back to article Developers more 'satisfied' with PHP than other codes

You down with PHP? (Yeah, and Ruby) The surveying snoops at Evans Data say developers that use PHP are more satisfied with the scripting language overall than those who program with Ruby, Perl, Javascript, Flex, and VB script. Evans Data said it polled over 500 developers and IT professionals world-wide, asking them to rank …

COMMENTS

This topic is closed for new posts.
  1. Rich

    "than other codes"

    Is this sun-speak or something? It's a programming *language*.

  2. Lou Gosselin

    PHP wins?? Obviously they didn't ask real developers...

    So many problems with PHP...don't know where to start..

    There has been so little focus over the years that PHP has become a hodge podge of things.

    Sure it's nice that it has these features, but why is everything thrown into one global namespace? The lack of namespaces and consistent naming conventions makes one scratch one's head even when using a familiar function. Since many PHP libraries are not thread safe, it becomes difficult to know what code can be run safely under the multithreaded apache versions instead of multi-process, consiquently many web hosts must resort to installing the slower and more resource intensive versions.

    Why in the world isn't there a generic database interface such that code doesn't need to reference mysql explicitly every time a call is made? This is inexcusable and amateurish considering a correct implementation could have been so trivial.

    Anyways, since none of these languages are better than vb script by more than a factor of 2, the results of the entire survey are cast into doubt.

  3. Chris Branch
    Stop

    Cynical take

    Programmers that give a damn about a good language to work with purposely avoid PHP.

    The ones that don't care will obviously be more than happy with PHP, especially with all those code samples to copy/paste.

    I'll bet it's easier to offshore PHP work...

  4. Austin Modine (Written by Reg staff)

    @Rich

    Figured I'd get heat for the headline. OK, I submit to you my inner turmoil: "...other languages" works, but then I thought it would be confused with "languages" in general, like English, French, etc.

    I could add "other programming languages," but that's not exactly an attractive headline. (The column widths on the front page are tiny too.)

    So I fudged it a little and wrote "codes." Am I ashamed about it? Not at all.

    Well maybe... deep down. A little.

  5. Hironaka
    Stop

    PHP hacks

    @Lou Gosselin

    You mean a generic database interface like PDO?

    That PHP coders tend to write sloppy amateurish code doesn't mean the language should be blamed.

    I agree with you on the namespace issue (Python, we love you \o/) and PHP a couple of years ago went from vulnerability to vulnerability. Nowadays however the problem is more that of 'coders' that only know a few HTML tags try their hand at building up stuff in PHP by googling around for bits of code. Which leads to a stinkin' mess of shite the people that do know their stuff can clean up.

  6. Fenwar
    Boffin

    Relatively...

    I was laughing at the "relatively large and complex applications" bit; relative to each other, perhaps, but none of these languages are really suitable for enterprise-scale work, even Python, since the advantages of its flexibility rapidly diminish as the number of developers increases. Python is a fantastic tool for a lot of things, and PHP is effective when you need to get a web app from prototype to live in about 5 minutes. (3rd party libraries allow much nicer database abstraction, but if you're trying to work with character encodings, use of a gumshield and padded work area is strongly advised.)

    But having worked with a few of the languages on that list I can only think that PHP topped it because the majority of developers surveyed only had real-world experience in that language, and were comparing it to the more rigid language (e.g. Java) that they were "forced" to learn at college... so they plumped for PHP since it "gave them more freedom".

    As Chris mentions, quite possibly PHP also scored highly since the online documentation is littered with handy code snippets, which save newcomers the trouble of actually learning to write the language. That task, of course, can safely be left to "the next guy" who will inherit a truly hideous, inefficient and inextensible code base...

  7. Anonymous Coward
    Anonymous Coward

    So far no one has spoken up for PHP

    and I am certainly not going to. I am beginning to suspect they just polled #php on freenode.

    Personal Home Page was written by someone who wouldn't have done it had he known Perl.

    And Ruby, does it even have a language specification?

    And come on where is C, C++, Lisp, Haskell, Erlang that's is where the past present and the future is.

    PHP is just too messy, anyone who codes knows that.

    PowerShell what the hell is that, probably some MS monstrosity. Most of the shells are going POSIX anyhow, but ksh, BASH and ZSH are all very powerful, and didn't get a look in.

    Bizarre, you do feel like whoever collected this data should get a clue, and I bet their site is PHP, probably some PR stunt, to get some traffic to it.

  8. Frank

    @Lou Gosselin re. PHP wins ??,,,,

    I see lots of comments like yours in many casual postings about the merits of various programming languages. I can't agree or disagree with you because I know so little about it.

    I would like to learn though, so can you (or anyone) recommend a good set of websites (I don't want to buy a book) that will explain the differences to me? Comparison example code blocks would be nice along with case studies.

