Serious PHP advantages?

I currently work as a web developer for the Department of Defense. I started the job knowing 0 about web development, yet, i had a background in C++, Delphi and VB which was enough to let me run with an ASP programmer position.

My question is this, what are some serious advantages of PHP(any version) over ASP(our current implementation) or ASP.NET(what i want to implement).

Honestly, i amazed to find that the DoD supported PHP since it's Open Source but -- now that i know -- it's become a viable alternative -- IF the cost to convert an ASP/SQL2000 environment to a PHP alternative provides sufficient advantages vice the percieved cost in operational time to convert.

I also have wanted to know if PHP and SQL2k currently work together. Can both ASP and PHP be supported on the same server? (i.e. a site with both PHP and ASP pages)

I was reading through an earlier PHP vs ASP forum but found that many of the answers dodged any serious issues. M$ sucks doesn't cut it, i have a boss and budget team to explain this too. Typing "ASP vs PHP" in google really only netted MSDN articles favoring ASP.NET, so i figured i'd try here on the community.

You'll find some good articles comparing PHP to ASP here:
http://zend.com/press.php?CID=220
http://zend.com/news/zendpr.php?id=49

Do either yourself or your manager have specific concerns regarding use of PHP that you would like us to address? Its quite a lot to chew on comparing the two outright... Q&A is sometimes easier in getting to the heart of the matter.

I think the only real advantage to PHP is that it's cross platform.

You can accomplish the same mission with each language, but PHP will allow you to use your solution on multiple OS.

One may be faster than the other, but it's really going to come down to how well you code. Open source is nice, but doesn't really matter when all you need is for your application to work. Sure, PHP is free, but the training and time to learn and maintain it is not.

Bottom line, when these issues come up, the advice is to always use what you know. If your a competent ASP(.NET) programmer, then go with it.

It wouldn't hurt to learn PHP if you have time, though, then you can make your own one-to-one comparisons.

The DOD is so full of MS that I'm surprised anyone even entertained PHP. Almost everything I've seen is ASP or Cold Fusion (I'm a Captain in the Army).

---John Holmes...

Depends on where you work within the DOD. I worked for a contractor once upon a time and everything we did was related to:

1) Linux
2) Sun Solaris
3) Other

Granted we were dealing with No Such Agency and the Navy, which don't exactly run your average x86 systems.

One of the real advantages to PHP is the amount of modules that are available for it and the ease of making your own. Due to your C++ background it you should be able to make custom modules if a certain feature doesnt exist and extend the abilities of PHP.

Sepodati and a.koepke already brought up some good points and if you have a C++ background and are seriously entertaining the idea of moving to PHP from ASP it should be relatively easy. I had a similar background to yours (a few years of mostly C++/MFC programming, some VB) and was able to pick up PHP very quickly which is what I do now.

I'm wondering if cross platform compatibility will be a huge issue as with all the recent (and past) vulnerabilities that MS has, you'd think that an agency like the DoD would move to something more secure, so if it was written in PHP you could just plop it onto a unix based server from your MS server if that ever happened.

It is nice to see the government considering open source stuff though. Don't suppose they're considering Postgres as a database vs. Oracle/MSSQL or whatever you guys are using now are they?

-b

Thanks for all the information thus far.

I was surprised as well when i found out i 'could' use PHP. Up until now i was always told anything free/shareware/open-source was off-limits due to it being distributed from unreliable sources (amongst other things).

Right now the real buzz-words are XML and .NET but every once in a while i hear PHP(5?) thrown in there. I think there are a lot of misunderstandings regarding PHP with the older ASP programmers on the NT side of the house. Maybe you can clear any of these arguments up.

1. I was told PHP and SQL2K do not work well together and since MYSQL is inferior, PHP would not be a good alternative.

2. I've been told PHP doesn't behave well with W2k servers either.

3. I've been told (contrary to what i thought) that PHP/MYSQL is less secure then ASP/SQL due partially to its open-source nature. And as one person put it "PHP is for your homepage, ASP is for business".

If any of these are myths please debunk them.

