You may have heard a few rumors going around...
"PHP is just a scripting language."
"It's only used by beginners."
"PHP always ends up as spaghetti code."
"PHP is insecure."
"Only the smartest, sexiest people use PHP."
Ok, maybe that last one was me... but hear me out! Much like the old stereotype of "only nerds play video games", PHP definitely earned a few unflattering labels many years ago. Times have changed and developers in the know tell a very different story. Just like all the cool kids now play Fortnite (do they? I don't know), PHP is nearly unrecognisable from its days as the scripting language 'Personal Home Page'.
As a developer for 15+ years, I remember when PHP's claim to fame was that you could put dynamic pieces into your HTML pages. Heck my own first use of it was to just include the common header and footer across all of a website's pages. So I've seen first-hand the evolution of PHP. But let's dig into the evidence.
Some of the knocks against PHP were legitimately earned years ago. PHP had some configurable defaults, like
register_globals that poisoned the namespace with user-supplied values. And
magic_quotes_gpc that confused basically everyone. But these two and several more were removed from the language several versions ago. Today, most of the security criticism surrounds PHP's ability to execute commands at the OS level, as well as vulnerabilities common to most web-facing languages.
PHP's power and flexibility gives you enough rope to solve nearly any problem, but also enough to hang yourself. Commands like
exec are indeed dangerously powerful. In fact many environments disable it entirely. However many languages have similar means of reaching into the OS layer, and this power alone is not a criticism. Instead it's usually paired with PHP's beginner friendliness. Evidence of beginners doing risky things is not PHP specific, instead I think much of this criticism actually stems from another reason.
PHP is easy to install, and in fact already exists on most hosting services. Tutorials, code samples, and articles are absolutely all over the place. Many of these are old and outdated, but still only a quick search away. Blame or bless the web for that fact, but it amounts to one problem (old tutorials still kicking around) and one benefit (PHP is easy to learn). Running an environment is easy, it's free, and no compiling means writing and publishing PHP code is a breeze. Many high-school and college web development courses cover PHP. See what I'm getting at? The PHP community is one that is flush with beginner programmers. Less a flaw of the language and more a testament to PHP approachability, it presents a challenge for the community: how do we encourage and promote the teaching of PHP in a responsible, secure way that emphasises best practices? Meanwhile, an abundance of beginners means many of those stick around to become highly experienced and sought-after experts.
PHP's history as a scripting language for websites left it out of the loop of SOLID design principles, design patterns and frameworks. I speak in the past tense, because this has not been the case for many years. Sadly, PHP suffers from the classic developer trope that we all hate the code we wrote ages ago. Imagine that you were one of the army of beginners who learned on PHP. You wrote terrible code (I forgive you), then got a new job because of an opportunity or moved to a new language because new is exciting, and left PHP behind. Now you're a mature developer using a different language and your memories of the amateur PHP you wrote form your opinion of PHP forevermore.
I used .NET in years long past. The code I wrote then is shameful. When I returned to PHP it was to discover for the first time concepts like SOLID, design patterns and MVC frameworks. It was an eye-opening dive into the world of meticulously crafted code. The mistakes I made in .NET do not equate to a criticism of it. PHP applications today are built with these modern best-practices. The language itself has evolved to be much faster, and support the object-oriented patterns other modern languages have. PHP 7 is beautiful and version 8 is around the corner.
Modern frameworks like Laravel and Symfony have tamed the wild west of PHP and brought some craftsmanship to our code. Composer, the elegant package manager for PHP has conquered the old problem of everyone reinventing the wheel.
Not me! Ok, I do use it on a few sites (one-click updates, it's a godsend), and WordPress is often cited as one of the main arguments in favour of PHP. I break convention and don't really think WordPress's popularity is evidence of PHP's value. You can write a CMS or a blog in many other languages, and while it's a great application, it isn't proof of PHP's versatility and power. A more interesting argument is the kinds of applications that can and are being built on PHP. If Facebook being built on PHP doesn't impress you (it doesn't? really?), I have personally encountered the following types of applications and enterprise software built on PHP:
- Accounting software
- Insurance rating engines
- Big data analytics
- World-class ecommerce sites
- Project Management software
- Command-line utilities
- Real estate sales and marketing software
- Video games
- In-browser graphics editors
It's kind of amazing actually. I'd struggle to think of a domain that couldn't be tackled by PHP. I think this is one of the best arguments in favor of PHP today. If you still think PHP is only for jazzing up a website, you haven't been in it recently.
I've intentionally left off criticising other languages from this article, every language has flaws. That's not how I roll, and I think PHP stands on its own merits. The main problem PHP has these days is overcoming its own - no longer accurate - reputation from years and versions long past. There is a dedicated and talented team continuing to work on PHP, and new versions are rolling out more rapidly these days than in the past. In fact the version 5 branch which is the last to include most of the things PHP has been criticised for, is past its end of life. Version 7 is a fresh, faster new vision for PHP. Don't let old opinions, and critics' disgust for their own code written years ago sway you from giving PHP a try.
And if you're already in the community, raise your voice with pride and spread the word!
Special thanks to the PHP core development team. ❤