Slashdot Mirror
How to Do Everything with PHP and MySQL
The publisher has a page on their Web site devoted to the book; for some reason, it lists the book as containing 400 pages, but my copy has 381. The page also has links to a table of contents and a sample chapter, namely the first one. For those readers with very slow Internet access or unstable Adobe Acrobat plug-ins installed, be aware that the sample chapter -- and even the table of contents -- are offered only as PDFs, but the two links give no warning.
Most technical publishers, for every one of their books, wisely have links to the errata and sample code, right there on each book's Web page. This is the best approach, because when readers are having difficulty getting a book's examples to work correctly, they want to be able to quickly find and download the most up-to-date sample code, as well as check the errata page for any bugs in the printed code. Unfortunately, McGraw-Hill/Osborne has their links to those two types of information in an easily-overlooked part of a menubar, using small black text on a blue background. The links are near the upper left-hand corner, and outside the content section of the Web page, where the typical reader would be seeking fruitlessly for them.
The companion Web site for the book is hosted by Vaswani's software consulting firm, Melonfire. The site has the book's table of contents (in HTML), a link to chapter 1 in PDF, a profile of the author, three full-length case studies, a feedback form, and an extensive collection of links to PHP and MySQL reference material, discussion lists, articles, and tutorials. At the end of the Introduction in the book, the author invites the reader to use that companion site for connecting with other PHP users, and sharing their thoughts on PHP and MySQL development. The site itself has no such forum, so the author probably meant the discussion lists.
The companion site also has a link to download a Zip file containing all of the sample applications from the book -- from chapters 7, 12, and 16 -- comprising nine PHP scripts, an SQL file, and a data file. The code snippets themselves do not appear to be included in the download. This shouldn't pose a difficulty for the typical reader, since few of the code snippets are long. Besides, typing them in on one's computer can help to reinforce the language syntax that one is learning, as well as decent code formatting (valuable for newbies).
The book is organized into four parts.The first of these presents the basics of PHP and MySQL, including the history and features of both technologies, as well as how to install them on Unix and Windows systems, verify the integrity of the installations, and make some critical security and configuration changes, such as changing passwords. Parts II and III cover the basics of PHP and MySQL, respectively. The fourth and final part describes how to use the two together. To that end, every chapter contains snippets of code to illustrate the ideas being described. In addition, each section is wrapped up and illustrated with a sample application. For PHP, the author shows how to build a session-based shopping cart. For MySQL, he presents a simple order-tracking system. For using PHP and MySQL together, he shows a news-publishing system.
Despite its title, the book clearly does not tell the reader how to do everything with PHP and MySQL. As the author notes in the Introduction, the book is not designed to be a complete reference for either technology, but instead intended as a tutorial for Web developers who are interested in learning how to do server-side scripting in combination with a database management system. Vaswani states that he does not assume prior knowledge of programming or database fundamentals, and that these basic concepts will be taught by example, using tutorials and realistic examples. I suspect a reader not familiar with HTML, however, could be easily baffled by the book. On the other hand, most if not all developers reading a book on PHP or MySQL are likely to already know HTML well enough to understand the output of PHP-enhanced Web pages.
One strength that this book has over many similar ones is that the author explains up front how to install PHP and MySQL, rather than relegating these topics to an appendix, or skipping them entirely. This is critical, because many programmers will find that the most challenging aspects of getting started with PHP and MySQL, are simply getting them installed and working, along with a Web server, such as Apache -- and not coding the applications themselves.
Another welcome aspect of the book is the author's enthusiasm for the technologies -- although characterizing MySQL as "quite friendly" (page 150) is a stretch. Furthermore, his explanations are clear and concise. In addition, Vaswani makes no pretense that his book has all the answers; he frequently refers the reader to URLs in the online manuals of the products, for more details. In addition, he does a nice job of illustrating the advantages of normalized database tables, and later explaining how to format query output -- an important topic omitted in many similar books.
