PHP 5 Recipes

jsuda writes " With all the books being published recently about PHP a new one will need to find and fill a niche to distinguish itself. PHP 5 Recipes: A Problem-Solution Approach, published by Apress, has done so, in my view. This is an intermediate-level volume exploring PHP 5 using a recipe approach where the basics of PHP 5's functionality are expressed systematically but in a small-topic by small-topic manner. Cook-book style, each topic is relatively autonomous and can be individually selected, as necessary, for information or review, similarly to how many refer to the Joy of Cooking for help on a cooking project. It's a source for instant solutions to common PHP-related problems. There are over 200 such recipes presented." Read the rest of jsuda's review. Php 5 Recipes: A Problem-Solution Approach author Lee Babin, Nathan Good, Frank M. Kronman, Jon Stephens pages 646 publisher Apress rating 8 reviewer John Suda ISBN 1-59059-509-2 summary A problem solving approach to Php 5

Each of these recipes refers to a small element or aspect of PHP 5 and the presentations contain a brief overview of the topic, an explanation of how the code elements work, and where the code is applicable in projects. Overall, the book covers the whole range of PHP 5 functionality where each major element of PHP 5 is addressed in a recipe explaining and illuminating relevant code elements. You can easily get information about a specific PHP 5 element by going directly to the section of the book where it appears. Even better, the code snippets are designed to allow one to copy and paste them into your own applications or development easily and then to configure them as necessary. All of the code snippets are freely available for downloading at the publisher's website at www.apress.com.

There are 16 chapters and an index covering a total of 646 pages. The chapters are organized similarly to other PHP primers, covering the basic elements of PHP - data types, operations, arrays, strings, variables, files and directories, dates and times, functions, and regular expressions. The coverage for much of these concepts is relatively mundane and unoriginal. The discussion of dynamic imaging, however, is an exception. The writing throughout, however, is solid and clear. The book emphasizes the most important elements of new PHP 5. The object-oriented programming elements especially are covered - classes, objects, protected class variables, exception handling, interfaces, and the new mysqli database extension. The authors' discussions focus on PHP 5.0.4, MySQL 4.1, and cover Linux and Windows environments.

The book is directed at PHP programmers looking to learn the elements introduced by PHP 5, and for those looking to find fast solutions to coding problems. It assumes a basic knowledge of PHP. Many of the recipes discuss object-oriented programming and these are some of the more advanced sections of the book. I can say that Chapter 2, which introduces the object-oriented concepts is one of the better explanations of the topic that I've read. The chapter covers constructors, destructors, methods and properties, class diagrams and examples of these concepts at work in code snippets. There are a number of interesting segments containing custom coding of classes as reusable templates from which to create objects.

The book is well-designed and written. The discussion is clear and logical. The code snippets are well-explained. The authors are experienced programmers and developers, and Good and Stephens have authored or co-authored a number of technical books.

A large handful of the recipes contain projects, usually appearing at the end of the overview and presentation of code snippets covering the basics of the topics. The projects usually deal with the creation of higher-end classes and objects as solutions to common coding problems. The idea here is to show PHP 5 functionality at work providing useful code sections to be dropped into your custom applications. Chapter Five concludes with a sophisticated class dealing with dates and times issues. Other chapters contain constructions of string, file, graphics, and regular expression classes.

The last five chapters deal with using the PHP code in web applications and services. This material covers cookies (including construction of a cookie class), using HTTP headers, sessions, and using query strings. Much of this material has been covered elsewhere in the many primers on PHP already published. There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class.

This is a useful book to have in a programmer's library."

You can purchase Php 5 Recipes: A Problem-Solution Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

What about security?

[CyricZ]

Do the examples show how to write solid, secure code?

Indeed, inexperienced programmers writing insecure code has plagued PHP for years now. Far too many PHP books that I have flipped through show very poor style. They don't verify the inputted data, for instance, before making a SQL query.

So while a professional, or even somebody with some level of experience, would see such an obvious problem, a beginner may not. And then the result is often a compromised server, a destroyed database, or some other shenanigans. Often times a problem with a user's PHP script ends up making other, completely innocent and unrelated projects (such as Apache or Linux) look to be at fault. That's not good for the image of the community.

Re:What about security?

[NotoriousGOD]

Many PHP/MySQL texts don't cover the aspect of security, except for maybe a subtle reference to having HTTPS set up on your server. I have referenced many books in backend or database programming and there is very little on the subject. Maybe someone should publish a book regarding security itself. But it would still be true that this book would stand out among the existing ones, as covered by the post and my reasons above.

