Back to Top

Sunday, May 18, 2008

An argument (against) PHP

Via Perlbuzz I landed at the blog posting An Argument for PHP, which I disagree with.

First a little about my background: I've been programming in PHP almost twice as long (6+ years) as in Perl, so (hopefully) it isn't the case that I don't know what I'm talking about.

PHP seemed nice and shiny when I started using it, however after trying Perl, I realized that it's nothing more than a Perl wannabe. The two languages have similar roots (both started out as simple projects because someone needed to get something done and evolved from there), however Perl is ahead of PHP by almost 10 years (Perl appeared in 1987, and PHP in 1995). I know that this is not a scientific measure at all, but still I feel that Perl 5.10 is something like PHP 8.

PHP touts ease of use as its main main argument, however this is very measleading. As I said earlier you must know an awful lot before you consider doing a web application. As, what I consider to be poetic justice, this propaganda came back to bite PHP and basically is responsible for the widespread opinion PHP equals insecurity. No, PHP is not more or less secure than other server-side programming languages, but it attracted beginner programmers who wrote insecure programs with PHP in the name (phpBB anyone?) and thus ruined its reputation.

Perl has more features and more codes available (just compare the number of modules from CPAN with PEAR, which, from what I've heard on the PHP architect podcast, is kind of dead). It can run in-process (via mod_perl) just like PHP. And while debugging tools and profiling tools for PHP are slowly evolving or almost dead (the WinCacheGrind project hasn't had a release in more than three years, as did its Linux counterpart KCachegrind), you can write a debugger, profiler, etc for Perl in under 10 lines.

Perl had support for bound variables in SQL statements since before the PHP project started (!), while the PHP project went on for years producing many vulnerable applications.

And where are my language-integrated regular expressions, safety verifications (use strict), tainted variables, anonymous subroutines, closures, meta-programming support and so on?

In conclusion: certainly Perl is not without its flaws, but PHP doesn't even come near it. It does need a more substantial investment to learn, but the payoff and productivity gained from it is certainly worth it. And don't be fooled: while PHP might be easier to pick up, there are still many things you must learn which are outside the scope of PHP to make good (and safe) web applications and PHP doesn't do the Internet any favors by advertising itself as an all you need to know language.

1 comment:

  1. Woot! Perl lovers unite, and spread the word: