[commanderkeen08]

Honest question: what are people using if not PHP? Node? Python? The 80% of us who aren’t FAANG and are writing CRUD apps. I’ve tried researching the pros/cons and all I get are low quality listicles.

Nobody can tell me why PHP is “bad” or what Python does that PHP can’t. Inconsistent params are the only argument I’ve heard. Which my IDE solves. What about JavaScript splice vs slice. I look it up every time.

[Hasu]

I write PHP for my job almost every day, and have for the past 4 years, and there's some truth to what you say: anything you can write in another language, you can also write in PHP.

Personally, I can't stand writing PHP, because, sure, I can write secure, testable, safe code in any language, including PHP, but, how do I say this, PHP is the only language that feels actively hostile to my attempts to do so. The house style at my current company could be boiled down to "Check 3 times that there are no PHP footguns present in this code. We have been burned before." The developer experience and tooling is far behind comparable languages. I feel like I have to put my sysadmin hat on to fix anything that goes wrong with my environment.

When I write Javascript or Python, I have complaints and issues, but I enjoy writing code. I think PHP, for many programmers, including myself, is just a hostile and unenjoyable experience. If you enjoy writing PHP, I have nothing against you and am certain you will remain employable, there's a lot of PHP out there.

> Honest question: what are people using if not PHP? Node? Python? The 80% of us who aren’t FAANG and are writing CRUD apps.

Python, Node, Java, .NET, Ruby. MVC CRUD apps are pretty similar in all of these (also in PHP). All of those languages (including PHP) power many many many software companies (including FAANG, who use a lot of Java and C++, and Facebook famously was built on PHP).

[hnarn]

> When I write Javascript or Python, I have complaints and issues, but I enjoy writing code. I think PHP, for many programmers, including myself, is just a hostile and unenjoyable experience.

Surely JS has at least an equal amount of foot-guns to PHP. I mean, at least PHP (to my knowledge) never had a meta-language written around it that compiles to PHP to make it safer.

[regularfry]

Did Hack start that way, or am I misremembering?

[paulryanrogers]

IIRC Hack transpiles to C++ with an intermediate build step. So not exactly the same.

[tored]

What footguns would that be?

[tored]

When picking server language for web development I think it is more important to look at how the platform works rather than language features.

This is important

  * memory model (shared, per request, etc)
  * request model (by the app or by the web server)
  * compilation/build step
  * deployment 
  * hosting
  * tooling (IDEs, linters, testing, package manager, etc)
  * how to scale
  * available programmers
  * community

This is not important

  * $ in variable names
  * arrows (->) for accessing object members
  * argument order in standard library
  * not elegant enough

[emodendroket]

Out of date but this is the classic anti-PHP polemic. https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/

[francislavoie]

Can we _please_ stop posting that link, in 2021? It's very, very outdated.

[emodendroket]

I warned it was outdated and it has a date. Nevertheless, it's a classic piece and a number of the criticisms are still true. I don't see what makes it any worse than linking to the Unix Hater's Handbook, which is also outdated in many respects and yet still considered a classic for a reason.

[ipaddr]

It was out of date when it was written.

[sam_goody]

People are using Node. And they move a lot of the processing to the front end with things like React.

They have trouble grokking that there is a method of dev in which the server is not the language parser, so all other languages feel like a wrong step.

Here on HN someone just asked why anyone would write in anything except JS [1].

Now, Node has it's advantages, and so does PHP. My personal preference is PHP. But in mindset, Node is far ahead of anyhere that Rails or Django ever got in their respective waves.

[1]: https://news.ycombinator.com/item?id=29321426

[equinoxmist]

Golang.

Static typing, concurrency, blazing fast, single binary.

[nicce]

Statistically PHP software has the most vulnerabilities. They are also quite different when compared to other languages. Language has many features which might be used unintentionally by programmer, leading for serious bugs. Not a good language to start with.

[ipaddr]

What features are used unintentionally leading to serious bugs?

[emodendroket]

The ease of the "just put it on the filesystem and it can be run!" system also opens up security vulnerabilities when people want to enable file uploads, for instance. I think the proliferation of places you can put configuration for the runtime is also a potential source of issues, as are various forms of string escaping that should be avoided.

[nicce]

Take a look for https://book.hacktricks.xyz/pentesting/pentesting-web/php-tr... for example. (Note also, that is the only programming language specific list, which is one mile long.)

[ipaddr]

These are older issues. When you see comments like: This bypass was tried apparently on PHP 5.2.5 and I couldn't make it work on PHP 7.3.15) I'm not sure these apply anymore. The loose == vs strict === exists in many languages. You can make the same mistake in Javascript.