Re:What about security?

[AKAImBatman]

But-but-but...

Uncyclopedia says that PHP is super-secure! I read it online, it must be true!

* Tongue planted firmly in cheek

Re:What about security?

[JabberWokky]

I'd imagine that most bridges, dams and skyscrapers built by inexperienced or non-formally educated engineers would be pretty lousy.

The problem is that it's illegal to have a non certified engineer working on a project that can impact others. Those engineers are expensive because you're paying for their recognized skills and the years it took them to obtain them.

Meanwhile, 15 year olds are bidding on software projects and it's seen as a great opportunity. There are certainly some benefits to the industry being willing to hire self-trained and inexperienced programmers, but those inexperienced programmers are being handed even mission critical projects.

--
Evan

Re:What about security?

[TheTomcat]

There have been a couple recent PHP Security books.

Yes, I am affiliated with the publisher of the book I linked--but it's a good book! (-:

S

Really :o

[JonN]

Am I finally going to learn how to display "Hello World!"?

Does it delve into SQL?

[CyricZ]

Many PHP books I've seen often include an SQL tutorial. Due to space constrains, it is often quite lacking and only focuses on using SQL, rather than designing efficient and well-planned databases. Such half-assed tutorials may often be very misleading to new PHP users.

I recall working with one web developer who learned PHP from such a book. We told him that we wanted to use PostgreSQL as the backend for our site, but he insisted on using MySQL, since that was the only system mentioned in the book he had bought. We no longer required his services after that show of incompetence.

Does this book try to cover topics such as SQL and database design, which should be covered in their own, separate book(s)? Does it specifically refer readers interested in such subjects to consult other sources of information?

May I sugest a great PHP tutorial?

[PromptZero]

I learned PHP using Kevin Yanks tutorials and articles 4 years ago. His books and tutorials are very easy to understand and use. His tutorials and articles can be read on http://sitepoint.com/

Re:May I sugest a great PHP tutorial?

[CyricZ]

How recently have his articles been updated? Indeed, there have been some preliminary security developments within the past four years.

Nothing could be worse than a new PHP user learning PHP from outdated tutorials which fail to show the proper techniques necessary for building solid, secure and trusted web applications.

Re:beasters

OMG why cant evryone juSt use teh Rubby on Raylls lol its teh fastest and generall bestest web-framewrok avaleabal. u can even use teh AJXA with it!!!!!1!

Re:Does the book also cover the fact

[CyricZ]

PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.

Indeed. A truer statement has rarely been stated.

From an engineering standpoint, PHP is abysmal. Many people will suggest otherwise, but they are often those who lack a formal education and background in designing secure, scalable, high-reliability software systems.

The Hardened-PHP project is a perfect example of what is wrong with PHP. It's not that the Hardened-PHP project itself is bad (it's a very good thing!). The problem is that the core PHP developers have not taken such basic security concerns into consideration. The fact that they have to rely on a third party to provide such integral and necessary functionality is a very bad sign.

First non-italicized post

[MBraynard]

Maybe /. can do a review of 'CLOSED TAGS FOR DUMMIES' next.

Developer's Union?

[mcrbids]

The term "Engineer" is, in most contexts, a priviledged term. Not just anybody can be labelled an "Engineer" until they've gone through some rigor.

Why not apply this idea to software? If there was a coalition or Union of workers, with a commonly agreed-upon set of requirements and certifications, with annual fees and a good reason to require a decent demonstration of competence? Something with real teeth, and ongoing certification requirements. Think, the Bar, only for software engineers instead of Attorneys. As with Real Estate, being a "Realtor" is a priviledged term.

If done right, it would be AWESOME to mention on a resume, and would likely become something like the Underwriter's Laboratories - a private entity, but one that's almost required by law simply because it's a reasonable assurance of safety.

There are a number of VENDOR certifications (EG: CCNE, RHCE, and the laughable MCSE, etc) but is there any platform-neutral, "This guy knows how to validate input and write qualifiable code" organization?

Re:Developer's Union?

[lewp]

Because companies would have to spend a whole lot more money to get those people. They're not going to do that unless the consumer demands it. The consumer isn't going to demand it unless the certification/standard/seal of approval becomes well known. And that isn't going to happen unless someone spends a large amount of money creating and marketing it.

