Ian Bicking: the old part of his blog

It happens too often

I have major problems with PHP, I have a list somewhere of the things I hate the most about the language, which I really should dig up and blog about now that I don't work where I used to work anymore.

To give you an idea of the fundamental breakage that PHP gives us, let me show you why I hate the language.

To write an SQL query in PHP, there are two popular methods. One is an easy way, the other is the RIGHT way. Let me show you.

Easy Way:

mysql_query("UPDATE users SET age='$age' WHERE id = '$id'");

Right Way:

if (get_magic_quotes_gpc()) {
  $age = stripslashes($age);
}
mysql_query("UPDATE users SET age='".mysql_real_quote_string($age)."' WHERE id = '".mysql_real_quote_string($id)."'");

So PHP gives you a choice, use the easy to use "string $interpolation" syntax provided by the language, or write correct code. You can immediately see why there are so many security problems in PHP.

Comment on Re: The PHP Ghetto
by Stephen Thorne

Comments:

I hate to say this, but that's a pretty stupid argument. If your syntax for doing things the right way is long or complex, abstract it, wrap around it, fiddle with it, chuck it in a function or fold it to an object or obfuscate it in a Perl module or however else you'd like to make things simpler. This is what programming is all about, no? This is why annotations are popular. This is why Groovy is groovy. This is why Python is cool and Ruby shines. And it's why PHP isn't as bad as the PHP developer.

# Alexander