then you also have to have a community that stresses best practices.
In 1999, Perl was leading the world with a tutorial for DBI (its primary database driver interface then and now) that uses placeholders in its very first code example. The community made that the standard, and it was the first hit on “Perl SQL tutorial” on Google for a long time. Perl applications with SQL injection attacks are out there, but have been relatively uncommon.
Notice that the API doesn’t force you to use placeholders. It’s simply strongly encouraged by the community.
Also in 1999, PHP was leading the world in not having a database driver interface through a common API, but rather a thin wrapper over whatever C libraries were used for individual databases. If that database supported placeholders at all (MySQL didn’t, and guess which database was most popular with PHP?), then it often had a different syntax* for every one. (Note that Perl’s DBI uses a translation interface that can implement “?” as a placeholder for you if the underlying DB doesn’t do anything else or uses weird syntax). You could always use a filtering function, and PHP devs would routinely try to write their own rather than use the one that came with the database API that’s already vetted. Either way, there was no widespread community pressure to use safe practices, and PHP led the world in SQL injection vulnerabilities for well over a decade.
*As a side note, I was recently accused by another dev of having a Python app riddled with SQL injection vulnerabilities. In fact, it was well protected, but it was using the psycopg interface to PostgreSQL, and it has a weird placeholder syntax that the other developer wasn’t familiar with. Thanks, psycopg!
An interesting thing you may have missed is that the PHP community actually aggressively removed posts from stack overflow suggesting the old broken autoquoter approach. I’d say that PHP actually has an incredibly security minded community at this point.
I don’t doubt the language has improved. I just don’t see a point when there’s a million other options. In the 90s/early 2000s, you had Perl, Python, Java, and PHP. Ruby was playing around the fringes. There had been some attempts at server side JavaScript, but they weren’t well developed or integrated with the frontend the way it is today.
We’re now spoiled for choice, and I see no reason to give PHP any of my time over Elixir, Rust, Go, or TypeScript.
It has also improved a lot in the last years. PHP5 and especially versions older than that weren’t very good and deserved a lot of the criticism. PHP7 and onward are much better languages and don’t deserve the hate.
I worked a lot with PHP3 and 4, they work by the “Here is a flat C style API and here’s all the functions to use.” principle, and a lot of the work was finding the needed function, and how to use it.
I know PHP5 did a lot of redesign especially with classes, but have never used it, hope PHP5+ feels more like Pythons toolbox.
If I should write a web application today, I would start looking at Python based frameworks: Django (I have used it before)/Flask/Etc. as I am not sure I would like to work with JavaScript, or have to re-learn PHP.
A fun story about the origin of some of PHP’s first function names. The hash function in the table for function names in the interpreter was strlen(), so names were chosen to have a wide distribution of lengths.
A fun story about the origin of some of PHP’s first function names. The hash function in the table for function names in the interpreter was strlen(), so names were chosen to have a wide distribution of lengths.
I used to think that php was a bad language until recently (used php5 when i was just learning to program, cooked some delicious spaghetti). But after 5 years I had to use PHP at work. The language has improved a lot, but I think a lot of the bad parts are still there.
Like, why does stdclass exist? Why not just use associative arrays? Why are there warning, error, fatal errors, exceptions? Some functions throw exceptions, other raise errors, others return false, other fail silently and you have to call another function to check if there was an error (last_json_error). Why do find functions return false instead of -1? Like every other language? Why can’t I use strings with numeric values as maps keys? (I can’t have ["001" => value], it gets casted to ["1" => value].
There are no generics, you have to use mixed everywhere. The stdlib is an inconsistent mess, some_snake_case, someCamelCase, verb_noun, noun_verb, functions are not namespaced, everything is global. A lot of duplicates: die vs exit, print vs echo, etc. You are forced to use PSR & autoload to be able to use namespaces in a tolerable way, not including_once everywhere. No UTF-8 support, only ascii. You have to manually use mb_ functions. Variable scoping is weird. Variable variables? Why?
And all that is just comparing it to the average language. If compared to a modern language like Rust, Zig, Swift, php is light years behind.
It’s not hot garbage, but I wouldn’t call it “good”. There’s laravel, but not much more. PHP still makes you shoot yourself in the foot by default, unless you spend a lot of time learning its edge cases. Just like javascript.
I think the worst thing about PHP is all the ancient tutorials that litter the web like landmines. SQL injections everywhere.
And there’s way too many low-budget wannabe web developers who know just enough to blow their own feet off. Or more likely whoever paid for its feet, because that web dev will be nowhere to be seen a week after handing it over.