Yet, like all books, this one is not perfect. There are a number of errors or pitfalls in the book that could confuse the reader. They range from incomplete explanations of what a user will see when running particular commands, to the sort of errata one finds in all technical books. I found over two dozen in total (there may be more). In the interests of keeping this Slashdot version of the book review close to the recommended length, I won't list all of the problems here, but will instead refer the reader to a longer version of this book review, if they are interested in those details.
Aside from its many minor flaws, I recommend this title to any programmer who wants to learn the basics of PHP and MySQL. Even though the publisher could improve their production quality, choice of binding, and Web page, the author has done a good job of clearly presenting the major points. Future editions could incorporate fixes to the errors noted in the longer version of this review, as well as better explain to the neophyte how to test/debug the code snippets. Nonetheless, the intended reader would be well served by this particular book.
Michael J. Ross is a freelance writer, computer consultant, and the editor of PristinePlanet.com's free newsletter. You can purchase How to Do Everything with PHP and MySQL from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This is finally the book that I need to write my php/mysql based operating system. Linux and Microsoft are dead!
Step 1: Use Emacs as your text editor.
How different is what this book covers from what this, this, this, or this?
Dont buy a book about PHP AND MySQL.
Seriously, buy one for each one of them.
Then, when you've bought those two, you can stack them under your laptop and type in:
http://www.php.net/
http://mysql.com/doc/
Ready to go!
much rather use aolserver and postgres.
It's called "Why Not To Do Everything with PHP and MySQL". ;-)
___
If you think big enough, you'll never have to do it.
The quote at the bottom of the Slashdot page says it all:
He flung himself on his horse and rode madly off in all directions.
Vaswani states that he does not assume prior knowledge of programming or database fundamentals, and that these basic concepts will be taught by example, using tutorials and realistic examples.
We wouldn't anybody actually learning fundamentals, would we?
On the plus side, when these newbie programmers hit the brick walls that surround PHP and MySQL, they will pay big consulting dollars to rewrite their sites with something else.
I was reading a mailing list the other day (think it was the Rails list) where programmers were actually *bragging* that they didn't use database contraints or views. Uhm, yeah. I can write programs without using subroutines but I wouldn't brag about it.
yet another waste of paper and time with the Xth book on these two particular pieces of software. what's so special about this one that sets it apart from all the other books?
1. No proper database connection pooling (and no, pconnect is not connection pooling).
2. Can't really run Apache2 in its threaded mode because a lot of php libraries are not thread safe (although php itself is).
Don't get me wrong, I *love* both php and mysql, but for highly-trafficked sites, jsp is definitely a better choice (from my own experience).
The Raven
Which Version of PHP does this book apply to?
Which Version of mySQL does this book apply to?
Specifically, does it cover PHP5?
So, in effect this can mow the lawn, feed the kids and keep the feds off my tail while i work on my plans for world domination?
Which is sad, because as much as PHP sucks, J2EE solutions suck just as badly in different ways. (That's another article.)
Duhhh!
You've jinxed it now, he won't post in this article.
I've been waiting for a book like this. I was really hoping to write a kernel entirely with this stuff...
I have looked far and wide, but perhaps I need to look closer. I have not figured out why some example scripts have the '@' before sql commands and some don't. Sometimes the use is different within the same example script. The commands appear to have the same function regardless of the presence of the '@' - I can't figure it out.
why?
php won't require lots of reference, once you learn something, you won't need to look it up. but with mysql, you will want a reference.
the other reason, once someone learns php, they will probably want to move on to another language. save the $50 from the php book and use it for a Java book.
that is if people are like me and have limited money. get the most bang for the buck. there is no reason to have a book that you use once and then don't need. it is better to buy books you will keep using.
i learned MySQL while writing a forum based application using JSP. MySQL is very fast, very user friendly, and it never failed me. But it does require a good reference book, otherwise you will go mad. and if you will be using MySQL on a network, make sure to password protect it, please. ;)
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Ha! JSP is just as prone to worm attack due to bad coding. Java is also a interpreted language just like PHP so java is also a "scripting" language. (Not that theres anything wrong with that)
Not so fast.
Java is proprietary.
"Piter, too, is dead."
