The aim of this article is to explain to non-technical individuals that PHP isn’t as bad as many make it out to be. Try to answer some of the more common assertions about PHP. PHP has a terrible reputation because it used to be horrible.
To skim, just scroll for the TL;DR in bold.
Not anymore. In the past, many developers learning from books were taught extremely bad practices, so the quality of the PHP code was typically poor. PHP also once allowed you to do some extremely odd things, making it very easy to build but a nightmare to maintain.
These are no longer common problems. With the introduction of high-quality learning material that is easy and widely available, a new developer learns PHP the right way. This prevents many junior developers from writing code that is extremely painful to maintain because they don’t know the correct way to build things.
With the introduction of frameworks, much of the generic code that caused many of the terrible practices is now done automatically; so, the developer just uses the framework, and the framework codes it correctly.
Also, over the years, some of the terrible practices were caused by missing features, resulting in things being allowed that shouldn’t be allowed. Most often now, it’s not even possible to implement some of the things that were previously written to cause this reputation.
In the past, the security of PHP applications was often poor because of things the language allowed. Those things are no longer used because PHP applications are developed completely different.
Remote and Local file inclusions, where PHP reads files from other locations than originally intended, have been removed by using autoloaders to include files instead of having dynamic file inclusions.
SQL Injection attacks where a user could add extra SQL commands to a query, which were caused by the need to build SQL queries and send the query and data together, are prevented by prepared statements in SQL. Also, the use of ORMs, which ensure that user data and the query are sent separately and unable to be thought of by SQL as separate commands, is widespread.
Cross-site request forgeries, where a user is able to be tricked into doing something on your site, are prevented by form libraries that are widespread and use nonce systems.
This really depends on what you compare it to. If you compare it to Java, C, or Go, yes. But if you compare it to Python, Ruby, etc., no. In its class of languages, PHP is one of the fastest and improving performance constantly.
Most of the time, your application is slow because the server is overloaded or the database queries are slow. These are issues that will affect you with any language.
Actually, any language can scale. A compiled language such as Go, C, or Rust can scale cheaper than a scripted language such as PHP. However, those are not designed to do the same job. The fact is the same with all of them; it simply comes down to the number of servers you use. You can scale any application if you use enough servers. PHP is able to scale cheaper than other scripted languages because it needs fewer resources to start running and can run on smaller memory servers with more CPU.
Also, with scaling, the important thing is the database. If you can scale your database, you can scale your application. The database is harder to scale than application servers. Adding another client reading to your database is easy; however, having your database run quickly and fast is much trickier.
No. Each programming language is better at different things. PHP is very good with web applications. You should use it for building websites and APIs.
If you’re building a system application where every ms counts, go with Rust or C.
If you’re building an AI application, Python is a good option.
If you’re building a SaaS application, PHP is a good option.
If you’re building an Android application, Kotlin is a good option.
If you’re building an application that runs on multiple platforms, Java is a good option.
Many of the things said about PHP are things that are 10-years out of date. And in our opinion, if someone is giving you 10-years out of date information about a tech subject, this person may not be someone you want to trust as a technical expert.
PHP is a good programming language for creating web applications and we feel that it is the best language for web application development.