PHP 5.2.0 Released 106
ShaunC writes "The PHP Group and Zend have released PHP 5.2.0, and upgrades are encouraged. The 5.2.0 update offers several security fixes, including patches for a couple recently announced buffer overflows in input parsing. This release also includes a number of library upgrades, bug fixes, and default bundling of the popular JSON extension to help with AJAX development. See the full changelog for more details."
That's nice but... (Score:2)
Re: (Score:2)
Insanity? Fix? (Score:2)
Verily, it is far better to maintain the insanity, at a reasonable price, than to set about fixing it.
Re: (Score:2)
Oh look... (Score:1)
"PHP is a toy language" trolls in 3... 2... 1...
Re: (Score:1)
Re: (Score:1)
I'm not sure whether you're replying to my post seriously or in jest, but just to make it clear: I don't consider PHP to be a toy language either.
It's not the most beautiful of languages, it's often inconsistent, and it's very very easy to do very very stupid things in PHP. Also, there are a lot of very bad programming practices that are so frequent among the majority of PHP coders that you'll even find them in most tutoria
Re: (Score:2)
Re: (Score:3, Insightful)
Yes, it has backwards compatibility issues. Most any upgrade path does. I personally deal with this by wrapping core functionality into a library. I've written sites that are insensitive to PHP versioning- they work equally well on PHP 3, 4 and 5. Programmers that require a specific PHP ver
Re: (Score:2)
Far too often you are forced to upgrade because of security issues, but that upgrade breaks functionality. So as a hosting provider, you either have to have insecure servers or angry customers, and dealing with those angry customers takes time and costs money.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
A toy language? Excellent! I just got a small Linux board with limited* resources and I wasn't sure if PHP would fit. Are there many commercial toys programmed with PHP? :)
* Mind you, "limited" is relative. A 200MHz ARM9 chip with 32M ram [photobucket.com], 4GB flash drive, 2.4 kernel and Busybox beats the 486/25, 16M ram, 200M hard drive with Slackware 2.1 that I used to run my multi-user BBS on, while playing nethack, quite nicely. (Kids these days...)
Re: (Score:2)
--
Evan
Argh. (Score:5, Insightful)
Your comment pisses me off, but there's something I want to say all the same: I think you are, essentially, right. Whatever one's woes with PHP might be, they don't justify trolling and unsubstantiated mouthing off. Besides, "toy language" is a purely inflammatory statement that doesn't even have any factual content.
However.
However, the implicit underlying assumption I think I perceive in your comment -- that PHP criticism must be trolling -- annoys me a lot. Please allow me to expand on this.
You see, one constant characteristic of the Internet in general is the noise. Look here on Slashdot: do you read all the comments on any given story?
The noise is a bigger problem than you'd think. The noise means that it's hard to get heard. It means that to be heard, unless you're a remarkable writer (which I, and most people, aren't), you have to exaggerate your message. "PHP is a toy language" is one such exaggeration; and perhaps even actually worthy of being modded up if followed with factual information to support it. And much likelier to catch a moderator's attention with its use of strong language.
Which you would, undoubtedly, consider a troll all the same, wouldn't you?
As you can probably guess by now, I have crates of such information against PHP. (In my defense, I do try hard to gather evidence against my own tools of choice as well, for two reasons. One, being aware of their own idiosyncrasies allows me to work better with them. Two, it's a simple matter of intellectual honesty.)
The vagaries of life have landed me into a managerial-ish position in a small company that develops and hosts large-scale PHP websites. My responsibility here is twofold: ensuring that the sites work, and ensuring that they keep working.
I didn't know PHP before joining this company; I had a generally positive opinion of it beforehand, from reading Slashdot. So I got to discover it through that new role.
Let us just say, to put it mildly, that my opinion of PHP has quickly become very poor.
I think that managing a language's design and development is one of those jobs that's freaking damn hard. It takes a LOT of experience, critical thinking, introspection, knowing to prioritize issues, knowing to tap into the decades of experience in language design to understand what works and what doesn't, why, and in what context. And different people with different backgrounds and objectives are more or less successful with it.
And I don't feel the people behind PHP -- I'm sorry, guys, I don't know how to put it nicely... -- are doing the best possible job of it.
More precisely, my primary issue with PHP is its culture as a project. Cultures are inherently difficult to describe, but if I had to put it in a few words, I'd call it the "Works for me" culture.
