Rasmus Lerdorf: Web 2.0’s John Wayne

Tweet

You have to take your hat off to him: The no-framework PHP MVC framework – a walk through building a simple app with “raw” PHP and a lot of Javascript.

Some choice quotes (he’s very quotable);

So you want to build the next fancy Web 2.0 site? You’ll need some gear. Most likely in the form of a big complex MVC framework with plenty of layers that abstracts away your database, your HTML, your Javascript and in the end your application itself. If it is a really good framework it will provide a dozen things you’ll never need.

I like stuff I can understand in an instant. Both because it lets me be productive right away and because 6 months from now when I come back to fix something, again I will only need an instant to figure out what is going on.

Just make sure you avoid the temptation of creating a single monolithic controller. A web application by its very nature is a series of small discrete requests. If you send all of your requests through a single controller on a single machine you have just defeated this very important architecture. Discreteness gives you scalability and modularity.

Many frameworks may look very appealing at first glance because they seem to reduce web application development to a couple of trivial steps leading to some code generation and often automatic schema detection, but these same shortcuts are likely to be your bottlenecks as well since they achieve this simplicity by sacrifizing flexibility and performance. Nothing is going to build your application for you, no matter what it promises.

So how about Web 2.0 celebrity deathmatch? Rasmus vs. ?

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • Pingback: web.develop

  • http://www.lopsica.com BerislavLopac

    Deathmatch: Rasmus vs. Tim O’Reilly, of course.

  • soso

    he has a security hole (SQL injection) in items.inc ;)

  • http://www.sdynamics.nl Nova

    hmm i think this article is another begin of a flamewar :)

  • http://www.jhauser.com datune

    huh?

  • http://www.phppatterns.com HarryF

    he has a security hole (SQL injection) in items.inc ;)

    Perhaps. But then again perhaps not – he’s trusting to the filter extension – need to look at what exactly it does and whether it filters $_SERVER["REQUEST_TIME"] for SQL injection. Personally have two minds about that, for and against – in principle it’s a nice idea – in practice are we headed for magic_quotes v2?

  • mak

    i dont think his example is easier to understand than clean api of few well designed classes.

    btw his example does not work in opera 8.5, but that is not essential in this case :)

  • Ren

    Can’t have an SQL injection exploit if using PDO prepared queries throughout, unless there is a bug in PDO, PDO driver, or the client API of the repescted driver.

  • soso

    Webframeworks are more about communication then technik, they give you a *standard* and *documented* way to develop and deploy a webapplication, and a langugage to speak about your application.

    At the moment there are no standard ways to develop, deploy and communicate webapplications in the PHP community. Rausmus approach makes this situation not better. It is just another unusual, undocumented hack.

  • McGruff

    I couldn’t quite believe this. At first it sounded like a tyro with a whole 6 months of programming experience telling everyone how it should be done – then I saw it was Rasmus.

  • Dr Livingston

    > If you send all of your requests through a single controller on a single
    > machine you have just defeated this very important architecture.

    this is can understand myself to a certain point; with a front controller comes a lot of flexibility and ease of development, but you are restricted to that one point of execution.

    with the front controller, i tend to find that to get the full benifit of this pattern you need to implement mulitple front controllers, and it just becomes a mess eventually – why i just stick with page controllers nowadays.

    > Nothing is going to build your application for you, no matter what it
    > promises.

    that is true also, a framework should be an aid to you, it certainly shouldn’t remove the requirement of a developer, or at least, claim to do so…

    the point of a framework is to increase productivity, and decrease the development time, and any framework worth note will do so through a library of reusable packages, etc, rather than put in front of you a pre packaged application that is being pawned off as a framework

  • http://www.lopsica.com BerislavLopac

    At the moment there are no standard ways to develop, deploy and communicate webapplications in the PHP community.

    Actually, there is — a myriad that is. What doesn’t exist is one be-all end-all mother of frameworks, a single way to develop, deploy and communicate Web applications.

    And you know what — there certainly should not be. I sincerely don’t understand the urge for a single, omnipotent and unifying framework that everyone would develop in. I have seen this urge repeatedly manifested recently, and I fail to understand the benefits of such a framework.

    As pointed by Fred Brooks long ago, there is no silver bullet, a one-size-fits-all final solution for any kind of development. So numerous frameworks — and even more important, libraries like ezComponents, ADOdb or EZPDO — are a good thing, enabling a developer to choose whatever tools are best suited for the particular task at hand. Certainly it would be difficult to find a framework which is equally useful to a developer working on many similar Web applications like classic corporate MySQL-based web sites, as well to someone working on a large-scale enterprise application gluing together code written in PHP, Perl, C, C++ and Java (both server-side and applets), using LDAP, Oracle and filesystem for data storing. Even if some framework managed to equally accomodate both, it would probably come with a deadweight of unnecessary features needed for the other kinds of applications besides the one you’re working on.

    That being said, we must never forget that we have one single, ultimate framework: PHP itself. Because this is what it it is, and which Rasmus is obviously very aware of; no wonder, because this is what he created it to be. He implemented it in C, but instead of using C (or any other common language) syntax for powering its internal development, he created a new language, loosely based on (originally) C, Perl and (later) Java. The result of this is that today we have that two-headed monster that is PHP, a Web development framework and (increasingly powerful) OOP language.

