Yes, PHP is awesome for building hello world applications. No one is disputing that.
However, for building applications that might get deployed somewhere, or talk to a database in a secure fashion, it's a nightmare.
For ruby, python and perl, it's just as easy to make a hello world like that, all you have to do is execute it as a CGI. Node.js is a FRAMEWORK, not a language, you can equally make it super simple to execute javascript the same way by again executing it at as CGI, it's actually even shorter because you don't need <? ?> tags.
The reason the Perl,Python and Ruby communities don't make apps like that is because it's a bad idea. In ruby,perl,python,javascript if you really want to you can. PHP makes it incredibly hard to not be stupid in the way your app is setup. PHP saves you a few minutes of following a rails cast in exchange for a lifetime of hell.
The crux of why most programmers disdain PHP is because of the poor choices for maintainability and ease of building larger applications, also because the PHP community has no idea what they're talking about for the most part.
Most PHP programmers couldn't even tell the difference between a language, a framework, a template system, probably because PHP doesn't have any separation of concerns. The language, framework, standard library, templating system are all mashed into one godawful mess.
But yes, it's really easy to build hello world applications. Alternatively, if you want to build a hello world application you could just write:
Hello World
in a text file and be done with it instead of exposing yourself to all the security vulnerabilities inherent in PHP. (Yes, even hello world is insecure in PHP)
> However, for building applications that might get deployed somewhere, or talk to a database in a secure fashion, it's a nightmare.
In what decade? Ever heard of PDO? Prepared statements? PHP is actually more secure when it comes to database connections than all of the wonderful alternatives you mentioned.
"Prepared statements? PHP is actually more secure..."
The most commonly used module for mysql access, mysql (not mysqli for some reason), does not support bound parameter prepared statements instead opting for some very funky string escaping business.
Prepared statements are generally the only supported SQL mechanism in other languages/platforms I have used (C, Perl, Ruby, Java, COBOL...)
Quote Adam D'Angelo, former CTO of Facebook: "PHP was out of the question [for building Quora]. Facebook is stuck on that for legacy reasons, not because it's the best choice right now". (source: http://www.quora.com/Quora-Infrastructure/Why-did-Quora-choo...)
PHP has had numerous security issues related to the parsing of things like HTTP headers, etc. This means that when you write your app in PHP, and do something simple you get security issues just for going along for the ride.
Put an empty PHP file on your server and you've got a vulnerability. If they can't figure out how to parse a URL correctly what else is lurking? Ironically, the issue is a fix for a DOS attack, so they traded a DOS attack for remote code exec, and then backported it.
This is the equivalent of
int main() { return 0; }
having security issues.
By the way, this issue is from two months ago, we're not even talking about the really bad ancient bugs.
Since I cannot reply to your response, I would like to inquire as to some resources where I can read more about the specific security bugs in PHP you are mentioning.
I am well aware that PHP has had security issues in the past, but I am also aware of the fact that it gets a bad name because people read blog posts and then decide the sky is falling.
However, for building applications that might get deployed somewhere, or talk to a database in a secure fashion, it's a nightmare.
For ruby, python and perl, it's just as easy to make a hello world like that, all you have to do is execute it as a CGI. Node.js is a FRAMEWORK, not a language, you can equally make it super simple to execute javascript the same way by again executing it at as CGI, it's actually even shorter because you don't need <? ?> tags.
The reason the Perl,Python and Ruby communities don't make apps like that is because it's a bad idea. In ruby,perl,python,javascript if you really want to you can. PHP makes it incredibly hard to not be stupid in the way your app is setup. PHP saves you a few minutes of following a rails cast in exchange for a lifetime of hell.
The crux of why most programmers disdain PHP is because of the poor choices for maintainability and ease of building larger applications, also because the PHP community has no idea what they're talking about for the most part.
Most PHP programmers couldn't even tell the difference between a language, a framework, a template system, probably because PHP doesn't have any separation of concerns. The language, framework, standard library, templating system are all mashed into one godawful mess.
But yes, it's really easy to build hello world applications. Alternatively, if you want to build a hello world application you could just write:
in a text file and be done with it instead of exposing yourself to all the security vulnerabilities inherent in PHP. (Yes, even hello world is insecure in PHP)