Hacker News new | past | comments | ask | show | jobs | submit login

As someone who has worked in a lot of languages and now works in PHP, I think that while PHP still has some of the same warts it did in the old days, I am also understanding that given PHP is, for better or worse, a fundamental piece of web infrastructure, and that providing an upgrade path while also ensuring that they don't just break a large chunk of the web is less a matter of "software conservatism" and more a responsibility of the dev team.

And, if we're being honest, the reality is that for that chunk that would break, most of them would either not have a developer on hand to fix it, or would be what I call a "Wordpress cowboy" who has a WP site they set up five years ago that they never update, and the sum total of their development experience is installing various WP plugins until the site vaguely does what they want it to do.

It's hard, because on one hand, if we didn't have things like Wordpress, then PHP would be in a position to undertake more breaking changes that would overall give the language and its libraries the much needed quality improvements. On the other hand, without things like Wordpress, it does become somewhat questionable as to whether PHP would have survived the dark days of PHP4 and the early versions of PHP5.

In saying all that, the work that the dev team have done to add great features and solid performance, alongside the community which has done a lot of good things like PSR's and the PHP League libraries to me, is one of the key things that makes PHP still an attractive environment to work in.

PHP has done pretty big breaking changes in the past, the thing that immediately comes to mind is register_globals (there are probably others, but my PHP experience is mainly from a decade ago).

Originally GET/POST, cookie and environment values automatically became variables. This means page.php?id=123 gave you a variable $id. Along with no variable declarations, this was intuitive and was probably one of the reasons PHP was so popular with beginner developers. Unfortunately it was also the cause of untold numbers of security bugs, because people would write code like:

    if (securityCheck()) { $isAdmin = true; }

    if ($isAdmin) {... }
Someone making the request page.php?isAdmin=true would totally bypass the intended check.

So in April 2002, PHP 4.2 [1] was released that disabled this by default -- but so many (badly written) applications relied on this that it was not until March 2012 -- 10 years later! -- that PHP 5.4 [2] finally removed this option entirely.

[1] https://www.php.net/releases/4_2_0.php

[2] https://www.php.net/releases/5_4_0.php

This is relevant: https://blog.jetbrains.com/phpstorm/2021/11/the-php-foundati...

Automattic is now more involved in PHP so hopefully that'll enable some collaboration

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact