PHP now has a bad reputation because it used to be “terrible”. This article tries to answer some common assertions about PHP in order to explain to non-technical people that PHP is not as bad as many people say.
1、它是不是鼓励糟糕的实践?
Not anymore. In the past, many developers were taught very bad practices in books, so the quality of PHP code was very poor. PHP once allowed you to do some very strange things that made it very easy to build, but it was a nightmare to maintain.
These are no longer common problems. With the introduction of high-quality learning materials, which are easy to learn and easy to obtain, a new developer can learn PHP in the right way. In this way, it can avoid junior developers writing code that is very painful to maintain because they don’t know the right way to build things.
With the introduction of the framework, most of the common code that led to many bad experiences is now completed automatically; Therefore, developers only need to use the framework, and the framework can code it correctly.
Moreover, over the years, some bad practices are caused by missing features, resulting in the permission of things that should not be allowed. In most cases now, it is not even possible to implement something previously written to lead to this reputation.
Summary
- It no longer encourages bad practice
- Bad practices are avoided by using frameworks.
- Language features are now much discussed. Bad features are no longer supported.
- PHP adds most, if not all, of the features found in other languages.
2. Isn’t it very safe?
In the past, the security of PHP applications was usually poor because the language allowed it. These things are no longer used because the development of PHP applications is now completely different.
By using the autoloader to include files instead of dynamically including files, remote and local file inclusion (where PHP reads files from other addresses instead of the original intended address) has been removed.
Through the extensive use of the template system (which can automatically deal with the escape and security problems of displaying dynamic content), the cross site scripting attack caused by the direct use of HTML in PHP (where one user adds a JavaScript script to the place to be displayed to another user) has been avoided.
By using prepared statements in SQL, SQL injection attacks are avoided (this is caused by the need to build SQL queries and send them together with data, in which users can add additional SQL commands to the queries). In addition, ORM is widely used to ensure that user data and queries are sent separately, and SQL cannot treat them as separate commands.
Through the widely used form library of nonce system, cross site request forgery is avoided (in which users can be tricked to perform some operations on your site).
Summary
Not anymore.
- Remote and local file inclusion is avoided by using an automatic loader (standard for all mainstream frameworks).
- Cross site scripting (XSS) attacks are avoided by using template language as standard or a front-end framework (such as react).
- SQL injection is avoided by using orms and widely using prepared statements.
- By using nonce token (automatically supported by all mainstream frameworks), Cross Site Request Forgery (crsf) attacks are avoided.
3. Is it really slow?
It depends on what you compare it to. If you compare PHP with Java, C, or go, it’s slow. But if you compare PHP with Python, ruby, and so on, it’s not slow. PHP is one of the fastest languages of its kind and continues to improve performance.
In most cases, your application is slow because the server is overloaded or the database query is slow. These problems exist in any language.
Summary
- PHP is slower than compiled languages.
- PHP is faster than other scripting languages.
- Websites are usually slow not because the language used is not fast enough, but because of performance problems caused by the server or database.
4. Is its scalability really poor?
In fact, any language can scale. Compiled languages (such as go, C, or rust) have lower extension costs than scripted languages (such as PHP). However, they are not designed for the same task. In fact, they are all the same; It simply boils down to the number of servers you use. If you use enough servers, you can expand any application. PHP has lower expansion costs than other scripting languages because it requires less resources to start running and can run on smaller memory servers with more CPUs.
In addition, for scalability, the database is important. If you can expand your database, you can expand your application. Databases are more difficult to scale than application servers. It’s easy to add another client to read the database; However, it is much more difficult to make the database run quickly.
Summary
- Any language can be flexible; It depends on how many servers you use.
- The real problem with scaling is the database, not the application language used.
- If you can expand your data, you can expand your application.
5. Should I always use it?
no Each programming language has its area of expertise. PHP is ideal for web applications. You should use it to build websites and APIs.
If you are building a system application where every millisecond is important, use rust or C.
If you are building an AI application, Python is a good option.
If you are building a SaaS application, PHP is a good option.
If you are building an Android application, kotlin is a good option.
If you are building an application that runs on multiple platforms, Java is a good option.
Summary
No, every language has its best use case.
The best use case for PHP is web applications.
Go, rust, C are suitable for system applications.
Python is suitable for artificial intelligence.
Kotlin is suitable for Android applications.
Java is suitable for platform independent applications.
网友留言: