Slashdot Mirror
PHP 5 Recipes
jsuda writes "
With all the books being published recently about PHP a new one will need to find
and fill a niche to distinguish itself. PHP 5 Recipes: A Problem-Solution
Approach, published by Apress, has done so, in my view. This is an intermediate-level
volume exploring PHP 5 using a recipe approach where the basics of
PHP 5's functionality are expressed systematically but in a small-topic
by small-topic manner. Cook-book style, each topic is relatively autonomous
and can be individually selected, as necessary, for information or review, similarly
to how many refer to the Joy of Cooking for help on a cooking project.
It's a source for instant solutions to common PHP-related problems. There are
over 200 such recipes presented." Read the rest of jsuda's review.
Php 5 Recipes: A Problem-Solution Approach
author
Lee Babin, Nathan Good, Frank M. Kronman, Jon Stephens
pages
646
publisher
Apress
rating
8
reviewer
John Suda
ISBN
1-59059-509-2
summary
A problem solving approach to Php 5
Each of these recipes refers to a small element or aspect of PHP 5 and the presentations contain a brief overview of the topic, an explanation of how the code elements work, and where the code is applicable in projects. Overall, the book covers the whole range of PHP 5 functionality where each major element of PHP 5 is addressed in a recipe explaining and illuminating relevant code elements. You can easily get information about a specific PHP 5 element by going directly to the section of the book where it appears. Even better, the code snippets are designed to allow one to copy and paste them into your own applications or development easily and then to configure them as necessary. All of the code snippets are freely available for downloading at the publisher's website at www.apress.com.
There are 16 chapters and an index covering a total of 646 pages. The chapters are organized similarly to other PHP primers, covering the basic elements of PHP - data types, operations, arrays, strings, variables, files and directories, dates and times, functions, and regular expressions. The coverage for much of these concepts is relatively mundane and unoriginal. The discussion of dynamic imaging, however, is an exception. The writing throughout, however, is solid and clear. The book emphasizes the most important elements of new PHP 5. The object-oriented programming elements especially are covered - classes, objects, protected class variables, exception handling, interfaces, and the new mysqli database extension. The authors' discussions focus on PHP 5.0.4, MySQL 4.1, and cover Linux and Windows environments.
The book is directed at PHP programmers looking to learn the elements introduced by PHP 5, and for those looking to find fast solutions to coding problems. It assumes a basic knowledge of PHP. Many of the recipes discuss object-oriented programming and these are some of the more advanced sections of the book. I can say that Chapter 2, which introduces the object-oriented concepts is one of the better explanations of the topic that I've read. The chapter covers constructors, destructors, methods and properties, class diagrams and examples of these concepts at work in code snippets. There are a number of interesting segments containing custom coding of classes as reusable templates from which to create objects.
The book is well-designed and written. The discussion is clear and logical. The code snippets are well-explained. The authors are experienced programmers and developers, and Good and Stephens have authored or co-authored a number of technical books.
A large handful of the recipes contain projects, usually appearing at the end of the overview and presentation of code snippets covering the basics of the topics. The projects usually deal with the creation of higher-end classes and objects as solutions to common coding problems. The idea here is to show PHP 5 functionality at work providing useful code sections to be dropped into your custom applications. Chapter Five concludes with a sophisticated class dealing with dates and times issues. Other chapters contain constructions of string, file, graphics, and regular expression classes.
The last five chapters deal with using the PHP code in web applications and services. This material covers cookies (including construction of a cookie class), using HTTP headers, sessions, and using query strings. Much of this material has been covered elsewhere in the many primers on PHP already published. There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class.
This is a useful book to have in a programmer's library."
You can purchase Php 5 Recipes: A Problem-Solution Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Each of these recipes refers to a small element or aspect of PHP 5 and the presentations contain a brief overview of the topic, an explanation of how the code elements work, and where the code is applicable in projects. Overall, the book covers the whole range of PHP 5 functionality where each major element of PHP 5 is addressed in a recipe explaining and illuminating relevant code elements. You can easily get information about a specific PHP 5 element by going directly to the section of the book where it appears. Even better, the code snippets are designed to allow one to copy and paste them into your own applications or development easily and then to configure them as necessary. All of the code snippets are freely available for downloading at the publisher's website at www.apress.com.