Honestly, php is actually pretty fucking sweet for functional programming and metaprogramming… other languages wish they had __invoke and __get.
I also think it has the “right” balance of library functions built in, you can do pretty much anything common and trivial with built-ins but the function list is short enough that you can comprehend most of it.
__invoke is just for making a class Callable. Java has those with functional interfaces. __get is just dynamic property resolution synax sugar. Instead of something like obj.get("property") you do obj->property.
Instead, I would like to see ADTs, generics, pattern matching, immutability, expressions everywhere and a better stdlib. Then one could call PHP functional.
It’s like how people say Javascript is functional. Sure, it has lambdas, anonymous functions, closures, const. But those alone don’t make it functional.
Functional programming is very different (and at times hard). If you have the time you can check out F#, OCaml, Elixir, Erlang, Rust or Haskell (in order of difficulty imo). Those are more “pure” functional, rather than imperative/OOP with a touch of functional.
See how things work, what features they have and don’t have. How problems are solved in these languages. I think learning about one of them can give you a different perspective on what functional means. I discovered F# one day, got curious and discovered a whole different paradigm, a new perspective on programming. And learning about functional programming really made me a better programmer, even on procedural/OOP.
My issue with PHP isn’t the language, it’s the developers. PHP developer culture is much like C# and Java culture.
I could bring a million reasons I don’t want to program in PHP and every time we talk about it, the PHP developer tells me I should be using it for everything. If I suggest that it may not be the best tool for a particular task at hand, the PHP developer tells me it’s the only language they know so they will use PHP.
The issue is that this type of culture closes doors mentally. In any craft, we should try to use the best tool available for the task at hand. In carpentry you’d use a hammer with nails and a screwdriver with screws. In programming, there are times using PHP makes sense and times it doesn’t.
In container based services, I tend to lean toward a compiled binary because it reduces the size of the container at run time and most modern languages don’t require tons of heavy duty frameworks to scale well there.
In a monolith, a fully interpreted language with an MVC framework could make sense.
I’ll never understand devs that go “I don’t know that language”. PHP is one of the only languages used in production I don’t know. I have read examples and it looks like you bastardized a Java/c# clone with bash or a string templating language, which isn’t very appealing. But like, if I had to learn it, I’d do so in a month, functionally writing it in a week tops. Learning languages is part of the job, and they all add something to your understanding of paradigms.
I think we need to keep in mind that a programming language isn’t learned in a day whereas the use of most tools can be learnt within minutes, albeit not perfected of course.
The hurdle to learn a new language is higher and also there is only so many langauges you can be fluent in at the same time, until you start mixing stuff up and causing more problems for yourself than being proficient in just a few languages.
It’s fine to not know every language. I’m not saying you must know every language. I’m saying that only knowing one and refusing to use another is a problem I’ve seen from PHP, Java, and C# cultures almost exclusively.
The only exception I’d say that makes sense is people who are using coding for a small part of their overall job. But full time software engineers should have at least a few options in their belt for backend that they understand and can use in different scenarios.
It’s also funny how they mention languages and frameworks, but php is just php. No symphony or whatever people use now, php. And somehow people whlent from using frameworks in python to not using them? It makes little sense.
I think PHP is shit because I used it about 14 years ago (+/- 1/2 years), where it was crystal clear that the language was written by a complete amateur. I’ve example off the top of my head: you couldn’t reference an element of an array returned by a function in the same line, you had to first assign the function’s output to a variable and only then were you able to reference an element of the array in the variable. Like, WTF!!!???
It may have improved over time, I just don’t care enough to find out. It doesn’t deserve my attention.
I’ve designed languages from the ground up, and written interpreters and compilers, so maybe I’m a bit of a snob regarding that kind of thing.
With all the levels of abstraction nowadays it’s impossible for anyone to understand the whole stack, so I don’t blame you for not caring how things are implemented under the hood.
But that issue with PHP (one of many) made me want to find the person who wrote that abomination and slap them with a baseball bat.
People who say PHP is shit haven’t really used it and are just repeating the memes. It’s a perfectly fine language and there are a number of excellent tools and frameworks for it. It’s reputation is a result of it’s easy entry and widespread use. A whole lot of people who knew just enough to be dangerous made a whole lot of stuff, and it ended up causing a whole lot of problems. But for some reason devs shit on the language instead of shitting on the devs who put them in a mess.
The only language people don’t shit on are the ones nobody uses.
