A possible future for PHP

Thursday, Oct 2, 2014| Tags:

ownCloud is one of the biggest open source project written in PHP if you look into the latest statistics. It is used for the server part of ownCloudas most of you know. We use other technologies like C++ and Qt for the Desktop Clients, Java for the Android app and Objective-C for iOS, JavaScript for the web-interface and more. But the heart of ownCloud is the server component which is using PHP 5.3 or higher..

There were several reason for choosing PHP:

  • The mission of ownCloud is to enable everybody to host their own cloud server. PHP is the technology that is available on most webservers, operating systems and platforms. So we make hosting of an ownCloud server super easier because it is written in PHP.
  • PHP is a scripting language which means that one server tar file runs on all platforms and no complicated cross-compiling and packaging is needed
  • PHP is very well known. A lot of people are familiar with PHP. And even the developers who don´t know PHP can learn is relatively easy. This is very important especially for an open source project. The bar to become a contributor should be as low as possible.
  • PHP is fast and quite powerful if used in the right way. A lot of big web application like Wikipedia, Facebook, WordPress and parts of Yahoo are written in PHP. So you can do a lot with it. Unfortunately is is also relatively easy to write bad PHP code. But more about this later.
  • There is a huge ecosystem of libraries, components and connectors/drivers available for PHP. For an open source project like ownCloud this is very cool because this means that you don´t have to reinvent everything from scratch. We stand on the shoulders of giants.

PHP is not the most hip programming language in the world. Actually the opposite. It has a relatively bad reputation. I personally was never a big fan of choosing the technologies based on what is cool or “modern” or in vogue. I think there are different technology for different jobs and they should be evaluated objectively and choose without to much emotion involved. So I don´t understand the religious discussions why tool x is always better than technology y. I think it is all about the right technology for the job after a fair assessment of course.

So i´m still very happy with this decision to use PHP. So far we have not seen any bigger architectural technical problems that we can´t solve with PHP.

Does this mean that PHP is perfect and I´m super happy with everything? Of course not. PHP was developed in the mid 90s at a time where no one could have imagined how the web looks like today. Some of the cool features of the time turned into a nightmare today. There is a lot to improve and I think even the core PHP developers agree with me here.

A few of the obvious shortcomings are:

  • Security. PHP in itself is not insecure and it is obviously possible to write perfectly fine and secure applications with PHP. But PHP decided to implement an quite naive approach about security and doesn´t support the developer too much in writing secure code. To be fair everybody was naive about web security in the 90s. So there are a not a lot of features available in PHP that actively support you with writing secure code. The database situation is a mess so a lot of people still don´t use prepared statement which leads to possible SQL injection. And filtering incoming data for XSS and other problems has to be done relatively manually. There are extensions and libraries available to help with all this problems but they are not part of the language/runtime core or are incomplete.
  • compile time / runtime configuration. Just for fun call the ./configure script to compile php yourself and look at all the compile options. And now look at all the options that can be set in php.ini by the server admin. On one side this is cool because an admin can enable and disable a ton for core features in PHP in a very fine granular way. But as a developer of an PHP application that should run on all available PHP servers this is a nightmare. You never know which feature is enabled and available. In ownCloud we have a lot of code that s the environment and the runtime to see if everything works as expected and adapts to it as needed. This is unfortunately not what you call a stable platform and a good OS abstraction.
  • There are some inconsistencies in the function and class namings. Sometimes unerscores are used and sometimes camel-case. Some features are available in a procedural style and some have an OO API and some even have both. There is a lot that should be cleaned up.
  • Static typing. This is totally a question of taste but sometimes I would really love to have a bit more static typing in PHP. Guess what this following code does if you have a file named “0” in your directory

I would really love to see PHP moving to the next level and improving some of this shortcomings because most of it is really good.
But it is very important to do it right.

A latest article at ArsTechnica and Apples move to introduce Swift as Objective-C successor triggered my fantasy how a next generation PHP could and should be done. Keep a programming language backwards compatible or fix its flaws? – Apple Swift

There is the old and to be honest quite naive approach. The core team of a programming language just releases a new and incompatible version that fixes the flaws of the older version. Examples are Perl or Python. The problem is that it´s close to impossible to rewrite a big software project to make it compatible with a new version. So you end up with two versions of the programming language/framework/runtime for a very long time. Some applications run on the old version and some run on the old version. Libraries and dependencies are sometimes only available for one of the versions.
Migration is super hard and can´t be done piece by piece. Please see Perl6 and Phyton 2/3  as examples what a nightmare this can be. Both exist for a very long time and a lot of software is stuck in the middle of a migration story somewhere.

A more positive example is C++. It ´s still a very different language than C but the good thing is that it can be mixed inside an application. So in the 90s C developers were able to use the cool new C++ features in one part of the application without the need to rewrite everything from scratch.

Apples move to introduce Swift as a successor of Objective-C is very clever in my opinion. It´s completely new language but it´s running on the same runtime. This means that a developer can take an existing Objective-C application an just start to write the new features in Swift or replace pieces one after another with new Swift code. This than compiles into one binary that has no new runtime dependencies compared with Objective-C.

I wish PHP would do something that makes it possible to evolve and improve the language significantly but still provides a smooth migration experience not like Perl and Python did with introducing completely new backward incompatible releases.

So a good solution would be if PHP 6 or 7 would introduce a new tag to start a php file. For example <?PHPNEXT instead of <?PHP. Both modes are fully supported by the new PHP version and can be used in parallel in the same application or even in the same file. In the NEXT section the new and improved syntax is used.

Here are a few ideas for improvements that I would love to see:

  • Security. Kill the _GET and _POST and _SERVER arrays and introduce a proper API that can be used to filter all incoming data.
  • Database. PHP support a ton of different database API. Some of them are very old but they are inconsistent to use. Everything should be standardized so that only one OO interface exists. I personally would use PDO as a starting-point here.
  • 32bit / 64bit. Anyone who ever tried to write a PHP application that runs on 32bit or 64bit operating-systems will recognize that variables especially integers behave differently. I understand that this is a reminiszense to C/C++ but this is seriously a bad idea. I don´t want to have different code paths which have to be tested independently.
  • kill save_mode, open_basedir and other acient concepts
  • Remove most of the compile and runtime config options. All PHPNEXT runtime environments should be as similar and stable as possible.
  • Typing. It would be cool if PHP would introduce optional static typing. So that a variable can be declared as, for example, bool or int. An exception should be thrown if used otherwise.
  • Always use unicode strings

Some of this improvements are implemented in Hack which is some kind of PHP fork developed by Facebook. Hack is indeed an interesting concept that goes into a similar direction. They also use a new tag “<hh” so that code can be mixed in one file and they improve typing. At the moment it´s not clear how much energy Facebook will invest in the future to push Hack forward and how much adoption it will get outside Facebook. I´m especially worried how open they are for changes that are not important for them, how well and open this is governed. I would prefer an official and more generic approach from the PHP community which will be part of one of the next main PHP releases.

I hope by dream of a more modern and cleaned up PHP including a smooth migration path becomes reality in the next few years.
Obviously we at ownCloud couldn´t start to migrate to this new PHP mode before 95% of all PHP installations out there run with the new version. This will easily take additional 3-5 years.

By doing this big projects like WordPress or ownCloud would actually have a realistic chance to move to a cleaner and more modern language. But more importantly this would make PHP ready for the challenges of the future.

Please leave a comment here in the blog if you have an opinion about this.

Contact

Always get in contact if you have questions, ideas, proposals, requests or other feedback.

Get in Contact