Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 25 down vote favorite
15

I am new at web developing. I know C# and java. I want to develop a site which will be in MVC framework. But I can't decide (java spring, jakarta struts) or (CakePHP, CodeIgniter, Symphony) will be better for me. As I know java, java MVC frameworks will be best for me, but how much java will fit in web development? Please suggest java or PHP? I want to develop a site for reporting missing people and finding.

share|improve this question
3  
What are you trying to build? – Colum Jan 26 '11 at 21:15
2  
Each has it strengths, you need to explain what you are trying to do. – jzd Jan 26 '11 at 21:17
4  
Voted to reopen. The same question exists in the ASP.NET - PHP realm and has been viewed 9,476 times... – Andrew Moore Jan 26 '11 at 21:26
A warning: When considering the Java side don't confuse struts 1.x with the struts 2 family (it was a confusing naming decision but they are unrelated) it is common for older developers to make this mistake, and draw incorrect conclusions. So be sure to qualify what "struts" someone is referring to. – Quaternion Jan 26 '11 at 21:43
3  
Editing your question to append the sentence I want to develop a site for reporting missing people and finding doesn't add any more relevant info. Although a noble cause (unless they're trying to get away from you), it doesn't play a factor in determining which technology to use. Better info would be the functionality, technical capabilities your application needs. – webbiedave Jan 26 '11 at 21:49
show 1 more commentadd comment (requires an account with 50 reputation)

closed as not constructive by jzd, Oli Charlesworth, Octavian Damiean, webbiedave, BalusC Jan 26 '11 at 21:19

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.If this question can be reworded to fit the rules in the help center, please edit the question.

3 Answers

up vote 58 down vote accepted

I would choose my language not on raw numbers first, but on your functional requirements. If after analyzing your functional requirements you do not have a clear winner, consider the following points:

(Disclaimer: I develop in PHP but have used JSP from time to time)

Future-proof

None of both platforms will disappear soon. As for each major versions of each platforms, they might come with some changes that will break your code. (Or at least deprecate a bunch of methods)

Performance

I could link to benchmarks showing PHP to be faster and others showing JSP to be faster. It depends on your hardware and what you plan on doing with it. For pure number crushing, JSP seems to be faster.

Security

PHP has a bad reputation security-wise and I can understand why. There are a lot of students and hobbyists who started coding in PHP and have absolutely no idea of what code security means. Please remember that this affects their code, not yours. Also, if you choose PHP, be careful when choosing third-party documentation. A lot of them a written without any consideration for code security and their examples are riddled with security issues (especially the database section of such books).

There are equal opportunity to shoot yourself in the foot in JSP than in PHP. There is nothing stopping me from writing the following code in JSP:

// DON'T DO THIS
String query = "SELECT * FROM Employees WHERE EmployeeName = '" 
                   + employeeName + "'";

Statement statement = connection.createStatement();
ResultSet rs = statement.executeQuery(query);

as there is nothing stopping me from doing the same in PHP:

// DON'T DO THIS
$statement = "SELECT * FROM Employees WHERE EmployeeName = '"
             . $employeeName . "'";
$result = mysql_query($statement, $connection);

Yet we all know that we should never do anything as such in our code.

Whatever language you choose, follow these simple security rules. Those are applicable on all platforms.

  • Use parametrized queries
    JDBC has built in support for them. If you are using PHP, drop php_mysql and use the php_mysqli extension instead (or even better, PHP Data Objects) which has support for parametrized queries.

  • Never trust user input
    Never trust user input, even input that isn't meant to be changeable. Learn to expect unexpected values like \n in <input> fields or values which are not even part of your <select> and deal with them accordingly.

  • Validate, validate, validate
    Always validate your data. If your data has been validated in a previous step, validate it again. User can't get to this page without logging-in? Validate his login information on page load. Ties in with the rule above.

  • Escape, escape, escape
    Always escape your HTML output to prevent most XSS attacks. Even if that field is only supposed to carry a number. Creating a file based on user input? Escape and validate the file name. Passing to a CLI application? Escape your shell arguments. Not using parametrized queries (rule 1)? At least escape any and all input.

