is php "last year"

[SooTyLaD]

ok i've done a few sites now and if there is fancy stuff that needs doing i use php...

is this old school or still a decent way of doing things? i can't help thinking to stay with the pack i need to be learning some sort of .NET stuff?

i've only really ever used C as far as programming goes so PHP seemed the thing to use... do i really need to broaden my knowledgebase or shall i sit tight?

 

[MNuTz]

If its doing everything you need it to then why worry?

 

[Beansprout]

Totally depends what you need to do, and what you like doing.

If you want to investigate new langauges, then Ruby is the latest kid off the block and looks quite interesting

 

[Lt. Manlove]

If you're not very good with PHP, then get better. Otherwise I have no idea, Ruby?

 

[Al Vallario]

If you're bored of PHP, have a look at Ruby and the Rails (or "Ruby on Rails") web development framework. "Agile Web Development with Rails" is a fantastic book, and being moderately experienced with PHP I found it quite easy to pick up. The Rails framework is, quite frankly, a web developer's dream and I've enjoyed experimenting with it so much I can't imagine going back to PHP

 

[robmiller]

Django is like RoR minus the homosexuality, in my experience. That said, both are a little too magic for my tastes.

 

[Beansprout]

Django is like RoR minus the homosexuality, in my experience. That said, both are a little too magic for my tastes.

If one increases browser font size by one or two increments then that page looks much trendier.

I think that's gonna be my philosophy: If it ain't 2.0-enough, increase ze font size!

</babble>

 

[Dj_Jestar]

Just wait for PHP6..

 

[Al Vallario]

Django is like RoR minus the homosexuality, in my experience. That said, both are a little too magic for my tastes.

Oh dear!

Check out "Agile Web Development with Rails" (ISBN: 097669400X) by Dave Thomas, David Heinemeier Hansson (The chap who conceived the Rails framework and Leon Breedt. Since the Rails framework is relatively young, parts of the book may already be dated slightly, but it's written in a very easy to understand, friendly manner. Once you pick up the basics of Ruby on Rails, you'll wonder why you spent so long slaving over those silly PHP scripts!

Note: I love Ruby on Rails because it's a developer's dream, not because I endorse the "Web 2.0" movement. I fully support such user-centric design as that covered in 37Signals' book "Defensive Design for the Web," but I hasten to add there is more to "Web 2.0" than oversized text!

 

[NathanE]

Don't you guys ever get the feeling that all this "Ruby on Rails" and "PHP" stuff are just toys compared to the big boys like ASP.NET and JSP?

 

[Beansprout]

Totally depends on what I want to do.

 

[Al Vallario]

Don't you guys ever get the feeling that all this "Ruby on Rails" and "PHP" stuff are just toys compared to the big boys like ASP.NET and JSP?

I see JSP as more of an enterprise-level solution, and I can't see the benefits of using it to power a "small" website (read: <5,000,000 hits/month). With the amount of flexibility and performance PHP and Ruby on Rails offer, and the sheer number of websites utilising them (This forum itself runs on PHP), you'd be illconceived to put them down as "toys"

 

[Dj_Jestar]

Don't you guys ever get the feeling that all this "Ruby on Rails" and "PHP" stuff are just toys compared to the big boys like ASP.NET and JSP?

No.

It is a misconception to call PHP a toy.

It has a colourful syntax highlighting system that is 'standard' which may give it the fisher-price look, but by no means is it a product of similar standard.

PHP is a very forgiving language, thus it has come under numerous fire for being 'insecure', or a 'plaything' when 99/100 the fault is the developer, not PHP.

Every language has it's faults, the difference between .NET and PHP, is PHP is opensource and free, .NET is closed source and costs, so finding exploits is a more difficult task.

PHP is taking big steps, particularly in PHP6. Unicode, a re-worked Object Modelling backend and Namespaces, amongst other 'enterprise' (why use that name? Makes it sound like it is only for use within a Company, not that it is for wide-scale use, which is what it actually means..) features, PHP will have in PHP6.

