Is regular PHP still viable?

I am trying to gain experience writing an ecommerce site and have nearly completed my administrator's product system.

But, PHP was mentioned on a web site as being obsolete unless it now uses, "dependency injection frameworks: Symfony and Laravel" and a dependency manager: Composer. Also it now uses "ORM's for relational database development."

I am wondering if this is true, or am I learning something that is still used and will help me obtain an internship? Really, should I continue to work with this older (and simpler) style of PHP?

Thanks,
JoshuaEir

 

So basically, what that website said is PHP is obsolete but it's Frameworks aren't. Very far from the truth. It is great you tried to get thoughts on this.

Basically, when you see a website paint a particular language as BAD, be watchful of it because they likely do not know what they are saying and most of the times, they haven't even done any tests.

To your question: PHP is not obsolete. Using a framework simply makes your work way easier. But there's a lot of reasons people still prefer to design a Web App without a framework.

If you decide not to use a Framework, you must be sure you know what you're doing. Most of the times, those frameworks take care of several vulnerabilities without you having to write a single line of code.

With pure PHP, It is incredibly easy to design a Web App with so many vulnerabilities that it becomes a playground for hackers.

If I were to design anything with pure PHP, I'll first design a sort of Micro framework to handle all common vulnerabilities and build the rest of the App on top it.

 

I know there are secuurity risks with injection, what else are the problems?

What is this all this about, and how is it done?

JoshuaEir

 

In short, PHP itself is not insecure.
Problem starts when people start storing vulnerable info in cookies etc, or mishandle file upload.

For example, when you allow people to upload a file, and do not check file type being uploaded, then someone can upload a PHP script itself, and then run their PHP code on your server.
Being careful about handling querystrings is another thing.

With cookies, you can end up storing unencrypted passwords in a cookie, which exposes the password to someone else who can read cookie files.
Even worse, you end up storing just ID of member in a cookie, and someone changes that ID in cookie file, and opens your site.
Now they are logged in as someone else in your site.
Solution is, store an ID, plus an encrypted token/password in the cookie.
Read and verify both when auto login in members.

People store open readable passwords in databases, big mistake.
Always store hashed password in database. Hash using a salt string around the password.

Its stuff like this.

Generally when you use a framework, they give you pre-made functions or classes which do these checks, preventing problems.
However, they create an even bigger problem of server load and browser load, like wordpress does.

These days companies require you to have knowledge of some common frameworks before they hire you.
So learning some common ones is a good idea, if you are looking for a job with a company.
But if someone says that PHP itself is obsolete, then they really don't know what they are saying.