Skip to content

Rasmus Lerdorf is praising PHP ...

Rasmus Lerdorf, the creator of PHP, tells us (here), that the web is broken and "we" had damaged it. But there would be PHP, which can fix all the issues. Ok, let's see, what Rasmus has to tell us.

"You don't know that you have to filter user input" ... ohm, which programming language was it, who made the user input from web available in the global namespace without further action? Which programming language was it, who triggered myriads of bugs in any kind of webapplication because of this "feature" in the past, the present and even in the future although the register_globals option is disabled in recent php versions? It is clear, that no beginner knows about filtering of user input, if PHP makes any input available without further checking.

"The Web is pretty much broken, we can all go home now" ... oh, and who broke the web? Which programming language cannot accept points in variable names in the web input and instead does rewrite every point to a underscore? No way and no intention to fix such a horrible behaviour in current releases. Look here for more details, the part about "Dots in incoming variable names". Surely this happened because of the ugly register_globals "feature", but variables like $_REQUEST are a good place to hold the original input name.

"PHP5 includes all manner of functionality to help developers filter requests, to help prevent the broken Web." ... so it took 5 major releases and 11 years to create a software with adequate functionality? Beside this, the documentation part about "User Submitted Data" in the security section does ask you (the developer) 5 questions about the security of your program, but there is no further explanation, how PHP may help you to secure your application. No links, almost no comments, nothing. You have to go and learn the answers somewhere else.

"If you can fit your problem into what MySQL can handle it's very fast," Lerdorf said. "You can gain quite a bit of performance." ... of course, if i need a filesystem with a more structured access method than fopen/fread/fwrite/fclose, Mysql comes into my mind. If i need a real SQL database which stores my critical business data, than a standard Mysql is not an answer. If Rasmus talks about performance, he surely does not mean performance and integrity of your data. Or could you tell my, why PHP does not even support transactions in the feature-rich set of database functions?

If you switch from the standard (My)Isam tables to tables with transactions (like Innodb) to gain some safety for your data, then your performance advantage is gone and the timing results are comparable with the Postgresql database which is blamed here by Rasmus. But of course, full ACID support is available in the latter.

I could continue speaking about the problems PHP brought to the web, the security holes PHP brought to the average developer and administrator, the uneloquent approaches PHP brought with quick and dirty solutions and the excuses Rasmus brought to defend real problems out there, but the list could run almost endless.

  • Twitter
  • Bookmark Rasmus Lerdorf is praising PHP ... at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg Rasmus Lerdorf is praising PHP ...
  • Bloglines Rasmus Lerdorf is praising PHP ...
  • Technorati Rasmus Lerdorf is praising PHP ...
  • Fark this: Rasmus Lerdorf is praising PHP ...
  • Bookmark Rasmus Lerdorf is praising PHP ... at YahooMyWeb
  • Bookmark Rasmus Lerdorf is praising PHP ... at Furl.net
  • Bookmark Rasmus Lerdorf is praising PHP ... at reddit.com
  • Bookmark Rasmus Lerdorf is praising PHP ... at blinklist.com
  • Bookmark Rasmus Lerdorf is praising PHP ... at Spurl.net
  • Bookmark Rasmus Lerdorf is praising PHP ... at Simpy.com
  • Bookmark Rasmus Lerdorf is praising PHP ... at blogmarks
  • Bookmark Rasmus Lerdorf is praising PHP ... with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Identi.ca

PHP does not need Transactions

Just stumbled about a curiosity: there are 82 functions in the current PostgreSQL part of PHP. Functions like pg_select(), which takes from you the burden of writing a "SELECT ... FROM tablename" or pg_delete(), pg_insert() and pg_update() which all does, what do you expect: select, delete, insert or update and make the error checking. There are even 7 different functions for getting your results back into PHP.

But there is no function for starting, committing or rolling back a transaction. It seems, the message about the usefulness of transaction has yet not reached the PHP developers. Not that i'm surprised, the standard PHP/MySQL user seems to have no need for transactions ...

  • Twitter
  • Bookmark PHP does not need Transactions at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg PHP does not need Transactions
  • Bloglines PHP does not need Transactions
  • Technorati PHP does not need Transactions
  • Fark this: PHP does not need Transactions
  • Bookmark PHP does not need Transactions at YahooMyWeb
  • Bookmark PHP does not need Transactions at Furl.net
  • Bookmark PHP does not need Transactions at reddit.com
  • Bookmark PHP does not need Transactions at blinklist.com
  • Bookmark PHP does not need Transactions at Spurl.net
  • Bookmark PHP does not need Transactions at Simpy.com
  • Bookmark PHP does not need Transactions at blogmarks
  • Bookmark PHP does not need Transactions with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Identi.ca