However, at the moment, .NET and J2 have native compilers, so you can have your source in byte-code which is marginally quicker to parse than plain source.

Once we have a PHP byte-code compiler, you'll see far more use of it as the biggest problem we (PHP developers) face is that everytime we sell a PHP developed product, we have to give our source code up to the user.

 

[roboffer]

Personally, I dont have any interest in learning Ruby, Python or anything like that as I dont see my using them professionally, and the days of me spending all of my spare time developing sites are long gone.

If its required for work Ill pick them up, but I look to learn things that will help me get jobs, and thats where C# and .NET pay dividends.

 

[Beansprout]

Once we have a PHP byte-code compiler, you'll see far more use of it as the biggest problem we (PHP developers) face is that everytime we sell a PHP developed product, we have to give our source code up to the user.

Well, there are the ioncube and Zend encoders around, but they're pretty expensive for small operations

 

[NathanE]

No.

It is a misconception to call PHP a toy.

It has a colourful syntax highlighting system that is 'standard' which may give it the fisher-price look, but by no means is it a product of similar standard.

PHP is a very forgiving language, thus it has come under numerous fire for being 'insecure', or a 'plaything' when 99/100 the fault is the developer, not PHP.

Every language has it's faults, the difference between .NET and PHP, is PHP is opensource and free, .NET is closed source and costs, so finding exploits is a more difficult task.

PHP is taking big steps, particularly in PHP6. Unicode, a re-worked Object Modelling backend and Namespaces, amongst other 'enterprise' (why use that name? Makes it sound like it is only for use within a Company, not that it is for wide-scale use, which is what it actually means..) features, PHP will have in PHP6.

However, at the moment, .NET and J2 have native compilers, so you can have your source in byte-code which is marginally quicker to parse than plain source.

Once we have a PHP byte-code compiler, you'll see far more use of it as the biggest problem we (PHP developers) face is that everytime we sell a PHP developed product, we have to give our source code up to the user.

But there's only so much they can do to rework the language to support OO features. Does PHP6 have a proper OO standard library? I doubt it because that would deprecate all existing code... If it doesn't have an OO standard library then what is the point in adding OO anyway?

Unicode and namespaces are hardly what I'd call "enterprise features". They are what any decent language will have. It's news to me and indeed shocking at the same time that you say current versions of PHP don't have them

.NET isn't closed source. Microsoft openly publish the specification to the CLR so that third parties can implement their own runtimes (e.g. Mono). Nor does it cost money, it is free to download. Visual Studio Express is also free. There are also third party IDEs. Although it is totally possible to develop a .NET program in Notepad, I don't think many people take up the offer.

There more to this byte code subject too. Not only is it far and wide faster than any script-based language (which is constantly having the same script code reinterpreted on each request to the script.) But when and if PHP gets a compiler, it will still be insecure because it isn't a managed language.

The whole "it's the programmer's fault" thing is also beginning to lose its meaning nowadays. In a managed world it's very rarely possible to blame the programmer for a security glitch because such critical parts of the application are provided by the framework with fool proof reusable interfaces.

 

[robmiller]

Oh dear!

Check out "Agile Web Development with Rails" (ISBN: 097669400X) by Dave Thomas, David Heinemeier Hansson (The chap who conceived the Rails framework and Leon Breedt. Since the Rails framework is relatively young, parts of the book may already be dated slightly, but it's written in a very easy to understand, friendly manner. Once you pick up the basics of Ruby on Rails, you'll wonder why you spent so long slaving over those silly PHP scripts!

It was more than a little tongue in cheek, rather obviously. I've used both Rails and Django quite a lot, and would consider myself proficient in Ruby and Python. I don't dislike RoR (and to a lesser extent Django) out of ignorance.

But there's only so much they can do to rework the language to support OO features. Does PHP6 have a proper OO standard library? I doubt it because that would deprecate all existing code... If it doesn't have an OO standard library then what is the point in adding OO anyway?

