The beautiful and the damned: Why people love and hate PHP, and how Laravel and Symfony fit into this triangle?
by Ruslan Botnar
PHP is one of the most popular web developer tools. It is used to create a wide variety of websites, from simple business cards and landing pages to large portals or browser games. The advantages of this language include broad capabilities and code that is closed to users. The main disadvantages are that the server must have an interpreter (this particular defect was fixed in the latest versions) and some syntax features. Hidden bugs multiply, and "bad code" appears. We will talk about this below. In the meantime, let's get acquainted with the language itself. PHP single-handedly leads the way in the most commonly used languages and works well for high-load sites. Such well-known projects are built on it:
What tasks are solved in PHP?
For the PHP code to start working, you need to create and upload to the server at least one file with the HTML or PHP extension, depending on its specifics. This file will contain the program code consisting of PHP commands and HTML markup. Executable PHP commands are enclosed in <? PHP… statements. ?>. The simplified spelling <? …. ?>. The language supports the operation of various logical functions, mathematical calculations and works with arrays. Constants and separate variables, control structures like "if-then," loops, working with objects, files. PHP is mainly used:
- For interactive communication with users: submitting forms, online chats;
- Working with databases and files;
- Using cookies, working with sessions;
- Working with dynamic pages, including those with mouse control or from the touchpad;
- Creation of moving images;
- Parsing functions.
Websites using PHP can be created in two ways:
- HTML pages with PHP inserts. Obsolete, but still sometimes used. In static HTML pages, PHP code is added in those places where you need dynamics and communication with the user. Such sites do not have an admin section. All edits, including changing the content, are done manually, right in the code. Most of the code remains open-source.
- PHP sites where HTML markup is used for templates and content design. Modern "engines" of sites familiar to all, where management is convenient, and pages are generated each time accessing the site. As a result, the code is proprietary, and control is available even to users.
With HTML, you can create beautiful forms on the page and place stylish buttons. But without the help of PHP or other similar languages, the user will not be able to click on the button or send information.
- POST is a highly secure method for sending data. Its disadvantage is the low data transfer rate. It is used for authorization, transfer of payment data.
- GET is a fast data transfer but practically insecure. When submitting, information is added directly to the link. It could be like this: index.php? Page = 8 & post = 4. This method is used to send information that makes no sense to protect — for example, going to a specific page when clicking on a button.
Working with databases
One of PHP sites' advantages is that most of the data, except for graphics and files, is stored in MySQL tables or some other kind of database. This allows you to edit any content quickly, add the necessary information to the site, and make other changes. Without the use of databases, all data would have to be stored in files. As you know, this is a long way of working with data. In the authorization example, finding a user for authorization can take several minutes to long hours if there are many records.
When working with databases, our pair of variables with login and password is received by the auth.php page. This page then queries the database to find the presence of such a combination of values. Of course, in the example, the code is as simplified as possible and practically without protection. In reality, you will have to perform a large number of checks, including for SQL injection, i.e., attempts to add fragments of program code to the input field instead of the requested information to gain access to the database.
Creating dynamic pages
We already mentioned this feature above when we talked about PHP sites. It is indeed one of the most popular PHP features. It has taken a huge step forward, i.e., going from administering sites exclusively by web programmers to working with users' content.
Imagine that to make small changes to a menu or design. You have to make changes to each HTML file that corresponds to one page. But what if there are thousands of such pages? Or think how "fun" it is to contact the programmer in case of a typo in the article. Who did not find these times, take my word for it: the situation did not bring joy to either users or programmers.
With PHP, you can create one file responsible for a specific section of the site, regardless of the number of pages, or even for all pages, including a product catalog, a blog with articles. For this, the GET method is used, the result of which is as follows:
- the index.php link leads the user to the main page;
- when an identifier is added to this link, a link of the following type is obtained: index.php? Page = articles & id = 3, the user will see the article in the same design, stored in the database under number 3.
Besides, you can include template files on different pages using the include () function. For example, you have different pages - a home page, about a company, a product catalog. Each must have the same elements - "header," "footer" of the site, top or side menu.You create a file or several files with markup for the required design elements and include them on the required pages.This approach saves time and effort, and therefore quickly became ubiquitous. It is recommended to store the files of such templates in a separate folder. And deny direct access to it from the directory to help avoid data leakage.
Sessions and cookies
User sessions and cookies help speed up the site for the user and reduce the load on the database by storing information directly on the user's computer. For example, online stores often store information about viewed products in a cookie, as a result of which, when you visit again, you receive hints like "you have viewed".
It is also very convenient to use sessions to remember the user. And then, you don't have to go to the database every time to check authorization. Do you remember the favorite "remember me" button? And enter the site day after day without usernames and passwords (which is very usefull). And the site does not need to check the data from time to time.
Working with files
Using PHP, you can organize the addition of files to the server and their exciting editing. With PHP, you can also create a full-fledged text editor or browser file manager.
What can you do with pictures? One of the interesting features of working with graphic files is used when creating captcha. As you know, a combination of numbers or other symbols must be generated each time. But the user must see the picture. To do this, create a special file, which describes the method of generating the code. Let's call it captcha.php. Further, this file is indicated as a link to the image: <img src ="/ captcha.php" title =" Enter the code from the image">. As a result, the user sees the familiar captcha image. And the site automatically compares the entered characters with those that were generated. You can also crop graphic files uploaded by users to a specific size. For example, this is used in forums and social networks to automatically adjust all avatars to a particular size.
What can you do with parsing: Parsing is the automatic collection of information from different sites. It is sometimes used to collect data from reference catalogs. But there is also a more illustrative example. All of you have seen built-in Google or Yandex searches on sites. It is implemented precisely by the parsing method.
Why programmers hate PHP
If you have already been interested in professionals' opinions about the PHP language, most likely, you have read much negativity in the programming communities. Very often, the negative is caused by working with variables in PHP. If, in most languages, the variable needs to be declared separately and the data type must be specified, in PHP, it is enough to specify the name and put the $ symbol. You can also immediately "put" some data into a variable.
It would seem that this approach is much easier and faster. But in fact, the ability to put anything in any variable at any time leads to bugs, which can be very difficult to find. For example, you need an integer number. In the same C, you can only send a value of a suitable type to a variable of type int. Otherwise, the program will crash by mistake. In PHP, the value fits perfectly into a variable because there are no data types. As a result, the error appeared already at the stage of calculations if. For example, a string instead of an integer appears in your variable. It takes care and experience to reap the benefits of such a solution. Otherwise, you wouldn't be able to avoid problems.
At the same time, PHP is relatively easy to learn, and many people undertake to write in it. Today, over 80% of sites on the Internet are written in PHP. Obviously, the result is a massive amount of "bad" code, which also annoys experienced developers. Moreover, PHP has become a very favorable environment to produce such "good." If you make mistakes in the same C #, you will have to catch bugs for a very long time to get the code to start working. And PHP starts working almost immediately, just a little "crooked."
There was also an extremely "beloved" vulnerability in previous versions - creating a variable through a link. Now, from a reference like "? var = 5", you can get only a cell in the $ _GET super array, and in previous versions, you can also get the? var variable. As a result, the programmer had to check the data very carefully. Otherwise, the site would get a vulnerability. Now this bug has been fixed, but many people still remember it. Also, programmers point out among the shortcomings of PHP:
- A surplus of built-in functions that slow down the work and reduce the choice of names for the functions that the programmer creates;
- Inconvenient to work with objects;
- Few frameworks and packages;
- There is no multithreading.
Well, it is not complete without traditions and habits. It is already standard practice to scold PHP and call it a "dead language." Simultaneously, new versions of the language are constantly appearing, and millions of people worldwide work with it.
The actual level of developer productivity can only be measured by assessing how he spends his own time. PHP developers spend more time writing code and building functional applications than cultivating the Developer Cool Factor ™ and getting GitHub stars. (And we all know that GitHub stars are a quantitative way to measure developer skills.)
Things you can't do as a PHP developer:
- Program asynchronously (for real);
- Get a simple and understandable sequence of parameters for standard library functions;
- Create your own React TODO MVC app template;
- Implement a full-fledged server-side backend with a client-side frontend;
- Create your memory leaks;
- Make the space meaningful;
- Achieve data loss between requests;
- Solve the problem of hunger around the world;
- Confess with people that you are a PHP developer.
Symfony vs. Laravel: which PHP framework to choose?
If you are somehow connected with web development in PHP, then you must have heard about these two frameworks. They talk about them a lot and often, and mostly well. How do you choose the best of the good?
On the one hand, all PHP frameworks are now in demand since the PHP language has been steadily popular in the development environment for the past few years. PHP (Hypertext Preprocessor, originally Personal Home Page Tools), a language that began as a set of tools for developing personal web pages, remains for many developers today the primary tool for creating interactive and easy-to-use web applications.
Both Laravel and Symfony are designed to speed up development. Each offers a different approach and capabilities to the developer. From this point of view, we see Symfony as a kind of stronghold of stability. Since its inception, Symfony 2 has become a good practice rule in PHP development, a sort of classic. The framework has reached a high level of stability and continues to evolve. At the same time, Laravel is a reasonably young framework that is now undergoing a phase of active development. Its creators took a different approach and took a new path. However, it all started with Symfony. Laravel is based on it and has absorbed a lot from its "parent." Symfony differs in that it consists of various components. Components can be added and replaced or can be used in projects that are not built using Symfony. Laravel also uses many "ingredients" developed for Symfony. But this does not mean that it is a copy of Symfony.
