Slashdot Mirror
Beginning PHP and MySQL 5.0
Ravi Kumar writes "PHP and MySQL use is so prevalent that nowadays it is hard to miss seeing a website on the net which has been built using these technologies. The beauty of PHP is in its open nature and the rich set of libraries and modules which imparts a lot of power and flexibility to the programmer. Similarly MySQL is a free database which is ideal for use as a backend for any website. And not surprisingly there are a plethora of books in the market which explains these two topics. One such book is Beginning PHP and MySQL 5 from Novice to Professional authored by W.Jason Gilmore published by Apress." Read the rest of Ravi's review.
Beginning PHP and MySQL 5.0 - From Novice to Professional
author
W.Jason Gilmore
pages
860
publisher
Apress
rating
9
reviewer
Ravi Kumar
ISBN
978-1-59059-552-7
summary
The beauty of PHP is in its open nature and the rich set of libraries and modules which imparts a lot of power and flexibility to the programmer. Similarly MySQL is a free database which is ideal for use as a backend for any website.
Spread over 860 pages and divided into a whooping 37 chapters, this book covers the PHP Language and MySQL database in detail. As the name indicates, the book endeavors to hand hold a newbie in the various aspects of PHP programming like the language constructs and progressively brings him to the level of a professional. The first 21 chapters of the book solely concentrates on PHP where the author explains with the aid of examples how to write good programs in PHP.
The author starts the narration by giving a brief history of PHP and then moves on to explain all the syntax constructs of this language in great detail. Arrays, functions and classes have each been provided separate chapters of their own. Usually I have found many books related to programming jumping straight into describing the language syntax and about writing code. But this book has a dedicated chapter each covering how to setup and configure PHP and MySQL on ones machine irrespective of the OS being used which breathes some fresh air to this subject. PHP language has a very good similarity with C/C++ at-least in the syntax. And in the sixth chapter, the author explains the Object Oriented Concepts like object cloning, inheritance and polymorphism of this language with clarity.
The maturity of any programming language is gauged by the type of traps that it has developed to check the errors and exceptions that might be generated dynamically when a program is run. PHP has a rich set of features for handling errors. Earlier versions of PHP already took care of notifying errors through configuration directives and support for logging. But one thing this robust language lacked was support for exception handling. And from PHP ver 5.0 onwards, this feature has also been included in it. The 8th chapter in this book titled Errors and Exception Handling explains all these important concepts in detail. The fact that the author has provided snippets of code to illustrate each concept that is explained goes a long way in understanding this topic.
Another of PHPs strengths is in its support of a rich set of regular expressions and string manipulation functions. Using regular expressions, one can match just about any string or a sub-set of it and even do manipulations to the matched string on the fly. The string matching functions form the backbone of many user input validations. In the 9th chapter titled "String and Regular Expressions", the author explains with the aid of code how to use the rich set of string manipulation functions available in PHP to get the desired results.
The 10th chapter is solely dedicated to working with files and operating systems where the author explains in his inimitable style different ways of reading from and writing to files. All the frequently used file manipulation functions are explained in this chapter with the aid of examples.
The first 12 chapters of the book solely concentrates on explaining the PHP language to the readers. In the next 4 chapters, the author moves into practical aspects like explaining how to mix PHP with HTML elements, user authentication , handling file uploads, sending and receiving email using PHP code and so on. I found the section where the author explains how to build specialized programs such as a port scanner, subnet converter and bandwidth tester all with the aid of PHP code really fascinating. The author introduces the reader to some of the MySQL concepts in this part of the book like connecting to a database and reading data from database but the more detailed aspects of database manipulation are left for later chapters which deals with MySQL in more depth.
The 21st chapter titled Secure PHP programming throws light on topics related to enhancing security while coding in PHP such as enabling safe mode for people who run PHP in a shared-server environment, PHP's encryption capabilities, securely configuring PHP via its configuration parameters and so on.
From the 22nd chapter onwards, the book takes an all together different turn and moves into explaining the database concepts which plays an important part in any dynamically generated website. More specifically, the succeeding chapters concentrate on explaining the configuration and use of MySQL 5.0 and how one can use PHP to interact with the MySQL database. The chapter titled Introducing PDO throws light on the abstraction layer used between PHP and MySQL. I especially liked the 26th chapter where the author lists the different MySQL clients which are available to the user like mysql, mysqladmin, mysqlshow and so on. In fact, each and every tool which comes bundled with the mysql server is explained thoroughly with the aid of examples. But that is not all, this chapter also explains how to configure a mysql database using third party clients like PHPMyAdmin, MySQL Query Browser, MySQL Administrator and Navicat. In the section on securing MySQL, the author goes into the finer nuances of the topic. For example, with the aid of commands, the author explains how to make sure that the user connects with the database over secure sockets layer (SSL) or ways of encrypting the MySQL database traffic which is an eye opener.
But I would say the 29th chapter titled PHP's MySQL Extension is the most important chapter in the entire book just because it is in this chapter that the author explains in detail the variety of ways in which one can connect to MySQL database and retrieve or manipulate the data using PHP code.
In the 30th chapter titled PHP's MySQLi Extension, one gets to know how to use the enhanced MySQLi extension to connect to the database. The MySQLi extension contains more enhancements over its predecessor in that it is object oriented, supports prepared statements, provides transactional support, has better debugging capabilities among other things. But the down side as the author puts it is that it requires PHP 5.0 for it to work.
