How to Do Everything with PHP and MySQL

Michael J. Ross writes "When it comes to creating a dynamic Web site with data store capabilities, the site developer can choose from many technologies, including PHP and MySQL. The combination of the two is rapidly emerging as a favorite, partly because they work well together, and partly because they are both available under open-source licenses. As a result, technical book publishers are cranking out a growing number of high-priced tomes that try to cover all of the details of either technology, or both. But for the developer just getting started in either one, there is a new title that could prove more accessible: Vikram Vaswani's How to Do Everything with PHP and MySQL, published by McGraw-Hill/Osborne." Read on for the rest of Ross's review.

How to Do Everything with PHP and MySQL
author	Vikram Vaswani
pages	381
publisher	McGraw-Hill/Osborne
rating	7
reviewer	Michael J. Ross
ISBN	0072257954
summary	A tutorial on PHP and MySQL, geared to the new developer.

The publisher has a page on their Web site devoted to the book; for some reason, it lists the book as containing 400 pages, but my copy has 381. The page also has links to a table of contents and a sample chapter, namely the first one. For those readers with very slow Internet access or unstable Adobe Acrobat plug-ins installed, be aware that the sample chapter -- and even the table of contents -- are offered only as PDFs, but the two links give no warning.

Most technical publishers, for every one of their books, wisely have links to the errata and sample code, right there on each book's Web page. This is the best approach, because when readers are having difficulty getting a book's examples to work correctly, they want to be able to quickly find and download the most up-to-date sample code, as well as check the errata page for any bugs in the printed code. Unfortunately, McGraw-Hill/Osborne has their links to those two types of information in an easily-overlooked part of a menubar, using small black text on a blue background. The links are near the upper left-hand corner, and outside the content section of the Web page, where the typical reader would be seeking fruitlessly for them.

The companion Web site for the book is hosted by Vaswani's software consulting firm, Melonfire. The site has the book's table of contents (in HTML), a link to chapter 1 in PDF, a profile of the author, three full-length case studies, a feedback form, and an extensive collection of links to PHP and MySQL reference material, discussion lists, articles, and tutorials. At the end of the Introduction in the book, the author invites the reader to use that companion site for connecting with other PHP users, and sharing their thoughts on PHP and MySQL development. The site itself has no such forum, so the author probably meant the discussion lists.

The companion site also has a link to download a Zip file containing all of the sample applications from the book -- from chapters 7, 12, and 16 -- comprising nine PHP scripts, an SQL file, and a data file. The code snippets themselves do not appear to be included in the download. This shouldn't pose a difficulty for the typical reader, since few of the code snippets are long. Besides, typing them in on one's computer can help to reinforce the language syntax that one is learning, as well as decent code formatting (valuable for newbies).

The book is organized into four parts.The first of these presents the basics of PHP and MySQL, including the history and features of both technologies, as well as how to install them on Unix and Windows systems, verify the integrity of the installations, and make some critical security and configuration changes, such as changing passwords. Parts II and III cover the basics of PHP and MySQL, respectively. The fourth and final part describes how to use the two together. To that end, every chapter contains snippets of code to illustrate the ideas being described. In addition, each section is wrapped up and illustrated with a sample application. For PHP, the author shows how to build a session-based shopping cart. For MySQL, he presents a simple order-tracking system. For using PHP and MySQL together, he shows a news-publishing system.

Despite its title, the book clearly does not tell the reader how to do everything with PHP and MySQL. As the author notes in the Introduction, the book is not designed to be a complete reference for either technology, but instead intended as a tutorial for Web developers who are interested in learning how to do server-side scripting in combination with a database management system. Vaswani states that he does not assume prior knowledge of programming or database fundamentals, and that these basic concepts will be taught by example, using tutorials and realistic examples. I suspect a reader not familiar with HTML, however, could be easily baffled by the book. On the other hand, most if not all developers reading a book on PHP or MySQL are likely to already know HTML well enough to understand the output of PHP-enhanced Web pages.

One strength that this book has over many similar ones is that the author explains up front how to install PHP and MySQL, rather than relegating these topics to an appendix, or skipping them entirely. This is critical, because many programmers will find that the most challenging aspects of getting started with PHP and MySQL, are simply getting them installed and working, along with a Web server, such as Apache -- and not coding the applications themselves.

Another welcome aspect of the book is the author's enthusiasm for the technologies -- although characterizing MySQL as "quite friendly" (page 150) is a stretch. Furthermore, his explanations are clear and concise. In addition, Vaswani makes no pretense that his book has all the answers; he frequently refers the reader to URLs in the online manuals of the products, for more details. In addition, he does a nice job of illustrating the advantages of normalized database tables, and later explaining how to format query output -- an important topic omitted in many similar books.

