...

View Full Version : Friend says Java's better than PHP



Justin Anderson
12-28-2006, 10:19 AM
My friend says that it's better to develop a site in Java instead of using PHP. He says that Java is more secure and future proof. And he says that PHP has too many security issues.

I know nothing about programming so maybe someone could inform me on whether or not this is true. I've been told by several people that PHP is the way to go over Java. Why or why not?

thanks,
-Justin

_Aerospace_Eng_
12-28-2006, 12:36 PM
It really depends on what you want to do. PHP is a little more versatile than java. For java to even work you need a runtime environment installed. Many users don't even have that. PHP is free and is allowed on most webhosts. Java will take time to learn because there is just so many things involved. PHP will easier to learn because things start getting repetitive. IMO though you might be taking on more than you can chew if you don't know any programming. Start with HTML/CSS, move on to HTML/CSS/Javascript (this is NOT java), then try a server side language.

ess
12-28-2006, 01:00 PM
In few words, Java is more powerful and stable than PHP.

It is true that PHP is easier to learn etc. but the fact still remains, PHP IS NOT STABLE, and NOT VERY SECURE scripting language.

If you do a google search on PHP security, or look at Security Focus (http://www.securityfocus.com/) website, there is not a day that goes by without a security hole or a bug being discovered in PHP.

Here is a good article about PHP security.
http://news.com.com/2100-1001-847092.html

Also, the fact that a leading member of the official security team has left PHP because of the lack of corporations between team members is alarming to say the least. You can visit the following website to learn more about this.

http://www.memestreams.net/users/rattle/technology/computers/computersecurity

Further, if you look at most mission critical websites, you will find that they have been developed in Java or .NET for the reasons stated above.

Good Luck
Ess

Justin Anderson
12-28-2006, 01:08 PM
Thanks. Really good to know! :thumbsup:


In few words, Java is more powerful and stable than PHP.

It is true that PHP is easier to learn etc. but the fact still remains, PHP IS NOT STABLE, and NOT VERY SECURE scripting language.

If you do a google search on PHP security, or look at Security Focus (http://www.securityfocus.com/) website, there is not a day that goes by without a security hole or a bug being discovered in PHP.

Here is a good article about PHP security.
http://news.com.com/2100-1001-847092.html

Also, the fact that a leading member of the official security team has left PHP because of the lack of corporations between team members is alarming to say the least. You can visit the following website to learn more about this.

http://www.memestreams.net/users/rattle/technology/computers/computersecurity

Further, if you look at most mission critical websites, you will find that they have been developed in Java or .NET for the reasons stated above.

Good Luck
Ess

firepages
12-28-2006, 01:13 PM
The code is as secure as the coder writing it and the platform it lives on, any fool can write insecure JAVA or insecure PHP.

Future proof is a strange boast for JAVA since JAVA has been relying on future hardware performance boosts for a very long time now.

To REAL issues...
JAVA would have a much steeper learning curve than PHP, to purists its a prettier language as it has `stronger` object-orientation than PHP (4 or5)

JAVA is seen historically as an `enterprise-grade` language .. that means nothing more than your interpretation of `enterprise` & PHP runs enough sites on any scale to put that argument to bed anyway.

In theory (we are told) JAVA should be faster , in my experience it seems to be the opposite , JAVA heads boast of pre-compilation of code ... of course that `bytecode` still has to be run via the virtual machine so its not compiled in the normal sense, moreover JAVA just seems very resource intensive (hence all the JAVA-heads waiting for quantum computers)

I can find you a thousand benchmarks telling you that JAVA is faster .. in the real world its much harder to spot.

JAVA (like PHP) is of course cross-platform which is a + for any language

PHP was created to solve the `web problem` and that it did, talking to databases, filesystems, IPC's etc is a breeze in PHP , as is image-manipulation, XML (with PHP5's SimpleXML) and many many other web-related issues.

PHP is EASY!!, thats the point, nor is that a bad thing, just because something is easy does not make it a bad thing, as long as performance & scalability do not suffer and in PHP's case they do not.

I still don't get the future proof bit, where is it that JAVA is going that PHP is not ? open-source? ... PHP is already there, SUN have the $$ but PHP has a community that now earn $ from their labours, there are many commercial enterprises based around PHP and its applications, I don't see them going anywhere for a while.

