Software For Thought

March 13, 2017

The Rebar Project: Aiming To Make PHP Just A Little Less Painful

Yes, I know. PHP: gross, right? Blah blah blah PHP is so bad because this and that and this and that and it's bloated and it's stupid and it's insecure and it's for amateurs and complaint complaint complaint gripe complaint. I've heard them all. Spare me.

But the facts are the facts: PHP is the most widely used web scripting language. It's the only language (in my experience) that has genuine out-of-the-box support with Apache web servers. Practically every web host on planet earth supports it. And it's over 20 years old: it isn't some fly-by-night lets-put-javascript-on-the-server-with-modules-and-whatever mess that some web programmers are getting into now.

But I'll be first to admit that PHP can be painful to use at times. It's superglobals system is obtuse. Managing file uploads is like trying to ride a bike in a snowstorm. And in my opinion, I don't think there has ever in PHP's history been a genuinely good official database connector library.

This project has been a work in progress for a while. I've been working on PHP projects since the early 2000s, and around 2010 I started to give serious thought of putting all of my accumulated tricks and caveats into a framework of classes in order to try and smooth out some of PHP's rough edges.

Thus became the Rebar Project: an attempt to give just a little bit of structural reinforcement to what is otherwise an extremely versatile and easy to use language; take what is hard in PHP and what gives it a bad reputation, and fix it.

Phase One: Rebar-MySQL

I can't think of a single thing that is harder to do in PHP than MySQL or MariaDB access.

Yes, on the surface, it is quite easy. A three-minute-long online tutorial will get you going. But the sandpits begin appearing almost immediately. There is a reason why PHP-MySQL became a synonym for "SQL Injection" in the middle of the last decade.

The way I see it, there are two things that make SQL in PHP such a difficult affair:

-- Prepared Statements: Essential for preventing injection attacks. But the official library for doing it (mysqli) is obtuse: designed for a programming style that is used by nobody.

-- Writing SQL Statements: So you gotta initialize your prepared statements with a raw SQL string? Why? Do you like having to find bugs in one language that exists as a static string in a completely different language? Who the hell thought of that?

Rebar-MySQL aims to address and solve both of these problems.

Go To The Rebar-MySQL Project Page