[OWASP_PHPSEC] use of require_once

Abbas Naderi abiusx at owasp.org
Tue Jul 30 17:25:16 UTC 2013


Hello Chris,
Namespaces are good, in PHP they are nasty and hard to work with (not like C#). They significantly reduce the rapid development process, and require introduction of facades. If you know a project big enough that uses namespaces, is succesfull and has no facades, let me know.

PHP developers (and not everybody coding in PHP, professional ones only) use PHP because its rapid. They certainly can use Java, but they are more professional and intend to create more features in an hour than Java developers. The fact that there are many PHP newbies has nothing to do with this, only because PHP does not force a steep learning curve on you.

Without facades, one has to search the API index to find the features they need. With one namespace and proper tools inside it, one does not. Autocomplete will take care of it. 

Now as I understand, namespaces are for packages, i.e each package has one namespace, thats why I don't understand why a simple PHP library or framework should have a couple dozen namespaces introduces, each having a couple classes, each having a few methods. This is against object oriented design (lots of talk about this from bobmartin and martinfowler).

As for the require and require_once, its exactly like you said. Defining a class twice, causes errors which are REALLY hard to fix by someone who does not know the library, so robustnses speaks for itself here. We have the same concept even in C. 

Its actually very fast in terms of performance, as it keeps a hash list. As for memory consumption, each PHP file consumes much more memory than a record in a hash table for it. So performance wise, it almost adds no overhead. You don't believe me? Profile a sample php code.

I actually like Java, but Java is for conservatives without creativity. It controls yours hands and everything you get to do. C, Python and Ruby are exactly the other way around, but make it too messy. PHP is the proper amount of dung.

-Abbas
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Mordad 8, 1392, at 8:17 PM, Chris White <cwhite at remarinc.com> wrote:

> Abbas,
>  
> Namespaces are a feature of object oriented programming – not just Java (C++, .NET, Python, Ruby, etc). Its use lies in the ability to logically compartmentalize similar classes, which makes them more meaningful and tightly coupled to a developer. A shallow system can obfuscate related classes fairly quickly. I don’t like Java, either. That doesn’t mean that it doesn’t have any good concepts. In fact, I believe the developers using Java on average are much more skilled than the average PHP developer and better implement sound programming practices.
>  
> Don’t let your dislike for Java make you avoid good ideas. There is a reason so many object oriented languages take advantage of these features.
>  
> As for require vs require_once: your assumption that one is for classes and another for non-object oriented PHP files is a fallacy. Require_once is used in cases where there is potential to load a file twice. This is beneficial when loading a file twice can overwrite assigned variables, properties (static objects), or run a procedure multiple times in the case of a non-object oriented file. When loading a file twice is not harmful to code or there is no potential to load it twice, then require is the preferred method.
>  
> Thanks,
>  
> Chris White
> Network Administrator
> Remar, Inc.
> Work: 615-449-0231
> Cell: 615-948-1388
>  
> From: Abbas Naderi [mailto:abiusx at owasp.org] 
> Sent: Tuesday, July 30, 2013 10:26 AM
> To: Chris White
> Cc: owasp_php_security_project at lists.owasp.org
> Subject: Re: [OWASP_PHPSEC] use of require_once
>  
> We have had this discussion, going deeper is Java like. Even one namespace is not a good thing, but we're dealing with facade functions, so that's not an issue for now.
>  
> require_once is needed for loading classes and definitions. require is used for running php file, usually those that produce output not define things. There is not much overhead. PHP is an interpreted language, and performance is not really an issue here.
> -A
> ______________________________________________________________
> Notice: This message is digitally signed, its source and integrity are verifiable.
> If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
>  
> On Mordad 8, 1392, at 3:55 PM, Chris White <cwhite at remarinc.com> wrote:
> 
> 
> Finally! It is not as lonely in the PSR-x boat anymore. No need to recreate the wheel here, guys. Just utilize one of their sample loaders. You won’t even have to change namespaces or classnames. Although, I am in favor of going deeper than just \phpsec\. ;)
>  
> Chris White
> Network Administrator
> Remar, Inc.
> Work: 615-449-0231
> Cell: 615-948-1388
>  
> From: owasp_php_security_project-bounces at lists.owasp.org [mailto:owasp_php_security_project-bounces at lists.owasp.org] On Behalf Of Sven Rautenberg
> Sent: Tuesday, July 30, 2013 5:48 AM
> To: Minhaz A V; owasp_php_security_project at lists.owasp.org
> Subject: Re: [OWASP_PHPSEC] use of require_once
>  
> Yes. Just have a look at how "PSR-0" autoloading is done.
> 
> 
> 
> Minhaz A V <minhazav at gmail.com> schrieb:
> will it be changed to require  after autoloading is done?
>  
> 
> On Tue, Jul 30, 2013 at 3:30 PM, Minhaz A V <minhazav at gmail.com> wrote:
> Can I know how will autoloading be accomplished and what it exactly means?
>  
> 
> On Tue, Jul 30, 2013 at 3:26 PM, Sven Rautenberg <sven at rtbg.de> wrote:
> It's probably because of the current lack of autoloading, but I think this will be addressed.
> 
> 
> 
> Minhaz A V <minhazav at gmail.com> schrieb:
> while going through the codes I found the use of require_once at many places
> why isn't require  being used, when require_once  has computational overheads, it consumes more memory and is slower
>  
> reference: http://stackoverflow.com/questions/186338/why-is-require-once-so-bad-to-use
>  
>  
>  
> 
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> 
> 
>  
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> Regards,
> 
> Sven
>  
>  
> 
> Mit freundlichen Grüßen
> 
> Sven Rautenberg
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>  
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130730/c298b213/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list