Slashdot Mirror

An anonymous reader writes "PHP just released the first release candidate of PHP 5 after 4 beta releases. It is considered stable and feature-complete -- so get testing!"

HitByASquirrel writes "Just doing the rounds and I found that Zend has released PHP 5.0 Beta 4: 'This fourth beta of PHP 5 is also scheduled to be the last one (barring unexpected surprises, that did occur with beta 3). This beta incorporates dozens of bug fixes since Beta 3, rewritten exceptions support, improved interfaces support, new experimental SOAP support, as well as lots of other improvements, some of which are documented in the ChangeLog.' Hopefully they won't have any 'unexpected surprises' and we'll see this before summer!"

HitByASquirrel writes "Just doing the rounds and I found that Zend has released PHP 5.0 Beta 4: 'This fourth beta of PHP 5 is also scheduled to be the last one (barring unexpected surprises, that did occur with beta 3). This beta incorporates dozens of bug fixes since Beta 3, rewritten exceptions support, improved interfaces support, new experimental SOAP support, as well as lots of other improvements, some of which are documented in the ChangeLog.' Hopefully they won't have any 'unexpected surprises' and we'll see this before summer!"

burnitall writes "The Vancouver PHP User's Group is hosting the ultimate deal in cons next Thursday and Friday (Jan 22 & 23) in Vancouver BC CA - registration is only $150 CDN vs thousands at more commercial events. This is a non-profit con bringing together some of the biggest names in PHP, including Rasmus Lerdorf ( PHP inventor ) and Sterling Hughes (PHP core developer) amongst others. The conference is put on by volunteers and is still seeking sponsorship ..."

burnitall writes "The Vancouver PHP User's Group is hosting the ultimate deal in cons next Thursday and Friday (Jan 22 & 23) in Vancouver BC CA - registration is only $150 CDN vs thousands at more commercial events. This is a non-profit con bringing together some of the biggest names in PHP, including Rasmus Lerdorf ( PHP inventor ) and Sterling Hughes (PHP core developer) amongst others. The conference is put on by volunteers and is still seeking sponsorship ..."

honestpuck writes " I am a big fan of the written word on dead trees, but sometimes I like to have the written word where I can easily search it, or cut and paste from it. That's why I like PHP.net and why I decided to get a copy of O'Reilly's Web Programming CD Bookshelf. And I am pleased with it, though not ecstatic." Read on to see what honestpuck liked about this collection, and what drawbacks it may have for you. The Web Programming CD Bookshelf author [Various] pages 540 paper, 1189 HTML publisher O'Reilly rating 7 reviewer Tony Williams ISBN 0596005105 summary A good resource for PHP developers, overpriced for others

The Good The Web Programming CD Bookshelf (WPCB) consists of a CD and a paper copy of Webmaster in a Nutshell, 3rd Edition. The CD contains an HTML version of that, as well as Dynamic HTML: The Definitive Reference, 2nd Edition, Programming PHP, PHP Cookbook, JavaScript: The Definitive Guide, 4th Edition and Web Database Applications with PHP & MySQL. There is an excellent combined index of the six volumes and a nice Java search engine, QuestAgent Pro version 4.0.9. from JObjects. According to the documentation for the engine on the CD, "It has problems running with Mozilla 0.9 and 1.0 and Netscape 7 on Mac OS 9, and occasionally on Linux"; I had no problems running it on Mac OS X in Mozilla 1.3, Safari or Internet Explorer apart from a small visual problem with another tab in Mozilla (separate windows was fine, only another tab in the same window caused a problem).

All the contents pages and indices of the volumes are of course hyperlinked. Once you are on the pages of a 'book' the top of each page has a link to the contents page, next page, previous page and the search form. The bottom of each page has next and previous buttons (with the relevant page titles), a link to the books contents page and index and below them all a row of links to the Bookshelf home and each of the books. Taken together this makes moving through the books and finding the information you want easy, for the most part.

Once you start using the collection there are some great benefits. The ability to just cut and paste the example code right out of the text you are reading cannot be underestimated.

The books themselves are the quality you expect from O'Reilly - well-written, well-edited and containing the information you need on a given subject. The one you get on paper, Webmaster in a Nutshell is a good overview of HTML, CSS, XML, JavaScript, CGI and Perl, PHP and Apache that I find a good desktop reference. The others provide a good depth and perspective on their respective subjects.

The Bad

Obviously a great deal of the work of converting the books to HTML must be done by automated software, and sometimes you wish a little more had hand-work had been done. For example, Dynamic HTML: The Definitive Reference has an alphabetical list of all HTML and XHTML tags and their attributes -- as one page of 23,000 lines of HTML. The only way into this mammoth list is via the book index, there is no quick list of tags with links on a separate page or other fast way.

