Good and Bad PHP Code

Tweet

The following is republished from the Tech Times #165.

When interviewing a PHP developer candidate for a job at SitePoint, there is one question that I almost always ask, because their answer tells me so much about the kind of programmer they are. Here’s the question: “In your mind, what are the differences between good PHP code and bad PHP code?”

The reason I like this question is because it tests more than just a candidate’s encyclopedic knowledge of PHP’s functions. Zend’s PHP certification does a good job of that (as does the test that Yahoo! issues to applicants for its PHP developer jobs, apparently).

Rather, the answer to this question tells me whether a PHP developer has, for example, experienced the pain of working with poorly-written code inherited from a careless predecessor, and whether he or she will go the extra mile to save the rest of the team from that same pain.

I don’t have a set notion of the perfect answer to the question, but I do know the kinds of things I’m hoping to hear. Just off the top of my head:

Good PHP code should be structured. Long chunks of code can be broken up into functions or methods that achieve sub-tasks with simple code, while non-obvious snippets should be commented to make their meaning plain. As much as possible, you should separate frontend HTML/CSS/JavaScript code from the server-side logic of your applications. PHP’s object oriented programming features give you some especially powerful tools to break up your applications into sensible units.

Good PHP code should be consistent. Whether that means setting rules for the names of variables and functions, adopting standard approaches to recurring tasks like database access and error handling, or simply making sure all of your code is indented the same way, consistency makes your code easier for others to read.

Good PHP code should be portable. PHP has a number of features, such as magic quotes and short tags, that can break fragile code when they are switched on or off. If you know what you’re doing, however, you can write code that works by adapting to its environment.

Good PHP code should be secure. While PHP offers excellent performance and flexibility out of the box, it leaves important issues like security entirely in the hands of the developer. A deep understanding of potential security holes like Cross-Site Scripting (XSS), Cross-Site Request Forgeries (CSRF), code injection vulnerabilities, and character encoding loopholes is essential for a professional PHP developer these days.

Once a candidate has answered this question, I usually have a pretty good idea of whether they’ll be hired or not. Of course, there’s always the possibility that an interviewee simply isn’t able to articulate these types of things, so we also have our candidates sit a PHP developer exam.

Many of the questions in this exam seem straightforward on the surface, but they give candidates plenty of opportunity to show how much they care about the little details.

The following “bad” code is a highly simplified example of the sort of thing we might put in our PHP developer exam. The question might be something like “How would you rewrite this code to make it better?”

<?
echo("<p>Search results for query: " .
    $_GET['query'] . ".</p>");
?>

The main problem in this code is that the user-submitted value ($_GET['query']) is output directly to the page, resulting in a Cross Site Scripting (XSS) vulnerability. But there are plenty of other ways in which it can be improved.

So, what sort of answer are we hoping for?

Good:

<?
echo("<p>Search results for query: " .
    htmlspecialchars($_GET['query']) . ".</p>");
?>

This is the least we expect. The XSS vulnerability has been remedied using htmlspecialchars to escape dangerous characters in the submitted value.

Better:

<?php
if (isset($_GET['query']))
{
  echo '<p>Search results for query: ',
      htmlspecialchars($_GET['query'], ENT_QUOTES), '.</p>';
}
?>

Now this looks like someone we might want to hire:

  • The “short” opening PHP tag (<?) has been replaced with the more portable (and XML-friendly) <?php form.
  • Before attempting to output the value of $_GET['query'], isset is used to verify that it actually has a value.
  • The unnecessary brackets (()) around the value passed to echo have been removed.
  • Strings are delimited by single quotes instead of double quotes to avoid the performance hit of PHP searching for variables to interpolate within the strings.
  • Rather than using the string concatenation operator (.) to pass a single string to the echo statement, the strings to be output by echo are separated by commas for a tiny performance boost.
  • Passing the ENT_QUOTES argument to htmlspecialchars to ensure that single quotes (') are also escaped isn’t strictly necessary in this case, but it’s a good habit to get into.

Somewhat distressingly, the number of PHP developers looking for work that are able to give a fully satisfactory answer to this sort of question—at least here in Melbourne—are few and far between. We spent a good three months interviewing for this latest position before we found someone with whom we were happy!

So, how would you do when asked a question like this one? Are there any factors that make PHP code good or bad that you feel I’ve left out? And what else would you look for in a PHP developer?

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • David Jenkins

    Well, I find the market itself to be the problem, like you say, in Melbourne.

    I’ve been looking the last couple of weeks for a new PHP dev job in Melbourne, and I pay particular focus to simple things as mentioned in this post (among other pet peeves that are overlooked by a lot of PHP coders). So, I suppose I’m one of the few, with far between. A diamond in the rough?

    The problem I’ve faced, though, is that employers don’t recognise this – not because they don’t care, but simply because they don’t know any better. As a result, I’m out there asking for a certain salary (I have a degree, and a strong skillset) which often gets responses like ‘yes, but we have (number of people) also available to work for n% less than that’ – where ‘n’ is often about 20%. I don’t think I’m asking for too much money (in fact, I know I’m not), but while employers aren’t treating ‘advanced’ developers any better than the rookies, there is little motivation for people to increase their skillsets.

    I’m being replaced in my current role by someone with a much lesser skillset, and I’m nearly certain he’s being paid the same as what I’m on currently. Talking to a guy I know in Java land, he made it painfully clear that employers/the industry does not care for PHP skills. I’m finding this more and more to be the case.

    So yes, pay people what they are worth, not what the minimum baseline is. You certainly get what you pay for.

    And, from what I can gather, SitePoint are among the guilty.

    The quest continues..

  • http://www.sitepoint.com/ Kevin Yank

    And, from what I can gather, SitePoint are among the guilty.

    I’m curious what you base this on. I’ve asked around, and nobody on our end can remember turning down a PHP developer based on salary expectations.

  • http://www.realityedge.com.au mrsmiley

    As a PHP developer in Melbourne, I can totally agree with David’s assessment of the market here. I’ve even sat the skills exam at Sitepoint albeit with different questions. At the time Sitepoint were just fishing for developers, didn’t even have a solid job going at the time (around mid last year) which I find poor form on any potential employers part.

    The only solid, well paying PHP work I can find in Melbourne is contract work and requires you to be self employed. The biggest problem by far as that there are a lot more PHP developers available than jobs in Melbourne. Employers can afford to take the guy who will work for less pay. The most common rejection by far that I’ve experienced is “we think your overqualified and will be bored in this position”. Yet by definition you are required to know about a lot of technologies in order to survive in the web development arena. Go figure.

    I ended up having to take a .NET job in Melbourne instead (even though I prefer PHP) just so I could meet the salary requirements. Sad to say, but PHP roles in Melbourne are still second class and have appropriately matching salaries. The rare company that pays well already has developers to fill those positions, and those developers know they are on a good thing and wont move because of said market issues.

  • Rich Buggy

    Personally I’d fail the person who produced the “Better” code because it produces different output than the original if $_GET['query'] isn’t set. Surely you want someone who can fix a program without changing the output :)

    I totally agree with David’s comments about paying developers what they’re worth. Despite 12 years of web development experience I recently had a recruitment agent call me about a junior Java web developer position. Who are these people kidding?

  • http://www.sitepoint.com/ Kevin Yank

    Personally I’d fail the person who produced the “Better” code because it produces different output than the original if $_GET[’query’] isn’t set. Surely you want someone who can fix a program without changing the output :)

    Given that the original code simply assumed $_GET['query'] would be set, and would generate a PHP error (notice level) under some server configurations, I don’t mind if the proposed solution fixes that error message without affecting the behavior under the originally-assumed condition.

    The point is debatable, I’ll grant you.

  • David Jenkins

    I’m curious what you base this on.

    Moderately personal experience.

    And it’s not at all about turning someone down based on their salary expectations, but it’s about making the offer (to the potential employee) and being the candidate then turning the company down due to the poor offer.

    Maybe it’s just a case of right place/wrong time, but that’s certainly how it seems (at least at the moment).

