Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:119840
Message-ID: <749ea626-c85a-2e34-dad3-47e133319e9c@helionweb.de>
Date: Sun, 9 Apr 2023 03:09:29 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.1
Content-Language: de-DE, en-US
References: <aa9f0f66-f772-3fc4-4f66-2245930ab089@helionweb.de>
 <CAGBsUrcQWKc+JD2adprcgdqNAKr==McFeoYO3WF3pR2qxgon2g@mail.gmail.com>
 <CAMXcktN64EsoErjbFzdWe+qzM5RVYNR98WO8xcLOYxeYCK=NiA@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
In-Reply-To: <CAMXcktN64EsoErjbFzdWe+qzM5RVYNR98WO8xcLOYxeYCK=NiA@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] Future stability of PHP?
From: stephan.soller@helionweb.de (Stephan Soller)

It depends on your environment and usecase.

For me Node is actually a curious case. Node itself and its APIs are 
very stable and the stability of each API is clearly marked in the docs.

But the NPM based ecosystem is almost the exact opposite. Using it for 
anything else than quick experiments or throw-away prototypes is a 
maintenance nightmare for people like me. Maybe you can amortize that in 
larger companies with an operations department but from what I heard and 
observed over the years admins and programmers don't tend to talk much 
with each other and most programmers have no idea what it takes to keep 
their code running. And I can deeply emphasize with every admin who has 
to keep a node project with hundreds of dependencies running for more 
than a few months. Lets not even talk about security.

Nodes core APIs are pretty network centric (that's where it came from) 
and it was a good fit for a HTTP based Matroska video streaming server 
project (among other things). But as it turns out JavaScript is a pretty 
bad language if you need bit manipulation with 64 bits. I'm still 
curious why they made BigInt signed one's-complement… Writing that stuff 
in C was a lot simpler.

As for websites with node but without NPM... I did that a few times but 
for the last two years I tend to use Python aiohttp instead. They have 
well maintained Debian packages and builtin websocket support. And very 
complex client-server interactions are often the threshold where I 
switch from webservers like Apache or Nginx to an application server.

As for using PHP for new code bases: I think a lot of programmers 
underestimate the flexibility and simplicity of file based webservers 
like Apache with PHP. If you keep it simple they allow projects to grow 
organically. Need a new backend for something? Just put a few lines of 
code into a new PHP file. No update to a centralized application server 
or routes required. Want to have a search-engine friendly dynamic 
website? Just write a basic HTML page with a few lines of PHP in it to 
insert the actual data (the alternate control structure syntax basically 
gives you a builtin template system). Want to generate static pages 
instead? Use output redirection. Want to add simple user authentication? 
Add a password protection in the webserver. Or tell it to get the user 
data from LDAP if you're in a company. It plays well with source 
control, there are a lot of dirt cheap webhosters for small customers, 
the list goes on and on. All of that makes PHP a pretty good tool that 
can solve a lot of problems in very simple ways.

A lot of that are just small projects, small customers or the inglorious 
everyday work that nobody likes but someone has to do. So it doesn't get 
talked about much. Big companies and teams on the other hand spend a lot 
of time talking about what they do and then there are also consultants 
that preach whatever sells today. Most tend to talk about what everyone 
else is doing and this doesn't necessarily has anything to do with a 
simple solution for your specific problem at hand.

Of course all of that can flip on a dime depending on your environment: 
Part of a team where everyone has decades of Java experience? You're not 
using PHP, or node for that matter. Doing a project with a lot of 
rookies that only know stuff like express and react? Guess what you'll 
be using. Part of a team where everyone has their dedicated 
non-overlapping area of responsibility and authority (content, design, 
programming, etc.)? Now there is potential to use the right tool for the 
job. And PHP can be just that in a lot of situations.

