• Arachnid (unregistered) in reply to dan
    ammoQ:
    Anonymous:

    I don't see what's so ugly about C.



    Quite a lot. It starts with the preprocessor: You can hardly write a usefull C program without preprocessor directives, but they break the style of the rest of the C program.

    Some other issues:

    strings: they chose to implement them in the most ineffective way.

    gets() - a WTF by itself.

    if (a=1) ooops

    a=1,2||3; compiles




    Strings aren't implemented in C, null-terminated character arrays are. Any other implementation of strings would result in large, invisible overhead, which is completely against the design philosophy of C.

    gets() is part of the POSIX library, not C.

    Both of your examples are simple consequences of the language, and I don't see anything wrong with them. If you're concerned about using = instead of ==, either use a compiler that will warn you, or do your comparisons with the literal on the left. The latter is fine, since prohibiting it would either require making ignoring return types illegal or eliminating the , operator, and I don't see why you'd want to do either.

    Anonymous:
    Anonymous:


    I don't see what's so ugly about C.

    Two words: buffer overflow. C itself is a security hole.



    Bad programming, not bad language. If you're going to define a fixed size buffer and accept variable length input, its your own stupid fault if you get a buffer overflow.

  • (cs)

    There is a WTF in this code that nobody has mentioned yet.

    Alex Papadimoulis:

    if ($_POST) {
        $_SESSION['VAR']=$_POST;
    } elseif ($_GET) {
        $_SESSION['VAR']=$_GET;
    }

    What happens if a request contains both GET and POST variables? This happens,
    for example, in osCommerce, an e-commerce package written in PHP. When you tell it
    to edit a particular product, the edit action is a GET variable but product details
    are POST variables. In the code above, all the GET variables are thrown away.

  • (cs) in reply to Arachnid
    Anonymous:

    More importantly, it'll execute any function the user submits, with a parameter specified by them. As someone pointed out, system('rm -rf /') is the obvious one...

    This is a bit irrelevant to the discussion, but if the system is running SELinux, that may not actually do much because cause a lot of errors to be send to the admin.

  • Matvei MS (unregistered)

    Gotta love the title of this php-ness: "## Functions to perform the actions ##". So much insight, so much detail...

  • (cs) in reply to dan
    Anonymous:
    Two words: buffer overflow. C itself is a security hole.


    If you're the one not doing any checking on the input that you recieve and just try to stuff a variable length input into a fixed length array, that's the fault of you, the programmer - not the language.

    Yes, it's nice having a language where you don't have to worry (so much) about input size (C++ string class) or deleting anything you new'd (Java, VB - Garbage collection), but when it comes right down to it, you still have to know what you're doing with what you're working with or else you're going to have bugs, security issues, and just flaws in general.
  • (cs) in reply to Jonathan

    Anonymous:
    I am also a coder that does PHP on a professional basis.  Yes I used to code in VB with ASP and HATED it.  I never tried ASP.net but i think its probably garbage as well.  I love PHP running on Apache servers.  I like reading wtf, as a lurker, only because I enjoy learning more coding and things not to um do.....but i find the php bashing a disappointment.  this site is truely a disappointment to me now, i can tolerate the vb code, as i just see it as vb bashing since vb is garbage anyways.  C++ is the only language to develop worthy code for applications.  C# doesnt even come close, sorry.
    Surely, you realize that except the syntax, 99% of PHP is exactly the same as ASP? Actually, one could say it's a copy!

    Actually, reading your post, you must be joking! No smart person would write nonsense like this.

  • (cs) in reply to Arachnid
    Anonymous:

    Strings aren't implemented in C, null-terminated character arrays are. Any other implementation of strings would result in large, invisible overhead, which is completely against the design philosophy of C.

    A overhead of one int (for the length) would be enough to make a lot of operations faster; add another int for the maximum length and you put an end to 97% of all buffer overruns.

    gets() is part of the POSIX library, not C.

    gets() is part of the C standard library.
    http://www.infosys.utas.edu.au/info/documentation/C/CStdLib.html

    Both of your examples are simple consequences of the language, and I don't see anything wrong with them.

    If you see C as a portable assembler language, ok.

    If you're concerned about using = instead of ==, either use a compiler that will warn you, or do your comparisons with the literal on the left.

    It's an example where C invites you to do innocently looking hard-to-find errors. That's why I call C ugly.

    The latter is fine, since prohibiting it would either require making ignoring return types illegal or eliminating the , operator, and I don't see why you'd want to do either.

    What's the reason for the , operator to exist? The only case for using it is a for (i=0,j=0; i<x&&j<y; i++,j++) loop - but on the other hand, the , is also used to seperate function arguments, so it is kind of overloaded (not in an OO sense).

    Bad programming, not bad language. If you're going to define a fixed size buffer and accept variable length input, its your own stupid fault if you get a buffer overflow.

    Ugly languages give the programmer two dozens of guns with easy-to-pull tiggers so you can shoot yourself and all your coworkers in both foots. Hardly any other high-level language makes string processing - on the the most common tasks for computer programs - so dangerous like C.

  • (cs) in reply to dmitriy
    dmitriy:
    There is a WTF in this code that nobody has mentioned yet.

