No one bashes PHP because it can't do these things, or that it isn't easy. People bash PHP because there are objectively better languages and platforms out there and objectively bad decisions made by those guiding the PHP language.
If you want to defend PHP in any meaningful way then you can't just list things that can be done easily in almost every semi-modern web ecosystem, but actually compare it to the other alternatives and identify when it's the right choice. It's harder but it leads to a blog post that might actually benefit readers.
Depends entirely on your metric. It's far too easy to introduce subtle bugs, especially security oriented ones, in PHP. If I had a dollar for every XSS, remote file inclusion, CSRF, arbitrary file read, etc vulnerability I found in a "good" PHP app, I'd be a very wealthy man. Some things are mitigated by using a good framework, but in most cases people get them horribly, horribly wrong.
While testing apps, PHP immediately throws up red flags -- it's simply not likely to be done right. It can be, but it's very rare.
But by now I am mature enough to understand that if you hire bad programmers you get bad code irrespective of the language its written in. You can use any tool you want, if you use it badly the result is going to be bad. These are days of Python and Ruby fanboyism so very obviously everything is going to look ugly in front of it. Code bases in other languages will be declared legacy and the same thing will be translated to the new shiny language and called the 'modernized' code bases. Your RDBMS use cases will be shoe horned to NoSQL databases and declared designed for the web. This will go on and on for anther few years...
Until we get to see page long blog posts another few years from now describing how many bad Python + Django examples can be found on the net. Or how bad Python and Ruby Legacy codebases are. How framework dependency with Django, Rails or Twisted sucks. Or how someone had to spend huge engineering effort migrating from Python 2 series to 3 series. Or how they had to rewrite a large part of SQL logic to work with NoSQL databases.
This trend repeats every few years, every few years a set of tools get trolled badly.
Now which languages make it easier to write more good code? Everyone talks about the lack of good PHP code and the response is "well there's plenty of bad python code out there!". What we will never see are any examples of PHP code held up as being great a few years from now.
Yes, every few years a set of tools get trolled badly. The same tools that were considered sub par by professionals at the time.
Thus, in your career you tend see more PHP apps that were badly-implemented.
One very illustrative example: arbitrary code execution. I've lost count of the number of arbitrary code execution vulnerabilities I've found in PHP applications. In contrast, I recall very vividly the last arbitrary code execution vulnerability I found in a Python application: I uploaded a PHP script to the server, which was also running mod_php. ;-)
The problem here is simple: most web servers that run PHP are configured with a rule that says "If a file ends in .php, execute it as PHP." This is useful for new users: it allows them to run and execute separate PHP scripts very easily. But it's also a potential security vulnerability if an attacker can upload a PHP file to your server.
If you're using a framework, you typically have a fixed number of scripts that should be executable and you can configure your web server appropriately. However, that requires a VPS or dedicated server.
Edit: If you're interested in an actual language-level difference between PHP and Ruby/Python that affects security, PHP scripts accepted null bytes as part of filesystem paths until recently (PHP 5.3.4, which added protection against it, was released at the end of 2010).
Rails is a DSL based on Ruby to build web applications that has hooks into a rich library that helps with that. PHP is a language designed to build web applications (although it can be abused to write any type of application)
Did you ever read Python's documentation? Or Ruby's? Or Java's?
Show me one popular web programming language which has a full page, up to date, with examples and user comments and version incompatibility info, per function.
Of course, it's just one point and I otherwise agree with your comment, but it's one hell of an advantage.
Ha-ha-ha. You're kidding, right?
Check strlen: http://www.php.net/manual/en/function.strlen.php
1. Comment about how PHP converts types. "Conclusion: The values are converted to string before check the lenght."
2. Comment from a novice user who posted a solution to the problem of subtracting the number of spaces in string from its length.
3. Comment about someone who thought that there was a bug in strlen, but it actually was a documented difference in behavior between two minor versions of PHP.
4. Comment about counting characters in UTF-8 encoded string by decoding it to some other one-byte encoding.
5. Comment about counting characters in UTF-8. Actually, the whole new function.
7. Benchmarks for different UTF-8 strlen implementations.
8. Complaint about another comment, which suggested the function to count characters in UTF-8 strings that didn't work. And the "proper" solution using regular expressions.
I can't speak for Ruby or Java because I haven't even looked at their documentation sites.
User comments? PHP user comments are crap, IMHO - so many people writing so much horrible code in those comments.
I understand where a lot of PHP supporters are coming from because I was once there - I spent four years with the language and thought it was the most beautiful thing that existed. Until Python, Scheme, Erlang, and Haskell invaded my life.
PHP will always be an amateur programming language - which is it's strength, kind of like BASIC, a great stepping stone but nothing more.
1. Python doc has full up to date documentation for everything shipped with the standard library (which dwarfs PHPs grab bag of globally scoped functions)
2. The comments in PHP documentation are frequently out of date, misleading, or flat out wrong. Among the people I work with (who are working on PHP web apps, full time) everybody routinely advises the PHP noobs to ignore the comments.
