[SunRescue] PHP3 questions [off-topic]

David Cantrell david at cantrell.org.uk
Tue Apr 4 14:13:02 CDT 2000


Christopher Klein <C.Klein at scm.brad.ac.uk> wrote:

> You can do all your usual CGI stuff with PHP, and the benefits are it is
> damn easy to program in, it has fantastic support for databse access and
> is faster than using perl to access databases such as MySQL.

This is not true, IME.  PHP's database support is sorely lacking.  Until
recently, there was no standard interface to databases so your code was
not portable between Oracle and Sybase and MySQL and so on - unlike
perl's well-supported DBI/DBD interface.  I believe this is changing
now, but PHP still has a fair way to go before it catches up with perl
in this area.

As for speed - yes, PHP is faster than plain ol' perl CGIs, and gives
many advantages for things like session tracking.  You would expect that
with PHP as it gets built into the server!  However, when you compare
with mod_perl - that is, with *perl* built into the server - then they
are neck-and-neck.

Incidentally, if you're using MySQL, you probably don't run a very busy
- or important - site.  So any minute speed difference is not relevant
anyway :-)

>                                                              it also is
> more secure than using Perl CGI which can leave some nasty security holes.

Any programming language can be used to create security holes, including
PHP.  Perhaps you could cite some examples of security holes which are
present in a well-maintained perl environment and which are not present
in a well-maintained PHP environment, and which are an artifact of the
language itself rather than of the programmer.

I am aware of several sites (and indeed, programs which are *not* used
in websites) which have security holes and which use perl.  They are
all, however, amateurish security holes which they would still have if
they used PHP or any other language for their server-side processing. 
The flaws are not in the language but in the way the programmer has used
it.

> If you see sites that are .asp, it is exactly the same idea except that
> asp is a microshaft idea and hence not worth mentioning.

Ahhhh, now on that you have my whole-hearted agreement :-)

Sorry to carp on about this, but I *really* hate it when I see stuff
such as this which is JUST PLAIN WRONG.  Yes, I know this is off-topic. 
Follow-ups off-list please.  I will not respond to replies sent to the
list.

-- 
David Cantrell
Grand High Panjandrum
Croydon Perl Mongers





More information about the rescue mailing list