Yet, like all books, this one is not perfect. There are a number of errors or pitfalls in the book that could confuse the reader. They range from incomplete explanations of what a user will see when running particular commands, to the sort of errata one finds in all technical books. I found over two dozen in total (there may be more). In the interests of keeping this Slashdot version of the book review close to the recommended length, I won't list all of the problems here, but will instead refer the reader to a longer version of this book review, if they are interested in those details.

Aside from its many minor flaws, I recommend this title to any programmer who wants to learn the basics of PHP and MySQL. Even though the publisher could improve their production quality, choice of binding, and Web page, the author has done a good job of clearly presenting the major points. Future editions could incorporate fixes to the errors noted in the longer version of this review, as well as better explain to the neophyte how to test/debug the code snippets. Nonetheless, the intended reader would be well served by this particular book.

---

Michael J. Ross is a freelance writer, computer consultant, and the editor of PristinePlanet.com's free newsletter. You can purchase How to Do Everything with PHP and MySQL from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Re:bah!

[Anonymous Coward]

excatly. and mysql is a toy as well. when they're done playing, they can move to postgres.

Most comments to this review

[jbellis]

will be either "wooo! php rocks!" or "php sucks, use a Real Man's language like java."

Which is sad, because as much as PHP sucks [blogspot.com], J2EE solutions suck just as badly in different ways. (That's another article.)

Re:bah!

[downward dog]

PHP is a full programming language. You can do basically anything in PHP that you can do in Perl, Java, .NET, Ruby, etc.

Granted, PHP lends itself to sloppier code than some other languages. Or rather, it _allows_ you to write sloppy code. But this is only a disadvantage if the developer is unskilled/undisciplined. A skilled PHP programmer can write robust, object-oriented code that follows the same design patterns as Java. It's just that certain Java frameworks force every project to be heavyweight, while PHP allows you to do a lot of things simply. If you want to write yourself a simple photo gallery app, why bother with Struts?

I write this as an ex- (not current) PHP programmer. I recently made the switch to Ruby on Rails, which has proved to be fantastic thus far.

Never trust anyone who says "Language X is terrible and Language Y is great."

Make it stop

[glwtta]

I wonder if there really isn't a single person out there who knows MySQL and PHP and who can write a decent book?

Seems like the only explanation for this myriad of redundant books on such a simple topic. Really, how can there be a market that can accomodate another one of these identical books every month?

Re:Like the old saying goes

[Anonymous Coward]

Fully agreed,

those two sites are more informative than any book I've read on PHP/MySQL. Even with moving from php3 to php4 and then php4 to php5 or from mysql 3.x to 4.x I have still yet to purchase any documentation for either of the two.

Any book I've picked up at the local book store on the subject I've found to have too much filler and have somehow stretched out 1 paragraph in to two pages.

If anyone is going to be getting into PHP/MySQL do your self a favor and just read through the tutorials and syntax examples on the parents post. I guarentee they will be just as, if not more informative as any $25 - $50 book you'll purchase at a book store and you will have the option of Ctrl+F.

I hate the title

[diegocgteleline.es]

"How to Do Everything? with PHP and MySQL"?

I hate how people abuses of PHP. PHP is nice when you really need what things like PHP/ASP/etc provide, but these days some people use it for everything. I hate it. Take a look at blogs - they're not really "dynamic content", they're just static content which changes very frequently, still everybody uses PHP to implement them.

Re:both available under open-source licenses?

[markybob]

you're absolutely wrong. mysql is dual-licensed, with one of those two being the GPL. the GPL is not only for non-commercial. seriously, read up before throwing stones.

No, buy a SQL book

[DogDude]

I can't stress strongly enough that people NOT buy a MySQL book. Buy a SQL book. Even better, buy a RDBMS book. We have enough people doing stupid things with data. We don't need any more. You might as well suggest that somebody buy a Windows 95 book.

It was the language and not the code?

[Wee]

At the risk of feeding the trolls...

PHP websites are more vulnerable to worms. Just six months ago, many PHP run forums were shut down and destroyed. The exploit was something that worked only with PHP forums.

So it was a shortcoming endemic to the langauge, and not sloppy coding, right? I mean to say, PHP itself was at fault, due its very nature? A similar thing can't possibly happen in a "real" programming language like Java?

Java is the better language to learn. It is more like a true programming language than PHP. The reward for the time spent learning a language is greater with Java than with PHP.

That's begging the question [skepdic.com]. And wooly-headed thinking at its best. I'd argue that the barrier to entry is a lot lower with PHP than Java (or C, C++, .Net, et al.). So someone new to the language is bound to see results faster. But your point is nonsensical to begin with...

I always thought of PHP as more of a scripting langugae, and not a true language. No large PHP applications exists out there. But there are tons of enterprise Java applications.