I want to shit on Apache Pig Latin, but nobody uses it…
Nah, it’s historically been a special kind of shit. It started life as a Perl templating engine, then grew out to its own language where it repeated all of Perl’s mistakes while adding more of its own. Its community was single-handedly responsible for keeping SQL injection attacks in the OWASP Top 10 list for years. Notice that it’s now bundled with “injection attacks” as a generic label for a wider range of similar issues–SQL injection alone would no longer warrant being there. Its conflation of arrays and hash maps meant it took years to wrestle with algorithmic complexity attacks. Perl kept the two separate, and was able to get a patch out for algorithmic complexity almost immediately (though it turned out to have a few bugs of its own, and a true fix came in a few years later; still faster than PHP solved it).
The web from 1998 through 2010 or so was absolutely riddled with bad PHP programs. “But that’s not the language’s fault”, you say? Doesn’t matter. Community is an important and underappreciated feature of a language, and PHP had a special kind of shit community. It almost seemed designed to suck away the dross from all other communities.
Consider the plugin system for phpBB:
Is it PHP’s fault that one major application was implemented so poorly? YES! Its community is a feature, and its community is what brought us to this.
You want to claim that the language has done better since PHP7? Alright, that’s fine. I still don’t care. There are so many better options available, and I don’t have time to keep up with all of them. I’m happy relegating PHP to being a long-tail language where it trails off slowly over the years like COBOL.
I’d say that PHP allows you to write very bad code (and makes that the default). It’s a language feature.
For example Java has a lot of NullPointerException because it was designed with null and without mechanisms to detect & prevent these errors. Any method can return null and cause a NPE. It’s just easy to ignore them. Modern languages like Go, Rust or Zig force you to handle null errors, and make it easy to do so. NPEs are a lasguage feature in Java.
In the same way PHP allows you to write any ugly code you want. There are no checks, no safety. People can write bad code, people can be lazy, people can be stupid. PHP allows it and empowers them.
Exactly. I used PHP for years, I haven’t “not used it.” It was the first programming language I seriously learned. Writing good code was tedious if not impossible and that became even more obvious as I expanded to C#, Java, Python and C++; none of which tolerated any of the bad and unconventional practices I’d inevitably picked up. Keep in mind, I was actively trying to avoid bad practices and pay close attention to types but still got kicked to the curb hard when I tried other languages. I haven’t had that since.
I appreciate it’s changed since, I’m happy to see it’s not the same dumpster fire it once was, I also don’t care. I don’t actively trash it, I just think there’s usually a better option.
I used PHP for the past year. And honestly I still think it is not a good language. Just of the top of my head.
By far the biggest culprit. Arrays. This monstrosity is basically everything. Yes, it is fast but it only teaches bad habits. It is a weird combination of Arrays/Lists/(Dictionary/Hashmap) and you can’t know which one it currently is because there are 0 compile time safety checks. Also when used as a parameter it is passing a full copy instead. But the copy of course is only shallow. I have seen so many problems with that. And even worse when someone thinks the way to fix it, is to just json encode/decode the whole thing in order to get a deep copy before passing it.
Generics. I still don’t get why this is such a huge issue. Like I would rather have a half-baked optional compile time implementation then none at all. The worst part is that IDE tools support generics so you end up inplementing them on the comment level. I shouldn’t be forced to use generics through comments.
$ for variables. I know that this is just based on how the language grew. But god do I hate having to type it. It is not an easy to reach letter and just breaks my typing flow the whole time. You get used to it but still.
4 . The default functions. Yes. You will mostly use framework provided functions or your own stuff. But you still end up in contact with them and the naming schemes are still all over the place, so it is fast to just google it then hope you accidentally stumble upon it through the IDE. And some things are still straight up missing. Like the best way to deep copy an array is json_encode into json_decode. When I saw this the first time I was sure that must be wrong. But no. That is legit the way to do it.
Also I am stuck with PHP7 so some of my other complains seemed to be fixed in later versions. Also please don’t recommend DS for my first issue. I tried to push for it but it got vetoed because “it is too complicated for new devs”.
The language itself is not that bad. Especially the newest releases are really great, thought out DX improvements. What stinks are its legacy parts and how it needs to be run.
My biggest pain is that for it to actually behave like it should it requires some sort of an actual web server like apache or nginx.
Also, servers written in are actually request handlers - every time a request comes, the whole app is reinitialized, because it just can’t hold its state in memory. In many apps every request means reinitializing connection with database. If you want to keep some state, you have to use some caching mechanism like redis or memcached.