My other complaint about that content is that the selection of books is PHP heavy. If you are involved in using PHP to build websites this volume would be a great help; others may feel they would have been better served by a collection that dropped at least one of the PHP books in favour of, perhaps, The Perl Cookbook. Webmaster in a Nutshell is not as useful in this collection as you might think, some of what it contains is covered by other volumes in the set. That's not to say that it isn't an excellent book and a good choice as the one that comes in paper with the CD, just that once again I'm not sure it really needed to be in the collection.

That brings me to my final complaint, cost. Sure, 6 books for $130 U.S. seems like a bargain, but unless you are interested in all 6 books (which means principally developing for the web in PHP) it starts to be less of a bargain. If you think of it as more expensive than a six-month subscription to O'Reilly's online book service, Safari (which allows you ten books, changeable when you want) then this is less than a bargain.

Conclusion

If you are developing for PHP then this might be a good resource at a fair price; you'll find it almost indispensable and (unlike Safari) you can use it when you're offline. If you develop in some other environment, it is an overpriced way of getting a few books as electronic text. If you develop for the web in Perl, then have a serious look at The Perl CD Bookshelf instead, or perhaps consider a Safari subscription.

You can purchase The Web Programming CD Bookshelf from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

PotPieMan writes "I recently finished reading JSP and Tag Libraries for Web Development, a book for JSP developers wanting to improve their skillset. Read on for my review." It's not a new book, but still relevant. JSP and Tag Libraries for Web Development author Wellington L.S. da Silva pages 420, including appendices publisher New Riders rating 6 reviewer PotPieMan ISBN 0735710953 summary A guide to designing and implementing JSP applications, with a focus on tag libraries.

The Scoop Web developers and designers have long wrestled with strategies for combining their efforts. Web developers don't mind looking at code but dislike dealing with the look of a page, while Web designers are the opposite. Dynamic Web page technologies, such as Microsoft's ASP, Perl's many template systems and Web frameworks (Text::Template, HTML::Template, HTML::Mason, CGI::Application, etc.), and PHP, were designed to give both developers and designers a chance to do their work without stepping on each other's toes.

Sun's answer was to release the Servlet API and later extend that to make JavaServer Pages. Initially, there was no clear role separation for servlets and JSPs, since a servlet could generate and display HTML just as easily as a JSP could perform business logic. The Model 2 architecture, based on Smalltalk's Model-View-Controller (MVC) design pattern, showed that servlets and JSPs complemented each other. Tag libraries extended the functionality of JSPs in a way that made it easier for developers and designers to collaborate.

JSP and Tag Libraries for Web Development is mostly targeted at Web developers who want advice on designing JSP applications and incorporating tag libraries. The book covers custom tag libraries, the Jakarta Struts framework, and various commercial and noncommercial tag libraries, such as Jakarta Taglibs.

What's to Like? The author starts with an introduction to servlets and JSPs, including a decent explanation of MVC. If you are comfortable with servlets and JSPs, this discussion is really more of a review than anything else.

The next two chapters introduce tag libraries and the author's example application (a simple article and author tracking system). The author illustrates the lifecycle of a tag, which helps if you haven't really used or written custom tags before. Da Silva also gives a very detailed discussion of tag library descriptors (TLDs). Some details might have been better left as an appendix, but it is nice to see such a comprehensive explanation of what you can put in a TLD.

Da Silva then spends about 100 pages on writing simple tags, iteration tags, body tags, and making all of these types of tags cooperate. The discussion is again very detailed, but seems unfocused in many parts. Very little of the code in these chapters ties in with his example application.

Next, the author spends three chapters on the Jakarta Struts framework. He explains how Struts naturally fits into the MVC design pattern and gives various examples of how to structure your Struts application. He also includes an entire chapter on finishing his example application, going over Struts ActionForms, Struts Actions (including a method to prevent double submission that I had not seen before), and Struts' method of internationalization on JSPs.

Finally, the author runs through the Jakarta Taglibs project and some commercial tag libraries. Brief examples are provided, but this chapter really needed more attention than da Silva gave it.

What's to Consider Overall, JSP and Tag Libraries for Web Development feels unfocused. The author's central points are explained well in many places, but lost in many others. With some reorganization, I think the book could make a much stronger case for appropriate uses of tag libraries, both application-specific and general (e.g. Struts and Taglibs).

Sections where general tag libraries are discussed read very much like the documentation available on project Web sites, such as the struts-html tag library documentation. These really should have been left as an appendix, with better explanations and usage examples provided in their place.

I was also very disappointed in the author's use of Struts Action classes. He combined various actions (add, edit, delete, etc.) to perform on a specific object and tested for a URL parameter to decide what to do. In my opinion, each action should be encapsulated in one Action class (AddObjectAction, EditObjectAction, and DeleteObjectAction). The author's design leads to URL hackery which Struts tries to avoid.