    Alex Papadimoulis:

    if ($_POST) {
        $_SESSION['VAR']=$_POST;
    } elseif ($_GET) {
        $_SESSION['VAR']=$_GET;
    }

    What happens if a request contains both GET and POST variables? This happens,
    for example, in osCommerce, an e-commerce package written in PHP. When you tell it
    to edit a particular product, the edit action is a GET variable but product details
    are POST variables. In the code above, all the GET variables are thrown away.


    or...

    $_SESSION['VAR'] = &$_REQUEST;
    

    But why would you need to do this in the first place without A) Discarding request parameters not know to our application B) performing a validation?

    foreach( keys($_REQUEST) as $k ) {
      if( isKnown($k) && isValid($_REQUEST[$k] ) {
        unset($_REQUEST[$k]) //assuming $_REQUEST is not read-only(i can never remember)
      }
    }
    $_SESSION['VAR'] = &$_REQUEST;
    
  • Dr. Shim (unregistered) in reply to dan
    Anonymous:
    Two words: buffer overflow. C itself is a security hole.


    Developers are a security hole.
  • (cs) in reply to Dr. Shim
    Anonymous:
    Developers are a security hole.

    PEBKAC
  • (cs) in reply to Jens
    Jens:

    or...

    $_SESSION['VAR'] = &$_REQUEST;

    But why would you need to do this in the first place without A) Discarding request parameters not know to our application B) performing a validation?

    foreach( keys($_REQUEST) as $k ) {
    if( isKnown($k) && isValid($_REQUEST[$k] ) {
    unset($_REQUEST[$k]) //assuming $_REQUEST is not read-only(i can never remember)
    }
    }
    $_SESSION['VAR'] = &$_REQUEST;

    Oh wait...that would be

    foreach( keys($_REQUEST) as $k ) {
    if( isKnown($k) && isValid($_REQUEST[$k] ) {
    unset($_REQUEST[$k]) //assuming $_REQUEST is not read-only(i can never remember)
    }
    }
    $_SESSION['VAR'] = &$_REQUEST;

     


  • (cs) in reply to Jens

    Blast...

    foreach( keys($_REQUEST) as $k ) {
      if( !(isKnown($k)  && isValid($_REQUEST[$k]) ) {
        unset($_REQUEST[$k]) //assuming $_REQUEST is not read-only(i can never remember)
    } } $_SESSION['VAR'] = &$_REQUEST;
  • ominobufo (unregistered) in reply to RiX0R
    RiX0R:

    md2perpe:
    Actually, saving $_POST into $_SESSION can be useful sometimes, like when you have to go back to a form and fill it in.

    I wouldn't do that. Imho, if you require an in-between page (like this: form => error message => back to form), to store the input temporarily in a form consisting only of hidden fields.

    Sessions don't scale well: the data for each session is stored on the server's disk, and kept there for a while before it's being deleted, since HTTP applications are essentially connectionless. I believe they're stored for half an hour, or that's the time a session cookie remains valid, at least. Multiply with the number of visitors and you'll see that the data stored in sessions should be kept to a minimum.

    So you prefer wasting limited bandwidth instead of wasting unlimited disk space?  Be realistic, whats a bigger expense? some hundred megs of disk space? or the bandwidth necessary to send and receive back data in hidden fields?
  • -L (unregistered) in reply to Arachnid
    Anonymous:

    I don't see what's so ugly about C.


    A language standard with over 250 instances of the word undefined or unspecified perhaps?
  • mishoo (unregistered) in reply to dan

    "Two words: buffer overflow. C itself is a security hole."

    I guess it just has been pointed out that you can write horribly insecure code in PHP as well (and in general, any language would do for that matter).  The programmer is a potential security hole, not the language.

    Use the right tool for the job.  If the job is to shot yourself in the foot, PHP comes in handy.

  • (cs) in reply to mishoo

    Heh, with C and C++ you might foot yourself in the shot if you're not that used to the language.

  • zootm (unregistered) in reply to Satanicpuppy
    Satanicpuppy:
    Reun:
    Satanicpuppy:
    Why bother to effectively globalize all your variables?

    Ahem! Superglobalize.

    Satanicpuppy:
    Php is hell with 2d arrays as well; it's not really supported.

    This is not true. PHP supports multi-dimensional arrays just fine.


    It's Ad Hoc. Work with a language like java, and you can just declare an array with more than one dimension. In php you have to declare a bunch of one dimensional arrays that happen to be inside other one dimensional arrays. So yea, you can do it, but it's awkward, and it can get you in trouble if you don't go through the trouble of writing your own methods to deal with multi-dimensional issues.

    I thought Java also only supported ragged arrays? I guess it could be new in 1.5. C# definately supports 2D arrays in any case.

    Certainly when I first learned Java arrays (about 4 years ago now, I guess) it was onyl capable of ragged (array of array) arrays.
  • (cs) in reply to Lithorien
    Lithorien:
    Anonymous:
    Two words: buffer overflow. C itself is a security hole.


    If you're the one not doing any checking on the input that you recieve and just try to stuff a variable length input into a fixed length array, that's the fault of you, the programmer - not the language.


    Sorry, that excuse doesn't cut it in the face of the incredibly number of and damage done by buffer overflows in C applications. Obviously such errors are too easy to make for the average programmer, meaning that no average programmer should write a security-relevant application in C. Considering that it's trivial to eliminate that kind of error at the language level, the statement is quite true: C is a security hole.
  • (cs) in reply to John Smallberries
    John Smallberries:

    The WTF is that PHP does not have true multidimensional (rectangular) arrays.


    Name ONE language that has them and that is not an academic excercise. There is none, because memory in real computers is linear. There are merely different was of simulating a multidimensional array, either by multiple dereferentiation (array of arrays), or by pointer arithmetic (C-style normal "multidimensional" array).

    John Smallberries:

    In languages that support both multidimensional arrays and jagged arrays (C#), not only is the syntax different, but the functionality differs.


    How does the functionality differ?
  • (cs) in reply to DS
    Anonymous:

    One of the greatest advantages of using php for web apps is the ability to embed code into html,


    That's the funniest statement so far in this thread. Funny because in the Java world, this became possible with JSP, and ever since, most effort in that area has been concentrated on undoing that mistake.

    Anonymous:

    (yeah, 3-tier, separation of logic and layout, blah blah).


    So you're above such widely accepted best practices? I pity your employers...
  • FooBar (unregistered) in reply to Satanicpuppy

    Well, obviously it is not PHP having problems with arrays but you. It is neither a problem having an n-dimensional array in a session nor does PHP have any problems with 2D arrays, nor are they "not really supported", what ever that may mean.


  • Comedian (unregistered) in reply to dan
    Anonymous:
    Anonymous:


    I don't see what's so ugly about C.

    Two words: buffer overflow. C itself is a security hole.


    Now THAT is a WTF of it's own... C is ANSI standard, and how can a standard be a 'security hole'? That's like saying "Every SQL is injectable (even "select count (*) from table"), or better yet, every keyboard is security risk. So... The best way to code is without keyboard, monitor, programming language and even the computer? Now, please think about what you're saying next time :P

  • (cs) in reply to Satanicpuppy
    Satanicpuppy:

    I prefer to just skip the whole mess wherever possible and dump it into a database.


    WTF does that mean?
  • (cs) in reply to Comedian
    Anonymous:

    Now THAT is a WTF of it's own... C is ANSI standard, and how can a standard be a 'security hole'? That's like saying "Every SQL is injectable (even "select count (*) from table"), or better yet, every keyboard is security risk. So... The best way to code is without keyboard, monitor, programming language and even the computer? Now, please think about what you're saying next time :P


    I don't know any other language that has inherently unsafe functions like gets() in their standard library. Of course many languages allow you to use functions unsafely in some way, but gets() cannot at all be used safely. Some of the nearly never used formats of *printf are responsible for a whole type of security holes (format string errors). String processing requires much more care than in any other language except assember code.
  • AreaMan (unregistered)

    You can qualify for thedailywtf no matter the language, but saying that php itself is "just too easy of a target" is something quite different. That's saying that the language itself is stupid rather than certain things people do with it are stupid.

    On that account I'll have to disagree with you.
    Saying that variable variables is giving enough rope to shoot yourself with is like saying the same thing for pointers: it's stating the bleeding obvious. But that doesn't mean that variable variables are intrinsically a bad thing(tm).

  • Lumpio- (unregistered) in reply to drinkingbird

    I'd prefer if you used "beginner" instead of "hobbyist". Being a hobbyist doesn't imply being a bad programmer. Damned "professional" elitists...

  • (cs) in reply to hank miller
    hank miller:
    Of course there is also a lot of bad PHP libraries out there, but that isn't the fault of php.   Any language can have them.   Python (at least, I don't know ruby well) tries to discourage things from getting as bad as php is, but I suspect if python was as popular as php there would be plenty of bad python libraries to choose from.

    Probably, but since Python enforces namespaces (with each module being an object/namespace in itself) crappy library at least can't pollute the global namespace unless you ask them to (with some "from module import *" crap)

    Anonymous:
    Satanicpuppy:
    Php is hell with 2d arrays as well; it's not really supported.

    Could you give us an example?  I use PHP exclusively at work and use 2D arrays constantly, so I would like to know why you think this way.

    I hope the explanation involves a little more than "They don't work like they do in {language}."

    Can you be sure that the second dimension will be length-consistant (aka that every sub-array will have the same length)?

    You can, unless you do manual checks everywhere. A multidimensional array would just define all the boundaries (dimention sizes) and to hell with it. PHP doesn't support multidimensional arrays, but it supports nested arrays, which is very different (and much less memory efficient too)

    Anonymous:
    One of the greatest advantages of using php for web apps is the ability to embed code into html, even if it's just basic looping or printing variable values (yeah, 3-tier, separation of logic and layout, blah blah).  Trying to do this with Perl, even using one of the template modules, is awkward and clunky and a pain in the ass.  I remember once playing with Embedded Perl but that never really caught on, unfortunately.

    Ever heard of mod_perl and mod_python?

    Regarding variable variables, if people abuse them then that's their problem, not PHP's.

