Possible future for PHP

Image taken from wikimediafoundation.org

From the translator : this post is a free translation of the article A possible future for PHP , written by Frank Karlitschek, the founder of ownCloud and the developer of the same open source product for creating cloud storage.

If you look at the latest statistics OwnCloud is one of the largest open source projects written in PHP. Most of you know that PHP is used to implement the OwnCloud server side. We use other technologies, such as C ++ and Qt for desktop clients, Java for Android applications and Objective-C for iOS, JavaScript for the web interface and much more. But the heart of OwnCloud is a server component that is based on PHP 5.3 or higher ...
')


There were several reasons for choosing PHP:

• The main task of OwnCloud is to provide everyone with its own cloud server. PHP is a technology that is available on most web servers, operating systems and platforms. We also make hosting OwnCloud servers much easier, because they are written in PHP.
• PHP is a scripting language, which means that one tarball will work on all platforms, and there are no complicated compilations and builds.
• PHP is very well known. Many people are familiar with PHP. And even developers who don't know PHP can learn it easily enough. This is very important for an open source project, because the level of requirements for participants should be as low as possible.
• PHP is powerful and fast enough if used in the right way. Many major web projects such as Wikipedia, Facebook, WordPress and partly Yahoo are written in PHP. So you can do a lot on it. Unfortunately, it is also relatively easy to write bad code. But more on that later.
• There is a huge ecosystem of libraries, components / drivers available for PHP. For an open source project like OwnCloud, this is very cool, because it means you don’t have to write everything from scratch. We stand on the shoulders of giants.

PHP is not the most “hit” programming language in the world. In fact, the opposite is true. He has a relatively bad reputation. I personally have never been a big fan in choosing technologies based on the fact that it is “cool” or it is “modern” or it is “in fashion”. I think that there are different technologies for different areas, and they should be evaluated objectively and should be chosen without the involvement of emotions. So I don’t understand religious discussions, why tool X is always better than technology Y. I think that all this is the right technology to work with, of course, after a fair assessment of the rationality of using them.

So I am still very pleased with this decision to use PHP. Until now, we have not encountered major architectural or technical problems that we could not solve with PHP.

But does this mean that PHP is perfect and I am very happy with everything? Of course not. PHP was developed in the mid-90s, at a time when no one could imagine the web as it looks today. Some of the interesting features of the time turned into a nightmare today. There is a lot that needs to be improved, and I think that even the core PHP developers will agree with me here.

Some obvious flaws:

• Security. PHP itself is not secure, but it does provide the ability to write fine and secure code. PHP decided to implement a rather naive approach to security and does not support the developer too much in writing safe code. In all fairness, everyone was naive about web security in the 90s. Thus, there are not so many features in PHP that help a developer write safe code. For example, confusion with databases, until now many people do not use bindable variables, which may allow the appearance of SQL injections. And incoming data filtering for XSS and other possible problems should be resolved manually by the developer. There are extensions and libraries that can help solve all these problems, but they are not part of the language / kernel or do not solve the problem completely.
• compilation / configuration. Just for fun, run the ./configure script to compile PHP and look at all the compilation options. And now look at the options that can be set in php.ini by the server administrator. On the one hand, this is good, because the administrator can enable and disable the lion's share of functions in PHP in a rather trivial way. But for a PHP developer an application that should work on all available servers with PHP support is a nightmare. You never know which features are available and active. In OwnCloud, we have a lot of code that depends on the environment and the runtime, and checks that everything works as it should, or adapts to it as necessary. This, unfortunately, is not what you call a stable platform and a good OS abstraction.
• There are some inconsistencies in the functions and class names. Sometimes underscores are used, sometimes CamelCase. Some features are available in a procedural style, and some have an OO API, and some even have both. There is a lot that needs to be cleared.
• Static typing. Of course, this is a matter of taste, but sometimes I really want to have more static typing, I really would like to have a little more static typing in PHP. Guess what the following code does if you have a file named “0” in the directory

while ( ($filename = readdir($dh)) == true) $files[] = $filename;

I really want to see PHP move to the next level in the future and improve some of these flaws, because most of them really deserve it.
But it is very important to do it right.

