Slashdot Mirror
Web Database Applications with PHP & MySQL
PHP's speed of execution, gentle learning curve, and ease of development have contributed to its popularity, especially when teamed with MySQL, as a tool for building dynamic sites. Williams and Lane have written a thorough step-by-step guide to building web database applications with PHP and MySQL.
The Meat of the Book
Part I (Chpts 1-3) of Web Database Applications with PHP & MySQL (Web DB Apps) introduces the "Hugh and Dave's Online Wines" case study that's used to highlight the points made throughout the text and treats readers to the fundamentals of PHP, MySQL, and SQL - appropriate since the book assumes only some prior programming experience (not necessarily in PHP) and a general familiarity with HTML.
Chapters 4-9 (Part II) deal with the aspects of web application logic common to practically all data-driven sites : querying and writing to databases, maintaining state, and security. Chapter 4, "Querying Web Databases", includes a good explanation (Ex. 4-1) of the mechanics of connecting to and querying a MySQL db via PHP - numbered blocks of the example script correspond to sections in the accompanying text detailing what's happening at each point in the process (connect, query, retrieve results, process results, and close connection- unless you're using persistent db connections).
Chapter 5, "User-Driven Querying", explains how to pass data to PHP scripts using HTTP GET and POST. Although readers are initially shown parameters and parameter values being passed directly (as they are when register_globals is turned on in php.ini), the authors later explain why the same param:value pairs should instead be accessed through the global associative arrays $HTTP_GET_VARS and $HTTP_POST_VARS (the book was completed before the switch to $_GET and $_POST respectively with PHP 4.2.0) for security reasons. What the authors refer to as "combined scripts" (where the same script performs different functions depending on which, if any, variables in the GET or POST arrays, have been set, for example) are introduced and the reader is walked through the oft-used "next and previous links for query results" scenario.
In Chapter 6, "Writing to Web Databases", in addition to inserts, updates, and deletes, the authors explain one solution to the reload problem - i.e. where reloading a results page after some operation that alters the contents of the database has been performed (or even accessing a bookmarked url if HTTP GET was used to initiate the action) can potentially result in the operation being silently repeated or, if HTTP POST was used, the user being confronted with a big ugly "would you like to repost the data?" dialog. Locking (mostly how to make the best use of table-level locking) is also discussed in all of its glory. Chapter 7 deals with the validation of user input. The authors recommend and give an example implementation of dual server and client side validation (with JavaScript). Chapter 8 covers sessions (with and without cookies).
The chapter on security (Chapter 9, "Authentication and Security") mostly concerns user authentication. HTTP Authentication, managed HTTP Authentication (using PHP to validate encoded credentials from the HTTP Authorized header field), and handling your own authentication are considered, along with the security concerns inherent in stateful web apps - i.e., third party sites maliciously tricking browsers into coughing up cookies with login or session information for your site, session hijacking by feeding random session ids to the scripts until one corresponds to an existing session, etc. SSL is explained briefly.
The third and final section of Web DB Apps (Chpts 10-13) consists of a detailed examination of the guts of the wine store case study. Readers who find the commingling of application logic and html in the snippets of the wine store application discussed in the book distasteful will be gratified to know that, since publication, the authors have released a modified version of the "Hugh and Dave's Online Wines" code that uses the Xtemplate class (http://sourceforge.net/projects/xtpl/) to separate code from markup. Both versions are available in their entirety for download from the book website.
The five appendices, in turn, cover the installation and configuration of PHP, MySQL, and Apache on a Linux system, the architecture and workings of the Internet and Web, designing relational databases using entity-relationship modeling, how to define your own session handler prototypes and store session data in a database instead of files (the default), and provide an annotated list of PHP and MySQL resources (books, web sites, etc.).
The Good and the Bad
While it's clear that Web Database Applications with PHP & MySQL was written with the goal in mind of providing novice coders with a solid foundation for continued growth (or filling the niche of "handy reference" on the shelf of intermediate/advanced developers), the book manages to be comprehensive without patronizing the reader. I admit that I wouldn't have felt cheated if the authors had skipped the obligatory coverage of the history of the Internet, TCP/IP, and HTTP (Appendix B) in favor of, for instance, a discussion of web caching with an eye towards building cache-friendly apps, an important subject that all too gets short shrift from authors of web dev books. Also, some readers may be disappointed to find that the chapter on security doesn't relate to battening down your site against script kiddies and exploits, but that's really the sort of information that you should be getting from sites like PHP Advisory and Securiteam anyway.
