You may have heard a few rumors going around...
"PHP is just a scripting language."
"It's only used by beginners."
"PHP always ends up as spaghetti code."
"PHP is insecure."
"Only the smartest, sexiest people use PHP."
Ok, maybe that last one was me... but hear me out! Much like the old stereotype of "only nerds play video games", PHP definitely earned a few unflattering labels many years ago. Times have changed and developers in the know tell a very different story. Just like all the cool kids now play Fortnite (do they? I don't know), PHP is nearly unrecognisable from its days as the scripting language 'Personal Home Page'.
As a developer for 15+ years, I remember when PHP's claim to fame was that you could put dynamic pieces into your HTML pages. Heck my own first use of it was to just include the common header and footer across all of a website's pages. So I've seen first-hand the evolution of PHP. But let's dig into the evidence.
Security? Security!
Some of the knocks against PHP were legitimately earned years ago. PHP had some configurable defaults, like register_globals that poisoned the namespace with user-supplied values. And magic_quotes_gpc that confused basically everyone. But these two and several more were removed from the language several versions ago. Today, most of the security criticism surrounds PHP's ability to execute commands at the OS level, as well as vulnerabilities common to most web-facing languages.
PHP's power and flexibility gives you enough rope to solve nearly any problem, but also enough to hang yourself. Commands like exec are indeed dangerously powerful. In fact many environments disable it entirely. However many languages have similar means of reaching into the OS layer, and this power alone is not a criticism. Instead it's usually paired with PHP's beginner friendliness. Evidence of beginners doing risky things is not PHP specific, instead I think much of this criticism actually stems from another reason.
An Army Of Beginners
PHP is easy to install, and in fact already exists on most hosting services. Tutorials, code samples, and articles are absolutely all over the place. Many of these are old and outdated, but still only a quick search away. Blame or bless the web for that fact, but it amounts to one problem (old tutorials still kicking around) and one benefit (PHP is easy to learn). Running an environment is easy, it's free, and no compiling means writing and publishing PHP code is a breeze. Many high-school and college web development courses cover PHP. See what I'm getting at? The PHP community is one that is flush with beginner programmers. Less a flaw of the language and more a testament to PHP approachability, it presents a challenge for the community: how do we encourage and promote the teaching of PHP in a responsible, secure way that emphasises best practices? Meanwhile, an abundance of beginners means many of those stick around to become highly experienced and sought-after experts.
PHP & Best Practices Are BFFs
PHP's history as a scripting language for websites left it out of the loop of SOLID design principles, design patterns and frameworks. I speak in the past tense, because this has not been the case for many years. Sadly, PHP suffers from the classic developer trope that we all hate the code we wrote ages ago. Imagine that you were one of the army of beginners who learned on PHP. You wrote terrible code (I forgive you), then got a new job because of an opportunity or moved to a new language because new is exciting, and left PHP behind. Now you're a mature developer using a different language and your memories of the amateur PHP you wrote form your opinion of PHP forevermore.
I used .NET in years long past. The code I wrote then is shameful. When I returned to PHP it was to discover for the first time concepts like SOLID, design patterns and MVC frameworks. It was an eye-opening dive into the world of meticulously crafted code. The mistakes I made in .NET do not equate to a criticism of it. PHP applications today are built with these modern best-practices. The language itself has evolved to be much faster, and support the object-oriented patterns other modern languages have. PHP 7 is beautiful and version 8 is around the corner.
Modern frameworks like Laravel and Symfony have tamed the wild west of PHP and brought some craftsmanship to our code. Composer, the elegant package manager for PHP has conquered the old problem of everyone reinventing the wheel.
Who Cares About WordPress?
Not me! Ok, I do use it on a few sites (one-click updates, it's a godsend), and WordPress is often cited as one of the main arguments in favour of PHP. I break convention and don't really think WordPress's popularity is evidence of PHP's value. You can write a CMS or a blog in many other languages, and while it's a great application, it isn't proof of PHP's versatility and power. A more interesting argument is the kinds of applications that can and are being built on PHP. If Facebook being built on PHP doesn't impress you (it doesn't? really?), I have personally encountered the following types of applications and enterprise software built on PHP:
- Accounting software
- Insurance rating engines
- Big data analytics
- World-class ecommerce sites
- Project Management software
- Command-line utilities
- Real estate sales and marketing software
- Video games
- In-browser graphics editors
It's kind of amazing actually. I'd struggle to think of a domain that couldn't be tackled by PHP. I think this is one of the best arguments in favor of PHP today. If you still think PHP is only for jazzing up a website, you haven't been in it recently.
Try It And You May, I Say
I've intentionally left off criticising other languages from this article, every language has flaws. That's not how I roll, and I think PHP stands on its own merits. The main problem PHP has these days is overcoming its own - no longer accurate - reputation from years and versions long past. There is a dedicated and talented team continuing to work on PHP, and new versions are rolling out more rapidly these days than in the past. In fact the version 5 branch which is the last to include most of the things PHP has been criticised for, is past its end of life. Version 7 is a fresh, faster new vision for PHP. Don't let old opinions, and critics' disgust for their own code written years ago sway you from giving PHP a try.
And if you're already in the community, raise your voice with pride and spread the word!
Special thanks to the PHP core development team. ❤
Oldest comments (4)
From one PHP dev to another, I salute and thank you. 8 years of experience, most of it using a well-formed framework, I always wondered why the hate for PHP. It really is unfounded nowadays.
PHP is often a hammer in search of a nail, but you can say that about any language. I've been using PHP (and the Laravel framework) on a recent project, and as long as you read the docs and have some coding standards in place, it's a joy to use
Let me join the 15+ years club and dive into memories of the old times, being one of the „scripting kiddies“ guilty of writing HTML, PHP and MySQL in the same file. ;)
We definitely had some awful introductions into the language long ago, that I shouldn’t have read. The web was still relatively new and many people (like me) felt that it was more fun to just try coding with the ease of PHP, than to read programming books that have been so boring. I know better today.
In the meantime things really changed a lot and from large recipe websites (with a huge forum and community) to tracking APIs with billions of requests, I’ve written so many different applications in PHP in the past 15 years. It just works. We never had security issues (fingers crossed) and scalability was never as bad as people believed, even in the times when I was still driving new servers to the data center in my car.
But ... as you say ... so many people believe in the things they've heard in the old days. I get the „PHP is not a real programming language“ flag every few weeks. People tell me quite often that they learned it from someone with the real programming skills and that they never used the language themselves. It takes some time for them to understand that in 90% of all cases the chosen language isn’t the problem. I’ve seen horrible code in many languages - and the developers always believed they’re better than a scripting PHP guy. :)
Yet another dev with 15+ years in PHP here: Yes and no. PHP has improved a lot, but it's still very inconsistent as a language and it is just so much easier to maintain large applications in languages that are compiled and strictly typed. I'll actually open source something pretty large using PHP fairly soon, but I just can't wait to finish it and switch over to other tools.
On the plus side, the ecosystem (meaning packagist.org) is very good and the tooling is also not bad.