There are 16 chapters and an index covering a total of 646 pages. The chapters are organized similarly to other PHP primers, covering the basic elements of PHP - data types, operations, arrays, strings, variables, files and directories, dates and times, functions, and regular expressions. The coverage for much of these concepts is relatively mundane and unoriginal. The discussion of dynamic imaging, however, is an exception. The writing throughout, however, is solid and clear. The book emphasizes the most important elements of new PHP 5. The object-oriented programming elements especially are covered - classes, objects, protected class variables, exception handling, interfaces, and the new mysqli database extension. The authors' discussions focus on PHP 5.0.4, MySQL 4.1, and cover Linux and Windows environments.
The book is directed at PHP programmers looking to learn the elements introduced by PHP 5, and for those looking to find fast solutions to coding problems. It assumes a basic knowledge of PHP. Many of the recipes discuss object-oriented programming and these are some of the more advanced sections of the book. I can say that Chapter 2, which introduces the object-oriented concepts is one of the better explanations of the topic that I've read. The chapter covers constructors, destructors, methods and properties, class diagrams and examples of these concepts at work in code snippets. There are a number of interesting segments containing custom coding of classes as reusable templates from which to create objects.
The book is well-designed and written. The discussion is clear and logical. The code snippets are well-explained. The authors are experienced programmers and developers, and Good and Stephens have authored or co-authored a number of technical books.
A large handful of the recipes contain projects, usually appearing at the end of the overview and presentation of code snippets covering the basics of the topics. The projects usually deal with the creation of higher-end classes and objects as solutions to common coding problems. The idea here is to show PHP 5 functionality at work providing useful code sections to be dropped into your custom applications. Chapter Five concludes with a sophisticated class dealing with dates and times issues. Other chapters contain constructions of string, file, graphics, and regular expression classes.
The last five chapters deal with using the PHP code in web applications and services. This material covers cookies (including construction of a cookie class), using HTTP headers, sessions, and using query strings. Much of this material has been covered elsewhere in the many primers on PHP already published. There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class.
This is a useful book to have in a programmer's library."
You can purchase Php 5 Recipes: A Problem-Solution Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Do the examples show how to write solid, secure code?
Indeed, inexperienced programmers writing insecure code has plagued PHP for years now. Far too many PHP books that I have flipped through show very poor style. They don't verify the inputted data, for instance, before making a SQL query.
So while a professional, or even somebody with some level of experience, would see such an obvious problem, a beginner may not. And then the result is often a compromised server, a destroyed database, or some other shenanigans. Often times a problem with a user's PHP script ends up making other, completely innocent and unrelated projects (such as Apache or Linux) look to be at fault. That's not good for the image of the community.
Cyric Zndovzny at your service.
Am I finally going to learn how to display "Hello World!"?
do.what.promptcmds
Due to the constant vulnerability announcements and lack of RedHat legacy rpm support, we've been removing PHP from all our webservers.
Maybe...
Come as you are, do what you must, be who you will.
Many PHP books I've seen often include an SQL tutorial. Due to space constrains, it is often quite lacking and only focuses on using SQL, rather than designing efficient and well-planned databases. Such half-assed tutorials may often be very misleading to new PHP users.
I recall working with one web developer who learned PHP from such a book. We told him that we wanted to use PostgreSQL as the backend for our site, but he insisted on using MySQL, since that was the only system mentioned in the book he had bought. We no longer required his services after that show of incompetence.
Does this book try to cover topics such as SQL and database design, which should be covered in their own, separate book(s)? Does it specifically refer readers interested in such subjects to consult other sources of information?
Cyric Zndovzny at your service.
Too bad PHP is so popular, pulling work away from languages that are well-designed. Argh. Too bad it costs more to get Python or Ruby hosting, and one cannot even hardly find Scheme hosts.
This is not flamebait. It is poorly designed, hackish and is continually mutating I would like to see someone argue that it's not all or any of these points. PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.
I learned PHP using Kevin Yanks tutorials and articles 4 years ago. His books and tutorials are very easy to understand and use. His tutorials and articles can be read on http://sitepoint.com/
OMG why cant evryone juSt use teh Rubby on Raylls lol its teh fastest and generall bestest web-framewrok avaleabal. u can even use teh AJXA with it!!!!!1!
PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.
Indeed. A truer statement has rarely been stated.
From an engineering standpoint, PHP is abysmal. Many people will suggest otherwise, but they are often those who lack a formal education and background in designing secure, scalable, high-reliability software systems.
The Hardened-PHP project is a perfect example of what is wrong with PHP. It's not that the Hardened-PHP project itself is bad (it's a very good thing!). The problem is that the core PHP developers have not taken such basic security concerns into consideration. The fact that they have to rely on a third party to provide such integral and necessary functionality is a very bad sign.
