Really don't understand the pure hatred that people have for PHP, I'm at network engineer and I don't have any desire to become a programmer because I love my job, however I've wrote some very useful applications that myself and my team use on a daily basis to make networking easier for us.
For me it was simple to learn PHP and create something 'useful', basically every web server is capable of running it which makes my life a lot easier as well.
Surely the fact that someone can hack together code within a few minuets that doesn't profess to be a coder is a good thing, regardless of the language that there using?
There is no better programming language than the one you know.
I'm no mechanic and I have no desire to be one but I've changed my own brake pads, surely anyone can adjust their car's brakes and many other tasks with a few simple tools and a book.
I don't understand why mechanics say some cars are better than others.
Playing around with motorbikes is actually one of my hobbies, and I have some very nice and quite expensive Snapon tools which work wonders in the garage.
However I'm certainly not going to suggest that changing your breakpads was done incorrectly because my tools cost more than what I'm assuming yours did, or that I could complete the same job a bit quicker and therefore better.
Sure, if you're going to change break pads all day long for the next year I can suggest some very nice tools which might help you.
But instead I'd like to say well done on changing the break pads, I'd wish more people would use the tools that they have at there disposal, show some initiative, and do the same.
In addition to being obnoxious I don't even think your analogy is correct. Programming languages are the tools, and it makes sense a non mechanic wouldn't understand why some tools are better than others.
I used PHP 15 years ago for making my first web developments.
The problem with PHP is that it's like everyone's bitch. You can do whatever you want with the language. It really allows you to abuse it, and has some of the naugthiest features a language can have.
On those years, if you wanted to fire a simple script, to make a SQL Query on MySQL, extract some information and output a XLS file, you could choose between PHP, Perl, Java, C, C++, VB... So PHP was the only real option. Today we have Python, GoLang, (Ruby... bla bla bla), all of them have rich libraries and have great features too, but doesnt allow you to make a GoTo Statement (avoid Global Variables, and so on...), and well, are brilliant languages (Im talking to you Python)
Sidenote, I still remember fighting a day long with a bug in my code just to discover it was actually a PHP Interpreter bug, and I still remember how much the Language changed around the year 2002 when they simply stopped to be compatible (they tried very hard to transform the language from a shitty one to a decent one), today is not a naughty language as the one I used, but still I see it both as an offensive language, and with gratitude because when I was 16 and had my HostWay webpage I had two choices for my webpage: PHP or Perl, and damn PHP really introduced me to the world of programming.
This rant (not by me) explains why[1]. PHP is full of gotchas, things that make security hard, and areas that are likely to break and be really hard to debug.
There's definitely scope out there for a better effort to be made addressing the situation you raise, but PHP really shouldn't be the popular language that is is in that space.
Sure it may be a fractal of bad design, but it's unfair to say it has no productivity value. You can write plenty good PHP code that actually accomplishes things. (And this is coming from someone that hates PHP)
> but it's unfair to say it has no productivity value
Nobody is saying it has no productivity value. Even the "joke" isn't saying that - the Y axis isn't labelled - it's just suggesting a) productivity doesn't increase, and b) you feel much more productive than you really are.
PHP is full of problems that lead directly to security vulnerabilities if you aren't constantly aware of them and very careful when writing your code. So when someone who doesn't know those problems (most people) "hacks together" something that "just works", it is almost always providing a backdoor into that server. Once you do learn a little, you find that every scripting language is just as easy to work with as PHP (if not easier) and much safer. So why use PHP over perl or python or ruby or even javascript? They just aren't compiling into apache for no reason.
Generally speaking, tutorials in those languages recommend using the paramatized versions of the queries rather than string concatenation and manual escaping. The official docs from these more well-designed languages would have copious warnings against attempting to escape user input yourself, rather than having numerous functions baked into the language to help you do just that (e.g. `mysql_escape_string`, `mysql_real_escape_string`).
Reading a 10 year old tutorial on W3schools isn't the best place to learn current PHP, and it's not the fault of the language. PHP has moved on, if only the haters would too.
So your argument is that the dangerous extension is deprecated as of a year and a half ago? Given that PHP has been around for nearly 20 years, it seems like your evidence supports my argument more than yours.
> PHP has moved on, if only the haters would too.
Unfortunately it's not that easy. A lot of those tutorials are still being read by newcomers, and a lot of the web is filled with vulnerabilities as a direct result of official documentation recommending insecure ways of interacting with the database.
PHP may be "in recovery," but that doesn't necessarily mean the bad taste will magically leave everyones' collective mouths. The damage has been done.
The mysql extension is not dangerous in any way, don't spread FUD. The reason for not deprecating it sooner is that very large projects depend on it. These projects may have been ten years in the makings and aren't in any way unsafe because of the mysql extension. Software like WordPress and Drupal still use and support the mysql adapter and run on a huge percentage of the web today.
I agree a lot of people read insecure tutorials, but it allows even beginners to write fairly advanced web sites. If the choice is between easy and available and difficult and hard to use, I'd rather have the first option available. On the web, ideas, timing and execution is important, not how amazing your code looks on the backend. A lot of great software may not have been created had it not been for how easy PHP is to get started with. As a community we are trying to educate people to code properly. It's an ongoing process.
Actually yes - perl has a tainted mode (#!/usr/bin/perl -t) that force you to sanitize every input from the outside world. It does not do the work for you because it is agnostic to semantics (escaping for shell is different than escaping for SQL for example) but at least make you think about the problem.
So what you are saying, is that it's not actually widely used, or even useful in the scope of a web site? In that case, it don't see how it changes my original point.
>Does Perl, Python or Ruby have built-in automatic escaping and sanitization?
No, of course not. That's very much the point. PHP's broken attempt at that created security holes.
>On top of that all three of those languages require additional setup
No they don't. It is just that someone else has already done the setup for you with PHP at most cheapo hosting companies. Installing python is no harder than installing PHP.
>(Especially Ruby with RoR shudder)
You are comparing a framework to a language. Rails is no harder to setup than any of the PHP frameworks like zend or symfony.
Providing sanitization functions 10 years ago is broken to you? If you check my earlier post you'll see that prepared statements are widely used nowadays. Escaping functions like htmlentities() are also still effective.
You are right, there are a bunch of hosting company providing 0-config PHP, but setting it up in any distro is also never more than one command away, unlike the other languages mentioned.
Regarding Ruby and RoR, I can't even find a tutorial on how to run Ruby under FastCGI, and RoR appears to be the de facto way to run Ruby websites, so if having a framework is required to run any non-trivial Ruby website, then it has to go into the "hard to configure" part of the argument regardless of semantics.
>but setting it up in any distro is also never more than one command away, unlike the other languages mentioned.
No, exactly like the other languages mentioned. If you are seriously going to try to pretend installing python or ruby or perl is harder than installing PHP then you can't expect anyone to react as if you are being serious and genuine.
>I can't even find a tutorial on how to run Ruby under FastCGI
That sounds like a serious problem. I would suggest looking for a local "introduction to computers" type class. They tend to teach basic usage of windows and the web, including how to use google to search for things. I think it would help you a lot.
>and RoR appears to be the de facto way to run Ruby websites
While I'm sure the rails guys must be flattered, I don't know how you got that appearance. There's a whole bunch of frameworks, just like with PHP. And you don't need to use any of them, just like with PHP. But of course, you know all this and are just trolling.
For me it was simple to learn PHP and create something 'useful', basically every web server is capable of running it which makes my life a lot easier as well.
Surely the fact that someone can hack together code within a few minuets that doesn't profess to be a coder is a good thing, regardless of the language that there using?
There is no better programming language than the one you know.