Slashdot Log In
PHP Hacks
Posted by
samzenpus
on Wed Jul 05, 2006 04:08 PM
from the tricks-of-the-trade dept.
from the tricks-of-the-trade dept.
Michael J. Ross writes "Given the current popularity of the Web development language PHP, it makes sense that newcomers to the language have a large number of introductory and reference volumes from which to choose. But for the more advanced PHP programmer, there are far fewer titles that explain how to make the most of the language, by applying it to solve relatively substantial problems. One such book is PHP Hacks: Tips & Tools for Creating Dynamic Websites, by Jack D. Herrington. Read the rest of Michael's review.
The book was published by O'Reilly Media in December of 2005. Despite its title, PHP Hacks: Tips & Tools for Creating Dynamic Websites is clearly intended to show how PHP's capabilities can be extended beyond its most common usage for creating dynamic and database-driven Web pages, and can be employed in such areas as graphics, reporting, Web site testing, code generation, and even fun purposes (for those few programmers who find the former topics less than entertaining). The author, assisted by six contributors listed in the Credits section, manages to pack an impressive number of general programming ideas and PHP-specific topics within this title's 468 pages. The material is grouped into 10 chapters, each of which contains a generous number of "hacks," each in its own section.
As with most if not all of the other titles published by O'Reilly, this book has a Web page that offers an overview of the book, its table of contents, all of the book's code (in both Zip and tar file format), and a list of confirmed and unconfirmed errata. In addition, the site hosts five sample hacks (in PDF format): accessing iPhoto pictures, generating Excel spreadsheets, avoiding the "double submit" problem, reading RSS feeds on your PSP, and creating custom Google Maps. Perusing these hacks would give the prospective buyer a clear sense as to the style of the book's other 95 hacks, as well as the (low) level of PHP expertise needed to understand them.
The book begins with a preface that describes the organization, conventions, and icons chosen for the book. Also, it covers the legality of the code samples, lists contact information, and mentions O'Reilly's Safari online book service, which contains this title among many other PHP resources. What is perhaps most unique about this book's preface is that the author identifies over half a dozen weaknesses commonly seen in PHP applications, and explains how his book addresses those problems. In addition, he makes explicit how some of the hacks can be used for jazzing up one's Web site or Web-based application.
The first chapter discusses how to install PHP on Windows, Mac OS X, and Linux, and then verify that the installation was done properly. Herrington then briefly explains how to install MySQL and perform some basic database management. The chapter concludes with coverage of installing the PEAR library on your local machine and on your Web host's server (which is incorrectly identified as your "ISP machine," apparently assuming that most developers choose their Internet service providers for hosting their sites, when in fact the opposite is true). Since the typical reader of a non-beginning book such as this no doubt has one or more introductory and/or reference PHP books at hand, it would seem superfluous to waste time and space explaining how to install these components. But few pages are taken up by the material.
The next chapter is devoted to hacks that help to jazz up the design of one's Web sites, including how to create a skinnable interface, build a breadcrumb trail, create HTML boxes, add tabs to your interface, and other valuable techniques. Subsequent chapters offer hacks in the areas of dynamic HTML (DHTML), graphics and digital pictures, databases and XML, application and e-commerce design, patterns and PHP object orientation, testing and documentation generation, and building alternative user interfaces. The 10th and final chapter covers some "fun stuff," such as creating dynamic playlists, developing a media upload/download center, and even putting Wikipedia on a Sony PlayStation Portable.
Rather than try to explain in detail all of the many topics covered in the book, I instead encourage the interested reader to visit the publisher's Web page, and scan through the table of contents provided, to get a better idea as to how much of the book would be of interest to the individual. Also, the five sample hacks listed on the site, would be well worth examining and trying out. Overall, the topics chosen reflect favorably upon the judgment of the lead author and the other contributors to the book. The typical PHP veteran would likely be interested in most of the applications covered, and would probably learn some new tricks, especially in the areas of patterns and code testing, regardless of their level of experience.
Like all books, this one is not perfect. As with the first printing of most technical books; particularly those chock-full of source code; the book contains a fair number of errata, likely even greater in number than those reported and listed on the publisher's Web site, as mentioned earlier. Consequently, any reader who chooses to test the sample code and he or she would be encouraged to do so; should keep one browser window or editor buffer open and devoted to those errata, so as to minimize the time spent trying to figure out why some sample code is not working as advertised.