Cyric Zndovzny at your service.
Well due to the numerous open-sourced products, the fact that Apache is free and it being a relatively (stress on this word) easy language, means that until it's replaced it will only become more popular. So good security practices need to be stressed and gone over in detail by someone. Otherwise how can people learn about it?
Where all think alike, no one thinks very much.
Maybe /. can do a review of 'CLOSED TAGS FOR DUMMIES' next.
Someone has an unclosed italics tag somewhere...
Look, I fixed it!
I'd like to see more distributions include Catalyst. I think Mandrake is the only one that does, now. If MVC frameworks like Catalyst were more universally available (as PHP is now) they'd get a lot more use.
ASP called, it want its Holy War back...
An anti-PHP/anti-ASP coalition would be even better than separate anti-PHP and anti-ASP coalitions.
Either way, the fact remains that insecure, faulty systems are used far too often for web development. The best thing that can be done at this point is to raise awareness as to the flaws and problems associated with such systems. That may be the most effective way to eradicate their use, thus providing a far more secure Internet.
Cyric Zndovzny at your service.
It's hard to move them off PHP. The majority don't even use it, it only exists because it was included in the standard build (not my decision).
Now I'm hungry again!
All comments are properties and trademarks of the voices in my head. Not like I'm gonna claim them.
A version of the Hardened PHP patch will [most likely] exist in PHP (by default) as of PHP 6.0.0.
The fact that it will take them up until version 6.0 to include such essential and basic security functionality shows their lack of quality. For serious applications, that is just plain unacceptable.
Cyric Zndovzny at your service.
The term "Engineer" is, in most contexts, a priviledged term. Not just anybody can be labelled an "Engineer" until they've gone through some rigor.
Why not apply this idea to software? If there was a coalition or Union of workers, with a commonly agreed-upon set of requirements and certifications, with annual fees and a good reason to require a decent demonstration of competence? Something with real teeth, and ongoing certification requirements. Think, the Bar, only for software engineers instead of Attorneys. As with Real Estate, being a "Realtor" is a priviledged term.
If done right, it would be AWESOME to mention on a resume, and would likely become something like the Underwriter's Laboratories - a private entity, but one that's almost required by law simply because it's a reasonable assurance of safety.
There are a number of VENDOR certifications (EG: CCNE, RHCE, and the laughable MCSE, etc) but is there any platform-neutral, "This guy knows how to validate input and write qualifiable code" organization?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Why do you have such a hard-on for php? Did it kick your dog?
PHP, isn't that like the betamax of scripting languages?
Thanks!
Does B&N have an affiliate program? Looking at the purchase link, I see it passing an encoded userid.
I'm just wondering if someone is trying to make a buck off of this.
There is allegedly at least a 50% discount for the ebook as against the printed version, although the price of $22.50 means there is a nad less than a 50% discount from the full $44.99.
I guess publishers don't have to know maths, or they are just tight. That whole half cent makes their statement a lie..
Maybe they meant up to 50% discount.
Have a look at the PHP Security Consortium publications. PHP can be secure it's not got the same emphasis like lets say Java but thats one of the advnatges of PHP quick, fast and not restrictive.
That has to be the worst argument I've ever seen. PHP doesn't pose many security problems, and those that it did does pose get fixed rapidly. The 'security risks' you see are due to 1) improper system administration and 2) badly written user code - neither of which can be blamed on PHP.
Your argument is goes something like this: "Because someone stabbed somoene else with a fork, we should rally together and make sure forks are banned from all households". You may as well form an anti-C coalition while you're at it, because there are a lot of insecure C applications out there. Perhaps we can get GCC removed from distrobutions as well.
BeauHD. Worst editor since kdawson.
Perhaps you could outline some of these flaws in detail? You seem to think you know what you're talking about, but I have some serious doubts.
You sorta of come off as a disgruntled Perl programmer who had his job displaced by another language.
BeauHD. Worst editor since kdawson.
I've never seen so many people bag on a web scripting language. Perhaps there should be a whole discussion board dedicated to your web language of choice whether is Pearl, JSP/JAVA, PHP. ASP, .NET or ColdFusion.
.NET. .Net is fast and easy, but you're stuck with Microsoft and it can be very browser specfic. ColdFusion is slow, but super easy.
I've heard great things and bad things about all of them. Pearl is hard to learn, but is super fast and secure. Java is super slow and hard to learn, but very secure. PHP is easy to learn moderately fast, but insecure. ASP is fast, but is being replaced by
Do you choose your language because that's what feeds you or do you choose it because you believe it's the best technology?