  • Follow best practices, not common practices
    And in PHP's case, best practices can be in total discord with common practices. Learn to differentiate between the two. Turn off magic_quotes, don't use addslashes() for security purposes, etc...

  • Protect sensitive information
    Don't store plain-text passwords in the database. If you need the original value, encrypt. Most of the times you won't, so hash. Also, you really don't need to fetch that SSN value from the Employee table if you are displaying a directory of employees for phone purposes. Sensitive pages on your website should be protected behind a login page.

share|improve this answer
9  
Java rarely breaks JDK API backwards compatibility. – Ondra Žižka Feb 11 '11 at 4:54
1  
@Ondra: no, but they will deprecate a bunch of methods – Andrew Moore Feb 11 '11 at 6:38
add comment (requires an account with 50 reputation)
up vote 9 down vote

It's best to use what you already know. If you know Java, use Java.

share|improve this answer
add comment (requires an account with 50 reputation)
up vote 7 down vote

Benchmarks show PHP is just about the slowest language going while Java is at the opposite end of the spectrum, getting faster and faster with each release. So first point, if you have a lot of heavy lifting to do, say you are developing a very intensive administrative application, you would want to seriously consider Java over PHP.

Having worked with both languages, I've found PHP has a very large hobbyist community with a small, in relation, professional community. Java on the other hand, has a much larger professional community making the information you find and the help you can get of a generally higher quality in terms of considerations like security.

If you go the Java route, you can look at a framework such a GWT (Google Web Toolkit). This won't provide you with an MVC framework off the ground, but you can certainly structure your code as MVC ontop of it. With your previous Java experience, you might benefit from being able to use Java to build your UI in GWT rather than having to learn every quirk of HTML.

On the PHP side, there are a number of very good frameworks. A personal favorite of mine is CodeIgniter which has excellent documentation in the form of its user guide. Generally I'd say you can roll out sites and features faster with PHP that Java. I've seen admin sections to sites developed in PHP in a couple of weeks while the same thing has taken a couple of months in Java.

The Apache, PHP, MySQL setup is also much simpler to manage than a Java server like GlassFish or JBoss so if you are planning to host the server yourself via a VPS or some such, this should be a consideration. In a similar vein, note you will find it difficult to find shared hosting for Java while pretty much all shared hosting supports PHP.

share|improve this answer
Qualify why/how it would be faster. I could agree a couple years ago with people using pure JSP/Servlets but I think development time should be nearly equal now using a modern framework such as Struts2 or Spring MVC. – Quaternion Jan 26 '11 at 21:57
@Quaternion Maybe it should be equivalent, but in my experience, turn around times for similar projects in PHP and Java have consistently been faster in PHP. Remember that while Java has gained frameworks that speed up development, so has PHP. – Endophage Jan 26 '11 at 22:02
As far as the frame works go I don't think PHP's frameworks maintained a linear advantage but converged (if the underlying request response cycle isn't changing much convergence would be expected as the target is not a moving one). PHP has it's roots in the web, Java is more a systems language. It would be expected for Java to take longer to reach parity with a language with a more specialized domain. – Quaternion Jan 26 '11 at 22:31
@Quaternion I agree completely that PHP's frameworks haven't maintained a linear advantage, but I think that for the most part, they still enable faster development in the web domain. Given that the original poster is asking which would be better in that particular area I would stand by my statement that PHP will allow faster development. – Endophage Jan 26 '11 at 22:37
PHP is only slow when not used with bytecode cache. With bytecode cache, you get an order of magnitude speed increase. I don't know whether the benchmarks you are talking about take this into account but I have certainly seen many that don't. If you need to do heavy lifting, you wouldn't do that in response to a request anyway but delegate it to a background process. The database and network I/O should be slow enough to shadow differences between raw execution speeds of languages. – Esailija Feb 22 at 10:04
show 1 more commentadd comment (requires an account with 50 reputation)

Not the answer you're looking for? Browse other questions tagged or ask your own question.