Is PHP The Cure For The ‘Broken’ Web?


TORONTO — “The Web is broken and it’s all your fault.”


Those are the words that Rasmus Lerdorf, the creator of PHP, said to kick off his keynote at the php|works conference under way here.

He said the current state of the Internet includes a litany of
broken items, but with a little help from PHP there may well be some hope
for the Web yet.


Lerdorf originally created PHP in 1995 and in addition to being a PHP developer at Yahoo, remains very active in the PHP community.

PHP by a variety of measures is likely the most popular scripting language in use on the Web today


“The Web is pretty much broken, we can all go home now,” Lerdorf said
somewhat sarcastically to the capacity crowd. “Luckily most people don’t
realize that it’s broken.”


Part of the reason Lerdorf considers the Web “broken” is that it is
inherently insecure for a variety of reasons. One of those reasons sits at
the feet of developers.


“You don’t know that you have to filter user input,” Lerdorf exclaimed.


Lerdorf advised PHP developers that nothing that comes across the wire is to
be trusted. Header “stupidity,” as Lerdorf referred to it in Apache HTTP Web
server, can also be the root cause for the broken Web.

Then there is Microsoft’s Internet Explorer, which has “stupidity” issues with character set detection, arbitrary header injection, host header spoofing and request splitting.


“IE is completely broken in so many ways,” Lerdorf said.


With some PHP commonsense, a few of the reasons why IE is broken can be
overcome.

When it comes to Character Set detection, Lerdorf advises
developers to always make sure that they actually specify a default charset
in their PHP applications.


PHP 5
includes all manner of functionality to help developers filter requests, to
help prevent the “broken Web.


“You have to filter everything and then poke a few holes to let things
through, “Lerdorf advised.


Rich Web applications, such as those built with AJAX and Web
services, are key to the modern Internet.

Yet performance and ease of development have been somewhat broken.

Lerdorf noted that rich Web applications, such as those that Yahoo deploys, need to have excellent response times and need to be able to handle a high number of users.


Lerdorf demonstrated to the developer crowd how to optimize rich application
delivery performance on a basic 1.8 GHz AMD Athlon CPU server running Ubuntu
Linux.

The PHP creator began with a baseline that showed his application
running with default settings only handle 17 requests per second.

By the end of his optimization discussion, the same hardware running the
same application could handle 1,100 requests per second and had a less than 10
millisecond response time.


One performance enhancement that Lerdorf suggested based on code
analysis was to use MySQL instead of PostgreSQL for the database.


“If you can fit your problem into what MySQL can handle it’s very fast,”
Lerdorf said. “You can gain quite a bit of performance.”


For the items that MySQL doesn’t handle as well as PostgreSQL, Lerdorf
noted that some features can be emulated in PHP itself, and you still end up
with a net performance boost.


Parsing and compiling speed can also be significantly boosted with the use
of anopcode cache.

In PHP, as with most scripting languages, code is parsed
from human-readable to machine-readable instruction. The machine-readable
script is known in PHP as opcodes.

An opcode cache stores or caches the compiled code in shared memory so that the code compilation for similar operations only needs to happen once.


PHP 6, which is still in development, will have opcode cache built in by
default.

For current PHP 5 users, there are various opcode cache
implementations that can be used, including the Alternative PHP Cache (APC),
which is what Lerdorf recommended.


“Every single server has it [APC] at Yahoo, and it handles
billions of requests per day,” Lerdorf said.


PHP 5.2 also makes it easier for developers to develop and deploy Web
services, even those that use SOAP , which Lerdorf described as
being difficult to use and “way too complex.”


With SimpleXML, which is a PHP extension allowing for “simple” XML data
manipulation, a lot of the complexity of Web Services can be abstracted.

As an example, Lerdorf showed a one-line RSS parser that he wrote that pulled data via SimpleXML.

He went on to demonstrate how it was equally as easy to expose PHP as a Web Service even via SOAP.

News Around the Web