Tim Bray, one of authors of XML, voices concern about PHP:
If you want your ears bent back, have a listen to Zend CEO Doron Gerstel; heâ€™ll tell you that half the websites in the world are powered by PHP and that there are 2Â½ million developers and that the war is over and PHP won. So hereâ€™s my problem, based on my limited experience with PHP (deploying a couple of free apps to do this and that, and debugging a site for a non-technical friend here and there): all the PHP code Iâ€™ve seen in that experience has been messy, unmaintainable crap. Spaghetti SQL wrapped in spaghetti PHP wrapped in spaghetti HTML, replicated in slightly-varying form in dozens of places.
But in the big picture, it feels vulnerable to me.
Vulnerable? I think Tim Bray misses a key point...
As a corollary, one of the probable reasons the takeup of PHP5 is so slow is because PHP4 provides sufficient hacking power already. I think PHP5 is more attractive to people who want to code with rigor.
So is PHP4 perl for the web? PHP can be used or abused, just like perl. The abuse is what makes it popular :)