PHP is top server-side programming language on the web with nearly 79% usage

PHP is top server-side programming language on the web with nearly 79% usage

Although PHP doesn't usually come close to the podium in more general language popularity lists, it enjoys tremendous popularity in its target area - the world wide web. A new survey done by W3Techs shows that the language was used on nearly 79% of the 10 million most popular sites according to the Alexa barometer.

W3Techs released a report that includes a year-over-year chart from January 2010, through 2022. It found that PHP is used by 78.9% of websites and ranks far ahead ASP.NET (8.3%) and Ruby (5.2%). Java meanwhile moved into fourth position and now runs on 3.6% of these sites. The language has moved into fourth position since January 2021; it was then used by 3.2% of sites against 4.3% for Ruby. The only really impressive growth to watch is that of Ruby, which at 5.2% this month continues to see uninterrupted growth in W3Techs' survey. Ruby on Rails is relatively stable when it comes to the number of adoptions, according to the September edition of the TIOBE index.

Note that ASP.NET, which held an impressive 24.4% share in 2010 (against 72.5% for PHP at the time) has seen its shares gradually reduced in favor of other languages such as JavaScript (1, 5% on September 14, 2021), Scala (2%) or even Python (1.4%). In 2013, the language fell below the 20% mark and it was in January 2021 that it fell below the 10% mark.

There also doesn't seem to be a clear competitor for PHP in W3Techs results, the  decline of ASP.NET over the years has not produced a significant rise in PHP or any other language.

Regarding the versions of PHP used, version 7 remains the most popular; more than half of PHP sites (67.9%) use it. PHP 5 comes second with 31% usage, followed by PHP 8 and its 1%.

PHP 8 has been available since the end of 2020. This version therefore contains many new features and optimizations, including named arguments, union types, attributes, promotion of constructor properties, match expression, nullsafe operator, JIT (On-the-Fly Compilation), and improvements in the typing system, error handling, and consistency.

Instead of doing conditional null checks, you can use a call string with the new nullsafe operator. Which when the evaluation of an element of the string fails, the execution of the entire string is terminated and the entire string evaluates to null.

But PHP has not only been talked about positively. In March, a hacker compromised the server used to distribute the PHP programming language and added a backdoor to the source code that would have left websites vulnerable to a complete takeover, according to members of the open source project. Two updates pushed to the PHP Git server over the weekend added a line that, if executed by a website powered by this hijacked version of PHP, would have allowed unauthorized visitors to run the code of their choice. The malicious commits gave the code the ability to inject code to visitors who had the word "zerodium" in an HTTP header.

Zerodium is a broker that buys exploits from researchers and sells them to government agencies for use in investigations or other purposes. Why the commits referenced Zerodium is unclear. Company CEO Chaouki Bekrar said on Twitter that Zerodium was not involved:

"Thumbs up to the troll who put 'Zerodium' in today's compromised PHP git commits," he wrote. “Obviously we had nothing to do with it. Probably the researcher(s) who found this bug/exploit tried to sell it to many entities, but none of them wanted to buy this crap, so they burned it for fun”.

Prior to the compromise, the PHP group handled all write access to the repository on its own git server using what Nikita Popov, a PHP maintainer, called an "in-house" system called Karma. It provided developers with different levels of access privileges based on previous contributions. GitHub, on the other hand, had been a mirror repository.

Now, the PHP group is moving away from the self-hosted and managed git framework and replacing it with GitHub. The change means that GitHub is now the "canonical" repository. Contributors will need to be part of the PHP organization on GitHub and use two-factor authentication for accounts with the ability to make commits.