Slashdot Mirror
PHP and MySQL Web Development, 2nd Edition
There is a good review of the first edition of this book here on Slashdot. For this second edition, I would add that Welling and Thomson have updated extensively and improved slightly a book that may well be the classic text on the topic.
PHP and MySQL are probably the most pervasive add-ons to Apache web servers across the web. Certainly they are both easy to acquire and common on a large range of web hosting systems, including several extremely low-cost ones. They also fit together extremely well.
This book demonstrates just how well. It starts out with a quick course in PHP (OK, 160 pages is hardly quick but it seems to move along at a good pace), follows it up with a brief look at MySQL before a short digression on E-commerce leads into building authentication and secure systems with the two tools (a marvelous place to start when you're thinking about commercial-grade web systems).
Then, after some more on PHP, the final section covers some large projects, a shopping cart, email service, mailing list manager and web forums. The final chapter in this section is new for this edition and covers XML and SOAP.
The new edition has been updated extensively. All scripts work now perfectly in PHP 4.3
I like this book a great deal. Even after a fair amount of time with the previous edition I still find it useful. It is well structured for finding what you need, well written, and has few typos. (Though there are still some, including ones in code examples -- when will authors learn to work straight off running code into the manuscript and keep godforsaken editors away from it? Brian Kernighan managed it twenty-five years ago.)
This would not be the best book if you had little programming experience, nor would it be the best book if you had a fair amount of PHP experience.
You will want to have some program design experience and preferably some experience with database design as these are given short shrift. The book also lacks examples and discussion of some of the less database intensive parts of PHP and some of the more obscure tasks you may need to perform. It covers what someone who has programmed before needs to know about both PHP and MySQL while informing on methods of using both to build practical and sturdy web applications. If that sounds like the book you want then I heartily recommend this volume to you.
You can purchase PHP and MySQL Web Development from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
You dont need a book to learn PHP and MySQL. There are plenty of tutorials out there for interfacing php and mysql in addition to all of the documentation the websites will provide. For any coders who already know a thing or two about coding, the book is a waste of money.
If the dollar is an "I owe you nothing", then the Euro is a "Who owes you nothing." - Doug Casey
The previous version was good.
I am sure we will be getting at least one copy of this for our office as some of the junior programmers use the books and we let them take them home.
me personally, I really only use php.net if I need to look up a function, but then I have been doing this for a long time and don't need to read about the how's and why's, just need the facts and what functions expect.
From my experience, seasoned php programmers usually have a browser open to php.net to look up functions and seldom have any PHP books.
again, however, for beginners this book series is good.
anime+manga together at last.. in real time.
Does it tell you how to do subselects and triggers in MySQL?
I don't need no instructions to know how to rock!!!!
As a member of the PHP (and Perl) faithful, when are we gonna learn that books like these give the community and open source in general a bad name?
Maybe I'm out of line in criticizing this book, maybe I'm looking for a different book, but when we have a book that covers web development best practices along with learning about PHP, Mysql and so on, then I will be the first in line to recommend and purchase it.
Newsfollow.com
Zope may be good and if you want to use it GREAT.
But you can easily control what sort of errors you see in your php scripts so your message is complete BS.
Try looking for the function error_reporting at php.net if you want to control what sort of errors you see in your scripts. It's always good to turn the error reporting way up while you are testing.
Does anyone know if this book would include information in regards to PHP5? I'm looking for syntax / usage as well as the realistic ability to implement php5 in a production environment.
one of the problems with books like this is their lack of backwards compatibility. i used to have a safari subscription, and had this book for a while. 1st edition was very good. however, many hosting services still use 4.0.X. and for those places, that operate on thin margins, they see no reason to upgrade. it's not a cost issue, but an adminissue. i can't say that i blame them. so, books should also have some backwards compatibiltiy discussion. for instance: $_POST vs. $HTTP_POST_VARS. this will screw up lots of people. you will develop your site locally, mirror it, and then, "holy crap", it doesn't work."
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
I know nothing will stem the tide of these, for all intents and purposes, xeroxed books, but I can at least implore (nay, beg) the people here to please, please stop sending in inept reviews/advertisements for them. There is just no damn reason for it.
sic transit gloria mundi
wget http://www.ca.postgresql.org/ftpsite/pub/source/v7 .3.2/postgresql-7.3.2.tar.gz ./configure /usr/local/pgsql/data /usr/local/pgsql/data /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data /usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data >logfile 2>&1 & /usr/local/pgsql/bin/createdb test /usr/local/pgsql/bin/psql test
tar xzf postgresql-7.3.2.tar.gz
cd postgresql-7.3.2
gmake
su
gmake install
adduser postgres
mkdir
chown postgres
su - postgres
-r
as evidenced by the fact that you are reading Slashdot instead of studying.
No man is an island, but Gary is a city in Indiana.
I picked up the first edition, not because I really needed to learn PHP (I was already comfortable with it), but so that I'd have something I could use as a reference. I have to say that I was EXTREMELY IMPRESSED with the first edition. It is actually my favorite programming book (out of maybe 30 that I've bought for school and fun). I like how the book progresses quickly through each chapter. And not quickly as in skipping over the details (like some other books out there), but in that they only present the info that you need, and encourage you to look up things in the online documentation for more detail. I also really liked the projects that they went through at the end of the book. It's nice to see practical applications for all of the things that the book went through. ... and for everyone who says it's only PHP and you can just use the online docs, well, I don't know about you, but I'm not exactly going to break out my laptop to do some reading on a city bus! ;)
select * from tablename
As usual, this books is lacking on real database information because let's face it... 99% of MySQL users wouldn't know a database form a spreadsheet, and it shows. No triggers... no subselects, still?? Hell, if you don't really need a database, then there's nothing wrong with using an OLEDB connector to a CSV file.
Being based on Perl/MySQL, how about a slashdot review of a book on Perl/MySQL?
For someone who has no programming experience, if you had a choice of only one book, which book would you recommend for Perl/MySQL or Perl/Postgres? I'm on an extremely tight budget, unemployed, yadda yadda...a book with examples, or that does several run-throughs of a working site setup would be appreciated.
A big tia!
While I haven't read this book or the previous edition. If you are wanting to learn the language and don't want to pay for the book, php.net and phpbuilder.com are two of the best sites available. They post have good references and PHPbuilder has a very useful forum in case you get stuck.
While I agree that the parent is wrong, PHP's error handling is still horrid because (at least by default) it outputs to the user of the page which could expose information to a hacker/cracker type person. I much prefer errors being logged where they can be later examined and the language should emit a 500 error to the client.
And before someone says "I don't like the crappy page that gets sent on a 500 error", with Apache you can change that error to whatever page you want.
The Anti-Blog
Also, can one use Perl or PHP to link up to a non-SQL database such as Oracle?
Please. Get a book. Oracle was a "SQL" database as you say about 20 years before MySQL ever existed. MySQL isn't even a "real" database, in the technical meaning of the word.
Someone needs to write books that address the need to deal with multiple language, bidi and related issues. PHP and MySQL can handle more than most people think, but one thing holding the non-Latin-1 development back is a rather chronic case of Latin1-centricity.
PHP is *not* ready for "production" the latest stable release is here: http://qa.php.net/ if you are wanting to *look* at the development version then http://snaps.php.net specifically states that they are "DEV" versions, and from personal experience these are unstable and not all functions are fully supported (i.e. try compiling in IMAP support and you will see)
The dev versions should not be use in any sort of production environment until they have been realeased as stable, these change everyday and anything you code with it one day, might be broken tomorrow.
I am speaking from experience here.
anime+manga together at last.. in real time.
ini_set('display_errors', false);
:)
ini_set('log_errors', true);
ini_set('error_log', '/path/to/my/error.log');
SHEESH!
-r
You can use PHP to talk to Oracle, which is a SQL database.
Yes I too would like to know why there are no reviews of directory services or SVG graphics books?
And you'll note the total abscence of anything on interface managment, and very little on people managment.
Maybe stashdot needs a small team to do nothing but book reviews. I'm certain those would be a great draw.
If your time has any value, buy an off-the-shelf product like Joel Spolsky's FogBUGZ. Or install Bugzilla or something.
That said, your management probably
1) wants to keep you busy and doesn't consider your time an expense (at least, not until layoff time comes around)
2) is deluded into thinking they need a full-custom solution.
3) doesn't want to spend money on proprietary software.
Several weeks indeed!
If you're just starting in web development, don't use MySQL unless you have absolutely no choice. It will hurt you in long term.
When you first start out, you're happy that you can put data in and pull it back out. Then you find that your data gets inconsistent for some reason. To stop this happening, database designers put constraints on the data, and use transactions. If the job is done properly, it shouldn't be possible to insert inconsistent data, like a company address that doesn't belong to a company.
