We Keep Coding

New language on top of PHP?

I'm a PHP developer. I like PHP! It is a really good language if you know how to use it, but I know it allows very bad design sometimes.
It reminds me of JavaScript which has good parts and bad parts. One particular project, CoffeeScript, tries to focus only on the good parts, forcing you to write good code.
I was thinking if something similar could be done with PHP... A new syntax that would be compiled only to good PHP code taking advatage of all the new and exciting stuff we can get with PHP 5.3.
So, getting ahead of some people, I'll ask: Why create a new language on top of PHP if you can just use Ruby or Python or something else?
PHP is easy to deploy anywhere
The language itself has a lot of good features and ideas
There are lots of good libraries written in PHP
...
So, my real questions here are...
Is this a stupid idea? Why would it be? Do you think CoffeeScript is stupid?
How do someone starts to create a new language on top of another? I know nothing about this, but I would like to learn. Where to start?

The idea is definitely not stupid, especially if executed well.
I like coffeescript a lot, but it has it's approach has downsides as well. Debugging a coffeescript script still requires you read the generated Javascript code, which can be tedious, since you haven't written it actually yourself.
I've understood that Jeremy Ashkenas, the creator of coffeescript has started to work on coffeescript after reading "Create your own freaking awesome programming language" by Marc-André Cournoyer.
Good luck!

The reason CoffeScript is a good idea is that if developers want to run code in a client browser they have to use javascript; so the only way to program in a different language is to allow that language to be convertible to javascript.
I'm not sure the same really applies to server side programming. If you've got issues with PHP and want to use a new language there is no real advantage to having that language generate PHP.
On the other hand, a language that was very similar to PHP, but fixed some of the flaws would be a great idea.

Heh, great idea. My thoughts, some contradictory...
There are precedents for civilizing bad languages by putting syntax preprocessors in front of them.
In the early days of Unix, Fortran was popular and about the only portable language because most machines had no C compiler. But the vanilla Fortran of the day didn't even have block structured if-then-else, just a goofy single-statement if or an if-goto. So, the Ratfor language was implemented as a preprocessor for Fortran-66.
I believe there were (are?) Cobol preprocessors that presumably dealt with the verbosity and limitations of early Cobol dialects.
To this day Unix-derived systems ship with a macro processor called m4.
Several CSS preprocessors are available today, most notably Sass and LESS.
But...
Just let it die, and the sooner the better
The problem isn't really in the syntax.
I don't see much of a JavaScript-PHP parallel. JavaScript is a great language. It's kind of the opposite of PHP.
I'm not sure why you say that PHP is a great language. It's one of the worst. Every decent feature is a patch or repatch in a recent version.
As you noted, there is a fixed-up version of PHP already: it's called Ruby and, as a language, it's near-perfect. There is another fixed-up version called Python. The world would be better off in the long run if we support the better systems.

It is here now. A new language which is to PHP what CoffeeScript is to Javascript. (I.e., awesome.)
SNOWSCRIPT
Snowscript code looks like this:
fn how_big_is_it(number)
if number < 100
<- "small"
else
<- "big"
PHP output looks like this:
function how_big_is_it($number) {
if ($number < 100) {
return "small";
} else {
return "big";
}
}
All it needs now, is you.

If it would be to PHP what something like sass is to CSS, I'd be interested. But what would exactly would you want to add? Or would you just want to weed out the bad?
And what would you consider to be the bad?

Writing a PHP syntax transformer would probably be a neat project.
However, don't forget that PHP's standard library is a huge mess. Cleaning that up, would be a far bigger task.

The more I am thinking about this, the more irrealistic it sounds. The reason is simple: There actually are such language proprocessors already. Two of them (though not using PHP as implementation, only as compilation target) can be found here. But simply nobody uses them.
Yes, if the compiler itself were written in PHP, probably more people would use it. But I really can't see a way how to get this popular enough to be worth the work.
Another big problem is, that people mostly are used to their awesome code-highlighting, code-completing, code-inspecting IDE. Without getting IDE support probably merely anybody will use it (and IDE support can only be obtained by having many people use it...)
Thoughts?

