PHP Programming Pioneer's Embrace of JavaScript

By David F. Carr  |  Posted 2007-10-17

Rasmus Lerdorf invented one of the primary Web programming languages used at Yahoo, but for a long time he tried to fend off another.

Lerdorf was the original programmer behind PHP, one of the most popular Web scripting languages, and the one Yahoo uses on its Web servers to assemble pages and handle user input. But the language Lerdorf was slow to warm up to doesn't run on the server side at all: It's JavaScript.

"Coming from a back-end perspective, I've always hated JavaScript," Lerdorf says. Development is simpler when all the programming code runs in one place, on the server, where the database and other back-end resources also live.

But Lerdorf has had to get over his prejudice because JavaScript is essential to the more interactive, Web 2.0 generation of Internet applications. "You just can't avoid getting into the front end if you want to build a modern Web application," he says.

"But it does complicate things," he adds. "It means that half your application runs in one environment and half runs in another."

Lerdorf, who is also a core development team member for the Apache Web server, joined Yahoo in 2002 as an infrastructure architecture engineer and helped the company standardize on PHP in place of the hodgepodge of Web scripting languages it had been using. His experience applying PHP to Yahoo's extreme scale of operations and defending it against hackers also influenced the development of features, such as filtering untrusted input, in the current release, PHP 5.

Like any open source technology, PHP is the work of many contributors, but back in 1994 Lerdorf came up with what he called the "personal home page" (PHP) programming toolkit, and he continues to exert major influence on its development.

Like Java Server Pages, Cold Fusion and many other Web programming languages, PHP lets snippets of programming code embedded in a Web page run on a server and perform actions such as database lookups. Yahoo's servers run code written in other languages, including C and Java, for core data management and content aggregation tasks, but PHP is Yahoo's standard for application development.

At this summer's Oscon open source conference, Lerdorf gave a presentation with Thomas Sha, director of the team that created the Yahoo User Interface (YUI) JavaScript libraries, derived from Yahoo's work on establishing standards for its own JavaScript and Cascading Style Sheets (CSS) code and published as open source.

Although the JavaScript and CSS code associated with a Web page are normally published in plain text from which Web developers can easily crib, with or without a license, the YUI comes with the benefit of explicit permission, documentation and usage examples.

Taking off on an old Reese's Peanut Butter Cups commercial, Lerdorf and Sha titled their talk, "You got JavaScript in My PHP! And … " with the idea being that these "two great tastes" are better together.

Despite the "Java" in its name, JavaScript is a distinct language introduced at the end of 1995 as a feature of Netscape Navigator and later duplicated in Internet Explorer and other browsers. Where the PHP code embedded in an HTML page runs on the server, JavaScript code is loaded in the user's browser and runs there.

This lets a Web application interact with the user instantaneously. If a user forgets to fill in a required form field, for instance, JavaScript can be programmed to show an alert before the form is submitted.

The disadvantage early on was different implementations on different browsers—not only of JavaScript but of the programming objects the browsers used to represent the elements of a Web page such as paragraphs, headings, images and form fields. So programmers trying to achieve more ambitious "dynamic HTML" effects such as animation had to write different routines for, say, Netscape and Internet Explorer.

Many of those issues were resolved by development of standards for JavaScript and the Document Object Model with which JavaScript works to identify elements on a page.

And then along came AJAX (Asynchronous JavaScript and XML), the set of techniques that let a Web page continually fetch updated information from the Web server without loading a new page. Based on techniques pioneered by Microsoft, AJAX lets JavaScript carry on a behind-the-scenes conversation with the server.

Google is widely credited with dramatizing the potential of AJAX with Google Maps and Gmail, but Yahoo has also embraced the technology. The new Yahoo Mail, for example, uses AJAX to load e-mail messages into a viewing area at the bottom of the screen rather than having each message displayed as a separate Web page.

"Once you see something like this, you just can't fight it," Lerdorf says.

And yet building a sophisticated application from JavaScript alone "is really not for the faint of heart," Sha says. "You have to take into account a lot of factors you cannot control, and the browsers lie to you about what they can and can't do."

...Sort of">

Standards...Sort of

The development of standards has helped, but JavaScript programs and even more basic elements of Web development such as Cascading Style Sheets (CSS) formatting commands are still implemented a bit differently on every browser (and every release of a given browser). The YUI code libraries attempt to compensate for these differences while also enabling more advanced effects such as animation, drag-and-drop and drop-down menus.

In contrast with the AJAX code in Microsoft's developer tools or the open source world's Ruby on Rails, the YUI is not part of a broad Web development framework. Lerdorf says he discouraged the YUI team from trying to create a framework because he is generally suspicious of cure-all solutions to software development problems. "Sure, you should have a framework," he says, "but the question is, whose framework should it be? In most cases, I believe you should write it yourself."

The YUI's piecemeal approach appeals to engineers who want what they want and no more, Sha says. "You don't have to take the whole package. You can pick and choose what you need."

Developers should be judicious about picking the libraries they use in their applications and recognize their limits, Sha says. "If you're working with the animation library, use it for simple effects. Don't try to create a movie."

Along with new possibilities, AJAX brings hazards that are "just destroying the Web right now," Lerdorf says.

"Once you move half the application to the front end, the back end gets very simple," he says, but it also takes away control because that front-end code is released onto the Internet, where hackers can manipulate it. "So you have to ask yourself, what could they send us to trip us up? The answer is, a lot."

Defending against such attacks is not easy, particularly for startups too busy creating applications and going after market acceptance to worry about security, Lerdorf says. "When the news hits that they're about to be bought by Yahoo or Google, the hackers descend in droves."

Write to author David F. Carr.

Related Story: Yahoo's Performance Guru: 14 Tenets for Speeding Up Sites