The last six chapters deal with special features of MySQL and how one can write PHP code to use those features. The features like stored routines, MySQL triggers and Views have been provided with a dedicated chapter of their own. And yes, from MySQL ver 5.0, support for views have also been incorporated in the database. And the fact that this book covers these new topics in detail makes this a truly useful book not only for budding programmers but also for the gurus among us.
I really liked the layout of the book. Each section is accompanied by PHP code snippet which shows how it is done. Just because one gets two books at the price of one does not mean that the book is short on detail. In fact the opposite is true and the 860 pages contain all that is needed for coming upto date with the latest version of PHP and MySQL. Of course the inclusion of a couple of pages giving a complete project such as a shopping cart application at the end of the book would have imparted a nice touch especially since this book is targeted at beginners too. But that is a minor detail and I guess there are limits to which a books of even this size can cram information. All in all an informative book which gives good value for money.
The author of this book W.Jason Gilmore has developed countless PHP and MySQL applications over the past seven years, and has dozens of articles to his credit on this and other topics pertinent to Internet application development. He has had articles featured in, among others, Linux Magazine and Developer.com, and adopted for use within United Nations and Ford Foundation educational programs. Jason is the author of three books, including most recently the best-selling Beginning PHP and MySQL: From Novice to Professional, and, with coauthor Robert Treat, Beginning PHP and PostgreSQL 8: From Novice to Professional. These days Jason splits his time between running Apress's Open Source program, experimenting with spatially enabled Web applications, and starting more home remodeling projects than he could possibly complete.
Ravi Kumar is passionate about all things related to GPL and open source and likes to share his thoughts through his blog."
You can purchase Beginning PHP and MySQL 5.0 - From Novice to Professional from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Spread over 860 pages and divided into a whooping 37 chapters, this book covers the PHP Language and MySQL database in detail. As the name indicates, the book endeavors to hand hold a newbie in the various aspects of PHP programming like the language constructs and progressively brings him to the level of a professional. The first 21 chapters of the book solely concentrates on PHP where the author explains with the aid of examples how to write good programs in PHP.
The author starts the narration by giving a brief history of PHP and then moves on to explain all the syntax constructs of this language in great detail. Arrays, functions and classes have each been provided separate chapters of their own. Usually I have found many books related to programming jumping straight into describing the language syntax and about writing code. But this book has a dedicated chapter each covering how to setup and configure PHP and MySQL on ones machine irrespective of the OS being used which breathes some fresh air to this subject. PHP language has a very good similarity with C/C++ at-least in the syntax. And in the sixth chapter, the author explains the Object Oriented Concepts like object cloning, inheritance and polymorphism of this language with clarity.
The maturity of any programming language is gauged by the type of traps that it has developed to check the errors and exceptions that might be generated dynamically when a program is run. PHP has a rich set of features for handling errors. Earlier versions of PHP already took care of notifying errors through configuration directives and support for logging. But one thing this robust language lacked was support for exception handling. And from PHP ver 5.0 onwards, this feature has also been included in it. The 8th chapter in this book titled Errors and Exception Handling explains all these important concepts in detail. The fact that the author has provided snippets of code to illustrate each concept that is explained goes a long way in understanding this topic.
Another of PHPs strengths is in its support of a rich set of regular expressions and string manipulation functions. Using regular expressions, one can match just about any string or a sub-set of it and even do manipulations to the matched string on the fly. The string matching functions form the backbone of many user input validations. In the 9th chapter titled "String and Regular Expressions", the author explains with the aid of code how to use the rich set of string manipulation functions available in PHP to get the desired results.
The 10th chapter is solely dedicated to working with files and operating systems where the author explains in his inimitable style different ways of reading from and writing to files. All the frequently used file manipulation functions are explained in this chapter with the aid of examples.
The first 12 chapters of the book solely concentrates on explaining the PHP language to the readers. In the next 4 chapters, the author moves into practical aspects like explaining how to mix PHP with HTML elements, user authentication , handling file uploads, sending and receiving email using PHP code and so on. I found the section where the author explains how to build specialized programs such as a port scanner, subnet converter and bandwidth tester all with the aid of PHP code really fascinating. The author introduces the reader to some of the MySQL concepts in this part of the book like connecting to a database and reading data from database but the more detailed aspects of database manipulation are left for later chapters which deals with MySQL in more depth.
The 21st chapter titled Secure PHP programming throws light on topics related to enhancing security while coding in PHP such as enabling safe mode for people who run PHP in a shared-server environment, PHP's encryption capabilities, securely configuring PHP via its configuration parameters and so on.
From the 22nd chapter onwards, the book takes an all together different turn and moves into explaining the database concepts which plays an important part in any dynamically generated website. More specifically, the succeeding chapters concentrate on explaining the configuration and use of MySQL 5.0 and how one can use PHP to interact with the MySQL database. The chapter titled Introducing PDO throws light on the abstraction layer used between PHP and MySQL. I especially liked the 26th chapter where the author lists the different MySQL clients which are available to the user like mysql, mysqladmin, mysqlshow and so on. In fact, each and every tool which comes bundled with the mysql server is explained thoroughly with the aid of examples. But that is not all, this chapter also explains how to configure a mysql database using third party clients like PHPMyAdmin, MySQL Query Browser, MySQL Administrator and Navicat. In the section on securing MySQL, the author goes into the finer nuances of the topic. For example, with the aid of commands, the author explains how to make sure that the user connects with the database over secure sockets layer (SSL) or ways of encrypting the MySQL database traffic which is an eye opener.
