The PHP Anthology - Volume I, 'Foundations'

sympleko (Matt Leingang) writes "What a beautiful world anthology is. It comes from the Greek for a gathering of flowers, and in literature means a collection of works. Harry Fuecks, a very frequent contributor to the SitePoint community PHP forums, has gathered a bouquet of PHP best practices in a new book. The book comes in two volumes. The audience for Volume I, "Foundations," is the advanced beginner who's done one or two things in PHP, but you wants to know how to do more. Volume II, "Applications," is a design volume, mainly, and is good for people who have lots of experience with PHP but want to be better programmers. It's nice that the two volumes are separate; if you already know the syntax and mechanics of PHP you can buy Volume II and maximize d!/d$.*" Read on for Leingang's review of Volume I, and watch for his followup on Volume II. The PHP Anthology: Volume I: Foundations author Harry Fuecks pages 376 publisher SitePoint rating 7 reviewer Matthew Leingang ISBN 0957921853 summary Good start; for the real story read Volume II as well.

The book is very well-written, often using a question-and-answer heading style that makes searching the table of contents easy. In the preface, we already meet the first cool aspect of the book: lots of links to sites in the form of footnotes.** Yes, most books of this genre include links to web sites, but this way makes a couple of things clear: first, that there are lot of references, so you have many places to jump to for more information, and it's a sleeker text flow: embedding URLs in dead text makes line breaking hard and detracts from the flow of the language. As you read a page, you can note, "OK, that's an online resource," and keep reading without having to stumble over an incomprehensible URL.

Each volume has numerous code examples, and they're all on the book's web page to save you from transcribing. The web site is the best place also to buy the books; they're generally not available in stores.

Chapter 1: PHP Basics
These are the foundations of the book. Quick highlights:

How does one exactly RTFM? The author directs the novice to the PHP web site and explains what each part of the online manual corresponds to. But also, the coolest aspect of the PHP web site is its search-by-url feature. It looks up a function or language reference page, finds a set of likely matches, or just googles the site for you. Try it: http://php.net/array, http://php.net/sprintf, http://php.net/error.

How to understand error messages. Remember your first "cannot add header information -- headers already sent" error. Huh? Learn the difference between parse errors (what you wrote is not valid code), semantic errors (you're asking PHP to do something illegal), environment errors (PHP is not equipped to do what you want), and logic errors (PHP is happy but you're not). The last is particularly insidious (no E_PEBKAC level of reporting), but unit testing (see Volume II) gives you hope to find and fix those.

How to include. What is the difference between include and require (answer: require forces a fatal error if it can't find the file you want, while include only warns)?

How to write portable and reusable code There are hundreds of configuration directives, and using them can make one of your applications simpler. But some are to be used only with careful consideration. The magic_quotes_gpc directive, for instance, sounded like a good idea at the time it was developed. It automatically escapes user input so backslashes remain backslashes and not escape characters. A common use of this directive allowed you to insert user-supplied data directly into a database without checking to make sure any embedded quotes wouldn't create unintended SQL statements. While this does guard against SQL injection attacks, you could still end up with garbage in the database. So you still have to check user data to make sure it complies to your standards. This is easier to do before escaping magic characters, so it's better to wait until just before storage; then add all the backslashes you need. Nowadays it's considered good form to not rely on this directive and just use addslashes when you need it.

For maximal code reuse, consider object orientation. But there's a whole chapter on that...

Chapter 2: Object Oriented PHP
"Be lazy," the author writes; "Write good code." One of the ways to organize your code is through object-oriented programming. Most readers know the basic concepts of OOP, and are probably tired of the few over-simplified examples. Beyond that this chapter wants to get you to think OO, to "no longer think about long lists of tasks that a single script should accomplish; instead, [to] see programming as the putting together of a set of tools to which your script will delegate work."

I know my first PHP classes were just namespaced scripts. The attributes and methods weren't at all related. This chapter (as well as Chapter 7 of Volume II) helps you distinguish where your classes are and how they connect. One of the aids for this is the use of Unified Modeling Language (UML) class diagrams. These diagrams, which use boxes for classes and arrows for the relationships between them, are really cool programming and teaching tools that require no code!

