PHP, ASP or Perl?

[Ben]

All three languages do pretty much similar things, for me the easiest amongst PHP, ASP and Perl to learn has got to be PHP. Anyway, PHP & ASP can do pretty much the same thing, but for me PHP has got to be the best. It's easy to use and finally, I can make my own PHP scripts, after switching from ASP, PHP, etc. PHP is very logical unlike ASP. Nonetheless, both of them can do pretty much the same thing.

[esnail]

I like ASP but I've moved over to PHP for the simple reason that it's very well supported via the online community - it's still in development, being a very active open source language and unlike ASP, you don't require a windows server to run it. PHP is fast becoming a very powerful language and to some extent has replaced perl for many web developers. For anyone about to choose a development language I'd certainly suggest PHP.

[DPS Computing]

PHP forever!! - it is platform independant and the most supported!

[paul]

I think Perl is almost dead, I would prefer for PHP & ASP, however every language has its own benefits and usess that actually depends on your need.

[DPS Computing]

The thing with Perl is that it is old and less supported and seems to be gradually dieing the more it lives on . Sadly, it does seem to have been superseeded by languages like ASP and PHP. I can't think of any programs that have been updated recently that are still written in Perl although I am sure there is still a couple out there .

[paul]

Yeah also the reason Perl is fading away it lack interest of good programmers and overshadowed by other languages. However I see a good future of PHP & ROR..

[DPS Computing]

Oh yes most definitely, RoR looks like it is going to take off. Once the people at the top of the programming field start forgetting about a language it does tend to go downhill from there unfortunately.

However you still do get avid supporters who continue to use it and program little applications in it which keep some older and less used languages going.

Also, when the community starts to dwindle, more people leave said community for a more well supported language. This works the same for forums software, CMSs, blogs etc as well .

[paul]

Quote:

Originally Posted by DPS Computing

Oh yes most definitely, RoR looks like it is going to take off. Once the people at the top of the programming field start forgetting about a language it does tend to go downhill from there unfortunately.

However you still do get avid supporters who continue to use it and program little applications in it which keep some older and less used languages going.

Also, when the community starts to dwindle, more people leave said community for a more well supported language. This works the same for forums software, CMSs, blogs etc as well .

You are right about RoR, it is getting good pick up and beside it C++ as well growing somewhat and interestingly Lua enters top 20'. tiobe.com/tpci.htm

[mephisto]

I used both ASP and PHP at work, as well as many others, and I find that I code much faster in PHP because there are so many ways of doing things that simplify your code. For example, to print out the letters A to Z separated by a comma

ASP:

Code:

<%
Dim i
For i = 65 To 90
   If i > 65 And i < 90 Then
      Response.Write ","
   End If
   Response.Write Chr(i)
Next
%>

PHP Code:

<?php
echo implode(',', range('A', 'Z'));
?>

That's only a small example, but once you start getting into better object orientated stuff, PHP beats ASP hands down. ASP has no concept of asbtraction, inheritance or interfaces and it can't do reflection or dynamic function calls like PHP's callback feature.

[WelshTom]

PHP all the way

[eUKhost.com]

I thought ASP was more secure though its complicated.

Anyways, now I'll switch to PHP

[mephisto]

Are we talking about ASP or ASP.NET?? Certainly PHP is more secure than ASP, well of course that all depends on the code written, but there are more controls in place to secure PHP.

Eg. with PDO you can put your connection string to a database in the php.ini file and then just reference to it in your code. Which means you don't need to code in the database password.

The other thing PHP has over ASP is that it's still maintained.

[eUKhost.com]

Quote:

Originally Posted by mephisto

Are we talking about ASP or ASP.NET?? Certainly PHP is more secure than ASP, well of course that all depends on the code written, but there are more controls in place to secure PHP.

Eg. with PDO you can put your connection string to a database in the php.ini file and then just reference to it in your code. Which means you don't need to code in the database password.

The other thing PHP has over ASP is that it's still maintained.

What about ASP.NET ?

is ASP.NET secure than PHP or no ?

[mephisto]

About the same, the majority of times its not down the programming language, its down to the configuration of the hosting environment.

Personally I feel like open source solutions are generally more secure, because a security issue can be found by a wider community and so fixed earlier. Whereas with closed source, such as ASP.NET you're mostly reliant on the manufacturers to find them.

That's probably going to upset some people who love ASP.NET, but that's just my opinion.

[flesso]

Quote:

Originally Posted by mephisto

About the same, the majority of times its not down the programming language, its down to the configuration of the hosting environment.

Personally I feel like open source solutions are generally more secure, because a security issue can be found by a wider community and so fixed earlier. Whereas with closed source, such as ASP.NET you're mostly reliant on the manufacturers to find them.

That's probably going to upset some people who love ASP.NET, but that's just my opinion.

But then you could argue that if a bug is found in an open source base, then it would be pretty easy for a hacker to exploit it; with closed source bases, it would be harder for the bug to be found and for a hacker to then exploit it.

[mephisto]

Quote:

Originally Posted by flesco

But then you could argue that if a bug is found in an open source base, then it would be pretty easy for a hacker to exploit it; with closed source bases, it would be harder for the bug to be found and for a hacker to then exploit it.

Yes that's also true, it's the other side of the coin. However it depends how the bug is found, with open source it's not just hackers who would be looking for them, it's also open for people to find them and highlight as bugs, which would mean it would get fixed quicker.

With closed source how can the general public find these security holes? They'd have to hack, and the people who know how to hack are hackers, I don't think they'd want to report that they've found a successful way to hack; so it wouldn't get fixed as quickly.

The majority of the times it down to the coder, not the language.

For example how many of you have developed using inline queries? If you have a login box which does the following query.

ASP

Code:

Dim sql
sql = "SELECT * FROM user WHERE username = '" & Request.Form("username") & "' AND password = '" & Request.Form("password") & "'"

PHP

PHP Code:

$sql = "SELECT * FROM user WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "'"; 


Both of these are insecure as each other. If a someone knew a username eg. mephisto, then all they need to pass the above login is type the username as mephisto' -- and the password could be anything.

Which would make the SQL query

Code:

SELECT * FROM user WHERE username = 'mephisto' --' AND password = ''

everything after the -- is a comment, so this effectively

Code:

SELECT * FROM user WHERE username = 'mephisto'

and there you have a sucessful login, regardless of the programing language, just down to the code.

Best way around this is to use prepared statements, or at least escape your values.

For those who are wondering, I just tried this with eUKHosts forums and it doesn't bypass the login