But I would say the 29th chapter titled PHP's MySQL Extension is the most important chapter in the entire book just because it is in this chapter that the author explains in detail the variety of ways in which one can connect to MySQL database and retrieve or manipulate the data using PHP code.
In the 30th chapter titled PHP's MySQLi Extension, one gets to know how to use the enhanced MySQLi extension to connect to the database. The MySQLi extension contains more enhancements over its predecessor in that it is object oriented, supports prepared statements, provides transactional support, has better debugging capabilities among other things. But the down side as the author puts it is that it requires PHP 5.0 for it to work.
The last six chapters deal with special features of MySQL and how one can write PHP code to use those features. The features like stored routines, MySQL triggers and Views have been provided with a dedicated chapter of their own. And yes, from MySQL ver 5.0, support for views have also been incorporated in the database. And the fact that this book covers these new topics in detail makes this a truly useful book not only for budding programmers but also for the gurus among us.
I really liked the layout of the book. Each section is accompanied by PHP code snippet which shows how it is done. Just because one gets two books at the price of one does not mean that the book is short on detail. In fact the opposite is true and the 860 pages contain all that is needed for coming upto date with the latest version of PHP and MySQL. Of course the inclusion of a couple of pages giving a complete project such as a shopping cart application at the end of the book would have imparted a nice touch especially since this book is targeted at beginners too. But that is a minor detail and I guess there are limits to which a books of even this size can cram information. All in all an informative book which gives good value for money.
The author of this book W.Jason Gilmore has developed countless PHP and MySQL applications over the past seven years, and has dozens of articles to his credit on this and other topics pertinent to Internet application development. He has had articles featured in, among others, Linux Magazine and Developer.com, and adopted for use within United Nations and Ford Foundation educational programs. Jason is the author of three books, including most recently the best-selling Beginning PHP and MySQL: From Novice to Professional, and, with coauthor Robert Treat, Beginning PHP and PostgreSQL 8: From Novice to Professional. These days Jason splits his time between running Apress's Open Source program, experimenting with spatially enabled Web applications, and starting more home remodeling projects than he could possibly complete.
Ravi Kumar is passionate about all things related to GPL and open source and likes to share his thoughts through his blog."
You can purchase Beginning PHP and MySQL 5.0 - From Novice to Professional from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
That is a very poor title. Is the book about PHP 5 and MySQL 5? or PHP 5 and MySQL 4?
When I was learning programming from the age of 12, I was 'developing' Windows apps, for various purposes. After PHP / MySQL had been about for a while, I picked those up. I dropped any windows development I did - just because it didn't interest me anymore with this exciting thing going on. I would and have suggested to a lot of newcomers to coding that they look into PHP, and a lot of them did with some success.
You can do some incredible stuff with PHP/MySQL if you put your mind to it. One of my favorite projects (it wasn't the definitive or only one!) was a windows app that hooked keypresses. Every so often it would upload the number of keypresses to some PHP / MySQL code and update your user profile.
The application potential is impressive, and not fully exploited the way I look at it.
It's Beginning PHP 5 and MYSQL.
that tells me how to code PHP. I don't want to learn how to code PHP. I want blocks of code with an explanation of what it does that I can cut and paste into simple webpages that talk to my database. I know how to change variable names using vi, thank you. I don't want to learn this; it will be passe' in a month, dead in a year.
Whoa, look at the time. Next language/framework/ide please...
is it Monty Python themed? Because I read no technical book without a Monty Python theme... as we've seen today, it's the only way to get through that technical mumbo jumbo!
Don't anthropomorphize computers: they hate that.
Security experts already know PHP is the beginner's choice. See:
http://www.sans.org/top20/#c3 (Top 20 Vulnerabilities)
"There has not been a single week during the last year that a problem was not reported in some software using PHP."
I prefer to start out with a fairly simple introductory book and also get a good reference book that assumes you know the language. In the case of PHP, I skipped the reference and just visit php.net.
A book like the one being reviewed tries to do too much. When you're starting out, you don't want a a lot of detailed library stuff getting in the way. Once you've got the basics done, you don't want a book that teaches it like a course, you want a reference.
now now, don't blame the language... it's the "programmers" who are to blame for not understanding how to write secure apps. It's only to be expected that such a popular langauge with a low barrier to entry is going attract amateurs who just want to see the end result without having to really understand the finer points of application development.
Similarly MySQL is a free database which is ideal for use as a backend for any website. Any website? Uhhhh, not so much. If that is the summary of the review I wouldn't place too much credence in the rating or subsequent factoids.
Wait, I thought Ruby on Rails was the trendy new thing that you can't visit a website without seeing?
Damn kids these days.
Does anyone know how this compares to "PHP and MySQL Web Development"? It seems like both cover PHP5 and MySQL 5.
I personally bought the previous edition of this book. It dealt with PHP 5 and MySQL 4. I learned quite a bit in only a short time. This book helped me finish my capstone project for my engineering degrees. I recommend this book to anyone who is starting off in programming web material and anyone who wants to learn PHP 5 relatively fast. As for MySQL it covers mainly how to connect to a MySQL database using PHP and does not cover in detail how to perform SQL queries.
Why is it most of these reviews sound like grade school current events reports?