Some readers posting in forums have complained that the sample code has evidently not been fully tested on all platforms, nor in all Web browsers. Since few if any reviewers would have the time, resources, or inclination to verify these claims, it should suffice to simply bear in mind that the script output and other behavior detailed in the book might not exactly match those experienced during one's own usage of the code.
The fact that there were several cooks in the kitchen brewing up this particular book, is obvious from the way that the code formatting is not consistent throughout the book, as well as the variety of problem-solving styles. Fortunately, neither weakness is of much consequence, and the latter might even be considered a "feature," as it allows the reader to see how a number of veteran PHP developers approach solving a problem.
Most technical works written by a team of authors, end up as excessive "doorstops" that are often frustrating to read as a result of the wildly inconsistent writing and coding styles, to say nothing of the material often being out of date as a result of the long production time needed by the publisher. The opposite case can be even worse, when a publisher releases a book that was clearly thrown together as quickly as possible to capitalize upon a hot new trend in technology. Thankfully, PHP Hacks keeps the style differences to a minimum, and benefits from having a lead author responsible for the book as a whole.
Some programming purists may take issue with the use of the term "hack" used as a synonym for a small PHP application or the use of such for solving a problem, since the majority of the PHP scripts in the book do not involve any programming or problem-solving that would be considered notably clever or elegant. Yet the misuse of the term seems to be spreading, and is not limited to this particular book ; another example of marketing overpowering stability of language. In the preface of PHP Hacks, the author explains that he uses the term in the positive sense of creative participation, to help reclaim it from its popular usage in place of the more traditional term "cracking," i.e., breaking into systems.
Yet aside from these complaints, PHP Hacks is a worthy title that offers explanations and source code for many valuable site-enhancing applications, testing and code generation techniques, and critical e-commerce safeguards. I recommend this book to any PHP developer who would like to add to their Web sites' capabilities, as well as their knowledge of what PHP can do.
Michael J. Ross is a freelance writer, computer consultant, and the editor of the free newsletter of PristinePlanet.com."
You can purchase PHP Hacks: Tips & Tools for Creating Dynamic Websites from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
You got that right (Score:3, Funny)
Re:You got that right (Score:4, Insightful)
In my experience, it's not so much a case of an embarrassment of riches but more like what the parent said -- it feels like a bunch of hacks. For example, standard library functions that seem similar in almost every respect, save that they work on different data types, take different parameters (or accept them in a different order). This can be very frustrating for experienced programmers who want to get up to speed quickly. Presumably it's less of a worry if you're just learning on PHP.
I don't hate PHP. I don't really like it, either, though. I'm one of those people who is quick with a snide comment about it whenever it's brought up, just because it has always feels so amateurish, poorly designed, and slapdash to me. That said, you can do some pretty decent stuff given a database abstraction layer and Smarty templates (for example). And the one big advantage it has over Ruby on Rails is that it's available on just about every cheapie $5/month Web host around, whereas RoR is barely supported.
Parent
Re:You got that right (Score:4, Informative)
I don't see why everyone is so critical of PHP.
PHP started out as a set of Perl scripts in 1995, presumably using the then-new Perl 5. When it became its own language in 1997, it somehow lost namespaces, the module loading system, DBI, use strict, and everything else in Perl that doesn't register on the suck-o-meter. It also did silly things like adopt the TCL global variable system, rather than using the one that C, Perl, Java, and even things like VB use.
So, yeah, there's a reason every is critical of PHP.
Sources: perldoc perlhist [cpan.org] (perl 5.000 was released on 1994-Oct-17), PHP History [php.net] (PHP/FI 1.0 was a bunch of Perl scripts released in 1995, PHP/FI 2.0 was written in C in 1997), DBI::Changes [cpan.org] (First official DBI release was 0.58 released in 21 June 1995)
Parent
Re:You got that right (Score:4, Insightful)
I'm on the other side. What is it about a language that makes it *EASY* to consider the problem at hand, and doesn't make you worry too much about implementation details?
Using PHP, you don't have to worry about things like memory management and/or memory type translation. A "1" becomes a 2 when you add a 1 to it.
Arrays and hashes are the same. Any array can be accessed as a hash, any hash is also an array. Makes it easy to define data in memory, then do loops/recursion on it to get whatever result you want.