So what language would you PHP~Flamers suggest? RoR? Perl? JSP? .NET?
As many others have stated, blame the newbie coders not the environment. Every year people die trying to blow-dry their hair in the shower, it's not the water company, electric company or hair dryer company's fault.
Sure it lets you get into a mess rather quickly, but so does Linux in general. So does almost every other web language. Don't tell me you can't shoot yourself in the foot with Perl or ASP, if you think that you're a fool. They don't FORCE you to write secure queries or data validation classes either.
Most of you just like to cry about whatever others are. I'd wager some flamers here use FrontPage for their 'web development' tasks.
As opposed to say, perl, right?
/., while ignoring the fact most other languages really aren't any better.
While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.
Are the majority of perl users well versed in perl security? I doubt it.
What, you going to recommend people use C instead of PHP then? python? Even java has issues.
It's very fashionable, hip and trendy to bash PHP on
Why do you have such a hard-on for dogs?
At the risk of getting off-topic, I've found Apress to be a reliable publisher, in terms of the quality of books they put out. The topics have been interesting, the knowledge useful, and the text easy to read. It's the only publisher whose books I'd buy just on name recognition.
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
Ridiculous anti-PHP bullshit. There are numerous articles on achieving security with PHP and other similar server-side scripting platforms.
.NET.
What's really going on here is that due to PHP's clear popularity, not only with newbies, but with many serious programmers, is a backlash from programmers trying to defend their current bloated 'kings', such as Java or
I've had enough of reading this crap.
All programs are as good as their programmers, no matter what platform they are utilizing!!!!!!!!!!!!!!!!!!!
Steve Magruder, Metro Foodist
You obviously do not understand my argument. There's no need to bring fork terrorism and other analogies into the discussion.
What it comes down to is that PHP is not well designed, and is not well engineered. This is shown by the numerous security issues involving PHP (even on systems that have been designed, set up and maintained regularly by experienced professionals). Don't take my word for it! Go do some research for yourself.
As for your attack on GCC, well, that just shows how clueless you are about such matters. GCC is one of the best engineered pieces of software in the open source world. It has professionals working on it, and that is shown by the extremely high quality of it. And StackGuard shatters your argument about C being insecure.
It may hurt your ego to admit it, but PHP is not a very good product. It has far too many deficiencies, and as such is unsuitable for serious use.
Cyric Zndovzny at your service.
"There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class."
If you actually learn something 'new' from this book, then you still have a long way to go!
the only permanence in existence, is the impermanence of existence.
In what way? Failing to check inputs before passing them on to a database or other module is an application, not a language, problem. You claim that there are "numerous security issues found in PHP" - please, describe them. I haven't found it to be any more insecure by nature than C, C++, Perl, etcetera...indeed I'd say it's easier to write reasonably secure code in PHP than in C or C++.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Why is everything in itbastardalics?
What you mean like those rookies at yahoo and friendster arent' serious web developers?
"Not all chemicals are bad. Without chemicals such as hydrogen and oxygen, for example, there would be no way to m
Oh stop it, version 6 is still something! Those poor PHP developers, they sure have a lot of past mistakes to undo / fix, (register global on? more than one way to enable magic quotes? ughh), I agree that version 4 must die now!!
Rewriting a web app in Perl, Python or Ruby is still so much more work than cleaning up PHP4 code to work in PHP5. Whatever haters say about it, PHP won't be dying anytime soon.
Then why do the mysql_* functions _still_ exist, despite being practically an invitation for SQL injection?
They're a perfect example of how PHP's advocates and designers have no idea about security, or proper software design principals.
No no no no no there are lots of security conceous PHP developers, the problem is that security is complicated, much more than the functional aspect of the code often.
As the code works as a system and if any one piece breaks there is a whole, the entire source code must be evaluatable to determine if it is secure, but very few people are willing to have the source code freely available.
If the software was freely available peopel would point out flaws in it more than not, which would ultimitly lead to more peoepl knowing hwo to code securly.
I have an M.S. in Computer Science, spent my first three years as a professional developer working on the development of a secure (TCSEC B3 targeted) operating system, then another year and a half on a firewall project based on a secure OS. I've also worked in the telecom and space sciences fields for well-known companies such as Hughes, IBM, and TRW, designing and developing secure and reliable software. These days I work for a small company, still doing my best to design and develop secure and reliable software - now in PHP.