Remember, Windows is the prevalant desktop operating system.
Examine the options in the tools available to you, pick what works for you.
I've tried MySQL and PHP and mod-perl and CGI and python, but my current favorites are PostgreSQL and Tomcat hosting Java Servlets. No books required, their included documentation is quite good.
Start Running Better Polls
Hmmm...I thought that's what I said (although there have been some pretty bad holes in the core PHP bits themselves). On the other hand, "dumb entry-level programmers" was also one of the main knocks against IIS's ASP in its early days. (ASPX seems to have largely fixed this by being much less friendly than ASP to entry-level types.) ;)
The first 21 chapters of the book solely concentrates on PHP where the author explains with the aid of examples how to write good programs in PHP.
this is a persistent problem with all of these programming in ____________ books. They teach the language and sometimes get around to dealing with good programming. Learning PHP, or java, or python, or whatever is still not learning to program. Learning to program effectively should be the first priority. All the OOP features in PHP5 are of no use to someone without good knowledge of OOP. Likewise, I'd gather that most of the insecurities in PHP are the result of poor design. PHP is great for its templating features, the ability to separate content from design, and its speed of development. But, that still doesn't make it secure or effective. How many times does a programmer get in trouble becasue they don't escape double quotes in a TEXT field in mysql, or account for malformed URL's, html, bad javascript, etc.?
No matter how good these books are, and I'm sure they do a good job of presenting all of PHP's features and strenghts, they still usually lack teaching how to design a web site/application, how to effectively use passwords, secure data queries, efficient programming, etc. That might be an altogether different beast, but there's a world of difference between using PHP in a web site and writing a good web app. I'd wish that the books would focus more on good programming techniques. I don't imagine everyone will buy the book otherwise, and not everyone will benefit the same, but I've not found too many books that put "programming" ahead of "programming in".
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
Well, here is the problem. There is only one chapter on securing PHP and MySQL, and it is the 21st Chapter. Why put anything on the internet if there isn't sercurity on it.
WAMP (windows - apache - mysql - php) server is a cool thing I found if you want a quick and integrated solution to developing with mysql/php on windows systems. It puts a little icon in your dock that is similar to the start menu and you can start/stop all servers and enable/disable php modules, etc. It also comes with phpMyAdmin for managing the mysql databases. It's one big executable with installer and theres no admin stuff to deal with before you start programming. Not that any of the admin stuff is particularly difficult, just extremely annoying considering the frequency of changes to php and apache.
http://www.en.wampserver.com/
Keep in mind the target audience of the book. It is called 'Beginning PHP and MySQL 5' because it is for beginners. How many beginners are going to start out creating banking applications?
If the developers at "all those banks and stock exchanges handling vast loads" are using PHP and MySQL with the help of this book to develop their applications, then I'm going to stuff my money under my mattress. Lighten up a little.
My version of the book is titled Beginning PHP 5 and MySQL: From Novice to Professional. The title on the Barnes and Noble link says Beginning PHP and MySQL 5: From Novice to Professional, but the cover shown at that same link reads Beginning PHP 5 and MySQL 5: From Novice to Professional. So there is some confusion.
Don't forget that Friday is Hawaiian shirt day.
"Spread over 860 pages and divided into a whooping 37 chapters" I'd prefer a book that does not whoop, especially over the course of 37 chapters.
Slightly disreputable, albeit gregarious
Keep in mind the target audience of the book. It is called 'Beginning PHP and MySQL 5' because it is for beginners. How many beginners are going to start out creating banking applications?
If the developers at "all those banks and stock exchanges handling vast loads" are using PHP and MySQL with the help of this book to develop their applications, then I'm going to stuff my money under my mattress. Lighten up a little.
The problem is that too many beginners are shown easy software development languages and techniques as if those are all they will ever need. This happened with Visual Basic in the 90s, and it is happening with PHP, MySQL and now Ruby on Rails. These are all great tools for development, but I have had personal experience of the disasters that can result when such tools are used beyond their capabilities.
As long as it's not "a pooping 37 chapters".
I woudn't say that MySQL is for every website. Sure it is free, small and fast and will suit most webpages. But there are some heavy duty sites and those possibly need more power as in {insert name}...
Pixel image editor - http://www.kanzelsberger.com
I've tried so many PHP and MySQL books over the years that I can't even keep track of what I'm reading. Coding just doesn't seem to make sense to me in book form.
I learned the most I possibly could by downloading Wordpress (blog software), PHPBB (bulletin board software) and setting them up. I downloaded modifications and looked over the code in person.
Over the past few months I've become really adept at writing my own PHP and MySQL-based software, to the point that I'm starting to design my own CMS interface. Not a single thing I've learned from a book has stuck, but everything I learn in chomping on code in Notepad or emacs seems to stick forever.
Anyone else have problems with books on coding?
Which is very unfortunate. It's possible to write good, secure PHP code. Others have too. PHP is marketed as an easy to learn language (and it is), and it is commonly installed on hosting services, so new programmers flock to it. The problem is that these new programmers are, well, new. They aren't aware of things like SQL injection attacks. They don't bother to validate data. They make new programmer mistakes.
Is it the fault of the language? I can point to a few things where I can say, Shame on You, PHP!, such as the entire magic quotes 'feature' (which, iirc, is turned off by default now). But, as usual, it is the user, not the tool, that is at fault. This makes the language look bad because vulnerabilities pop up in software packages written in the language.