Here I think the book's physical workflow got caught in a gap between major PHP releases. The cover says this book says "PHP5 ready," which is a bit of a misnomer because all the code examples and rules are all written for PHP4. Minor text mentioning how things are going to be different in PHP5 has been inserted. It's true that none of the OO code written here will break in PHP5, but there are major additions to PHP5 especially in the OO implementation (no more ampersands! actual private variables! Exceptions! Much, much more!). Still, the author makes the point that you the programmer may not be using PHP5 for a while (PHP 5.0.0 is only a few weeks old today), and that you shouldn't put off learning PHP until version 5 is agreed to be stable.

I've read the comments of PHP bashers, arguing that using it for OO programming is a waste of overhead. The author has heard that argument, too, and rebuts:

"What they forget to mention is the drastic increase in your performance that object oriented programming delivers. After all, fast programmers cost more than fast microprocessors!"

Hear, hear. RAM and disk space are commodities, while programmers are not (yet).

Chapter 3: PHP and MySQL
This goes beyond the simple HOWTO on connecting to a database. A suite of PHP classes is developed for database connections, querying, and result handling, not as much to use as for your "health"--i.e., to see a well-done class from start to finish. For your real applications, use a real, well-maintained and tested class such as those found in PEAR. This is another principle of good programming: Somebody has probably had the same problem you are having right now, and already solved it (also known as Ecclesiastes 1:9, "...there is nothing new under the sun.")

If you've done lots of SQL queries, you get to thinking that there's got to be a better way to access a database. In fact, you can build a layer of abstraction over the database connection layer to create interface classes to individual tables. This is called a persistence layer. For an implementation, see PEAR::DB_DataObject.

Any web programmer fears insecurity, and I don't mean self-doubt. The author weaves discussions of security into each chapter. For instance, you must be careful to guard against allowing users to seriously alter the nature of your SQL queries. Trust no user-supplied data! Also, this chapter gives a PHP-based solution for creating MySQL dumps.

Once you've got the data in the database, making sure users can find it is another problem. You can use LIKE relations in your queries to search field strings. The author shows how to use FULLTEXT indexes (a MySQL 4 feature) to assist in searching the entire table or any set of fields you like, all at once.

Chapter 4: Files
Sometimes databases are overkill for data storage, or you need to extract data from text files. The author gives several examples of uses of interacting with a local or remote file system. He explains:

• how to slurp whole files into memory or to process them chunk-by-chunk.
• how to use the PHP built-in functions to interface with the file system (so you can make a self-updating "Last updated: " item on your pages).
• how to use .ini-style files to store configuration data -- a common configuration style which is much faster than keeping it in a RDBMS or XML file.
• how to use FTP with PHP.
• how to compress and decompress with tar through PHP.
• how to send create a file and send it to your web user (custom files generated on-the-fly and ready for download!).

Again, the security threat is raised, and the author gives pointers on how to prevent from crackers getting you to execute their code by including one of their files rather than your own.

Chapter 5: Text Manipulation
When building dynamic web sites, being able to manipulate code is a must. You need to validate the data that users send to you, as well as guard against simple HTML error or malicious cross-site scripting (XSS) attacks. There are lots of built in functions (strip_tags to remove the HTML from a string), but using regular expressions you can validate and filter just about anything. You can reimplement a restricted set of markup tags a la BBCode, or set up a custom, easily-updated profanity filter.

Chapter 6: Dates and Times
Another real-world problem is formatting dates and times in a human-readable (and perhaps localizeable) way, and on the machine level manipulating dates correctly. Luckily these are all solved problems and PHP connects you to the C functions which do it. Whether you store dates as MySQL timestamps (e.g., 2004-08-03 20:07:00) or UNIX timestamps (1091578114 seconds since the epoch) is up to you, although if you use the former you'll probably have to convert to the latter at some point. Putting it all together you can create dynamic calendars where clicking on a day brings you to your appointments for that day. Another good use of date functions is a implementation of cron written entirely in PHP for those not on a unix platform.