Simply put, the sort of attitude that PHP seems to encourage -- by which I mean, the shortest-path-to-arrival approach to doing most things in PHP -- work fine for the developper producing the code, but are formally broken in a way that WILL come back to bite the ass of whomever poor dude is in charge of keeping the thing working.
For instance: I understand PHP uses a function based on the tolower() C call to make method calls case insensitive, and leaves it at it. It works for them, doesn't it? Except that in the real world, it breaks. Deploying PHP sites on servers that use a Turkish locale yields blank pages. The workaround is to never use that particular locale. Easy, isn't it? No, it isn't: PHP's gettext functions for dynamic translation require the locale to be set appropriately (unlike that of other languages). And I have my Turkish clients on the phone a lot.
Until recently, before the introduction of PDO, the canonical native way of addressing databases was to use PHP functions named after the database itself (mysql_*, etc, making the process of migrating databases, or creating a site that may have to be deployed client-side on varying database backends, an utte
Mod Parent Up! (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3, Insightful)
(Actually, asking people what their preferred tools' most important drawbacks are is generally a good litmus test for their competence. If they can't tell you what the pitfalls are and how to work around them, or why they don't affect the task at hand, watch out.)
Simply, some tools are a better match than others for any given task.
For instance, I think that PHP makes for a good, simple and effective
Re: (Score:1)
Python.
It has deep-rooted support for meta-programming and introspection. Namespaces are simple and straight forward. The re-occurring interfaces in Python shave down development time and encorage uniformity.
Using Python is actually a pleasure. Mind, it does have its flaws: Performance (which is about on par with PHP), populatity (not deployed as much as PHP), and some OOP querks (but still better than PHP's).
Arghmen (Score:5, Interesting)
Totally agree 100%. Another example: did you ever use nl2br() [php.net] to convert newlines into <br> elements? It's an extremely common thing to do. In a minor patch release, they changed the function to generate XHTML instead of HTML. In one stroke, everybody who thought they were generating valid HTML had errors in their code. This might not sound that bad, until you realise that nl2br() can appear a lot in large projects, there's no way to get the old behaviour of nl2br() back, and if you have a decent QA process in place, you'd be being notified of the errors across all the websites you maintain. You end up having to go back and change all your code to use generic string replacement functions.
Now, maybe you might say that it's a sensible thing to change (I disagree, there should be different functions for HTML and XHTML), but at the very least, they should have put a change in semantics in a major version update, not sneaked it in between 4.0.4 and 4.0.5.
It's not really the design of the language that's the real problem (although it's not pretty), it's the cavalier attitude from people who don't seem to take a professional attitude to their work that really grates.
Re:Arghmen (Score:5, Interesting)
In other words, I was unsuccessful in explaining this rather basic concept. They got it blisteringly wrong, and hacked this wrongness into the language for all time. I attempted to explain (much more patiently than here) that no, this is not what === is supposed to do, but I wasn't heard. Not by Zeev, not by anyone else on channel. No one got it at all.
I passionately hated PHP for a long time after that, but it's just not relevant enough to my work anymore to hate. I have choices, I don't have outside clients demanding I use PHP anymore, and my choice of languages is respected where I work. I've chosen python for some projects, perl for another, C++ for another (the C++ one was of course not web). I could probably write my next project in Haskell and no one would bat an eye (though I will be stuck with maintaining it for all eternity). I'm even eying Prado -- a PHP library -- for an upcoming project, though I've still no desire whatsoever to write actual business logic in PHP, so it'll have to be solely at the view end of things.
Re: (Score:2)
An object identity comperator is all good and fine, but PHP needed this functionality much more desperately.
At any rate, I can't disagree with the perception of ineptitude on the pa
Re: (Score:2)
Perl also has the batty notion of "scalars" and as a result believes that a zero in a string is false, and makes string comparisons really hell with its own insanity around 'eq'
Re: (Score:2)
Re: (Score:2)
$ perl -le 'print "matches" if "foo" == "bar"'
matches
If you use -w or "use warnings", which any sane person should do, you get a warning about it. That perl's scalar type lets you play fast and loose with strings and ints with is fine for one-offs, but there's no flag or pragma that actually separates strings and in
Re: (Score:2)
If you want to have weak typing and compare stuff then when you want to compare different types of stuff with each other, you need different operators/functions depending on what sort of comparisons you want to do. The alternative is to be verbose and convert stuff before comparing.