    Issue is that PHP has been tailored to be abusable, it calls for abuse, it has all the inconsistencies, the function duplications and the crappy mechanisms that just beg for being abused...

    Yes you can write "good code" (or somewhat good) in PHP, but the language doesn't help at all, and the time you'll take writing that good PHP code is 3 times what you'd have spent with a cleaner language.

    md2perpe:
    The arrays in PHP function as arrays, lists and structs at the same time

    The PHP array is an abuse of hashmap structures period. Python's list, on the other hand, really is an array and a list (and a queue, and a stack). And not a hashmap.

    Anonymous:
    Okay, show me an example in which it fucking matters.  Just because Bill makes "rectangular arrays" an "industry standard" doesn't mean that they are actual programming concepts.

    I guess you never heard of that matrix thingie have you?

    Let's repeat again: PHP has no multidimensional arrays, it has nested arrays, this is not the same thing at all for "true" multidimensional arrays enforce dimensional coherence, and allow for very specific and much more efficient multidimentional polling/positioning.. So you can feel better, Python doesn't have any native multidimensional array either. This is why people created Numerical Python which DOES implement a true multidimentional array type.

    Ulvhamne:
    Heh, with C and C++ you might foot yourself in the shot if you're not that used to the language.

    Nope, you can't just shoot yourself in the foot, you take out the whole leg from knee down. This is one of C++' awesomenesses.

  • (cs) in reply to masklinn

    Gah, to hell with these uneditable posts

    You can, unless you do manual checks everywhere.

    was of course supposed to read

    You can't, unless you do manual checks everywhere.
  • (cs) in reply to md2perpe
    user="md2perpe"The arrays in PHP function as arrays, lists and structs at the same time:
    $persons = array (

        array (
           'name' => 'Charlie Brown',
           'age' => 43
        ),

        array (
           'name' => 'John Parker',
           'age' => 72
        )

    );

    An example where 2D arrays in PHP were useful and worked fine. I think this is a jagged array. Authors and revisers got different messages for the same state of a document, and the states in the array were the only states allowed. I have translated to from spanish while keeping the word order in some places to see the aligning, so some phrases may sound weird:

    // usage: $states[$estate][$user_type]
    // states is never accessed directly, only throught intermediary functions
    

    $states = array ( "accepted_article" => array ( "author" => "Accepted as Article", "reviser" => "Accepted as Article" ), "accepted_article_short" => array ( "author" => "Accepted as Article short", "reviser" => "Accepted as Article short" ), "accepted_poster" => array ( "author" => "Accepted as Poster/Demonstration", "reviser" => "Accepted as Poster/Demonstration" ), "accepted_seminario_doctorado" => array ( "author" => "Accepted as Seminario de Doctorado", "reviser" => "Accepted as Seminario de Doctorado" ), "revisar" => array ( "author" => "Revise document according to comments of reviser(snip)", "reviser" => "Need to revise this document again." ), "rechazado" => array ( "author" => "Rejected", "reviser" => "This document has already been rejected." ), "pending" => array ( "author" => "pending revision", "reviser" => "pending revision" ), "pending_first" => array ( "author" => "Awaiting for revision of first version", "reviser" => "Awaiting for revision of first version" ), "pending_second" => array ( "author" => "Awaiting for revision of second version", "reviser" => "Awaiting for revision of second version" ), "revised_first" => array ( "author" => "Awaiting decision of manager on first version", "reviser" => "Awaiting decision of manager on first version"), "revised_second" => array ( "author" => "Awaiting decision of manager on second version", "reviser" => "Manager will look your comments for second version"), "not_assigned_reviser" => array ( "author" => "No reviser assigned yet.", "reviser" => "System error. Tell administrador to check (snip)" ), "unknown" => array ( "author" => "Unknown", "reviser" => "Unknown" ), );

    // Arguments: a valid state (no error checking) // used by the intermediary functions, which ensure argument validity // is a intermediary function tries to use an invalid state, I want the // function to fail, so I don't end in an unknown state (lame, I know) function state_array($state) { global $states; return $states["$state"]; }

    function list_states(.........) function reviser_state(.........) function is_rejected(.........) function is_accepted(.........) etc.

    This array was extensively used by almost every single page and function in the website.

    This array, of course, should have been dumped into a database, with a form in a page to allow the manager to change the messages text directly. Infortunately, there was a very harsh timeline and couldn't do it :(

  • (cs) in reply to drinkingbird

    Goddamn, PHP is popular because it's TOO easy to start using (i.e. any idiot now has a new tool to fuck things up with), and a lot of free web hosting has support for it, not due to it actually being a well designed language.

    I don't agree with this "too easy" crap. There's so much of it going around. By the same token, you could just download DevC++ and start fucking away. The problem with PHP is that it's horrible to look at. Granted, most of the PHP I've seen has been through DailyWTF, so perhaps I'm not seeing the best of the language, but there just seems to be so much that the language likes to make more complicated and unreadable (though I've said the same thing about T-SQL before now).

  • (cs) in reply to Enric Naval
    Enric Naval:
    I think this is a jagged array.

    It is indeed.

  • (cs) in reply to johnl
    johnl:
    By the same token, you could just download DevC++ and start fucking away.