The combination of the two is rapidly emerging as a favorite, partly because they work well together
Didn't PHP / MySQL emerge as a favorite about 5 years ago? Isn't the pair now a fully emerged favorite? Did I dream the year 2000 or has the author been Rip Van Winkling?
ShoutingMan.com
The Visual Basic and Access of the next generation...
The last I knew, PHP had variables, conditionals, loops, and functions. Perl has these, too, as do Python, Lisp, Bash, and even PostScript. Their Turing completeness has nothing to do with their execution environments.
What are you smoking? Java ain't interpreted.
...MySQL! There are a few of us who hang around /. who know databases (a very few), and we've always got to chime in whenever MySQL is mentioned.
Oh yeah...
MySQL sucks. Not a real RDBMS. Very limited. Not ACID compliant. blah, blah, blah.
I don't respond to AC's.
Seems like the only explanation for this myriad of redundant books on such a simple topic. Really, how can there be a market that can accomodate another one of these identical books every month?
sic transit gloria mundi
I, for one, am dedicated to PHP & MySQL but lately I"ve been experimenting with Coldfusion. Now I realize that Coldfusion is no open-source but in the past months, it has been a very good friend to me unlike PHP. CFM gave me the quick and easy commands to perform what I do on a daily basis or easy intergration ongoing projects.
In all, PHP & MySQL are by far the best there is, but i still have to explore other regions. Hence, I do not look forward anytime nor in the future to ASP.Net. I like to stay away from the proprietary enforcements and give my small snippets a chance when I need them on open-source applications!
The problem with these PHP run forums was not that they were written in PHP, but with the forums themselves. Blaming the language for the problems is like blaming the English language for mangling George W. Bush's speech, while the fact is that the English language is merely what he is speaking. Granted, there were security issues with PHP that didn't help much, but it isn't entirely the fault of the language.
Also, you must not have explored PHP much if you don't think any large applications exist.
Despite its title, the book clearly does not tell the reader how to do everything with PHP and MySQL.
... This is critical, because many programmers will find that the most challenging aspects of getting started with PHP and MySQL, are simply getting them installed and working
/sigh/ Practically every beginner PHP/MySQL book I've looked at describes installation in some depth. Quite often too much depth for my taste.
Darn marketing double-speak, gets you every time!
One strength that this book has over many similar ones is that the author explains up front how to install PHP and MySQL
"How to Do Everything? with PHP and MySQL"?
I hate how people abuses of PHP. PHP is nice when you really need what things like PHP/ASP/etc provide, but these days some people use it for everything. I hate it. Take a look at blogs - they're not really "dynamic content", they're just static content which changes very frequently, still everybody uses PHP to implement them.
Java is only the better language to learn if you work on large projects with a team of programmers. For 1-3 programmers on a mid-sized project, I'd take PHP over Java any day.
And what's this business about scripting languages not being true languages?
Or better yet, use Wicket on Java and PostgreSQL.
Throw the bums out!
you're absolutely wrong. mysql is dual-licensed, with one of those two being the GPL. the GPL is not only for non-commercial. seriously, read up before throwing stones.
Sorry, but you really have not got a clue. MySQL is GPL.
I can't stress strongly enough that people NOT buy a MySQL book. Buy a SQL book. Even better, buy a RDBMS book. We have enough people doing stupid things with data. We don't need any more. You might as well suggest that somebody buy a Windows 95 book.
I don't respond to AC's.
"@" suppresses error messages.
PHP websites are more vulnerable to worms. Just six months ago, many PHP run forums were shut down and destroyed. The exploit was something that worked only with PHP forums.
So it was a shortcoming endemic to the langauge, and not sloppy coding, right? I mean to say, PHP itself was at fault, due its very nature? A similar thing can't possibly happen in a "real" programming language like Java?
Java is the better language to learn. It is more like a true programming language than PHP. The reward for the time spent learning a language is greater with Java than with PHP.
That's begging the question. And wooly-headed thinking at its best. I'd argue that the barrier to entry is a lot lower with PHP than Java (or C, C++, .Net, et al.). So someone new to the language is bound to see results faster. But your point is nonsensical to begin with...
I always thought of PHP as more of a scripting langugae, and not a true language. No large PHP applications exists out there. But there are tons of enterprise Java applications.
A scripting language is a "true language". BASIC is a true programming langauge. MSDOS batch is a true programming langauge. Further, have you ever heard the saying "use the right tool for the job"? There are a lot of types of websites filling a lot of roles. Many (most?) of them don't need the overhead and complexity of an enterprise-class system. Use what works, without specious limitations brought on by technical snobbery.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
PHP websites are more vulnerable to worms. Just six months ago, many PHP run forums were shut down and destroyed. The exploit was something that worked only with PHP forums.
I don't think PHP sites are inherently more vulnerable because they use PHP. I think it's because PHP coders are more likely to be amateurs, and PHP projects more likely to be developed by new coders, that they'd have holes. It's not a failure of PHP IMHO. It just happens that more bad coders use PHP.
If this is the worm I am thinking about, it was specific to one particular forum, which is quite popular and written in PHP. The exploit was a vulnerability in the source, not PHP itself. Is all JSP code automatically uber-secure?
And if the 'reward' of programming with a 'real' programming language is that much better, write your web-apps in C, or
This rating is Unfair ( ) ( ) Fair (*) Funny
Sigh... If only. Modding would be so much more fun.
But can you build a /. from PHP and mySQL? A lot of books will show you the bits and pieces that make up a comprehensive website but usually don't show you how to put the whole thing together.
I'm waiting until I can run PHP and MySQL on a GPU. With advances in sorting, shader programming, audio processing, and general purpose computing on GPUs, its only a matter of time before someone decides to try to do build an http server, PHP, etc. on a graphics card. One might even argue that a GPU and its RAM would make a nice secure sandbox walled off from the CPU, HD, and main OS.
Why do this? Like all good hacks, its done because its almost (im)possible and certainly not intended.
Two wrongs don't make a right, but three lefts do.
People that copy&paste from books like this and "asseble" pieces of code without proper foreknowledge of what are they doing pretty often end with bad/overblown databases and slow websites not to mention "debugging" riped code.
can someone please mod this idiot down? htf does he have a "score 3 informative" when he doesnt even know that mysql is available under the GPL?
The companion Web site for the book is hosted by Vaswani's software consulting firm, Melonfire.
Do I really want to read a book by someone who works for a consulting firm named after the ignition of fruit?MySQL is dual-licensed; it is available for free download, and if you wish you may distribute it under the terms of the GPL. A commercial license can also be bought, and I think that includes things like support and possibly the ability to distribute under different terms. I don't remember exactly...
/me ducks the tomatoes. :-)
Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
How about you learn the language before you speak out of what google news and fellow slashdotters tell you?
Saying that there was a worm that only affected PHP forums is only a half-truth, at best. It only affected a single PHP based forum, not every PHP forum made in existance. The flaw there was a hole in the software, NOT a hole in PHP. Have there been holes in PHP? Of course, there's hole in everything else, too. The exploit was not in PHP, it was in some software that's coded in PHP. Using your thinking, that's like saying C is a horrible language because if you don't know what you're doing, there's a chance of a buffer overflow.
From "A Note on Security in PHP":
" A recent Web Worm known as NeverEverSanity exposed a mistake in the input validation in the popular phpBB message board application. Their highlighting code didn't account for double-urlencoded input correctly. Without proper input validation of untrusted user data combined with any of the PHP calls that can execute code or write to the filesystem you create a potential security problem. Despite some confusion regarding the timing of some unrelated PHP security fixes and the NeverEverSanity worm, the worm didn't actually have anything to do with a security problem in PHP."
The phpbb developers are not stupid, they are competent people. Yet, there was a hole. It happens, no one is perfect.
I'm quite certain that JSP/Tomcat can be just as insecure if you code it wrong. Same with ASP. Or, gasp, anything.
I don't know where the author gets his/her infomation but I do not see any indication or evidence that it has not already "rapidly emerged."
It's only free if you release your web app as GPL also.
I patented screwing your mom. But it got revoked for "prior art."
Java and JSP and javascript are all steaming piles of dog shit. They are slow, the interpreters are buggy, and I've never had ONE fucking java app run like it was supposed to.
FUCK I HATE JAVA, WRITE IN C++.
It's only free if you release your web app as GPL also.
Not very free IMHO.
I patented screwing your mom. But it got revoked for "prior art."
The performance of Java and the functionality of MySQL. There's a match made in hell for ya.
Seriously, do their problem domains overlap at all? Big servers with plenty of resources: Java + an ACID database. Small servers that want to be responsive at the expense of all else (like complex functionality and data integrity): PHP + MySQL. I can't imagine harnessing DB2 to PHP, and the inverse doesn't seem a whole lot more sane.
I know someone's going to pipe up and announce that they've been using PHP and an Oracle to drive their website for years, but it still just feels wrong.
Dewey, what part of this looks like authorities should be involved?
"Free use for those who never copy, modify or distribute. As long as you never distribute the MySQL Software in any way, you are free to use it for powering your application, irrespective of whether your application is under GPL license or not."
... then every problem tends to look like a nail.
- Hubert
gimme a break. that's the difference between GPL and LGPL. that's like saying bsd is MORE free than GPL.
That being said, it is a toy database, and as such, should not be used on serious projects (i.e., anything that uses normalized data schemas and requires data integrity).
Yeah, right.
By posting a comment on this article, I can troll two products at once! I'm a PostegreSQL snob and a Java snob!
Of course, this book is just indicative of one of the key features of the Open Source movement: the ability to take two bad software packages and combine them to form something truely horrific.
(I wasn't using that Karma anyway.)
Start Running Better Polls
I'm well aware that it is dual licensed, however it's not like you can just choose whichever license you want. From their license found on:
e rcial-license.html
http://www.mysql.com/company/legal/licensing/comm
The Commercial License is an agreement with MySQL AB for organizations that do not want to release their application source code. Commercially licensed customers get a commercially supported product with assurances from MySQL. Commercially licensed users are also free from the requirement of making their own application open source.
When your application is not licensed under either the GPL-compatible Free Software License as defined by the Free Software Foundation or approved by OSI, and you intend to or you may distribute MySQL software, you must first obtain a commercial license to the MySQL product.
I must be some kind of retard, I build my stuff with Perl and PostgreSQL.
"I have never won a debate with an ignorant person." -Ali ibn Abi Talib
If anyone can point me to a good *free* PHP editor for Linux, I'd be very glad. The editors for Linux I find here http://www.php-editors.com/review/, are not good enough. I want one I can get for free.
again, WRONG. you need a license to DISTRIBUTE mysql with your non-gpl'd app.
I would very much like to. But my fingers won't spread far enough to hit all the keys.
to DISTRIBUTE mysql, not to use mysql.
and it ONLY matters if you distribute mysql, not if your app uses it.
If it shamelessly borrowed from ASP.NET and JSP where appropriate. One of those things it should borrow from is consistent function names. The ad hoc naming convention has to go if PHP is going to really end up taking over in those markets. It is also a lot harder for people to remember how to use functions that aren't consistently named.
It should also be working toward full support for namespaces and something analogous to Web Controls. I should be able to declare a button like:
<php:Button>
and then be able to manipulate its properties using PHP code.
Click here or a puppy gets stomped!
BSD is more free than GPL.
There is not one thing that you can do under the GPL that you are not allowed to do under the BSD license, and there is quite a bit more you can do under BSD.
That is pretty much the definition of "more free" under any definition of "free" that applies to this disucssion (e.g. is not the same as "gratis").
Now, the questions of whether the BSD license or GPL leads to more software freedom and which license promotes free software better are up for some debate. The GPL makes sure the software STAYS free, and as such, there are very good arguments that the GPL better promotes free software, the OSS movement is better off than if everything was released BSD, etc. But this is a different matter than which license is more free. If the promotion idea is what you are thinking when you say the GPL is more free, I put to you that you need to be less sloppy with your language and say what you mean, not what sounds good.
So I can finally shag the girl across teh street if I first start using PHP with MySQL? Amazing!!
is only light relative to even heavier Java solutions. :-|
...)
