PHP, the good and the bad

PHP, the good and the bad

Posted on by Petter Kjelkenes - last updated 11. July, 2019

PHP is probably amongst the most hated programming languages around the world. Some people love it, some people say its a toy language, some people hate it with a passion.

PHP has grown a lot within the last couple of years. PHP now supports proper OOP, and have concepts like Classes, Interfaces, Traits, Closures / lamdas, Generators, Strict types, and more.

This article will be a list of what I think is good, and what I dont like about PHP.

The good

  • PHP is really easy to get started with. Put a script on a web server and run it. This can also be bad.
  • You dont have to learn basic concepts like how the http protocol works, just create a script and start echoing stuff out. This can also be bad.
  • PHP 7+ is really fast, it beats the contenders such as Ruby and Python.
  • PHP has composer which can be compared to gem, pip and npm. Composer was probably the best thing that happened with PHP.
  • PHP has plenty of well tested blogging systems and cms systems. E.g. Wordpress, Drupal, Joomla and eZ Publish. This alone is huge, and might be a big reason that PHP is still alive.
  • PHP has great libraries for doing advanced integrations and large legacy systems.
  • Creating complex libraries is great because PHP supports almost full type safety in classes.
  • Well tested frameworks used in production for years: Symfony and Laravel.
  • PHP Documentation is readable and indexed greatly by google. Just google that function and you are good.
  • PSR. PHP Standards Recommendation. This project is great, it means that libraries written can work with each other. Also PSR consist of a coding standards guide, which leads to better code.

What i personally dont like

Global function mess.

PHP's mess around global functions can be frustrating.

$array = [1,2,3];
// Can just this:
$array = array_merge($array, [4]);
// Be this?

Dollar signs $ :(

Dollar sign in front of variables shouldn't be necessary. I would rather use literals to concatenate.


Because PHP is so simple by default, it doesn't have good defaults for security such as XSS injections.


$opsIForgotToEscapeThisVariable = $_GET['xss-attacks-are-welcome-here'];
echo "Hello $opsIForgotToEscapeThisVariable";

Too easy to learn.

I mean it. Its way too easy. PHP is so easy to learn, which leads to really bad code written by junior developers which just started learning to code.

I did not sign up for Java

I dont like Java. Actually I dont like Java at all. PHP is starting to feel more like Java. This can be great, but often leads to overly complex code. E.g. use a simple array instead of creating 10 value object classes that implements each of its own interface?

Legacy code

When working with PHP projects you would often work with legacy code. This legacy code was e.g. written by really bad programmers or was written for PHP 4 with no OOP at all. Working with such code makes you feel like a sad -sad Panda. Often these systems are also full of bugs.

Legacy code can be true for other programming languages as well. But I solely think PHP has the worst legacy code. PHP 4 was really bad and the eco system was not there.