A scripting language is a "true language". BASIC is a true programming langauge. MSDOS batch is a true programming langauge. Further, have you ever heard the saying "use the right tool for the job"? There are a lot of types of websites filling a lot of roles. Many (most?) of them don't need the overhead and complexity of an enterprise-class system. Use what works, without specious limitations brought on by technical snobbery.

-B

Re:MySQL good, PHP not so good

[hobbesx]

PHP websites are more vulnerable to worms

If this is the worm I am thinking about, it was specific to one particular forum, which is quite popular and written in PHP. The exploit was a vulnerability in the source, not PHP itself. Is all JSP code automatically uber-secure?

And if the 'reward' of programming with a 'real' programming language is that much better, write your web-apps in C, or ::shudders:: Assembly... For now, I'll use the tool that is best suited for the job based on it's merits and my ability to complement them. (Unless the reward is cash, in which case, I complement cash whoreing quite well...)

Re:both available under open-source licenses?

[svallarian]

It's only free if you release your web app as GPL also.

Not very free IMHO.

Brilliant!

[Soong]

By posting a comment on this article, I can troll two products at once! I'm a PostegreSQL snob and a Java snob!

Of course, this book is just indicative of one of the key features of the Open Source movement: the ability to take two bad software packages and combine them to form something truely horrific.

(I wasn't using that Karma anyway.)

Re:bah!

[Decaff]

A skilled PHP programmer can write robust, object-oriented code that follows the same design patterns as Java.

This isn't quite true. A good example is that many very-high load Java websites use application-scoped caching of data. This is very hard to do elegantly in PHP.

Java was designed to be object-oriented from the start. With PHP, it was an afterthought.

It's just that certain Java frameworks force every project to be heavyweight, while PHP allows you to do a lot of things simply. If you want to write yourself a simple photo gallery app, why bother with Struts?

Java also allows you to do a lot of things simply. There is nothing forcing you to use those Java frameworks. You can write everything in scripted JSP pages.

Re:I prefer a different book

[Anonymous Coward]

What's wrong with "How to Do Everything with PHP and Postgresql" ?

Re:Perl and PostgreSQL

[Leroy_Brown242]

s/retard/genius/

Re:No, buy a SQL book

[njcoder]

" I can't stress strongly enough that people NOT buy a MySQL book. Buy a SQL book. Even better, buy a RDBMS book."

If people start doing that.... I can't see people still using MySQL :)

Re:Comparison to Other Books?

[AuMatar]

Its a good reference, but its not easy to learn from. Few to no examples, and its organized as a reference, not as a tutorial. Awesome when you want to look up the parameters of some function call, hideous when you're trying to learn the capabilities of the language.

Re:I prefer a different book

[rawyin]

We should author that book.

MySQL has garnered such popularity because it is EASY. It is unfortunate however that easy does not mean good. MySQL is the Geo Metro of database systems. It's easy to drive and anyone can finance the thing. It pays to note that LAMP is the ultimate driving force behind the movement.

As a result of this ease and the lack of knowledge needed to make it operational, there are more scripts than one can count that you just drop into a LAMP installation and *bing*, instant website. The security concerns [mangeek.com] alone make me shudder, but the proliferation of bad code is perhaps just as serious of a problem.

While I think there are things that MySQL and PHP do quite well together, I would prefer if the development groups spent less time trying to perfect their recipe for "instant website" and instead increased their educational resources and expanded their product to meet standards.

It would make better netizens of their users. Or at least teach them "no, the world doesn't have padded walls for when your server falls down and gets a booboo."

Re:I hate the title

[AuMatar]

"static content which changes very frequently"

Doesn't that make it dynamic?

ANd why not use PHP to implement them? Instead of ftping the file tomy computer, adding my new text, then ftping it back, I can just use a PHP script to add it to a db, and a second script to write it out to the world. Much easier. As someone who did things the bad old way once upon a time, this is a huge time saver.

PHP encourages bad code.

[Some Random Username]

In fact, look at the zend website even, they give horrible examples that nobody should ever follow. Gee, I wonder why so many PHP programmers end up writing crappy code.

Also, the PHP developers have proven over and over again that they do not care AT ALL about security. As an ex-PHP programmer myself, I have to agree with the "dear god use anything but PHP" people.

Risk of SQL injection

[the_european]

Look at the examples given in the companion web site. There is code like the following, which is highly vulnerable to SQL injection [wikipedia.org] attacks:

$title = $_POST['title'];
$content = $_POST['content'];
$contact = $_POST['contact'];

// validate text input fields
if (trim($_POST['title']) == '')
{
$errorList[] = 'Invalid entry: Title';
}

Validate? Just by removing trailing spaces? People trusting this book's advice will be very sorry soon.