Basically, the industry would have to foot the bill for something that would end up costing them a lot of money in the long run with nothing to gain except stable software. Of course, software companies nowadays make tons of cash off selling what amounts to bugfixes for their previous products, so there's more money down the tubes. I guess it could be done in a grassroots fashion, but you have to remember that what you're suggesting would essentially call most of the people working in the industry "unqualified". Doubt they're going to go for it.

In short, this isn't going to happen. Not anytime soon, at least. Definitely not until consumers learn to stop taking it up the keister and stop buying software that doesn't work just because they don't know any better.

Not that I'm jaded...

Re:Developer's Union?

[IAmTheDave]

Because companies would have to spend a whole lot more money to get those people.

As far as I'm aware, developers are pretty well paid in the overall job market, more than twice as much as teachers in many cases.

I did spend time getting degrees in CS and CE, and it would be nice to seperate myself from those who simply have MSP on their resume. But wait - that's right - I DO seperate myself, by putting my CS and CE degrees on my resume.

Rarely is software life threatening (yeah, I know, there are examples) but hospitals rarely bid out to teenagers to build their software. The reason so much engineering (bridges, homes) requires such certifications is because a collapsing bridge is a bit more of a problem then a buggy PHP website. So if company A wants to hire Joe Teenager to build their website, well, so be it.

I get hired because of my degrees and years of experience, and while I do write some web code, most of my time is spent on more valued tasks, like writing mission critical software that drives the businesses I'm in - and I get paid more than Joe Teenager gets paid to build the website, because of those abilities.

Rarely, if ever, have I heard some 20 year old non-college educated designer/developer called an engineer.

Re:Affiliate Program?

[VP]

Yes, Slashdot gets referral credit for all books reviewed. This is not a secret, and is probably in a FAQ somewhere. By using the link in the article, you are supporting Slashdot, but no one is making you use that link.

Re:An anti-PHP coalition?

[kuzb]

That has to be the worst argument I've ever seen. PHP doesn't pose many security problems, and those that it did does pose get fixed rapidly. The 'security risks' you see are due to 1) improper system administration and 2) badly written user code - neither of which can be blamed on PHP.

Your argument is goes something like this: "Because someone stabbed somoene else with a fork, we should rally together and make sure forks are banned from all households". You may as well form an anti-C coalition while you're at it, because there are a lot of insecure C applications out there. Perhaps we can get GCC removed from distrobutions as well.

Re:More of a community attitude issue.

[bani]

As opposed to say, perl, right?

While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.

Are the majority of perl users well versed in perl security? I doubt it.

What, you going to recommend people use C instead of PHP then? python? Even java has issues.

It's very fashionable, hip and trendy to bash PHP on /., while ignoring the fact most other languages really aren't any better.

Apress in general

[misfit815]

At the risk of getting off-topic, I've found Apress to be a reliable publisher, in terms of the quality of books they put out. The topics have been interesting, the knowledge useful, and the text easy to read. It's the only publisher whose books I'd buy just on name recognition.

Re:A lack of security-wise individuals.

[smagruder]

Ridiculous anti-PHP bullshit. There are numerous articles on achieving security with PHP and other similar server-side scripting platforms.

What's really going on here is that due to PHP's clear popularity, not only with newbies, but with many serious programmers, is a backlash from programmers trying to defend their current bloated 'kings', such as Java or .NET.

I've had enough of reading this crap.

All programs are as good as their programmers, no matter what platform they are utilizing!!!!!!!!!!!!!!!!!!!

Re:A lack of security-wise individuals.

[Mr.+Slippery]

What happens is that a developer with such background evaluates PHP, and sees that it is completely lacking with respect to security.

In what way? Failing to check inputs before passing them on to a database or other module is an application, not a language, problem. You claim that there are "numerous security issues found in PHP" - please, describe them. I haven't found it to be any more insecure by nature than C, C++, Perl, etcetera...indeed I'd say it's easier to write reasonably secure code in PHP than in C or C++.

Hello World is easy in PHP.

[JohnBaleshiski]

Pfff, "Hello World!" is cake in PHP. They really couldn't make it easier:

<?php
$arrData = array(72,101,108,108,111,32,87,111,114,108,100,33) ;
 
for($i=0; $i<count($arrData); $i++) {
        $char = $arrData[$i];
        $char = fConvertChar($char);
        print $char;
}
 
function fConvertChar($char) {
 
        $char = 72 + 2 * $char / 4 * 2 - (8.32 * 8.65384);
        $char = chr($char);
        return $char;
}
 
?>