Many of PHP's problems can't be solved with a reimplementation.
Posted on Monday, January 26, 2009 at 1:02 AM.Although widely used, PHP is known to have many, many problems. Security-related issues have always been problematic for it. Performance is another area where there have been numerous problems. In many cases, its semantics and syntax leave much to be desired. Some people believe that a rewrite of the PHP implementation itself will solve all of the problems associated with PHP. Others lean towards that viewpoint, but suggest that the current PHP developers should not be involved with such a rewrite. Personally, I think PHP as a language is inherently flawed, and any implementation that tries to remain true to the "spirit" of PHP will itself be flawed.
Security, for instance, has always been a problem for PHP. Part of this problem is independent of the implementation. PHP, as a language and platform, has always proved attractive to inexperienced developers. To a large extent, PHP has even been marketed towards amateurs and hobbyists. Such people are not aware of the various SQL-related exploits that are possible, let alone how to prevent them. So when their PHP-based Web sites went public and were subsequently cracked, the PHP developers ended up adding half-brained "solutions" like the notorious magic quotes. So we can see at least two problems here. The first is that PHP is targeted towards and widely used by people who don't understand security. The second problem is that the developers of PHP tried to compensate for this in ways that just caused further problems.
The developers of PHP have made a good decision by opting not to include magic quotes in PHP 6. But there's nothing they can do about their language being widely used by people who probably shouldn't be using it. The insufficient experience and knowledge of its userbase would be a problem for every PHP implementation.
Likewise, performance has always been one of PHP's biggest problems. A variety of approaches have arisen over time to deal with these issues. Caching the compiled PHP code is one of the most frequently-used solutions. Any implementation that wanted to improve on PHP's performance while allowing for source deployments would likely need to incorporate such transparent caching, which in turn may not be flexible enough for many users. Other approaches would include forcing the user to deploy some form of pre-compiled object file, rather than deploying the source code itself. But this is contrary to how PHP has historically approached deployments.
The lack of organization is one problem that the PHP developers have begun to tackle with the introduction of namespaces. But even the selection of a namespace separator has been highly controversial within the PHP community. This incident indicates the struggles and hurdles that any other significant reform efforts would face.
Arguably, the only way to successfully reimplement PHP is to discard the language as it exists now, as well as discard the community that it has now. Discarding the community will be problematic, as it is the armies of inexperienced users who make PHP as popular as it is. Many of the language changes would in turn make the resulting language much unlike PHP, as its users currently know it.
