this post was submitted on 30 Oct 2023
989 points (96.1% liked)

Programmer Humor

32557 readers
311 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 37 points 1 year ago (1 children)

Nah, it's historically been a special kind of shit. It started life as a Perl templating engine, then grew out to its own language where it repeated all of Perl's mistakes while adding more of its own. Its community was single-handedly responsible for keeping SQL injection attacks in the OWASP Top 10 list for years. Notice that it's now bundled with "injection attacks" as a generic label for a wider range of similar issues--SQL injection alone would no longer warrant being there. Its conflation of arrays and hash maps meant it took years to wrestle with algorithmic complexity attacks. Perl kept the two separate, and was able to get a patch out for algorithmic complexity almost immediately (though it turned out to have a few bugs of its own, and a true fix came in a few years later; still faster than PHP solved it).

The web from 1998 through 2010 or so was absolutely riddled with bad PHP programs. "But that's not the language's fault", you say? Doesn't matter. Community is an important and underappreciated feature of a language, and PHP had a special kind of shit community. It almost seemed designed to suck away the dross from all other communities.

Consider the plugin system for phpBB:

  • Its architecture doesn't have any kind of hook system for plugins; they're added by patching the code in place
  • This naturally leads to different plugins interfering with each other
  • Having done that, you might choose one of the patch formats already out there, but phpBB decide to create their own
  • There are, at first, no tools available to automatically patch in plugins, so administrators (often not developers themselves) need to hand edit the source files and modify the database (the plugin format specifies both together)
  • Tools start to emerge over the years to handle it automatically, but they're buggy and unusable for a long time

Is it PHP's fault that one major application was implemented so poorly? YES! Its community is a feature, and its community is what brought us to this.

You want to claim that the language has done better since PHP7? Alright, that's fine. I still don't care. There are so many better options available, and I don't have time to keep up with all of them. I'm happy relegating PHP to being a long-tail language where it trails off slowly over the years like COBOL.

[โ€“] [email protected] 5 points 1 year ago

I'd say that PHP allows you to write very bad code (and makes that the default). It's a language feature.

For example Java has a lot of NullPointerException because it was designed with null and without mechanisms to detect & prevent these errors. Any method can return null and cause a NPE. It's just easy to ignore them. Modern languages like Go, Rust or Zig force you to handle null errors, and make it easy to do so. NPEs are a lasguage feature in Java.

In the same way PHP allows you to write any ugly code you want. There are no checks, no safety. People can write bad code, people can be lazy, people can be stupid. PHP allows it and empowers them.