Recently, Struts released a stable version of the 1.1 series, which this book does not cover (it was published in early 2002). Readers should be familiar with the Struts documentation for this release before picking up this book.

The book's Web site is under construction, and I've been able to find little information on the publisher's site.

The Summary A okay book with room for improvement. While the author shows his technical knowledge, the book loses its direction in places. Most developers can probably get by with the documentation available on the Web. Table of Contents

1. Understanding the Tag Library Extension API
2. 1. Introduction to Servlets and JavaServer Pages
   2. Introduction to Tag Libraries
   3. Writing Custom Tags
   4. Cooperating Tags and Validation
   5. Design Considerations
3. The Struts Framework
4. 1. The Jakarta Struts Project
   2. Struts Tag Libraries
   3. Anatomy of a Struts Application
5. The Jakarta Taglibs and Other Resources
   1. The Jakarta Taglibs Project
   2. Commercial Tag Libraries
   3. Other Resources
6. Appendices
7. 1. Tomcat
   2. Allaire JRun
   3. Orion
   4. MySQL
   5. Mapping Servlet-JSP Objects
   6. The Apache Software License, Version 1.1

You can purchase the JSP and Tag Libraries for Web Development from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Sterling Hughes writes "The PHP development community is proud to announce the release of PHP 5 Beta 1. Downloads are available in both source and binary form (for Windows users). A full list of changes is available in the ChangeLog. Some of the new features include much improved OO support, completely revamped XML support, and the default inclusion of SQLite."

Sterling Hughes writes "The PHP development community is proud to announce the release of PHP 5 Beta 1. Downloads are available in both source and binary form (for Windows users). A full list of changes is available in the ChangeLog. Some of the new features include much improved OO support, completely revamped XML support, and the default inclusion of SQLite."

Sterling Hughes writes "The PHP development community is proud to announce the release of PHP 5 Beta 1. Downloads are available in both source and binary form (for Windows users). A full list of changes is available in the ChangeLog. Some of the new features include much improved OO support, completely revamped XML support, and the default inclusion of SQLite."

CEHT writes "Like Tony Williams said in his review on PHP and MySQL Web Development: "PHP and MySQL are probably the most pervasive add-ons to Apache web servers across the web". And I agree with him. PHP is a very powerful scripting language, so developers (not just web developers) can do almost anything with it." Read on to see how well CEHT thinks O'Reilly's PHP Cookbook helps you do that almost everything. PHP Cookbook author David Sklar and Adam Trachtenberg pages 608 publisher O'Reilly rating 9 reviewer Edmond Lau ISBN 1565926811 summary Solutions and examples for PHP programmers.

The approach that the authors use in PHP Cookbook is great. Like most computer books, the authors usually include a summary (in sentence forms) to illustrate what the readers will expect in each chapter. Skalar and Trachtenberg take this even further by including some preliminary (code) examples to explain the general ideas behind each chapters. The examples in the book are self-contained. In most cases, I've found examples to exactly fit my needs -- this makes it one of the better reference books.

Each chapter in the book is divided into multiple sections of Problem / Solution / Discussion with a FAQ style. In each case, a simple description of a problem is followed by a PHP script as the solution. But the meat is actually in the discussions: in-depth details are included here, where the authors also include references, extended ideas, and scripts to inform the readers how much more they can do about the issue.

For example, I was going to add a simple script to my website to parse RSS/RDF files from certain news websites (CNN, Slashdot, ...), and use it as my Mozilla homepage. (Who wouldn't?) This script seems to be simple, but I may make a mistake here and there. As reference, I opened up the book to the section "Parsing XML with SAX." Then I realized the authors already had the script to parse RSS/RDF files in the discussion. Bravo!

For myself, the most useful chapters I found are: Web Basics, Forms, Database Access, and XML. There are also good examples in topics such as security, internationalization, and file processing/management. However, this book does not cover the basics of PHP. If you are a good programmer, you should be able to get away with this using the PHP Manual. A good book to learn PHP is Programming PHP, also by O'Reilly.

Although this book covers a wide range of topics, it does not cover topics like generating PDFs. I would also like to see the authors add one (maybe two) case studies in later editions. That would give the reader a more concrete example of how to combine tricks presented by this book. Other than that, at the price of $39.95 (or $61.95 CAD), this book is a great buy!