  • http://www.sitepoint.com Matthew Magain

    I haven’t personally been involved in hiring for the SitePoint PHP dev role, but I will say this: finding the right person for a job is extremely tough. We’ve been trying to fill this role for quite a while, and Kev and others have interviewed a lot of candidates. This goes directly against other commenters’ observations that there are more skilled PHP developers than jobs available. However it’s worth mentioning that there are more factors than just someone’s knowledge of the language and salary expectations to take into account. At a company like SitePoint, cultural fit plays a huge part.

  • http://www.realityedge.com.au mrsmiley

    This goes directly against other commenters’ observations that there are more skilled PHP developers than jobs available.

    Actually, I never said there were more “skilled” developers than jobs, just more developers. Employers have a choice, so they take the cheap option first. Maybe that gives them a bad impression of PHP developers in general? It seems they want to pay less for what they see as a role unworthy of a decent pay grade in proportion to the skill level. Not sure if this is specific to Melbourne employers though (excluding Sitepoint)

    I have a lot of experience in PHP and web development in general and ask for an appropriate salary. Strange to say that I got the salary I was looking for with absolutely minimal .NET experience, but a ton of PHP experience which I dont use in this role. Even talking to various employers about where to work in Melbourne, every recommendation came back as .NET or Java. In short, in Melbourne, you can struggle to earn a decent living from the few decent PHP jobs out there that everyone is fighting to get, or go where the money is and an abundance of jobs. Seems there are more .NET and Java jobs than developers at the moment. Just check Seek to confirm that. They pay more because they NEED to attract more developers.

  • David Jenkins

    However it’s worth mentioning that there are more factors than just someone’s knowledge of the language and salary expectations to take into account. At a company like SitePoint, cultural fit plays a huge part.

    Again, you miss my point. It’s not about salary expectations, it’s about the offers actually being given. It’s that number which rarely meets my expectations. For me to get an offer, presumable it’s because I fit the culture (etc etc), or else I wouldn’t get the offer, right? It’s at that point, though, that I’m generally let down by what’s on offer.

    And this is where you step in and say that although your company can’t afford to pay me what I want, it makes up for it in other ways – such as flexible work hours, or company trips away.

    I realise this is the way that small business tends to operate, and that’s fine, but there seems to be a big dollar gap between PHP developers with “enterprise” skills, and Java/.NET developers with the same level of experience (and a tiny gap between those same PHP developers and graduates of any language).

  • David Jenkins

    I have a lot of experience in PHP and web development in general and ask for an appropriate salary. Strange to say that I got the salary I was looking for with absolutely minimal .NET experience, but a ton of PHP experience which I dont use in this role.

    Incidentally, I’ve accepted an offer somewhere where they do Java and .NET. I’ll be doing neither. I’ll be doing less hours than I’m doing now, pretty much focusing just on HTML/JavaScript/CSS (frontend webdev, you know what I mean), and getting a good 30% more than I’ve been offered in any PHP role in Melbourne.

    I’ll be doing PHP in my spare time because I certainly enjoy it, but there’s barely a career to be forged, unless you’re super lucky it seems.

  • ctx2002

    Good PHP code should be structured.
    Good PHP code should be consistent.
    Good PHP code should be portable.
    Good PHP code should be secure.

    ok,above are site points standard.

    “Somewhat distressingly, the number of PHP developers looking for work that are able to give a fully satisfactory answer to this sort of question”

    man, your guy’s standard just too high, that probably why you spend 3 months to find a developer.

    i do not know how site point test candidate, but example gave in this article just lame, the example says nothing about “structure, portable, security, consistent”.

    congrat on found an rock star developer. :)

    i like site point.

    regards

  • http://www.sitepoint.com/ Kevin Yank

    Having just come out of a meeting where we decided that SitePoint needs another two highly skilled PHP developers, I can say that I’d be eager to hear from anyone who had the skills.

    I’ll reiterate that we have never actively failed to hire a talented developer over money. We also usually don’t advertise salaries for positions, since we believe in paying people what they’re worth.

    @ctx2000: Absolutely, the example I gave above is too simplistic to test all the factors I mentioned. The actual questions in our test are much more meaty.

  • http://www.realityedge.com.au mrsmiley

    If only the majority of businesses in Melbourne had that attitude *sigh*. Do you have any details on what the job would entail? Having seen the inside of Sitepoint, would be interesting to see where you would fit another 2 developers. Surely you are getting quite full in there by now?

  • http://www.sitepoint.com/ Kevin Yank

    @mrsmiley: You’re absolutely right, which is why we’re also actively looking for larger premises in the inner eastern suburbs of Melbourne. :)

  • http://www.realityedge.com.au mrsmiley

    Anything closer to Cranbourne and I’m all yours :) Currently travelling to St Kilda Rd, so its not that different at the moment.

  • http://www.sitepoint.com/ Kevin Yank

    The two openings that we’re looking at filling would be down ‘n dirty PHP coding jobs. The first is within our client services division, working in a team on exciting projects for high-profile clients, the other is within our sitepoint.com team, working on the day-to-day upkeep and ongoing development of the site, as well as contributing to a range of internal projects.

    Our development environment is built on our custom built, object oriented, PHP5-based framework featuring unit testing, Subversion version control, and other modern amenities.

    I’m sure we’ll have a formal job description up before too long, but in the meantime you can fill out the “Web Developer(s)” survey on our jobs page, and focus on your PHP skills in your answers.

  • http://dtracorp.com dtra

    i did the pre-interview test early last year, and there were questions on the test that were similar to the one posted. From my experience, i think most of the places looking for PHP developers are looking for graduate types, they are smaller businesses and can’t afford to pay higher wages. When i was looking for my first development job after uni, i was basically ready to accept anything after a couple months of looking, i finally found something, pretty low pay, spent a year and a half there, gained a heap of experience, and left for greener pastures. i’ve got a job now with a much higher salary, and also doing work in java (which i had previously no commercial experience).

    one note on looking for developers, i think all developers should want to grow and learn, and also, that employers should want there employees to learn and grow as part of the organisation. if you are looking for that know-it-all employee, you’ll find it tough, especially in regards to the pay packet. you might want to consider taking on someone that is enthusiastic, may lack a bit of experience or absolute technical knowledge, but as long as the enthusiasm is there, they should be very sponge-like.

    my 2c
    dave

  • Christian Wenz

    what if $_GET['query'] is an array? :)

  • http://www.sitepoint.com AlexW

    if you are looking for that know-it-all employee, you’ll find it tough, especially in regards to the pay packet. you might want to consider taking on someone that is enthusiastic, may lack a bit of experience or absolute technical knowledge, but as long as the enthusiasm is there, they should be very sponge-like.

    We probably fully agree with the underlying idea there.

    Speaking as the front-end guy, the problem we have is with our traffic and server demands, we can’t afford to keep writing piecemeal small solutions that work today, but end up causing us headaches down the track — we’ve done plenty of that and most of it was written at a time when our traffic was at much lower levels.

    5 years down the track and a lot of that code is making life difficult for us. We need an ‘architect level’ coder to oversee the whole direction our code base is heading.

    If and when we have that person, we may well be able to plug in a more junior guy to work with that person. But grabbing the junior guy now won’t address our major challenges at the moment.

  • auricle

    Hey,David, what’s your problem? Paying low wages and forcing employees to trade away overtime and other conditions for a measly few cents an hour is the Australian way!

  • danman

    While reading this at first:
    “The reason I like this question is because it tests more than just a candidate’s encyclopedic knowledge of PHP’s functions”

    I was kind of expecting a different answer to your code example since that was some focus on details, such:
    “the strings to be output by echo are separated by commas for a tiny performance boost”
    That is such a tiny boost that I would probably intentionally leave it out in an interview, just to show that I focus on more important matters.

    I thought you were “fishing” after an answer that was pointing out
    that php and html are intermingled in a bad way in that example and that indicates that presentational logic is not separated from application logic.
    I thought that was the “main” problem.
    Otherwise good points..

  • danrooke

    I think that PHP developers have such a wide range of skills because the language has such a low barrier of entry. You can do simple things very easily with PHP but you can also develop enterprise grade applications performing some complex tasks all with one language. I don’t think it’s unfair to say that the vast majority of developers will be at the lower end of the scale with the numbers reducing the higher up the scale you go.