I can see writing compilers to JavaScript (because the web imposes it upon us), but this sounds like a waste of time.
Haxe already does this, although it's not specifically targeted at PHP (linked to the Wikipedia article instead of their website because I'm afraid I'm going to get exploited if I visit the real site...)
PHP is easy to deploy anywhere
...as are its vulnerabilities.
I know it allows very bad design sometimes.
That's a bit of an understatement, it doesn't even have a module system, has no encapsulation, and has tons of silly things such as dynamic name resolution.
PHP is slow enough as it is, do you really want something an order of a magnitude slower?
Java is much more easy to deploy anyways, and lets you drop down to the bytecode level if you want. Java also gives you access to moderately sane libraries.

This is something I have thought about already often. PHP just is messy at some points.
Actually, I already have a project PrePHP focusing on providing PHP 5.3 functionality to PHP 5.2. But it adds some minor language features, like func()[0]. I haven't developed this project for some time and it definitely isn't "clean", but it shows, that what you want is possible and actually even not that complicated.
If you are serious about this, I am perfectly willing to collaborate with you.

Very interesting idea and if it come to life i think that i wan't to be involved in :)
For start You may check and read this position http://www.amazon.com/Masterminds-Programming-Conversations-Creators-Languages/dp/0596515170 (iam reading it now). It makes clear how really complicated is to maintain own language.

I agree that PHP definitely could do with some improvement, right now it allows for too much fooling around.
Some things I'd like to see
Static Typing
Required indentation
Proper use of objects (using arrays as objects is just stupid)
Then again, maybe I should just drop PHP and start working with Ruby or Python.

I'm like 8 years too late, but I'll answer anyways for anyone else who stumbles upon this.
Hack is a language developed by Facebook to deal with some of the issues of PHP, since Facebook had a large PHP codebase. Hack adds some nice features on top of PHP such as gradual typing (what TypeScript has) and generics, among other features, and gets rid of some of the more dangerous PHP features. Hack was at one point a superset of PHP, but is no longer completely compatible after removing some of the worse PHP features.
This is slightly different from what you were asking, since at this point Hack has its own interpreter, written by Facebook, but this started out as "better language that compiles to PHP", so I thought it was worth mentioning here.

Is there a "right" way to use php?

I have been learning php, by just plugging away at it.
I was hoping someone could point me in the right direction in regards to security, flow and general best practices?
Thanks.
edit--
I suppose a better way to phrase what i am trying to ask is..
What is the best practice:
1.) when processing forms with php, get vs post, $_REQUEST vs $_GET & $_POST
2.) when dynamically creating HTML files (example below)
3.) logins & authentication in the same file as the form creator
4.) Sending e-mail with php
From #2 above
<?php
echo "<h1> Welcome </h1>";
if ($_SESSION['type'] == "admin")
{
//lots of html in the echo statment
echo "tables and admin interface here";
} else
{
//lots of html in the echo statment
echo "tables and user dashboard here";
}
?>
--VS--
<h1> Welcome </h1>
<?php
if ($_SESSION['type'] == "admin")
{
?>
lots of html in the echo statment
tables and admin interface here
<?php
} else
{
?>
lots of html in the echo statment
ables and user dashboard here
<?php
}
?>
--VS--
<?php if($_SESSION['username']): ?>
<p>You are logged in as <?=$_SESSION['username']?></p>
<p>Logout</p>
<?php endif; ?>
ps:
Thanks to everyone who already responded.
Can I also inquire where does a framework fit? I took a class in OOP and we didn't become familiar with any frameworks.
I read lot on the Symfony and zend frameworks but am still confused.
thanks again.

