
PHP 8.0.0 Alpha 1 available for testing - dglass
https://www.php.net/archive/2020.php#2020-06-25-1
======
xiaodai
Is php really that bad? People keep telling me it's insecure by default.

~~~
ragnese
PHP as a language really is that bad. It's probably the worst popular language
right now as far as how difficult it is to write correct code. Especially
because a lot of times your code will seem to run fine until it doesn't. It's
also got a tacked on type system that is not robust or expressive at all, so
your typing is worse than pre-generics Java. Only JavaScript rivals it. It has
no async/multi-threading either, so probably JavaScript is less-bad.

I don't know that I'd call it insecure, necessarily. I'd call C an insecure
language. I'm not an expert on all the various standard library functions that
you aren't supposed to use anymore. Just make sure if you do SQL that you go
through some interface that prepares your statements for you and never just
shove user input into a SQL string you build yourself.

On the other hand, as people have already mentioned, there are some genuinely
best-in-class libraries and frameworks written in/for PHP. Laravel and Symfony
are extremely productive, pretty easy, full-featured, and polished.

It's my opinion that people who defend PHP as a language mostly fall into two
camps:

1\. They've never (significantly) used languages that are much better. Maybe
they've only done PHP, JavaScript, Java, and C; and think that all languages
are pretty bad.

2\. They are conflating the _language_ with the _ecosystem_. When you choose
Laravel for a project, you're choosing a solid framework _in spite_ of PHP-
the-language. You're probably not really choosing PHP per se.

~~~
fimbulvetr
This is just FUD. You didn't give us any real use cases to agree with or
refute, only your opinions. Lots of people and companies do very productive,
very real, very "typed" and very effective applications and code in PHP. I am
stunned that you are writing "because a lot of times your code will seem to
run fine until it doesn't" as it wouldn't be such a widely used programming
language if that was the case. Your entire comments reeks of trolling.

~~~
aliswe
I liked developing in php. But, the language itself is horrible. It COULD have
been good, though.

Like if(1 == "0.999") which iirc evaluates to true.

~~~
ragnese
Which part of that offends you? The string conversion or the floating point
math? Because floating point math is evil in almost all languages, because
they all follow IEEE and because some numbers can't be represented in binary.

~~~
aliswe
Not the string conversion or the rounding, it's both of them combined that
makes me unsecure my revolver. That's a joke... Seriously, I look back at my
PHP years with mostly great joy. Even though the language is terrible I hardly
ever noticed it when practising it.