Topics

1. Strings
2. Numbers
3. Dates and Times
4. Arrays
5. Variables
6. Functions
7. Classes and Objects
8. Web Basics - available online as example chapter
9. Forms
10. Database Access
11. Web Automation
12. XML
13. Regular Expressions
14. Encryption and Security
15. Graphics
16. Internationalization and Localization
17. Internet Services
18. Files
19. Directories
20. Client-Side PHP
21. PEAR

You can purchase the PHP Cookbook from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

akweboa164 asks: "I work as a lone developer creating small to medium scale PHP/MySQL websites for different clients. I have been doing this for about two years now, and have tried different things as far as website layout/architecture goes. With sites that use the fusebox architecture, front controller (thanks J2EE), N-tier, to having a simple 'include(config.php);' line at the top of every file, I am left with the feeling that all of the sites I have created are 50% elegance, and 50% nasty kludge. I am left with a sinking feeling because I know that they could be better, but I lack to expertise and experience to make them that way. I am looking for overall architecture that is open and fits within the constraints of PHP (ie. relying little on OO) and separates logic, makes updates easy, etc. I wanted to ask Slashdot's crowd of web developers what their most elegant code layout/design web solutions were, and what advice would you dish out to new developers, as well as seasoned professionals."

seldo writes "Everyone's favourite scripting language ;-) has released an update. From their site: 'The PHP developers are proud to announce the immediate availability of PHP 4.3.2. This release contains a huge number of bug fixes and is a strongly recommended update for all users of PHP. Full list of fixes can be found in the NEWS file.' This incremental release also has useful additions, such as updating to support GD 2.0.12."

seldo writes "Everyone's favourite scripting language ;-) has released an update. From their site: 'The PHP developers are proud to announce the immediate availability of PHP 4.3.2. This release contains a huge number of bug fixes and is a strongly recommended update for all users of PHP. Full list of fixes can be found in the NEWS file.' This incremental release also has useful additions, such as updating to support GD 2.0.12."

Yet Another OO Fanatic writes "PHP core developer Sterling Hughes has a excellent presentation (mirror) about PHP5 online. So far it seems to be the best coverage of the new features in PHP5; highlights include the new object model, namespaces, interfaces, access control and exceptions. Java by any other name..."

Yet Another OO Fanatic writes "PHP core developer Sterling Hughes has a excellent presentation (mirror) about PHP5 online. So far it seems to be the best coverage of the new features in PHP5; highlights include the new object model, namespaces, interfaces, access control and exceptions. Java by any other name..."

Yet Another OO Fanatic writes "PHP core developer Sterling Hughes has a excellent presentation (mirror) about PHP5 online. So far it seems to be the best coverage of the new features in PHP5; highlights include the new object model, namespaces, interfaces, access control and exceptions. Java by any other name..."

Yet Another OO Fanatic writes "PHP core developer Sterling Hughes has a excellent presentation (mirror) about PHP5 online. So far it seems to be the best coverage of the new features in PHP5; highlights include the new object model, namespaces, interfaces, access control and exceptions. Java by any other name..."

Yet Another OO Fanatic writes "PHP core developer Sterling Hughes has a excellent presentation (mirror) about PHP5 online. So far it seems to be the best coverage of the new features in PHP5; highlights include the new object model, namespaces, interfaces, access control and exceptions. Java by any other name..."

Yet Another OO Fanatic writes "PHP core developer Sterling Hughes has a excellent presentation (mirror) about PHP5 online. So far it seems to be the best coverage of the new features in PHP5; highlights include the new object model, namespaces, interfaces, access control and exceptions. Java by any other name..."

Yet Another OO Fanatic writes "PHP core developer Sterling Hughes has a excellent presentation (mirror) about PHP5 online. So far it seems to be the best coverage of the new features in PHP5; highlights include the new object model, namespaces, interfaces, access control and exceptions. Java by any other name..."

Saint Aardvark writes "The good folks at PHP.net have warned of a serious vulnerability in PHP 4.3.0: 'Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. A remote attacker could also trick PHP into executing arbitrary PHP code if attacker is able to inject the code into files accessible by the CGI. This could be for example the web server access-logs.' It's recommend that you upgrade to 4.3.1 right away."

Saint Aardvark writes "The good folks at PHP.net have warned of a serious vulnerability in PHP 4.3.0: 'Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. A remote attacker could also trick PHP into executing arbitrary PHP code if attacker is able to inject the code into files accessible by the CGI. This could be for example the web server access-logs.' It's recommend that you upgrade to 4.3.1 right away."

Saint Aardvark writes "The good folks at PHP.net have warned of a serious vulnerability in PHP 4.3.0: 'Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. A remote attacker could also trick PHP into executing arbitrary PHP code if attacker is able to inject the code into files accessible by the CGI. This could be for example the web server access-logs.' It's recommend that you upgrade to 4.3.1 right away."

joestump98 writes "PEAR, the CPAN equivelent for PHP, has finally been released as stable on UNIX platforms (not including Darwin). Combined with the release of PHP 4.3 this should help make PHP a more robust language."

aftk2 writes "PHP.Net has just reported the release of PHP 4.3.0. The update sports a unified method of handling files and sockets, a bundled GD library (for working with images), and finalizes PHP's command line interface. For other information, check out the ChangeLog."

aftk2 writes "PHP.Net has just reported the release of PHP 4.3.0. The update sports a unified method of handling files and sockets, a bundled GD library (for working with images), and finalizes PHP's command line interface. For other information, check out the ChangeLog."

