JOB: LAMP Artisan

S. Dale Morrey sdalemorrey at
Fri Feb 21 13:58:49 MST 2014

I used to be a master PHP programmer.  I had hundreds of projects under my
They were all designed with the very best practices of the day.

Then one project after another fell due to vulnerabilities.  Sometimes code
issues, sometimes wierd SQL attacks that had been previously thought to be
Eventually all of these projects were replaced with less vulnerable
languages such as Python, Java & Node.

In the intervening years I've learned that PHP is good for a quick
prototype to generate enough interest to get funding for a real project.
Sorry but that's the truth as I see it from having spent the last decade
and a half as a hired gun.

Now days 20% of my work involves moving companies & people off from PHP and
onto something more secure, more scalable etc.

I would argue that a company will get more bang for it's buck by leveraging
what they already know.  If you have webdevs with strong Javascript
experience then node is awesome.  If you've got serious engineers with Java
or C++ then frameworks based on that are good, Python also seems to work
well for these guys although I've never been able to pick up strong
proficiency in it.  Perl may still be a good contender if you can grok the
insane and arcane syntax it's performance will most times be far in excess
of anything you'll achieve with PHP.  And then of course there's Ruby, but
I won't get into that.

In fact the fastest webservice I ever built was built on top of Lua and it
easily handled 300,000 queries per second in the real world.  This was
about 5 years ago on a single box with a flat-file DB an SSD drive and a
crapton of ram.  (crapton is a new unit of measurement, not a new particle)

Every project is a matter of picking the right tool for the right job.
Basing everything you do off from a combo of Linux Apache, MySQL and PHP is
going to give you vulnerabilities you can't even imagine.  And of course
those vulnerabilities will scale as you try to scale.

I believe that the combination of MySQL and PHP should be considered
anathema to good design practice for any company developing a modern
infrastructure.  If you must go with PHP don't use MySQL as a backend.  If
you must use MySQL don't use PHP as a front end.

So I stand by my earlier statement.  I've learned that MySQL/PHP is good
for a quick prototype to generate enough interest to get funding for a real
project.  Once you have that funding ,an immediate move to something better
is in order.

I do still like the language itself.  It's the implementation that sucks.

On Fri, Feb 21, 2014 at 1:20 PM, Matthew Frederico <mfrederico at>wrote:

> On Fri, Feb 21, 2014 at 1:03 PM, Tod Hansmann < at
> >wrote:
> > Do you have to LOVE PHP?  Can you just have an understanding of its
> > usefulness as a tool despite the terrible language it is implemented as,
> > thus enjoying building things with it as opposed to enjoying it in and of
> > itself?  =cP
> >
> > I know, I'm a bad man.
> >
> Dear Tod,
> Not *loving* php doesn't make you a bad man .. well, not too much :-)
> Yes - it's not a perfect programming language like node, but compared to
> GWBasic or Java - (</me ducks>) its shortcomings are outweighed by its low
> footprint, ubiquitous install base and easy to pick up grammaticals.  Thus,
> like the hammer of Thor - In the right hands "the php" can be a powerful
> force to do good.  Just like every other language with a cult-like fan
> base.
> So perhaps you are right - Loving what it does, not necessarily what it is.
>  (Love the sinner, not the sin?)
> Best Regards,
> - Matt
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */

More information about the PLUG mailing list