Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Mar 2007
    Thanked 0 Times in 0 Posts

    Programming Languages

    So two real questions...to start with....

    1. What is the best web programming language based on security, functionality etc (i.e what do online booking sites and major commercial use?
    2. What is better Java/Python/PHP?

  2. #2
    Senior Coder deathshadow's Avatar
    Join Date
    Feb 2016
    Keene, NH
    Thanked 478 Times in 466 Posts
    There's really no better or great "one size fits all" answer here.

    Java is a pain in the *** for web development for the simple reason most managed hosts will tell you to sod off in terms of installing it, limiting you to self-managed VPS or dedicated hosting. It's more secure than PHP thanks to bytecode distribution making things like "code elevations" basically unheard of, but it can be really obtuse thanks to its "Everything is an object" paradigm that quite often simply doesn't fit the task attempting to be accomplished.

    The realization of that last part is why a LOT of web dev's never adopted Java in the first place, and a great many of those who did are abandoning it for node.js

    Python is probably the WORST choice for web development. It has its fans, many claiming it's somehow "easier" or "good for beginners" which is the exact opposite of my own experiences with it. The non-standard syntax and methodology is utterly counterintuitive, the "whitespace is your blocks" is ridiculously and aggravatingly fragile and painful to work with, its string handling is a joke, it lacks a decent interface to web server technologies, and like Java it's hard to find hosts that will let you run it unless you DIY.

    PHP has its own share of problems, security being the biggest. As an interpreted language it is SO easy to accidentally write some bad code that allows for what are known as "code elevations" -- accidentally letting user generated content turn into code that actually runs server side. There are ways to prevent this outright, though they can cripple the functionality (such as disabling all file read/write operations). There are also techniques for minimizing the window in which attacks can occur, how far the damage from an exploit can spread, and so forth, but it requires a bit of knowledge and experience to use it safely and securely.

    PHP used to have a lot of security problems that stemmed partly from bad practices, partly from the naivete of the early web, and partly from the simple fact that as the de-facto #1 server side language (despite wild claims from its detractors) it's got a giant bullseye painted on it. MOST if not all of those vulnerabilities have been utterly stamped underfoot by PHP 7, which is why a LOT of PHP 5/earlier code won't even run under 7. The old mysql_ functions for example where people were slopping values into query strings was just begging to be pwned; and whilst people can still go full pakled doing that with mysqli or PDO (the two new interface to SQL choices, I prefer the latter) that's not how one should be accessing things, as with "prepared queries" any chances of SQL injection flat out disappear.

    In fact the only major vulnerability in PHP that worries me is that you can still perform regular file access on include files, something that should be disallowed. Letting any file on the filesystem PHP has access to be included to be run as code, as well as letting any file that can be run as code be read via other means is a massive security hole that is how most elevation hacks work. It's rare now because the outer layers of security are so much better, but it troubles me.

    It's like blowing billions on building a stupid wall whilst ignoring the airports and seaports where the actual skulduggery takes place.

    BUT PHP has some of the most robust string handling of any language, was designed from the start to act as glue between HTML and CSS, and is for all intents and purposes a template engine unto itself. Though that's why the fools who run template engines on top of PHP are ignorant know-nothings!

    More so it has a ridiculously large function library. Programmers coming from other languages often make the mistake of "Brute force" coding things PHP already has built in, just because what it can do for you out of the box are things other languages send you diving for third party libraries to do, or having to do for yourself.

    As such while the language itself can often be slow at "General computing" tasks -- though PHP 7 upped its game in that regard -- a lot of what you do when building an actual website is faster and easier just because the language itself is built to do exactly the things you need done.

    Likewise it is far, far, FAR better documented than Java, node.js, Perl, Python, or any other web language out there. The website itself -- php.net -- is the documentation. It's complete, has user questions and clarifications on every page, wonderful cross referencing, and real world examples of every single function. It puts every other language out there I've seen the past 20 years to shame in this regard; and it's just part of why if you need help with PHP you're far more likely to find it.

    If nothing else, it has an actual helpful community spirit to it I find lacking in "mercenary" systems like node.js, "wishful thinking rainbows and unicorns" that is python, or the "but it was created by Sun" Java folks... many of whom can't even seem to explain how their own code works much less help you with your own.

    Honestly I've not seen any language this well documented since the old Borland "Turbo" languages that came with 500 page books out of the box. Something that would probably freak out todays TLDR twitter generation mouth-breathers who would consider this short post a "wall of text". It's called literacy, try it, it's nice. That was a joke, it's called a sense of humor. You should try it, it's nice... that was a quote from Pretty in Pink... You should watch it, it's nice.

    Finally unlike every other language on the web PHP is ubiquitous. It's everywhere. It's harder to find hosting plans that don't offer PHP than it is to find plans that offer Java, Python, node.js, or even Perl. (Perl used to be king of web dev before PHP was invented)

    It's for those reasons -- the robust library, excellent documentation, helpful community, and availability on hosting -- that PHP remains my go-to for web development of normal website content in spite of the problems.

    Sure you'll hear fanboys of other languages saying halfwitted nonsense like "PHP is dying, nobody's using it anymore" -- really? REALLY? really... What's the number one CMS again? I'm not a fan of it, but wordpress is constantly growing its userbase and is effectively a mainstay. What's it written in? PHP. With mySQL. I don't hear them in some great big panic to go hopping to some other language!

    BUT -- it's not the go-to for every task. You want lower latency socket type calls for web services, node.js (aka server-side JavaScript) is a much better choice. I need to interface to local hardware I'm going to C++ or Object Pascal -- or even assembly.

    If you're looking at making websites PHP is a good starting point, but it -- like every other language -- is NOT going to be the only thing you should learn, are going to need, or even should use in the long term bigger picture.
    “There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies.” – C.A.R. Hoare, The 1980 ACM Turing Award Lecture


Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts