PHP 5 Recipes

jsuda writes " With all the books being published recently about PHP a new one will need to find and fill a niche to distinguish itself. PHP 5 Recipes: A Problem-Solution Approach, published by Apress, has done so, in my view. This is an intermediate-level volume exploring PHP 5 using a recipe approach where the basics of PHP 5's functionality are expressed systematically but in a small-topic by small-topic manner. Cook-book style, each topic is relatively autonomous and can be individually selected, as necessary, for information or review, similarly to how many refer to the Joy of Cooking for help on a cooking project. It's a source for instant solutions to common PHP-related problems. There are over 200 such recipes presented." Read the rest of jsuda's review.

Php 5 Recipes: A Problem-Solution Approach
author	Lee Babin, Nathan Good, Frank M. Kronman, Jon Stephens
pages	646
publisher	Apress
rating	8
reviewer	John Suda
ISBN	1-59059-509-2
summary	A problem solving approach to Php 5

Each of these recipes refers to a small element or aspect of PHP 5 and the presentations contain a brief overview of the topic, an explanation of how the code elements work, and where the code is applicable in projects. Overall, the book covers the whole range of PHP 5 functionality where each major element of PHP 5 is addressed in a recipe explaining and illuminating relevant code elements. You can easily get information about a specific PHP 5 element by going directly to the section of the book where it appears. Even better, the code snippets are designed to allow one to copy and paste them into your own applications or development easily and then to configure them as necessary. All of the code snippets are freely available for downloading at the publisher's website at www.apress.com.

There are 16 chapters and an index covering a total of 646 pages. The chapters are organized similarly to other PHP primers, covering the basic elements of PHP - data types, operations, arrays, strings, variables, files and directories, dates and times, functions, and regular expressions. The coverage for much of these concepts is relatively mundane and unoriginal. The discussion of dynamic imaging, however, is an exception. The writing throughout, however, is solid and clear. The book emphasizes the most important elements of new PHP 5. The object-oriented programming elements especially are covered - classes, objects, protected class variables, exception handling, interfaces, and the new mysqli database extension. The authors' discussions focus on PHP 5.0.4, MySQL 4.1, and cover Linux and Windows environments.

The book is directed at PHP programmers looking to learn the elements introduced by PHP 5, and for those looking to find fast solutions to coding problems. It assumes a basic knowledge of PHP. Many of the recipes discuss object-oriented programming and these are some of the more advanced sections of the book. I can say that Chapter 2, which introduces the object-oriented concepts is one of the better explanations of the topic that I've read. The chapter covers constructors, destructors, methods and properties, class diagrams and examples of these concepts at work in code snippets. There are a number of interesting segments containing custom coding of classes as reusable templates from which to create objects.

The book is well-designed and written. The discussion is clear and logical. The code snippets are well-explained. The authors are experienced programmers and developers, and Good and Stephens have authored or co-authored a number of technical books.

A large handful of the recipes contain projects, usually appearing at the end of the overview and presentation of code snippets covering the basics of the topics. The projects usually deal with the creation of higher-end classes and objects as solutions to common coding problems. The idea here is to show PHP 5 functionality at work providing useful code sections to be dropped into your custom applications. Chapter Five concludes with a sophisticated class dealing with dates and times issues. Other chapters contain constructions of string, file, graphics, and regular expression classes.

The last five chapters deal with using the PHP code in web applications and services. This material covers cookies (including construction of a cookie class), using HTTP headers, sessions, and using query strings. Much of this material has been covered elsewhere in the many primers on PHP already published. There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class.

This is a useful book to have in a programmer's library."

---

You can purchase Php 5 Recipes: A Problem-Solution Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

What about security?

[CyricZ]

Do the examples show how to write solid, secure code?

Indeed, inexperienced programmers writing insecure code has plagued PHP for years now. Far too many PHP books that I have flipped through show very poor style. They don't verify the inputted data, for instance, before making a SQL query.

So while a professional, or even somebody with some level of experience, would see such an obvious problem, a beginner may not. And then the result is often a compromised server, a destroyed database, or some other shenanigans. Often times a problem with a user's PHP script ends up making other, completely innocent and unrelated projects (such as Apache or Linux) look to be at fault. That's not good for the image of the community.

Re:What about security?

[NotoriousGOD]

Many PHP/MySQL texts don't cover the aspect of security, except for maybe a subtle reference to having HTTPS set up on your server. I have referenced many books in backend or database programming and there is very little on the subject. Maybe someone should publish a book regarding security itself. But it would still be true that this book would stand out among the existing ones, as covered by the post and my reasons above.

Does it delve into SQL?

