Which BIG Players use PHP & mySQL

OK first of I like to say PHP Rocks!!!

I’m trying to convience a buddy at mine
work who is Java Guru… I don’t want
to convert him but at least open his
eyes and let him know that there are other
things out there then just Java.

One his arguements is no “real” organization
with heavy transacations & high security
would use PHP & mySQL…
I know this isnt’ true!!!

Does anyone know any well known big
companines that use PHP & mySQL… that
have thousands maybe millions of hits
per / transactions per day

Thx in advance!!!, long live PHP :slight_smile:

Well, PHP might work fine for large project, but it would be bloody insane to use mySQL for applications of that magnitude. mySQL is good in many ways, and especially, it’s very, very fast. However, it does not scale well at all. When you get a lot of connections to the database at the same time, mySQL chokes.

So there are probably no big players out there that uses mySQL for big projects, at least not efficiently. I bet PHP, on the other hand, used by many. It’s MUCH faster than JSP.

Does Sitepoint fourm use MySQL?

Originally posted by husain
Does Sitepoint fourm use MySQL?

Yes, SitePoint uses mySQL, I belive. However, it was also mentioned in another thread that they are porting vBulletin to another database because mySQL really can’t handle the load. (I might be totally off, though) I’m sure Wayne can fill us in here.

Yahoo! Finance uses MySQL database. [more]

Some more websites that use MySQL database are listed in the MySQL.com website. This is where I got the Yahoo! Finance bit.

One his arguements is no “real” organization
with heavy transacations & high security …

transcation and MySQL! u dont mean it, do u?

Originally posted by jason604

One his arguements is no “real” organization
with heavy transacations & high security
would use PHP & mySQL…
I know this isnt’ true!!!

Your friend is correct to a certain to degree although some large companies use PHP such as parts of NASA or Bang and Olufsen, none that need a very high level of security such as banks will touch it, because out of all the languages available it is the weakest when it comes to security. This is due to several things, but the most obvious is that you do not have to explicitly create variables see the link below for a full list of the security concerns over PHP.

Neil - The variable problem is easily solved by changing the default error reporting level of PHP. Personally I never write an app that needs to be secure with register_globals set to on, I always make sure it is turned off. I then access the vars trough $_GET, $_POST, $_COOKIE etc. arrays.

PHP can be just as secure or unsecure as any other language can, it all depends on the skill of the programmer using it.

I know Ford use(d) PHP, British Telecom use it in places. There are lots of big people that do use it.

Originally posted by neil100
out of all the languages available it is the weakest when it comes to security
I disagree with this too. Take a look at this:
http://www.php.net/manual/en/security.php

Sean :slight_smile:

PHP is as secure as your web server (or as you write your code).

Karl I admit that lot of the security problems (such as explicitly creating variables, exec() and file uploading can be solved through reconfiguring the php setup and careful programming. However many of these changes greatly restrict your programming in PHP. Also part of the problem with PHP is because it is so loose it allows people to get away with sloppy programming and thus create security issues. I know this happens with other languages aswell, but to a much lesser extent.

I agree that some big companies do use PHP in parts, however I have yet to find a company that uses it for areas that need to be very secure if you find me a bank for instance that uses it then I will shut up;)

Also jason504 asked if large companies with high security use mySql - cue the laughter, just a couple of things foriegn keys and stored procedures.

In reply to seanf, you pointed me to the PHP manual to prove how secure it is, BRILLANT! Perhaps you would expect it to say in it’s own manual that PHP is less secure than JAVA or ASP.NET/C#.

Lastly MattR all languages are as secure as the webserver and as you write your code, but PHP is so open and loose it asks for trouble.

Originally posted by neil100
…PHP is so open and loose it asks for trouble.

Howso? I use PHP a lot and aside from some dumb programming practices by users I haven’t seen anything wrong.

You can not expect a relatively simple language like PHP to be as secure as fixing security holes in a programmer’s code, this just won’t do. One could make an insecure web app in Java and ASP aswell, and I wouldn’t blame the language they use, it’s all in their coding practices.
For example if I make a login script that checks for the variable $is_logged at the beginning of the script but doesn’t really pay attention to where it would be set, would PHP/ASP/Java/Perl be the guilty party when someone passes the variable in the querystring ?

Unfortunately in that case PHP would be the guliy party because none of ASP, Perl and Java allow you to set global variables within your scripts just by appending ?is_loggedin=yes to the URL :slight_smile: That said, as long as you make sure you ALWAYS empty a variables before use in PHP you should be OK (i.e put $is_loggedin = false; at the very top of your script).

PHP and mySQL are used by many large companies but PHP isn’t used for ultra high security things and mySQL definitely isn’t used for things with a very high load, as everyone else on this thread has pointed out :slight_smile:

Turning off register globals makes it no more difficult to program in PHP and it removes one of the greater security threats.

A poor craftsman should not blame his tools.

Originally posted by Karl
A poor craftsman should not blame his tools.

And as they say;

A great craftsman is known by his tools.

:smiley:

There is a good list of companies using PHP here:

http://www.imakenews.com/badblue/e_article000033275.cfm

The BadBlue newsletter routinely tracks enterprise/corporate use of PHP. You can sign up at this newsletter site or download the very compact (200K download) Win32 server that works well with PHP.

I know that hondamotorcycle.com used mysql, but i dont know if it uses php, and they are pretty big. . .

The truth is…PHP is a great scalable language…and building large, database driven applications means using database such as postgresql, oracle, sybase, DB2, informix. However the most popular for large scale e-tailers seems to be Oracle, however they are all seeming to find out the wonderful possibilities of making proprietary C/C++ solutions that scale and suit thier needs.

PHP is very secure…when you know how to secure it with special techniques. You can use the built in session functions, or write a database driven one for a larger application. PHP and any other database such as postgre can work faster under larger amounts of pressure, not to mention it can easily take advantage of the hardware once you apply simple tweaks to its ram usage.

Mysql is more for the beginners and smaller applications that do not demand as much power or toughness unlike the larger applications that need something different.

To put it short…any site that currently uses vBulletin is using PHP and Mysql (However I have seen sites port this to other databases such as sybase)

Not to knock JSP or anything…JSP is actually a fairly fast language to use (Java is soo powerful it scares me) and scalability is easily done, however is mainly objetc oriented unlike PHP…where its not completely oriented on objects and more so structured code.

Thats what I have to say as an answer though…