Unfortunately, if you chose to use MySQL at the beginning, you're now stuffed because it doesn't provide these features. What's worse, its SQL is rather non-standard, so you're going to have a problem moving to anything else. I know that people will think I'm trolling for Postgres, but I'm not really. Use any database that supports this type of feature. There are two other open source databases which are worth a look: Firebird and SAP DB.
An interesting side note: the MySQL people "stole" (Rasmus Lerdorf's words, not mine) php.net's webmaster. For a long time now, I've gotten very used to typing things like php.net/mysql_pconnect in the location bar of my browser and getting redirected to the right page in the online docs. MySQL's new webmaster brought that feature with him, so you can do things like mysql.com/select and get answers fast. (If you want to do this on your site, it's actually fairly simple. Check out lerdorf.com/tips.pdf. Look midway through for a slide on the $PATH_INFO environment variable.)
The web sites obviate both books for all but beginners, IMO.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
What will really allow PHP to compete head-on with ASP.NET and SharePoint is PEAR and the PEAR Foundation Classes (PFC). A really good set of classes for web development means low-cost, robust web apps are on the way. You java gurus can eat your hearts out. The reviewer doesn't say if the book covers either of these topics, so hold off on your purchase until this becomes clear.
http://tinyurl.com/4ny52
While I have been using php.net's examples and documentation, along with the available mysql information, when I bought the first edition of this book it opened up a whole new level of work for me. I mean, yeah, you can teach yourself php and mysql without any real trouble if you have a good head. But if you have never actually used a web programming language or proper database, then where do you learn the proper ways of doing something? There's only so much examples of code can teach you; they don't necessarily teach you concepts. That's what this book did for me.
This specific project aside, I have a similar question. Could somebody outline in like three bullet points what the main pros and cons are with using PHP vs Perl for dynamic web content.
Thanks.
Tor
Not to mention, Bill Clinton wasn't very old in 1941 (Like Ol Ike was).
1) Post review of book
2) Post affiliate link to book for sale on bn.com
3) Profit
And before someone says "I don't like the crappy page that gets sent on a 500 error", with Apache you can change that error to whatever page you want.
you mean like this?
And just for reference, you can do the same thing in IIS and the such as well for all of those PHP devs stuck there.
I don't think I own a single PHP book. What I do for a living right now is code PHP+Mysql (specifically, e-commerce engine customization).
I never had a problem with stuff not working, but I did do a lot of things in ways that could have been done better. For example, not realizing at first that you could declare php functions with optional arguments (ie, function foo($x, $y=1) {}) cost me a lot of headache I didn't need. Puzzling my way through the behavior of php classes took some time, as these aren't particularly well documented (particularly variable scope in classes and methods, and the interaction between session tracking and classes).
In other words, I could have used a good 'tips and tricks' sort of book. Not basic syntax, but the sort of things you'd miss even if you got fairly far using the online docs.
The good and bad thing about PHP+Mysql is that it is a very powerful and flexible platform to develop on. But because it is SO flexible, it lets you make a LOT of mistakes. There's a big difference between a functional app, and a GOOD app.
I really wonder, why is PHP a language of choice for interacting with databases and writing HTML. I mean, it's not a bad language by itself, a bit like Perl, maybe slightly clearer (though personally I prefer Perl), maybe not as easy in common use... But it has one TERRIBLE drawback:
) ;";
Quotes and brackets.
Nothing evil by themselves, they are unfortunately just the same kind as used in HTML and SQL, which makes creating SQL queries on the fly, printing HTML piece by piece and a lot of similar work worst mess I've ever seen. I've been successful at creating Perl regexp patterns that needs a minute to be understood, but I've never before been tempted to try to optimise fragments of my program to anything like:
$a.='('.$_POST["it$f['n1'][$i]"]."='${q2}'
Is there any good CGI language that doesn't have this kind of problems?
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
www.cgisecurity.com/lib
I'm sure the book is great, but what I like about PHP and MySQL (PHP mainly) are the user comments underneath each page. Sometimes the tips and tricks in these comments are life-saving. You just can't get that sort of value out of one book.
I'll agree. Books are good. I DON'T have a PHP nor mySQL reference, and I'm kludging my way through some PostNuke stuff. Luckily as an experienced programmer, a language is a language and it's not been a major problem. BUT, I'm not doing a serious PHP project starting from the ground up (big difference between starting from scratch and modifying someone else's work). I think if I were going to write something entirely from scratch, I'd easily spend a week working with a paper book and following along until I was comfortable not having to cross-reference everything. In fact, I tried NOT purchasing books to learn Cocoa. In this case, "a language is a language" (Objective-C[++]) more or less applied, but the class libraries ("Cocoa") demanded something a lot more structured than sporadic online documentation. I ended up buy TWO books for Cocoa. It was worth every penny.