Installation: To install the framework, download the Symfony Installer. To do this, just run the following command in any convenient console application: "$ sudo curl -lss https://symfony.com/installer -o / usr / local / bin / Symfony". A console application is an application that allows you to interact with a computer using text commands (instead of the usual graphical user interface). After completing all components' installation, create a new Symfony application with the following command: $ Symfony new my_project_name The installation process for Laravel is the same. Just download the installer using the dependency manager for PHP - composer. To do this, run the following commands in the console application: $ composer global require "laravel / installer" $ laravel new my_project_name In both cases, the developers made sure that installing and running the framework did not take much time. We could get ready to use with minimal effort tool.
Configuration: Symfony supports a wide variety of formats: PHP, YAML, and XML. You can choose either the most suitable for the current project (for example, XML is used as a standard in many large companies) or the one that the developer likes best. Laravel only supports one format, PHP. The question of choice does not arise here. But in principle, this format is sufficient, especially for novice developers. They don't need to learn other formats.
The community support:
Application work is the following process:
- Receiving an HTTP request by the server from the client (the user fills out the form on the site and clicks the Submit button);
- Server processing of the request;
- Reply to the request (The user sees the message "You have successfully registered!").
Before getting to the server, each such request is first checked for compliance with various rules (whether the user has access to the requested information, what data format was sent.). For example, you want to read more detailed information on a page and click "Read more ..." (that is, make a request to go to more detailed content). Suppose the content is only available to authorized users. In that case, the request will be denied, and you will be redirected to the login or registration page.
For this purpose, Laravel uses middleware - levels of validation through which an HTTP request passes on the application's path. All requests are checked against specific criteria. If a mismatch is found, the request is rejected. In Symfony, a similar process occurs using the kernel events mechanism. Here are the events that will be sent to the application. And such events can be limited using filters. Technically (at the level of code organization), approaches are different. Still, the process is provided in both frameworks in the original package. It is worth noting that this process will be easier to accomplish for an inexperienced developer in Laravel.
As a template engine (for processing HTML templates to create ready-made HTML pages), Symfony uses Twig by default, and Laravel uses Blade. Both template engines offer everything you need:
- Template inheritance: eliminates the need to create duplicate code and provides a flexible structure;
- Control constructs: allow you to describe display logic in templates,
- Output data filtering: Prevents possible XSS attacks.
The difference between the two is that Twig is more rigidly structured and does not allow PHP code to be embedded directly into the template. Instead, you can use filters. Blade is more flexible in this regard. It will enable you to write PHP code in a template, and it can be easily and infinitely extended.
Both frameworks offer ready-made solutions for conveniently working with databases not directly but through the abstraction layer. This ensures:
- The ability to conveniently work with data in the application;
- Ability to switch between DBMS (database management systems) practically without changes in the code (for example, switch from MySQL to PostgreSQL);
- Reducing the number of developer errors when working with the database.
The difference between the two frameworks is that Symfony uses a more advanced model for working with data, but at the same time, it is more complex. The interaction of the programmer with the databases is carried out through the object-relational projector - Doctrine. The core of this process is the abstraction layer we wrote about above. A novice developer will need to spend time learning Doctrine to get started using it. While Laravel uses its Eloquent library for the same purpose. The library is included in the framework's core and is more straightforward and more intuitive to use.
Specificity of the project
Symfony is recommended for:
Laravel is recommended for:
In this case, reliability and stability are essential. Symfony is not at all an unpredictable framework. Besides, Symfony already has a projected release plan for the next six years. Therefore, it is hardly worth expecting "surprises" from him.
In any case, before deciding on the choice of a tool, together with your developers, analyze the complete information about the future product (target audience, functionality, extensibility.). That is, first, clearly define what you will do. And then decide how.
PHP as a business tool
Every developer knows that the fastest and most efficient way to get something is to complain a lot and start from scratch every time. The market will always be waiting for your startup's launch because you need to create your framework. Why should we be concerned about outsourcing and relying on the open-source community when we can just do it ourselves?
All in all, PHP is a beautiful and functional language that allows you to create almost any kind of functionality for web projects. There is no point in ignoring him exclusively after listening to colleagues. Moreover, learning PHP is easy, and it brings many benefits for a web developer.
In the end, if you want to specialize in the WEB, even with an acute reluctance, sooner or later, you will be faced with the need to make edits or modify a PHP site. And the disadvantages of the language need to be studied and taken into account in the work process. After all, there are no ideal programming languages. And PHP, along with its disadvantages, has a vast number of advantages and capabilities. Still, have questions about the specifics of PHP development or frameworks use? Contact us right now!