    I'm asking for a lot I know, but if you don't ask then you don't get :)

  9. amanfromMars Silver badge

    ur a very naughty boy

    "Well maybe... deep down. A little." .... Love the fudge there, Austin. :-) Very PGP2 [PerlyGatesPython for Pretty Good Privacy] .... which is Human Readable Code for Virtual AIMachinery into AIR&dDs ........ for Astute IntelAIgents Work in the NEUKlearer Trigger and Quantum Communications Theatres of Operations ........ and most dDefinitely Knights Templar Temporal Zones for Out of this World and Earthy Base Pleasures and Treasures .....via Holy Grail CodeXXXXSS Key Algorithms/Embedding Access Methodologies and Common Unified Practices. :-)

    I Kid U Not. In Life, as in Love, and for Both, is Everything as Simply CompleXXXX as What you Give is What you Get.

  10. Not That Andrew
    Gates Horns

    Odd Bunch

    Odd lot of "developers" they polled if VBScript (WTF!!!) and Windows Powershell featured.

  11. Xander
    Thumb Up

    Carry on

    Nothing new here, really. PHP is a great language.

    I like how "all those code samples to copy/paste" is considered a bad thing. Because saving time on a project by reusing code someone has already made is such a terrible thing and should never be done!

    There's a huge amount of support out there, there's a excellent single resource for the entire language, it supports OOD and OOP, it's free, it works on all the platforms and the practitioners are never pretentious or full of their own hype. I realise all the other languages have these points too - but it's just that PHP does them all a little better rather than one thing brilliantly (which is exactly what the survey shows!)

    PHP is in a very similar state to VB6. Sure it's not the latest thing but a lot of people have used it and there's a lot of support for it. Half the problem I have with .NET is there's so little support out there compared to VB6. The same is true with PHP over other languages.

    As an aside: Javascript isn't run on the server, comparing it with PHP, Ruby and other server side languages is incorrect, surely?

  12. Anonymous Coward
    Alien

    PHP.....

    How PHP got to the top I dont know, developed by retards for retards, and VB coming last clearly something went wrong with this poll, maybe its the wrong way round?

  13. biznuge
    Gates Horns

    où sont les véritables langues

    and where might Java and .NET be in this?

    php is a very accessible language though, with support available wherever you look.

    oh, and programming a PIC 68000 microcontroller is easier than using VBScript. It should be tied in a burlap sack and thrown in the river with the rest of the unwanted kittens...

  14. Anonymous Coward
    Anonymous Coward

    Any chance of this info +

    what they program with for there jobs, if they uses windows/linux (can;t see many developers who script for linux machines using vbscript can you?)

    also a bigger test sample!

  15. Robin Layfield
    Go

    PHP is fit-for-purpose (probably more so than other "codes")

    PHP _is_ a great language to work with. It's easily deployable, easy to understand and to get to grips with, has a lovely learning curve offering a richer development experience as the developer's understanding grows and above all, IT GETS THE JOB DONE.

    There are better languages out there (Python, Ruby, C#) but nothing that fits so neatly with the way that web sites and web applications actually work. PHP was designed and developed solely for this purpose and makes no claims to be anything else. That's why it's so damn popular.

    Oh yeah and lets not forget, it's open source, free to use, learn and develop in and doesn't require the purchase of proprietary IDE's or the study of a complex and archaic system architecture / methodology before you can get started.

  16. Adam

    Not suprising really

    They took a mainstream programming language used by many people and put it up against a selection of niche scripting languages most of which work best when used in conjunction with PHP.

    There is no mention at all of PHPs primary competitors, ASP or ASP.net (which is completely differant to vb.net).

    Also to the PHP haters, the language is fine and has been brought up to speed with many other programming languages over the recent years and can do anything any other language can (except namespaces which are coming in the next release - 5.3).

  17. Anonymous Coward
    Stop

    @Chris Branch

    I totally agree. The majority of PHP developers I've spoken to are oblivious to the alternatives, what they have to offer and why their own code sucks.

  18. Wortel
    Flame

    @Negatives towards PHP

    If you feel PHP is so lacking, then why don't you get involved in it's development and fix what you think is broken instead of spouting your somewhat arrogant ignorance about the language? The PHP project welcomes bug reports and patches, it will only help to improve.

    And if you are worried about protecting PHP works, use Suhosin. Or Zend Guard, if you fancy lock-in. It's your own coding style and the server configuration you need to worry about, however.

  19. E

    Real programmers

    use Intercal and Brainf*ck!

    And vi!

    Booyaaah!

    Also, interesting aside: the HPC people I know tend to use 'codes' where other people say 'software'.

  20. E

    @Lou Gosselin

    Just FYI. PHP has four database abstraction APIs.

    * DBA — Database (dbm-style) Abstraction Layer

    * dbx

    * ODBC — ODBC (Unified)

    * PDO — PHP Data Objects

    I've used PDO a lot, my code runs equally on Postgres and MySQL. PDO does not isolate one from SQL, so some PGSQL'ism won't work with MySQL & vice versa. But that's what standard SQL is for. How generic do you want is the question.

    I agree about thread safety, but that may just be an artifact of Apache only acquiring a threaded engine fairly recently.

    vb script! I remember using vb script in 2000: it could not reliably take an integer value and turn it into a string representation so I could concat a string with a number! vb script (was) is very tricky to use.

  21. Anonymous Coward
    Anonymous Coward

    arrhghrgrg

    I'm a professional PHP developer and I *hate* the language, except that I love it too :(

    Once you've learnt all the rubbish (inconsistent naming, ridiculous functions like array_key_exists as compared to isset), the memory leaks, the insecurity, the slow exeuction, the inconsistent portability accross platforms - it's not so bad. It's a bunch of hacks superbly melded together.

  22. Bill P. Godfrey
    Alert

    PHP wins?

    Clearly, I have lost all attachment with humanity. Time to leave this planet.

  23. alain williams Silver badge

    @Lou Gosseli

    ''why is everything thrown into one global namespace?''

    Have you seen: http://uk3.php.net/manual/en/language.namespaces.php

    OK: not perfect, but there

    ''Why isn't there a generic database interface?''

    Look at: http://www.php.net/manual/en/book.pdo.php

  24. Anonymous Coward
    Anonymous Coward

    Beat me to it

    Seems I'm not the first to point out that many PHP developers have very little or no experience of other programming languages,

  25. David Gosnell

    I like PHP - and do give a damn

    As a small business oriented developer who can't always pick and choose target server technologies, PHP is by far the most ubiquitous, and even if the language has its inconsistencies (and not all servers have exactly the same extensions installed) it's rich and well targeted for my needs. Put bluntly, compared with anything else that's practical to use under the circumstances, for me it's been an utter revelation.

  26. Anonymous Coward
    Thumb Down

    what a biased review

    ease of use: ruby?? not vb.net ...what a joke

  27. Rhyd
    Stop

    @Lou Gosselin

    "Why in the world isn't there a generic database interface such that code doesn't need to reference mysql explicitly every time a call is made? This is inexcusable and amateurish considering a correct implementation could have been so trivial."

    Ignoring the pros and cons of abstraction layers... DB, Metabase, MDB2, ADOdb, dbFacile, PDO, Zend_DB to name but a few.

    I use both PDO and Zend_DB, as well as straight mysql_.

  28. AC
    Dead Vulture

    @Austin

    why would anyone coming to el reg fail to know what php was in relation to the word "languages"

    Or is there a new breed of people that speak English and PHP to each other?

    "Hi Dave"

    "echo 'Hi Mate!';"

    "How are you?"

    "call thoughtProcess(); thoughtProcess() {if ok then ehco 'Fine mate, you?' else echo "Shit mate, you?'; } "

    Not sure it's going to catch on to be honest.

  29. Travis Hayler

    .NET Anyone?

    Apparently your study doesnt include anything to do with .NET. Where is C#? VB.NET? Any of the ensemble languages available to that platform appear to have been missed, I think you've skewed this "study" in favour of PHP.

    Epic fail.

  30. Steen Hive

    Yawn

    Oh noes, the language wars again. I've seen acres of rubbish PHP code, but I still often use it for part or all of an application depending on the requirements.

    Ruby programs work in geological timescales, especially if you have to deal with Rails. I would love to love Python too, but being old enough to remember punched-cards and FORTRAN it would have to lose the indentation fascism or acquire optional block delimiters before I touch it with a barge-pole.

    @Lou Gosselin

    What are you going on about? PHP has both database abstraction through PDO and namespaces. Also, in dozen or so large deployments of bespoke PHP apps, I have yet to come across a problem caused by running an PHP application on servers with different MPMs or threading model. PHP at it's heart is just a library of "C" functions and comes with the same caveats as it's progenitor. If you need or want to program on crutches, avoid it.

  31. Rob
    Stop

    To everyone harping on about Java, C#, C++ etc

    The survey was about scripting languages and while most of the above have add ons or builtin scripting components they are more fully fledged languages.

    You can write fantastic code in PHP and make it as neat and as OO as you like (see things like Zend Framework, Symfony, Code Ignitor, Magento), you can also write messy code because there is a very low barrier to entry (OScommerce and the code of a number of companies I've worked at). However the community is huge and I believe the main reason for that is how easy it is to pick up and run with.

  32. Nick Ryan Silver badge

    Comparisons???

    Comparisons???

    The last I checked, VBScript is just an abortion that is used mostly in office documents and was later munged into Internet Explorer in an effort to make it even less secure and stable. JavaScript (JScript) are similar technologies that operate on the client. Attempting to directly compare client side and server side execution enviromnents just indicates that whoever did this research is utterly clueless.

    And yes, they did manage to miss out a few scripting systems that are commonly in use, from c-hash, j-hash, vb-hash through to action script.

  33. Anonymous Coward
    Anonymous Coward

    @Austin Modine

    Nice article but I agree with others that "codes" is a horrible word. Looking at the comments here, you also need to emphasise that the article's about scripting languages.

  34. Edward Miles
    Thumb Up

    Eh.

    Tried PHP, didn't like it. Then again, that may just be 'cos I'm massive Perl fan :)

  35. Gary F
    Thumb Down

    Unrealistic survey

    The survey authors are a bit out of touch. I agree that C# and VB.NET should have been included, but also Adobe ColdFusion is missing too which is still popular because it's one of the most mature "languages" and version 9 is currently in development.

