Zend CEO: PHP is fit for the enterprise

Developer Andi Gutmans also defends PHP's reputation on security

PHP (Hypertext Preprocessor) is a well-established server-side dynamic language platform for Web development. Among its many users have been important Web properties such as SugarCRM and the Drupal content management system. Perhaps the top promoter of PHP is Zend Technologies, which offers an application server and development tools for PHP and stresses PHP usage in enterprises.

Andi Gutmans, Zend's CEO and co-founder, has been a key participant in the ongoing development of PHP since the 1990s. He spoke with InfoWorld Editor at Large Paul Krill, praising PHP's role in cloud and mobile computing while defending its security capabilities and performance. He also talked about PHP's status vis à vis other languages, even asserting that PHP has put Perl down for the count when it comes to languages.

[ Think you know PHP? Prove it with InfoWorld's PHP IQ test. | Stay on top of software development by subscribing to InfoWorld's Developer World newsletter. ]

InfoWorld: What really drove your decision to work with PHP, and why has PHP become so prevalent?

Gutmans: What drove us to work on PHP was mainly fun. We were at university, we did a project. We just finished a compiler course, which basically gives you the foundation to build a language, so we put a lot of time into just for fun trying to make this better. We had no commercial aspirations, we just did it for fun. We went back to [PHP founder Rasmus Lerdorf] and we said, "Why don't you embrace this new version because we think it's better?" That's what happened, and the whole PHP project moved over to what we built, and it became a phenomenal success. It was actually only about three years later when we started to think about building a commercial business around PHP.

InfoWorld: What role does PHP, a server-side platform, have in the realm of mobile device applications?

Gutmans: Mobile is all about engaging users, engaging partners, and doing that in a much more effective way. As part of that engagement, we think it's about personalizing the experience and creating the right context for the mobile user. That context gets created on the server side because it's an aggregate of what we know from the mobile device, what we know from our existing systems, what we know from social platforms. So the server side is very, very critical, maybe even more critical than the client side to create these personalized experiences because it actually has to do all the heavy lifting of bringing all these different systems together and personalizing the response and the data for consumption by the client side.

For example, you're accessing your bank's Web application, let's say you're on Wells Fargo, and you want to know where the ATMs are in your neighborhood. Your location will go to a server side, the server side will do all the mapping, and maybe it knows who you are and it knows you don't like a certain ATM and it could actually personalize that response and send it back to the client. Server side is critical to building these new experiences.

InfoWorld: What's the main driver for PHP in cloud computing?

Gutmans: A lot of people think of cloud as the what, and I think it's the how. Mobile is a big piece of the what, like mobile application development is really one of the highest-priority items for organizations. What happens, though, is as you're building mobile, you're engaging external to the organization, and you need to be able to do a few things. You need to have a much more agile development and production process, which cloud is really good at because there's a lot of automation. You can do automation without cloud, but I'd say cloud is a lot easier and a lot more relevant.

The second thing is you're reaching billions of users on mobile devices potentially, so having the elastic scale of cloud becomes very, very important. While you don't have to use cloud to deliver mobile apps, we believe that mobile application development pulls with it cloud usage because cloud is such a great runtime platform for serving mobile devices.

InfoWorld: The two languages most often mentioned in the same breath with PHP would be Perl and Python. Would you agree with that?

Gutmans: Probably today it's Ruby and Python. I think Perl is long gone, thanks to PHP.

InfoWorld: What does Python offer that those three -- Perl, Ruby, or Python -- don't offer?

Gutmans: We think PHP is actually the only ecosystem today that is enterprise-grade and ready to take on Java and .Net. Ruby and Python are nice languages, but if you look at it from a commercialization and professionalization point of view, only PHP has a company like Zend that really supports the runtime. Only PHP has worked with the IBMs, Oracles, and Microsofts of the world and really made sure that the interpretability to enterprise systems works well. And only PHP has the application ecosystem that is everywhere, like Drupal, Magento, and WordPress.

When you look at it from a vendor support point of view, the partner ecosystem, the application ecosystem, the tool chain, and when we go to enterprise we will never actually see those other languages. It will always be Java and .Net, and we believe that PHP today is ready to take them on.

InfoWorld: I saw an online article from 2006 that referred to PHP as "Pretty Hard to Protect." You mentioned this morning that PHP has an undeserved reputation as far as security deficiencies. What has been done to shore up security concerns in PHP, and what's going to be done going forward?

Gutmans: First of all, Web security is really hard for anyone. It's very hard to get the training and the best practices to build secure apps. It doesn't matter what language you're using. What helps developers build secure applications is having the right frameworks that lead you into building applications in the right way. And the PHP ecosystem has, since 2005 I would say, built out several frameworks that are enterprise-grade.

The leading one is Zend Framework, and Zend Framework really helps instill those best practices that enable companies to build secure Web applications. If you're using a professional framework today, you're just as secure on PHP as you are with any other language. If you're hacking something, you have no skill set, then of course no matter what language you use you're not going to build secure apps.

InfoWorld: Would you say the "Pretty Hard to Protect" acronym definition is no longer accurate?

Gutmans: PHP applications are just as secure as any other application today as long as you're using a good framework, like in any other language.

InfoWorld: What other PHP frameworks are there besides Zend Framework?

Gutmans: There's Symfony, there's CakePHP, and even more than that.

InfoWorld: What about the concern over PHP being slower to execute than languages like C?

Gutmans: I'm a C developer by heart. Absolutely any dynamic language -- including Java and .Net -- is slower than C. C as a language is very close to the bare metal. PHP is one of the fastest dynamic languages. There's a lot of optimization that's gone into it, including work we've done with Intel and other vendors. It's actually very, very fast.

The one thing to remember, though, is the language runtime is one aspect of performance. The reality is a lot of the performance bottlenecks in Web applications are actually I/O. It's network access, database access, file system access, and no matter how fast your runtime is, if that is your bottleneck, it's going to be your bottleneck. You can write it in Assembly, and that's what is going to happen.

Now, the long-term prospect of Web application performance in some cases actually is becoming increasingly challenged because you're building these cloud apps. No matter what language you're using, you're consuming different Web services. Well, Web services by definition are slow. We're going to see increased challenges around application performance as we build these cloud native applications.

InfoWorld: What was the most recent release of PHP?

Gutmans: The most recent was PHP 5.4. That was a very important release because it was a significant step up in performance. We also had a functionality called Traits, which is another object-oriented feature. We had a nicer way to create arrays in PHP 5.4, which is just easier to use. A big change in the Zend Engine [within PHP] was the fact that we reduced memory consumption and increased performance. That was a big step up. We also added support for multibyte languages out of the box.

This article, "Zend CEO: PHP is fit for the enterprise," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Copyright © 2012 IDG Communications, Inc.