Simple!
Time spent solving customer problems rather than implementation problems is time spent making money instead of wasting it.
I've written some really big projects with PHP. (EG: over 50,000 lines in 3+ years, with NO HTML CODE) It's done a magnificent job. It scales nicely and easily with it's "share nothing" approach [zefhemel.com], and is highly reliable. In the 6 years that I've been actively developing with PHP, the number of times that there was a bug/problem with the language I could count on one hand, with 4 of the fingers peeled down. It's reliable and scalable enough that Yahoo uses it as their preferred development language. [com.com]
And, as far as security, the vast majority of issues have been with idiots writing insecure scripting, which can be done in any language. (Yes, I'm thinking of you, SPAW editor!) And, if you're using a decent operating system [centos.org] with an update mechanism (EG: yum) then updates to fix found security issues is a no-brainer.
With PHP-GTK you can write quick, powerful, cross-platform GUI applications with ease and speed [php.net] - I've done so, managing a distributed database application among some 70 school districts with many hundreds of users - and it works marvelously.
PHP may have it's warts, but it's a damned fine tool. Don't let anyone convince you otherwise.
Parent
Re:You got that right (Score:3, Insightful)
But then, Perl never pretends it will keep programmers secure, while PHP tries to and fails.
followed immediately by:
Perl also has the immensely important "taint" mode, where unprocessed user input isn't allowed anywhere near important functions, like executing an external program, writing data into the database or selecting a file to open. It's this that forces programmers to think properly, and does a far bett
Re:You got that right (Score:3, Interesting)
mod_perl's Apache integration is impressive, and Template Toolkit is the best templating system out there bar none. Writing solid readable Perl is not as hard as people say. Perl rules for web development, and I say that as a Python nut dragged into Perl against my will.
Also, RoR deserves the hype it gets, even though it's still hard to find hosting, and there are performance problems. Still, a good choice for rapid development.
Java is solid, enterprisey and has a wealth of enterprisey libraries out there
I Read "PHP Hacks"... (Score:2, Funny)
You do (Score:5, Insightful)
Parent
Re:You do (Score:5, Insightful)
Unlike Perl?!?! Perl is just a foul, disgusting-looking beast. While the PHP libraries may be a touch on the fragile and "arbitrary" side, compared to the libraries in Java, for example, the language itself is like Miss America to Perl's Roseanne Barr.
The "serious developers" who used to write web apps in Perl and TCL, when those were the two most popular choices for such things back in the day, generally produced write-only web monstrosities that could never be picked up or figured out by anybody else, "serious developer" or not.
PHP is relatively fast, simple, syntactically straightforward, and easy to work with. This makes it a good choice for a variety of web applications, though obviously not always the best choice. For some of us, getting the job done is more important than feeling like an elite hax0r.
Parent
Re:You do (Score:5, Insightful)
I would like to see concrete examples of other languages being "better". The skill of the programmer matters far more than the language in my experience, and PHP gives you enough options to make good code *if* you want to.
The spaghetti code that PHP seems to encourage in a lot of people
This is because PHP is "approachable". It does not differ enough from C and JavaScript to scare people away, unlike other languages. The "elitist" languages are not necessarily better, they just scare away amatures and newbies so that you don't have as many amatures and newbies writing messy code. Perhaps this is a good thing, perhaps it means that the elitist language is doomed to obscurity. If PHP can make both crowds fairly happy, it will have lasting power. I've never met a language that makes everybody happy, but if diverse sides each give PHP a B-minus, that is doing about as well as you can as far as diversity.
Parent
Re:You do (Score:3, Informative)
Maybe I'm just elitist, but why would you make all of your objects face eastward? [m-w.com] Oh, you meant object oriented [m-w.com] programming.
The web is growing up, and page processors like PHP will fall out of use. WebObjects showed the way forward arbeit at a cost of $50,000 when it was 1st released, and now we have free alternatives like Jakarta/Struts and Ruby on Rails.
The web hasn't changed. It's still a stateless, every-page-for-itself environment. PHP isn't a "page processor", it's a pre-r
Re:You do (Score:3, Insightful)
No, I meant orientated, which is totally valid and its use prevailent in England. Which incidentally is where I live.