    And were you honest with yourself, you'd realise that by "just starting fucking away" in dev-c++, you'd get a compilation error 9 times out of 10 at first, and then random runtime error and crashes. You can't code in C/C++ without knowing anything about the language in PHP you can.

  • algorythm (unregistered) in reply to drinkingbird
    Anonymous:
    Anonymous:

    I'd argue that a large portion of the 'hobbyists' coding in PHP these days are also professionals, and that when that is the case, the PHP produced as a 'hobby' is just as clean and secure as anything produced in a 'professional' capacity.

    Also, fwiw, according to the Tiobe Programming Community Index PHP is ranked 5th in popularity, beating out both VB and C#.

    PL/SQL is a lowly 12th, so it looks like not many folks "professional" around in it much anymore either =)


    Yeah, great logic there; "It's popular so it must be good."
    Oh no, I use Ruby, and IT'S NOT EVEN SHOWN THERE.
    Goddamn, PHP is popular because it's TOO easy to start using (i.e. any idiot now has a new tool to fuck things up with), and a lot of free web hosting has support for it, not due to it actually being a well designed language.
    Making something very simple and web-based, ok PHPs fine, anything more complex and I'd rather chew broken glass than build it in PHP.


    If you had taken the time to read what was meant by 'popular' you'd find that it's "based on the world-wide availability of skilled engineers, courses and third party vendors"  ...  In other words, the number of "professsional resources" available for a given language, and not at all based on "free web hosts" providing support for it, nor for the amount of "idiots" using it.

    IHBT. I will now HAND.


  • (cs) in reply to masklinn

    And were you honest with yourself, you'd realise that by "just starting fucking away" in dev-c++, you'd get a compilation error 9 times out of 10 at first, and then random runtime error and crashes. You can't code in C/C++ without knowing anything about the language in PHP you can.

    Well, if runtime errors are what you want to see in your application....

    It's true that PHP isn't a compiled language, but that makes it harder, not easier.  I wasn't defending PHP, far from it, I was attacking the assumption that an easy language makes a bad language.

    I take the point that, while a compiled language will generate a compilation error in a lot of cases while a non-compiled language will just die, but this doesn't come under the heading "easy to start with", it comes under the heading "an absolute sonofabitch to debug". The two headings are very different, and should never, ever be confused.  In some interpretations (such as mine) they are actually mutually exclusive.

    People don't start learning a language to just start fucking about (which was my original point - maybe it was too subtle?) they learn it to either perform a particular task or gain a particular skill through performing particular tasks.  For example, I've been working (with another guy) on a bug tracking system for use at work.  It's done using ASP.NET.  I've been doing this partly to pass time because I was bored, but mostly partly because I wanted a decent system to use, and because I wanted to boost my ASP.NET/C# skills.

    I would describe C# and ASP.NET as relatively easy to get started in.  That's because if I do something wrong, the languages, as well as the VS.NET IDE, make it easy for me to find out what I did wrong.  They do this through debuggers, intellisense, object browsers, documentation and, yes, the fact that most of the complex stuff is handled by compiled code (meaning it yells at me for doing something wrong).  This fact means it's easier for me to get my initial task done (whether that was learning the language or writing the application).  Definitely not perfect, but a big step in the right direction.

    I wonder what makes you classify PHP as an 'easy' language?  Is it the non-compiled aspect?  I don't think this makes a language easy.  Is it the free availability of tools?  Most mainstream languages have free tools (C++ and C#, for example) available.  I think 'easy' is entirely the wrong term here.  Perhaps you're right, and maybe I actually agree with you, and it's just that you're using the wrong terms.

  • (cs) in reply to ammoQ
    ammoQ:


    Some other issues:
    strings: they chose to implement them in the most ineffective way.

    Agreed.  Though nothing stops you from writing your own string implementation if you want.   It is rarely done, but it isn't all the hard either.  

    gets() - a WTF by itself

    Posix specifies it, but recommends fgets instead.   the Linux Stand Base http://lsbbook.gforge.freestandards.org/dont.html deprecates it complete.  So if your program uses gets, it isn't linux compatible.  (Though it will work - every linux implementation I know of still provides it)

    In any case, any good compiler will throw a warning if you use gets.   The evilness of this function has been known for at least as long as I've been programing C (~15 years).  

    So this is a valid criticism, but it should never be an issue in the real world because we shoot people who use it these days.

    if (a=1) ooops


    At least it is consistent.   More complex forms of this are very useful:
    if (a = doSomething() && b = doSomethingElse(a))
       ...
    Of course you walk a fine line between making your code more readable because more of the function fits on the screen at a time, and making your code harder to read because you are doing odd things. 

    a=1,2||3; compiles

    So you can do something illogical.   There are logical reasons to use the above.   Not allowing it would be a problem because it introduces inconsistencies for no gain.

    It is a WTF if you do that, but it isn't a WTF that you are allowed to.
  • (cs) in reply to johnl
    johnl:

    Well, if runtime errors are what you want to see in your application....

    That's not how it works, "just fucking away" doesn't cut it with C/C++, it just doesn't work. While it does with PHP.

