PHP Compatibility issues

[leesiulung]

I'm sort of new to the PHP world and frankly stayed away from it due to numerous complaints about PHP compatibility between major versions. In the past I have used Servlets/JSP and ColdFusion as the language of choice as they are always backwards compatible. 

 

However, lately I have reconsidered PHP due to its enourmous popularity and availability at leading hosting companies. How do everyone handle the finicky PHP compatibility when upgrading between major versions?

 

I am also somewhat dissappointed in the language API with a plethora of functions that seems to only confuse due to the sheer number of poorly named functions.

 

This might not be the right forum to post in, but I wanted to hear what the PHP programmers think of this issue....  :-\

[genericnumber1]

I've never run into the problem of version changes breaking scripts, of course I never used any settings like register_globals etc which will be removed (for security reasons).

 

The API is the only complaint I feel is viable against PHP.. they tried to pull in too many functions from too many different languages without adopting a naming convention. There are actually some rebels that run their own version of php with a naming convention. I've gotten used to using the common functions and their odd naming. The manual is quite easy to search though by just doing "php.net/functionname" and it will correct any naming issues... I also use an IDE with autocomplete (which helps). It really isn't as big an issue as those not familiar with php make it out to be.

[leesiulung]

Well, somebody I know ran into this problem where in php4 they used <? ?> (or some variation thereof) for php code, but when upgraded php5 would not work with it. They ended up using <?php ?> instead and changed all of their code.

 

This probably is due to setup and configuration of PHP, but that brings up another point. Security with PHP is more difficult than let say ColdFusion since a lot of it is automatically handled by CF or it at least have functions that will do a lot of the work for you. Seems like PHP have many obscure settings and finicky things and the myriad of functions to boot.

 

I still haven't figured out what those magic quotes are yet.... I have been told it stops code injection attacks.

[per1os]

If the gdc_get_magic_quotes  it simply slashes out your get/post data which means that this's would be this\'s  which will prevent sql injection.

 

The use of <? ?> is a server setting which I think was depreciated in PHP5 for security reasons. It is best practice to follow the guidelines php tells you for the securest server setup. Meaning use <?php  and turn off register_globals etc. Code for that and you should never have a problem as those codes will not break a script if they are enabled.

 

Rule of thumb, if something can be turned off and your script can break, do not code for that to be on. With the exceptions of extensions like CURL etc, but that should go under your requirements for the script.

[genericnumber1]

<? ?> or short tags have been frowned upon because they clash with xml tags (<?xml ?>) there are some other reasons as well but this is the main reason..

 

You can turn them back on no problem.

[Psycho]

Seems like PHP have many obscure settings and finicky things and the myriad of functions to boot.

 

Heaven forbid the platform be highly configurable and give you a plethora of functions so that you don't have to keep including your custom functions to make up for those that are lacking. I have on a couple of occasions written a function to do some task only to find out that PHP already had one to do that for me. Now, perhaps I should have looked a little harder and perhaps the naming is not as intuitive, but is that a bad thing to have so many functions?

[leesiulung]

Heaven forbid the platform be highly configurable and give you a plethora of functions so that you don't have to keep including your custom functions to make up for those that are lacking. I have on a couple of occasions written a function to do some task only to find out that PHP already had one to do that for me. Now, perhaps I should have looked a little harder and perhaps the naming is not as intuitive, but is that a bad thing to have so many functions?

 

It is in fact a bad thing to have so many functions. Aside from the obvious too many functions lead to confusion, there is also another side effect. People looking at other people's code will spend a lot of time deciphering obscurely named functions. Too many functions also lead to the issue you had were you can't find what you need easily.  In addition, some functions are likely to open one up to vulnerabilities. I could continue with this...

 

In terms of configurations, if there are too many it leads to a steep learning curve and that will likely have many of its users using incorrect settings.

 

I think this is attributed to the fact that PHP has no strict data type, so one can't easily have different signatures. The functions aren't thought out and grouped properly. Overall to me it seems PHP is not thought out, OO breaks the fundamental rules of OO, functions are not type checked leading to too many, magic quotes clashing with XML etc...

 

The only thing PHP seems to have is it is FREE and potentially a slight speed advantage that is narrowing every day. Free is a very powerfull thing and is probably why it is used so much. What surprises me is some large companies chooses to use PHP over competing languages.

[trq]

I'll agree that PHP hasn't been well thought out, and yes, the naming conventions (or lack there of) can be nightmare at times.

 

Backwards compatability issues though... theres just not that much to complain about. A major version upgrade in most languages will require some code reworking. Most of the stuff youve spoken of are (as has been stated) simple configuration settings.

