What killed Smalltalk could kill Python

Chris Angelico rosuav at gmail.com
Wed Jan 21 18:41:19 EST 2015 

On Thu, Jan 22, 2015 at 10:19 AM, Anthony Papillion
<anthony at cajuntechie.org> wrote:
> To be fair, PHP has come a long way in the last few years and, I hear,
> there's movements within the community to make it better. Namespaces
> were a bit deal as were a few other things. Personally, while I am
> LOVING Python, I'd be sad to see PHP die. It's got a lot of potential if
> the community can get its crap together and take off the ruby coloured
> glasses.

The huge advantage of PHP over other languages is that it comes free
with any cheap web host. That's also a huge *dis*advantage when it
comes to "movements... to make it better", because you can't know when
the new version will become sufficiently prevalent to depend on it.
I've seen PHP 4 compatibility code in current versions of some big
frameworks, although I've no idea whether that implies actual support
or just that nobody's removed it yet.

But there are a few fundamental problems with PHP, which are derived
directly from its philosophies. One of them is that any file in some
directory tree is automatically an entry point - specifically, an
*executable* entry point. PHP frameworks that accept file uploads have
to go to great lengths to ensure that malicious users can't upload
code and run it. Every web framework I've seen for Python, Ruby, Pike,
etc, has URL routing defined by the application, not the file system,
and if you define a readable uploads directory, all you're going to do
is allow people to re-download the same file. Even old CGI scripts,
where file system presence defined entry points, weren't as bad as PHP
- firstly because they were usually restricted to /cgi-bin/ (and you
simply wouldn't allow world writing to that directory), and secondly
because the scripts had to be marked executable, which PHP scripts
don't.

Maybe PHP will grow true Unicode support in a future version. Maybe
it'll gain a nice object model that compares well to Python's or
Ruby's or whichever other you want to look at. Maybe there'll be a
complete reworking of string comparisons so that "12e2" is no longer
equal to "1200". But I doubt it'll ever shift away from file-system
entry points.

And that's why I will continue to push people to Python+Flask rather than PHP.

ChrisA

More information about the Python-list mailing list