    It's true that PHP isn't a compiled language, but that makes it harder, not easier.

    What makes it "easier" it that it accepts pretty much anything you throw at it and tries to make something out of it.

    That's what makes it unreliable

    I wasn't defending PHP, far from it, I was attacking the assumption that an easy language makes a bad language.

    Then don't use C/C++, for they are not easy language. Use Python or Ruby instead if you want.

    I agree with you on that point though.

    I wonder what makes you classify PHP as an 'easy' language?  Is it the non-compiled aspect?  I don't think this makes a language easy.  Is it the free availability of tools?  Most mainstream languages have free tools (C++ and C#, for example) available.

    No for every question points

    The reason why it is "easy" (to start with) is because, exactly as in VB, the dynamic + weak typing added to the ability to hide any annoying error (and having every warning hidden out of the box) on top of having a language trying to use whatever you throw at him instead of just ripping your head off and shitting in your neck (metaphorically of course) ensures that the initial learning curve is pretty much flat. You don't have to learn anything, and if you don't have the desire to you'll never have to learn anything.

    PHP: We'll be there for you if your development environment doesn't have enough side effects.

    PHP: Because we know the money's in the maintenance contracts.

    PHP: Because you obviously don't know any better.

    PHP: We take security as seriously as Microsoft ten years ago.

    PHP: Doing it fast is always better than doing it right.

    PHP: Proving that if any idiot can write an e-commerce package, any idiot will.

    PHP: Yet another great reason to make regular backups.

    PHP: Fast, cheap, and robust. Two out of three ain't bad, right?

  • (cs) in reply to Jonathan
    Anonymous:
    here here!

    I am also a coder that does PHP on a professional basis.  Yes I used to code in VB with ASP and HATED it.  I never tried ASP.net but i think its probably garbage as well.  I love PHP running on Apache servers.  I like reading wtf, as a lurker, only because I enjoy learning more coding and things not to um do.....but i find the php bashing a disappointment.  this site is truely a disappointment to me now, i can tolerate the vb code, as i just see it as vb bashing since vb is garbage anyways.  C++ is the only language to develop worthy code for applications.  C# doesnt even come close, sorry.     


    On what kinds of grounds was this logic founded?  I agree with Alex.  PHP is useful.. almost _too_ useful;  it attracts a lot of children and gets their brains implanted with nasty thoughts that will take years of writing bad apps to fix.

    I don't think anyone touched on the fact that two years after PHP came out, JSP+Javascript became available and it's a "serious" platform to write web apps in and provides an out to those who still want to stay as close to OO principles as possible.

    ASP.NET is definately NOT ASP.  First of all, it is compiled software, you can use any language you wish, and my friend... you can write your ASP.NET apps in managed C++ if you want to show off your 'leet' coding skills.  Shoot, if you want to... you can run over to Fujitsu's website and grab their COBOL.NET compiler and write ASP.NET apps with that if you want (again, why would you want to bother?)

    Oh, and if you want to do C# on Linux or BSD, you can go right ahead and grab mono and install mod-aspnet to get ASP.NET working on Apache (so 'nyah!').

    Granted, at the time PHP was available, it definately was a better alternative to VBS-based ASP websites since its interpreter was quicker than asp.dll and you didn't have to go through the pain of CGI/ISAPI/NSAPI to get performance, but that's old hat now.

    And on the last statement... C# is not worthy for applications?  PAH-LEZE tell me why that is so... since managed VC++ and C# produce nearly identical IL, and oh yeah... C# developers manage to kick out their deliverables in much shorter timespans than C++ developers.

    BTW, FWIW... my favorite gripe from a C++ developer is "OMG... is that my object or a bitwise copy?  GRR!!!"
  • (cs) in reply to masklinn

    That's not how it works, "just fucking away" doesn't cut it with C/C++, it just doesn't work. While it does with PHP.
    Does it? Then why does this thread exist? Clearly just fucking away doesn't cut it in PHP...

    Granted, but that's not an easy/hard distinction.


    Then don't use C/C++, for they are not easy language. Use Python or Ruby instead if you want.
    Actually, I prefer C#.

    The reason why it is "easy" (to start with) is because, exactly as in VB, the dynamic + weak typing added to the ability to hide any annoying error
    See? I told you! We do agree!

    I personally don't agree that weak-typing makes languages easier. In fact, I think it makes them harder. I suppose you could say that you can do HelloWorld in one line, which makes it look easier. But I don't think anyone's learning programming with a HelloWorld app in mind. I'd say once you start to get onto serious applications, weak-typed applications actually make things harder.

  • (cs) in reply to Arachnid
    Anonymous:

    I don't see what's so ugly about C.