The latest article in ArsTechnica and Apple is pushing for Swift as the successor to Objective-C, and here I can see how the next generation of PHP can and should be done.
Maintain backward compatibility or fix its flaws? - Apple Swift

Now there is an old, and frankly, very naive approach. The core team of developers of the programming language simply releases a new incompatible version that corrects the flaws of the old version. Examples are Perl and Python. The problem is that it is almost impossible to rewrite most of the software projects written in these languages, in order to make them compatible with the new version. So you end up working with two versions of the programming language / framework / application for a very long time. And some applications work on the old version and will work on the old version. Different library dependencies are sometimes available only for one of the versions.

Migration is very hard and cannot be done in parts. Please see Perl6 and Python 2/3 for an example of what a nightmare it can be. Both exist for a very long time and many projects are “stuck” somewhere in the middle of the migration route.

A more positive example is C ++. It is still very different from C, but it’s good that it can be used intermixed inside an application. Thus, C 90s developers can use new interesting C ++ functions in one part of the application, without having to rewrite the entire application from scratch.

Apple is moving to promote Swift as a successor to Objective-C, in my opinion, this is very clever. It's a completely new language, but it works in the same runtime environment. This means that a developer can take an existing Objective-C application code and simply start writing new Swift functions or replace some parts of the old code with others with new Swift code. This is ultimately compiled into binary code, which has no new execution dependencies compared with Objective-C.

I hope PHP will do what makes it possible to significantly develop and improve the language, but still providing a smooth migration experience, not like with Perl and Python, when they released completely new incompatible releases.

It is also a good solution if PHP 6 or 7 introduces a new opening tag, for example <? PHPNEXT instead of <? PHP. Both modes will be fully supported by the new version of PHP and can be used in parallel in the same application or even in the same file. And in the PHPNEXT section, a new and improved syntax will be used.

Here are some improvement ideas I'd like to see:

• Security. There will be no more _GET, _POST, _SERVER arrays, instead of them the correct API will appear, which can be used to filter all incoming data. (Note of translator: Currently there is a filter_input that is supported by PHP 5> = 5.2.0)
• Database. PHP supports many different database APIs. Some of them are very old, but they are incompatible to use. All must be standardized in order for only one OO API to exist. I personally would like to see PDO as a basis.
• 32 / 64bit. Anyone who has ever tried to write a PHP application that runs on 32-bit or 64-bit OSs recognize that variables, especially integers, behave differently. I understand that these are echoes of C / C ++, but this is a really bad idea. I don't want to have different parts of the code that need to be checked independently.
• Safe_mode, open_basedir, and other ancient concepts will go away (Note: The safe_mode option was deprecated in 5.3.0 and removed in 5.4.0)
• Most compile configuration options and runtime will be removed. All PHPNEXT environments should be as close and stable as possible.
• Typification. It would be great if additional static typing appeared in PHP, such that the variable could be declared as bool or int. And if something else is used in it, an exception was thrown.
• To always use unicode strings

Some of these improvements have been implemented in Hack, which is a kind of separate PHP branch developed by Facebook. Hack has a really interesting concept that is developing in the same direction. They also use the new tag "<hh", so that the code can be used intermixed in one file, and they also improved typing. At the moment it is not clear how much effort Facebook intends to spend on the project in the future in order to develop Hack further and how it will be accepted outside of Facebook. I also worry about how open they are for changes that are not important to them, who will regulate them and how. I would prefer an official and more general approach from the PHP community, which will be part of one of the following major PHP releases.

I hope that the dream of a more modern and clean PHP, including a smooth migration path, will become a reality in the next few years.

Obviously, we in OwnCloud will not be able to start migrating to this new PHP mode, until up to 95% of all PHP installations start working with the new version. It will be easy, but will require an additional 3-5 years.

Making great projects, such as WordPress or OwnCloud, it will actually be possible to move to a cleaner and more modern language. But more importantly, PHP will be ready to challenge the future.

UPD: added a note about removing safe_mode in 5.4.0. Thanks to Sway for the tip-up :), also added a note about filter_input , thx AmdY for the comment .

UPD2: corrected several errors in the text, thanks to hDrummer for providing comments.