No, PHP is not dead!

Last June PHP celebrated its 20th anniversary, but despite its coming of age and very widespread use, PHP has a bad reputation. It's often criticised for not being strict enough, too slow and supported by a community lacking professionalism. As a result, PHP is often rejected in large-scale web projects. Yes, the objections against PHP are often well founded, but the changes that were introduced the language since 2009, when version 5.3 was released, are enough to persuade us to have a rethink. This is because the language, which has made a meaningful contribution to the growth of dynamic websites and whose version 7 is up for release in mid-November, is more alive than ever.

Is PHP not strict enough?

There are two types of programming language: typed languages, and those that are not, known as dynamic languages. Typed languages force developers to explicitly define the format they wish to assign to each variable (in the memory), whereas dynamic languages find the best format themselves. This is easier for the developer but sometimes the memory use isn't optimised. For example if you had to manage a large amount of data, you would normally choose a format which consumed little memory per piece of data; however high-level languages like PHP don't always choose well. Someone who doesn't know how PHP works might easily develop a program that monopolises all the server’s resources and wrongly decide that PHP isn't strict enough.

Dynamic typing actually imposes certain constraints in writing code. It's therefore possible, in theory, to mix two different data formats, but you might not necessarily get the results you expect! Add a word from the dictionary to a number for example. You would never do that, right? Yet this is one of the causes of the most common PHP bug. Dynamic typing does have a major appeal however. On the web, the majority of data is exchanged in text format (via the HTTP protocol), but in some cases you will be expecting numeric values instead of textual data; after all we've been able to share images and videos on the web for 20 years! Dynamic coding allows the developer to simplify their code and switch between text and numeric values very easily. The drawback to this is an increased risk of bugs and issues maintaining developed applications.

Dynamic code allows the developer to simplify their code and to switch between text and numeric values very easily. The drawback of this is an increased risk of bugs and issues maintaining developed applications.

Fortunately, the PHP community and web developers in general have much improved over the past ten years. Bad practices have been analysed and documented and, most importantly, a number of tools have been developed to eradicate them. One of the best examples is OWASP, which creates a list of the most common internet security problems every year. With this in mind can we still say that PHP isn't strict enough? Any traps can be easily dodged with good knowledge of dynamic typing, and more importantly nothing is forcing developers to be as flexible as the language they use!

Popularised by newbies, unfairly shunned by professionals

PHP's popularity can be easily explained. Its flexibility makes it newbie-friendly, and as a result many of us learnt to develop using PHP. But in technology, as in love, the early days can be difficult, and there are some thing we may feel ashamed about a few years down the line. Many PHP applications coded by inexperienced developers have become a haven for bad practices that can sometimes compromise security and performance: customer data security issues*, mass data processing without optimisation, etc. Because of this PHP quickly became a scapegoat.

Many applications built with PHP were created by newbies. This is why the code is often poorly optimised.

At the start of the millennium, when the internet was becoming popular, different PHP communities were formed. It was at this time that programming libraries were created for developers to share and reuse snippets of code. This helped to improve the quality of projects developed in Java for example. However, the PHP community were a little late in coming together which meant that each team of developers had to develop its own library. Consequently PHP was seen by professionals as a language for beginners which was unsuitable for serious projects.

However PHP has been used for large scale web projects, such as Wikipedia and Facebook which boast millions of connections a day and whose teams are definitely not made up of beginners. How can this be so? Well- in 2009 the PHP community woke up and the language changed a great deal. Version 5.3, under the guise of a minor release, was actually behind a number of important changes, starting with the crucial namespaces mechanism. Namespaces simplify the separation of code into different libraries, which significantly reduces the "edge-effect". This allowed developers to write libraries of code, which the PHP community encouraged by creating the Composer platform designed to share and distribute libraries. The number of code libraries available on Composer has rocketed and enabled developers to concentrate on the more technical aspects of their job.
The Guzzle library is a perfect example: Before Composer existed Curl was often used to perform HTTP queries. Although it was easy to perform HTTP queries with this language, a number of technical constraints were not necessarily taken into account (the definition of time-out, the data limit, the use of streaming etc...)Consequently downloading large files would often lead to running out of memory. When Guzzle arrived it had the necessary components to optimise Curl and perform HTTP queries more easily. Good practice spread as a consequence and there has been a global reduction in the amount of memory used by PHP scripts to perform HTTP requests.

At the same time as the release of PHP5.3, the arrival of large development frameworks such as Symfony2, Zend Framework2 and more recently Laravel, allowed for the industrialisation of PHP development. These new frameworks brought about faster development techniques and have themselves contributed to the spread of good practice by simplifying cache set-up, increasing security levels and accelerating code execution. In a nutshell, the tools which make it possible to use PHP as a "professional language" have been in place for five years now. Finally, PHP 5.3 also signalled an increase in the release rate of new versions of the language, which is now nearly annual. PHP 5.6 is now available and the community only supports versions 5.5 and 5.6.

PHP- a slow language? It's all about interpretation...

A little earlier on I used Facebook as an example of a project that uses PHP on a large scale.
I’ve got to be honest, Facebook doesn't use PHP like you and I do. The company has tried to speed up PHP code. In 2013, after attempting to compile PHP in 2010 with the Hip-Hop application, Mark Zuckerberg's developers created HHVM, a new platform for executing PHP programmes, and ended up with a language more restrictive than PHP, known as Hack. Must we therefore conclude that PHP suffers from issues of chronic slowness?

PHP is an interpreted language and is therefore inevitably slower than compiled languages - languages transformed into self-contained executable variables (in the machine’s native language), such as C or C++. Interpreted languages are "compiled" at each execution, which increases the computing time. Some interpreted languages, like Java or Python, are sometimes "pre-compiled" in a language that is closer to the machine’s language (bytecode), but their execution still needs a second, very quick, interpretation. Lastly, some languages, including PyPI, Java8 and Lua, are now capable of compiling themselves directly in the machine’s native language during their execution, which enables the application to launch very quickly. This process is called JIT (Just-In-Time compilation).

Going back to the subject of PHP’s apparent slowness, PHP certainly isn't the only interpreted language on the web - far from it! PHP does however have a special feature: it’s not a persistent language. When someone connects to a PHP website, the PHP server reboots and then recompiles. In contrast, languages such as Java only compile when the application starts up, which is often when the server starts up. This choice of design is an advantage in terms of scalability for applications coded in PHP because each request benefits from a new and healthy environment in which it can be executed. For example, a memory leak that happens when a PHP application is in use won't impact queries made by subsequent users. Security is also tighter because each query is isolated. And above all, applications are more stable, so sysadmins don't have to regularly restart the PHP server unlike the administrators of Tomcat (the Java server), which monopolises all the RAM above a certain period of activity. (Of course this only happens to poorly coded applications!).

Yes, it's true that PHP may once have been slower than some other languages as it isn't a persistent language, but this hasn't been the case since 2012. PHP 5.4 was released in 2012 and it came with a built-in cache engine, OpCache**, which is able to store the compilation from the first request. Some people will say that strictly speaking this is nothing new because modules such as eAccelerator, APC ou Xcache have always been heavily used to deal with "slowness". However, the fact that this cache mechanism has been integrated within PHP shows us that PHP's execution speed is very similar to that of other languages, with the added advantage of scalability. With this in mind, we recommend that you update to a more recent version of PHP and activate the PHP-FPM engine to benefit from these performance improvements!

Released in 2012, PHP 5.4 comes with a built-in cache engine, OpCache, which is able to store the compilation from the first request.

Why then has PHP's reputation for being a slow language stuck? PHP 5 might well be a little less efficient than JIT languages, but yet again the average level of PHP developers is probably to blame, given that there are a lot of newbies among them. In fact, a number of PHP sites are slow, not because of the PHP code itself but because of the relationship between the application and its environment. Most PHP sites use a database hosted on another server and don't optimise their SQL queries. Some of them save files onto the server's hard disk. There are so many things that can lead to an increase in latency: the network, disk writing, etc., not to mention optimisation flaws... We aren't counting websites which come a cropper because they perform queries in a database without an index! One current example is WordPress plugins coded in PHP. Many plugins perform queries on other servers and search many databases for every user query. This slows down websites considerably, regardless of PHP. Incidentally, if you want to try to understand why your application isn't performing, I recommend you watch this conference, "Beyond PHP - it's not (just) about the code", which was presented during Fosdem 2015.

A matter of weeks away from the release of PHP 7 (which you will able to beta test on OVH Web Hosting plans) it seemed fitting to tackle some of the preconceived ideas surrounding PHP, because no, it's definitely not a dead language! It even has serious advantages in terms of one of the most interesting issues we face nearly everyday: the scalability of applications and their host infrastructures. We will discuss PHP 7 in more detail in a future article. Until then I hope that you will take a fresh, unbiased look at PHP!

Vincent Cassé is a developer who works in the OVH infrastructure management team. In particular, he worked on the hubiC web application, coded in PHP.

*SQL injections have long been one of the biggest issues in PHP applications:

**If you want to find out more about OpCache, I recommend you watch Julien Pauli's conference. Julien is the release manager of the last two versions of PHP. Watch the video I See the slides

Previous article

The domain name life cycle