Grip3n writes "PHP5 is well under development and a beta is expected out by March 2003 and released summer 2003. One of the more notable improvements which many PHP developers desired is a substantial improvement in PHP's performance. This is due to a new object model PHP5 will be introducing which handles objects by reference rather than by value. Co-creator Zeev Suraski states the new object model is inspired by the book, "Design Patterns"."

Henry Birdwell contributes the following review of Wrox Press's Professional PHP4. Read on for his impressions, and to see if this book is right for your own dynamic web programming tasks. Professional PHP4 author Luis Argerich et al pages 975 publisher Wrox Press rating 9 reviewer Henry Birdwell ISBN 1861006918 summary Comprehensive print resource for working PHP programmers.

PHP is an open source server-side HTML-embedded web scripting language for creating dynamic web pages. Outside of it being browser-independent, PHP offers a simple and universal cross-platform solution for e-commerce, complex web, and database-driven applications. Professional PHP4 will show you exactly how to create state-of-the-art web applications that scale well, utilize databases optimally, and connect to a backend network using a multi-tiered approach.

Almost an year since its release, this book has stood the test of time, and proved to be what it promised -- an up-to-date, advanced book on PHP -- a category in which there are very few worthwhile entries to date.

It provides a solid, fast-paced drill on the rudimentaries of PHP (although the fast-paced installation instructions come in the form of classic compendia -- worth 100 pages) for seasoned programmers, before it plunges head straight into the more advanced areas of the language. Each chapter reads a bit like a tutorial on a particular area of advanced PHP development.

If you are a competent programmer in just about any other language or have grappled with HTML before, then this book will teach you PHP from scratch . It will also introduce you to many of the more advanced areas of PHP programming, and is a treasure trove for information on diverse tasks possible with the language.

Notable topics include:

• Object Oriented Programming
• Sessions and Cookies
• Coding an FTP Client
• Sending and Receiving Email and News
• Networking and TCP/IP
• Non-Web Programming (including GTK)
• PHP and XML
• PHP and MySQL/PostgreSQL/ODBC
• Security
• Multi-tier development
• Optimisation

The code for the examples presented in the book is available for download, from the publisher's web site.

Although this book is reasonably complete, it lacks sufficient depth for experienced PHP developers who want to wade into the depths of specific PHP related tasks. Having said that, the publisher has provided information (of course at a separate cost) on specific areas with their second level PHP titles -- Professional PHP4 XML , Beginning PHP4 Multimedia Programming , Beginning PHP4 Databases and Professional PHP Web Services .

Suffice to say that the book has packed together a lot of diverse information (in 975 pages).

Related Links

• The official PHP web site
• Zend - the PHP scripting engine

You can purchase Professional PHP4 from bn.com. (You may also be interested in the Slashdot review of Professional PHP XML of a few months ago.) Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

dooling writes "Continuing the tradition of well written O'Reilly 'Programming' books by those who know the language best, Programming PHP, co-written by the creator of PHP, Rasmus Lerdorf, provides a detailed overview of the popular PHP web-page scripting language. This book provides good programmers who have never used PHP enough information to do serious web development using PHP and serves as an excellent reference for web-page designers who dabble in PHP." Read on for the rest of his review. Programming PHP author Rasmus Lerdorf & Kevin Tatroe pages 507 publisher O'Reilly and Associates rating 7 reviewer dooling ISBN 1565926102 summary great PHP book for serious programmers, good reference While not as entertaining as Programming Perl, it isn't nearly as long either (and doesn't have to be). The book is written in a straightforward style and is very well organized. Appendices provide quick reference to all the PHP built-in functions and many PHP extensions. The most popular extensions, e.g., PEAR DB (database connectivity) and XML, have entire chapters devoted to them. Can't find a PHP extension for your favorite library? There's a chapter about writing your own PHP extensions, including writing C library wrappers.

This book begins as most O'Reilly "Programming" books do: with a brief introductory chapter. In Programming PHP, this chapter is very short, so don't look to this book for a gentle introduction. On the other hand, this is the perfect book for you if you are just looking to learn a new scripting language. The following chapters go over syntax, data types, built-in functions, etc. These chapters are a little dry, but move quickly and effectively demonstrate the unique features of PHP (as compared to other scripting languages).