Good programming is irrelevant of language. I suggest you start studying software development concepts such as object oriented programming, design patterns, separation of concerns, reuse, encapsulation, testing and refactoring. Start at any of those and keep "plugging" away at the list and you will get better.
PHP specific - learn the accepted coding standard, such as PEAR's or Zend's. After you've assimilated some of the concepts, pick up a good reference such as one of the top frameworks mentioned in the other answers - Zend Framework, CakePHP, Symfony among others.

The PHP community has never really been strong at offering up any development guidelines or advocating best practices. In the pre-framework days typical php code written by most devs was very amateurish and disorganized - see the Wordpress source code. But PHP is a good language for web apps. It was made for the web and you can write good professional code with it if you want to. It's trendy to bash it but disregard that stuff.
Anyway, like the others have said here your best bet is to use a framework. Being a newbie, it will be important for you to pick a framework that is well documented and has a strong community to help you get over the hump. Here's my rundown of the major php frameworks:
Kohana => a good one but poorly documented with a weak community. skip it.
Zend => the most popular framework for php w/good docs but another poor performer as it's overdone with objects and patterns in an attempt to be overly enterprisey.
Cake & Symfony => are 1st generation php frameworks and also have a rep for poor performance. I'd skip both. A new version of symfony is in the works but not ready.
Lithium => cutting edge new framework led by one of the Cake devs. using php 5.3 and claims to be fast. BUT, not at v.1 yet & also have poor docs at this point => http://li3.me.
Codeigniter => popular, fast, good docs and community. very easy to learn. v2.0 hasn't officially been released but is ready for production use and is php5 only. You can use the same documentation that is on the CI site for v1.7. The versions are very similar except 2.0 drops php 4 support finally. here is the download for 2.0: http://bitbucket.org/ellislab/codeigniter/
YII => Really gaining momentum despite it's goofy name. It's a fast performer with GREAT documentation and a ton of features. A new book is out too. The community is so-so but growing. This framework imo takes a lot from rails. There a web-based code
generation tool and it uses active record. http://yiiframework.com/
you can build apps a lot quicker with YII due to the code-gen and active record but it will be a bit harder to learn than CI. You may find it getting in your way a bit more too as you try to do everything the YII way. CI is more flexible - gives you the foundation you need w/o getting in your way. So for now i'd recommend codeigniter.
good luck!

Use a freely available framework such as:
Zend Framework
CakePHP
CodeIgniter (See comments)
Kohana (From #Alex's answer)
and follow the standards specified by that framework.

Take a look at a reputable open source software, that is known for good code.
Look at Kohana's source, or any of the others from Billy ONeal's answer.
I wouldn't recommend using CI's source as a guide - as I think it still supports PHP4, so some of the code will be useless to learn - unless you plan on writing PHP4 code, which is a bad idea if you are only learning now.
Do not look at WordPress, you will pick up some terrible habits.
Also, while I think of it, learn about OO, and the difference with procedural code.

Why does everyone attack php? Many many excellent sites run off it. At least until they get big enough to merit an overhaul.
99% of the internet is just throw away sites that don't get much traffic, compared to sites like facebook or amazon, so why should they care to learn a language more sophisticated, stable, or strict, if php gets the job done in a cost effective way that is no less stable or secure for what is needed?
Most of the sites I build run off Kohana - a branch from codeigniter. Both are useful. Who cares if CI uses php4. What if you get hired by a web firm that has archaic sites? Guess what - you will need to know php4. That complaint is like saying you no longer need to know tabled html... until you have to design and code a newsletter template for some big company. Then what? Crash course it with google searches?
I say the RIGHT way to use PHP is to follow examples. Yeah wordpress has some awful habits, but it works and is only one of the most successful platforms out there. What does that tell you?
I would say you could learn a lot from a framework like Kohana - and even CI - since both have decent security methods that are not hard to follow. Things like database escaping and xss filtering. It will ween you into OO programming if you are not familiar and both have a decent userbase so you will not get stuck with no answers.
Don't let these guys scare you. for beginners PHP is a good move. Eventually something like Java or objective C will be more beneficial for jobs and application, but learn it when you get there.