// and later in the script ...

$query = "INSERT INTO news(title, content, contact, timestamp) VALUES('$title', '$content', '$contact', NOW())";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

One more example:

// generate and execute query
$id = $_GET['id'];
$query = "SELECT title, content, contact FROM news WHERE id = '$id'";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

No validation at all! User input thrown into the database without any check!

It's unbelievable that in 2005, after all the outrage and cry about SQL injection ther is still a new book proposing such horrible code!

Re:Make it stop

[nxtw]

I think most people that can write a decent book and that *should* be writing books are smart enough to use a better database than MySQL.

Re:PHP editorfor Linux, anyone?

[Ucklak]

Eclipse with PHPEclipse Plugin.

Invaluable and the CVS integration makes it even better.

I run it on (seriously) on Windows (Work), Linux (Home), Mac (Laptop) and don't skip a beat.

Re:Brilliant!

[deuterium]

I'm working on a simulator that involves large amounts of data, and originally started work with MySQL. It's so popular that I assumed it was the easiest to use. Since our product is sold as a workstation, I quickly realized that each unit would cost us $200 for the MySQL server. A quick search uncovered PostGres, which has really turned out to be just as easy to use, is free, and even has a .NET interface and simple administrative utility. Pretty nice. I don't know if it's slower than MySQL, but it's plenty fast for me. You can even do transaction processing. It's strange that even though PostGres is so old, there are almost no books available for it (aside from the Douglas text), while MySQL has dozens.

Re:Perl and PostgreSQL

[imroy]

Here here! My variation of the "LAMP" acronym is Linux, Apache, Mason [masonhq.com], PostgreSQL [postgresql.org]. Working pretty damn well for me. I've been looking at AxKit [axkit.org] on and off for a while, but who wants to use "LAAP"? :P

Re:Perl and PostgreSQL

[Anonymous Coward]

Agreed! I don't think Mason gets the light of day that it greatly deserves. It's by FAR my weapon of choice when creating dynamic websites. I find that it's very easy to develop in, super fast, and very maintainable.

Re:"JSP in a very light manner"

[Decaff]

Tomcat must have progressed quite a bit in the last 5 years then.

It certainly has. Especially in terms of performance. The latest Tomcat (5.5) approaches the speed of Apache in some cases.

Yes, you could run Tomcat on port 80, with no Apache, but I seem to recall that Tomcat specifically leaves out much of the functionality that Apache does natively- perhaps lock something down by IP, etc.

This is all available now (RemoteHostValve, RemoteAddrValve etc).

Once you've gone through the nightmare of setting this up properly, you then get to learn Ant to make your WARs. While I did find Ant appealing/nice/whatever, it's quite a bit more complex than you're making it up to be to be serving up .jsp.

The latest versions of NetBeans (4.0, 4.1) does this for you. Every change to a J2EE project automatically updates your WAR file. It even (again automatically) writes and maintains Ant scripts so that you can do this from the command line as well.

I do feel a lot of the criticism of Java/JSP/J2EE is based on the way things were years ago. This have changed a lot!

Re:Is that Realistic?

[v3xt0r]

google uses PHP and MySQL as well.

People who tell you Java or .NET are better (for small-2-enterprise-level web applications), are simply brainwashed by market-share data and proprietary software marketing tactics.

Re:Most comments to this review

[Jose-S]

It is true that many Java frameworks (and to be specific much of what Sun designs) tends to be over-engineered and complicated. That's not to say that Java the language sucks, or that there can't be simple Java frameworks. In fact, it has been a very successful language for a reason, a language that MS itself has put a lot of effort into cloning (and improving to a limited extent in some areas), and one that IBM is very fond of.

Re:buy a MySQL book

[crucini]

While I partially agree, I have to mention the counterpoint. MySQL is very good across a certain domain of problems. Where I work now, we pick between Oracle and MySQL for specific projects. If we don't see transactional requirements, writer contention, or huge volumes of data, we pick MySQL. It's faster and generally easier to work with.

I just don't care that MySQL isn't SQL-92 compliant. By the way, none of the applications I have worked on on Oracle could be trivially ported to a different db, standards or no. I agree that MySQL is friendlier than other dbs. Most obvious example - meaningful error messages.

I am not excited by Innodb or most of the features being added to MySQL. These changes, which add Oracle-like capabilities, also add Oracle-like problems, such as complexity, slowness, lock buildups, etc. We already have Oracle. We use MySQL where it fits.

As for hammers and nails: the guy with only one tool has a problem; so does the guy who spends all his time learning new tools and never becomes expert with one. There is not a logical niche for every technology - many of them are not worth touching, period. It's better to invest time in learning a few tools deeply.