It's easy to spread FUD when that happens, especially to management and other uneducated people.
Some people say that the language should prevent programmers from doing stupid things. I disagree; I think the language should allow you to do what you want within the confines of its purpose, and if you happen to be making mistakes (such as not escaping data that goes into your queries) then shame on you. I don't see people complaining about C because it lets you point into kernel space and write garbage. If that happens, C programmers will point and laugh and say, "Ha ha, you silly newbie programmer!" not "Ha ha, C is retarded!"
I don't see why PHP should be any different. Sure, there are things that could be improved, but overall, most of the vulnerabilities I see are not the fault of the language. It's just the web's version of the VisualBasic syndrome (OMG I CN PRINT TXT 2 SCREEN, I R GOOD PROGMMR!!!!11one!).
The more used a language is, the more software that exists, and the more bugs that will exist - especially if it's an 'easy' language to learn.
Love sees no species.
Sorry for the flaim bait, but I can't read something like this without correcting certain errors!
MySQL is a very poor choice for high volume web sites that have a fair number of updates/inserts/deletes as, unless you are using InnoDB, you will be locking the tables and killing performance. If you are going to use InnoDB, you may as well use PostgreSQL for better performance.
I'm sure we've all seen grocklaw crash once or twice because of MySQL.
This very issue would appear to be at the heart of many existing C (or C++) vs. Java arguments. The claim is/was that newbie programmers are not as dangerous if given Java.
I learn more by doing and then discovering the effects of what I had done. (Hmmm... fire does that... okay.)
Seriously though, as a relative n00b in the PHP world, I like the visual quickstart guides by Peachpit Press for PHP and Advanced PHP, where there is a practical example of what you might need to use PHP for, in addiion to a disection of the code being used. Both of these books deal with MySQL as well.
While I wasn't exactly scripting my own Nuke system in ten minutes, after some casual reading I was developing some rather unique portal systems that no one else had made available.
Those who believe the Internet is private,
find their privates are on the Internet.
Save yourself $16.65 by buying the book here: Beginning PHP and MySQL 5.0. And if you use the "secret" A9.com discount, you can save an extra 1.57%!
> The beauty of PHP is in its open nature and the rich set of libraries and modules which imparts a lot of power and flexibility to the programmer.
The same could be said for python or perl. I think PHP's main "beauty" feature is how easy it is to install, nothing more.
Done with slashdot, done with nerds, getting a life.
During the years i have been using these, i have come to believe that you can to almost anything with these, except housework.
Read radical news here
You were actually mod'ed "Informative" for somethign that, well, praises "Windows"! Fuck! I bet Hell, right now, is freezing over! I better check to make sure that my dog isn't sleeping with my cat!
"Fido! Get off of Sylvester!"
Jesus MF Christ! It's happened!
LAMP: Linux, Apache, Most of our cool scripting languages start with a P and PostgreSQL
Where are the statistics to back up your assertion - that Postgres performs better with a high volume of inserts/updates/deletes than MySQL with InnoDB?
Or are you just repeating something you've heard?
Postgres may have more features and better support of SQL standards like transactions, triggers, stored procedures, etc, but these are things that improve data integrity, not performance.
MySQL has always been oriented to performance rather than features and its use as a backend for web sites has always been a primary goal for its developers.
No, Thursday's out. How about never - is never good for you?
The beauty of PHP *head explodes* ...
beauty? PHP? Have you every looked at it? closely? Do you know any other solution?
Just look at the naming of is_null, empty and isset
To moderators. The original post was not intended as flamebait. It was a criticism of the very frequent attitude that all you ever need for any development are popular open source tools, and anyone resorting to Java or Oracle or DB2 is simply wasting their money. The flamebait is surely the original claim that MySQL is suitable for any website!
C'mon, flamebait! From the link itself: "PHP is the most widely used scripting language for the web. According to some reports, 50% of the Apache servers world-wide have PHP installed." Do you think there is any chance that PHP is the most widely used scripting language might have anything to do with the number of vulnerabilities?
I use PHP, but I still don't know how to use it use it. The most I know is HTML, which doesn't really count, and Visual Basic. It would really help if I learned how to use PHP myself.
Not blame the language? Why not? PHP is the only language that I know of that has like 6 or 7 functions just to escape strings to be injected in SQL queries and that still manages to get it wrong.
I mean, first time you try to hit a DB, you've heard about SQL injection you want to escape your inputs, are you using addslashes? Nope, and you should stripslashes too, if magic_quotes are active, because even though they're built in they fucking fail. Oh, there's an sqlite_escape_string, but you're using mysql so you'd probably use this lil' mysql_escape_string... except that you were really supposed to use mysql_real_escape_string, cause it's the real one you know. And the best part of all that shit? there is not one of the unsafe function that's marked anything even remotely close to "deprecated" or "dangerous", they are unsafe and should never be used, that's old news, and you can still use them n/p
Hell, PHP is the only language that I know of that does not feature any kind of prepared statement in it's standard DB interface. It only got prepared statements with the mysqli_ crapfest and that frigging piece of donkey poo requires you to create a prepared statement explicitely and then bind every single argument one by one to your statement.
This thing is the most retarded standard DB interface that's ever been born in this world, and it's only taken like 4 years for the Zend retards to unleash this abortion on us! Developers rejoice, maybe in 4 more years we'll get a DB interface on par with Perl's DBI or Python's DBAPI2...