I don't claim to be a security expert - I've met some of the experts and they're far beyond where I'll ever be on the topic. But I certainly don't fit your description of uneducated or inexperienced. And I find your claims wrt PHP bogus.
Taking a quick look at the http://www.hardened-php.net/advisories.15.html"> advisories for the "Hardened PHP" project you mention, I see 1) issues with applications written in PHP - not the language's fault; 2) people doing stupid things with the language (for example, leaving phpinfo() called in deployed scripts), which is not a language issue; or 3) addressing implementation bugs, which is no different than those found in other languages - except that with PHP we call something a "PHP bug" that in, for instance, C, would be a "libc bug".
If you've got specific claims, please, put them out. But all I see in this thread so far is vague allegations. Or maybe trolling.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
I've been using PHP for a little over 6 years now and I have yet to see what you call an overall lack of quality. About the only complaint that I do have with PHP is some inconsistent naming with some of the functions, but this is something that you easily get used to after a while. I've used it mostly on small to medium size websites, but I've also used it on a couple of large projects. To this day, I have yet to see a security issue crop up in one of my projects in which it wasnt a problem that I created.
.NET or Java. I wouldn't necessarily suggest the use of those, either. They have shown, however, that they are far more suitable for serious web development than PHP is.
This has nothing to do with
After that comment, I realize that you are absolutely full of shit. If you wont suggest ASP.NET or J2EE then there really isnt that much left other than mod_perl. And that can turn into a nightmare very quickly if one isnt careful.
Karma: Positive. Mostly effected by cowbell.
Considering that there is something called magic quotes and such functions as mysql_escape_string(), I'm pretty sure that the developers have some inkling about security. This is pretty much the same situation as in J2EE and ASP.NET. If you perform an ad-hoc query using data supplied by a user, you are going to have to escape that string.
Karma: Positive. Mostly effected by cowbell.
Thanks for ruining yet another PHP thread. Cracky.
You obviously do not understand my argument. There's no need to bring fork terrorism and other analogies into the discussion.
I do, your argument is stupid. It provides no supporting facts or details, just your rabid screaming about PHP, and how it's going to rape my dog, and kill my hamster.
What it comes down to is that PHP is not well designed, and is not well engineered. This is shown by the numerous security issues involving PHP (even on systems that have been designed, set up and maintained regularly by experienced professionals). Don't take my word for it! Go do some research for yourself.
I'm not making any claim about the engineering process of PHP, you are. If anyone should be gathering information, it should be you. Then perhaps you could start to back up your ridiculous claims.
As for your attack on GCC, well, that just shows how clueless you are about such matters. GCC is one of the best engineered pieces of software in the open source world. It has professionals working on it, and that is shown by the extremely high quality of it. And StackGuard shatters your argument about C being insecure.
I didn't attack GCC. I said "your argument sounds like this" and then drew conclusions using your own flawed logic. Of course banning GCC would be silly. But then, so would banning PHP. Next time, read the whole sentence.
It may hurt your ego to admit it, but PHP is not a very good product. It has far too many deficiencies, and as such is unsuitable for serious use.
It doesn't hurt my ego one bit. PHP does have some issues, but I find those issues to be in the feature set. These 'deficiencies' you keep talking about never really get mentioned anywhere in your posts, are we supposed to just take your word for it? Or did you plan on giving us some supporting facts? Incidently I hate to burst your bubble, but PHP does get used for large projects with great results. Look around the internet, PHP has a large following. At the corporation I work for, we've leveraged PHP quite well, and it has made us all a lot of money. Granted, PHP is not the best solution in all cases. If you use it for what it was intended (as a web templating language), it works quite well. Perhaps one day when you make it out of your mother's basement, and join the real workforce, you'll understand this.
BeauHD. Worst editor since kdawson.
It's really easy to use parameterized queries, so I simply do not have to deal with escaping strings before they go into the database. For example:
This makes it easier for executing the same SQL command multiple times with different values -- the parameters can be created once and their values changed accordingly & the query executed, instead of concatenating strings over and over again. There's no problems with magic_quotes_gpc, no addslashes or mysql_escape_string (or mysql_escape_real_string) nonsense.I assume features like this are not exclusive to ADO.NET.
If you were truly capable of understanding my stance, then you would not be calling it "stupid". Only a complete cock fool would fail to understand that it is 100% correct.
Now, I don't know why you want to rape your dog and kill your hampster, but it's none of my business. Please keep that kind of nonsense to yourself.
The fact remains that PHP has a terrible record. It's been shown time and time again to be insecure. That's a fact that you cannot dispute.
Cyric Zndovzny at your service.