That’s a great point. Sometimes I wonder if PHP’s ubiquity is what lead to the bad reputation. So many people use it that there will be more instances of bad coding in PHP than other languages.
Anything under a certain level of complexity with a budget under a certain amount is perfect for PHP. 50% - 75% of the web fits that criteria. For anything over that threshold every critique of php is perfectly valid.
But for my friend's rental car service of less than 50 cars across 4 locations on 3 islands in a 3rd world country and not being eligible for a merchant account from the local banks and losing a gigantic portion of every international money tranfer to government fees if he tried to use a foreign bank (as well as the risk of fines and imprisonment because technically no citizen of his country is permitted to have a bank account outside of the country)... well... a super simple PHP & MySQL app + a Wordpress blog all on shared hosting was an acceptable choice for his budget, needs, and available options in his situation.
But somehow the mere fact that I chose php over X, mysql over X, and shared hosting over X makes me a dumbass who'll never be capable of being a "real" developer.
Something I realized recently is that a lot of first world developers do not care about 3rd world problems, even developers who were born in a 3rd world country and eventually emigrated. Anything popular in the 3rd world is garbage and 1st world devs must not touch it or their reputation is tainted. And they also do not care about finding ways to help their fellow devs stuck living and working in the 3rd world. I asked around in a few different communities, including the php community, about expanding documentation translations to more languages and investing in keeping the current tranlations up to date. All I got were shitty responses along the lines of "If you do not learn English you will never be a good developer so translations are a waste." The vast majority of the world does not speak English. The vast majority of English speakers will never learn a 2nd language. If China/Japan/Korea/Russia/Middle East/Central Africa/etc were to create the next life-altering technology with effects as powerful as The Internet, the English world would be left behind unless the information was translated.
I think that is part of it yeah. The fact that PHP is used in web development and is at first glance a relatively easy language to pick up means that a lot of people came to it from a design/front-end developer perspective. Even if you're a designer who has never really programmed anything before it is relatively easy to make changes to- or write new server-side code that "works", but it can lead to codebases written by people who lack good fundamentals of software engineering and security best practices which especially for public-facing websites can be dangerous.
This was arguably a bigger problem in the old days of PHP when the default installation of PHP had some very questionable security practices (e.g. magic quotes and register_globals defaulting to on in PHP 4) and when the built-in MySQL API did not yet support prepared statements meaning you had to manually sanitize/escape your queries to avoid SQL injection vulnerabilities (this was improved when the mysqli API was added in PHP 5, though the old MySQL API remained available and I suspect a lot of people continued using it unfortunately).
Good point. PHP’s ease of use can also be its downfall sometimes.
I know security was a common issue with PHP, but I’ve been encouraged to see the core team putting more effort in that area like the MySQL extension being removed in 7.0 or libsodium being added to 7.2.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.