And THIS is but one of the dozens of inherently stupid and/or insecure "features" PHP got built-in such as the good ol' REGISTER_GLOBALS, the hidden errors and notices, the lack of anything even remotely close to Perl's "use strict", the completely random and inconsistent function names and function outputs, the three-fucking-thousand functions all dumped into the global namespace (perl has 206, Python has 76 and ruby probably has less than a dozen)...
I'm all for blaming the builder, as long as he's got usable tools. PHP is nothing that can be called "usable tool" with a straight face, the whole "language" is a gigantic hack built with feces and vomit, it IS to blame, and blame it I do.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Yeah, that was my point. Lots of newbies are flocking to PHP, so lots of PHP apps contain newbie mistakes. In general, however, I'd say that PHP seems to be the exception to the "open source should be secure" rule. For example, PHPNuke continues to be wildly popular package even though most security folks will usually shut down and quarantine any server they find it on...
Beware. I own this book, and I can tell you it is full of mistakes and inaccuracies. Nuff said.
I couldn't agree more. Some people think that a new set programming tools will make them produce better software. That's like thinking a new hammer will make you build a better house. If you don't have the design skills to being with your software will be a pile no matter what language it's written in or database you use. The sad thing is you see this behavior everywhere, where people/companies will abandon their current technology a spend all kinds of money and resources porting to a new technology that some programmer told them would solve all their problems only to find they have ported the design flaws with it.
PHP, MySQL, Oracle, Java, etc are all just tools and in the hands of the correct developer can be used to produce incredible applications. In the hands of an amateur they will produce crap no matter the language.
What I'd like to see is a decent book for beginners on how to design software and not one of these super abstracted pattern books that is so specific to the language that it complete pollutes the readers mind into believing the same concepts can't be used in a different language/databse/os.
I like things that are sweet and not things that are lame. --
Hey, Windows/Apache/Flat-file-db/Perl also works fine.
At least for a site with ten hits a day. All of which are from 127.0.0.1.
Windows, IIS, SQL Server and PHP. Only downside is SQL Server is expensive to deploy but it sure beats the pathetic excuse for a database that is MySQL.
Template systems have of course been around a while, but I must put in a plug for TinyButStrong - http://www.tinybutstrong.com/ - here. I've been writing PHP apps for some time but after casting around for a template system a couple of projects back dropped on this one. Absolutly brilliant piece of work and I've recently been combining it quite successfully with xajax - http://www.xajaxproject.org/
:-)
I've no connection with either of these two projects, just a very impressed user (and the TinyButStrong promotional video is a wee gem
I know this is going to sound petty, but there's one thing that keeps me from using PHP for serious projects:
$Those $damn $dollar $signs.
I still don't understand why they can't add a "dollar sign optional" mode.
Dollar signs are only necessary if you want to expand variables inside of strings. Since I don't do that, they are useless to me. They do nothing except cause a horrific amount of clutter in my code.
There's no reason why they couldn't implement a "dollar sign optional" mode -- all they would need to do is fold the constant id and variable id namespaces together if that option was set.
MySQL on a Windows box is slow as hell. If you've got enough hardware power (2GHz P4 or equiv and 1GB ram) then Oracle XE is a fast screaming monster. Oracle XE is free but does have a limit to 4GB total database size, but that's still quite a lot of database for small web apps. I recently built a fairly elaborate web app with Windows/IIS/OracleXE/PHP and it went together quite slick. I then ported the whole thing over to SuSE Linux 10.0 and Apache 2.2.2, PHP 5.1.4 and the OracleXE for Linux, and it runs literally four times faster on the very same piece of hardware.
Here's an excellent site for Oracle/Apache/PHP info for both Linux and Windows platforms.
php:
1. php's procedural programming is relative easy concept to grasp.
2. it is free.
3. it can be a bear to set up, but they have gotten better and there are some packages that make it pretty easy.
mysql:
1. it got to the windows desktop first.
2. it is good enough for many apps.
3. it is easy to install with installers (windows) that install both php and mysql.
4. it is a fast db, if not the fastest, under some circumstances.
mysql is obviously a good tool - many people have used it successfully for various apps. the pudding is there to taste.
having said that, i went with postgresql when i learned php. it took me a month to get a working version installed on windows. the docs weren't clear how to use the native db, so i was lost there. i did the cygwin thing... 30 days later, it was working.
now i know how to install and use the native windows version.
i value pgsql's features, not the least of which is the extraordinary license that allows a dev to use the db in commercial apps free of charge.
there are other benefits, but that is HUGE for me. mysql definitely has some benefits in certain cases, too.
investigate both and see which one works better.
pgsql gets slammed by those who say it is slow. it isn't. in fact, on my internet app, it is extremely fast - and i use a db class and a forms class with my app.
mysql w/o transactions might be faster in some cases, perhaps many cases, but once you set up mysql to run transactions (and probably a few other goodies, too), it slows down, too. it is a feature tradeoff. i value the features.
any speed loss is often imperceptable.
mysql is an able db in terms of speed. so is postrgesql.
"Lots of newbies are flocking to PHP, so lots of PHP apps contain newbie mistakes."
I might exchange newbie with ignorant. For example, a newbie is almost guaranteed to be ignorant, but someone who is not a newbie could possibly be ignorant and the mistakes are caused by not knowing any better.