Invariably people who sing the JSP praises have no significant experience with a real lightweight toolkit (Spyce, CherryPy, RoR,
But that's okay, because doing things the hard way builds testosterone.
Hey, I bought this glass house so I could throw any stones I want!
Dammit, I'm going to get my money worth!
Pretty Pictures!
If anyone can point me to a good *free* PHP editor for Linux, I'd be very glad.
Kate
Has syntax highlighting (including recoginizing builtin functions), bracket matching, code folding, regex search and replace, blah blah.
If you want one that does fancier stuff like show you class structures etc, then I dunno. Eclipse has a PHP plugin I heard - dunno how it works. One of my friends is huge into zend studio (non-free), but he works at a university (where they think nothing of spending a students tuititions worth on a computer - what do you mean our programmers don't need 23" apple cinema displays?)
Speak before you think
I\'ve just read this book, and it\'s great! I\'m going to use PHP and MySQL for all of my web-based apps now!
I didn't think so... so alone... so alone...
A guy walks into a bar... well, I forgot the joke, but the punchline is that he's an alcoholic.
Bingo. No language can make up for bad coding. PHP happens to be a) ubiquitous, b) easy to get started with, leading to c) lots of crap code. PHP can be criticized for a lot of things, but the ability of those that use it isn't one of them. (Although maybe we can lay a bit of blame at the feet of publishers that won't put out a book that talks about applying good programming practices to PHP? We have more "Dick and Jane Learn PHP" books than we know what to do with already.)
This is the voice of World Control. I bring you Peace.
In fact, look at the zend website even, they give horrible examples that nobody should ever follow. Gee, I wonder why so many PHP programmers end up writing crappy code.
Also, the PHP developers have proven over and over again that they do not care AT ALL about security. As an ex-PHP programmer myself, I have to agree with the "dear god use anything but PHP" people.
I'm asking because I don't know. Are PHP and MySQL well suited for high-volume/traffic sites like eBay or Amazon? What types of limitations might you run into if you tried to implement these sites using this combination?
Look at the examples given in the companion web site. There is code like the following, which is highly vulnerable to SQL injection attacks:
Validate? Just by removing trailing spaces? People trusting this book's advice will be very sorry soon.
One more example:
No validation at all! User input thrown into the database without any check!
It's unbelievable that in 2005, after all the outrage and cry about SQL injection ther is still a new book proposing such horrible code!
Step 1: Install Gentoo with "-O4 -march=FASTER!!" CFLAGS
Step 2: Do `emerge -D php mysql`... rapidly!
Step 3: Use this to pad out your book
Step 4: Profit!
babes - but somehow PHP and MySQL just wasn't working out there.
-- Tigger warning: This post may contain tiggers! --
Comment removed based on user account deletion
Seriously, do their problem domains overlap at all? Big servers with plenty of resources: Java + an ACID database.
um..
mysql IS an ACID-compliant database...
Wake up, Rip Van Winkle, 1998 is SO over.
Have a look at how mustang is being developed and how the JCP works. Java is about as open as you can get without being osi approved. Also, the world existed just fine before open/free software came about. Many corporations/people out there still depend on proprietary software to keep their business going because there isn't a free/open equivalent to everything out there.
Open/Free software is good but trying to label java as "proprietary" and pretending it's a bad word is a weak argument. Try reading this.
Open Source Java DAO Generator
Damn politics. Get you every time. Bush is king. Bush is god. Bush is good.
I mean, I know that apache2 support is only available in CVS, but other than that, how's it compare to php?
I just wrote a bunch of php with PEAR DB and compared to perl it felt.. unclean.. hashes and regexes are unpleasant compared to perl, and I couldn't subclass DB cleanly since it has no constructor..
Granted, I could get stuff done pretty quickly because php is perl-like, but there's enough stuff that seems arbitrarily different from perl to make the experience sorta yucky.
Use the best tool for the job.
</obCopout>
OK, now that's out of the way, I'll say this:
I've done sites in PHP (Makeuptracker), Java Servlets + JSP (Prayer Supply), and other technologies, and based on what you've said so far, there's no compelling reason to not use PHP if that's what you want.
On the other hand, there's no real reason to not use JSP, servlets, or any of a half-dozen other environments, either. The reality is that your site is unlikely to be overly sensitive to environment and that any half-decently-coded implementation in any tech is likely to work at least acceptably.
Thus you have a problem where the solutions aren't really distinguishing themselves a great deal. So come up with some more metrics--is technology X something you really want to learn? Do you want to be able to use a cheaper hosting service (PHP is common on cheap hosts, app servers not so much)? These sorts of questions are the ones you should probably be asking...
"Time flies like an arrow; fruit flies like a banana." --Groucho Marx
Just because you are reviewing a technical manual doesn't mean the review needs to read like one.
% cat > coolpage.php
<html><? cool php script ?></body></html>
^d
%
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
since it lets you do anything... ANYTHING
The exploit was not in PHP, it was in some software that's coded in PHP. Using your thinking, that's like saying C is a horrible language because if you don't know what you're doing, there's a chance of a buffer overflow.
People criticize C all the time for not protecting from buffer overflows. There are libraries dedicated to wrapping string handling in a way that doesn't allow buffer overflows.
You could apply the same criticism to PHP for allowing SQL injection attacks. PHP lets you input any old SQL, without prepared statements.
There's some good in having a language that protects you from yourself. I don't think protection always needs to be in the language core, but it can be a good thing.
The combination of the two is rapidly emerging as a favorite, partly because they work well together, and partly because they are both available under open-source licenses.
These are valid reasons for their being popular, but the reviewer left out another very important reason: both of them are really easy to learn. Whatever their shortcommings, someone with only moderate technical inclanation or experience can learn enough PHP and MySQL to have a fairly powerful site up and running in a very short amount of time.
KTHXBYE
"I'm quite certain that JSP/Tomcat can be just as insecure if you code it wrong. Same with ASP. Or, gasp, anything."
Depends how you look at it. In JSP/Tomcat you don't have to worry about encoding/decoding input except in special cases. The appserver does it for you so you don't have to worry about these types of attacks. Languages like Java, C# and Managed C have some built in safty nets to prevent things like buffer overflows as well. SQL Injection attacks can be a problem if you're not using PreparedStatement but good coding practices shouldn't let the user have that much access to the sql statement to begin with in most cases.
Open Source Java DAO Generator
The great thing about php and mysql is that its very simple. If you already know SQL commands, and C#, then you can probably code 90% of what you need to do already. PHP accepts very generic commands that are common among a lot of languages, so there isnt much to learn. I don't know offhand how well it can scale into the really big league stuff, my php/mysql site got one million hits this month, and it handled that just fine.
Also, the world existed just fine before open/free software came about.
No it didn't, the world (computer world as we know it at least), started with open sourced software, then propriatary vendors came along and its been downhill ever since.
It's only free if you release your web app as GPL also.
g TheGPLForAProgramMakeItGNUSoftware
Not very free IMHO.
I think mysql license info about the GPL is incorrect.
GPL mentions modified versions, if you use mysql as a basic sql engine, and not modify its sourcecode, its still GPL compliant.
The GPL FAQ mentions using a GPL program for non-free software.
So, Just as you can use VI to write non-free code, you can use SQL for a non-free database. You havn't modified MYSQL sourcecode, you are using it as its intended purpose.
The GPL also says if you fork or exec a plugin you dont need to release your source, seems the same as a select or put. Now your interface plugin to the MySQL database would have to be GPL'ed by default.
I dont know how MySQL team could say using the product voids GPL, its sourcecode modification not use that voids GPL.
http://www.gnu.org/licenses/gpl-faq.html#DoesUsin
Can you overload methods or operators to provide custom extended functionality?
Can you inspect a namespace by easily printing out all members and values of a namespace at any point - great debug facility?
Does php have a safe eval mode?
This os course, ignores the fact that C is a horrible language. If you don't know what you're doing, there's a chance of a buffer overflow.
Speaking of Graham, read http://www.paulgraham.com/pypar.html.
Python is a lot more open than Java, and by Paul Graham, a better language.
