Article: PHP Mythbusting »
FERDY CHRISTANT - APR 1, 2009 (01:40:59 PM)
PHP is a technology that is often debunked as sloppy, inconsistent, immature and not enterprise-ready. I have used PHP for a few years now, for projects small to very large. I have seen it in the enterprise context, certified myself in PHP and am a loyal follower of the online communities. Through this article I want to bring forward my opinion on PHP and bust some myths at the same time. Let's get to it.
"PHP does not scale"
This is an easy one to bust. PHP does scale. In large scale web applications, the middleware, whether it is PHP, Java or anything else, hardly ever are the bottleneck. PHP typically ties into Apache, a world-class highly scalable web server. Considering that huge websites such as Digg.com and many others are built on PHP, there is little evidence to support this claim.
What critics often mean with this statement is that PHP does not perform. Performance and scalability are two different things though. Considering PHP performance, the typical remark is that it is an interpreted language. This is true, PHP is compiled at the time of a page request, however I have little reason to believe that this is an issue with today's hardware. And if it is, don't worry, there are various PHP optimizers available on the market. these optimizers pre-compile PHP pages, speeding up page processing considerably. There is also a wealth of solutions for caching. PHP scales and performs just fine if you know what you're doing.
"PHP is sloppy and inconsistent"
There is a core of truth to this claim, the language itself is a bit inconsistent due to historical reasons. Particularly the function space suffers. Where a modern language provides namespaces with consistent function grouping and naming, PHP has no namespaces at all and the occasional weird function names.
For example, in Java you might have a java.lang.String namespace with methods consistently named in it, PHP simply has a list of string functions without any namespace at all. Sometimes a string function starts with "str", sometimes with "str_". For people with a strong background in OO, this certainly does feel sloppy. Personally I hardly consider this a showstopper, if you do serious development in PHP, you will quickly get used to the weird function names. It's not a sign of elegance, but definitely workable.
Another aspect of this claim is the runtime environment. There is a very good side to it: PHP can run on pretty much any platform and tie into all common web servers. However, in practice you may find that the large amount of PHP versions, compile-time directives and ini settings can lead to a large variety of runtime environments. PHP's flexibility comes at a cost, but not at all costs. In practice you will have hardly any issues if you're not doing anything uncommon.
"PHP is for hobbyists and invites for sloppy programming"
This argument is getting seriously outdated. Yes, PHP has little barriers for beginners and is the de facto choice for web hobbyists, given its low costs and wide availability. True, PHP without and training or experience invites for procedural programming. And finally, yes, you will find tons of poor examples online.
However, during the last years a new movement has arrived. PHP 5 now has good OO support. There is a large audience of PHP professionals who use it in a serious context. There is a certification program. There are a number of world-class frameworks that promote and support good architecture and OO practices. There is Zend, a commercial entity pushing the product further by delivering enterprise support.
It is possible to do sloppy programming in PHP and the language even hints the unknowing towards that path. Yet it does not differ much from any language: if you don't know what you're doing or what is possible, you will always end up with sloppy solutions. PHP has as much potential for proper application development as any other platform.
"PHP is not ready for the enterprise"
What does this even mean? Is the enterprise some magic place where common rules don't apply? Let's discuss some things that enterprises typically desire from their platforms:
- Support. PHP is open source and does not have it? Wrong, Zend supports PHP.
- Tooling. All the tooling you need for PHP development are readily available, most open source, some commercial. Zend offers a great IDE and runtime platform with advanced monitoring facilities. With PHP development, you can also nicely integrate with off-the-shelf solutions for professional development, such as Subversion for source control and Ant for build management.
- Integration. PHP speaks webservices, REST, SMTP, FTP, RSS and there are tons of additional libraries for the most common enterprise application integration scenarios.
- Documentation. PHP is very well documented. It is documented for productivity, with lots of examples and user-contributed notes. Much easier than the typical library documentation where you have to find your way around namespaces, obscure parameters and lack of code examples.
- People. The market of true PHP professionals is not as big as some other platforms, but it is definitely growing. In the enterprise where I work, we never had an issue sourcing PHP professionals in any part of the world.
I could go on, but I definitely think PHP is ready for the enterprise. It is a misconception to believe it is not. Major web companies would not bet their existence on it if it was not ready. I have personally seen enterprise PHP development for three years where I work, and it was a major success: low cost, highly productive, awesome performance, flexible, easy to learn and easy to automate and control. This is not to say that you should build everything in PHP, yet it is definitely suitable for most web applications, no matter how large or complex.
To me, PHP's beauty is in it's simplicity. This in turns leads to a high reusability, low costs and high productivity...something every business needs.
"PHP is insecure"
This is an often-made claim but I am not sure what it means. I have never found any evidence to support the fact that PHP as a language is insecure. There is plenty of evidence though that some popular PHP applications, such as phpBB, are insecure, and since it is widely spread, the impact is large. PHP also offers some environment settings (such as register globals) that invite for security leaks in applications, but anybody who knows a thing about PHP knows not to use those features. I think PHP is partly to blame in offering the features (that intend to make building applications easier) or having them enabled by default in some cases, yet I can hardly blame the language itself for it. As a professional you need to be aware of the most common security risks and settings, just as in any platform.
I'll stop now. During the writing of this article I discovered another article called 10 PHP Myths Dispelled. There you will find even more common myths about PHP. In closing, I would like to stress that I am not particularly biased or a fan of PHP. I've used multiple platforms in my career, obtained multiple certifications and continue to use multiple platforms. I hardly ever indulge in platform wars, but I do enjoy revealing the truth about them. My truth for PHP is that it is a very capable platform for many purposes, with a model that is attractive for many businesses and professionals. It has it flaws here and there, but no flaws that cannot be overcome with a bit of knowledge and experience. PHP's domination on the web is the living proof of that.