Also had one time when Symfony app was crashing, because someone forgot to close class braces, and everything was “working” until some part of code didn’t like it and was just dying without any error.
And one time when someone put two endlines after php closing tag at the end of the file, confusing the entire php interpreter into skipping some lines of code - also without warning, and only in specific php version.
Back in the day, the way it integrated with Apache was an evolutionary advantage to PHP. It found a strategy that worked in its environment and it thrived. That environment no longer exists, but PHP holds on vestigially.
We didn’t have AWS or other cheap, virtualized hosting way back when. It was all shared plans where you had a directory of your stuff, and it was there with a hundred other people on the same server and Apache instance. You could run whatever you wanted as a CGI, but that was even worse; it forks off a whole interpreter for the language, parses the code, and then used STDIN/STDOUT to communicate. Even if you implemented it in compiled C code (which had all the other problems you would expect), that fork is still expensive.
Projects like mod_perl and mod_python built an interpreter directly into Apache, but there was a problem with how it worked: it was too sophisticated. They could hook into the entire Apache API. That meant that there was no way to separate your stuff from every other thing on the same shared hosting plan. Any one instance would be able to fool around in all other accounts. That’s untenable, so your choices for those languages were to either get a dedicated plan at well over $100/month, or stick with a $5/month shared plan and put up with it being unscalable.
Enter mod_php. It builds the interpreter into Apache, but that’s all it does. Still have a parsing step, but it doesn’t have to fork. Doesn’t try do anything else. Its fast, and it can be hosted on cheap shared plans.
If you’re a startup at this time, operating on frozen pizza and office chairs from a thrift store, then you could get a cheap plan, develop it under CGI, and hope that you can refactor it later when you can afford a dedicated plan. Oh, and keep in mind that CGI doesn’t lend itself to converting easily to the Apache API or whatever else you’re going to use in the future. Alternatively, you could build it in PHP and it will be fast now and acceptable later.
It’s no great mystery why PHP was chosen at the time. There were limited options, and it was the cheap, get it done now option.
Not sure why you focus on arrays for deep copying. Deep copying objects is a problem in many languages and brings some challenges with itself that make it almost always necessary to delegate it to a library.
Simply because it was an issue that I ran into at work. And the reason I focus on arrays is because of the previously mentioned default behaviour of arrays being cloned when passed as an argument for a function. The issue here was someone unexperienced wrote a bunch of code and used only arrays (deep ugly arrays) and it ended up being a huge mess of some references staying the same while others changed. So the only solution was to deep copy at one place. That way later operations on these arrays didn’t affect the original structure. Not pretty but refactoring would have been too much effort.
I’m assuming you’re not using an English keyboard…? Shift+4 is an extremely key combination for me lol
Right alt + 4 for me lol
Aha, your complaint makes a lot more sense now lol
Holy hell as someone who still avidly writes PHP, this gives me goosebumps.
What is “DS”?
deleted by creator
Can’t open the one response you got. So maybe someone already answered. But this here
https://www.php.net/manual/en/book.ds.php
The answer for the deep copy would seem to be a combination of a static recursive function to copy the array while cloning the objects inside, with setting the __clone() magic function in your objects to break the references, no? Granted it’s not a built in function, but not difficult to implement.
Arrays are passed by copy by default. Every scalar or array value is copied by value. Every other thing (objects basically) is copied by reference.
Passing array by reference passes everything it used to copy by reference.
Attempting to clone an array will result in an error.
Reassignment of a variable containing an array will do the same as if passed to a function by value.
Reassignment of a variable containing an array using the reference operator will do the same as if passed to a function by reference.
So, in order to deep copy an array, just reassign and recursively traverse the array calling
clone
on each object. Of course, this would break (or not, depending on the intended use) when the same object is referenced multiple times under different keys.Sorry for being lazy so no sources for now. But based on my research back then. Using clone (on arrays) is actually slower then json_encode/json_decode.
So there are some cool optimization tricks going on in the background. But that doesn’t make it any more intuitive for me.
There are a lot of people who think that if a language or framework doesn’t completely disallow bad practices (and of course the authors have to agree with their very specific subjective ideas of what bad practices are) then it sucks. I’ve always found that weird. Like why are you mad at a tool for being “too flexible”? Why not be okay with learning what not to do?
[This comment has been deleted by an automated system]
On the flip side, there is VBA which practically enforces bad practices.
Yes
If you’re going to do that, then you also have to have a community that stresses best practices.