Of particular interest to programmers who are interested in expanding their horizons to developing dynamic web pages are the chapters on PHP web techniques, security, and application techniques. The web techniques chapter gives a quick overview of HTML and the GET and POST methods (and why you would want to use one or the other). It then covers a lot of useful tips and tricks that may be foreign to someone who has done little or no web development. Topics such as getting server information, form processing, sticky forms, file uploads, document expiration, and authentication are covered. It ends with an excellent discussion of maintaining state from page to page and visit to visit, covering cookies and PHP's (very cool) session support.

The security chapter covers standard things you want to keep in mind when creating dynamic HTML. No surprises here, but it is always good to be reminded. The application techniques chapter starts with a collection of best-practices, tips, and tricks to make your development process easier and better. It concludes with sections about error handling and performance tuning. As with the security chapter, there is nothing here a good programmer doesn't already know, but you can never hear it too many times.

I think this is a great book for programmers who want to start developing dynamic web sites with PHP. It gives a detailed overview of PHP, lots of valuable tips, and a good sense of PHP's strengths.

As someone who has written a lot of code, but only a little CGI, I really liked the chapters that discussed application development techniques specific to the web. Along those lines, not much time is spent on standard coding techniques, so if you want to use PHP but have never written any serious code, you may want to look elsewhere for an introduction. For the rest of you, just think, you may never have to use CGI.pm again.

The index seems adequate, although I must admit I did not use it much on the first read-through. The book is so well organized that, when reading it, you do not have to flip around much. Perhaps someone who has used this book as a reference can comment further on the quality of the index.

Contents are available on O'Reilly's page Links

• PHP home page
• Rasmus Lerdorf's home page
• Kevin Tatroe's O'Reilly page
• O'Reilly page for book
  

See Rasmus's page for links to where you can buy the book (maybe he gets a kickback for the link). Of course, you could always go to a local bookstore and purchase it.

You can purchase Programming PHP from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stercor asks: "I've been considering random number generators made with easily-available materials. Living in Oregon might suggest photoelectric cells and rain. Or something to do with slugs (generation rate IS a factor, however) My question is what other off-the-wall shelf hare-brained brilliant ideas can other Slashdot readers come up with? Please limit ideas to ones that would actually work." When I was younger, I was always intrigued by the rigs used by most State Lotteries. You know the ones: dump balls into a chamber, throw in a fan/vacuum combination to agitate the balls and to allow a random one to shoot thru a tube when the button was pressed (basically, a high tech version of your average BINGO machine). Has anyone else seen or built a contraption that does something similar but in a weird, roundabout or weird and roundabout way?

corz writes "Just when you thought you were finished upgrading the webserver, 'The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access.' Here's the bugtraq announcement." The hole is in the parsing of HTTP POST headers and can allow arbitrary code to be run on vulnerable machines. PHP thoughtfully decided to release a new version, 4.2.2, today with the fix. You can find a copy of it here (mirror).

corz writes "Just when you thought you were finished upgrading the webserver, 'The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary code with the privileges of the web server. This vulnerability may be exploited to compromise the web server and, under certain conditions, to gain privileged access.' Here's the bugtraq announcement." The hole is in the parsing of HTTP POST headers and can allow arbitrary code to be run on vulnerable machines. PHP thoughtfully decided to release a new version, 4.2.2, today with the fix. You can find a copy of it here (mirror).

MartinB asks: "I help out running evolt.org, and one of the things we provide is a comprehensive browser archive, with over 100 different browsers, some in multiple platforms and versions, going right back to Mosaic 0.4. This is both a piece of web history, and a resource that lets developers test their sites on browsers which vendors don't offer for download any more. We have an expensive problem - the browser archive chews through 140GB of bandwidth a month and growing, even though we've throttled the FTP server and restricted the maxclients. How do we find people who provide mirrors like these and get browsers.evolt.org spread across lots of hosts?" If you would like to mirror this valuable net resource, please volunteer here (or drop a line to the original submitter)

Brian Donovan contributes this review of Web Database Applications with PHP & MySQL, the most recent of several books geared toward helping people use the common Linux, Apache, MySQL and PHP combination to produce database-backed websites. Read on for the review. Web Database Applications with PHP & MySQL author Hugh E. Williams and David Lane pages 563 publisher O'Reilly rating 9 reviewer Brian Donovan ISBN 0596000413 summary A comprehensive, tutorial-style roadmap for building data-driven web applications with PHP and MySQL.

PHP's speed of execution, gentle learning curve, and ease of development have contributed to its popularity, especially when teamed with MySQL, as a tool for building dynamic sites. Williams and Lane have written a thorough step-by-step guide to building web database applications with PHP and MySQL.