It is possible to code well in PHP. Probably the best resource I've seen so far as to just how is here in StackOverflow: browse the questions marked PHP.
In no particular order, some specific things to help you on your way from my years programming in PHP:
Enable Notices and then make sure you don't write code that triggers them. PHP's default install doesn't enable Notices, which is fine for a Production environment, but bad for a Development environment. Unfortunately, their default php.ini file doesn't seem to know which it is being an example for.
Similarly, make sure you have magic_quotes and register_globals both turned off. They are both designed for more simple and naive programming times and today create more problems than they solve.
Initialize variables before you use them. This also means array elements. If your code isn't sure if the variable or element exists, use isset() and array_key_exists().
Pick or develop a sensible coding style and stick with it. You don't need to be frugal with whitespace or linebreaks.
Check for variables you are expecing to be there. This is a tricky one. A great example of this is when processing a HTTP POST that may have a lot of variable elements. Figure out what should be in $_POST and look for that. Don't assume that what is submitted is always going to be what is supposed to be submitted.
Along the same lines, check for the correct values, not the incorrect values. If you need a variable to have a valid value, look for what constitutes a valid value before proceeding, not what might be an invalid value to throw away. For example, if you need a submitted variable to be an integer, then check it's an integer, don't check for a null-string as a null-string isn't the only invalid value!
Separate database access, logic and presentation (this is often called Model-View-Controller programming). Another way of putting that is that you shouldn't be comixing code that is processing ther last POST request with HTML markup being emitted with SQL queries. Most frameworks will enforce this.
If you're not using a framework that provides an Object layer, you will be rolling your own SQL. Either use prepared statements, or use the DB's own quoting function for strings, not addslashes().
It was very easy in PHP 4 to use a lot of memory because structures got copied, not referenced. PHP 5 largely solves this specific problem, but it can still happen with strings. This also doesn't address the tendancy of some APIs to create large structures.

To provide something other than "use a framework" or "look at a framework," here are quick rule-of-thumb PHP-specific practices I've found that make a big difference.
Use PDO and abstract it into a class (or use an existing class). Do not use mysql_query or such functions.
Logic before output. Do not do things such as <?php if($x) { ?> HTML here <?php } ?> (using HEREDOC syntax helps enormously with this).
Use the __autoload magic method to limit includes
These alone would be night-and-day transformation of a lot of ugly PHP code I see. Then there are the obvious language agnostic rules such as consistent naming conventions, self-documenting code, etc.

What language to use - simple form + MySQL + admin page

Apologies if this is not the right place to ask but here goes...
What should I use to create a simple web application for our website?
I'm the IT guy for a small non-profit. On our website we have a page with a large form in which users can fill out information on an application form. The information gets sent to a MySQL db. This data can then be accessed and edited by a couple of members of staff behind a logged-in part of the website. There's only two dbs being used: the main one with all the data and the one used for login details for the web app. It's all done with PHP and functionally is fairly simple - just a form with lots of fields to collect data and a basic secure "manager" page to do a bit of stuff with that data.
The problem is that we need to make changes to the app, and to extend its functionality quite a lot. I have a little bit of experience playing around with PHP but I've taken one look at the code used and decided it'll take too long to decipher it and see what's happening where. The code is uncommented and a bit of a mess.
I'm starting to think that rather than investing time to relearn what little I knew about PHP and untangle all the code, I might invest the time in learning another language and/or framework to get this done. I want the resulting web app to be a lot easier to maintain in future by me or anyone else who comes along and has to make a change.
Would you recommend using Django/Python for a project like this? Zend/PHP? Just PHP and notepad? I want the app to be done fairly quickly so the less steep the learning curve the better. Many thanks for you time.

Another good PHP framework is CodeIgniter.
They also have a good webcast that outlines how to begin with the framework as well as create a simple blog [tutorial].

I would recommend a PHP framework, such as CakePHP. Spend 20 minutes of your time and follow their blog tutorial.
Using PHP alone can be tricky, especially when you will have to deal with security issues.

