Posts Tagged ‘PHP’

I was recently interviewed by Computerworld UK regarding our launch in the UK and the current rise of PHP in the corporate world.

The result is online here.

The 'leading PHP expert' phrase are not my words, but pretty cool.

How do you see PHP pickup in your country? The Nexen stats are one thing, but how businesses are using it is another. Post a comment to let me know how 'PHP' and 'Business' go together in your region.

So one day, Scott McNealy, founder and chairman of Sun, read in his morning newspaper how the use of Java was rapidly diminishing, courtesy of something called 'The LAMP Stack'. Furiously, he called his accountant.

Scott: "I knew this Java thing was a bad idea in the first place! I see only one solution. We need to buy this Lamp!"
Accountant: "Euh, LAMP is not a company. It's an acronym. It's Linux , Apache, MySQL and PHP"
Scott: "Then buy me Linux!"
Accountant: "But we still have this Solaris thing.."
Scott: "Then buy me Apache!"
Accountant: "That's a foundation. Nothing to buy there."
Scott: "Then buy me MySQL!"
Accountant: "We don't do databases."
Scott: "It's a database?"
Accountant: "What rock have you been living under?"
Scott: "Sweet. I can own the Lamp AND piss off Oracle at the same time!" (waves fake plastic magic wand) "Make it so!"

And so it happened.

Ten days later, Microsoft CEO Steve Ballmer was reading the CIO Magazine, and read about this interesting thing called PHP, that according to the author you could use to write "WHAT?!". "WHAT?!", obviously a highly advanced and evolved version of "Hello World", caught his attention. So he called Bill Gates.

Steve: "Hey, you heard about this PHP thing?"
Bill: "Pee Age Pee? You're not that old yet, are you?"
Steve: "What? No, wait, it's a programming language, apparently better than ASP.NET."
Bill: "Who cares if it's better. I mean; we made the worst operating systems ever and still rule. (Checked out Leopard yet? It is SO cool.)"
Steve: "I don't know Bill... remember that internet thing that we didn't know about years ago? Kind of nearly missed the boat there."
Bill: "Right. Didn't we solve that in the same way? Worst browser, highest market share, that sort of thing?"
Steve: "Yes we did, but then we also didn't know about this 'mp3' thing until it was too late."
Bill: "We did manage to make Zune the worst player, but somehow we're not market leader. Guess we got sloppy?"
Steve: "Maybe it's just different times. Maybe we should have a different strategy."
Bill: "Ok, so let's just buy PHP then."
Steve: "It's not a company. But Encarta says it's written by a Rasmus Lerdorf."
Bill: "So let's hire him."
Steve: "Tried that. Didn't want to join. Can't blame him, works at Yahoo."
Bill: "Then I guess we'll have to buy Yahoo."

So it happened.

Two of the most controversial announcements of this month, and both appear to be part of devious plots to take over the LAMP stack. What's next? My prediction: Red-Hat buys Zend; Oracle buys Red-Hat; Sun and IBM join forces to buy Oracle, Microsoft buys Sun, kills IBM and peace is restored in the galaxy.

P.S. Can you imagine Microsoft running sites like Flickr? These guys invented MS Paint!

Unfortunately, Derick Rethans just announced that this year he will do no more PHP lookback. Derick: thanks for the years that you wrote them, and let's hope someone else will take over.

When I look back at 2007, what strikes me most is how strong a foothold PHP has gained in business environments. Sure, overall PHP usage has been steadily growing as always, but PHP is seen more and more in large corporations. Sometimes next to java (a common scenario is a java J2EE backend with a PHP frontend), but sometimes it's just PHP. I have encountered publishing agencies, retailers, manufacturers and even large insurance companies. They are running internal applications on PHP, and although often their external websites are pretty plain, their internal systems are very critical systems, with cashflows that are depending entirely on applications written in PHP.

I think what we see happening here is very similar to what happened to Linux a few years ago. Started as someone's hobby, adopted by enthousiasts, then for a while growing in popularity as an important OS in internet environments, and finally making its way into the enterprise. It has happened to Linux, to Apache (and its spin-off projects), it is now happening to PHP and I predict for 2008 that we will also see MySQL moving more and more into that direction (it's ubiquitous on the internet already, it just needs to take the leap to the enterprise).