    ColdFusion programmers (and Adobe) claim it's the easiest language and the fastest to develop web apps with, so a fuller survey would have made for results that reflect better on what's actually being used out there and what languages (or "codes" ha-ha!) are available to use in 2009.

    @Austin, you think readers of an IT journal wouldn't realise you're talking about programming languages if you just used the word "language" *and* in context with the word "PHP"? You should be working for the BBC, they have a Phd in dumbing down. (Not a PHP!)

  36. darkmooink
    Thumb Down

    wtf

    how can you compare languages that have completely different uses its like asking what is better to drive, petrol car or a battery remote controlled car. if now they grouped them into how they are used then i might take some notice of the results. plus, in my experience, most people have experience of one language of each type and you take jobs in the languages you know. i mean why would someone learn both asp and php? therefore how could they compare them? this is total bs

  37. Anonymous Coward
    Happy

    I use PHP as well

    I'm in no way a "paid professional" coder but I've used PHP it's easy to use / learn, sure it has it's flaws but that's what the forums are all about you post on there or report it to them, the look, it gets fixed or a workaround is posted, it's "open source" remember.

    It's in no way perfect but when it comes pre-installed on the server to make it a nice LAMP server then it's all fine and well, I mean how many forums out there are using PHPnuke / bbPHP / vBull / Invasion Power Board software all MySQL / PHP based and they work great.

    Easy of use is what people want.

    It all depends on WHO wrote the code out, I mean I've done stuff, it's worked for a bit then broke for no apprent reason, add debugging and find the flaw and re-write and clean up the code at the same time since I'm always learning something new..

    There are a few "classes" out there that add a layer between php and the mysql db itself and allow you to cache the result for a time, useful for some things..

    Every languague has it's quirks about it, PHP just stops with no output on error, so you have to dive into the logs but it's better that than some of the errors I've seen that you look where it's says the error is and can't see anything wrong because it's 10-20 lines back.

    Don't start me on JAVA no I've seem some truely messy memory leaking apps written in that.

    I always feel any page written in ASP is much slower to render but maybe that's just me..

  38. Rhyd
    Coat

    Other languages

    @Why no C, C++ etc.

    Because it's an article about scripting languages.

    @"little or no experience of other languages" / "none of these languages are really suitable for enterprise-scale work"

    I started as a C developer and moved on to C++. I still have a soft spot for them and occasionally enjoy scaring Java developers with tales of pointers. When I moved into web development, I started with ASP, moved to PHP, then had to go back to help out with an ASP / MSSQL project and cried myself to sleep. My right hand man is from a Java and Oracle background.

    We use PHP across the board, with a few small exceptions. E-commerce web site - PHP, MySQL. CRM / EIS - PHP, AJAX, MySQL. Hand held computers - PHP, AJAX, SQLite. Even our cron jobs call PHP scripts.

    We may not be on the enterprise scale, but using a scripting language is great when someone says "this doesn't work properly" - fix, test, update on server, job done. Especially when you're away for the weekend - find a laptop, download PuTTY, log in to server, vi... job done, 'nother beer.

    /Mine's the one with a Nokia N800 running nginx, PHP & SQLite with files copied directly from my PC's test environment onto an SD Card. Did someone mention zero effort cross platform support?

  39. Joe
    Alert

    Re: So far no one has spoken up for PHP

    There's always one annoying git who refers to PHP by it's original name, "Personal Home Page". That was ten years ago, or something! You have to admit, it has grown just a touch since then?

  40. Eponymous Cowherd

    Why not C#, etc

    A lot of people seem to be asking this. There is a *tiny* clue:-

    ***"Evans Data said it polled over 500 developers and IT professionals world-wide, asking them to rank the features and options of **scripting** languages they have personally used."***

    Mind you. it doesn't explain why they *only* surveyed about scripting languages for (I assume) web development. Personally I have never used a 'scripting' language server-side. Previously Java (Struts based) and currently C# (Monorail).

    NB: I suppose NVelocity could loosely be described as a scripting language if you really want to stretch the point, but all the business logic is C#.

  41. Kevin Bailey

    PHP is just the language

    Once you've added Zend Framework, MVC, Smarty, REST you have about the best web development environment setup you can currently get.

    Don't forget - the quality of code is mostly about the quality of the programmers.

    As for ASP.NET - after using for a big project I can honestly say that it's not on the list cos it's off the bottom. Just try moving an ASP.NET website to another server - go on, try it. You'll enter a World Of Pain.

    As for VB script - last time I looked in couldn't even transfer files over FTP - I had to call the command line ftp command!

  42. Chewy

    RE: PHP is just the language

    You must have done something wrong with the configuration then if you couldn't transfer your ASP.NET project to another server. IIS was the weak link but it is getting better (although still behind Apache).

    VBScript isn't the same as ASP.NET and most definitely was the poor relation to PHP. The .Net framework does have FTP functionality.

    You are right about the quality of the code though. There are too many designers who think they are developers and leave all sort of security holes.

  43. Anonymous Coward
    Anonymous Coward

    Re: Eh.

