Why PHP must be abandoned (in my opinion)‎


Every now and then, I find myself using PHP as a programming language.
I started using it since the early of 2000, and never really liked it.
Most people like it not because it is good, but because it is easy to "get inside" and start developing stuff with it.

But that's exactly one of it's biggest problems in the world.
I do not want that a programming language will be "easy" to start with, I want it to be good with what it suppose to provide.

First of all, easy is a relative word. That is, you must compare it to something. Back in the days, it was easier to start with PHP then with Perl for example. But when you actually start to "enter" inside the language, well, it's not really a programming language per-se, but a group of a lot of tools that allow you to have some sort of glue to use them.
It does not really act as a language (like with Perl), but a borrow stuff from other languages, such as Perl, C and few others.

Recently I found yet another problem with PHP. I got a 3rd party source code that explains to me how to implement a protocol that reinvent the wheel of HTTP REST using "JSON" like code, but with it's own TCP header, rather then to use plain old HTTP.


The way that they implement it, is really weird, because instead of using the "pack" function, they are using their own bit manipulation code (poorly), and use the "chr" function to convert each byte into an ASCII value representative.

They code it like so:

 chr(1000 >> 0) . chr(1000 >> 8) ....
The problem is that chr(1000)  (shift right by 0, keeps 1000 as 1000) must report an error, because 1000 is bigger then the last ASCII code (127), or extended ASCII code (255).
I'll explain it again: 1000 is bigger then the range of 255 . ASCII is only at the range of 0..127 chars, but extended ASCII provides extra chars up to 255 (full byte length).
Note: Even a numeric value of 256 is bigger then one byte !
With Ruby for example, I get "RangeError" exception for such action, so does with Python, Pascal, Perl (with strict bytes) and few other programming languages.
While with PHP, well it returns the value of 232.
You must shout out loud, "wait, WHAT ?" if you haven't done it by now.
I'll say it again: "chr(1000)" with PHP returns the value of 232.
It is doing so due to bit manipulation ($value & 255), but it's actually type of an integer overflow IMHO.Why you ask ? Well, the aim of "chr" is to provide one character of ASCII value. The spec of ASCII chars is very very very simple:
Range of a char is 0 to 127 (they write ASCII and not extended ASCII).If you are converting an integer value to it's ASCII value, and the last value is 255 (going extended ASCII here), then what is the representation of the 1000 value in extended ASCII ?
Answer: You do not have one.
That's why normal languages (give or take) return an error that you are out of range.When you give an answer that is not an error, then it means that there is a representation for the value. but 1000 is not 232, it's 1000, and 1000 is out of range.So you might call it a bug right ?
Well according to a person that works at Zend, it is a feature, and the bug is that it is undocumented feature.

Here it is (typos are from the original email):

First of all, this is not integer overflow. integer overflow is hwen the aritmethic result can not be held in integer. here, the function translate what it can and should, which is the last significant byte. I don't see a problem with that except of that is should be documented. if you test 1000 & 255 (the last byte of 1000) you will see that the result is indeed 232.

Oh, and this is the bug I opened for it, so you can follow it yourself.
And It's not the first or last of such "features" within the so called "language".


I for one, do not welcome our PHP overlords.
And I think that it's time to abandon this patched "ship" you call a language. The benefits of going in fast, are payed in the long run. with many problems that you actually require an IDE for not loosing your leg by hitting a mine.

6 מחשבות על “Why PHP must be abandoned (in my opinion)‎

  1. Chris

    depends on what you are using it for mate. For developing socket based code – perhaps not. For bit packing, perhaps not. If you want review a decent php platform look at Symfony2 / Doctrine., qualify how easy that is too learn and them come back and make your point. 'Horses for courses', it works fantastically well for web development, and that was it's intended purpose.

    1. ik_5 מאת

      however the amount of security holes of "normal" web development is so vast, that you loose count on this.