Justin Anderson
12-28-2006, 01:14 PM
It really depends on what you want to do. PHP is a little more versatile than java. For java to even work you need a runtime environment installed. Many users don't even have that. PHP is free and is allowed on most webhosts. Java will take time to learn because there is just so many things involved. PHP will easier to learn because things start getting repetitive. IMO though you might be taking on more than you can chew if you don't know any programming. Start with HTML/CSS, move on to HTML/CSS/Javascript (this is NOT java), then try a server side language.

"[...]you need a runtime environment installed. Many users don't even have that."

Didn't think of that.


I took a semester of Java 3 years ago back in high school, which was right after taking 2 semesters of C++. I'd say I have a background.
I think that Java would be the best choice and I'm not in too big of a hurry; I have time to learn. Where could I find a good primer and/or detailed information on developing Java based websites at the GUI and class based tiers of the web development. (My friend is perfectly able of developing the database and class based tiers of the site, but he wanted me to work on the GUI and I'd need some class interface knowledge)

Any help would be great.

cheers,
-Justin

Justin Anderson
12-28-2006, 01:17 PM
The code is as secure as the coder writing it and the platform it lives on, any fool can write insecure JAVA or insecure PHP.

Future proof is a strange boast for JAVA since JAVA has been relying on future hardware performance boosts for a very long time now.

To REAL issues...
JAVA would have a much steeper learning curve than PHP, to purists its a prettier language as it has `stronger` object-orientation than PHP (4 or5)

JAVA is seen historically as an `enterprise-grade` language .. that means nothing more than your interpretation of `enterprise` & PHP runs enough sites on any scale to put that argument to bed anyway.

In theory (we are told) JAVA should be faster , in my experience it seems to be the opposite , JAVA heads boast of pre-compilation of code ... of course that `bytecode` still has to be run via the virtual machine so its not compiled in the normal sense, moreover JAVA just seems very resource intensive (hence all the JAVA-heads waiting for quantum computers)

I can find you a thousand benchmarks telling you that JAVA is faster .. in the real world its much harder to spot.

JAVA (like PHP) is of course cross-platform which is a + for any language

PHP was created to solve the `web problem` and that it did, talking to databases, filesystems, IPC's etc is a breeze in PHP , as is image-manipulation, XML (with PHP5's SimpleXML) and many many other web-related issues.

PHP is EASY!!, thats the point, nor is that a bad thing, just because something is easy does not make it a bad thing, as long as performance & scalability do not suffer and in PHP's case they do not.

I still don't get the future proof bit, where is it that JAVA is going that PHP is not ? open-source? ... PHP is already there, SUN have the $$ but PHP has a community that now earn $ from their labours, there are many commercial enterprises based around PHP and its applications, I don't see them going anywhere for a while.

Thanks.

My friend has basically written off PHP as an option because of security issues. Anything you would tell him to convince him otherwise?

marek_mar
12-28-2006, 01:57 PM
Yes... things like that change quite fast. The article about PHP security linked to in this thread is very old relates to PHP versions which are not used anymore.

firepages
12-28-2006, 02:10 PM
I can find you hundreds of `PHP` vunerabilites, the sad fact is that most of them are not PHP vunerabilites but PHP application vunerabilites, e.g. bad code (I have written a fair bit of that myself;))

There have been a few php core vunerabilites but the number I suspect would be less than those found in the JVM itself let alone JSP implementations etc, of course with PHP's open-source transparency many bugs and potential vulnerabilities are discovered before they can create too much havoc, unless of course one believes in security via obscurity.

Its a bit like suggesting that C/C++ is insecure because mozilla (written in C/C++ (as is PHP/apache/Mysql)) has had vulnerabilities discovered and exploited.

Because PHP is so powerful and easy to use there is an awful lot of crap code out there (see PHPBB PHPNuke etc), but thats down to the application developers NOT PHP itself... I can write you an insecure JAVA routine if that helps ? ;)

nikkiH
12-28-2006, 03:01 PM
"[...]you need a runtime environment installed. Many users don't even have that."

For web applications, Java need not be installed by the user. It is compiled into bytecode and run on the server.
However, just like PHP, the web server needs to support it and have the JVM.
IME, Java is great for Enterprise level applications when you use EJB and a good server like BEA. Having worked with it, I'd never choose it for "normal" applications. There's just too much crap to it. To get good performance, you need a WAR file (pre-compiled) and very good design of your classes.

