Continuing from the previous article: Head-to-head confrontation between PHP and ASP.NET (1) Security comparison ASP.NET officially requires you to use IIS. Unfortunately, IIS has a long history of vulnerability, which makes many administrators reluctant to deploy it to handle Web sites. It doesn't matter whether these weaknesses are due to flaws in Microsoft or because IIS is a target for hackers: these systems have a history of being hacked or compromised. PHP also runs on Apache, which is fast and open source and has a good security record. Additionally, as I mentioned, Apache runs on many platforms. If you're considering ASP.NET, but you want to use Apache as your Internet portal, luckily you have some options. First, you can use Apache to forward requests to IIS running internally on another machine. Apache then processes the static content and delivers the aspx content to the IIS server (not exposed to the Internet). However, if you want to leverage Apache to host ASP.NET, there are a few options that Microsoft may or may not support. As a last option, there's Ximian's Project Mono, which is dedicated to building an open source module. Please visit www.go-mono.com for more information. Database Coding Example One of the first things you should consider when choosing PHP or ASP.NET is the connection to the database. However, leveraging ASP.NET is more complex because you can choose any of many alternative languages. Of course, these code examples will have to be embedded in HTML pages, instantiated classes, etc. However, the following information will give you an idea of the coding styles of both. PHP 5 and Oracle connection Below is a PHP 5 class that provides an Oracle connection and disconnection routine to demonstrate the use of PHP 5 (other drivers (such as ODBC drivers) and common database interfaces can also be used) with One way to connect to Oracle: class oracle_object { protected $theDB; protected $user; protected $pass; protected $db; function __construct($u, $p, $d) { $this->user = $u; $this ->pass = $p; $this->db = $d; } function db_open () { $theDB = @OCILogon($this->user, $this->pass, $this->db); db_check_errors($ php_errormsg); } function db_close() { @OCILogoff($theDB); db_check_errors($php_errormsg); } function __destruct () { print ("so long..."); } } ASP.NET with Oracle connection if you wish To connect to Oracle using VB.NET (Visual Basic is Microsoft's default .NET programming language), then please take a look at this example from MSDN: Imports System Imports System.Data Imports System.Data.OracleClient Imports Microsoft.VisualBasic Class Sample Public Shared Sub Main() Dim oraConn As OracleConnection = New OracleConnection ("Data Source=MyOracleServer;Integrated Security=yes;") Dim oraCMD As OracleCommand = New OracleCommand ("SELECT CUSTOMER_ID, NAME FROM DEMO.CUSTOMER", oraConn) oraConn.Open( ) Dim myReader As OracleDataReader = oraCMD.ExecuteReader() Do While (myReader.Read()) Console.WriteLine(vbTab & "{0}" & vbTab & "{1}", myReader.GetInt32(0), myReader.GetString (1)) Loop myReader.Close() oraConn.Close() End Sub End Class Making a Choice Assuming that you have not yet decided to use PHP, I can assert that PHP's advantages far outweigh its weaknesses. (See an overview in Table 1.) These advantages boil down to price, speed and efficiency, security, cross-platform applicability, and open source opportunities. Its only weakness is the lack of a pure and perfect OOP implementation, but this is a minor drawback. While language constructs do help, good coding ultimately comes from practice, execution, good habits, and discipline. Table 1 PHP 4 PHP 5 ASP.NET software price free free free platform price free free $$ Speed strong strong weak efficiency strong strong weak security strong strong strong platform strong strong (only for IIS) platform any any win32 (only for For IIS) Is the source code provided? Is it abnormal? No Yes: OOP. Weak, strong, strong price. Here we should not simply consider the initial investment - which is obviously free in the case of PHP - but also the cost of implementation, maintenance and debugging. For PHP, you may want to purchase the Zend optimization engine. However, with ASP, you make an investment from the beginning, and you also pay for additional technology—for example, libraries that perform graphics processing. But in the long run, PHP won't force you to upgrade and charge you more for the license. Everyone who has worked with complex licensing knows that many companies spend vast amounts of time and money just to ensure compliance. Also, when it comes to getting bug fixes, the response you get varies. This of course will translate into time, which will translate into overall development costs. Speed and efficiency. As I mentioned earlier, ASP.NET is a framework that allows you to use various programming languages. Additionally, it is said to have an excellent object-oriented model. While all of this is true, it's a disadvantage when considering speed. For these reasons, running an ASP page in ASP.NET requires more code to be executed than running the equivalent PHP page in the PHP engine.PHP is a "quick and dirty" solution, a solution designed to get the job done. Although it has received many robust enhancements since versions 2.0 and 3.0, it still retains the core optimized high-speed approach. Speed isn't the only factor to consider. Memory usage is also important. Security. ASP.NET runs on IIS, and IIS has been hacked countless times — as every other week's IT news reports confirm. It has become such a burden, in fact, that despite its expensive sales pitch, many IT professionals still refuse to open their networks with an IIS web server. And PHP uses Apache. Apache has a proven track record of speed, reliability, and solid security. Please visit www.securityfocus.com for more information. Cross-platform applicability. ASP.NET runs on IIS and is starting to run on Apache (Apache runs on many platforms). PHP was designed from the ground up to work with Apache, so you have many proven and reliable server platforms to choose from. Open source opportunities. Open source isn't just left to a few whimsical programmers or companies looking to save some licensing fees. When you're dealing with bugs in the software itself, open source can be a real godsend. In the case of either PHP or ASP.NET, you have a large user base who use the software and may encounter errors. With ASP.NET, these bugs must be notified through an official process, fixed, tested, and eliminated in a new patch or version. However, PHP patches can be patched and released quickly. Anyone who has witnessed the development of open source knows that new versions and patches are often rolled out within days rather than weeks or months like commercial software. If this isn't quick enough, you can usually patch the problem yourself if necessary.