    I am based in the UK and have personally found that most employers don’t appreciate the different levels of being a “PHP developer”. It seems that all developers with PHP experience are put in the same boat regardless of their actual skill level.

  • Jason Lotito

    I review past projects. Tests, certifications, and questions can’t match up to actual production. Passing a test or getting a certification means you learned to pass a test or obtain a certification. Nothing more. In the real world, I don’t pay programmers to pass a test or get a certification. I pay them to solve real problems and release code that will actually get used.

    And in my experience it’s paid off.

  • http://shiflett.org/ shiflett

    $_GET['query'] could be something like:

    +ADw-script+AD4-alert(‘XSS’)+ADsAPA-/script+AD4-

    http://shiflett.org/blog/2005/dec/google-xss-example

  • papaFurax

    PHP is a lame language. I think that a good programmer will never want to work with such language, or maybe only if you pay him consequently.

    Perhaps try to recruit a python dev to work on your PHP code. Or better, move to Python, the candidates you will have will be very different ;)

    I don’t know in Melbourne, but here (Paris) PHP is considered as a poor language, the only valuable I see reason to work with PHP, is for legacy code.

  • Jens

    Christian Wenz Says:
    May 25th, 2007 at 7:34 pm

    what if $_GET['query'] is an array? :)

    if(is_array($_GET['query']) {
    //do something
    }
    else {
    //reject
    }

  • Austin

    If magic quotes is turned on, you’ll also have to stripslashes. I also think trimming is always appropriate. This seems like the best answer:

    <p>Search results for query: <?=htmlspecialchars(stripslashes(trim($_GET['query'])), ENT_QUOTES)?>.</p>

    I don’t see the point in echoing html, since you can end and start php at any point.

  • Christian Wenz

    Jens, you probably want it the other way around! :)

  • http://espenliland.no Loomy

    Before attempting to output the value of $_GET['query'], isset is used to verify that it actually has a value.

    Now that’s just not true, is it? I think it’s empty() you’re looking for here since url.com/?query= would in fact make it set. This also breaks your 3rd rule of good PHP code, portability. If you were to use this code in a mod_rewrite environment, you would define the query variable in one of the RewriteRules and as a result make it constantly set whether it has a value or not. (And yes, I know, you could avoid this with a really complicated set of mod_rewrite rules and conditions, but that would affect the performance much more than a million echo-with-commas-instead-of-periods could make up for.)

  • Dave Dash

    Strings are delimited by single quotes instead of double quotes to avoid the performance hit of PHP searching for variables to interpolate within the strings.

    This is only a real issue if there is a variable in the double-quoted string. It may take a little longer to compile down, but not significantly… and not worth making an issue of it.

    I wanted to set the record straight for myself, so I ran
    this test. They seemed insignificant, and a few people in touch with the PHP internals schooled me a bit on strings and PHP.

  • Joshua May

    Wow, this all seems kind of ironic.

    I was interviewed at SitePoint just a couple of months ago (and the follow-up to that was.. entirely my fault. Consider this an apology?). In any case, the offer that was given to me was roughly 20% below what I had indicated I was looking for. They knew this, but being new to the Melbourne market, I figured it might have been acceptable for the local market.

    In any case, according to the blog entry, I’m pretty sure I answered most of the things on the test pretty well – probably not entirely correctly, but I’m pretty sure I indicated a fair degree of knowledge. Enough to get an offer, anyway. So, why was I offered such a low package, if I was good enough to get an offer at all (because it sounds like you have pretty high standards)?

    From reading the rest of the comments, it sounds pretty common in Melbourne (which is comforting), but it’s still frustrating.

    Oh well, who knows?

  • http://www.jhauser.com datune

    Anybody who thinks that PHP (in this day and time) is a poor language and can’t be used in an “enterprise” environment, has done nothing else but to point out that he doesn’t know anything about it.

    And I don’t know about how things are done in Australia, but over here in Europe when negotiating, being offered a “package” does not mean, take it or leave it. Obviously EVERY business in the world (and the smaller the companies the more noticable) is going to try and get the most for their money. Don’t blame the companies for paying less, blame the —> developers

  • jgoddard

    I agree that code has to be portable… but the example you mentioned about magic quotes, and register_globals I disagree with. Separating the good from the bad would also mean getting rid of anyone who considers using magic quotes or register globals. Further, any system admin who has them still turned on needs some education.

    I understand you may have to have it on for older sites, or if you do a large amount of virtual shared hosting… but sending a notice to all your users that they have 1 or 2 months to convert any code to not use magic quotes or register globals, I think is not unreasonable at all.

  • ctx2002

    “And I don’t know about how things are done in Australia, but over here in Europe when negotiating, being offered a “package” does not mean, take it or leave it. Obviously EVERY business in the world (and the smaller the companies the more noticable) is going to try and get the most for their money. Don’t blame the companies for paying less, blame the —> developers”

    datune, i do not get your logic here, do you think developers have no rights to ask higher payment?

  • http://www.sitepoint.com/ Kevin Yank

    datune, i do not get your logic here, do you think developers have no rights to ask higher payment?

    I may be mistaken, but from what I read, Datune is saying that if a developer walks away from a job because the company’s initial offer doesn’t meet his or her expectations, the developer is to blame because he or she did not ask for higher payment.

    Speaking on my own behalf, and not SitePoint’s (I don’t deal with salary offers in my work), I would certainly expect any company to want to get as much for its money as it can, just as I would expect any developer to want to get as much as possible for his or her work (be that measured in dollars, or in less tangible benefits). In any case, it should definitely be a process of negotiation—a two-way discussion.

  • http://www.sitepoint.com Mark Harbottle

    I was interviewed at SitePoint just a couple of months ago (and the follow-up to that was.. entirely my fault. Consider this an apology?). In any case, the offer that was given to me was roughly 20% below what I had indicated I was looking for. They knew this, but being new to the Melbourne market, I figured it might have been acceptable for the local market.

    Ah Joshua May, I’m glad that you’re safe and well.

    The offer put to you was a starting package consistent with your experience and test results. It’s what we felt you were worth to SitePoint. However, I think it’s worth pointing out that you actually accepted our offer when we spoke to you last. As far as we were concerned, it was a done deal. We prepared the paper work and sent it out to you – then we never heard from you again.

    We even held the job for a week or two waiting for you to return our calls. It got to a point where we were more concerned for your wellbeing than anything else. We thought you were either in hospital or dead.

    A phone call is all it takes Joshua. Who knows what agreement we might have been able to reach. I accept your apology, but my advice to you is you shouldn’t burn bridges like that. The IT space is a very very small world, especially in Melbourne.

  • amaron

    I would go for ASP instead of PHP

  • Sachin

    Yes, PHP Jobs are not well paid even here in india. As kevin said earlier, they do pay well for qualified guys and gals.I would not agree with that, it is just a formal saying to convince people around here.

    I am PHP developer, but since lack of pay scale for my strong pro skills, i decided to step out of PHP.

    Currently i am working as JAVA/J2EE developer and code PHP while i am free to the opensource community.

    Learning PHP is free, but earning via PHP is not that easy unless you are self employed.

  • viveknarula

    Okkkkk,
    I have read all this and i am totally agree that PHP jobs are not well paid, i am a PHP dev from INDIA, that’s why i am thinking to come out of PHP to have good salary packages.

    But the thing is how can we eliminate this situation in the PHP case. What should we do to change this scenario.

    did anyone think about this ?

  • wheeler

    well damn that wasn’t the assessment of Melbourne’s php job market I was hoping for, being a born and bred Victorian country lad, hoping to move south again in a few years… I haven’t pursued employment on the Gold Coast or in Brisbane, but I doubt that the situation is any better.

    Seems to me being a sole trader is the best place to be at the moment, short of a fun, well paid job (that is, if you don’t want to go it alone!) I do wonder what the figures look like on some of the salaries mentioned.

    I do wonder why some people try and rip apart the code example on this page when its obviously intended for simplicity, not nitty gritty.

