Craig Strong

As we have just rolled over to 2010 I thought I would compile a list of 4 common questions often raised against PHP from people within the IT industry (no particular user groups). Each of these 4 statements were mentioned to me within 2009, but stem back many years in some cases. Some of these questions demonstrate plain ignorance in some cases, others just a little confusion as a result of lack of understanding or exposure. Therefore I hope this contributes to clearing up some obvious misconceptions by my provision of some brief answers.

PHP is not a secure language

Believe it or not this was stated to me by a highly ranked person within the development community. I was very surprised that such a statement was put forward considering PHP is a scripting language and security is not a definitive answer, but an on going process in which every facet of IT must undergo constantly to remain secure. To clarify this is a case of blaming poor workmanship on the tools. Although some tools are better than others, in no way do I believe this statement to be true. PHP can be as strong as the best of them in terms of security and some of the worlds most secure systems including many systems of the financial services industry as an example which hold vast amount of sensitive information can be found to be written using PHP. When using a tool to build something, the end result is that of the craftsman effort, ability, knowledge and experience. Keeping the argument of operating system security out of this which would be hosting PHP, to obtain security you need good, experienced and security aware developers. I personally believe this misconception often raises it’s head because of other languages restrict development to the framework or coding environment and developers within these environments don’t have to confront some areas of security as a result of this. I don’t think it’s good for developers to rely upon security being dealt with away from their application by making it someone or something else’s responsibility. A good craftsman will make it their job to be aware of system security and test their application before release as well as include continuous monitoring and alerting tools to support the application. Obviously there are those which specialise in such areas and their knowledge should be referred to in times of doubt or curiosity via supporting texts and communities. PHP is as secure as the developer’s knowledge and testing/release procedure involved with it as with most other languages.

PHP doesn’t have good support for OOP

I’m surprised that some people still think this. Before the release of PHP5 including the Zend 2 Engine, which was 13/07/2004 this would have been true. However please keep up people, we are in 2010 now and OOP support for PHP has been in place for over 5 years! I haven’t written procedural code for years with the exception of the odd testing script and procedure. There are great libraries available as well for those looking to extend OOP ability including such libraries as SPL, PECL, PEAR to name but a few. There are also some very fast moving and powerful frameworks available fully supporting OOP including such Frameworks as Zend Framework, Symfony, CakePHP, Codeigniter. These are also become very popular and demand for such frameworks from the workplace is rapidly increasing (see my other post).

PHP is slow

Yes believe it or not I have heard people claim this. PHP is pretty damn fast as a scripting language written in C. If people say PHP is slow, I don’t believe the have looked at the problem or debugged their code well enough. There are so many factors that influence speed such as the OS, memory, debug code, logging scripts, the implemented code, other applications on the server etc. If your PHP code is running slow, debug it and find the problem. It’s likely that the problem could sit with any of the above or it could be badly written code. There are good debug tools out there such as Xdebug which could save you some time finding the problem. Remember PHP is so versatile you can even extend it in C. If you are doing something very complex in PHP and by taking it down a layer might reduce some of the functions taking some time, you have the option to write an extension if needed. I personally have never had to do this, but have seen it done for a workplace specific extension and it worked perfectly and very quickly.

PHP is an amateur language

With full OOP support and factoring in that it’s one of if not the most widespread scripting language and as mentioned briefly in point 1 above, you can find PHP in almost all industries. Now I am not one to suggest the best technology is the most widespread (no names mentioned). However if PHP was a amateur language why is it so popular in so many professional industries which demand professional results. You can write pretty much anything you want using PHP and it can be as simple and complex as you want it to be. I have used Java quite a bit in the past and often find myself using the same code design texts to reference my PHP objects as my Java objects. I even apply the same design pattern sources for both languages. An example is the built in observer pattern interface in Java, (java.util.Observer) PHP also has this (SplObserver). Again I feel that stating that PHP is amateur is missing the point that PHP it’s a tool for the job. If amateurs use PHP you might get amateur results by the same token if professionals use it you get professional results, which is obviously the same as any other language.

Overall I think some of the questions or statements raised above are raised as a result of lack of understanding. As with most things in life some people scratch the surface of an area of interest and call themselves experts. The same experts make such judgements which create barriers for others. This could reading a text titled ‘Learn PHP in 24 hrs’ then calling oneself an experienced programmer or taking your driving test after a couple of lessons in a controlled environment and calling oneself an experienced driver confident enough to race with the likes of ‘Jenson Button’ and expect to win. Personally I have been using PHP for over a decade now and I am still learning new things everyday, particularly through exposure of different implementations. The language is moving fast with PHP6 arriving soon as well as many new and exciting related projects becoming available such as the array of frameworks which provide common interfaces to integrate with many different technologies. I would encourage anyone to look under the bonnet and get to know PHP in more depth and hopefully you will see the true power and capabilities of it.