I would likewise never choose PHP for an Enterprise application simply because J2EE already has so much there for you to use that PHP does not (pre-made classes, security, and many more things I won't go into because it would be a book). But I'm talking BIG applications, which are not overly common (banking/financial sites for example).
The vast majority of sites would do just fine with PHP, and it is as secure as Java IF the coder wrote the application properly. IME, it's simply easier to write secure code in Java, but that doesn't make Java inherently more secure.

JMHO

Justin Anderson
12-28-2006, 11:05 PM
ok, so the security issue of PHP is pretty much a mute point.

Are there any downfalls of developing a site in Java(besides the learning curve) as opposed to php?

nikkiH
12-28-2006, 11:09 PM
It requires more money to operate the host, so you pay for it. Java requires more resources than PHP.
It is harder to find a host to support it.

Assuming you do not own the server and are paying money for hosting. You get way more options and better deals with LAMP. Finding a new host, should the need arise, is much simpler.

Justin Anderson
12-28-2006, 11:16 PM
It requires more money to operate the host, so you pay for it. Java requires more resources than PHP.
It is harder to find a host to support it.

Could you expand upon this statement a bit?

ralph l mayo
12-29-2006, 12:04 AM
Just to be contrarian to both offered positions, I'd say go with Ruby. It's more OO than Java (no primitives! even nil has methods!) it's dynamically typed but type safe, all numbers are automatically and transparently big numbers (no integer overflows), and it's got all the best idioms of perl and Lisp in one package. Along with a hugely popular MVC framework.

edit: if Java is the only other option, do it. Everything this side of COBOL .NET is better than PHP, imho

ess
12-29-2006, 02:48 AM
Ruby on Rails is a great platform for web development. However, Java is more powerful than Ruby on Rails or PHP.

In any case, it really depends on what you want to achieve.

As for memory management in Java. Well, yes...there few issues with memory management, but that very much depends on the developer than on the language itself. That is to say that if you leave resources open when you are not using them, such as you open a file for a read operation and you never get around to close it, than there would be memory leaks. However, this is the case for any language really and as a developer, you need to take care of that.

As for performance. JSP pages are compiled once and a cached version will be sent with every request. When you compare this with PHP for instance, you will find that PHP interprets every single line of code every time a page is requested.

This is also the case with .NET applications...but .NET manages compilations on the fly better than Java does. The reason is a simple one. That is, .NET applications are built for Windows OS, whilst Java is built to run on any OS that supports Java such as Linux, Mac OS, Windows, Unix, Solarios etc...

To summarize, Java is quite a large language to learn...and you will need to spend sometime to learn it. in contrast, PHP is simple when compared to Java, C#, VB6, or VB.NET. However, in my experience, I find that maintaining applications written in Java or C# are much easier to do than those written in PHP.

The reason is a simple one. Java and C# have been greatly influenced by the development of C++, whilst PHP...well...I could write a book here, has been influenced by Python, Perl, Java, C#...etc. The problem here is that those languages belong to a different set of families of programming paradigms (C++, C#, Java are based on the C language, the others are not and should not be seen in the same category).

As such, when you are programming in PHP, you will find that some functions, methods, routines, whatever you want to call them...are not written to a convention like it is the case with Java, C++, or C#. As such, you could easily get lost in PHP...because convention changes because of the fact that the language itself has been influenced by conventions that are not related, or based on a common convention.

Someone stated "you need a runtime environment installed."
I am sorry, but I going to state the obvious. tell me, if you program in PHP, exactly what do to use to run those applications. Do you not need to install PHP, Apache or IIS, etc. Well, it is the same thing, you need to install Java to be able to compile Java applications that you wish to write etc.

Also, someone stated that PHP is platform independent. That is not TRUE. I have developed applications in PHP...they worked fine on Linux OS...but was not the case when I tried running them on Windows. PHP is not 100% platform independent. Java is 100% platform independent...which means you can write your application on Windows OS, compile it...and you would be able to run it on Linux, Mac OS...etc.

Justin Anderson
12-29-2006, 03:32 AM
thanks guys. This has helped.
Any more advice would be helpful...like where can I find an experienced Java web developer? :thumbsup:

firepages
12-29-2006, 03:37 AM
I stated that PHP was platform independent & I stand by that, php-gtk applications (the closest thing I can compare to a standalone JAVA application) run on windows, linux , macos and freebsd, you (as with any language) have to take into account OS differences (newlines EOF directory seperators etc) but thats down to the coder.