  • sachin

    viveknarula, you are correct. It is the employers who have to change the situation. When a talented developer comes around, he is paid low.

    A friend of mine is working in BPO and is earning more than a developer. so it is clear that developers are less valued and low paid. The software and webdevelopment companies are greedy to earn more money, but pay less to their workers.

  • http://www.realityedge.com.au mrsmiley

    @sachin, are you sure the onus is on the employers? If we had more companies around like Zend pushing the importance of enterprise PHP and its benefits AND the development community as a whole got behind this effort to promote its usefulness, then we stand a chance.

    The problem is that the problems that PHP addresses is different to what your J2EE/.NET environments address. A lot of the time you still require one of those technologies, or something similar to accomplish the more complex tasks in the enterprise. Take middleware and legacy system integration for example. J2EE and .NET, albeit under different names like WebSphere, etc) have complete platforms for addressing these issues. PHP has no such platform, it relies on other parties to supply the rest of the ecosystem.

    When compared to those two choices at a global corporate level (dont forget they think a lot differently than we do), PHP is “just a scripting language” like Perl, Python, Ruby etc. We cant wait for companies to suddenly change their mind about that perception. We need to help them and that unfortunately takes time. It’s no wonder Java and .NET developers are paid more, its because the companies backing their image are extraordinarily good at marketing and converting hype into $$$.

  • sachin

    mrsmiley, your post sounds good. It does not mean that PHP is mearly a script language. We must see the amount of work involved and there are plenty of PHP projects available.

    Only corporate companies prefer JAVA or .NET and they too are now looking for alternative like PHP.

    We must see the work involved , not the company backing the image of the sole products used to develop.

    If i develop a website in ASP and develop a similar website in PHP, does the ASP developer cost more than PHP?

    I am trying to say that pay the developer based on his talent, charge accordingly with your clients. Developers are not that cheap for working for a small sum.

  • http://www.realityedge.com.au mrsmiley

    I agree with what you are getting at Sachin. Just wish their wasn’t such a difference in perception of PHP between the corporations and developers. I think companies like Zend are trying to fix it the smart way. They dont have the marketing budgets of IBM and Sun, but they are making inroads into those two companies so they will market the language in the enterprise on behalf of us. Even the relationship they are developing with Microsoft should be good over the long term because of the compatibility effort going on. PHP is starting to gain leverage at the corporate level, but to slow for the like of us typically impatient developers.

    If only we could fast forward a few years to see what the outcome is going to be :)

  • viveknarula

    Well said mrsmiley , It will take time, may be a few more years BUT at that time where we will stand. We have to think about NOW as we are living in current situation where we are not getting what we deserve or PHP devloper for that matter.
    How many MNC are working in PHP just Yahoo !! and some other companies but those companies does not support PHP what they should do.

    Recently IBM has started to support but will they integrate PHP with their own applications ??

    This is a big question ??

  • sachin

    This post seems to be very worth full discussions. I accept what you both said. The fact is that PHP has to creap into the market, else it would be hard for developers to survive.

    PHP is used only in small and medium business level and corporate companies should think of using it in their website or making their application instead of using JAVA or .NET which can be used in developing software and other Misc application.

    I am not sure IBM just made a move showing that it supports PHP, but their main product is JAVA oriented. Zend Alone is the only enterprise supporting PHP a huge and i would see RUBY too gaining the market soon.

  • cybergrace

    Well, speaking as a PHP newbie, I really appreciate all the great feedback about PHP coding for forms on this discussion. I’m taking a PHP class and love it, but could never pass it without the much more easy-to-understand instruction on this site. Thanks all.

  • pmkcomp

    Firstly, Love your work Kevin. Been following your stuff ever since Hotdog days. You’re the one who taught me mouse over images and PHP. Do you have a single sister?

    OK. Now what I have to say might cause a bit of flak, but here goes…

    I have a small web development busines. Last year I needed help with my work load and I advertised in Adelaide and in the Adelaide Tafe looking for someone with PHP skills. I received ONE reply by a guy who took the brief and after 2 weeks didn’t do anything which put me further behind. I advertised on Sitepoint and had a flurry of emails mostly from OS.

    I sent each one a brief of a little job I had just completed. The brief was VERY detailed and it took me 12 hours to complete including testing and learning how to perform a certain task.

    The responses to my brief mostly ranged from 25 hours to 2 months! With only 3 coming under 20 hours (my cut off point). These 3 I considered to be the most honest. One was from Melbourne and wanted double what I charge my clients. The 2nd was in Canada and he wanted just as much and the third was from India who was dirt cheap. (The guy from India didn’t get the job because I didn’t like other aspects about him.)

    After I thought all was lost a Russia Uni lecturer contacted me and we negotiated a price and we’ve been working well ever since. I look after him by paying all the costs associated in transfering payments to him plus assisting him with his dialup access fees and by helping him acquire things he can’t in Russia. I’ve even given him a pay rise when he’s asked for it.

    I’m now advertising again (because I also need someone in-house) and this time I’ve interviewed a few people claiming knowledge of PHP but they fail a simple test of basic PHP elements or they want a permanent position with all the perks.

    I’m a very small business. I can’t afford the administration time it would take to employ someone other than on a sub-contract basis. If I was to pay a coder say $60g then then I have to bring in at least $80-$90G more worth of work to cover the cost of that one employee. Sub-contacting means that I can afford to employ a coder to do the work that is available allowing me to gradually bring in more work and to develop my own skill set.

    So to me, and many other small businesses, a PHP/web developer is not worth the overly inflated self opinion they have of their worth. PHP programming is not rocket science. And it’s not like you’re coding system software for the shuttle. It’s basic, simple programming in a relatively easy environment. All you need is simple, solid and secure code. Who cares if you can write a database interface that makes coffee and dances a jig as well. That’s not what the job is about.

    At this point I would like to exit this thread and don the nearest asbestos suit.

  • soetes

    As an employer, my two cents worth is that PHP is not being used to the extent of its capabilities and the job market reflects that. The senior IT management people making decisions haven’t written a line of code in years. It will take a while for attitudes to change, but my advice is to stick with it. PHP will win out in the end, no question.

  • soetes

    pmkcomp, I hope I haven’t misunderstood what you were saying, but when you need help with your workload, it’s better to get someone to take 80% of what you do off you, rather than trying to find someone to take 100%. When you go for 100%, you’re looking for someone to replace you, whereas it’s more effective (easier, cheaper, etc) to look for someone to assist you. Hope I’ve read your post right and that this makes sense.

  • Tony

    This is so true… PHP skills are completely undervalued! I recently took a job in Java and I’m watching these other java guys really struggle with things that would be a breeze in php. I know that personally, I can get a project done about 5 times faster with php, and I’ve been doing java for years longer than I have PHP. Once companies start realizing the cost savings with languages like php I’m sure they will start switching over. And for those who don’t think it scales or is “enterprise level”, 40% of the webs top 100 websites are coded in php!

    Tony – Portland, Oregon
    VocalNation.net

  • Corporate Manager

    I’ve seen in corporate environments the difference between .Net and PHP applications. The reason why .Net is hot in our company is because .Net developers produce faster code than PHP developers. I’m not sure if it’s the language (I’m a manager and do not understand the differences, only that .Net developers are more expensive) but a .Net development team can produce highly efficient tools in about 1 month whereas our linux developers take much longer.

  • Breton

    I’m dissappointed to learn about the PHP job market in Melbourne, and the world, but not surprised. This thread has given me new motivation to learn Java. I would like to address the question of the value of PHP, and this comes down to languages in general. I’m no expert, I’ve not a lot of experience with scaling enterprise applications, so my opinion on this subject may not mean much to many of you.

    On the whole, most languages are *capable* of doing all the same things. If it’s turing complete, you can channel data through all the same logic gates, and get the same output from the same input in any language. At least, so long as those input and output channels are made available to the environment. so “capability” (the word a lot of people are using here) is a very poor measure for a programming language. At least, the language itself. The environment is a different matter (are the input/output channels available).

    The factors I look at are:
    *Readability
    *Expressiveness
    *Logical consistancy

    Readability is important in a language- As it determines directly how maintainable the code is into the future for other developers. Exactly what it means to be readable is of course debatable.

