PHP vs JSP

What do you prefer? JPS built websites or PHP built websites and why? Not trying to start a general circlejerk fight, but rather trying to collect arguments for and against each of these languages.

 

JSP is poorly documented (despite being based on Java, though IMHO Java is poorly documented), is rarely available on most hosts, many hosts look at you like you have 8 heads if you ask for it, and I know more people using the long defunct coldfusion than those using JSP.

PHP.NET is some of the best documentation available for ANY programming language this side of 1980's Borland products, last time I encountered a host that didn't provide it was over a decade ago, and there are endless experts readily available to help you if you get stuck with a problem.

Doesn't seem like a hard choice to me.

Of course JSP only really works with <% %>, while in PHP you can get by only using <?php ?> once per file... of course if I had my way <?php ?> would be removed from PHP entirely! (along with other pointless idiocy like heredoc, nowdoc, etc...)

That type of 'scripting' IMHO only encourages sloppy coding practices and hard to follow code; though to be fair I say the same thing about colour syntax highlighting and autocomplete.

 

I like PHP to built websites, because it is common and easy

 

I would say for small webapps PHP is good enough.
But when it comes down to develop enterprise applications JSP/JSF are unbeatable. Exspecially when you combine it with other features like EJBs and JPA you can do some quite cool stuff ;-)
My biggest problem with PHP is that it seduces the programmer to create sloppy code which results in very insecure webapps.

I don't agree with that. In my oppinion the documentation is good enough. Not as extensive as the php one but good enough to learn properly ;-)

 

In that way I think it comes down to what you are building. PHP is poor for 'general computing' tasks, it is best used as glue, to put together data from multiple sources, gluing database output to markup for example. It's ability to use white-space preserving/neutral strings direct from the editor also makes it far easier to work with markup. Usually if you are 'brute force' processing things like math, PHP's weakness' shows.

JSP thanks to it's being emulation of a pretend processor (virtual machine my ass) instead of a normal interpreter is much better at any 'real' computing tasks; however since you have to use <% %> in the same way as ASP, well, much like <?php ?> it results in what I consider sloppy coding practices and makes it harder to have clear legibile handling of markup. There's a reason I think <?php ?>, heredoc, nowdoc, and a bunch of other nonsense of that nature should be stricken from PHP entirely.

Nice to hear someone else say it!

I often get flack for saying this, but IMHO PHP is insecure by design.. This is true of most interpreted scripting languages (PERL is similarly afflicted) as it's FAR too easy to have code elevations, and few if any developers out there seem to take the time to even TRY to limit what said elevations can do.

There's this delusion right now that "once a cracker can run code you're done" -- when things like scope can be used to greatly limit or even eliminate the damage that can be done. See idiotic halfwit BS systems like turdpress, where they spaghetti 'include' together files as if functions are evil (exposing multiple entry points) and then like a drooling lobotomy patient declare the SQL username, password, dbname and hostname USING DEFINE?!?!? -- basically an undeletable global scope; because that's going to be SO secure... You might as well just hand crackers the keys.

Good practices can result in PHP that's just as secure and well written as JSP, unfortunately there's not enough discussion about that. PHP's objects, the ability to declare scope on properties and methods (private, protected, public) and prevent future modification (final) can go a long ways towards limiting what an elevation can do. Likewise if people would STOP putting their database connection into the global scope things would be a lot more secure; that's one of the problems with the mysql_ functions and why we were supposed to stop using them altogether EIGHT YEARS AGO, and why they aren't even going to EXIST in PHP 6.

But to be fair, I'm one of the nutters who uses functions like this:

function safeInclude($fileName) { require($fileName); }

Code (markup):

Just to break scope, since any include is run right where you include it; inheriting scope from where you call it -- which is... really ****tarded. For example:

function main() {
	$username = 'root';
	$password = 'G7B4rE7';
	$dsn = 'mysql:host=localhost;dbname=forums';
	include('templates/common.template.php');

Code (markup):

Those variables would act like they were globals inside common.template.php just because they are local to the function the 'include' is inside -- NOT good. Insecure by design. It really needs a 'library file' type of include where code isn't run directly and the only thing allowed inside it are classes and functions... since in 99% of cases from a security standpoint that's ALL that should be in an include in the first place. (as opposed to this idiotic daisy-chaining together files that run code directly).

I find it quite lacking -- but I was spoiled in the '80's by Borland Products.

 

I would prefer JSP or Java in general. Currently many java framework for web site development are available and well-documented. They also provide rapid development. And another aspect I like the most when the site need bigger computing power it is much easier to scale using Java than PHP.

 

There are also so many Java-based vulnerabilities that it's mostly coding an open door for exploits... :/ However, that is mostly true for PHP as well, but then PHP-sites doesn't usually provide access to other software on the machine you're using to run whatever webpage you're looking at. I know that Java != exploits and vulnerabilities per se, but in general, there's been way too many problems with Java the last few years.

 

What the fuck is JSP?
^ That right there is my answer to you. (it's a joke btw)
PHP has GREAT documentation, THOUSANDS of tutorials available from anywhere on the web AND it runs ALMOST everywhere!