The Meat of the Book

Part I (Chpts 1-3) of Web Database Applications with PHP & MySQL (Web DB Apps) introduces the "Hugh and Dave's Online Wines" case study that's used to highlight the points made throughout the text and treats readers to the fundamentals of PHP, MySQL, and SQL - appropriate since the book assumes only some prior programming experience (not necessarily in PHP) and a general familiarity with HTML.

Chapters 4-9 (Part II) deal with the aspects of web application logic common to practically all data-driven sites : querying and writing to databases, maintaining state, and security. Chapter 4, "Querying Web Databases", includes a good explanation (Ex. 4-1) of the mechanics of connecting to and querying a MySQL db via PHP - numbered blocks of the example script correspond to sections in the accompanying text detailing what's happening at each point in the process (connect, query, retrieve results, process results, and close connection- unless you're using persistent db connections).

Chapter 5, "User-Driven Querying", explains how to pass data to PHP scripts using HTTP GET and POST. Although readers are initially shown parameters and parameter values being passed directly (as they are when register_globals is turned on in php.ini), the authors later explain why the same param:value pairs should instead be accessed through the global associative arrays $HTTP_GET_VARS and $HTTP_POST_VARS (the book was completed before the switch to $_GET and $_POST respectively with PHP 4.2.0) for security reasons. What the authors refer to as "combined scripts" (where the same script performs different functions depending on which, if any, variables in the GET or POST arrays, have been set, for example) are introduced and the reader is walked through the oft-used "next and previous links for query results" scenario.

In Chapter 6, "Writing to Web Databases", in addition to inserts, updates, and deletes, the authors explain one solution to the reload problem - i.e. where reloading a results page after some operation that alters the contents of the database has been performed (or even accessing a bookmarked url if HTTP GET was used to initiate the action) can potentially result in the operation being silently repeated or, if HTTP POST was used, the user being confronted with a big ugly "would you like to repost the data?" dialog. Locking (mostly how to make the best use of table-level locking) is also discussed in all of its glory. Chapter 7 deals with the validation of user input. The authors recommend and give an example implementation of dual server and client side validation (with JavaScript). Chapter 8 covers sessions (with and without cookies).

The chapter on security (Chapter 9, "Authentication and Security") mostly concerns user authentication. HTTP Authentication, managed HTTP Authentication (using PHP to validate encoded credentials from the HTTP Authorized header field), and handling your own authentication are considered, along with the security concerns inherent in stateful web apps - i.e., third party sites maliciously tricking browsers into coughing up cookies with login or session information for your site, session hijacking by feeding random session ids to the scripts until one corresponds to an existing session, etc. SSL is explained briefly.

The third and final section of Web DB Apps (Chpts 10-13) consists of a detailed examination of the guts of the wine store case study. Readers who find the commingling of application logic and html in the snippets of the wine store application discussed in the book distasteful will be gratified to know that, since publication, the authors have released a modified version of the "Hugh and Dave's Online Wines" code that uses the Xtemplate class (http://sourceforge.net/projects/xtpl/) to separate code from markup. Both versions are available in their entirety for download from the book website.

The five appendices, in turn, cover the installation and configuration of PHP, MySQL, and Apache on a Linux system, the architecture and workings of the Internet and Web, designing relational databases using entity-relationship modeling, how to define your own session handler prototypes and store session data in a database instead of files (the default), and provide an annotated list of PHP and MySQL resources (books, web sites, etc.).

The Good and the Bad

While it's clear that Web Database Applications with PHP & MySQL was written with the goal in mind of providing novice coders with a solid foundation for continued growth (or filling the niche of "handy reference" on the shelf of intermediate/advanced developers), the book manages to be comprehensive without patronizing the reader. I admit that I wouldn't have felt cheated if the authors had skipped the obligatory coverage of the history of the Internet, TCP/IP, and HTTP (Appendix B) in favor of, for instance, a discussion of web caching with an eye towards building cache-friendly apps, an important subject that all too gets short shrift from authors of web dev books. Also, some readers may be disappointed to find that the chapter on security doesn't relate to battening down your site against script kiddies and exploits, but that's really the sort of information that you should be getting from sites like PHP Advisory and Securiteam anyway.

For seasoned developers, this could be the book that you wish you'd had when you started out building web database apps and data-driven sites. Keeping a copy around for reference, especially if you frequently jump back and forth between projects in different languages/environments, also might be helpful - for those occasions when you need of a quick refresher in PHP/MySQL dev. Moreover, if you find yourself in the position of having to mentor junior developers (or helping non-coder friends) tasked with building or maintaining PHP/MySQL-based sites or apps, then lending them your copy or recommending that they buy their own could save you quite a bit of time and frustration.

