Choosing between these two technologies can be complicated. I’m going to analyze and compare three main aspects of these platforms: scalability, security and performance. Reading this article you can be absolutely sure I’m unbiased because I’m neither a Node.js nor PHP developer. All joking aside, let’s take a first look at both of them. After that, we shall try to choose a winner in the Node.js vs PHP fight. Hopefully, it will help you to make the right choice.
PHP is a server-side scripting language that is especially suited to web development. It was created by Rasmus Lerdorf in 1994. Nowadays it is one of the most popular languages for web development – one of the TOP 10 languages in the TIOBE index. PHP’s rich code-base includes popular website platforms (WordPress, Joomla, Drupal) and web development frameworks (Laravel, Symfony). Almost all web hostings support PHP.
PHP uses Composer as a package repository. It contains about 150,000 packages, which is three times fewer than npm, but still quite enough. By default, PHP uses an interpreted compilation strategy, which leads to less optimized code than JIT-base runtime, but you can use JIT-base runtime advantages using HHVM – an open-source virtual machine designed for executing programs written in PHP.
Node.js vs PHP scalability
To compare Node.js vs PHP scalability, let’s briefly recap what scalability is. This is the ability of a system to handle an increased amount of traffic or processing, and accommodate growth while maintaining a desirable user experience. There are two ways of scaling a system: vertically – increasing system resources, and horizontally – adding new servers into the cluster. From the point of view of software architecture there are another three main concepts of scalability: cloning – launching multiple identical copies of your application, decomposing – moving different features and functionalities into separated services, and splitting – making multiple copies of your service responsible for only a part of the application’s data.
Node.js was designed to build distributed applications with many nodes. That’s why it got its name. As I mentioned earlier, the technology is single-threaded. So, by default, you will use only one CPU core. You can scale your application across multiple CPU cores by running child process, using out-of-the-box cluster mode, or external process manager (PM2 for example). You can also configure multiple machine scaling using a balancer, such as NGINX, over the single machine cluster/application.
Scaling a PHP application is a bit different from Node application scaling – because PHP uses multiple threads, it already uses multiple cores of your server. So, there is no need to scale your application across the CPUs – it is already done. Multiple machines-scaling for a PHP application is the same with Node.js – you need to set up and configure the load balancer to operate with multiple instances of your application.
As you can see, there is no favourite in Node.js vs PHP scalability comparison, because there is no big difference between these two platforms. The main problem of scalability – how to share data through all instances. But this problem is the same for both platforms and is beyond the scope of this article. There are lots of ways to deal with this issue and a lot of articles, even books, about it.
PHP vs Node.js security
Node.js and PHP both usually work with a huge amount of user data – some of which is very sensitive in nature. So it is very important to make your application as secure as possible. As the saying goes – hackers need to get things right only once, while developers have to be right all the time.
Most security issues are general and apply to all languages and frameworks, regardless of whether PHP, Node.js or other technologies are considered. The most common issues are: click-jacking, cross-site scripting, cross-site injection, cross-site request forgery, sql/command line/regex injection, and many others.
Using Node.js npm-packages you can easily protect your application from various security issues – add a special http-header that prevents cross-site injection, or set a limit on authentication attempts. There are also some tools, such as The Node Security Project and Snyk, which you can use to protect your application from known vulnerabilities and even fix security-related issues in your code-base. For instance, the code below shows how to add some security http-headers by using helmet package.
var helmet = require(‘helmet’);
var app = express();
There is a good article which gives a good explanation about security in Node.js.
You can configure your PHP application to make it secure as well. For example, in the code below, we add X-Frame-Options http-header, which provides click-jacking protection.
There are also tools which can help you check your application and fix some security issues – for instance, Security Advisories Checker or iniscan. This article gives you brief info about security in PHP.
As you can see, when comparing Node.js vs PHP security, it can’t be said that one is more secure than the other. The only difference is the way you configure your service.
Node.js vs PHP performance
It is the most holy war-theme when you deal with any technology/framework comparison. Creating some kind of benchmark or something like that to compare Node.js vs PHP performance would be too synthetic. Any real project has too many “details” and circumstances, so benchmark results become absolutely incomparable and inefficient. Let’s just analyze different use cases in which each technology may be better than the other.
If you need to create any type of real-time application, Node.js will be a better choice. Real-time chats, video and audio conferencing, application sharing, collaborative editing of documents and many others can be easily created by Node.js because it provides powerful Event API. This API makes it easy to implement server-side events and push notifications widely used in real-time applications.
It can be any apps generating or editing graphics, audio or video tasks, for example. Node.js single-threaded environment is not so good at such tasks, whereas PHP is multi-threaded, so it will show better performance.
Node.js has native Stream API, which gives you an interface of readable and writable streams that can be processed and monitored easily and very efficiently. This is why in SoftMediaLab we often use Node.js for cryptocurrency exchange platforms. But PHP also has quite good streaming support. There is no winner in this use case.
Complex single-page applications
SPAs have heavy I/O workload characteristics. Each partial view, and each component can produce quite a large amount of concurrent requests. Node.js handles this workload in an efficient way regarding its single-threaded non-blocking I/O event loop. On the other hand, PHP processes concurrent requests in a synchronous manner, which can make the client app less responsive.
Multiple concurrent requests
It can be Internet of Things service, real-time chat or whatever else. For any application which needs to process multiple concurrent requests, Node.js can be a better solution. Blocking I/O processing in PHP can cause memory overrun, whereas Node uses a single thread with non-blocking I/O for each connection. PHP also supports non-blocking I/O with ReactPHP, but Node.js implementation is still a better solution for this kind of services.
Solutions such as a blog, news site, landing page or web portal are easier and faster to create using PHP. With such CMS’s as WordPress or Joomla, you can create stable and customizable blogs without too much coding. You can create this type of application using Node.js CMS’s like KeystoneJS or Ghost as well, but PHP-based solutions are by far more popular and have many more plugins and themes which let you customize your application.
Other pros and cons
There are some features in both platforms I haven’t mention yet:
- Node provides single language for both back- and front-end – this makes it easier to maintain a system and coordinate development process;
- Node has built-in server support – reasonable (though not for every production service), and you don’t need any additional software to launch your app;
- PHP has far-reaching code-base – there are lots of ready-to-use solutions, plugins, theme and the like. You don’t need to spend much time to start using them;
- Node has good support for NoSQL databases, such as MongoDB;
- PHP solution can be run on any platform (Windows, Mac, Linux) and almost any server.
|Complex Single-Page Applications||✓|
|Multiple Concurrent requests||✓|
|NoSQL database support||✓|
|Relative database support||✓|
|Single language for back- and front-end developers||✓|
As you can see from the table above, there is no single winner in the battle between Node.js and PHP. Both of them are very powerful platforms, but they are built around different architectures and concepts. Neither of them is a silver bullet, and neither will occupy the whole web development world. Each technology has its own use case where it shows the best results.