    Expressiveness has to do largely with the brevity of the language. How much typing must one do in order to express to the compiler some operation, procedure or object?

    Logical consistancy- If the construction of the language commits formal logical fallacies, or is inconsistant in its syntactical schema, then this in my belief directly affects scalability moreso than the optimization of the machine code it produces.

    -Now that I’ve got that aside out of the way, my humble opinion on programmer skill. Strong foundation in logical reasoning, computational, and data theory, math, and others, seem far more important to me than which syntax some programmer happens to prefer. As long as the programmer can rapidly produce stable code which is rock solid, who cares if it’s php or .NET? Well, employers apparently. My point is basically that employers should be probably be looking more at a person’s programming skills, as opposed to their php programming skills, or their .NET programming skills. That’s just my 2 cents, anyway.

  • GasGiant

    I backed into programming PHP professionally. I was a Java with XML developer in 2000/2001, but lost my job at Rational and later at Duke in the dotcom bust. I worked on contract for myself for awhile, then wound up running some web sites while going back to school. In 2003 I took a job in manufacturing management, which included systems analyst work and database care for an aging MRP system.

    With my programming background, I started writing web-based access to our data and now I’m doing PHP, ODBC, MySQL, and Javascript work most of the time. I’m earning about 70% of my 2001 salary currently. Even though the prospects for PHP as a career are lousy, I enjoy having control of these little projects from end-to-end, so I’ll stick with it. However, my actual, bottomline value to the company is much higher and much easier to measure creating PHP solutions than anything I ever did with Java.

    So, either I’m getting rooked now, or else I was terribly overpaid six years ago.

  • Miriam

    In Israel, PHP programmers are hot property and in high demand. I actually don’t understand why companies would still want to program in other languages. By programming in PHP, companies can save a lot of money. First of all, most of the open source software out there is developed in PHP, which means you have the basis for so many applications, and you can easily add to them or modify them. Also, I believe that PHP servers are lower in cost. We develop web sites, and everything we do is in PHP because of the advantages of open source.

    Of course, PHP was developed by Israelis so maybe that’s why it’s caught on here.

    Miriam Schwab
    http://www.illuminea.com
    wordpressgarage.com

  • ivanfx

    Hello all! I’d just like to leave a comment on how things are here in Croatia. Before .NET PHP was THE web language and 90% of ALL sites were based on it. I’m talking about portals with 400.000 visits a day (don’t laugh, it’s a lot of visitors here) . Now with .NET it’s totally different, Microsoft is backing up all the major webdev conventions hyping the 2 sites that actually use ASP.NET. I know the guys behind these sites. They have no idea what programming is, they just like the drag’n’drop style of *coding*. Freelancers like myself are now in a position of having to either start their own companies or cross over to .NET because employers went with the flow. And because Microsoft has a HUGE influence on our small market (99.9% of computers use Windows, sound formiliar?).

  • http://www.photoviaggi.it hidran

    Hi all,
    I live and work in Italy and I have realized the following:
    Big interprises and banks, the ones who make more money
    and pay higher salaries, have most of their platforms
    based on mainly in java,c++ and lately in .net and
    only some departments do some things in php.

    Small companies who don’t have a big budget have
    their platform based on LAMP, so maybe there are more
    vacancies as a php programmer but salaries are much more
    lower.They think of a php programmer as a web developer and
    that’s all, so, sometimes the guy next door who works in
    a pub makes more money than a php programmer.
    I have met people who work in public administrations or
    big interprises who use only access and Visual basic for
    small things and they make more than 50% more than me.
    It is not a question of what programming language is better.
    When I code in jsp with tomcat and see that for only one
    error I get 1000 of lines of java errors it discourages me
    and also the fact I have to recompile the whole thing back again
    when in php you just need an echo to see what’s happening.

    I love php but I realize in order to get a decent payed job
    you have to program also in java or .net

  • http://www.futureproof.be Peter Minne

    Recently I had an interview with a bunch of php developers as I’m looking to hire one, and I must say that there were only a very few that were actually skilled enough in terms of OOP, frameworks, MVC models, structured programming, or, in other words, solid programming. I always have to make a difference between the ‘scripters’ and ‘programmers’, and I can imagine that issue is almost non-existing in the Java world since that language almost forces you to program in a solid way. At least that is what I remember from my Java background. Or maybe it was because I got Java teached in school?

    And that’s another thought: over here, many schools are teaching Java, C++, ASP(.NET) for many years now, while only very recently some of them started with (optional) PHP classes. So all the time you could actually graduate as a Java, C or .NET programmer, and such diploma always has a positive influence on your salary, not? It proves you know how to program in a decent and professional way. So I don’t know how things are in other countries, but maybe this could have something to do with the rather low salaries. Java is something you learn in school, php is something you do as a hobby, and to companies, php might have an ‘amateur’ image because of that. Schools should adopt PHP more, and teach the students how to work with it properly.
    I guess it’s all just a matter of time.

  • http://www.worldwithoutwalls.co.uk/ paulmasri

    I have 2 points. The first is following on from Peter Minne about the distinction between ‘scripters’ and ‘programmers’. The second is about where value really lies in a PHP coder.

    I am both an employer and a PHP coder. I have been through 2 recruiting cycles in the last 4 years. The first time I hired, I ended up with a scripter. He had great skills in CSS and layout but was overwhelmed by the PHP.

    Second time round I conducted an assessment-centre style interview day which was a real success (and a lot shorter that 3 months). The candidates were pre-qualified with a short questionnaire of mostly Yes/No questions to see where they thought their level of understanding was at. On interview day, candidates were given 2 tests: one to test their object-oriented programming skills and the other to test their troubleshooting skills. This gave me a good gauge of ability and I ended up hiring 2 good people.

    But the whole process of hiring and then training brings me to my second point: it’s not just about being ‘a good coder’ because even technically talented coders can be sloppy or inconsistent or can fail to think things through.

    I don’t think that squeezing the last bit of efficiency out of the code as in Kevin’s example above actually matters that much. I’m interested in a person’s ability to document what they’re implementing so that I or others can see the intended program flow, to produce elegant and readable code and to create & follow through on tests, so that what we deliver to a client works first time.

    This last part, which is all about rigour and consistency, is actually where the value lies, in my opinion. Because it’s about reliability – the more I can rely on someone the more valuable they are to me and my company.

  • Dan

    thats why many are using OOP now as its easier to read and see where the scripter is coming from in what he/she wants his/her code to do.

    Ive been learning php on and off for 2 years and after looking at job oppertunities it does seem that it doesnt matter if you are a skilled php coder or a rookie to the employer, also it is a go with the flow subject to learn in that anyone who puts their mind to it can be exceptionally good at it, but for what you do know i dont think employers give enough for a php coders services

  • ivanfx

    OK, Peter has a point there with ‘scripters’. A lot of PHP ‘programmers’ are just guys throwing little bits of code here and there, but this is mostly because they don’t need OOP for simple sites. I know this because I started like that. I had no PHP classes in school. On my faculty (I’m a student – slash – working guy) we have only ONE web oriented course which in 4 months covers the basics of HTML, CSS, JS, PHP, ASP.NET, XML … It’s impossible to learn something without learning it yourself. Here (in Croatia) C/C++ is THE number 1 language (because they teach it to first-graders) and there is a little Java around. Microsoft is pushing ASP and VB (.NET) very hard so as I see it, PHP will loose a lot users over the next few years. One other thing that I’ve noticed about the Balkan region is that no matter how skilled developer you are, if you have a diploma, any kind of diploma (lawyer, theology) you are dramatically better payed then without a diploma. That’s why I’m in school. Again :-)

  • Edman

    I really do think PHP developers are getting paid what they are worth. Lets face it, PHP is really, really easy. A person with a degree in zoology can become an “expert PHP programmer” in about a year.

    – PHP is really easy, and job positions can be filled in by high schoolers, students and graduates without a previous job.

    – the overwhelming majority of PHP jobs are really easy, and involve repetitive creation of websites that for most part differ from each other very little. If you’ve made 5 websites, you can probably make 90% of the 6th by simply copy-pasting code from previous projects.