--Jim (me)
Actually, I'm not even ready to mark them as stable after they're officially released. PHP seems to have a lot of, "Oops! Here's a follow-up release three days later that fixes something horribly wrong with our last release."
That said, PHP is still a great tool in the right situations in the hands of the right people. The more books we can get that encourage the legions of newbie developers (I'm not trying to be derogatory) not to write dangerously wrong code, the better.
Game... blouses.
Apparently, five previous reviews of PHP/MySQL books isn't enough.
A "9" is average in a slashdot book review.
MySQL is a great database and we currently use it in production for our servers. It has provided some very impressive performance results.
Browse the Information Directory
Your logic seems to work perfectly.
This should be modded -1 [Stupidity]
Oracle a non-SQL DB? What planet do you come from?
Who cares what brand pc you have. It makes no difference you stupid twit.
I'm posting this because I'm sure you will get a flood of posters arguing that in fact MySQL does support foreign keys and transactions with InnoDB... blah blah...
Foreign Keys and transactions are only the beginning of the logic that a true DBMS should be able to handle. Still lacking from MySQL are:
1. Views (and for views to be truly useful they need to be updateable)
2. Named constraints (such as table and column-level CHECK constraints, and other expressions which can build business logic into your database design)
3. Domains (essentially special named datatypes that can "carry" their constraints with them)
4. Triggers and stored procedures (so you can make the database handle other arbitrary logical needs that can't be met standard constraints and foreign keys)
These points I mention above are not "extras". They are critical to any DBMS if you are dealing with critical information.
In other words, I could have used a good 'tips and tricks' sort of book. Not basic syntax, but the sort of things you'd miss even if you got fairly far using the online docs.
Sounds like you want the PHP Cookbook by David Sklar and Adam Trachtenberg, and the MySQL Cookbook by Paul Dubois, then. Great books, I use them all the time.
JP
ANOTHER review for a PHP+MySQL book?? I switched to PostgreSQL a while ago and aint looking back.
John Kerry is a Joke!
If there are errors in your script PHP will just continue to run the script. If you are lucky you see a warning. If there is an error in a INSERT or UPDATE MySQL query it will just insert a similiar value. E.g. if you try to insert "45JF" in an integer column MySQL will insert "45" and won't give an Error.
You're a dumb ass. You can set the error handling in PHP quite easily and if you're stupid enough to not check your input before you do an insert then you deserve what you get.
You'll have that sometimes...
My impression is that PHP doesn't have any significant advantage re. dynamic web content, at least not since automatically putting form inputs into variables was found to be a security hole. Got an example of code that shows off PHP's dynamic web abilities?
That is all true. But the fact is that you don't always need all that stuff. The reason that MySQL is so popular is that it is simple and easy. If you need more than it can offer, use something else.
You'll have that sometimes...
The reason MySQL is easy is that it never complains when you do something stupid, it just does it.
Convert a column type filled with dates from text to date / time type, and MySQL will put 0000-00-00 for each date it can't figure out.
If it can't figure out any dates, they all get set to that.
Since even innodb tables can survive such a change, all your original dates are gone.
On the other hand, in a real database, you'd get errors, complaints, all kinds of guff from the database as it refused to do something that stupid.
That is only one of dozens of examples of MySQL doing things "wrong" from the point of view of reliable, coherent data, and not bothering to tell you.
If I use interbase or pgsql and don't need the features, I just don't use them. But when I need the extra features of a real database, I don't have to switch from MySQL to another database if I already started with one.
--- It is not the things we do which we regret the most, but the things which we don't do.
Thank you, yes. Bad constraints for the date types are just one example of disregard for serious data handling.
Not only does MySQL automatically do dangerous date conversions without complaint -- it shouldn't even allow a 0000-00-00 date in the first place. What year has a 0 month? What month has a 0 day? Also, note that MySQL allows _any_ month to have days numbering up to 31 -- even February. That means that in MySQL, every month has 32 days, and every year has 13 months. The constraints are left up to the developer.
There are plenty more gotchas, such as non-standard SQL, whatnot... Too many for my comfort.