But, perhaps the biggest reason for poor apps is not newbies or ignorants, but rather is laziness. As you are aware, design, development and testing takes a lot longer than "getting something done".
Fo Shizzle!
It is not common knowledge, and stats mean more than quoting a wikipedia article(which doesn't state postgres performs better, it states performance is "comparable"). My understanding of the "common knowledge" is that mysql offers better performance, postgres has better sql standard compliance and more features. Common knowledge would dictate that more features would slow down performance. For instance, extra data integrity checks every time inserts, updates or deletes are performed would be an extra feature, but it would come at the expense of speed.
l _vs_postgres (mysql tested faster)
q l-vs-mysql.html (mysql tested faster)
You are just propagating myths - how about real comparisons of performance, like these?
http://monstera.man.poznan.pl/wiki/index.php/Mysq
http://www-css.fnal.gov/dsg/external/freeware/pgs
No, Thursday's out. How about never - is never good for you?
The beauty of PHP is in its open nature and the rich set of libraries and modules which imparts a lot of power and flexibility to the programmer. I haven't done a PHP install in awhile - is including these additional modules and libraries still as easy as recompiling the whole package, trying to get Apache to accept the recompiled module, then fixing all the scripts that suddenly don't work with the new module?
As a php programmer, let me be the first to say: good point
Anyone coding PHP without expanding into Perl or Python is giving themselves undue stress.
barack to the future?
860 pages about PHP and MySql? It seems like a lot, for what are very simple
technologies.
If you are an experienced programmer and want to learn PHP I would recommend
reading O'Reilly's "PHP in Nutshell" book. You can read through the whole thing
in less than a day and pick up most of what you will need to know. Also you
cannot beat the online docs as a reference.
Even non-newbie programmers are less dangerous with a managed runtime environment. Only the best developers (oh yes, that's *all* of us here - of course) are good at programming in C/C++.
The fact that PHP and MySQL are the most deployed tools for web development is a rather sorry situation, given the deep shortcomings of both tools.
See these articles about the many PHP warts:
Experiences of Using PHP in Large Websites
Why PHP sucks
The PHP Ghetto
You will be happier with a more mature and complete dynamic language like Python, or even (gasp ;-) ) Ruby.
Similarly, see these other articles about the many MySQL warts:
MySQL Hate
MySQL Gotchas
Compare the last one with the one for PostgreSQL:
PostgreSQL Gotchas
Finally, an in-depth comparison between MySQL and PostgreSQL on Slashdot itself:
Comparing MySQL and PostgreSQL 2
Finally, recall that both MySQL's transactional backends are now controlled by Oracle:
Oracle Acquires Sleepycat
Avoid both PHP and MySQL as much as you can, I say. There's better stuff out there.
Postgres may have more features and better support of SQL standards like transactions, triggers, stored procedures, etc, but these are things that improve data integrity, not performance.
Data integrity is ABSOLUTELY CRITICAL. Without data integrity your data is next to worthless! Even if your data is disposable, like a blog, inconsistent data can cause applications to fail. If it's not disposable, like financial data of some sort, data integrity should be your number one concern.
MySQL would have to be an order of magnitude faster than Postgres for me to even consider using it as a backend for an application (which it isn't, of course). Even the recently implemented integrity features are flawed. Maybe with 5.1 MySQL will ressemble a useable database server.
"PHP and MySQL use is so prevalent that nowadays it is hard to miss seeing a book review on the front page of Slashdot concerning these technologies."
There, that's better.
"Laziness is nothing more than the habit of resting before you get tired" ~Jules Renard
Oh my, when you people get it? MySQL is NOT a database.
It doesn't look like a database, it doesn't smell like a database. It's doesn't even taste like a database. And only the really nascent to the db scene would say it looks like a database.
It happens to have an language interface that on some level partially coincicdes with what many people think SQL should be. But, that's where it starts, and that's where it ends.
I'm not saying MySQL is a bad product. It's a wonderful product for quick web development and easy access to data, but calling it a database is like Win9x user saying they had a BSoD.
Have you read my journal today?
Ruby on Rails... It's so much easier to learn than PHP and it will likely gain dominance over its competitors within the next couple years. I hope that to be the case anyway, and I hope it gets the support it deserves. The drawback is that you probably won't find many businesses out there that will employ you based on ruby/rails knowledge yet. That's where PHP/ASP will win, but you can always freelance!
I have used RoR and am impressed with what it has to offer. Check back in a year and it might mature to the level for larger scale projects that aren't as vanilla boilerplate as is the case now. I have used Smalltalk as an OO language and am starting to teach myself Seaside since it looks to be a good fit for certain potential freelance work.
Basically, this (below), plus a litte SQL, and 15 minutes of installation is all you really need to know/do to get very well started - you don't need a book --
<?php
$connection = mysql_connect($location,$user,$pass) or die("Couldn't connect to DB server.");
success_code = @mysql_select_db($db, $connection) or die("Couldn't select database.");
$sql = "SELECT * FROM $table";
$result_set = mysql_query( $sql );
while ($row = mysql_fetch_array( $result_set )) {
do_something_with( $row );
}
?>
The only even slightly tricky part is initially setting up permissions on MySQL and creating a database. The MySQL and PHP online manuals will show you that and everything else you need to know. Also, the package phpmyadmin automates a lot of MySQL administration tasks (from a Web-based client), so you don't initially have to learn a lot of command line stuff.