    – Most PHP jobs can be accomplished by an entry level skillset. For most part, nobody except the programmer himself and other programmers in the company cares about stuff like unit testing and version control. With such a simple language, a programmer with 5 years of experience rarely generates more value than a programmer with 1 or 2 years of experience.

    – Most if not all PHP jobs involve building websites, and building websites is the cool thing on the block. Employers expect website builders to consider themselves lucky they are able to work on websites for a living, and expect to pay less. It’s the same thing in the game creation industry.

    – The really bright PHP developers have either started building websites for themselves and are now taking in $10k+/mo doing no work at all, or have found a really good position as a CTO of some small web firm and have a $10k+/mo salary because he and the owner haver really good ties. Both of these positions drain the job market of the brightest of the brightest, casting a dark light on the market itself.

    Put all of this together and you can see why obviously the overwhelming majority of PHP jobs get really crappy salaries.

  • ivanfx

    A person with a degree in zoology can become an “expert PHP programmer” in about a year.

    – PHP is really easy, and job positions can be filled in by high schoolers, students and graduates without a previous job.

    What about ASP.NET? Where is the CODING part? All you do is drag’n’drop.

    - the overwhelming majority of PHP jobs are really easy, and involve repetitive creation of websites that for most part differ from each other very little. If you’ve made 5 websites, you can probably make 90% of the 6th by simply copy-pasting code from previous projects.

    It’s the same in any language. Why would you do something the other way and waste days if you have a template (let’s call it a template) and just copy-paste the code in the new project. Building the same website over and over again is boring but pays the rent.

    - Most PHP jobs can be accomplished by an entry level skillset.

    Yes, why would I have to spend days to figure out how to echo (as it took me in ASP)?

    For most part, nobody except the programmer himself and other programmers in the company cares about stuff like unit testing and version control.

    Every serious developer tests his/her code. Every.

    - Most if not all PHP jobs involve building websites, and building websites is the cool thing on the block.

    Building websites is cool. At least for me. A friend of mine writes software for a bank in Java. That is cool for him.

    OK, I’m really hard on ASP.NET, sorry! I’m not a Micro$oft hater :-)

  • ivanfx

    A person with a degree in zoology can become an “expert PHP programmer” in about a year.

    – PHP is really easy, and job positions can be filled in by high schoolers, students and graduates without a previous job.

    What about ASP.NET? Where is the CODING part? All you do is drag’n’drop.

    - the overwhelming majority of PHP jobs are really easy, and involve repetitive creation of websites that for most part differ from each other very little. If you’ve made 5 websites, you can probably make 90% of the 6th by simply copy-pasting code from previous projects.

    It’s the same in any language. Why would you do something the other way and waste days if you have a template (let’s call it a template) and just copy-paste the code in the new project. Building the same website over and over again is boring but pays the rent.

    - Most PHP jobs can be accomplished by an entry level skillset.

    Yes, why would I have to spend days to figure out how to echo (as it took me in ASP)?

    For most part, nobody except the programmer himself and other programmers in the company cares about stuff like unit testing and version control.

    Every serious developer tests his/her code. Every.

    - Most if not all PHP jobs involve building websites, and building websites is the cool thing on the block.

    Building websites is cool. At least for me. A friend of my writes software for a bank in Java. That is cool for him.

    OK, I’m really hard on ASP.NET, sorry! I’m not a Micro$oft hater :-)

  • http://www.futureproof.be Peter Minne

    When I was working on my dissertation about 6 years ago, I had to investigate all available web technologies at that time to find out which one was best for the application I had to build. I won’t go into detail here, but the results pointed at Java (JSP). So I started programming in… PHP. It was only the second best option, but JSP had a longer learning curve (while I was very limited in time) and I couldn’t find a free JSP hosting (and as a student my budget was just enough to keep me alive ;-) ).

    You could say that PHP is suffering from its own simplicity and popularity. The fact that you can install an Apache-PHP-MySql environment on your Windows PC and program your first ‘application’ in about 1 hour without having to compile anything is why there are so many ‘php developers’. For the same reason so many people have IKEA furniture in their living room. It’s cheap and easy, it looks ok and you can just steal some decoration ideas out of the catalogue.

    The thing is that because the basics of PHP are so easy, there is not much stimulation to learn the good programming techniques. Why would you learn the tough part if you can do without? You do need that tough part once you have to build scalable/high traffic/business critical applications. And I could be wrong in this, but I think so far those applications are just a minority in the php business. Which could be one possible explanation of why few companies pay their PHP developers well, while the majority doesn’t?

  • Mr. Sensible

    PHP is a high-productivity tool.

    Those who use it will make systems more quickly.

    The reality of business software development is that it really involves only a very small number of operations:

    – using integers

    – processing numeric representations of money

    – storing and retrieving the two things listed above

    – maintaining the integrity of that stored data – don’t, for example,
    take money from one place without seeing to it that it arrives
    in some other place without any errors

    You don’t need C++ to do that. You don’t need Java to do that. PHP will do those things for you quite efficiently.

    And the people who tell you that you need to use something other than PHP are counting on you not really understanding that so that they can be paid a handsome wage.

    (And in many, many cases, it turns out that you really don’t understand it and that they do end up getting paid very well.)

    My question is this: instead of seeing PHP programmers as under-skilled dolts who aren’t worthy of being paid well, why not see them as super productive workers who are using the proper tool for the job and then reward them for not wasting company resources?

    (Note: arguments against this point of view will come from those who have a vested interest in perpetuating the myth that good software only comes from those who understand the -dark-magic- and who get paid a lot of money to practice it.)

  • http://www.craftspirit.com frrogoy

    I have been building PHP applications for several years now. I also use ColdFusion and .NET2.0. I prefer PHP because my productivity level is much greater. I can produce the same site with any of the three, but the costs are different. I don’t know if there is really good ColdFusion code as the language seems to have been written by a bunch of children who weren’t talking to one other. The .NET architecture is gigantic (bigger than Oracle) by design (so MS can sell more stuff!). So maybe they have 70,000 methods, but how do you learn 70,000 of anything? When using C# or VB.Net I spend most of my time looking things up!
    Unfortunately, the people who decide what architecture we’re to use on the projects are influenced by marketing (and maybe kickbacks?). I think part of PHP’s image problem is due to its lacking in this area. As it is open source, GPL, this can’t be fixed. We, the programmers, have to talk it up and explain to management its benefits, and the consequences of other choices. I do. Not that it makes any difference! But the drop in the ocean makes ripples…

  • Edman

    Every serious developer tests his/her code. Every.

    You didn’t see my point, so I’m gonna try again.

    Nobody except you and maybe other programmers in your company cares if you consider yourself “serious”, or if you do “unit testing” or some other mumbo jumbo. The management cares about the value you generate and the clients care about having a website that works.

    The beauty and very strength of PHP is that you can do a lot while you know very little. I own lots of websites that generate me $10k/mo profit with no management. Looking through the code of these sites, it has a lot of code, uses some OOP in a very scriptish way, no unit testing, no version control, lacks refactoring, etc.

    But I don’t care. Because it works, and it does what my users want it to do. If I had this same program all in OOP, unit tested, with version control, with all that other stuff, it would still do exactly the same stuff and generate exactly the same profits. So what’s the point of hiring a “serious” developer, when you can get a normal one for half the price and generate same results?

    I’m sorry, but the reality really is that for the overwhelming majority of PHP jobs, a “serious expert PHP developer” doesn’t really generate more value than a normal one, and thus the salary is usually not much higher. The only way to get a higher salary is by doing more than just PHP and thus generating more value – SEO, designing, front end work, leading a team.

  • jim_wyse

    2 things:
    1)I think that most people hiring either freelance or full time have the impression that anybody can do web design/development, and if you want too much $$$ they just take the one who will do the job for less regardless of their credentials.
    2) I agree with some of the other posts that are saying that places tend to drop php developers into 1 bucket. I work for a major university in Boston, MA. When I started my first question to the other (self proclaimed expert)developers was “What framework do you prefer?”. Which was greeted with the deer in the headlights stare. Only after 9 months is the management realizing the difference between a developer that says it’s going to take me 3 days to code the table to display that data, and one that can do it in 20 min.