  • Pingback: Sam’s random musings » SitePoint PHP Blog: Rasmus Lerdorf - Web 2.0’s John Wayne

  • Etnu

    That being said, we must never forget that we have one single, ultimate framework: PHP itself. Because this is what it it is, and which Rasmus is obviously very aware of; no wonder, because this is what he created it to be. He implemented it in C, but instead of using C (or any other common language) syntax for powering its internal development, he created a new language, loosely based on (originally) C, Perl and (later) Java. The result of this is that today we have that two-headed monster that is PHP, a Web development framework and (increasingly powerful) OOP language.

    DING!

    It’s wonderful every time I see those lightbulbs go off. Some people get it, some don’t. Those that don’t will continue mucking about with monolithic, inflexible, hard to use frameworks that make things “easier”, those that do will see the light.

  • soso

    BerislavLopac you are thinking like a programmer. Let think economically, where are Books about ezComponents, ADOdb or EZPDO, trainings, certifications? How about standard ways to deploy an ezComponents, ADOdb or EZPDO application?

    Every webapplication is an investment. Every PHP application today is a proprietary application becouse it is known only by its author. It gets worser, becouse its build on top of a proprietary framework, library etc. Would you invest in a proprietary application?

  • http://www.lopsica.com BerislavLopac

    BerislavLopac you are thinking like a programmer.

    Aw, c’mon, for Pete’s sake, how else should I be thinking?! We’re talking about tools for developers — “framework is an investment” is managerial crap. Managers like to invest into technology they know nothing about, but which has a high visibility: books, magazine articles, etc etc. The developers, on the other hand, look for (or should if they don’t) tools that will help them do their job.

    And their job is to develop applications — real, concrete applications, not some imaginary things that one or other framework is best suited for. And each tool should be considered on the base of its value to the task at hand: if I need to write a life-critical handler for a real-time tool, I certainly won’t use PHP, nor even Java; and when I need a quick and dirty Web application, I certainly won’t be using C++.

    The only real investment are people, not books or frameworks or engines or servers. Everything else is as much important as it contributes to people doing their jobs.

  • http://www.jhauser.com datune

    if I need to write a life-critical handler for a real-time tool, I certainly won’t use PHP, nor even Java;

    You don’t know what you are talking about, or choose the wrong words to express yourself.

    What soso says are very very valid points that all have to be answered every time I get to start discussing technology choices with a project solution architect. Besides, it’s a given one that in the business world the managers are the ones who get to make the decisions, and like it or not, (sady enough), the technologies with high visibility and available SLA’s are the ones managers know about. Things are getting better though ;) (of course, if ANY of the programmers I work with who aren’t so PHP pro get to read the post that Rasmus made then I’m done. Frankly there going to have the time of their life. I still can’t believe that post…

  • http://www.realityedge.com.au mrsmiley

    Under speed issues, Rasmus mentions this:

    Avoid include_once and require_once

    Can anyone ellaborate on this on why these functions are slow? In comparison to what?

  • akrabat

    @soso:
    ezComponents, Symfony and Solar are all deployed using Pear channels. I think you can safely assume that with the new channels feature, Pear deployment is the way forward.

    I think that maintaining any application built on Symfony will be just like any other one.

    I don’t know a lot about Java, but I bet that maintaining an app built using struts is different to one built using spring. Certainly, a TurboGears app is different to Django one in python-land. The difference with PHP is that there is no clear “leading framework” like Ruby’s Rails. Zend’s framework is the “hope” here, but atm it’s just vapourware.

  • http://www.realityedge.com.au mrsmiley

    Should have read the rest of the article before posting before:

    Try to avoid using include_once and require_once if possible. You are much better off using a straight include or require call, because the *_once() calls are very slow under an opcode cache. Sometimes there is no way around using these calls, but recognize that each one costs you an extra open() syscall and hash look up.

  • McGruff

    Er, I’d better qualify my earlier comment. When I first read the article what I picked up most was a strong anti-OOP message – using arguments about easy to read, modular code which are exactly those which I’d use to advocate OOP designs. However that may not have been what Rasmus intended. From his comments in the discussion, he seems to be arguing more against “monolithic” controllers rather than OOP itself – more in the original article comments section.

  • Jake

    Arrrggghhhhhhhhhhhhhhhhhhh ENOUGH with the cliche acronyms and terms already. AJAX, Web2.0, blah, blah, blah. Sad enough everyone else is adopting them, and now the godfather of PHP is? Sheesh. *Wipes brow*.

  • Rasmus

    Jake, I don’t like “Web 2.0″ nor “AJAX” as terms any more than you do. Other words such as “blog” and “social media” are just as annoying, but I think the ship has sailed on us. These terms are here to stay and instead of spending half an article belabouring the point and coming up with alternatives that get the correct meaning across I just swallow the bile and move on.

  • Rasmus

    Harry, you are right to worry about using any $_SERVER variables like that, and it is a very good habit to get into to look suspiciously at uses like that. There are however $_SERVER variables that are safe. REQUEST_TIME is one of them. This is a variable filled in by PHP at request startup time. Even if for some odd reason you have register_globals turned on and you try to do ?_SERVER[REQUEST_TIME]=hack you can’t override it.

  • Pingback: xDest.com » Von keinem Framework zum Flamewar

  • http://www.phppatterns.com HarryF

    Harry, you are right to worry about using any $_SERVER variables like that, and it is a very good habit to get into to look suspiciously at uses like that. There are however $_SERVER variables that are safe. REQUEST_TIME is one of them. This is a variable filled in by PHP at request startup time. Even if for some odd reason you have register_globals turned on and you try to do ?_SERVER[REQUEST_TIME]=hack you can’t override it.

    Thanks for the update.

  • Pingback: web.develop blog