The web hasn't changed. It's still a stateless, every-page-for-itself environment. PHP isn't a "page processor", it's a pre-response request processor.
The web is still stateless but if you don't have to reload your page each time you want to perform an action and redispl
Re:I Read "PHP Hacks"... (Score:3)
Spend a few months with ColdFusion and you'll love PHP.
can you clarify that? (Score:5, Funny)
And....? I presume if all the code samples were legal, such a statement would be unnecessary. I further presume such a statement to that effect would not warrant inclusion in a book review.
So just what is the aspect of the legality of the code samples in need of clarification? Is one of the 'hacks' phishing with PHP? Adding free copies to your Kinkos card? Downloading launch codes from the WOPR? They're using the PHP to cook up meth, aren't they? *peer*
Hacks? (Score:3, Insightful)
Maybe I'm a bit bitter, and even at the risk of sounding like a troll I'm just gonna say it, isn't writing ANY decent amount of php kind of a hack.
Personally I'm a django fan, I really respect the rails kids for what they are doing too. Once you start doing web development in a real dynamic language you realize that web development in php in most cases IS a hack.
I've written lots of php over the years, and I'm so glad to know that I NEVER HAVE TO DO IT AGAIN. Unlike in other languages the "hacks" in php tend to be a necessity for doing development in the language. I've really tried to write "clean" code in php and it's just not possible for any project of a decent size.
Any disagreements?
Re:Hacks? (Score:2)
Any snippet that will move O'Reilly's new line of crappy shovelware books.
Re:Hacks? (Score:3, Interesting)
-gam
Re:Hacks? (Score:2, Interesting)
One of the django guys quoted a Rails line which was "php is the devil" and went on to say "and it is, because it tricks you. They make it so easy to build out 90% of your web app, but t
I think that a lot of the people who like PHP.... (Score:2)
Which would explain a lot.
(I fall in to this category)
Re:Hacks? (Score:4, Interesting)
On the other hand I've been using NuSphere's PHPed and Zend's own ZendStudio for quite a while now, they both support remote debugging, the latest version of PHP, version control and code profiling and are both much more advanced and stable compared to Trustudio.
PHP is no longer a baby language, and although it really annoys me sometimes (hello! no multiple inheritance or large integer/floating point number support) big real world applications are being written in it and most times I consider it much cleaner than Java when you know what you're doing.
It's the age old thing, if you make it easier for good programmers to program, they'll get working code out of the door with much less bugs compared to a stricter language. It's quick and at times dirty, but it's understandable, you can apply [insert buzzword here] with little to no effort and it runs on most of the world's web hosting servers.
For example, move from C to C++ and you will almost certainly be more productive, from C to D, from C++ to Java, from Bash to TCL, from Java to PHP.. you get the picture. When I've got a tight deadline and lots of features to implement, I'm going to want to do it in whichever language is most productive, this is why you see people adding backend JavaScript/BSH support to their J2EE webapps *laugh*.
Parent
Re:Hacks? (Score:2)
How I make a website using PHP (Score:2)
OK, I'm good to go!
From the title... (Score:2, Interesting)
[admin@bsever logs]$ tail -100000 access_log |grep php -i |wc -l
2128
2% of last 100K hits. I run no php on it + this is a test server that is not linked to anywhere public.
For example:
65.110.43.170 - - [04/Jul/2006:00:37:03 -0700] "GET
Re:From the title... (Score:3, Insightful)
Yup, but this comes down to what all dicussions do when a PHP topic is posted to slashdot. Is it the fault of the language when a lot of open source applications are written poorly? There have been very few vulnerabilites in PHP, but lots in apps like Mambo, *Nuke, phpBB, etc.
I like PHP, I can develop stuff very quickly in it, and I know how to secure code against CSS, SQL-Injection, etc. There are shortcomings with it, like basically every other language, but I don't think the fact that all these app
Re:From the title... (Score:2)
Re:From the title... (Score:2)
Re:From the title... (Score:2)
Well yes and no. I mean, PHP does have some braindead configuraion options that result in insecure code. Writing code that's secure with register_globals on is more work than just turning it off. Likewise handling both cases of magic_quotes_gpc is just a pointless hoop to have to jump through.
I don't really bla
Re:From the title... (Score:2, Insightful)
Not that I agree with either view, but it seems to me PHP is no better than Visual Basic in this regard.