    Perception is everything! We need to change the perception of how employers see our skills and value. Only then, will salaries go up!

    James

  • ivanfx

    Personally, I never liked being forced to do something I don’t like doing. It started a while back when I was a kid and my parents made me eat all my Sunday lunch even if it meant I would have to spend the entire evening sitting at the table. This is why I love PHP. I CHOSE IT. Not MicroSoft, not my parents, I did. That’s why I’m so much involved in the Open Source community in Croatia. I’m just trying to help beginners and hopefully keep them on the PHP platform. Am I making myself competition in the future? Yes. Am I scared? No! How can we make PHP a more respectable language? Maybe that is what this discussion should be about? If it’s a money question, fear not. MicroSoft has money. But is a 100.000 PHP developers should donate 10$, we’d have a nice background for further promoting. I know it’s kinda Utopic to propose that, but if 10$ means a better pay in 2-3 years, it’s a nice investment! :)

  • ivanfx

    Personally, I never liked being forced to do something I don’t like doing. It started a while back when I was a kid and my parents made me eat all my Sunday lunch even if it meant I would have to spend the entire evening sitting at the table. This is why I love PHP. I CHOSE IT. Not MicroSoft, not my parents, I did. That’s why I’m so much involved in the Open Source community in Croatia. I’m just trying to help beginners and hopefully keep them on the PHP platform. Am I making myself competition in the future? Yes. Am I scared? No! How can we make PHP a more respectable language? Maybe that is what this discussion should be about? If it’s a money question, fear not. MicroSoft has money. But is a 100.000 PHP developers should donate 10$, we’d have a nice background for further promoting. I know it’s kinda Utopic to propose that, but if 10$ means a better pay in 2-3 years, it’s a nice investment! :)

    PS Sorry for the double comment, I pressed the Submit button twice :-(

  • jim_wyse

    On the comment of serious programmers.

    In reality, in my freelance world, it is up to me to decide what best suits the clients needs. The vast majority of work does not require version control, unit testing, etc. So to try and sell that to a client that sells antique reproduction fabrics, is a waste of breath.
    They don’t care what’s behind it as long as it works efficiently and is scalable.

    I guess I’m starting to get into the business of programing. If you can’t sell it, what’s the point.

    James

  • http://greatwhite.no-ip.com OneSeventeen

    I was fortunate enough in my past job to be asked to work on projects, not to use tools for the sake of using tools. (Meaning I was an “Analyst Programmer”, not a “PHP Developer”) It makes all the difference. I was on a faster Career Ladder than most of the other analyst programmers there, primarily because I looked at projects as an opportunity to accomplish something, not an opportunity to code PHP.

    The job started out paying less than the secretary at the front desk, but I quickly exceeded their expectations and they promoted me before I could ask for a raise.

    My philosophy is take a job that pays the bills, blow them out of the water, and know when to ask for a raise.

    That, and integrity goes a long way. I never lied about browsing the web or playing with the air-zooka, and I was also open and honest about their management techniques, letting them know that I could be more productive, but it was up to them. If they told me to work a certain way, I would work it, but that I would be more productive working my way (which was much more fun!).

    It may be hard to find a PHP Development job that pays well, but I’ve found it isn’t too hard to make one. (It just takes time.)

  • http://www.futureproof.be Peter Minne

    It started a while back when I was a kid and my parents made me eat all my Sunday lunch even if it meant I would have to spend the entire evening sitting at the table.

    I’m very thankful to my parents that hey forced me to take music classes when I was a kid. I’m also very thankful to my teachers that they taught me Java even though I didn’t like it initially. ;-)

  • ivanfx

    So, how do we raise the value of a PHP coder? Is there a way of us grouping together and changing peoples mind’s about PHP?

  • Nate Klaiber

    @jim_wyse

    In reality, in my freelance world, it is up to me to decide what best suits the clients needs. The vast majority of work does not require version control, unit testing, etc. So to try and sell that to a client that sells antique reproduction fabrics, is a waste of breath.

    They don’t care what’s behind it as long as it works efficiently and is scalable.

    The things you mention in that list don’t seem to be related to things you should charge a client for. Using version control (SVN, CVS) is a decision that should be up to YOU. It’s like a client saying they don’t want you to use FTP. It is a tool to get your job done, not an added cost to the client. Same is true for unit testing. No client will want to pay for that, most wont even know what it is – it is a developers tool that allows you to build solid applications. My question is – why are you trying to sell these things to a client? These should be figured into the cost as they are tools that help you produce a solid product.

    PHP, as a language, has a low barrier of entry. It is a loosely typed scripting language. Heck, you don’t even have to be a PHP programmer to download OS code and plug it into your website (though I don’t recommend this practice). This isn’t seen (to the same large extent) with other languages. There is simply so much bad PHP out there, that it loses its respect. Professional PHP programmers know how to keep their code tidy. They understand the tools available to them inside the language. They understand design patterns and when/how to use them with projects. They understand the intricacies of the language (especially related to OO programming).

    PHP is easy – but the crappy code examples out there now are not *good* PHP – but they are still PHP nonetheless. I could spend a few hours with php.net and learn how to create a contact form or other form, but that doesn’t mean I am now a PHP programmer or I know how to do it properly/securely.

    I know this is the same with other languages, it just seems to be exponentially larger with PHP as its free and on most hosting packages (so it becomes the first option for people).

  • philmee95

    There are many books out there to take your skills to the next level. I liked the PHP anthology and PHP patterns for the enterprise.

    Well, things may get better for php developers with IBM trying to push it in the iSeries. You know when IBM (the original M$) gets involved, the price goes through the roof. Anyways, when I was job hunting a few months back, there were more higher pauing jobs for PHP developers. Now, I am in California (US) but it might show some trends. Unfortunetly most companies that had a base in PHP could not find a good developer. I don’t know how many times the companies would say you are one of the few of the hundreds we talked to that actually is up to par.

    I am going to have to agree that it may be hard to take your coding to the next level with all the crap code that is out there. The code still gets the job done but leaves way too much to be desired. Of course this transparency of the code quality only comes with the “open sourcey-ness” of the code out there. Who is to say that the JAVA code is any better except the guy who compiled it.

    The only real problem I see is all of the low level code that has to keep getting rebuilt to use PHP for larger apps. Always messing around with the low level file ops that java and .net do for you. I am hoping that the zend framework will make this a bit better as I have had to build code wrappers for a lot of my PEAR usage to get PHP OOP and Exceptions to play nicely.

    Another problem I saw with the PHP job market was that PHP was just a desired skill on top of past experience is Dark Fiber, Oracle DB, C++, PASCAL and Fortran. The companies just fold it into a general knowledge category and complain of talent shortages. There were many jobs looking for “Web Architects” which is where a higher skilled PHP dev would land. They paid pretty well but no where near the .net and java levels. Most these companies wanted the web 2.0 and social networking they have heard so much about. I would stick to the smaller companies for now…until there are $20k dev tools for php and the enterprises see validation that PHP is for real.

  • philmee95

    Wow, talk about incoherent thought pattern (my above post). Anyways I was just trying to say it is too time consuming to build a full enterprise app in php right now; A few of my projects look like java projects with a million 3rd party includes.
    Anyone ever looked into all of those frameworks, especially the CMS projects with panel arrangement code (web parts-ish). They all make 400 SQL calls per page and had a few of the higher level organizations I interviewed with mention that as a big drawback to PHP. So again, with better RAD tools (Zend is almost there besides missing WYSIWYG) and some decent frameworks PHP may make it there.
    The boon to PHP is the open source so we can all learn and share. This might also be it’s biggest disadvantage in that the bad habbits coders pick up and the fact that there are so many projects out there that companies don’t want to pay for it. They just download a forum and now they are running LAMP like all the others. The minute you try to change those forums a bit, you dive into a mess of transaction scripts, scratch your head a bit and say it is not worth it.