Unicode and namespaces are hardly what I'd call "enterprise features". They are what any decent language will have. It's news to me and indeed shocking at the same time that you say current versions of PHP don't have them

.NET isn't closed source. Microsoft openly publish the specification to the CLR so that third parties can implement their own runtimes (e.g. Mono). Nor does it cost money, it is free to download. Visual Studio Express is also free. There are also third party IDEs. Although it is totally possible to develop a .NET program in Notepad, I don't think many people take up the offer.

There more to this byte code subject too. Not only is it far and wide faster than any script-based language (which is constantly having the same script code reinterpreted on each request to the script.) But when and if PHP gets a compiler, it will still be insecure because it isn't a managed language.

The whole "it's the programmer's fault" thing is also beginning to lose its meaning nowadays. In a managed world it's very rarely possible to blame the programmer for a security glitch because such critical parts of the application are provided by the framework with fool proof reusable interfaces.

PHP6 doesn't exist and won't for ages, so it's largely irrelevant to compare it; PHP5 - which is coming up for 2 years old - still doesn't have anything near widespread support, so god knows what PHP6 will be like when it comes out.

Even I accept that PHP is a toy language, and I'm one of its most ardent supporters here. Sure, it has its niches, but to compare it to .NET is laughable.

 

[Dj_Jestar]

But there's only so much they can do to rework the language to support OO features. Does PHP6 have a proper OO standard library? I doubt it because that would deprecate all existing code... If it doesn't have an OO standard library then what is the point in adding OO anyway?

http://jero.net/blog/2006/03/php6/

and

http://www.php.net/~derick/meeting-notes.html

Yes, they are reworking a lot.

the standard libraries will, just like Java did, start off small.. most likely just with variable type classes or such. Unless they just decide to fully merge PEAR into it, or a selection of the most popular interfaces/classes.

Unicode and namespaces are hardly what I'd call "enterprise features". They are what any decent language will have. It's news to me and indeed shocking at the same time that you say current versions of PHP don't have them

I didn't call them 'enterprise features', hence why they are listed seperately. However, some will argue they are enterprise features.. which baffles me at times as well.

.NET isn't closed source. Microsoft openly publish the specification to the CLR so that third parties can implement their own runtimes (e.g. Mono). Nor does it cost money, it is free to download. Visual Studio Express is also free. There are also third party IDEs. Although it is totally possible to develop a .NET program in Notepad, I don't think many people take up the offer.

Specifications != code. .NET is very much closed source. Express is not as powerful as 'pro' or whatever fancy name they have given it these days, and is not free. But yes, I stand corrected.

There more to this byte code subject too. Not only is it far and wide faster than any script-based language (which is constantly having the same script code reinterpreted on each request to the script.) But when and if PHP gets a compiler, it will still be insecure because it isn't a managed language.

Which is just expanding on exactly what I said, but anywho..

The whole "it's the programmer's fault" thing is also beginning to lose its meaning nowadays. In a managed world it's very rarely possible to blame the programmer for a security glitch because such critical parts of the application are provided by the framework with fool proof reusable interfaces.

how so?

<?php

echo $_GET['var'];

?>

So that is PHP's fault for being insecure? Just how would PHP be able to secure it? How would the core know which method you require to secure it? These are the 'faults' that PHP has taken flack for.

Anyway, comparing PHP to J2EE as a whole, and .NET as a whole is wrong, they are not equal - comparisons to JSP and ASP.NET are 'fair'

 

[robmiller]

So that is PHP's fault for being insecure? Just how would PHP be able to secure it?

By implementing taint checking?

 

[Dj_Jestar]

By implementing taint checking?

Taint checking for what? SQL? HTML? NULL bytes? New lines?

Each have their different reasons for security, and different situations in which they need escaping or removing.

It's impossible to fool proof a variable/value for all purposes, unless you unset it.

There are situations where the checks/removal/escaping will be a PITA.. such as logging SQL queries to a text file on error, you want to see the raw input from the user, not the pre-escaped version of it.