From what I can see you have asked 2 questions.
1. Should you maintain and extend the current code base or do a rewrite?
Rewrites always take longer than you think. And even if you do the rewrite to avoid learning the codebase you would still need to learn the current codebase to ensure you capture the current functionality before adding any new features in the rewritten codebase.
I would keep the current codebase and maybe do some refactoring as you add features.
What should language and frameworks should you use?
I would stick with PHP, CakePHP is a solid framework and so is Zend. I would read up on both and do a couple of tutorials and make your decision.

As Anax states, I'd suggest that you look to use PHP. If code is already implemented then you have a start.
PHP isn't hard to re/learn. I know some don't like it, others like it but simple fact, either way it isn't hard to learn. But, more importantly consider the following:
You obviously have access to the hardware stack required to use PHP and MySQL. Introducing a new language/technology may cause unforeseen issues with getting a production site set up.
Now this doesn't mean that you can't write certain components in other languages. You could, if you were so inclined. But you probably shouldn't be so fast to get rid of PHP just to learn another language. Do you have important (technical) compelling reasons to use something other than PHP?
If you are mostly concerned about the spaghetti code in place, you can get that anywhere -- even new development. Better to re-factor the code and fix and add to what you have than start from scratch.

I can offer some general considerations:
Whatever language you choose, get a good IDE for it. Having automatic syntax validation and code completion helps a lot if you're a beginner. Don't use plain text editors.
Teaching yourself how to code well will make for a very frustrating experience unless you have a lot of patience. This generally comes from being really sure that you want to do it.
Be very conservative in your time estimates. Having many setbacks is guaranteed if you're a beginner.
Start out by focusing on reading about writing code, not focusing on writing code. If you're learning Python, read the official tutorial first. The same goes for PHP.

PHP Practices for first time web-programmer [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have this idea for a website that's been floating around my head for quite sometime now and now have finally decided to get to work on it. Due to the nature of the project and my experience I am getting comfortable with the idea of running it as a PHP+MySQL application on an Apache server.
This is my first time doing web programming of any sort(I have a background in sysadmin and mainframe systems coding) and I am pretty unsure of what practices to take into consideration so that I don't find myself undoing/redoing things later in the project. Considering all the flak the language has taken on StackOverflow(which can be seen here and here) it would be nice to have a set of common mistakes to watch out for for a beginner like me. I did find this thread outlining things to avoid in PHP but most of the points made little sense to someone like me who's just setting out in PHP.
Do you have any suggestions, tips or tutorials outlining common gotcha's in the language which might come back later in the project demanding entire rewrites.
For what it's worth I am currently working my way through Programming PHP(O'Reilly) and PHP in Action(Manning).

I was in a very similar position a couple years ago, having come from a NOS background myself.
I actually started with PHP and MySQL for dummies. Once I had absorbed the knowledge contained therein, I hit the Web (I used SitePoint a lot, like Boushley recommended) and I read a couple of O'Reilley's book on the subject.
Once thing I will tell you, is that if you want to streamline your understanding and your efficiency, I have found great success with a number of MVC frameworks(CodeIgnitor, CakePHP, etc). If you have no idea what MVC is, I recommend finding out. Now that I use MVC, my code is easier to understand, modify, troubleshoot, etc.
And honestly, half of the learning in PHP is running into those common mistakes and learning from them. Its hard to appreciate those 'common mistakes' until you make them.
Don't worry about HOW you are going to learn, just START leaning!

If I could give you one piece of advice, it'd be to use a framework - they will make your life so much easier. They take away all the repetitive code from programming websites, handle security concerns and abstract lots of things, as well as make you build your website using a pattern such as Model-View-Controller.
I highly recommend the CodeIgniter framework for it's simplicity, power, great documentation and ease of use, but there are plenty of other good frameworks too. There are lots of questions on SO on this so have a quick search. There is a fantastic introductory screencast on CodeIgniter (soon to be a series) from BinaryCake, so check that out here.
I hope that's helped! If you have any PHP concerns, feel free to message me - it's my area of expertise (along with CodeIgniter) and I love it!