    Ok tell me, without going to google, what this code does:

    <font size="1">#include <X11/Xlib.h>
    #define M typedef
    #define N( a)=r=(a)+j
    #define S f(; G; )D[B[R=i[--G]]=F+=F<p]++
    #define f for
    #define g [H]









    M short a; M int b; M
    unsigned c ; M unsigned
    char*d; M XPoint *e; M void
    _; b*h,*i,j,k,l,m,n,o,p ; b O; d A
    ,B,C; _*q,*r,*calloc(); e s ,t; Window
    u,v; GC x[256]; b D[256]; b w,y, z;_ Q(b E)
    { XMapWindow(q,v=XCreateSimpleWindow(q, XRootWindow
    (q,z=XDefaultScreen(q)),!v*n,0,n,n,0,0,0)); XSelectInput
    ( q,v,E); } _ P(){ C N(h N(i N(s N(t N(A N(B=calloc(C-B+256,1)
    ) )) ))); } _ J(){ b F,G,H; c R =w %4; F=G=m; f(H=0; H<j
    ; H++){ h g =l+(R-2?R?R-1?(G-F*F/n)+F*n:(G*G-F*F)
    /m*n+2*F*G/ m: 2*(F*F- G*G)/m+4*F*G/m*n:G+
    F*n);( s g. x= m-F--,s +H) ->y=m-G;F=
    F+m?F:(G--, m);}} _ K(){ b H,R;
    f(H=0;H<j;H ++)D[ B g=(c)(R
    =h g+k)< j? (A[ R]<p)+A


    [R
    ]:
    1]
    ++
    ; } _ I ( d F)
    { F?(_)0:(_
    ) (F=B,
    gets(
    B))
    ;

    y=atoi(F);} _ Y(){ b F,
    G; c R ; F = G = 0; K( );
    f( R = k + l ; R < j && ( F =
    B[ R ] ) < p; R = h [R ] + k) { D
    [ F ] -- ; B [ i [ G ++ ] =R ] =p; } if
    ( R >= j) F = 1; S; } _ L() { b H, F,G; c R ;
    f( H =0; H < j; H ++) B g =0; O =-1; f( G = R = 0;
    R < j; R++ ){ f(; R < j && !( F = B[ R ]); R = h[ R ]
    + k) B [i[ G ++] = R ] = p; S; } } _ U() { e X [ 256 ]
    ,W; b H; W = t; f ( H = 0; H < o; H ++ ) { X g =
    W; W +=D g ;} f( H =0; H < j; H ++) if(
    A g - B g) * X[ B g ] ++ = s g; {
    XMotionEvent * V = r = t ; W
    = t; f ( H = 0; H < o
    ; H ++ ) { XDrawPoints


    (q ,
    v ,x g,
    W,X g -W,
    CoordModeOrigin
    ) ; W += D
    g ; D g

    = 0 ;
    } f(;
    XPending(q)+!
    ++O; V->type-
    ButtonPress?(
    k =V
    ->x+


    V -> y * n - l) : (
    O = - 42 ) ) XNextEvent ( q , r
    = V ) ; } } _ main ( b X , d * W ) { b H, F
    ,G; c R; if ( X < 3 ) { puts( "tvr: mode size < cmap"
    ); exit(0);} P(); I(*++ W); w = y %12; I(*++ W); n = y *2; j
    = n * n ; P ( ) ; m = y ; l = j / 2 + m
    ; q=XOpenDisplay ( 0 ) ; Q ( 0 )
    ; u = v ; Q ( PointerMotionMask
    |ButtonPressMask ) ; I ( 0 ) ; o
    =y ; p = o -1 ; { XColor F ;
    Colormap G; f ( H = 0 ; H < o
    ; H++){ I(0); XParseColor(q,G
    =XDefaultColormap ( q , z ) , r =
    B , & F ) ; XAllocColor
    (q , G , & F ) ;










    XSetForeground
    (q,x g = XCreateGC
    ( q, u ,0 , 0 ) , F
    .pixel ) ; } } P ( ); J (); f
    ( F =R = G =H = 0; H < j; )
    if(++F >= p || ( R = h [ R ]
    +G)>=j ) { D [ B g = F ] ++; R
    = l + k; G= ++H -R;
    F =0; } H=j; U(); v=
    u; f(F=w/4; ; A+=H-=H+H,B-=H
    )(O<0?L:*("[email protected]."
    +7*F)?F^1?Y:K:L)()</font>
    <font size="1"> ,(U)(); }</font>

  • Alan W. Balkany (unregistered)

    Can someone recommend a book that covers how to use PHP effectively?  (Not just syntax.)

  • (cs) in reply to johnl
    johnl:
    Actually, I prefer C#.

    Doesn't play in the same league, Python and Ruby are much higher level than C#.

    See? I told you! We do agree!

    I never doubted it

    I personally don't agree that weak-typing makes languages easier. In fact, I think it makes them harder. I'd say once you start to get onto serious applications, weak-typed applications actually make things harder.

    Yes, weak typing makes writing big applications, and debugging them, a damn pain. But the learning curve of a weakly typed language starts awfully flat: as I said, you barely have to learn anything to start gettings "things done" (usually in the worst available way) in PHP, and it makes brainless copy/paste much easier too. That was my point: weak typing looks much easier to someone who has no knowledge of any language.

    In fact, I think it makes them harder. I suppose you could say that you can do HelloWorld in one line, which makes it look easier.

    Technically, you can write Hello World one liners in stronly-typed languages too... example:

    print "Hello World"!
  • (cs) in reply to Matvei MS
    Anonymous:
    Gotta love the title of this php-ness: "## Functions to perform the actions ##". So much insight, so much detail...


    I imagined Arnold Schwarzenegger's accent when I read that.

    "Functions to perform the actions on the variables with the values"
  • (cs) in reply to masklinn

    What language was that?  SQL?  Ok, I'll give you that one, though most strongly typed languages (Delphi, C, C++, C#, Java) use a program construct or main function, which right away buggers up any dreams of a 'one-liner'.  Just dropping in code at the top level isn't usually allowed.

    However, I think where we differ is on this point:

    <b>"weak typing looks much easier to someone who has no knowledge of any language."</b>

    I agree with this wholeheartedly, but the key word here is "looks".  Something looking easier isn't the same as it being easier.

  • (cs) in reply to brazzy
    brazzy:
    That's the funniest statement so far in this thread. Funny because in the Java world, this became possible with JSP, and ever since, most effort in that area has been concentrated on undoing that mistake.


    Actually, you're statement is somewhat misleading.  There was and always will be an effort to keep the business logic out of the presentation layer.  A poorly written JSP contains scriptlets which often contain business logic.  There are many application frameworks (Spring, Struts, JSF) out there that allow you to pass a single object, be it a Value Object or an XML document, to a JSP, where the JSP is responsible only for rendering the object.  The problem you're inferring could exist in ASP, JSP, ColdFusion or PHP

    Unfortunately, around here languages are always blamed for the work of the poor programmers who use them.
  • (cs) in reply to discobean
    discobean:
    Satanicpuppy:

    I prefer to just skip the whole mess wherever possible and dump it into a database.


    WTF does that mean?


    What?!  You've never used the database for session management?  haha
  • (cs) in reply to Jonathan

    I felt like this not too long ago.  But for my job, I learned ASP.NET and found that it is actually very good, especially as an upgrade to standard ASP code.  Very clean structure, it makes writing web code feel like writing application code.  It's so much better than the monstrosity that was VBScript/ASP. Of course, ASP.NET doesn't run (cleanly, mod_mono doesn't count) on anything but IIS, which rules it out completely for a lot of shops, and makes it 'not-good-enough' for a lot of other applications.

    I agree that php can be well written, but I've seen too many poorly written php scripts to take offense when someone says that it's a hobbyist platform.  Besides, when someone says hobbyist, I think GNU utilities and Linux, both of which sometimes have higher-quality software than the commercial competition.

    As to C++ vs C#: they're really different tools to be used in different places.  C# (and the framework, most people use them interchangably.  In theory, you can have one without the other...) is good if you know that your client has a decently mid-end windows-based machine, you don't care about being cross-platform, you don't need to deal with low-level code, and modules built with it won't need to be called from other applications not necessarily under your control.  For systems-level applications, you want to use C++ or C.

  • CJM (unregistered) in reply to AndrewVos
    Anonymous:

    Argh, wasnt logged in, my quote didnt work, etc etc....

    Jonathan ur a tool

    just shuddup and laff :)



    How ironic....
  • (cs) in reply to masklinn
    masklinn:

    Nope, you can't just shoot yourself in the foot, you take out the whole leg from knee down. This is one of C++' awesomenesses.



    I once heard an old timer say in an interview a few years ago, "I liken C++ to a chainsaw.  You can get a lot of work done with it, but you can also f yourself up with it." <yes, the interviewer dropped the f-bomb in the interview>
  • (cs) in reply to hank miller
    hank miller:
    ammoQ:

    Some other issues:
    strings: they chose to implement them in the most ineffective way.

    Agreed.  Though nothing stops you from writing your own string implementation if you want.   It is rarely done, but it isn't all the hard either.  

    My own string implementation would come without literals and I would have to convert my strings to C strings every time I call a standard function. In other words: not a realistic option in most cases. They screwed it.


    if (a=1) ooops


    At least it is consistent.   More complex forms of this are very useful:
    if (a = doSomething() && b = doSomethingElse(a))
       ...
    Of course you walk a fine line between making your code more readable because more of the function fits on the screen at a time, and making your code harder to read because you are doing odd things. 

    It's consistent within the language, but probably not with the expectations of anyone but a C programmer. E.g. Mathematicians hate the abuse of the = sign, it contradicts their meaning of =.


    a=1,2||3; compiles

    So you can do something illogical.   There are logical reasons to use the above.   Not allowing it would be a problem because it introduces inconsistencies for no gain.

    It is a WTF if you do that, but it isn't a WTF that you are allowed to.

    I see very little use for the , besides the for (x=1, y=1; x<maxx &="" y=""><maxy ;="" x="" y=""> construct. If you a reason to use it, tell me. I'm always open to learn.
    But since the , is used as a decimal seperator in some countries, including mine, you can make perfectly innocent looking bugs..

    double pi = 3,14159265;

    Now spot that bug!
    </maxy></maxx>
  • (cs) in reply to ammoQ

    ouch, this forum software hurts... sorry for double-posting...
    I see very little use for the , besides the for (x=1, y=1; x<maxx && y<maxy; x++,y++) construct. If you know another reason to use it, tell me. I'm always open to learn.

Leave a comment on “Sessionrific! ”

Log In or post as a guest

Replying to comment #:

« Return to Article