Learn to Code via Tutorials on Repl.it!

← Back to all posts
Why PHP isn't bad
Baconman321 (1060)


know this isn't necessarily a tutorial, but I have heard so many people say PHP is bad. This, of course, is 100% wrong. PHP is amazing, and if you understand what PHP is and what it does, you will probably agree. So, let's begin my rant on how you shouldn't shame PHP, shall we? Also, I compare PHP to Nodejs a few times, and that is because Nodejs is used a lot in backend. I have used it a few times, and I just want to compare it to that to show you guys that PHP is, in fact, good. Most backend developers here use Nodejs also, so that is another reason.

Reason 1: PHP is popular!

According to W3Tech's data, about 78.9% of all websites known to use backend use PHP, whether they use a combination of both, or solely PHP. That's about 8 out of 10 websites you visit using backend! Can't beat that reasoning, right? But, does that mean that PHP is good, or are so many websites outdated? After all, PHP is OLD!!!

I hate how so many people say that PHP is old and therefore not suited. Oh yeah guys, we shouldn't use C++, JavaScript or even Python (yes, python was released in 1991) because they are all old, and therefore, outdated languages.

The next time you consider calling a programming language bad because it's old, consider whether you want to call your favorite programming language bad.

Reason two, it's easy!

Ok, this is relative, but I find PHP quite easy to use. In PHP, you can get a parameter from a query string using the single global variable like so:

$something = $_GET['somethingElse'];

In Nodejs (I did some research since I know very little of Nodejs, you either use a framework (which takes up disk space), or you take a trip down to complexville. Note that this isn't really as complex as it sounds, but definitely more lines of code than PHP. Here's how you would parse a URL:

const querystring = require('querystring');
const url = "http://example.com/index.html?code=string&key=12&id=false";
const qs = "code=string&key=12&id=false";


Technically, this is a custom query string and not the actual url, you would have to get the request object and all. Of course, post requests are stored in the $_POST variable in PHP. What about in Nodejs? Well, that's a whole other story. Now, before you go on saying "well, then that's actually better since it provides more control", let me just say that do you really need that many lines of code for a single GET or POST request? Of course, you can always get the request URI by accessing the $_SERVER["REQUEST_URI"] in PHP. This, I find is much easier than, say Nodejs.

Reason three: It's convenient

PHP is high speed, argue all you want. It uses its own memory, so both workload and loading times are cut. It is also open source, so no need for additional, pesky excess software to get it to work. Another thing, it can be embedded into HTML. Yes, you heard me right. No more setting up a file and having to send your HTML using res.send or another way of sending things to the webpage. PHP can work like so:

<!DOCTYPE html>
   <?php echo "hello world";?>

Of course, you have to send elements you want to dynamically add using echo, but any static html tags in your website can be put in right then and right there, no need to send it using 100% PHP. It's syntax may look weird compared to other languages, but I still find it comfortable to work with. Plus, the file handling is easy too. Say what you want, but PHP is great to work with.

So, should PHP replace every backend technology, Mr.rageman?

Certainly not!
I am not asking for people to drop all their precious backend languages like Ruby, Go, Nodejs, Flask, and so many others. I am merely asking people to give PHP the respect it deserves. I have heard that PHP can even be used to code drones (I couldn't find much info on that though)! It can be used for anything from backend, to making your own programs. And while there are many different libraries for PHP (yes, it's still popular as much as you may beg to differ), it's also completely functional without them.

So, should I give PHP a try then?

Yes!!! Please, DO GIVE PHP A TRY! It is great to learn, fairly easy, and gives you lots of control. That said, I am not shaming other programming languages in this tutorial, I am merely comparing them to PHP, and showing how PHP offers different perks than them. There are plenty reasons not to use PHP, but I think you guys should really try it; only then will you see how awesome it can be. It may feel old, but old doesn't (and generally shouldn't) mean bad.

We respect our elders, maybe it's time to respect the elder by the name of PHP.

programmeruser (571)

I have tried PHP in the past, but I feel like PHP is easier than, say, Node.js since you're actually creating the server while PHP is just a CGI script and a server has already been setup.

Baconman321 (1060)

@programmeruser Yes, I find it easier. However, I do love nodejs as well because it is basically JavaScript on a server, added with the fact that JavaScript has nice syntax. There are downfalls, however. Like you said, I don't like how you have to set up everything with NodeJs. With Nodejs and Go, I don't know how to serve different pages, which is a problem. With PHP, all you do is create a new PHP file and put some PHP in it.

programmeruser (571)

@Baconman321 res.sendFile
or if you're using a templating engine res.render.