For seasoned developers, this could be the book that you wish you'd had when you started out building web database apps and data-driven sites. Keeping a copy around for reference, especially if you frequently jump back and forth between projects in different languages/environments, also might be helpful - for those occasions when you need of a quick refresher in PHP/MySQL dev. Moreover, if you find yourself in the position of having to mentor junior developers (or helping non-coder friends) tasked with building or maintaining PHP/MySQL-based sites or apps, then lending them your copy or recommending that they buy their own could save you quite a bit of time and frustration.
Table of Contents- Preface
- Part I
- Chapter 1. Database Applications and the Web
- Chapter 2. PHP
- Chapter 3. MySQL and SQL
- Part II
- Chapter 4. Querying Web Databases
- Chapter 5. User-Driven Querying
- Chapter 6. Writing to Web Databases
- Chapter 7. Validation on the Server and Client
- Chapter 8. Sessions
- Chapter 9. Authentication and Security
- Part III
- Chapter 10. Winestore Customer Management
- Chapter 11. The Winestore Shopping Cart
- Chapter 12. Ordering and Shipping at the Winestore
- Chapter 13. Related Topics
- Appendix A. Installation Guide
- Appendix B. Internet and Web Protocols
- Appendix C. Modeling and Designing Relational Databases
- Appendix D. Managing Sessions in the Database Tier
- Appendix E. Resources
- Index
I disagree, lots of people who are beginners would not know where to begin when trying to use PHP or MySQL. The documentation is great if you already have a basic understanding of what is going on, otherwise it is like Latin to y ou. Examples of what can be done lets you see why certain things are set up the way they are for a given language.
Of course. Because we know that EVERY website gets 100s of simultaneous connections per second. As a matter of fact, all websites NEED 3-tier load balanced solution with an enterprise database in order to pull SELECT * FROM content WHERE id = $content_id out of that database 100 times per day.
The Glass is Too Big: My Take on Things
And I'll say it again. The best way to learn php is through the php website.
I've said it before and I'll say it again: the best way to learn a language is by using it. Sit down at a computer with the manuals and start slinging code. You can't really learn a language by reading a book or going to a class. Real programmers learn by doing.
If you want to supplement your programming with a book or tutorial, fine, but keep your fingers on the keyboard. If you want to run sample programs, fine, but experiment and play with them. Change them, tweak them, go off on your own tangents. Better yet: throw out the tutorial as soon as you can write "hello world" and try to write some program of your own design. Keep the language and library references handy, because you'll need to refer to them often, but let your imagination and curiousity be your guide. Explore. Play. Learn. Real programmers learn by doing.
What I tell you three times is true.
--Jim
Since transactions are a relatively new part of MySQL (and so, presumably new to PHP's interface to MySQL), a good part of the value of a new book on the subject of PHP/MySQL website building would relate to that new feature (which would also help with the double-entry problems mentioned in the review).
So, does the book cover this topic or not? I can't tell from this review.
A beginners' guide to Portland, OR?
That's like saying that reading the dictionary is the best way to learn to speak English.
.
You need something that puts pieces together, puts things in perspective, gives you a 10,000 mile high view and drills down into certain aspects of what it's trying to cover.
Just being devil's advocate. I learn from source code. After that, I hit websites that dive deep into the subjects (like the main php site), and finally I'll take a college course (community college, mostly) on the subject just to get it on paper that I know it.
The biggest problem with all the PHP books out there is that they don't talk about software design or good coding practice. They show you some syntax and some functions and leave you on your way. Most do not discuss things like database abstraction, HTML templates, or even object-oriented programming. Without thought to design considerations such as these, most PHP programs end up being hacks full of HTML code mixed with PHP code mixed with native database calls. This might be well and good for a small script on a personal site, but when you're talking about a commercial-grade application, you really need to have all this separate. You can't expect someone to learn PHP just to change the design of their web site which uses your PHP scripts.
The best thing about the openACS toolkit is that you can have a functional db-backed site up in no time. No need to re-invent the wheel. :)
A database abstraction layer was used which made all the difference. I used dal [sourceforge.net], which is a nice object-oriented layer that only involves changing a single line of code to change different databases.
... for large scale sites IMHO.
Personally, it sounds to me like your company's problem was bad design (not allowing for expansion) rather than php.
Thank you! I am absolutely sick of developers blaming PHP for being bad at switching databases because they didn't built their app properly. PHP lets you get right down to the raw nitty gritty DB specific stuff -- which is nice, but you really shouldn't ever be using those UNLESS you are writing a wrapper, or really don't care about database independence. I really wish the php.net official manuals would warn new developers of this.
The very fact that this book targets PHP and MySQL sort of ticks me off too -- why not PHP and DB wrappers? Why MySQL of all things too? It's horrid (sorry)
Correct me if I'm wrong, but isn't an e-commerce application usually a "web database application"? Have you managed to make an e-commerce site that doesn't use a database?
The techniques learned from making an e-commerce site can be applied to just about any database-based site.