Fredrik Christenson is an experienced programmer from Sweden.
Transcription:
hey guys so today you and I are going to
talk about PHP and why people dislike it
so let's get into it so the questioning
question was pretty much that Frederick
can you explain to me why people dislike
PHP and I'm pretty sure that I have
answered this before but hey repetition
is fun so the short answer is that
usually the it's this you it's usually
that's in the three usual suspects here
and the three usual suspects is number
one it is a loosely typed language or a
scripting language which is not that
popular with some people the second
thing is that it is on performant under
circumstances where you have a high i/o
rate in other words it's not possible
well it's it doesn't have a first-class
support for asynchronous work which is a
thing for quite a lot of people and
third and lastly it is insecure and more
insecure than quite a lot of different
other kind of programming languages and
what I mean by being insecure is
basically that it has certain features
and it's built on certain technology
that is fairly easy to exploit let me
explain so if we're going and gonna go
top to bottom here the first thing is
that it's a scripting language now it
has like PHP has added support for a
type system to it but it doesn't really
it's this is the thing guys the reason
why people hate PHP or dislike it is
very similar to why people have this
have a prejudice or a problem with
JavaScript or things like that guys I
want you to just hear it from me please
stop listening to these idiots because
they are idiots and they will always be
idiots they are ignorant people who keep
on repeating things that sort of are
true and are less and less true the
further we go along and what I mean by
that is basically that the most most the
majority of people who hate jaws or hate
jóska for reasons that are they
on assumptions and knowledge that hasn't
been relevant for quite some times for
some time there are still issues with
PHP there's still issues with JavaScript
but there's guys if you didn't know it
C++ and C are on near on the
most insecure languages on the planet
there are more problems with C and C++
than you can possibly imagine these
applications that you try to build with
these these languages I mean these are
the support supposedly usually this is
well at least what I find the people who
hate JavaScript and these languages the
most are usually C and C++ developers or
people like that but let's be honest
here
if we're talking about exploitation
and security and things like that C and
C++ are not really that great because
they're insecure languages are hey ergo
we invent rust to sauce try to solve
that sort of problem and you have tons
of issues with memory leaks and things
like this that are specific to that
language and so what I try what I'm
trying to say to you here guys is that
there will always be someone who hates
on your language and you can pretty much
ignore it most of the time because the
only thing that really dictates if
there's any real the lid of your truth
to what they're saying is
if the language is unusable or that it's not
popular and basically what that means is
that every single language has problems
all of them no exceptions even go ago
has problems tons of problems rust has
problems also like it doesn't matter
which language you pick Java C shop in
Python there are always pros and cons
with everything and with everything so
the people who hate on it hate on it for
their reasons and you may be aware of
and more but not because no other
language has a problem but rather
because there is a stigma or like
there's a community of people who have a
history on of hating on a specific
language because of a track record that
may not even be relevant anymore which
is the case with PHP which is the case
with JavaScript if you want to film find
really really big problems with other
programming language that are split
there's plenty
go around and trust me cm for c++ and c
are up there together with these
languages if we're talking security as
an example but the primary thing is as I
said it's loosely typed in a scripting
language that is loosely typed is
usually well it's not it's not the
greatest thing and the reason is you
should because people build a feel like
it's not possible to scale a scripting
language which is also completely false
it's completely false there is a truth
to it it is easier to scale up a system
or like a code base to a really really
large size if you have a type system
because it makes it less likely that
you're going to produce certain problems
or you're going to misspell something or
you're going to mess up an importer
things like that so there's no
discussion that makes it easier but
making a saying that is impossible it's
absolutely false the second thing is
performance so PHP has a threading
system but so you can run things in
parallel but you're not really going to
be able to squeeze as much performance
out of it if you want to do asynchronous
work such as if you were to work in node
or similar sorts of things so if you're
going to do something that has like a
fairly heavy workload or things like
that
it's PHP is a very useful and useful way
of doing that because you can mostly
thread it now you technically you can do
that in JavaScript these days as well
but that is one of the things as well
that people feel like oh no if I'm gonna
make a application that I don't know
does high frequency stuff like you're
going to build something that is
absolutely like bleeding-edge as fast as
humanly possible and for some reason
everybody believed quite a lot of people
believe that that is the most important
thing when you're building web
