re: PHP lets you create bugs and security issues super easily. The only consistent thing about PHP is its inconsistency. It is so bad that Facebook cre...

You can create bugs and security issues super easily with nodejs too.

In modern backend environments php is not used naked anyway, most of the time your framework will be based on secure and field tested components (mostly coming from Symfony). Laravel is based on symfony for example, you can also very easily create your own custom and secure framework using symfony components.

I would say that PHP is still quite valid as a backend OOP programming language. Especially with PHP 7.

NodeJS can replace php for the best in many areas where php used to be chosen by default, for a lack of better alternative, but that doesn't make php irrelevant. Not everything needs to be a micro service, and many projects use both php and NodeJS.


Yes, i really felt that NodeJS can replace PHP, i have had failovers in PHP where my website was attacked and stuff, but as far as NodeJS is going its going pretty smooth but because i came from PHP, i really find that PHP is a good language to start with in making good programming concepts.


PHP is uniquely bad in that the people behind it continuously make bad choices in designing the language. T_PAAMAYIM_NEKUDOTAYIM has existed since PHP 3 and is still visible as part of parsing errors today. It should be renamed T_DOUBLE_COLON but somehow still hasn't been, and the manual entry makes it seem like it's a cute and quirky feature of the language. Oh look! You have to know a very specific subset of Hebrew to work your way around the code!


PHP doesn't abort execution and show a 500 on error. No. Instead it just sends the half-finished paged with an error at the top that is guarenteed to break the page.

PHP wasn't designed with you running a server process, and any framework that tries to use PHP this way undermines itself completely by having to spend 98% of its development time working against the fact that they're trying to run a modern 3D game on top of SNES-like architecture. PHP was made to be the OG serverless language, running per-requests instead of as a daemon process. But even that very core feature of PHP was butchered.

No attempt has been made to standardize the signatures of standard library functions. Sometimes snake_case, sometimes pascalCase, sometimes nocase, sometimes the verb is first, sometimes the noun is - and for array functions, sometimes the array goes in first, and sometimes last!

PHP is the only language with a configuration file assigned to it. Not a list of language features to turn on/off, no. Configuration that will change the way the language works. Which means you can't take the code from one server to the next and expect things to work. You also have to take into account the configuration of PHP itself.

While JavaScript has its share of "wat"s itself, comparison in PHP, and more generally type coersion in PHP is a PITA, and that's a huge euphemism. Oh, and while JavaScript's == is weird but understandable, PHP's ==, oh boy...

These aren't usage errors, where the developer wrongly assumes something about the code itself and unexpected behavior emerges. These are weirdness coming from the language itself, which makes it extra hard to wrap your head around how to use the language itself, and as a result makes you more prone to errors.

Finally, someone will say "oh but language X or Y also has these quirky features". Oh it's okay then, some other language is weird in this aspect, therefore it's okay to put it in PHP. Therefore PHP really is Frankenstein's Monster of programming languages.

Oh yes. That and more.

On a sidenote I thought that T_PAAMAYIM_NEKUDOTAYIM was fixed in recent versions but it seems that it was actually not. 🤦

I'm surprised there is no other languages in the error messages though

To be honest, I like this historic, cultural error message. Even though it should be accompanied by a clearer error message. It is a simple error and explained when searched for at nauseam. That being said, I would never go back to PHP after having switched to Node.js with Typescript.


Yes, for example:

myFunc() {
    setState({ "number" : 1 });

The code is right, it compiles but it ignores the fact that setState is async. So it will act randomly.

And it is a basic example and it is a REALLLLLY common mistake.

Lolx rules are rules we didnt make em so we gotta follow em... I think what you might be embarking is creation if a new language above a language...

The evolution of assembly to java and beyond now

Yes, although it's mostly a front-end issue. On the back-end if you try to access DB data in a non-async way you'll quickly realize that the data is simply not there. I've been handed large amounts of amateur JS and there was MANY issue but not really that one.

The kind of issues that PHP enables are more like "let's execute this unfiltered user input" which is way more dramatic than a randomly-bugged front-end component.

The kind of issues that PHP enables are more like "let's execute this unfiltered user input" which is way more dramatic than a randomly-bugged front-end component.

Validating the user input is anything but trivial. But I don't think Javascript is doing it better. AFAIK, MVC c# it does it right, we could validate the type, the long, if it is present or not and such.

There are some libraries that do this job but natively both languages don't do their duties.



Oh well, I assumed that frameworks would make sure that req.param('name') is a valid unicode string while $_GET['name'] can be any string of bytes but maybe I'm expecting too much?

In any case, you can write stupid code in all languages. But to be specific to the $_GET issue, it's so easy to break encapsulation using it (because it's global). Same thing with $_REQUEST, what is the point of this except getting X-whatever-scripting attacks from all sides?

PHP is just next-level compared to anything else in terms of possible misuses.

Code of Conduct Report abuse