      Furthermore, I have more then one tool that inside a web request, but do a log more work, like creating files, download content from different location etc…
      If all you can do is create a static page with PHP without any errors, then what is it good for ?

      The code I got with PHP actually was developed for web. it contacted a tool and return something to the user using a web page…

  2. ארתיום

    Maybe PHP should be abandoned but for the reason you show there.

    No language would prevent from Stupid programmer doing stupid tasks. If someone does number serialization and does it bu casting it to char than it is his problem.

    BTW in many other languages where casting one integer to other does not cause exception.

    The problem is not that casting throws or does not – the problem is that the programmer
    should not use casting in fist place

  3. Yoram

    I am the "person that works at Zend" that is mentioned in the post, some clarifications :
    PHP has bugs, every language do, I have no motivation do deny bugs in PHP, on the contrary, I was involved in fixing some of them, those and many others are documented in public bug tracking system.
    I gave a private answer to a private email question, my answer represents my opinion only.
    While Ido has the right to publish a private mail, he gives (probably by mistake) the wrong impression that he got some kind of defensive reply from those who are responsible for PHP. well, Zend doesn't own PHP, it's not even major contributor to PHP. me responsibilities in Zend do not include contribution to PHP development except for bug fixes, certainly they do not include "defending" PHP in public (such thing I wouldn't do anyway because I don't believe that denying problems defends anything).
    After clarifying that, I ask you to keep me out of language wars, If I want to participate in them, I will do it.

    1. ik_5 מאת

      Yoram, It's not a language war, I can't consider PHP as a programming language.
      I do not call here to use X instead of Y, I'm just calling to stop using Y.

      PHP is unified set of tools. Each of them act and react differently.
      Some functions return null, others false, some 0, and other will throw an exception or not report an error at all.

      I would expect a too set of ways to report problems in the official libraries, yet the official ones, act different. even on the same subject.

      Instead of cleaning the so called language, it constantly introducing patches to existed issues that the syntax provides, while keeping the syntax and idea intact.

      There are so many error prone code inside of PHP by just using the syntax .
      There are many ideas that implemented poorly, and never get fixed.
      When version 6 was announced, everyone talked about how sadly it is that it does not fix the syntax, but only add features to it.

      Normal developers shout and screamed on how stupid it is not to clean and solve problems. At this time, no different roadmap was given to solve the things that the developers are acting.

      Look at my bug report, the answer there was "Check it in the source code before using it".

      PHP was the king of XSS and SQL Injection due to this approach. Isn't time to change the whole way of thinking, instead of anything else ?

      I'm not attacking you personally, just the way things are pictured here.

  4. Yoram

    Well, now you raise some real issues of PHP, unlike the former one.
    BTW, inconsistency in functions behavior is not exactly a language issue – implemented functions are not "the language", they are functions you can use (or not use) when writing PHP code, they are part of different extensions and they don't neccessarily have to follow the same guidelines, convensions or specs, on the contrary, extension that supply binding to known library (such as mysql) will most-likely give an API that is similar to the one given by the library.
    for example, If I write usable library for pascal with on API convenstion, and you write another library with other convention, does that make pascal inconsistent ?

להשאיר תגובה

הזינו את פרטיכם בטופס, או לחצו על אחד מהאייקונים כדי להשתמש בחשבון קיים:

הלוגו של WordPress.com

אתה מגיב באמצעות חשבון WordPress.com שלך. לצאת מהמערכת /  לשנות )

תמונת גוגל

אתה מגיב באמצעות חשבון Google שלך. לצאת מהמערכת /  לשנות )

תמונת Twitter

אתה מגיב באמצעות חשבון Twitter שלך. לצאת מהמערכת /  לשנות )

תמונת Facebook

אתה מגיב באמצעות חשבון Facebook שלך. לצאת מהמערכת /  לשנות )

מתחבר ל-%s

אתר זו עושה שימוש ב-Akismet כדי לסנן תגובות זבל. פרטים נוספים אודות איך המידע מהתגובה שלך יעובד.