  • http://www.worldwithoutwalls.co.uk/ paulmasri

    I have to disagree with philmee. We regularly build large-scale apps with PHP & MySQL. We’ve developed our own library of code (including our own PHP templates) to maximise code reuse and enable rapid development. As a result we rarely have to revisit ‘low-level code’ unless we’re adding significant new functionality across the board.

    Take Brynteg Books for example. A database of over 2 million books and a custom search engine. Yet each page requires only 3-4 SQL queries.

    Likewise take a look at Mia Masri (wedding tiaras & jewellery) which has a PHP/MySQL content management system behind the scenes. Much of the PHP work happens behind the scenes, again with 3-4 SQL queries. And there’s dynamic use of PHP + Flash within the Design-a-Tiara feature that is a state-of-the-art web app.

    I come back to my earlier point (and to bring this back on topic), the quality of a PHP coder is more about the quality of the programmer as a programmer rather than the specifics of this language. And that’s where the value lies in hiring a PHP coder.

  • MickoZ

    Like someone said earlier, your “Better” rewrite alters the original version (but of course, in practice, it would depend of the context the code is executed), so I will go for something like this:

    
    <?php
    $query = isset($_GET['query']) ? (string) $_GET['query'] : '';
    echo '<p>Search results for query: ' . htmlspecialchars($query) . '.</p>';
    ?>
    

    – I accept/encourage filtering (type casting), when this is the type of the interface.
    – Casting a text input to int would be a bad example of filtering (for multiple reasons).
    – $query could equal ” or null depending on the behaviour/semantic you want. ;-)

    Personaly I won’t care much about single vs. double quote, etc. — but to each his owns. I will probably give more values to someone who is good in analysis, do good design, etc. — it is much easier after to optimize stuff in the case it is needed. Your example was just an example anyway and you probably go further than all these. ;-)

    Having said that, I’m a kind-of generalist. I believe that someone who is a good developer, will be good in PHP, Java, Ruby, etc. [even with different language like Haskell, Prolog, etc.] — because at the analysis, design point, even construction/coding, testing, etc. the thinking and output will be very similar (even if the language can drive a part of our solution). So I will mostly seek for a good developer.

    Of course sometime, you want/need someone “ready” to do the job with the solution you have used (e.g. PHP). However if you plan to hire someone for the next 2-5 years, chance are a good developers will do a better job even with the learning overhead. I guess it is a dilemma with skill/potential vs. experience. Hopefully you find both at the same time. ;-)

    Actually, I would risk to say that there is a big chance that a good developer will be good in other fields of work, but the overhead might be too high (e.g. become a good lawyer/doctor/etc. in a month without experience/knowledge). But like I said, this is risky, because some people are very “smart”, but are not athletics, nor good musician, etc. or simply have no interest at being good at something beside their potential, skill and knowledge.

    Amen.

  • praveen

    Hi,

    I have worked on PHP/ JSP/ .NET but have a feeling that.. compared to ASP.net and Java, PHP don’t have a proper IDE. I am aware that lot of IDE’s from zend, eclipse, Nusphere etc are there in the market. But personally I don’t find any of them useful and handy like Visual studio or Net beans.

    I will appreciate your comments on this. And will like to know how you are managing it?

  • ivanfx

    Good old Notepad…

  • Soaplady

    I started using PHP when I had databse experience but no other programming skill. Now, several websites and many hours of reading and practice, I can say that I did get most of the points for “good programming” right.

    It is true that anyone with a little smarts can create a decent (and sometimes pretty sophisticated) php website. And that, I think, is what most employers see.

    However, the real difficulty is that getting from the decent to the elegant and from the pretty safe to the really secure is a hard road. There are few available classes and very little training exists. Learning from books and the school of hard knocks is difficult, especially when there are many ways of doing just about everything in PHP.

    I’ve gotten to the point where I do get paid for my work as a contractor building database-driven websites. Maybe not a LOT, but enough so that I feel decent about the resultant hourly wage.

    Most of the “how-to” materials for advanced php programming assumes an understanding of some other language. Available information is often contradictory and incomplete. The php manual is excellent, but only if you know what you’re looking for to start with.

    PHP programmers will probably become more standardly paid when there is a clearly defined path charting the beginner, novice, amateur, advanced, professional and master. It will also be easier for php programmers (and scripters) to get better at their skills.

    Once there are more truly professional and master php programmers, then we’ll see more advanced enterprise websites built and running with php. And THAT is what will get higher pay for all of us.

  • Webx

    PHP simply is not being taken seriously for many reasons. A perfect example to this thought process focuses on this general discussion actually, in which nobody can agree on anything. The same is present and constantly persistent with PHP code and how to do something the “right” way.

    Sessions, security and even Cookies, all have the same areas that compound with a vast amount of opinions, too many ways of producing the same code (OOP or simplified functions) that do the same thing and way too many controversies on how to produce the most secure code with no real answer.

    You can simply confuse yourself to the point of mental breakdown just looking for a correct way of handling security issues pertaining to sessions.

    And no, that is not a good thing. Having too many options to produce code is why PHP is constantly under the microscope and controversy of “secure applications” and why most employers dont take PHP seriously. After all, the general misconception is that most of us that develop PHP applications are simply people that stumbled onto a easy format to program with and as a result, think we are developers. The same thought process exudes highly in most college campuses that rely stringently on Flash, Java and .NET curriculum. When you walk into a college and see a Microsoft plaque of recognition and sponsorship hanging on the wall, you can pretty much forget programming in PHP.

    So, what does that have to do with anything? Where do you go to school to get a Bachelors degree in PHP programming? Where do you go to get a Masters degree in PHP programming? Nowhere really. At least around here. There is no such thing. But, if you want to be a .NET, Java or Flash developer, I can show you 30 jobs that I received in just the last 4 days.

    Employers want to see that Degree hanging on your wall and use that degree to base their pay rates upon, whether or not the technology you use is actually better than what they are using.

    Just think of it like this, to make it real short and sweet. Why do most employers use M$ servers and not Linux servers?

  • Hans Kejser Hansen

    Don’t think You better example is an example on good php code. I alway s uses wrapper function when calling htmlpecialchars, so i easyly can change the third parameter if needed. (Guess I will find a job another place, where they avoid redundant code.)

    “Passing the ENT_QUOTES argument to htmlspecialchars to ensure that single quotes (‘) are also escaped isn’t strictly necessary in this case, but it’s a good habit to get into.”
    Very dependent on the context, fx can be a very bad habbit when used i generateed javascript. Also a place where I prefer a wrapper function.

    And the little issues about () around echo, I would read the company’s code standard, before I removed it.

    And one thing IHMO that makes good PHP code, is the planning before You opens the editor.

  • marnen

    Passing the ENT_QUOTES argument to htmlspecialchars to ensure that single quotes (‘) are also escaped isn’t strictly necessary in this case, but it’s a good habit to get into.

    Um, why do this if it “isn’t strictly necessary”? As far as I can tell, this practice is of no use whatsoever in this or any other case. If you’re escaping <, >, &, and perhaps ", that’s all you need.

  • Befara

    My feeling is that your above example is something that can be taught fairly easily. Granted, it’s desirable to have a candidate who has enought experience to know what the major security vulnerabilities are and how to address them, but I’m more interested in whether a developer “gets it” — that is understands the overriding concepts in architecting good code.

    When I interview a LAMP candidate I’m usually looking first at what kind of OOP experience they have. Do they know the difference between an object and a class? Do they understand inheritance, extending classes? Have they ever used any common design patterns? Singletons? Factory methods? Do they know what $this is? If you have an kind of enterprise codebase, it’s essential to understand the big picture if you are going to make meaningful contributions.

    I would be extremely happy in your above example if a developer simply said to me: “User input should never be trusted, the $_GET argument should be run through a sanitation method then placed in an appropriately named array, i.e. $clean['query']“.

  • online forex trading platform

    I’m todally agree with you that you can learnd a lot about the programmer by asking him this question,i very like the writing of this great artice.

    Keep them coming.

  • Anonymous

    alert(‘here’);

  • adrian

    What PHP coder do you recommend instead of using a server any time to checkde code?