    "Tried PHP, didn't like it. Then again, that may just be 'cos I'm massive Perl fan :)"

    Same here, although much of my coding nowadays is in Java.

    I also had a flirtation with Ruby until I realised that it not only looked like someone had rammed Perl and Python together at high speed but offered nothing over and above the two languages which so obviously influenced it.

    OTOH, it was always fun to upset interviewers by referring to PHP as a bastardized version of Perl :-)

  44. Anonymous Coward
    Anonymous Coward

    ASP.NET?

    A few comments...

    @Adam "There is no mention at all of PHPs primary competitors, ASP or ASP.net (which is completely differant to vb.net)."

    ASP.Net isn't a scripting language and I'm not sure what you mean by the fact its completely different to VB.Net because I could swear that I write ASP.Net applications using VB.Net (and C#)?!

    @Kevin Bailey "Just try moving an ASP.NET website to another server - go on, try it. You'll enter a World Of Pain."

    Its trivial, we do it all the time - ironically given the article - by using scripts

  45. Anonymous Coward
    Anonymous Coward

    PHP

    Gives the impression that the designers thought that Perl is a bondage-and-discipline language, interpreted Ada with funny symbols. The semantics occasionally make me grind my teeth; I wish it had reflection; I have seen too many 1500-line scripts that must be run with register_globals on, and are of course backed by MySQL tables where every field is VARCHAR(255).

    Having said that, well, I guess it beats unemployment, VBScript, and maybe even Snobol. I don't really mind it that much.

  46. Justin Case
    Paris Hilton

    Love it

    P-H-P

    And Me

    Sitting in a tree

    K-I-S-S-I-N-G

    Before I met PHP, Perl was my girl. Still mess with her some days for old times' sake.

  47. Anonymous Coward
    Anonymous Coward

    What about coldfusion?

    Or was it there, but had a bar length of zero, so I just didnt see it?

  48. Drak

    php is good for teaching too

    For a first programming language I think php is the best option. It takes syntax features from perl, java and c and blends them in a simple intuitive way. The best part for a beginner is that they see immediate tangible results for their programming efforts instead of command line apps/scripts that do nothing but model a useful program. I wish it was my first language.

  49. foo_bar_baz
    Thumb Up

    A title

    I used to like PHP, now I see PHP how I'd imagine most people see Perl. Just a mess. Python FTW.

    @Nick Ryan:

    Good job you checked your facts before you called anyone clueless.

    http://en.wikipedia.org/wiki/Javascript#Uses_outside_web_pages

    You even mentioned ActionScript yourself. ^^ It's JavaScript with a different object model (as you'd expect outside a browser).

  50. Lou Gosselin

    Re: PHP Wins?

    Thank you for the responses.

    Yes, PHP has acquired things like namespaces and more useful abstraction layers in recent incarnations. I'm complaining that PHP didn't have these features earlier before becoming popular. I have yet to get any clients using them. Very few off the shelf software uses them either.

    The primary benefit of both the namespaces and standardized db abstraction is that when one gets various 3rd party components and puts them together they won't collide in ugly ways.

    However because PHP is late to fix these in the game, the majority of 3rd party code does not use database abstractions or namespaces, and this won't change in the near term. The built in functions don't even use namespaces. There is nothing that can be done about that mess without breaking every PHP page in the world.

    That a db abstraction library exists isn't much consolation to those of us who find ourselves rewriting 3rd party code to use it. When clients are already using mysql_* in their web pages, it's just easier to standardize on that interface than convince them to port code which already works. An abstraction should have been implemented and used from the beginning. What they should do, starting today, is flag all the mysql_* and friends as depreciated so that things might get fixed in a several years time.

    I'm afraid the terrible function naming conventions will be a permanent feature of PHP's legacy. Fixing it at this point would be chaos.

    And for those who have said that PHP is well documented online, I entirely agree. It's probably the strongest point of the language as it helps offset the naming inconsistencies. It's likely that the documentation is the main reason for PHP's popularity.

  51. E

    @Beat me to it

    On what do you base your claim that PHP programmers have little exposure to other languages?

  52. Christopher E. Stith
    Thumb Down

    There is celarly some misunderstanding.

    Perl doesn't have one of the three best communities? I guess http://perlmonks.org, http://use.perl.org, http://cpan.org, http://search.cpan.org, comp.lang.perl.misc, comp.lang.perl.moderated, comp.lang.perl.modules, #perl on freenode, http://www.pm.org and the global PerlMongers user groups that site represents, the annual Yet Another Perl Conference (YAPC) in North America and in Europe, the annual Perl Geek Cruise, http://www.perlbuzz.com, and O'Reilly's Perl.com have all been outdone?

    Let me know when Ruby runs on more platforms than Perl, please.

    PowerShell and Ruby offer better client-side scripting than Flex and ActionScript? Do these people know what "client-side" means? What clients are we talking about? The Windows OS? A browser? A Unixish OS (please show me PowerShell there!)? ActionScript is in every Flash client out there. Flex can target every Flash client. HaXe can target JavaScript, the neko VM, or Flash, but wasn't even included.