Ubuntu has all of this packaged and readily installable from Synaptic (as does Debian for that matter). Just click and install apache2, php5, php5-mysql, mysql-server, mysql-client and phpmyadmin and you should be ready to go.
Really though, after you get the basic concept, you should try Ruby on Rails.
Clearly you have no idea what you are talking about.
I have produced many a php app that connect to a MySQL database securely without using any weird and unnecessary strip_slashes fucntions and the like. I have no idea why such functions are even there, for lazy programmers who do not know how to design well?
Get a fucking clue asshole.
Typical crap on php stuff here at slashdot, I guess the perl fanboys will never tire of shitting on php. If I wanted to load my server cpu beyond belief I'd use perl, till then php is far superior scripting language. In my assesment perl is for rich folks who need an excuse for having ridiculous processing power on a server.
Now everybody bow to our perl overlords. Clearly they are craving the attention.
Oh, and on the subject of the review: RTFMS - they are complete and free!
http://php.net/manual/en/function.pdo-prepare.phpc ommended?rev=1.179.2.11c t
http://php.net/manual/en/function.pdo-quote.php
http://cvs.php.net/viewcvs.cgi/php-src/php.ini-re
http://php.net/manual/en/ref.errorfunc.php#e-stri
I guess my post won't reach +5 because mine is not stupid enough
Wow!!! Do you already read all that PHP manual? I suggest you yo try to make a better web scripting language than PHP. If you can't do that, then try to analyzed and change those PHP C Code, find any bugs (thats the beauty of open source!!) and then released it to Open Source community and then lets see what bugs do you have!
As someone who works in PHP almost every day, thankyou, I couldn't possibly have put it any better myself.
No need to, it has been done. See python(turbogears, django, web.py, twisted nevow, probably about 10-20 others I have forgotten) or ruby(on rails, plus a few others) or perl(plus a lot of stuff I don't know) or a host of other, not stupid languages for details. Except they are not "web scripting languages" they are scripting languages with web platforms, which makes life really really easy when your website needs to talk to anything aside from a database and a web browser.
If you can't do that, then try to analyzed and change those PHP C Code, find any bugs (thats the beauty of open source!!) and then released it to Open Source community and then lets see what bugs do you have!
Why should I polish someone else's turd? I could spend all of that time expanding a sane platform instead of trying to fix the stupidity of php. For another argument against this idea, try to submit a patch to zend and see how long it takes to go through. Do the same for one of the frameworks in another language and tell me who is really interested in the OSS philosophy.
Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
What do you know about OSS philosophy!? Blaming other OSS application is not ONE OF OSS PHILOSOPHY!! From my point of view there is no "Better than this" in OSS world, you learn how to respect others people creation. If you make an OSS application i'm surely will respect that! comparing OSS app to another OSS app is a fool!! Do you know meaning of DESIGN? Design of application : - PHP is DESIGNED to build dynamic web pages quickly - Perl DESIGNED mainly for text-proccessing and system administration - Python DESIGNED for prototyping and application extension OSS is about community! you blame the OSS app and you also blame the Community behind it... Let me know WHAT your OSS philosophy...
Here is what I know of OSS philosophy: Write cool software, share it with the world, let people help you make it better. In a nutshell that is it. The OSS philosophy comment was directed at Zend taking patches to fix some of the glaring problems with php as a development platform, or rather the fact that they are pretty difficult about it.
As for your comments about what a language is designed for, that is just foolish stereotyping. Python comes pretty close to Perl in text processing for most cases, Perl can do pretty well for rapid prototyping as well. As far as I know (python personally, perl by reference) they are both good for dynamic web pages. In short: both languages are good at a lot of things. PHP is supposedly only good at dynamic web pages, and stupid crap like string escaping make it difficult for that. If you really believe I am wrong here spend enough time with another language or two to really get to know it, build something you would want to be paid for in it, then come back and tell me php is better.
Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
If you can blame PHP for its handicap, then make it BETTER!! thats what i mean!! don't just blame it.
If you really believe I am wrong here spend enough time with another language or two to really get to know it, build something you would want to be paid for in it, then come back and tell me php is better.
I also learn and use Perl, but mainly for shell scripting purpose and parsing text files. But then PHP came out and its easy yet its inherited some Perl features. I also learn Java, but i used it to write some desktop application and many people said it best for mobile device application.
Do you only know about string escaping function in PHP?? and what stupid about it? tell me one by one, what stupid about mysql_escape_string, addslahes etc. Have you ever read PHP Manual yet?? Do you know that PHP support PCRE same like Perl did for parsing text (i used it in both Perl and PHP).
Nothings perfect in this world, me, you or other peoples in open source community can make it near perfect!
Why work to make PHP better when he can help improve another scripting language that is already starting from a better base?
What's stupid about the string escaping functions is something you allude to your self (and the OP did as well), there are to many of them, many of which do either:
A) The same thing as each other.
OR
B) The wrong thing, and are hence deprecated (and should never have been introduced in the first place).
And perhaps that's a bad thing. After all, if I had the system cleaning up after me, preventing errors (no matter how it affected the performance, etc), then I wouldn't be as good as I am today. After the 10th time my app crashed because I didn't quite know what I was doing with memory or pointers, I got it figured out. So maybe this is a case of 'all of us here' actually being somewhat true - we had to do it the hard way, we learned, we became better programmers for it.
:-)
Besides, the Java programmers are just jealous they're not as good as us