 

In terms of configurations, if there are too many it leads to a steep learning curve and that will likely have many of its users using incorrect settings.

 

Have you looked at a php.ini file? I'm not sure exactly how many setting there are, but too many? I don't think so. Most of the settings are fine in a default state, if you need extra functionality, they are there to make life easier. Saves having to recompile all the settings in.

 

I'm really not sure what your getting at here. However, youv'e asked what php programmers think of said issues, and to be honest, I've never had an issue with them. Chances are, if you write clean code, the functionality you use will not become depricated. Things like register_globals where IMO never a good idea, and should never have been introduced.

[leesiulung]

Backwards compatability issues though... theres just not that much to complain about. A major version upgrade in most languages will require some code reworking. Most of the stuff youve spoken of are (as has been stated) simple configuration settings.

 

In my experience, rarely do I have to rework any code when a major version upgrade occurs. I have coded in ColdFusion, JSP, C/C++, Java, ASM, VB and even some ASP.  The only exception was when Java used the keyword enum to define enumerations. I had picked up this variable name from somebody elses code and had compatibility problems with JDK 1.5. However, the keyword enum apparently was reserved and I never noticed it.

 

Have you looked at a php.ini file? I'm not sure exactly how many setting there are, but too many? I don't think so. Most of the settings are fine in a default state, if you need extra functionality, they are there to make life easier. Saves having to recompile all the settings in.

 

As I looked at it, it reminds me of an Apache configuration file and I might have evoked memories of configuring Apache. I still think it is long and most of it as of right now means nothing to me.

 

I'm really not sure what your getting at here. However, youv'e asked what php programmers think of said issues, and to be honest, I've never had an issue with them. Chances are, if you write clean code, the functionality you use will not become depricated. Things like register_globals where IMO never a good idea, and should never have been introduced.

 

The problem here is that a language should enforce good programming practices (i.e Java) and if not should at least have a implemented some idea to why those things make sense (i.e C/C++). Problem with PHP so far is it neither enforce good programming nor gives you an idea of why it is there. For instance why allow <? ?> and then later realize that it has issues with XML files or the wierd array syntaxes.

 

Unfortunately, it looks like I might have to live with PHP as it is seems to be the dominant language for web scripting. Perhaps, someone can point me to an article on good programming practices for PHP.

[Guest prozente]

It is in fact a bad thing to have so many functions. Aside from the obvious too many functions lead to confusion, there is also another side effect. People looking at other people's code will spend a lot of time deciphering obscurely named functions. Too many functions also lead to the issue you had were you can't find what you need easily.

 

This is why there is a PHP manual, it includes information on most. The few that don't have documentation still doesn't leave you in the dark as it's open source so you can look at the source code in order to see what it does. You claim there are too many, well.. it's open source, you don't want so many functions then you can remove some from your installation with some changes and a recompile.

 

In addition, some functions are likely to open one up to vulnerabilities. I could continue with this...

 

In the cases where a function could open you up to a vulnerability, PHP is pretty good at making a note about this in the documentation and giving recommendations in most cases.

 

In terms of configurations, if there are too many it leads to a steep learning curve and that will likely have many of its users using incorrect settings.

Included with the source code/binaries is a recommended php.ini configuration file. If you do need to make a change the directives are well documented.

 

The functions aren't thought out and grouped properly.

 

You seem to be basing this on no facts or examples. All functions are grouped by what they do, for instance MySQL functions all listed together here

http://us2.php.net/manual/en/ref.mysql.php

 

or perhaps you wanted to work with strings but you weren't sure what functions were available. Well there is a string functions page

http://us2.php.net/manual/en/ref.strings.php

 

or maybe you wanted to deal with images, well there's an image function page and so on..

http://us2.php.net/manual/en/ref.image.php

 

functions are not type checked leading to too many

On the functions page is listed the parameter type(s) to be used with it, it's the programmers responsibility to ensure they use the correct type. There are functions for this

http://us2.php.net/manual/en/ref.var.php

 

magic quotes clashing with XML etc...

Magic quotes is a feature, one that can be disabled. You also have the ability to check in your script to see if it is enabled, if it is then you can take the appropriate actions depending on if it is enabled or not.

 

The only thing PHP seems to have is it is FREE and potentially a slight speed advantage that is narrowing every day. Free is a very powerfull thing and is probably why it is used so much. What surprises me is some large companies chooses to use PHP over competing languages.

PHP is used so much because it is easy to learn, though documentation and because PHP is a glue for combining libraries.

 

For instance why allow <? ?> and then later realize that it has issues with XML files

Because PHP is so versatile that it was used in ways not though of at the time.

 

or the wierd array syntaxes.