    Anyone who ranks PHP so high for maintainability has never had to upgrade the runtime system for it and had to rewrite a good portion of their code. Those of us who have know better. A single namespace for everything doesn't exactly aid maintainability, either.

    PHP is near the top for security? Really? Over JavaScript, Python, and Perl? If you search just for vulnerability reports on SecurityFocus you get 428 pages of reports for "PHP", containing 6,414 reports. "Perl" returns 40 pages with 595 reports. "Python" returns 5 pages with just 71 results. "JavaScript" (which has many disparate implementations included) returns 29 pages including 423 results. "Ruby" is 3 pages for 32 results, and "Flash" gets 7 pages for 101 results ("ActionScript" by itself gets just one page with 6 results). "F#" did worse than several others, too: 20 pages for 299 results. "VBScript" got 3 pages for 31 results. "PowerShell" oddly enough has had 0 vulnerability reports. "Flex" gets just 3 vulns. Keep in mind, too, that Perl and Python are over 20 years old, and have had most of those vulnerabilities fixed for a very long time.

    Now, some of these reports will of course be spurious, but they show a trend. The PHP vulnerabilities reported on SF are 6,414 as stated before. The sum of all the others is 1,561. So for security, we're supposed to choose a language with more than four times the vulnerability reports of all the other languages in the survey combined? Clearly the tools offered for the PHP language are themselves buggy and also do not very well support writing secure code (as some of the reports are with applications implemented with the language).

    It appears people were not selected for the survey very carefully. They are giving impressions of languages that are just incorrect. The languages included miss completely on Unix shell languages (such as bash, ksh, zsh, csh), Tcl, C#, HaXe (okay, so that doesn't have a very big following yet), Lua, all the Lisp variants used for scripting (eLisp, InterLisp, NewLisp, guile,...), and probably more.

    Perhaps the survey is an accurate representation of someone's views somewhere, but that sampling of people seems isolated from the real world.

  53. Unlimited
    Boffin

    all good

    Survey is completely flawed, but most of the comments are even more flawed.

    All the widely used languages are good. Why do you think they are widely used?

    They all have an appropriate place to be used.

    To those who say php is awful:

    Client comes to you and says: I need to build an app which can be deployed on nearly all shared hosting accounts. What are you going to choose? .NET? no, way too many linux hosts. Java? Nope, not widely supported enough by web hosts. PHP? Supported by practically every web host on the planet? Yep.

    For anyone who says: "I do all my coding in X"

    Are you doing all your coding in your parents basement? Or are you in a commercial environment, insisting on using your favourite language no matter what the project?

  54. Michael Wojcik Silver badge

    News: Evans Data reveals the bleedin' obvious

    What's next for this brilliant team of analysts? Survey 500 couch-warmers to discover that a majority prefer a buffet of unhealthy, poorly-prepared fast food to taking the time to cook a good meal?

    Considering the quality of the average web app, "winning" a contest like this one is nothing to be proud of. PHP - a grotesque collection of ill-considered ideas - can have its well-deserved cardboard crown.

  55. Anonymous Coward
    Joke

    Scripting language....

    Pah... I bet they eat quiche too :-p

  56. Kevin Bailey

    @Chewy

    If you check I think you'll find that .NET 1.1 did not have any classes for transferring files over FTP. .NET 2.0 introduced it but it was horrible.

    As for moving ASP.NET sites around

    http://www.google.co.uk/search?hl=en&q=ASP.NET+problem+moving+site&btnG=Google+Search&meta=

    will give you an insight into the World of Pain. Did you have 1.1 installed, did you remove it before inatalling 2.0 - or was 2.0 installed over. and that dll will not compile because... ...... ..... losing will to live.

    Another client has a .NET site which they can't move on to another machine - it will only compile on this Italian guys machine. I mean - compile? It's supposed to be a portable 'scripting language!

    Two other major problems with ASP.NET:

    1. For anything non-trivial you have to buy visual studio. I tried to use the basic Web Matrix tool mto keep the code clean before realising that everyone else was using VS and just allowing the tons of bloat into their code.

    And when I installed VS .NET itself stopped working on that machine.

    2. ASP.NET is not cross-browser compatible. Page repositioning after round trip only worked on IE. I even had some MSCE twonk trying to excuse it by saying double speak about extra IE only features were a bonus and not everything had to be for all browsers. Double think at it's finest.

  57. Pierre
    Joke

    Old news

    A developper satisfaction polls says PHP developpers are easily satisfied. Move along, nothing to see here.

  58. Andy

    Only 500?

    What is the point of asking 500 developers exactly? hardly a large enough group fpr proper results.

    Also whatever a developer uses most (by choice!) he (or she) will think is best...

  59. Anonymous Coward
    Stop

    @ Kevin Bailey

    "As for VB script - last time I looked in couldn't even transfer files over FTP - I had to call the command line ftp command!"

    Utter uninformed rubbish. I maintain countless VBS scripts that do FTP directly with no recourse to shelling the command line FTP client.

    I you think this is the only way to do FTP using VB Script, you need to take a refresher course. Neither wonder it gets a bad reputation with ham-fisted deployments like this.