Some say that Ruby was a big threat to PHP in 2007 (thanks to the Ruby on Rails framework). I have flirted a bit with Ruby myself, and language-wise, it's much cleaner and consistent. However, selecting a programming language is not just about the language. It's about factors such as community support, learning curve, installed base, companies supporting it and many more factors, and I think PHP has proven to be pretty strong in that area.

A fact supporting the statement that PHP has become 'serious business' in 2007 is the availability and adoption of 'enterprise' tools. Zend, for example, has always catered to the developer with tools such as their Zend Studio IDE and projects such as Zend Framework, but now they also have tools that the managers of those developers will like, such as Zend Core and Zend Platform; tools focusing on things like productivity, scalability, reliability and several other business-friendly *ity words. This is in line with other components of the LAMP stack: there's already 'Enterprise Linux' and 'Enterprise MySQL'. Zend positions Zend Platform as 'Enterprise PHP' (they're just not calling it that yet ). It's natural for a company like Zend to move into this direction. I hope that more PHP companies will follow suit and release professional products around PHP, there's definitely a market for tools.

I think however that still the biggest driving force behind PHP aren't the companies, but the community. It's the community that leads; businesses just follow. With many conferences in 2007, it's clear that there's a big PHP community. The community is not just the 'celebrities' that write the language or that speak at conferences, it's everybody working with PHP. I've met many people from the community this year, and hope to meet even more next year.

It's great to be a part of this community!

P.S. It would also be nice to have another PHP Throwdown competition next year, and it would be nice if someone would actually win this time (hi Elizabeth! ).

I am happy to announce that I've just signed a contract with PHP|Architect to write the book 'Enterprise PHP Development'.

It will be one of the first books about PHP that will not cover PHP code. It is loosely based on my 'enterprise PHP development' talk at the Zend UK Business Conference last year. It will cover the entire development lifecycle of a software project, but targeted at PHP development teams. From project management to test driven development and from architecture and design to release management. I will try to cover anything a development team needs to take their development efforts to the next level.

I'm planning to deliver a first version of the book in March, so I hope it will be released in the first half of 2008.

I'm currently working on the rough outline and writing the first chapters. I welcome any input from my blog readers. If there's any topic that you think should be covered in a book about professional PHP development, post your ideas below in the comments. Also, I will be looking for one or two case studies: companies that are already applying PHP in a professional context, and that have moved well beyond the 'scripting stadium'. If you work at such a company and are interested to work with me on a case study, let me know.

I had the honor of writing the entry for day 9 of the PHP Advent Calendar. My entry is about Design Patterns.

The PHP Advent Calendar is an initiative of Chris Shiflett. Every day until Christmas, people from the PHP community will post entries on PHP related subjects. Topics covered so far include Testing, Security, Documentation, SPL and there are many more.

Sean Coates created a nice interface to the calendar that makes it easy to navigate through all the entries that have been posted. You can find it here.

On a regular basis, I still encounter the following conversation:

"What do you do against SQL injection?"
"I escape the data."
"How?"
"addslashes"

This is not the best way to escape data. The most important reason is security. addslashes can lure you into a false sense of security. As Chris Shiflett points out, there are situations that addslashes doesn't escape.

Use mysql_real_escape_string instead.

When using a different database, such as Oracle, addslashes won't help either: the single quote escape for MySQL is ', but for oracle it's '' (a double single quote). For each database there is an alternative to mysql_real_escape_string.

An even better way to handle this problem is to use prepared statements, for example with PDO. PDO uses prepared statement capabilities of the database if supported, or emulates it when it isn't supported. In a prepared statement, it is a lot harder to exploit SQL injections.

Many people know about the disadvantages of addslashes, and it's even covered in the ZCE exam, but still a lot of people use addslashes. Probably one of the main reasons is that the documentation at php.net still states this:

An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. Most databases do this with a which would mean O'reilly."

The comments in the manual mention the problems, but many developers will not read those.

So even if this is old news, it's good to draw attention to it every once in a while.