Maybe not the only correct way, but definitely better than PHP's way - where they didn't seem to think about the implications of wea
Re: (Score:2)
If you had a decent QA process in place you wouldn't upgrade all of your prod servers in one go without testing the upgrade in dev first.
Re: (Score:2)
I must ask, do you have any experience of managing PHP production servers? It is frequent that minor patch versions of PHP are mandatory upgrades due to critical bugfixes. Slipping something that breaks code in a bugfix version is NOT acceptable by any sense of the term. It means that, if you have good QA and intercept the issue on your test servers, then you must still scramble and allocate ressources to have the code audited and updated on ALL the sites of your production platform, remaining vulner
Re: (Score:2)
In a minor release, they significantly changed the semantics of a commonly-used function. And they did so with little warning. This is unacceptable. Period.
Re: (Score:1)
One of my complaints is that they add these half-assed functions and then add new parameters, change the semantics, etc. etc.
Consider http_build_query -- a useful function (but it would only take 3-5 lines of php code to write it yourself). Only available in php 5+. Except they added a new parameter in PHP 5.1.2 (making it actually useful), so you'll probably have to rewrite the function yourself.
It would
Re: (Score:2)
Actually, "from __future__" is more about letting users get a feel of the soon-to-come core changes of the language (also called "incompatible language changes" in __future__'s DOCSTRING). And about rooting bugs out i
Re: (Score:1)
Biggest hit:
PHP is interpretted not compiled and there is no other option besides third party wrapping of compiled code.
In ASP.NET for example I can precompile my site in DLLs to whatever degree I am comfortable with. So if I want my Data Access layer locked down after a certain phase I can keep my junior develop
Re: (Score:2)
If I were you I would stick with big companies that produce commercial software. They tend to be motivated by cash, and hire real engineers to make sure things get done correctly as much of the time as is possible.
While Microsoft has its flaws and might be deteriorating in their practice of engineering as of late, they still outshine everyone in the areas that you are complaining about.
Maybe you used to
Re: (Score:2)
Yeah, we couldn't understand that issue either. While our project has been translated into Turkish, it will never work on PHP 5.x with that locale. From http://codex.gallery2.org/index.php/Gallery2:Known _Issues [gallery2.org]:
I'd have h
Re: (Score:1)
It's not trolling when it's true.
What backwards compatibility has it broken? (Score:5, Interesting)
Re: (Score:1)
Re: (Score:2)
I happen to like PHP, but I can also appreciate what a fecked-up language it is. Anybody who isn't coding with safe mode on and register_globals off in this day and age should be taken out and shot - it's been recommended practice since 4.1, and I wished 5.0 had bitten the b
Re: (Score:2)
Are you sure this is what you wanted to say? Safe mode was a terrible hack since day one, and it's considered to be removed from future editions of PHP
Re: (Score:2)
Anybody who isn't coding with safe mode on and register_globals off in this day and age should be taken out and shot
Yes, but
Re: (Score:1)
I see you've modded PHP-Nuke before!
As for register_globals, I don't feel it is a problem, if you allow variables to be injected into your code from outside then you haven't programmed properly. I always initalize them first, at the very least to NULL, to make it a kind
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
Secondofly, the changes from back around 4.0 to where we are now with 5.2 are fundamentally huge, and they move PHP to a much more serious, professional class. Breaking backwards compatibility was worth it. It's sad that there has been so much resistance to change. Personally, these chang
Re: (Score:1)
Re: (Score:1)
Re: (Score:2, Interesting)
The best thing about PHP is that it's easy. The syntax is simpler than Perl, so it is easier to pick up. It also has a ton of built-in functionality so you don't have to go looking for modules as often, but that mass of bundled functionality combined with the fa
Re: (Score:2)
This is an absolute key point that the 'toy language' crowd often miss out on. PHP is a good language, when used correctly, and when coded properly - i.e. the same as any other language/tool/whatever.
I do have a couple of gripes with PHP however. Firstly, as the parent (and a myriad and one other people) pointed out, inconsistent function names. Secondly, the presence of objects in the language - IMHO OOP is a bit overrated - and if you try to take PHP V4 objects to PHP V5 objects y
Re: (Score:2)
Syntactically, they're relatively similar. Obviously the PHP/Zend folks knew perl before they started on PHP.
