Python as replacement for PHP?

David M. Wilson dw-google.com at botanicus.net
Wed Mar 3 18:18:56 EST 2004 

Bart Nessux <bart_nessux at hotmail.com> wrote...

> When it comes to dynamic, DB driven sites, PHP is the only way to go. 
> Python is not even close to being suited for this task. PHP claims to be 
> a general-purpose language, but I do not know anyone who uses it for 
> anything other than dynamic Web programming.

Like everyone else who has replied, I seriously question how much
experience you have with the multitude of Python web environments
available. As an objective, point-by-point look at your specific
example of somewhere PHP is strong, here's my reply:

[PS: I still use PHP regularly, albeit only for quick unimportant
hacks that won't exist in 6 months]


- Nearly all the PHP code I have seen (including various large web
sites) fails to handle error conditions, and will run amok given a
down DB server, bad filesystem permissions, or bad inputs. I have had
personal experience, on more than one occasion, of an error condition
in someone else's PHP code causing a large amount of damage to a
dataset.

- The equivalent Python code will almost never do that. Thanks to the
religious throwing of exceptions, well written standard libraries, DB
adaptors, and so on, the worst Python code has a MUCH better chance of
getting stopped in it's tracks just as a fault occurs.

   py> open("/tmp/foo","w").write(123)
   Traceback (most recent call last):
   File "<stdin>", line 1, in ?
   TypeError: argument 1 must be string or read-only character buffer,
not int


   [22:15:14] [cape:4:dw]$ php4 <<e   
   > <? fwrite(fopen('foo','w'), 123); ?>
   > e
   [22:15:16] [cape:5:dw]$ cat /tmp/foo 
   [22:15:17] [cape:6:dw]$ 

Can you tell me exactly what the PHP fwrite function did when I passed
it an integer? Can you tell me how many PHP programmers test
"(strlen($to_write) == fwrite($fp, $to_write))"?


- In the specific instance of database connectivity, Python is far
superior, in terms of intuitiveness, security, safety, and so on.
Python database APIs are built in a way that protects you by default.

- PHP provides no intuitive default support for many common DB
operations. Compare the following messes:

   py> l = MySQLdb.connect()
   py> c = l.cursor()
   py> user_input = "%t%"
   py> match_count = c.execute("SHOW DATABASES LIKE %s", ( user_input
))
   py> print match_count, "matches:", [ x for x, in c ]
   1 matches: ['test']


   <? $s = mysql_connect(); 
   $user_input = "%t%";
   $query_sql = sprintf("SHOW DATABASES LIKE \"%s\"",
      mysql_real_escape_string($user_input, $s));
   $query = mysql_query($query_sql, $s);
   $matches = array();
   while ($row = mysql_fetch_array($query, MYSQL_NUM)) $matches[]=
$row[0];
   echo sizeof($matches), " matches: ", var_export($matches, true);


Tell me, of these two popular examples of bad code in both languages,
which is the more intuitive to read, which is the more elegant to keep
secure, and which would you prefer to be reading, and modifying in 18
months time? [In this case, which was the quicker to create? The
Python example. The PHP counterpart has a syntax error somewhere, I
care not where.]

How many different ways can you dream up the same functionality in the
PHP example? (mysql_escape_string, <random_db_api>, etc.)

How likely is it that the developer you hire to take over development
of either snippet of code will understand the concept behind it? I
can't even think of another way of doing database query in Python,
without using the low-level interfaces, which is just insane.

We could bring the PHP ADODB, or many of the other numerous PHP APIs
for DB connectivity into the picture, but which of these are the
obvious choice, and officially endorsed?

How easy is it to improve on both these examples to add proper error
handling? Again, Python wins hands down for elegance, conciseness, and
obviousness.


- Python has a religious following of thousands, many of whom found
freedom through it's restraint, unified path, and downright beauty.
The result is a long tradition of structured, well written code.
Python has roots in academia, and started life with a defined purpose,
and a BDFL who knew what he was doing.

- PHP, "the web designer's ideal first language", started out life as
"a collection of perl scripts" (that says it all really), then ported
to C, then hacked and added to until it was the great swiss army
monolith that it is today. PHP has never had a clear, publically
documented development path, or indeed any form of structure or
organisation, past the menu system of PHP.net

PHP developers tend to have started life using Dreamweaver, happy to
accept the first solution to a problem that comes their way, and care
little about technical merit. Every person (including at the time,
myself) who I know that uses, or used PHP, did so because it allowed
them to make things look beautiful and dynamic very quickly.


- Python gurus, when asked how to make something work, will often
appear nasty and horrible, telling you you're doing entirely the wrong
thing and you should go back to the drawing board. Much like the hot
sting from a smack of a father's hand, this is good, not bad. It is
there to direct and discipline you, and improve the way you think.

- PHP gurus tend to be experienced web developers, they'll be able to
look flash and give you an answer on the spot, but that answer will
only further lead to the demise of any structure your coding ever had.



- Python tends to be slow, but slow compared to what? The laptop I
type this message on has a 2ghz processor. It cost less than £1000. It
is the cheapest laptop money can buy in the UK. I run Python scripts
on multi-gigabyte datasets on a daily basis on this machine. I have
never considered the scripts to be 'slow'.

- PHP is very light on CPU, memory, and so on. I earn a modest amount
for a 20 year old, even by Northern Ireland standards. I can't see how
I would ever need to resort to PHP because I couldn't afford the
hardware to run a complex Python-based site intended for viewing by
thousands.


Personally, I find the average PHP codebase to be akin to a television
station such as MTV: well presented, streamlined, professional
looking, but in terms of content, nothing but meaningless, mindless
shite. On the other hand, reading certain Python code is more like
reading a beautifully typeset hardback novel: black and white - ugly
to some, but functional, educational, structured, meaningful, etc,
etc.

What interests you more - earning money through thoughtless,
effortlessly produced rant-syntax that no-one will ever want to look
at again, or the daily challenge to produce something that will
perfectly fulfill it's intended function, at the cost of a little
time, a little brainpower, and a little discipline.

I could go on, but I think these points alone are the main reasons I
use Python. At the cost only of speed, it protects me, teaches me,
profits me, and inspires me to continue being the professional geek
that I am. :)


David.

More information about the Python-list mailing list