Originally Posted by
CornedBee
I'm talking about safe as in type safety, early error detection, all that stuff a compiler can do for you.
And yes, I have caused a server crash in PHP. (It was a bug in the engine, but still ...) And over time, dozens of buffer overflows have been detected (and fixed) in various PHP functions.
I know it's easy. I know it's not safe: it encourages bad practices. Look at any PHP+MySQL tutorial out there, and you'll find that it probably uses string concatenation to build queries with data - an invitation to an SQL injection the moment magic quotes are switched off. And in some other circumstances.
Ah, magic quotes. Source of many a stray backslash in text.
Then there's register_globals and how simple it is to use uninitialized variables. Together, these are quite the killer.
The success of PHP comes from its ease of installation, ease of learning (but it's far harder to learn it properly), great availability, and of course its huge built-in library. It's great for quickly doing something.
But larger systems are, in the end, an abuse of PHP. Its lack of proper package management, hard-to-predict include paths, lack of namespaces and unit-local functions, all those work together to make large systems rather awkward.
To me, PHP is a language to get work done in, just like Java. But it's not fun.