You're a dumb ass. You can set the error handling in PHP quite easily and if you're stupid enough to not check your input before you do an insert then you deserve what you get.
hey dumb ass. i hope you have fun checking your input manually everytime. i prefer a database which enforces consistency to the alternative of reinventing the wheel. it's not the job of a script to do the checking just because the database is too stupid.
I'm an unemployed tech writer, with nothing better to do. I know Perl, but not PHP, and I know jack about "best practices". Send me email if you wanna collaborate.
Aren't there enough PHP/MySQL books out there? More to the point, aren't there enough clueless fuckwits out there using PHP and MySQL to retardedly kludge together unsecure, inefficient, shoddy websites, undercutting the pros with their stupid prices and generally carving up the IT job market further than it already is with their general fuckwittery?
:P
This is one of the problems with the job market right now. Too many of the idiots who got in the business during the boom are still in. I know several of them.
No, I'm not bitter... honest
It actually turns out I didn't fail. I probably got a B+.
Perhaps if you learned to write adequate code that checked its user input, you wouldn't be so dependent on having the database do it for you.
Perhaps if I, along with everybody else who writes code to access the database, always, without fail, makes sure to validate user input. And if when new constraints get introduced we make sure to update all code that validates user input, then we'll be fine. However, one great thing about a real database is that you only have to specify constraints once, no matter how many apps insert data.
What would you use instead of PHP/MySQL? I'm honestly interested in what people use and any technical reasons why they use them.
--
If I actually could spell I'd have spelled it right in the first place.
PHP still has several shortcomings that make it a doubtfull choice for serious web development. Worse, there're no signs it's going to recover from them.
I've had my share of PHP development (3+ years) and still have to do some. But since I discovered mod_perl, I avoid going with PHP whenever possible. Three main reasons:
1. Lack of serious content delivery frameworks. With Perl you have Template Tookit (which Slashdot runs, by the way), Mason, Emberl, HTML::Template - all mature, well-documented and used by leading sites. With PHP you have maybe Smarty, which is nice, but its comparison to the above is laughtable.
2. Poor (read: nonexistant) Apache integration. mod_perl lets you access Apache internals, write Apache modules, pre/post-process content, control resource usages and many-many more. There're LOTS of things that can give a great boost to any serious web app, but are simply impossible with PHP.
3. PEAR vs CPAN. I don't think PEAR is ever going to catch up, because it's in the culture. Perl is Unix of the languages - it presents intellectuial challenge and encourages sharing and creativity. PHP does not. There've always been many decent apps for Windows and other non-Unix OSes, but nothing comparable to Unix open source movement. With CPAN vs. other free code repositories it's like this.
If you've been doing web development in PHP for at least 3 years, I seriously suggest you look into what mod_perl has to offer. I truly regret I didn't went with it for some of my PHP apps I now have to maintain.
Everyone (save the Ob. MySQL/PHP flames) seems to have liked the 1st Ed of this book, and is talking about ordering this edition for their co-workers/colleagues/selves.
What am I missing? My GF was learning PHP, and she was going through the book and asking me questions when she got stuck, and during the first half (the language basics), the amount of times I had to say, 'That's a contrived example', or 'You don't do that in real code', or 'That's just an error in the book, it doesn't even parse properly', is un-funny.
With the above parsing problem, several code examples are incorrect, and also the authors use code fragments without introducing what the variables that are introduced in them are for. These variables are presumably set outside the scope of the fragment, but to what values is not made explicit.
Would it hurt to take a reasonable example, write all the code up-front, and disect it, so the user can see what input is being used to create what output?
Philip Greenspun http://philip.greenspun.com - has a section on his site called 'Internet Application Workbook'. I started Helen (the aforementioned GF) reading this, and she was put off by his tone and the lack of actual depth into languages (this book will not teach you ADP/ASP/JSP/PHP, just how to write web applications), but I think everyone should be made read this.
Perhaps Clockwork Orange style forced-reading is required.
Heh... it's not me I'm worried about, pal; it's all the other developers who will have to write code to access my database (and possibly from multiple environments, not just PHP). For any project that involves more than one person, I would rather define my constraints once than audit every single code change in hope of preventing major disaster.
Yes, I can see how MySQL, and a lack of constraints can work for one-person projects, but even then, when projects get more complex, those limitations can really bite. Last PHP/MySQL job I did ended up with a LOT of complex PHP code to do what a few views and stored procedures could do when I ported to a more relational system.
Fuck you Alex Borgida.