3. The standard library functions shipped with most languages don't require a full page with multiple examples to explain how they work.
Don't get me wrong, the documentation for PHP is excellent, but it's a small win for a language that has so many real --language level-- issues.
The one thing I miss in Python is the inability to click "view source" in my web browser to see how a core Python library is implemented. PHP also has this problem. (Code is the best documentation. Learn to read it.)
The only thing I wish they had was a way to pipe it through a highlighter like perltidy with html out. That'd probably just lead to holy wars on formatting/colours though.
For eg. https://metacpan.org/source/DRAEGTUN/Builder-0.05/lib/Builde...
It's not as comprehensive and shiny as the core Python docs, but along with the tutorials and examples, it's actually pretty decent.
Also, I never used a popular Python library for which I haven't found good resources.
My favorite Python library, called NLTK, which has no equivalent in PHP or Ruby or any other platform for that matter, comes with a freaking book that's available for free.
Hmm, that said, that's still exactly what I find on the official Python site (e.g. http://docs.python.org/library/stdtypes.html#string-methods - PHP beats this by lightyears with a single page with examples and comments per function). Which 3rd party thing should I be looking for? (genuinely interested btw - the docs is one thing i dislike about python, and maybe unrightfully so, apparently)
1. Please explain why you need more explanation of these very basic functions
2. PHP's doc comments are unadulterated garbage
3. When things are worth documenting, they are: http://docs.python.org/py3k/library/collections.html
4. if you truly think string methods are insufficiently documented, it is very easy to contribute to the documentation.
The REASON PHP needs a page per function is the sheer number of poorly handled edge cases, version incompatibilities, and gotchas.
Yes. it's rather fucking good.
> Show me one popular web programming language which has a full page, up to date, with examples and user comments and version incompatibility info, per function.
Have you ever read Python's documentation? In the last ten years?
Python's docs have a complete and readable description of the language including its data model and the various core protocols, it has a number of quality howtos and guides a complete documentation of how to use C-level APIs, a pretty good and complete tutorial for beginners, a complete, well written and exhaustive changelog with examples drilling down to C API changes and most stdlib modules are extensively documented with examples and links to to the actual source code for the module and versioning information, with the whole documentation being heavily hyperlinked and permalinked (every section, subsectio, sub-sub-section, class, method, function or constant getting its very own anchor) linking to its own source. And just in case you want to contribute, or even just want the documentation offline, it's included in the source tree and trivially compiled to not only an HTML version, but a PDF (via latex), plain text or EPUB one as well. Hell, the documentation is so extensive there's even documentation on documenting.
Oh, and the documentation is available for every single version of Python past, present or future (for which it could be found anyway, as far as older versions of the language are concerned), including bugfix releases. And then it goes the extra mile by letting you run examples to ensure nobody broke them.
As to "full page per function", I really don't think you need that. And the PHP doc comments are closer to youtube comments than to anything worth reading, I simply can not see them as anything but liabilities.
(the lack of markup in HN comments is getting seriously annoying)
>>> print abs.__doc__
abs(number) -> number
Return the absolute value of the argument.
>>> print xrange.__doc__
xrange([start,] stop[, step]) -> xrange object
Like range(), but instead of returning a list, returns an object that
generates the numbers in the range on demand. For looping, this is
slightly faster than range() and more memory efficient.
> pydoc unittest
Help on module unittest:
Python unit testing framework, based on Erich Gamma's JUnit and Kent Beck's
Smalltalk testing framework.
This module contains the core framework classes that form the basis of
specific test cases and suites (TestCase, TestSuite etc.), and also a
text-based utility class for running the tests and reporting the results
In : abs?
Base Class: <type 'builtin_function_or_method'>
String Form: <built-in function abs>
Namespace: Python builtin
abs(number) -> number
Return the absolute value of the argument.
In : import json
In : json.dumps??
Base Class: <type 'function'>
String Form:<function dumps at 0x101f0bc08>
Definition: json.dumps(obj, skipkeys=False, ensure_ascii=True, check_circular=True, allow_nan=True, cls=None, indent=None, separators=None, encoding='utf-8', default=None, **kw)
def dumps(obj, skipkeys=False, ensure_ascii=True, check_circular=True,
allow_nan=True, cls=None, indent=None, separators=None,
encoding='utf-8', default=None, **kw):
""" [snip (excellent) docstring] """
# cached encoder
if (not skipkeys and ensure_ascii and
check_circular and allow_nan and
cls is None and indent is None and separators is None and
encoding == 'utf-8' and default is None and not kw):
#snip rest of func
For example: http://msdn.microsoft.com/en-us/library/w4hkze5k.aspx
You get the syntax (including VB, C++, and F# where availalbe), remarks, examples, version information, platforms, comments, and related content.
I mean, just look at that first URL!