Perl was originally intended for string handling, but is also quite suitable for general-purpose programming. Perl has CPAN- almost any module you'll ever need is probably already there.
PHP was originally intended as HTML Preprocessor - so it is specifically targeted at web programming. Which of the two is "better"? Ma
Ever heard of Mason, etc, etc (Score:2)
Well... there are multiple engines for including Perl in a web page like Mason [masonhq.com] and Apache::ASP [apache-asp.org].
But the Perl world is moving away from code-in-html. Generally, it is considered a better idea to isolate UI and logic from each other. The web frameworks for Perl, like e.g. Catalyst and Jifty, generally use Template engines like HTML::Template and Template Toolkit (Google/cpan yourself.)
Re: (Score:2)
Re: (Score:2)
No matter what, you have to come up with a templating solution. You can use PHP, of course. Regardless of project size, it's useful, but you end up with raw PHP code in the template. If you're the programmer for each, that's fine, but you don't want to be handing over templates to your designers where they can enter any PHP code and have it executed (or error out y
Re: (Score:3, Insightful)
That been said, PHP has by far the largest set of available tools to help you do big projects of any web-oriented PL. Tons of commercial and/or OSS IDEs (PHPEclipse - especially the easyeclipse distribution - is awesome for a free tool), Debuggers, etc. It's pratically maried to MySQL (tons of too
Lemme guess: (Score:1)
Re: (Score:2)
Or even:
BufferedReader in = new BufferedReader(new FileReader("foo.in"));
// do stuff ...
for (String s = in.readLine(); s != null; s = in.readLine()) {
}
Re: (Score:2)
Re: (Score:2)
Regards
elFarto
Re: (Score:2)
Nope, the string format field width should be at least one byte less than the array to allow for a null. See the description of the 's' format in the scanf(3) manpage [openbsd.org].
iostream bloats your binary (Score:1)
Thing is, familiar implementations of C++ (including GCC on Windows) will bloat your executable by 200 KB if you use std::cin and std::cout of <iostream>, even if you strip it (gcc -s). It's especially a problem when trying to make a web server on a custom embedded OS that runs on a machine with 4 MB of RAM. Is this a problem peculiar to GNU C++?
Re: (Score:2)
gcc (GCC) 4.1.1 20060525 (Red Hat 4.1.1-1)
Generating 64bit code.
And the size of a.out after strip vas 7016 bytes. That is using dynamic linking. If I static link it insted, it grow to 1 MB.
Re: (Score:1)
On Windows, using latest stable MinGW package (they're stuck at gcc 3.4.2), I do
and get 275,456 bytes for the same program. I guess it's static linking at least part of the C++ standard library. Most notably on embedded systems, you have to either static link or load the C++ library into RAM.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Good thing, I'm only pro-Python, not a zealot then. I switched a while back, and got a big productivity boost. mod_python+PostgreSQL+Kid for templating works nicely. Just moving over to Apache 2.2 now, and considering replacing Kid with Genshi [edgewall.org]. Currently hosting legacy PHP apps on a separate proxied Apache instance, but looking at running them as Python WSGI layers with WPHP [pythonpaste.org].
There's a lot of movement in the Python web development space right now -
Re: (Score:2)
I'm not really much of a PHP user, though I've toyed with it, and I'm not really looking to switch, but you may want to look at REBOL [rebol.com], though its not F/OSS (there are "free-as-in-beer" versions, and the commercial versions are rather inexpensive.)
Already switched to. (Score:1)
function arg1 arg2 arg3;
to be a terrible mistake, as
function(arg1, arg2, arg3);
is much clearer.
Are you on drugs? (Score:1)
I don't want to pass my functions tuples, I want to pass it the seperate args. I just wish oc
Ok, you got me on the first one. (Score:1)
PHP (Score:2)
That being said, I believe it is possible to create high quality, professional, maintainable code with PHP. If it wasn't the case, large companies such as Yahoo wouldn't be adopting it. PHP has an emphasis on productivity, and it doesn't attempt to enforce good practices in the language structure itself. But it als
My wish (Score:2)
PHP has got to be the most inconsistent language out there. Check out this list [tnx.nl]
* Arguments and return values are extremely inconsistent
* PHP has separate functions for case insensitive operations
* PHP has inconsistent function naming
* PHP has no lexical s