In 1999, Perl was leading the world with a tutorial for DBI (its primary database driver interface then and now) that uses placeholders in its very first code example. The community made that the standard, and it was the first hit on “Perl SQL tutorial” on Google for a long time. Perl applications with SQL injection attacks are out there, but have been relatively uncommon.
Notice that the API doesn’t force you to use placeholders. It’s simply strongly encouraged by the community.
Also in 1999, PHP was leading the world in not having a database driver interface through a common API, but rather a thin wrapper over whatever C libraries were used for individual databases. If that database supported placeholders at all (MySQL didn’t, and guess which database was most popular with PHP?), then it often had a different syntax* for every one. (Note that Perl’s DBI uses a translation interface that can implement “?” as a placeholder for you if the underlying DB doesn’t do anything else or uses weird syntax). You could always use a filtering function, and PHP devs would routinely try to write their own rather than use the one that came with the database API that’s already vetted. Either way, there was no widespread community pressure to use safe practices, and PHP led the world in SQL injection vulnerabilities for well over a decade.
*As a side note, I was recently accused by another dev of having a Python app riddled with SQL injection vulnerabilities. In fact, it was well protected, but it was using the psycopg interface to PostgreSQL, and it has a weird placeholder syntax that the other developer wasn’t familiar with. Thanks, psycopg!
An interesting thing you may have missed is that the PHP community actually aggressively removed posts from stack overflow suggesting the old broken autoquoter approach. I’d say that PHP actually has an incredibly security minded community at this point.
I don’t doubt the language has improved. I just don’t see a point when there’s a million other options. In the 90s/early 2000s, you had Perl, Python, Java, and PHP. Ruby was playing around the fringes. There had been some attempts at server side JavaScript, but they weren’t well developed or integrated with the frontend the way it is today.
We’re now spoiled for choice, and I see no reason to give PHP any of my time over Elixir, Rust, Go, or TypeScript.
It has also improved a lot in the last years. PHP5 and especially versions older than that weren’t very good and deserved a lot of the criticism. PHP7 and onward are much better languages and don’t deserve the hate.
I worked a lot with PHP3 and 4, they work by the “Here is a flat C style API and here’s all the functions to use.” principle, and a lot of the work was finding the needed function, and how to use it.
I know PHP5 did a lot of redesign especially with classes, but have never used it, hope PHP5+ feels more like Pythons toolbox.
If I should write a web application today, I would start looking at Python based frameworks: Django (I have used it before)/Flask/Etc. as I am not sure I would like to work with JavaScript, or have to re-learn PHP.
A fun story about the origin of some of PHP’s first function names. The hash function in the table for function names in the interpreter was strlen(), so names were chosen to have a wide distribution of lengths.
(source)
A fun story about the origin of some of PHP’s first function names. The hash function in the table for function names in the interpreter was strlen(), so names were chosen to have a wide distribution of lengths.
(source)
I used to think that php was a bad language until recently (used php5 when i was just learning to program, cooked some delicious spaghetti). But after 5 years I had to use PHP at work. The language has improved a lot, but I think a lot of the bad parts are still there.
Like, why does stdclass exist? Why not just use associative arrays? Why are there warning, error, fatal errors, exceptions? Some functions throw exceptions, other raise errors, others return false, other fail silently and you have to call another function to check if there was an error (
last_json_error
). Why do find functions returnfalse
instead of-1
? Like every other language? Why can’t I use strings with numeric values as maps keys? (I can’t have["001" => value]
, it gets casted to["1" => value]
.There are no generics, you have to use
mixed
everywhere. The stdlib is an inconsistent mess, some_snake_case, someCamelCase, verb_noun, noun_verb, functions are not namespaced, everything is global. A lot of duplicates: die vs exit, print vs echo, etc. You are forced to use PSR & autoload to be able to use namespaces in a tolerable way, not including_once everywhere. No UTF-8 support, only ascii. You have to manually use mb_ functions. Variable scoping is weird. Variable variables? Why?And all that is just comparing it to the average language. If compared to a modern language like Rust, Zig, Swift, php is light years behind.
It’s not hot garbage, but I wouldn’t call it “good”. There’s laravel, but not much more. PHP still makes you shoot yourself in the foot by default, unless you spend a lot of time learning its edge cases. Just like javascript.
I think the worst thing about PHP is all the ancient tutorials that litter the web like landmines. SQL injections everywhere.
And there’s way too many low-budget wannabe web developers who know just enough to blow their own feet off. Or more likely whoever paid for its feet, because that web dev will be nowhere to be seen a week after handing it over.