  60. Anonymous Coward
    Flame

    Rubbish Survey skewed in PHPs favour

    Why on earth were people even asked about VB Script when it's been dead legacy technology for about 6 years or more now.

    Completely biased survey, engineered to bring PHP to the front by not including asp.net (either c# or vb.net) and including asp (VB Script) instead.

    I've tried PHP, Perl, ASP/VB Script, JAVA and .NET and can categorically say that, for my uses, .NET is by far the most intuitive and most powerful by far.

    PHP is a mess, coded by hobbyist and full of countless bugs and gaping sql injection type security holes.

    There's no way to separate style from content for starters, the error handling is shocking and the whole language is frankly useless for any type of medium size and larger object orientated or n-tier project.

    Look at facebook, for an example of how badly PHP runs on a large scale project.

    If you're a serious web developer who knows their stuff you'd be working with one of the object orientated frameworks and not still using the joke that is web scripting.

    If you're a hobbyist or one of those idiots that think ASP.NET and ASP are the same thing (like MANY of the php developers that I know) then it's probably accurate that you'll be more satisfied with PHP.

    Someone mentioned it's not cross browser compatible, last I checked my current project worked on all the current browsers so I don't know where that came from. If you're really having problems then .NET has the App_Browsers namespace for dealing with it.

    Also, copying a .NET website from one server to another is only a "world of pain" if you're not very good at your job.

  61. Fenwar

    a few replies

    """I like how "all those code samples to copy/paste" is considered a bad thing. Because saving time on a project by reusing code someone has already made is such a terrible thing and should never be done!"""

    Reusing well-written code libraries rather than reinventing the wheel is one thing. Googling your current task and pasting in the first snippet you find that seems to achieve it, without any understanding of what it's doing, is another. To be fair, I guess the same thing can happen in whatever language you choose. IM[recent]E it just seems more prevalent in PHP, but a decade ago, this was exactly how I learned Javascript ;-)

    Don't get me wrong - PHP is one of the best tools around if you're knocking together a website. Feel free to drop out of the interpreter during nested if/else statements if dumping HTML is going to get the job done quicker; I'm not going to keep a man from his pint! And having tried both, I'd much rather be working in PHP than ASP.

    My personal aversion to PHP is partly fuelled by the fact that I had to pick up the pieces of a site written using pretty much the above Google-and-paste technique, and figure out how to accommodate the fact that it was about to be translated into Chinese...

    Maybe it's also because even after extensive rewriting, introducing an OO approach, and even applying consistent formatting, PHP code still looks dog ugly. "$object->member" is just a brain-wrong compared to "object.member". Stare at a screenful of PHP and a screenful of Python for 8 hours and I know which one will make you wish you'd put all the sharp objects in a locked drawer. Even squiggly brackets and public static void main( String[] aaaargh ) are easier on the eye than that.

    """ why don't you get involved in it's development and fix what you think is broken instead of spouting your somewhat arrogant ignorance about the language? """

    I don't know if it's possible to submit "ugliness" as a bug report. I've just taken a peek at the forthcoming namespace syntax (backslashes...!) and I don't see it getting any better. All because somewhere really early on it was decided to use the dot for string concatenation, and that meant they decided to use -> for object accessors, and... and... PHP's syntax betrays the fact that it's been built kludge-on-kludge.

    Which brings me to this:

    """On what do you base your claim that PHP programmers have little exposure to other languages?"""

    This wasn't my quote - but someone seemed to "agree" with the above; my own point was with regards to the survey sample.

    Surely the only way PHP can ever outscore Python on "Maintainability/Readability" is if the person doing the marking has never actually read (let alone written or maintained) Python code. Of all the languages I've come across, Python has been the easiest in terms of quickly understanding Someone Else's Code without even needing reference to documentation. (And if you can't follow an indentation convention properly, please don't ever make another person read your code in any language.)

    I've never used Ruby myself but even a cursory glance suggests to me that its readability is similar to Python's (i.e. miles nicer than PHP).

    In the other categories, fair enough. Python's online documentation, although complete, is horrible to use (the current search facility is a case in point, retrieving and drawing the results one at a time using a needless AJAX-y step, and sorting them *alphabetically* - try finding the entry for "str()" ...) and performance as a server-side language is significantly slower than PHP.

    But does anyone seriously think PHP is more readable than Python?

  62. Kevin Bailey

    @Greg Fleming

    OK - paste in a link to the FTP class in the VB script used in .NET 1.1 and I'll accept that I didn't find it.

    Here's a few showing that it ASP.NET 1.1 didn't have it

    http://www.oreillynet.com/windows/blog/2004/05/ftp_net_11.html

    <quote>

    Recently, I was asked by a client to create a programmatic interface to FTP. I expected to turn to the help files and find an FTP class with methods like get and put and so forth. Oops. No such class. Fortunately, the FTP protocol is very simple, and the .NET framework does provide enough of the plumbing to make creating an FTP client very easy. My newest article on the O’Reilly Network shows how to do it; it is easier than you might imagine.

    </quote>

    I especially like the 'Oops. No such class.'

