467,913 Members | 1,813 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,913 developers. It's quick & easy.

Why PHP gets so much hate?

I am new to programming and I've seen lots of posts making fun of PHP. Why does it gets so much hate? What language should I learn for web developing instead of it?

EDIT: Considering the fact that I already know JS.

PHP is incredibly popular. A lot of very useful things is written in PHP or what started as a dialect of PHP including WordPress, Facebook, and Wikipedia. PHP is ubiquitous and incredibly easy to get started with and so a lot of developers of very different skill sets have used PHP and written about it. As a result, there are a lot of tutorials, blog posts, and projects which demonstrate poor or unsafe practice.

Additionally, earlier versions of PHP made it difficult to write good code. PHP strives for a low barrier to entry and ease of use and this resulted in some terrible design decisions such as magic quotes. Aspects of the language from this time are often inconsistent from the perspective of someone using the language.

However, the language has seen steady improvement over the last several years. PHP 5 and PHP 7 have gone a long way towards transforming it in a modern language and resources such as PHP the Right Way demonstrate how to use the language effectively. Some old cruft still exists because itís hard to change existing code but a lot of it is mitigated by an IDE that understands the language.
Dec 22 '20 #1
  • viewed: 2334
Share:
3 Replies
Expert 256MB
PHP is as secure as any other language. The application code is as safe as the programmer makes it. Online content covering the insecure code can not be a factor for the judgment. Ignorance and bad practices of the individuals is probably the worst excuse to blame the technology.
Dec 23 '20 #2
I was wondering the same thing myself.
Dec 23 '20 #3
16bit
PHP is ubiquitous and incredibly easy to get started with and so a lot of developers of very different skill sets have used PHP and written about it. As a result, there are a lot of tutorials, blog posts, and projects which demonstrate poor or unsafe practice.
First of all, what you have to contend with is how "up to date" a tutorial, etc. is. For example, prepared statements didn't even exist before around 2004, and therefore you're not going to see them in php tutorials from before then, and not a lot for some time after- because after they put something in the code, it takes time for the news to get around and enough people to learn it before we start seeing it in tutorials and the like. As the language changes, so does the basic way of doing things. This is true for ALL languages- not just PHP.

Second of all, about the worst thing that can happen with PHP is someone drops your SQL database tables and steals everyone's account information. By comparison, about the worst that can happen with a high-level language C++, Python, Perl, etc. is someone installing a BIOS rootkit on the server. Simply put, high level language = even more nefarious things that can be done within theory, and even higher stakes when it comes to security. Simply put, the more a language is capable of, the worse the possible security implications are- Therefore, we must select the right tool to accomplish that which we want to accomplish considering what capabilities we need (perhaps sacrificing some of the capabilities we want).

Chances are, if you're not designing PHP code to be secure, you're probably not going to be securing your C++, Java, JavaScript, Python, Perl, Ruby, (fill in the blank here) code either, because those languages are much more difficult to learn than PHP is. While some languages are easier to write secure code in than others, you still have the accessibility issue of most people being able to grasp the syntax beyond a "hello world" script. That's one of the reasons we see more PHP on the internet than any other language. (that and languages like ASP are proprietary and come with a price tag. This was one of the things that killed VisualBasic - Microsoft quickly found out that people were willing to bootleg it before they were willing to pay for it.)
2 Days Ago #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

10 posts views Thread by in | last post: by
111 posts views Thread by JKop | last post: by
92 posts views Thread by Jeffrey P via AccessMonster.com | last post: by
27 posts views Thread by Riaan Cilliť | last post: by
57 posts views Thread by Eric Boutin | last post: by
40 posts views Thread by PJ6 | last post: by
15 posts views Thread by Jon Davis | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.