applications which is also not true it's
not true even a little bit but the
fanboys and the forum people who seem to
have a fraction of the knowledge that
they need act as if this is the case and
any decent professional will know that
this is not the case what you usually do
when you talk about performance is that
you evaluate your pros and your cons and
then if you find
that Wow there's a big there's a
bottleneck here or you profile that this
is a performance issue right here or
that you have a use case where
performance is a major issue then you
optimize for that if you optimize for
performance
you don't just blurt out that or it just
can be about performance I mean there
are so many cases and so many companies
out there that use PHP at the largest
largest scale Facebook would be one
example how many applications do you
think that uses go or at the same sort
of scale now there are applications that
are very performant and there are
applications that are very popular what
are you going to optimize for can--it's
there there is no as I said as I've said
guys there is no logic and reason to
this
it's just ignorant people arguing over
things that are true under the right
circumstances and then they make that
the whole truth and it's not the whole
truth
lastly security now security is an
interesting thing like I think when it
comes to speech beam I you may you can
correct me here if you want but I'm
pretty sure that there is no other web
language that depend on and related
technologies that have as many exploits
as PHP and it is the hackers favorite
language well not to build things that's
usually Python or C or something like
that but R or C++ but when it comes to
exploitation and finding ways to exploit
the webserver PHP is a very popular it's
a it has a lot of exports Apache has a
lot of exploits and because usually you
have something like a lamp stack or some
or WAMP stack which basically means like
Linux Apache my sequel and PHP that's
you should have a stack that quite a lot
of people use when they're working with
PHP and all of these different
technologies they have very common
exploits or they're bad they have very
famous exploits at the very least so
there's quite a lot of room
to be exploited in some fashion and
other issues such as since it's the
scripting language you basically run
your you raid your files directly from
the file system when you're still when
you run your web server which is another
attack vector where you can do remote
code execution as an example where I get
you to I somehow I get your web server
to let's say you have a file upload on
your web page and if I you can get you
to let's say I can upload a picture or
an image or something like that and all
I have to do there is basically to
instead of giving you an image when I
upload it to your server I give you a
PHP script instead then I can actually
execute that PHP script as part of the
web server and then I can now I have
remote code remote access I can gain
remote access to your system because the
Apache server will actually execute that
instead of just uploading it as an image
this is less of a problem if you have a
compiled language or something like that
but it's still possible to exploit it in
a similar sort of fashion it's just that
people feel that because of PHP history
PHP history that and being associated
with all of these sort of exploits they
feel like it's an insecure language and
to some degree I will I will admit that
that is the case but as I said as I said
earlier if you look at how how buffer
overflow attacks and memory
exploitations work that's another - way
of attacking a system and then the most
susceptible languages for that would be
C and C++ I would argue so it comes down
to pros and cons so what I want you to
take away from this is that number one
stop listening to these people who keep
on telling you that a language is
because it's just bad or because it's
campy use the bar the block the block
use one and only one metric to determine
if a language has viability or not and
that is its adoption rate that's the
only thing that matters and it will
always be the only thing that matters it
doesn't matter if you have a C or C++
programmer or a Haskell programmer
an f-sharp program or a Scala programmer
it doesn't matter how cool they are if
they tell you that PHP is a
language because it's just I could then
just question it because PHP is well
among the most broadly adopted languages
in the world and it's a hell of a lot
more popular popular than some of the
cooler languages but usually the first
thing that people have a problem with is
that it's loosely typed because scaling
a loosely typed system or like a
scripting of with a scripting language
is harder it's not impossible it can be
done and before you you can build very
serious things with it but it is harder
second thing is it's less performant
than the bleeding edge cutting edge
languages or the like the most
high-performance languages quite a lot
of languages are slower but it is a
factor for a lot of people that this is
this is an issue for most most times
they're just worrying themselves over
something that doesn't even exist as a
problem yet but it is a valid concern
lastly security-wise PHP has quite a lot
of exploits so you need to make sure
that you or you keep your version
numbers up you may need to make sure
that you update frequently and you need
to make sure that you follow a really
good security practices now these things
are true for every language
it's just that in PHP it's almost a
little it's at least as important
because of the nature of how the
language actually works but if you
follow these practices there's no reason
for you not to use it have a great day
Top comments (0)