[TAG] Jim, HELP needed, 5-minute solution needed by computerindustry

[Sam Bisbee]

Greetings - Disclaimer: PHP is one of my favorite languages. 

>> Ben,
>> 
>> I love PHP.  Unfortunately not all people do.
>
>I teach the stuff - just came back from a week of teaching an advanced
>course at a major insurance company - and I don't love it at all. PHP
>is, in my opinion, unforgivably buggy, has *way* too many functions and
>way too little flexibility, makes it too easy to write bad code, and has
>too few testing/validation tools. It's relatively easy to learn/use
>initially, but it quickly runs out of power; it uses a horribly-broken
>imitation of OO which is missing much of the point of OO methodology,
>and it is responsible for more than a third of *all* vulnerabilities in
>the National Vulnerability Database last year (it was almost _half_ of
>all vulns back in 2006.) 

To me this reads as one big "the coders suck" argument under cover as "the language sucks". The majority of those National Vulnerability Database issues are caused by sloppy coding, but that's the same with any language (Wikipedia notes 1% of those vulnerabilities were in the language itself) - I think back to my first C program and cringe at my memory "management".

Your points, security related included, could be said about any language. That's the nature of programming: it gives the programmer power. And with great power ... well, you get my point. The reason PHP and several other languages get so much of the type of flack you flung is that they're newbie friendly. You have web designers who barely understand HTML copying and pasting PHP and making slight modifications to poll you on your favorite ice cream flavor. This is okay in theory, but can be scary - then again, a lot of what so called professional programmers create to charge your credit card for electronic payment or route packets is even scarier. The same thing happens with other languages.

>The only way to make it even marginally better
>requires using a closed-source app with a truly weird licensing scheme
>(Zend), and even that solution is less than wonderful.
>

Never had to touch the stuff, "enterprise class" platforms included. 

[snip]

>But that could just be the result of intense contact with it over the
>past week. A month down the road, I'll probably have a somewhat milder
>opinion of it. :)
>

I have strategically timed this e-mail to come in just short of the one month mark. ;-)

p.s. Sorry for being in such lurk mode recently on the list, but I recently left my big-to-do corporate job to return to owning a business.