    This one's from Microsoft - who maybe clueless I admit - but they should know about any FTP class they have written:

    http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/b6a7c2c9-e889-4536-afbe-a0ff0df801be/

    <quote>

    .Net 1.1 doesnot include any class FtpClient but .Net 2.0 does. So many people have open source implementation of Ftp Client for .Net 1.1! You can use one of them.

    Seee:

    http://www.csharphelp.com/archives/archive9.html

    http://www.dnzone.com/ShowDetail.asp?NewsId=223

    Cheers ;-)

    </quote>

    One more - I think you get the point.

    http://www.velocityreviews.com/forums/t77839-ftp-and-net-11.html

    <quote>

    This is a one time announcment: I have posted an article on the O'Reilly web

    site on how to write an ftp client in 1.1.

    You can access this article at

    http://www.ondotnet.com/pub/a/dotnet...net.htm?page=1

    You can find a complete list of my other on-line articles by going to my web

    site: http://www.LibertyAssociates.com and clicking on Books, and then on

    Articles.

    Thank you.

    Jesse Liberty,

    Author Programming C# 3rd Edition

    Programming ASP.NET 2nd Edition

    </quote>

    So, to be clear - ASP.NET 1.1 using VBS did not have any commands for transferring files using FTP. I know, I was pretty shocked myself - and I then used the command line version.

    Remember - 'Microsoft never fails to let you down'

  63. Jax

    F#

    Erm... I don't think that is a scripting language. It runs on the .NET CLR and is compiled into MSIL which then is translated into machine code.

    Unless there is another F# that exists?

  64. Kevin Bailey

    @Isamu

    Steady on old chap - you astro-turfers are getting a bit heated are you not?

    >>There's no way to separate style from content for starters

    Ummm... There's a whole MVC thing going on in many, many ways - look at the Zend framework for the one we like.

    >>Look at facebook, for an example of how badly PHP runs on a large scale project.

    Ummm... I see they chose not to use .NET. FB isn't entirely PHP - but I'd say it shows how well PHP can scale myself ...

  65. Pierre

    Here is the title

    Sounds like someone got pissed that their fave MS piece of swiss cheese isn't even ranked for ease of use...

  66. Mark Pawelek

    The poll makes no sense

    The poll doesn't make sense. If they are polling about languages then what about c++, c#, java, vb.net, etc. [How did F# get an entry in there!!%#?]

    If they are polling about 'scripting languages' then in what sense is PHP a 'scripting language'. PHP is a web-development framework, as such it should be compared with ASP.NET, Ruby, GWT and various Java frameworks. Of all the web developers I've polled - they all prefer GWT (in terms of ease of use, maintenability). The vast majority of developers don't have much experience with multiple web-development frameworks so only a tiny minority can be polled to say which is the best.

  67. Christopher Hogan

    To stir things up

    >>And Ruby, does it even have a language specification?

    And how many languages have an ISO standard?

    APL, that old beast has .NET, web deployment, object orientation and functional programming (not many languages can do both properly), array handling like a dream, generally more features than you can shake a stick at.

    OK, readability you cry (if you've even even seen it), but if you can't read mathematical symbols, then you aren't good enough to write APL anyway

  68. Alastair

    @Kevin Bailey

    Err:

    http://www.google.co.uk/search?hl=en&q=PHP+problem+moving+site&btnG=Google+Search&meta=

    returns about 300,000 more results than the ASP.NET one. So by the criteria you just made up, PHP is worse. Personally, I've had 'worlds of pain' before setting up PHP (especially when I try and use GD to (gasp) read GIF files), but I don't try to claim that every install of PHP is faulty.

    "Another client has a .NET site which they can't move on to another machine - it will only compile on this Italian guys machine. I mean - compile? It's supposed to be a portable 'scripting language!"

    Err... no it's not. It's supposed to be a compiled programming language. What you *want* it to be is something else entirely. As for your Italian problem, I'd suggest you've set it up wrong.

    "For anything non-trivial you have to buy visual studio. I tried to use the basic Web Matrix tool mto keep the code clean before realising that everyone else was using VS and just allowing the tons of bloat into their code."

    Visual Studio Express will cover most bases. Not all, I'll admit. Coupling SharpDevelop (for nitty-gritty coding) and VSE (for tying up to the clientside) would probably sort you out. But it's a paid-for MS product, what were you expecting?

    "ASP.NET is not cross-browser compatible. Page repositioning after round trip only worked on IE. I even had some MSCE twonk trying to excuse it by saying double speak about extra IE only features were a bonus and not everything had to be for all browsers. Double think at it's finest."

    1.1 was terrible, cross-browser wise. Later versions were much better, but in any case I usually ignore the client-side Javascript provided and use a JS library instead. A route MS are taking themselves by adopting JQuery next time round- full cross browser compatibility. Besides, PHP doesn't offer that stuff at all...

    I'm not trying to say that ASP.NET is the best solution ever, but good grief, at least come up with some reasonable objections rather than "there have sometimes been problems installing it" and "I have to compile it"...

This topic is closed for new posts.

Other stories you might like