Any Perl programmers here? PHP?

[abrasiverock]

I can't even learn from the books. I really suck or something.

 

[Nostalgiaplatz]

Perhaps you're using the wrong approach... try learning Pascal, or something...

Good luck anyway..

 

[abrasiverock]

Perhaps you're using the wrong approach... try learning Pascal, or something...

Good luck anyway..

Never heard of Pascal. What is it? Can it be used for web pages like PHP?

 

[Nostalgiaplatz]

well, no...it's an old ms-dos language, although it has been ported to other systems and branched to windows. It can do for cgi's, but I doubt anyone uses it that way (except my old boss ). It's just an easy language to learn programming concepts. PHP is, to my eyes, the best language in the biz for webdev.

 

[DE]

PHP is a terrible language because it makes it so easy to write terrible code. And lots of people do.

 

[abrasiverock]

Hmmm? I think I might just force through PHP then. I am only interested in web stuff right now anyways. Right now I can only use the SSI, but I use it all over my website right now.

 

[Nostalgiaplatz]

PHP is a terrible language because it makes it so easy to write terrible code. And lots of people do.

That was just stupid. Any language that is easy to learn, will have more adepts because the vast majority want results without wasting time during learning curves, programming and brainstorming. If the same person who writes C code goes to write PHP, the approach will be the same, regardless. And that doesn't really mean it's going to be awesome just because he was a C programmer. More than 60% of all programmers, if not more, are careless about their code and how everything works to the lowest degrees. If people were more paranoid and security aware, a half of the mistakes wouldn't happen and code wouldn't be as terrible.

From that comment I suppose you prefer PERL to PHP?

So here's artsy, terrible, unmaintainable code (it's the encryption/decryption algorithm developed by RSA and ported to pearl by someone else):

PERL 3 liner

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

PERL 2 liner

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

In C: http://www.stillhq.com/gpg/source-modified-1.0.3/cipher/rsa.html


Go ahead abrasive rock, learn your stuff.

 

[abrasiverock]

Go ahead abrasive rock, learn your stuff.

I am doing my best. I always feel like I am just short of things clicking, but understanding it is always just out of reach. Someday...someday.

 

[DE]

crap

obfuscated code sure exists for its maintanability

There are many features that PHP lacks or "features" it implements that make it easy to write terrible code, even compared to other languages. The presence of things like Register Globals and Magic Quotes, for example, as well as its lack of things like tainting.

PHP is good in the hands of a developer that knows what they're doing, but unfortunately since 90% of PHP "developers" are 15 years old and incompetent, most PHP scripts are leakier than sieves.

What you said here:

If the same person who writes C code goes to write PHP, the approach will be the same, regardless. And that doesn't really mean it's going to be awesome just because he was a C programmer. More than 60% of all programmers, if not more, are careless about their code and how everything works to the lowest degrees. If people were more paranoid and security aware, a half of the mistakes wouldn't happen and code wouldn't be as terrible.

Sure, a language can't magically make your code efficient and well-designed, but it can prevent many security flaws. PHP's loose-typing, lack of tainting, and general sloppy attitude make for a coding process that virtually rewards sloppiness and makes it very easy to create insecure code.

There are many good things about PHP, such as the relative ease of knocking out code, its sheer ubiquity, its relatively easy learning curve etc - but it does have many downfalls.

PS: Perl is neither an acronym nor a shiny ball found in mollusks, fyi.

 

[Nostalgiaplatz]

I don't think avoiding PHP will make you write better code anyway... besides isn't tainting what they implemented as safe_mode directive in php.ini? I guess so. Although I am not that much knowledgeful of what tainting is all about, except for some wrap-around on system calls, which, safe_mode also does, probably not as broad as PERL implements it though. PHP's loose-typing isn't a bad feature to my eyes, if the programmer is careful. PHP like everyother language has it's pitfalls, but just because it's easier and therefore faster to develop, it doesn't mean you should avoid checks, etc. There're functions to check the typing of a given variable.

The problem generally lies more on assumptions and less on the language per se and as someone once said "Assumptions is the mother of all fuckups". One flaw that very often happens is, If you're expecting the user to type information only in the range of a-zA-Z and you've got a javascript checking the input before submiting and you don't add any checks to your php code, who gets the data off of the form, the "inteligent" user will most likely break your browser-based sanity checking, because you dared to think that would be enough.

Curiously...I haven't used PERL in a while and I am currently writing a script to mirror phpbb2 forums like UM, because the search function is disabled. Oh well.

 

[DE]

Tainting isn't implemented in PHP whether safe_mode is on or not. And tainting avoids your second problem, since all user input is considered dangerous unless you explicitly flag it as being safe.

PS: Perl is neither an acronym nor a shiny ball found in mollusks, fyi.