Honestly, php is actually pretty fucking sweet for functional programming and metaprogramming… other languages wish they had
__invoke
and__get
.I also think it has the “right” balance of library functions built in, you can do pretty much anything common and trivial with built-ins but the function list is short enough that you can comprehend most of it.
__invoke
is just for making a class Callable. Java has those with functional interfaces.__get
is just dynamic property resolution synax sugar. Instead of something likeobj.get("property")
you doobj->property
.Instead, I would like to see ADTs, generics, pattern matching, immutability, expressions everywhere and a better stdlib. Then one could call PHP functional.
It’s like how people say Javascript is functional. Sure, it has lambdas, anonymous functions, closures,
const
. But those alone don’t make it functional.Functional programming is very different (and at times hard). If you have the time you can check out F#, OCaml, Elixir, Erlang, Rust or Haskell (in order of difficulty imo). Those are more “pure” functional, rather than imperative/OOP with a touch of functional.
See how things work, what features they have and don’t have. How problems are solved in these languages. I think learning about one of them can give you a different perspective on what functional means. I discovered F# one day, got curious and discovered a whole different paradigm, a new perspective on programming. And learning about functional programming really made me a better programmer, even on procedural/OOP.
My issue with PHP isn’t the language, it’s the developers. PHP developer culture is much like C# and Java culture.
I could bring a million reasons I don’t want to program in PHP and every time we talk about it, the PHP developer tells me I should be using it for everything. If I suggest that it may not be the best tool for a particular task at hand, the PHP developer tells me it’s the only language they know so they will use PHP.
The issue is that this type of culture closes doors mentally. In any craft, we should try to use the best tool available for the task at hand. In carpentry you’d use a hammer with nails and a screwdriver with screws. In programming, there are times using PHP makes sense and times it doesn’t.
In container based services, I tend to lean toward a compiled binary because it reduces the size of the container at run time and most modern languages don’t require tons of heavy duty frameworks to scale well there.
In a monolith, a fully interpreted language with an MVC framework could make sense.
I’ll never understand devs that go “I don’t know that language”. PHP is one of the only languages used in production I don’t know. I have read examples and it looks like you bastardized a Java/c# clone with bash or a string templating language, which isn’t very appealing. But like, if I had to learn it, I’d do so in a month, functionally writing it in a week tops. Learning languages is part of the job, and they all add something to your understanding of paradigms.
I think we need to keep in mind that a programming language isn’t learned in a day whereas the use of most tools can be learnt within minutes, albeit not perfected of course.
The hurdle to learn a new language is higher and also there is only so many langauges you can be fluent in at the same time, until you start mixing stuff up and causing more problems for yourself than being proficient in just a few languages.
It’s fine to not know every language. I’m not saying you must know every language. I’m saying that only knowing one and refusing to use another is a problem I’ve seen from PHP, Java, and C# cultures almost exclusively.
The only exception I’d say that makes sense is people who are using coding for a small part of their overall job. But full time software engineers should have at least a few options in their belt for backend that they understand and can use in different scenarios.
One could argue that people who say PHP is fine only suffer Stockholm syndrome !
I’ve never actually used PHP.
Does it still have random Hebrew in error messages like ‘unexpected T_PAAMAYIM_NEKUDOTAYIM’?
It’s also funny how they mention languages and frameworks, but php is just php. No symphony or whatever people use now, php. And somehow people whlent from using frameworks in python to not using them? It makes little sense.
deleted by creator
I think PHP is shit because I used it about 14 years ago (+/- 1/2 years), where it was crystal clear that the language was written by a complete amateur. I’ve example off the top of my head: you couldn’t reference an element of an array returned by a function in the same line, you had to first assign the function’s output to a variable and only then were you able to reference an element of the array in the variable. Like, WTF!!!???
It may have improved over time, I just don’t care enough to find out. It doesn’t deserve my attention.
Yea, I used Rust 14 years ago and it didn’t even have a compiler, what a fucking clown car of a language!
(Also, they fixed that with a really smooth syntax… and 14 years ago, you actually could do it with
list()
)I’ve designed languages from the ground up, and written interpreters and compilers, so maybe I’m a bit of a snob regarding that kind of thing.
With all the levels of abstraction nowadays it’s impossible for anyone to understand the whole stack, so I don’t blame you for not caring how things are implemented under the hood.
But that issue with PHP (one of many) made me want to find the person who wrote that abomination and slap them with a baseball bat.