Table of Contents

• Preface
• Part I
• • Chapter 1. Database Applications and the Web
  • Chapter 2. PHP
  • Chapter 3. MySQL and SQL
• Part II
• • Chapter 4. Querying Web Databases
  • Chapter 5. User-Driven Querying
  • Chapter 6. Writing to Web Databases
  • Chapter 7. Validation on the Server and Client
  • Chapter 8. Sessions
  • Chapter 9. Authentication and Security
• Part III
• • Chapter 10. Winestore Customer Management
  • Chapter 11. The Winestore Shopping Cart
  • Chapter 12. Ordering and Shipping at the Winestore
  • Chapter 13. Related Topics
• Appendix A. Installation Guide
• Appendix B. Internet and Web Protocols
• Appendix C. Modeling and Designing Relational Databases
• Appendix D. Managing Sessions in the Database Tier
• Appendix E. Resources
• Index

You can purchase Web Database Applications with PHP & MySQL from bn.com. Slashdot welcomes readers' book reviews -- to submit yours, read the book review guidelines, then hit the submission page.

Twintop writes: "PHP.net has released the a new version of PHP 4 to include the new Zend 2 Scripting Engine. This alpha update adds more increased support for Java and .NET technologies. More can be found on PHP.net and Beta News.com."

Twintop writes: "PHP.net has released the a new version of PHP 4 to include the new Zend 2 Scripting Engine. This alpha update adds more increased support for Java and .NET technologies. More can be found on PHP.net and Beta News.com."

ClickNMix writes: "The latest version of PHP has been released here. With improved DomXML and Apache 2 support in with the usual bug fixes and improvements." There is still no production support for PHP or for that matter mod_perl in Apache 2.0 yet though.

emmetropia writes: "PHP 4.2.0 has been released, with experimental Apache 2 support, and lots of other improvements and fixes. Check it out!"

emmetropia writes: "PHP 4.2.0 has been released, with experimental Apache 2 support, and lots of other improvements and fixes. Check it out!"

mbadolato writes: "php.net has the latest 4.2.0 Release Canditate, RC3. The release contains support for the recent Apache 2.0.35 release as well as numerous collected bug fixes. For more information, see the PHP QA website."

mbadolato writes: "php.net has the latest 4.2.0 Release Canditate, RC3. The release contains support for the recent Apache 2.0.35 release as well as numerous collected bug fixes. For more information, see the PHP QA website."

bergie writes: "The new IDE for Midgard and PHP developers is entirely written in PHP using the PHP-GTK toolkit. PHPmole aims to provide the free software world with a web development environment comparable to DreamWeaver and MS Visual Studio, with additional content management functionalities. PHP is not only for web developers any more ..."

Anonymous Coward writes "It looks like after a few weeks of rumors, an exploit for PHP/Apache under Linux surfaced. Luckily, PHP.net has the patch ready to go. While the export only claims to work for PHP up to 4.0.5, php.net also releases a patch for 4.1.1, the (until yesterday), latest version of php. This patch makes a small edition to the part of the source code (rfc1867.c) that is used by the exploit."

sirPaul writes: "PHP 4.1.0 is out @ php.net. "It includes highly improved performance, especially under Windows; A new, and more security-friendly way of accepting form variables; Output compression, and much, much more." Check out the changelog."

sirPaul writes: "PHP 4.1.0 is out @ php.net. "It includes highly improved performance, especially under Windows; A new, and more security-friendly way of accepting form variables; Output compression, and much, much more." Check out the changelog."

Water Paradox writes: "A couple of years ago our company was firmly entrenched in the Microsoft way of doing business. All of our development was in Visual Basic and related proprietary tools. Open Source / Free Software advocates were a minority. Last week we made the switch from VB to Open Source development (Apache, PHP, my SQL, etc) on a Win32 box. This decision was made quickly, but came after eight months of evaluation. I wrote a short article about it here: Moving from Microsoft to Open Source, which may be useful to other folks contemplating the same switch. Yes, we're even proposing Win32 Apache as our default server, since it has been reasonably stable for us over eight months."

whyDNA? sends us this news bit: "I found this on the PHP page: The first release of PHP-GTK is now available. PHP-GTK is a PHP extension that provides an object-oriented interface to GTK+ toolkit and enables you to write client-side cross-platform GUI applications. For more information, visit gtk.php.net."

Chris27183 asks: "I'm currently using MySQL with PHP on Linux, and love it very much. I'm very glad to do away with Access in favor of a database based in Unix. However, there is one stipulation. At first glance, there does not appear to be a free report writer (or even a sql to latex translator) like that of access. I'm just trying to do simple things like mailing labels and tabular lists, and it would be a great help to not have to reimport data into access to perform these seemingly simple tasks."

Digimax writes "A sometimes more interesting read than the netcraft survey is the one carried out monthly by Security Space. It has a breakdown of apache module usage as well as some other interesting stats that the Netcraft survey does not produce."