Happy programming
Stephan



On 08.04.23 22:47, Dan Liebner wrote:
> I agree with the OP's sentiment here. If I was starting a codebase from
> scratch today, I'd probably go with Node. I find that writing modern
> JavaScript is way easier than writing PHP these days, and the breaking
> changes in newer PHP versions make writing code harder rather than easier.
> PHP is the foundation for many legacy codebases, and breaking old projects
> isn't really a great selling point of new PHP versions.
> 
> Hopefully this scenario will affect enough people that 7.4 will continue to
> be maintained by some group of people into the foreseeable future.
> 
> Best,
> Dan
> 
> On Sat, Apr 8, 2023 at 4:28 PM Kamil Tekiela <tekiela246@gmail.com> wrote:
> 
>> Hi Stephan,
>>
>> Generally, PHP tries to keep as much backwards compatibility as possible.
>> Breaking changes are limited to minimum and done in the least obstructive
>> way possible. When a deprecation is introduced, you have at least 3 years
>> to update your code.
>> But PHP also tries to move forward and the language improves each year. We
>> certainly got many more features than breaking changes. Just think of match
>> expression, enums, attributes, constructor property promotion, new Random
>> API, readonly properties/classes, first-class callable, consistent errors
>> and many more.
>> The biggest improvement in PHP 7 and 8 was a comprehensive type system.
>> It's something that you don't have to use, therefore doesn't affect
>> existing code much, but makes development so much more enjoyable and less
>> bug-prone. I know I have discovered many bugs because of migration to PHP 8
>> and introduction of proper types.
>> And this is the direction PHP is going in. The language is still dynamic
>> and allows for taking the easy route, but new features focus on reducing
>> bugs by making the code's behaviour less surprising.
>>
>> If you try to adhere to clean code principles, upgrades should not be a
>> huge problem. Use static analysis and good tests. Learn and follow clean
>> code practices, e.g. SOLID. Use abstraction in your code; it's better to
>> change code only in one place than change it across hundreds of files. Some
>> tools help you during migrations, such as Rector and phpcbf, but to use
>> them proficiently, your code needs to be free from surprises. Dynamic
>> properties are a very good example of surprising behaviour. By looking at
>> the definition of the class, you don't know what properties it has. If any
>> of the methods use undefined properties, both you and static analysers will
>> be surprised by this.
>>
>> There are certain things you should avoid in your code like fire. Not
>> because they might be removed from the language, but because they make your
>> code unclean and cause bugs. Here is my list:
>> - Arrays. Yes, they are a major feature of the language but also a major
>> pain in the... Use proper data structures, which may use arrays internally,
>> but don't use bare arrays in your code. Value objects and DTOs are
>> invaluable.
>> - Isset and empty. They are sometimes necessary and sometimes they are the
>> easiest choice, but they hide so many bugs. Every time you use any of them,
>> it should raise an immediate red flag.
>> - References. I don't understand why the language still has this feature.
>> Hack got rid of it and that was a very smart decision. You don't need
>> references. Use them almost never.
>> - Globals and superglobals. This should not need explaining. Pretty much in
>> every language, these are pure evil. They make changes to the code an
>> experience similar to disarming a bomb. It's tempting to use $_GET, $_POST,
>> $_REQUEST anywhere in your code, but if you want to avoid bugs and
>> surprises, you'd better stay away from it. There should probably be at most
>> one place in every project where these are used.
>> - extract() and compact(), and variable variables. These should only be
>> used in a very tightly controlled scope, and even then, their usage can be
>> contested. Ideally, variable variables should not exist in the language; we
>> have arrays after all.
>> - Sanitizing filters. Sanitization is too ambiguous term to be useful. What
>> you should be using is validation and formatting. Validate your inputs to
>> make sure they are the type/value you expect. Format the output so that it
>> can't break the context it is in.
>> - Loose comparison. I have liked that about PHP in the past, but in recent
>> years I became a strong supporter of strict comparison. Why? Because "0" ==
>> false. Forbid using loose comparison in your coding standard and forget
>> that it exists. Don't let the language make a fool out of you. You are the
>> developer and you know what type you expect.
>>
>> Following these guidelines will not only help you avoid bugs in your code
>> but also will make the upgrade process much less cumbersome. This and
>> adhering to the strictest level of the static analysis tool of your choice
>> is the recipe for success.
>>
>> Try to stay up to date with the changes. Every year when PHP releases a new
>> version, go over the changelog and make an effort to learn and use new
>> features. Even if your production is 3 years behind, you can try these out
>> in your development environment.
>>
>> PHP will move forward and add new features, but sometimes it must also
>> break some things to move forward.
>>
>> Kind Regards,
>> Kamil Tekiela
>>
>