While still developing, have all errors show up:
ini_set('display_errors', '1');
error_reporting(E_ALL | E_STRICT);
Can save a lot of time (in case of say, typos in variable names). Change this when it goes live to not display or only display "real" errors depending on the type of site and security levels involved (you don't want everyone to know paths and variable names and such..).
Find a variable/function naming convention (under_scores vs camelCase vs..) that suits you and stick to it. Also, classes go in the /class directory, includes in /inc etc. Both these make it easier to understand your own code years from now. Oh, and the same goes for coding style, I guess: choose one and stick to it (indentation, bracket style, ..).
Comment your code :-) Personally I also have a little log at the end of longer files that shows when I did what and why. Each addition is timestamped, and the same timestamp is also in the comments behind the change itself, as the line number on which it sits can easily change. Similarly, in an included file containing a bunch of functions, I have the list of function names in a comment at the top of the file, with a one-line description behind them.
Finally on security (though this should really be your first concern ;-) ), treat all user input as suspect. That's POST & GET data, cookies, user-agent string, search strings - anything that is supplied by the browser. It's trivial to change cookie data or change/add form items.
Read up on SQL injection & XSS attacks, and look at PHP's relatively new data filter functions: http://php.net/manual/en/intro.filter.php

Google any of these to get some good reading
Don't use register_globals
Turn off magic_quotes - escape all user entered input in SQL statements
Escape any user entered input printed with htmlspecialchars()
Plus a lot more... These are some common things to watch out for though.

There are a number of great websites out there with lots of tutorials. One that comes to mind is Site Point. They'll try their best to sell you a book or two while your're there, but they do have some decent articles. This article for instance discusses some common security blunders in php.
http://www.sitepoint.com/article/php-security-blunders/
They have lots of them...
http://www.sitepoint.com/search/search.php?ps=10&q=php&submit=Search
Also a nettuts.com has a load of tutorials an things of that nature. They're more all across the board though.
http://nettuts.com/
And I think pretty much everywhere you look you'll see the common ones like watch out for register_globals, magic_quotes...

one good book to look at that is also free to download here covers beginner to advanced PHP techniques and is good way to learn good standards :)

Use a framework and use Object Oriented Programming

Books are great for learning additional languages, but for your first one, a good video tutorial is a great way to go!
Register for a Lynda.com account (google: lynda trial) and sign up for as many one day trials as you need (or be a good honest person and purchase a week). They have a pretty good beginner and advanced PHP series of video tutorials which are (IMHO) a great way to learn your first language.
A tip: If you can start programming Object Orientedly from the get-go, you will save some time in the future and learn good practice from the start, luckily the advanced tutorials cover this!
Here's a link: http://www.lynda.com/home/DisplayCourse.aspx?lpk2=435
I've never taken this particular course (when I learned a few years ago, it was different), but I just recommended this to a friend (who was just starting), and he really liked it!
Hope this helps!

If you're new to programming in general, A database backed web application is likely to be a bumpy ride. You will probably be programming in at least two, real programming languages, PHP and SQL, and if you're going to do anything of modest complexity, JavaScript too. Keeping them strait will be rough, because they are all quite different.
Just to warm up to programming, you might want to start instead using a more focused learning excercies, such as working through the Euler Project problems, or Code Kata.
Either way, Try to pick up good habits wherever you learn about them, including the popular suggestion here of using an MVC framework for the heavy lifting.

How to use PHP for large projects? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
The question has been asked: No PHP for large projects? Why not? It's a recurring theme and PHP developers--with some cause--are forced to defend PHP.
All of these questions are valid and there have been some responses but this got me thinking. Based on the principle that you can write good code in any language and bad code in any language, I thought it worth asking a positive rather than negative question. Rather than why you can't, I wanted to ask how you can use PHP for large projects.
So, how do you write a large, complex, scalable, secure and robust PHP application?
EDIT: While I appreciate that the organizational aspects are important, they apply to any large project. What I'm primarily aiming for here is technical guidance and how to deal with common issues of scalability. Using an opcode cache like APC is an obvious starter. Cluster-aware sessions would be another. That's the sort of thing I'm getting at.