Re:From the title... (Score:3, Insightful)
Yes. The language doesn't actually compel you to write insecure code, but it would be hard to imagine one which came closer. It's practically begging for injection everywhere. You need to manually escape everything. Database work? Sorry, no prepared statements. Going to send mail()? Leave a few newlines in the wrong variable and you can turn your form into a lean, mean spamming machine! Going to try and call system
Re:From the title... (Score:5, Insightful)
PHP has had prepared statement support for MySQL since 2003, it's been emulated in PEAR for an eternity and the very useful PDO extension provides an abstracted interface supporting prepared statements to SQL Server, Sybase, Firebird, Informix, MySQL, Oracle, PostgreSQL, SQLite, DB2 and ODBC.
Forgive me, but you don't know what you're talking about. There is almost never a need to call external apps from a PHP script. The most common needed external app is ImageMagick (because sometimes GD doesn't provide all the functionality you need.) Even then, there are at least two PHP extensions to deal with ImageMagick directly, as well as a PEAR package to abstract away from the image processing library/app.
Well, I dunno, do you want to escape an entire command so that multiple commands can't be injected or do you want to escape a single argument so that multiple arguments can't be injected? Heaven forbid that you should have to spend ten seconds checking the manual [php.net] pages [php.net]...
So use one of the multitude of classes specifically written to encapsulate mail sending (including, shock horror, one in PEAR.)
register_globals has been disabled by default for six (6) years.
It's not the fault of the language that you didn't bother to keep up with how to use it as it evolved.
Parent
Worse language than PHP for security? (Score:3, Funny)
C? (Ouch, my poor karma -- but seriously, memory management is a security vulnerability in the hands of the average programmer AND every programmer thinks they are above average).
Re:From the title... (Score:2)
Advanced PHP programmer? (Score:3, Funny)
Re:Advanced PHP programmer? (Score:2)
Re:Advanced PHP programmer? (Score:5, Funny)
Parent
Re:Advanced PHP programmer? (Score:3, Insightful)
I'm not a php/perl guru, but (Score:5, Interesting)
http://tnx.nl/php [tnx.nl]
Re:I'm not a php/perl guru, but (Score:2, Informative)
Draw whatever conclusions you like, but the linked page is accurate.
Re:I'm not a php/perl guru, but (Score:2)
That said, I am definitely in the market for a new language to build sites with. Perl ain't it as I've been there and done that. Great language but I would rather maintain/fix crappy PHP sites than crappy Perl sites.
Re:I'm not a php/perl guru, but (Score:3, Interesting)
To clarify: I'm a professional PHP developer but finding the language doesn't grow with me as a grow as a developer. Looking into RoR but the hype scares me (memories of Java).
Re:I'm not a php/perl guru, but (Score:2)
If you are looking for something that still retains most of the useful parts of perl then RoR, or one of the other Ruby web dev frameworks (yes, they do exist) might be the way to go.
Personally I am happy with Python, especially considering the community is really starting to get behind WSGI,
Re:I'm not a php/perl guru, but (Score:3, Informative)
Re:I'm not a php/perl guru, but (Score:3, Informative)
RoR for PHP Projects (Score:2, Interesting)
Thanks!
blame the coder, not the language (Score:3, Insightful)
-Peter
Free PHP bashing (Score:4, Insightful)
Most posts offtopic (Score:4, Funny)
PHP seems to be one of those red-button topics on Slashdot. If the word even appears in the text of the story, the topic at hand is dropped entirely in favour of having a big wanking session [linuxvirus.net] and patting each other on the back for knowing a 'superior' language, or for having been into Linux 'before it was cool', or whatever the general topic happens to be.
And not only is this stuff offtopic, it's also just so painfully redundant. I swear, that Slashdot story generator page [bbspot.com] from a while back was pretty impressive, but I'm starting to think maybe I could cook up a Slashdot comment generator as an add-on.
Re:I think Slashdot is trying to cheat us here.... (Score:2)
And Bookpool ** [bookpool.com] has it for virtually the same price as Amazon.
** This is a non-affiliate link.
BS Re:I think Slashdot is trying to cheat us here (Score:4, Interesting)
On the other hand, looks like the parent put their own referrer link to Amazon - now that's what I call cheating!
Parent
Re:Can't let this go (Score:2, Funny)