Baconman321 (1060)

@programmeruser Ah, that would be easier. I still wanna know how to do it with Go, since I have heard it's fast too. From what I've looked up, Go is faster than Node Js. Still, thanks! It's nice to know how to do that.

19wintersp (1120)

I'm personally not a fan of PHP (mostly due to security issues and the problematic style of programming which its syntax can cause), but it's interesting to hear a different point of view. I wonder what other people might think.

EpicGamer007 (1626)

@19wintersp i personally do not use php because of it's syntax. i find it confusing

Baconman321 (1060)

@19wintersp I think "security issues" is just something people say without researching. PHP has some vulnerabilities, but there are also methods in place to avoid that. The only "security issues" are the people who forget to put those methods in place to prevent people from hacking their program/site. Nodejs has those built in security methods, which may be more convenient, but as for me I find PHP more low level that way.

And as for syntax, yes it's weird. Still, take python. It's syntax is off the chart in weirdsville. And also, indenting is key for python, so there is no proper file minification because of that. Don't put off a language just because it has weird syntax. Plus, nodejs has security vulnerabilities too, and while it's syntax isn't too bad for me (since I know js), it has weird ways of writing to the webpage/receiving data.
Here, to read more: https://www.getastra.com/blog/php-security/fixing-php-security-issues/

19wintersp (1120)

@Baconman321 By security issues, I'm referring to two things. One of them is what you consider a feature: lacking built-in security features. Deno, for example, has security built directly into it, which means that developers don't need to actively put ridiculous hacks in place to prevent security issues from arising, and that there is no risk of new developers messing up by not learning them. You shouldn't have to implement security fixes yourself if the issue is with the language. Don't get me wrong, JavaScript is imperfect as well, just PHP is worse.

PHP's confusingness in seemingly simple things is another risk: if people don't understand it, they will make dangerous mistakes.

The reason I say that I don't like PHP's syntax is the way it likes to name things, and the ecosystem built around it: it can be inconsistent, and annoying. The other issue is that everything is cluttered inside of the root namespace.

As for Python: well, Python is an outlier. It's even weirder, though I do not believe its syntax is bad in the same way as PHP. I've mentioned what my issues with its syntax are, which Python does not have.

I also wouldn't compare PHP to many other programming languages: it was designed as a Hypertext Preprocessor, not an extremely complex server-side language.

I'm not saying PHP is an abomination which requires eradication (though some people might), just that it's not perfect.

Baconman321 (1060)

@19wintersp As with other languages (regarding imperfection). I see your point. Although, yes PHP can post as a security risk, I find that the newer versions are more stable. A lot of people may have tried PHP when it was in a more risky state, so many have seen the worse versions. PHP has some built in security measures, like you can only do one MySQL statement at a time, to prevent MySQL injection attacks. I think it opens the eyes of programmers to security risks, helping them learn about them ahead of time. As for the syntax, I'll admit, yes it is weird. I have never seen such a confusing syntax, but I'll admit it seems fun to me as well. I just think it needs a try by other people to see how well it actually is. PHP is certainly not dead, I think a lot of people use it on the contrary. It's just that it needs some extra devotion if you code in it, which would actually benefit you in the long run, since it teaches you the necessities of web development due to it relying on you to know. It's better than backend with C++ though (unless you are a master at C++).

19wintersp (1120)

@Baconman321 PHP is certainly not dead, you're right there. Yes, I agree, most of the security issues are because most PHP servers are running outdated versions. I think that the newer versions are starting to get better (although they are blighted by the curse of backwards-compatibility).

Baconman321 (1060)

@19wintersp What would you mean by backwards compatibility? As in they aren't backwards compatible, or as in they are but that's bad? If you mean it is backwards compatible, then why would backwards compatibility be bad?

19wintersp (1120)

@Baconman321 Backwards compatibility keeps old websites running, which can be regarded as good, but it also enforces that bugs and mistakes of the past be carried into the future. A good example of this was the mysql_escape_string PHP function, which was supposed to sanitize input for SQL DBs. The issue was, it didn't escape % and _, but because of backwards compatibility, they couldn't change it. What did they do? New function, called mysql_real_escape_string. -_-

Baconman321 (1060)

@19wintersp Yeah, sometimes things become deprecated because of that. Other than that and a few other problems, it's a great language and I think I'll make a tutorial on learning it.