You said you've coded in C/C++, so how is it you find the array syntax weird when it's C-like

 

 

[leesiulung]

This is why there is a PHP manual, it includes information on most. The few that don't have documentation still doesn't leave you in the dark as it's open source so you can look at the source code in order to see what it does. You claim there are too many, well.. it's open source, you don't want so many functions then you can remove some from your installation with some changes and a recompile.

 

I agree that the PHP documentation is an invaluable source. Without a resource like that I would not even bother to use the language. Looking at the source code is a nice option, but rarely would I want to if ever. It is rarely efficient unless I'm hunting down a bug.

 

In the cases where a function could open you up to a vulnerability, PHP is pretty good at making a note about this in the documentation and giving recommendations in most cases.

 

I haven't seen these recommendations, but look forward to seeing them. Hopefully, these are not just recommendations by the user comments that frequently is outdated or just plain wrong only to be corrected by someone else below.

 

You seem to be basing this on no facts or examples. All functions are grouped by what they do, for instance MySQL functions all listed together here

http://us2.php.net/manual/en/ref.mysql.php

 

or perhaps you wanted to work with strings but you weren't sure what functions were available. Well there is a string functions page

http://us2.php.net/manual/en/ref.strings.php

 

or maybe you wanted to deal with images, well there's an image function page and so on..

http://us2.php.net/manual/en/ref.image.php

 

I must admit that I did not see that there were pages grouped liked that. However, there were no indication on the php.net pages that things were grouped like that. It would have been preferable if they were grouped like packages in Java or header files like C/C++. However, I'm relieved to see that.

 

On the other side, there is no way to look at a function and see that it belongs to a group of other functions from my experience. For instance, debugging some PHP code I found a function print_r(). How in the heck am I suppose to know from the function name that it prints out variables in human readable form unless I read the documentation. How about print_var or something....

 

On the functions page is listed the parameter type(s) to be used with it, it's the programmers responsibility to ensure they use the correct type. There are functions for this

http://us2.php.net/manual/en/ref.var.php

 

I agree that it is the programmers responsibility to ensure correct type, but as we all know humans are not very good at ensuring anything. There is always some smartass moron that makes a lot of mistakes and will break this rule. On the other hand not type checking also means that there is the risk that I myself make mistakes because I wasn't thinking clearly, just tired or plain stupid that day. Type checking is a must!

 

PHP is used so much because it is easy to learn, though documentation and because PHP is a glue for combining libraries.

 

I'm more and more realizing that PHP seem to work with many technologies and seem to have a lot of features supporting different things like image creation etc...

 

For instance why allow <? ?> and then later realize that it has issues with XML files

Because PHP is so versatile that it was used in ways not though of at the time.

 

This is an example of things that aren't thought out. One should not introduce new things into a language without thinking it through. The introduction of shortcuts and further expanding the syntax can easily confuse programmers to do incorrect things. For instance a programmer might see it used in sample code and adopt it in an incorrect manner. to me allowing <? ?> suggested that it was ok to use, and never did it occur to me that it might give me issues with XML. However, the gain is 4 characters that I don't have to type every now and then.... hardly seems worth introducing into the language.

 

You said you've coded in C/C++, so how is it you find the array syntax weird when it's C-like

 

The syntax for array is wierd in the sense that it allows array declarations as follows:

 

$a = array ('a' => 'apple', 'b' => 'banana', 'c' => array ('x', 'y', 'z'));

 

That is not a standard syntax, since it resembles a function array(), yet it has an operator resemblin larger or greater than but does not perform the same task. If memory serves me right another one I remember seeing is where one can grab the keys and the values into two temporary variables for looping.

 

The bottom line is I find PHP almost like C++ not very well thought out. Although it does have its benefits that I more and more appreciate, yet I still find it needs a lot of improvement. Guess I have to live with it.

[Glyde]

PHP always gives a 1-2 major version leeway.  This is to say that they'll make a major version or two without removing past functionality, but rather depreciating it.  A great example is register_globals.  This was prominent around PHP 3/4.  It was depreciated in PHP 5 and is planning to be completely removed in PHP 6.  Also with magic_quotes.  PHP 4/5 rely on it, PHP 6 plans to remove it.  If you don't take the shortcuts in coding, you'll notice no compatibility issues when upgrading.  When I say shortcuts, I mean the topics that have already been brought up, such as:

 

• Using <? instead of <?php
  
• Accessing $_GET['somevar'] from simply $somevar (register_globals)
  
• Relying on magic_quotes and not actually doing any of your own escaping
  
• Using depreciated functions instead of finding the new versions
  
• Directly echoing content to the browser instead of storing output in a variable for later use
  

Things like that