For the most part, the problems with php are not so much with the language. The problems come from the coupling of a low barrier of entry and the lack of any infrastructure to avoid common programming problems or security problems. Its a language that, by itself, is pretty quick-and-dirty. Nevertheless, it still has many advantages for large-scale web apps. You'll just need to know how to add in some level of infrastructure to avoid a lot of the common web programming blunders. See - What should a developer know before building a public web site for help with this.
You need to learn about the reasons php can make your web app to be insecure or problematic and learn to mitigate those problems. You should learn about how to use php to securely access your database. You should learn about avoiding SQL injection. You should learn about evil things like register_globals and why you should never ever use them. In short, you should do your homework about your tool before just diving in for a real-world, large-scale, web app.
Once you are educated, it comes down to you'll probably want to build a framework or use a preexisting framework that will mitigate these problems. Popular frameworks include PEAR and Zend.
Also, useful questions that might help:
What should every php programmer know?
What should a developer know before building a public web site

Using PHP for large projects isn't different than with any other language. You need experience and knowledge in writing maintainable and extendable source code. You need to be aware of security pitfalls and performance concerns. You need to have researched your problem domain and be well familiar with it.
In the end, same as any other language - what you need are high-quality and well-motivated developers.

i know, this is a little out of date, but still, i'll tempt an answer ...
use Haxe/PHP ... i could delve into details ... but if you look at the language, its features, and the nice way the PHP API is encapsulated into something rather consistent, you will soon see, what PHPs problems are ... and also, you have all the benefits of Haxe in the end ...
edit: this was a serious answer ... Haxe/PHP automatically solves a lot of problems mentioned in the post flagged as answer ...
register_globals is turned off ... you get your parameters through the php.Web
using the SPOD-layer (same API for php) for the database automatically takes care of escaping (and will automatically provide your model (and templo is quite a good template engine, so that should help for your views))
having a typed language, you are more likely to write better code ... plus language features as generics and enums are very powerful ... and there is a lot of compile time magic in Haxe that is also of interest ... a more powerful language is always good to adress complex problems ...
if you want to use other PHP frameworks, you only need to write the external classes and everything will work as expected ...
i think Haxe is a very good answer to "large", "complex", "secure" and "robust" ... scalability does not come from Haxe itself of course ... but still, if you check out haxelib, then you find many things, that would help for scalability ... such as memcached (you will have to change neko.net.Socket to php.net.Socket in memcached.Connection) ...
if you really want to use the PHP language, and not just the platform, Haxe won't help you of course ...

You do as you would in any other language or any other enviornment.
There are a couple of simple steps in project development:
Organization; You need to organize everything, having documentation, uml diagrams and other pre-work done, before you start programming.
Structure; Before you start coding and also aftter starting, you need to have a focus on structure, meaning that you always need to do it correctly and not do any spagetthi solutions. Keep code simple and well commented.
These two points, are simple and apply in all development areas, despite the language. Keep it simple and well documented and you will find that developing a large scale web app in PHP is as easy as it would be in ASP.NET, Ruby or whatever.
However when we come to the development stage, you need to get a nice IDE, use a good database, use a repo., get an MVC / Template system, this runs in the "Structure"-part though.
Just as a side point, splitting the application into different layers: DLF ( Data, Logic, Front ). Use at least these three layers and you will find that the development will go easy.

Use Model-View-Controller framework. It's been said, yes. And, have at least one engineer for each part.
Model: Your DBA should write the Model code. No should else should be allowed to write SQL statements.
View: The one with the best knowledge of CSS and Javascript should do the view part. He/she should write the least PHP code, he is the one using PHP variables.
Controller: She's the real PHP coder, and also back-end server engineer, hopefully, with or without using other script languages.