Kfickert, we're right up the same alley... My prime customer is using Solaris/Unix/with a minority on W2k. However, the servers and our development team work in a W2K environment. This has caused some major but workable issues due to W2K/IE and Unix/NS incompatibilities.

Sorry i can't answer your question about Postgres, bcyde, i'm none too sure about that. However the ... "environment" in which our servers exist make security a non-issue(for the most part).

Thank you all again!
-J

I don't know what's more insecure. Using an open source platform with a strong reputation for being current, up to date, and well maintained; or a closed-source platform with an equally strong reputation for having bugs and security holes punched through it on a regular basis. Sure the possibility for a major exploit exists in open source, but let's face it, as it stands the Microsoft alternatives aren't exactly air tight...

As for the security of particluar engines and db combinations, I'm no expert, but the security of a system like that is mostly related to the quality of staff you have programming the back end, not the product being used. There is nothing inherrently secure or insecure about asp/php/mysql/sql, it's all in how you use it.

I can think of one really big bonus, You don't have to use a Winblows Server!!

PHP is open source. It is also developed and distributed by a for-profit software company called Zend. Zend stands behind PHP, in the same way that Microsoft stands behind ASP. Zend ensures that PHP is secure, robust, usable, and backs their open-source PHP engine up with an excellent set of software tools - ranging from the best PHP IDE on the planet, the Zend Studio, to encoders, accelerators, and optimizers. PHP is not distributed by unreliable sources - it is distributed by an excellent software company, whose people just happen to believe in the open source movement.



PHP can connect to almost any database. FWIW, I have yet to hear of a database that PHP can't connect to. Here is a link to the PHP manual. Scroll down the page - see the list of functions? Read through some of the databases that PHP offers support for. MS SQL. Oracle. MySQL. PostgreSQL. The list keeps going. If you prefer MS SQL, use it. You're probably better off, however, using a SQL server that is more secure than a block of swiss cheese.



PHP will run on Linux, Windows, UNIX, or MacOSX. Download PHP for whatever OS you like. It runs identically on all of them.



I can't imagine the kind of pharmacuticals one needs to inject to cause an individual to defend the security of a Microsoft product against anything offered in the open source community. What'll they think of next?



Consider them debunked.

In the words of the little old lady in Poltergeist: "This house is clean."

1. No one told our company that. Most of our servers run PHP connecting to MS SQL2000 and we're perfectly happy with them. In fact, nobody (including management) wants to go back to ASP again because we found the performance of some of our apps increase exponentially (this was same hardware PHP on *NIX vs. ASP on Win2K around mid 2001 -- *NIX consisting of FreeBSD and Linux boxes). Mind you, I'm a fairly good ASP programmer too, so it wasn't just a matter of coding badly on ASP -- some of our code was coded as ISAPI DLLs in VB, for extra performance . You want hard numbers?? --- Our ISAPI/ASP app ran 17 threads/sec simultaneously, the PHP app happily ran roughly 28-30 threads simultaneously with slightly faster response times and much less server load.

2. Can't help you with that one since we run mostly *NIX servers with all the Windows boxes acting as database servers. I've never run PHP on IIS, but maybe someone else can chip in here.

3. Sounds like FUD, if you ask me. In our experience, it was our Windows boxes that were hacked (only a couple and only twice, but still, they were hacked, one with the infamous "Hacked by Chinese" message). The trouble is that even though we had a couple of very competent network admins then, we had a large number of servers and when going through applying the patches, a couple of them were missed a couple of times.

We haven't been cracked yet since we converted them to *NIX boxes -- maybe it's because they're easier to maintain or something or maybe it's because we don't need to patch them that often and maybe we're now more careful.(btw, if you're wondering, we have a lot of them -- let's just say it's a number like 130+). Either way, IMHO *NIX isn't less secure than Windows because of open source.

mySQL is a different matter -- we liked the speed increase over MS SQL, but we had problems with the database getting corrupted too often for our liking, so we stayed with MS SQL -- again this was a few years ago, so things may have changed since. Additionally, MS SQL supports things like triggers, jobs, replication and stored procs, which are always handy for enterprise level stuff.

And why is there an assumption that MySQL is the only alternative? Postgres & Firebird immediately come to mind as better choices.