Some PHP functions are avaliable on one platform but not another (e.g. no COM on linux but why would there be ?) some are buggy ((normally on win32) shmop for example)
I now develop totally on linux but for years I developed on win32 and served on linux,without issue, again only platform specific's needed to be catered for (no backticks on win32)


such as you open a file for a read operation and you never get around to close it,
not quite, PHP closes file handles and database connections when the script execution ends if you have not already done so, PHP does a lot of friendly things like this for you, its a friendly language as thats what it was meant to be.


PHP interprets every single line of code there are several free and commercial caches available for PHP.. + the JAVA cached code is still byte-code, it requires the JVM to translate it (interpreted)

I dont get how you see PHP as influenced by C# ? it was around long before that was, it is influenced by C probably since it is written in C and many functions will be very familiar to the C programmer, many are verbatim wrappers.
It was originally written in PERL but the only common factor there was to avoid using perl in the first place ;)

PHP5 has pandered to JAVA requests and the (IMO unwarranted) request for MVC functionality which requires more and better OO than PHP4 provided.

The only point I can agree on is that some namingand argument conventions are a bit messy in PHP , haystack,needle or needle,haystack ? we have both which is unfortunate and from time to time I still have to check the order for a less used function, it has been suggested that this gets `fixed` in PHP6.. no comment on that one.

I am the first to agree BTW that PHP is simple ... but that is where people get the wrong idea about simplicity v power, PHP makes it simple to create dynamic webpages, simple to connect to MySQL,MsSQL,Oracle,etc, simple to create dynamic images, simple to manipulate shared memory and sessions ... simple to create shell scripts and IPC routines, simple to access/manipulate mail and webmail and create/receive HTTP/TCP/UDP requests , simple to create socket servers, handle SOAP & WDDX requests, simple to
... OK you get the point, take a look at the function reference & you will get the idea, I use PHP daily via standalone GUI's, shell(CLI) scripts and creating web applications, I do many things that should probably be done in PERL or C because its just too easy in PHP, I do not see how that makes it less powerful?

marek_mar
12-29-2006, 12:34 PM
Did you know there is a "java bridge" that allows you to use JAVA classes in PHP?

nikkiH
12-29-2006, 03:04 PM
Could you expand upon this statement a bit?

At work, we own our servers. What we install on them is up to us, and maintenance is ours. A lot of people, however, make web applications and put them on a host that they "rent", so to speak. You're at the mercy of your host and what they provide. My personal website is hosted by Jaguar LLC.
While I was host shopping, back when I coded a lot more in Java and Cold Fusion (I'm more a .net and php chick these days), I noticed hosts that provide a java/JSP environment are harder to find, as well as more expensive, than hosts that support PHP. There is more you have to do to configure the host for beans and JSP, so there is more for the admins to have to do for you. Therefore, the packages are more expensive.

IME only, of course.
Also IME, it's a lot easier to find a ton of pre-made apps written in PHP than java, so you don't have to reinvent the wheel for say an image gallery.

The platform you choose is really very dependent on what you want it for.
Oh, and java developers cost more than PHP developers, at least from the going rates I've seen posted on job sites. ;)

ralph l mayo
12-29-2006, 06:18 PM
However, Java is more powerful than Ruby on Rails or PHP.

This is not a true statement. Firstly, it's apples and oranges because RoR is a framework and Ruby is a language, so you'd want to compare it to something like Struts or the Zend Framework. Assuming you mean Ruby the language for RoR, it's still untrue except under very perverse definitions of "powerful"

dniwebdesign
02-11-2007, 08:09 AM
Sorry, but this part just stands out...


...
I know nothing about programming so maybe someone could inform me on whether or not this is true.
...


"...
I took a semester of Java 3 years ago back in high school, which was right after taking 2 semesters of C++. I'd say I have a background.
...

Kind of contradicting yourself now, aren't ya. I took JAVA myself in University and I prefer PHP for web applications and server side development better. I can do more and all my hosts support PHP, and as said before, "The code is only as secure as the coder coding it." (Now try to say that five times in a row fast). Really it all depends on personal preference as well.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum