From the article: “A poor craftsman blames his tools”. Indeed.
Software engineering is unique in that it is a creative science. It is up to the engineer to decide how to solve the problem within the strictures and constraints of the language employed, and if there's a subset of the language that you don't like, don't use it.
- You don't have to use any and every language feature.
- You don't have to just ignore errors, you can handle them every time
- You don't have to have global variables everywhere, you can use object-orientation with all its benefits for encapsulation etc.
- You don't have to use "dangerous" ways to get user-data. There are plenty of safe ways to do it.
- You don't have to write raw SQL in your code, you can protect against injection attacks.
- etc, etc.
"C" still has "goto". It's been "considered harmful" for several decades now, but it's still very much used in some circumstances (eg: device drivers in linux kernel modules) by very smart people.
PHP does not go out of its way to protect you from your own mistakes (similarly to C, in fact) its ethos is more about simplicity. You could argue that the sort of programmer needing that simplicity is precisely the person needing the smothering embrace of protective programming languages, but then that language would not be as simple and appealing as PHP is, and nowhere near as applicable to the beginner.
Better, IMHO, to let the beginner learn at their own pace, pointing out where and how they could improve things as time goes by. Said beginner is unlikely to be protecting the crown jewels, after all. It's far more likely to be a home-website containing pictures of Fido.
Having said all that about the beginner, PHP is a very capable language, and if you avoid the potholes, it's a very safe language too. I've personally sold software written in PHP to companies like Industrial Light And Magic and various post-production houses at $20k a pop, and about 60k lines of code. It wouldn't have been possible to do what we did in any other language I know of, and yes we did pass security audits...
From the article: “A poor craftsman blames his tools”. Indeed.
Software engineering is unique in that it is a creative science. It is up to the engineer to decide how to solve the problem within the strictures and constraints of the language employed, and if there's a subset of the language that you don't like, don't use it.
- You don't have to use any and every language feature.
- You don't have to just ignore errors, you can handle them every time
- You don't have to have global variables everywhere, you can use object-orientation with all its benefits for encapsulation etc.
- You don't have to use "dangerous" ways to get user-data. There are plenty of safe ways to do it.
- You don't have to write raw SQL in your code, you can protect against injection attacks.
- etc, etc.
"C" still has "goto". It's been "considered harmful" for several decades now, but it's still very much used in some circumstances (eg: device drivers in linux kernel modules) by very smart people.
PHP does not go out of its way to protect you from your own mistakes (similarly to C, in fact) its ethos is more about simplicity. You could argue that the sort of programmer needing that simplicity is precisely the person needing the smothering embrace of protective programming languages, but then that language would not be as simple and appealing as PHP is, and nowhere near as applicable to the beginner.
Better, IMHO, to let the beginner learn at their own pace, pointing out where and how they could improve things as time goes by. Said beginner is unlikely to be protecting the crown jewels, after all. It's far more likely to be a home-website containing pictures of Fido.
Having said all that about the beginner, PHP is a very capable language, and if you avoid the potholes, it's a very safe language too. I've personally sold software written in PHP to companies like Industrial Light And Magic and various post-production houses at $20k a pop, and about 60k lines of code. It wouldn't have been possible to do what we did in any other language I know of, and yes we did pass security audits...