• frezik@midwest.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Nah, it’s historically been a special kind of shit. It started life as a Perl templating engine, then grew out to its own language where it repeated all of Perl’s mistakes while adding more of its own. Its community was single-handedly responsible for keeping SQL injection attacks in the OWASP Top 10 list for years. Notice that it’s now bundled with “injection attacks” as a generic label for a wider range of similar issues–SQL injection alone would no longer warrant being there. Its conflation of arrays and hash maps meant it took years to wrestle with algorithmic complexity attacks. Perl kept the two separate, and was able to get a patch out for algorithmic complexity almost immediately (though it turned out to have a few bugs of its own, and a true fix came in a few years later; still faster than PHP solved it).

    The web from 1998 through 2010 or so was absolutely riddled with bad PHP programs. “But that’s not the language’s fault”, you say? Doesn’t matter. Community is an important and underappreciated feature of a language, and PHP had a special kind of shit community. It almost seemed designed to suck away the dross from all other communities.

    Consider the plugin system for phpBB:

    • Its architecture doesn’t have any kind of hook system for plugins; they’re added by patching the code in place
    • This naturally leads to different plugins interfering with each other
    • Having done that, you might choose one of the patch formats already out there, but phpBB decide to create their own
    • There are, at first, no tools available to automatically patch in plugins, so administrators (often not developers themselves) need to hand edit the source files and modify the database (the plugin format specifies both together)
    • Tools start to emerge over the years to handle it automatically, but they’re buggy and unusable for a long time

    Is it PHP’s fault that one major application was implemented so poorly? YES! Its community is a feature, and its community is what brought us to this.

    You want to claim that the language has done better since PHP7? Alright, that’s fine. I still don’t care. There are so many better options available, and I don’t have time to keep up with all of them. I’m happy relegating PHP to being a long-tail language where it trails off slowly over the years like COBOL.