Anyway, don't mean to start a flame. I read Graham too.
"Piter, too, is dead."
Discussions concerning what scripting / pooling / serverlet system to use has nothing to do with open source outside of the normal OSS advocacy.
No one is in a position to tell you that you *should* learn PHP. The only people that care one way or the other what you do will be advocates/zealots of one flavour or another.
Presuming you are a competent programmer you should learn the fundementals PHP in an hour or so, just read the docs. You could probably have written your first script in the time it took me to write this.
That's what makes these books so laughable.
*and* they usually teach you to write difficult to maintain / poorly scaling code.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Acme in 9ports for Linux
though, naturally, I use the original plan9 version
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
How To Stop Doing Everything with PHP and MySQL?
Uh-huh.
Dewey, what part of this looks like authorities should be involved?
If your site is being beaten that badly, then it's time to stick a couple web servers into play and putting a hardware load balancer in front of them.
After that, your going to be dealing with bandwidth issues before you deal with PHP issues.
Really:
Advanced PHP Programming by George Schlosshnagle
Google for it.
grammar-lesson free since 1999. (rescinded - 2005)
I tried to copulate with my G/f using php and mysql. It failed miserably. :-( ... *CRASH!!!*
use girfriend;
show rack;
select * from rack;
insert into
"I used to have that really cool,funny sig
One strength that this book has over many similar ones is that the author explains up front how to install PHP and MySQL, rather than relegating these topics to an appendix, or skipping them entirely
.....but I guess I'm assuming a few things here...... =)
Setup Instructions:
1. Use an Apple Computer
2. Download Aaron Faby's packages (and tip him a few bucks)
3. Install (i.e. click 'continue' until the screens go away)
Simple!
is not difficult
.
-shpoffo
And for those of the 4400 where taken in 1990, searching for your special talent and still arguing emacs versus vi - you must have missed the shootout in Infoworld while you were gone.
Now what's that damn password?
mysql is one of the worst overhyped software I have ever seen.
I am a Computer Scientist, RHCE, VMware Certified, MCSE.
mysql is a major disappointment compared to PostgreSQL.
mysql is not even ACID compliant, so why would I trust my valuable data to it ?
No thank you: I use PostgreSQL, DB2 or Oracle !!
I found this site to contain quite a good book about PHP (including version 5.x):
http://www.hudzilla.org/phpbook/
It's worth the read, but you can't physically flip the pages...
Also interresting is http://www.phppatterns.org/ which covers design pattern use with PHP.
To quote Microsloth, "get the facts" before you start whining about something that is so history it ain't even funny.
Oh yes, about the other whines on that page, MySQL 5 seems to address most all of them. As I said elsewhere, I'm waiting to see the gold version before I review it, but it is looking promising.
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
No, that's not true. If you distribute your web app without MySQL, then you don't have to GPL it because you are not distributing MySQL.
Oolite: Elite-like game. For Mac, Linux and Windows
% firefox /dev/tty
<html><? cool php script ?></html>
^d
Guy asked me for a quarter for a cup of coffee. So I bit him.
Sure thing, boss, that's coming up.
A real database won't let you insert a value that is too long for the field. A toy database will truncate. Example:
On the last line, MySQL says,
but PostgreSQL* says
Let's run a query and see what we got from MySQL, shall we?
Wrong, wrong, wrong! There is NO data integrity in accepting data and then truncating it. This is why TOY databases have no place in production environments.
Okay, not good enough, right? There's lots more. Let's try referential integrity.
MySQL says
PostgreSQL says
In other words, in TOY databases, "referential integrity" means about as much as a pinch of bat-guano. In real databases, preventing damage to the data is actually important.
* I'm using PostgreSQL here because that's what I have running on my laptop. The same things apply to other real databases, such as Oracle, MS-SQL, etc.
Yeah, right.
I agree there. The feature list of what something Oracle has from Database Design/Development(PL/SQL/Java/C++ modules) to scalability ( Real Application Cluster, anyone? ) compared with MySQL makes the database selection for a high availability system a no-brainer.
I can't afford a sig!