[CyricZ]

Many PHP books I've seen often include an SQL tutorial. Due to space constrains, it is often quite lacking and only focuses on using SQL, rather than designing efficient and well-planned databases. Such half-assed tutorials may often be very misleading to new PHP users.

I recall working with one web developer who learned PHP from such a book. We told him that we wanted to use PostgreSQL as the backend for our site, but he insisted on using MySQL, since that was the only system mentioned in the book he had bought. We no longer required his services after that show of incompetence.

Does this book try to cover topics such as SQL and database design, which should be covered in their own, separate book(s)? Does it specifically refer readers interested in such subjects to consult other sources of information?

Re:What about security?

[JabberWokky]

I'd imagine that most bridges, dams and skyscrapers built by inexperienced or non-formally educated engineers would be pretty lousy.

The problem is that it's illegal to have a non certified engineer working on a project that can impact others. Those engineers are expensive because you're paying for their recognized skills and the years it took them to obtain them.

Meanwhile, 15 year olds are bidding on software projects and it's seen as a great opportunity. There are certainly some benefits to the industry being willing to hire self-trained and inexperienced programmers, but those inexperienced programmers are being handed even mission critical projects.

--
Evan

Re:May I sugest a great PHP tutorial?

[CyricZ]

How recently have his articles been updated? Indeed, there have been some preliminary security developments within the past four years.

Nothing could be worse than a new PHP user learning PHP from outdated tutorials which fail to show the proper techniques necessary for building solid, secure and trusted web applications.

An anti-PHP/anti-ASP coalition.

[CyricZ]

An anti-PHP/anti-ASP coalition would be even better than separate anti-PHP and anti-ASP coalitions.

Either way, the fact remains that insecure, faulty systems are used far too often for web development. The best thing that can be done at this point is to raise awareness as to the flaws and problems associated with such systems. That may be the most effective way to eradicate their use, thus providing a far more secure Internet.

Re:Developer's Union?

[lewp]

Because companies would have to spend a whole lot more money to get those people. They're not going to do that unless the consumer demands it. The consumer isn't going to demand it unless the certification/standard/seal of approval becomes well known. And that isn't going to happen unless someone spends a large amount of money creating and marketing it.

Basically, the industry would have to foot the bill for something that would end up costing them a lot of money in the long run with nothing to gain except stable software. Of course, software companies nowadays make tons of cash off selling what amounts to bugfixes for their previous products, so there's more money down the tubes. I guess it could be done in a grassroots fashion, but you have to remember that what you're suggesting would essentially call most of the people working in the industry "unqualified". Doubt they're going to go for it.

In short, this isn't going to happen. Not anytime soon, at least. Definitely not until consumers learn to stop taking it up the keister and stop buying software that doesn't work just because they don't know any better.

Not that I'm jaded...

Re:An anti-PHP coalition?

[kuzb]

That has to be the worst argument I've ever seen. PHP doesn't pose many security problems, and those that it did does pose get fixed rapidly. The 'security risks' you see are due to 1) improper system administration and 2) badly written user code - neither of which can be blamed on PHP.

Your argument is goes something like this: "Because someone stabbed somoene else with a fork, we should rally together and make sure forks are banned from all households". You may as well form an anti-C coalition while you're at it, because there are a lot of insecure C applications out there. Perhaps we can get GCC removed from distrobutions as well.

Re:Developer's Union?

[IAmTheDave]

Because companies would have to spend a whole lot more money to get those people.

As far as I'm aware, developers are pretty well paid in the overall job market, more than twice as much as teachers in many cases.

I did spend time getting degrees in CS and CE, and it would be nice to seperate myself from those who simply have MSP on their resume. But wait - that's right - I DO seperate myself, by putting my CS and CE degrees on my resume.

Rarely is software life threatening (yeah, I know, there are examples) but hospitals rarely bid out to teenagers to build their software. The reason so much engineering (bridges, homes) requires such certifications is because a collapsing bridge is a bit more of a problem then a buggy PHP website. So if company A wants to hire Joe Teenager to build their website, well, so be it.

I get hired because of my degrees and years of experience, and while I do write some web code, most of my time is spent on more valued tasks, like writing mission critical software that drives the businesses I'm in - and I get paid more than Joe Teenager gets paid to build the website, because of those abilities.

Rarely, if ever, have I heard some 20 year old non-college educated designer/developer called an engineer.

Re:More of a community attitude issue.

[bani]

As opposed to say, perl [securityfocus.com], right [eweek.com]?

While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.

Are the majority of perl users well versed in perl security? I doubt it.

What, you going to recommend people use C instead of PHP then? python [securityfocus.com]? Even java [securityfocus.com] has issues.

It's very fashionable, hip and trendy to bash PHP on /., while ignoring the fact most other languages really aren't any better.