Chapter 7: Images
Once you've mastered the art of producing HTML with PHP (developed even further in Chapter 9), you'll wonder what else can do. It turns out that PHP, using glue to the GD image library, can output images as well. You can generate thumbnails of your images to create galleries. You can watermark images with text to discourage stealing them. You can hide your images behind a PHP script that protects people other than you from linking directly to your images. And you can analyze data with enough charts and graphs to make Ross Perot ecstatic.

Chapter 8: Email
Contacting your users off-site is a must if you want them to come back. Furthermore, it's a nice way to register users by sending them links to an address they provide. PHP can send email natively using the mail function, but as always there are nice classes which jazz up the features. You can send HTML attachments (known by some as "spam", but we're not here to judge), even including the images in the mail. You can even use PHP as a replacement for procmail by parsing incoming mail and triggering actions based on headers.

Chapter 9: Web Page Elements
Eventually you get tired of writing HTML, and interweaving markup and presentation logic can give you a headache. Can't PHP be told to format the table the right way? Another solved problem! Displaying data in a table is a common task, and classes such as PEAR::HTML_Table can take a simple data structure and beautify it for you. Forms are another area in which PHP-generated code can save you time. You can also use PHP to produce "breadcrumbs" (there's one at the top of every slashdot page) and drop-down menus that show your users where in the hierarchy of information they are. Finally the author shows how to use apache's url_rewrite module to get those question marks, file extensions, and ampersands out of your URLS and sex them up. (You can also do this without url_rewrite, completely inside PHP, but using a custom error document and examining the path requested.)

Chapter 10: Error Handling
So you're all excited about your next web app, and you dive into coding, and something goes wrong. What then? This chapter is about errors. You can use the error_reporting function to customize which exceptions actually produce error messages, or create your own error messages that handle errors your own way. You can choose to log them in a database, send an e-mail to a coding team, and most importantly, recover gracefully so that your users don't see an error message. Not only is it unprofessional, it may reveal information about your program, file system, or database structure that can harm you.

Appendices
There are several good appendices, which tell you which configuration directives you're probably most interested in (the complete list you can get on PHP's web site), some common security breaches, and how to install PEAR, PHP's version of CPAN. My favorite appendix is the "Hosting Provider Checklist," a great reference for evaluating whether kewlhosting.com is going to give you the freedom and support you need to make a great hosted web site.

All in all, I liked this volume. Having read probably a dozen PHP books I wouldn't say it offers new information. But even though you know the plot, it's possible to enjoy a well-told story. See Volume II for heavier-duty ideas.

* My made-up calculus notation for "bang for your buck"
**Like this: http://books.slashdot.org/

In real life, Matthew Leingang is Preceptor in Mathematics at Harvard University. He promises to review any book sent to him for free, and sometimes actually does it. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

Re:PHP is a Great Language

[johnnyb]

I like the fact that you can just point your web browser to

http://www.php.net/FUNCTIONNAME

and get the documentation for that function.

Perl has a lot more contextual tricks to help the programmer, but PHP is a lot nicer to beginners who don't want to worry about whether they are in scalar or list context, and what the present value of $_ might happen to be.

Sample Chapters

[kubed]

Here are the URL's for samples of the first 4 chapters (so you don't have to give your e-mail address to SitePoint).

ZIP format:

http://www.sitepoint.com/books/phpant1/phpant1-sam ple.zip

StuffIT format:

http://www.sitepoint.com/books/phpant1/phpant1-sam ple.sit

tar/gzip format:

http://www.sitepoint.com/books/phpant1/phpant1-sam ple.tgz

Re:what a world!

[Metaplasmus]

...it comes from the Greek for word/speech about flowers (logos=word/speech, anthos=flower). Well, sort of. The word logos can indeed mean a word or a speech, but it has other meanings too--calculation and reckoning, for example. It comes from the verb lego, whose core meaning is "to gather/pick up," out of which come the senses of counting something and then speaking of it (the last being the most common sense of the word in ancient Greek). So despite appearances, an anthology is, indeed, a gathering of flowers.

Re:Comparison?

[FuzzyBad-Mofo]

I haven't yet read the subject of this book review, but I did find O'Reilly's Programming PHP to be a useful and comprehensive overview of the language. Of course, it was published in 2002, so today I would recommend going with something a little newer. But really, the documentation on http://php.net is excellent -- I'd check that out before spending money on dead tree.