PHP 5 Recipes

jsuda writes " With all the books being published recently about PHP a new one will need to find and fill a niche to distinguish itself. PHP 5 Recipes: A Problem-Solution Approach, published by Apress, has done so, in my view. This is an intermediate-level volume exploring PHP 5 using a recipe approach where the basics of PHP 5's functionality are expressed systematically but in a small-topic by small-topic manner. Cook-book style, each topic is relatively autonomous and can be individually selected, as necessary, for information or review, similarly to how many refer to the Joy of Cooking for help on a cooking project. It's a source for instant solutions to common PHP-related problems. There are over 200 such recipes presented." Read the rest of jsuda's review.

Php 5 Recipes: A Problem-Solution Approach
author	Lee Babin, Nathan Good, Frank M. Kronman, Jon Stephens
pages	646
publisher	Apress
rating	8
reviewer	John Suda
ISBN	1-59059-509-2
summary	A problem solving approach to Php 5

Each of these recipes refers to a small element or aspect of PHP 5 and the presentations contain a brief overview of the topic, an explanation of how the code elements work, and where the code is applicable in projects. Overall, the book covers the whole range of PHP 5 functionality where each major element of PHP 5 is addressed in a recipe explaining and illuminating relevant code elements. You can easily get information about a specific PHP 5 element by going directly to the section of the book where it appears. Even better, the code snippets are designed to allow one to copy and paste them into your own applications or development easily and then to configure them as necessary. All of the code snippets are freely available for downloading at the publisher's website at www.apress.com.

There are 16 chapters and an index covering a total of 646 pages. The chapters are organized similarly to other PHP primers, covering the basic elements of PHP - data types, operations, arrays, strings, variables, files and directories, dates and times, functions, and regular expressions. The coverage for much of these concepts is relatively mundane and unoriginal. The discussion of dynamic imaging, however, is an exception. The writing throughout, however, is solid and clear. The book emphasizes the most important elements of new PHP 5. The object-oriented programming elements especially are covered - classes, objects, protected class variables, exception handling, interfaces, and the new mysqli database extension. The authors' discussions focus on PHP 5.0.4, MySQL 4.1, and cover Linux and Windows environments.

The book is directed at PHP programmers looking to learn the elements introduced by PHP 5, and for those looking to find fast solutions to coding problems. It assumes a basic knowledge of PHP. Many of the recipes discuss object-oriented programming and these are some of the more advanced sections of the book. I can say that Chapter 2, which introduces the object-oriented concepts is one of the better explanations of the topic that I've read. The chapter covers constructors, destructors, methods and properties, class diagrams and examples of these concepts at work in code snippets. There are a number of interesting segments containing custom coding of classes as reusable templates from which to create objects.

The book is well-designed and written. The discussion is clear and logical. The code snippets are well-explained. The authors are experienced programmers and developers, and Good and Stephens have authored or co-authored a number of technical books.

A large handful of the recipes contain projects, usually appearing at the end of the overview and presentation of code snippets covering the basics of the topics. The projects usually deal with the creation of higher-end classes and objects as solutions to common coding problems. The idea here is to show PHP 5 functionality at work providing useful code sections to be dropped into your custom applications. Chapter Five concludes with a sophisticated class dealing with dates and times issues. Other chapters contain constructions of string, file, graphics, and regular expression classes.

The last five chapters deal with using the PHP code in web applications and services. This material covers cookies (including construction of a cookie class), using HTTP headers, sessions, and using query strings. Much of this material has been covered elsewhere in the many primers on PHP already published. There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class.

This is a useful book to have in a programmer's library."

---

You can purchase Php 5 Recipes: A Problem-Solution Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

What about security?

[CyricZ]

Do the examples show how to write solid, secure code?

Indeed, inexperienced programmers writing insecure code has plagued PHP for years now. Far too many PHP books that I have flipped through show very poor style. They don't verify the inputted data, for instance, before making a SQL query.

So while a professional, or even somebody with some level of experience, would see such an obvious problem, a beginner may not. And then the result is often a compromised server, a destroyed database, or some other shenanigans. Often times a problem with a user's PHP script ends up making other, completely innocent and unrelated projects (such as Apache or Linux) look to be at fault. That's not good for the image of the community.

Re:What about security?

[NotoriousGOD]

Many PHP/MySQL texts don't cover the aspect of security, except for maybe a subtle reference to having HTTPS set up on your server. I have referenced many books in backend or database programming and there is very little on the subject. Maybe someone should publish a book regarding security itself. But it would still be true that this book would stand out among the existing ones, as covered by the post and my reasons above.

Re:What about security?

[bani]

Many PHP/MySQL texts don't cover the aspect of security

You say this like PHP is the sole exception. But it isn't.

Most perl, python, ruby, C/C++, ObjC, Haskell, Lisp, Tcl, ML, Lua texts don't cover security either.

Maybe someone should publish a book regarding security itself.

You mean like this [linuxcentral.com]?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:A lack of security-wise individuals.

[metallic]

Considering that there is something called magic quotes and such functions as mysql_escape_string(), I'm pretty sure that the developers have some inkling about security. This is pretty much the same situation as in J2EE and ASP.NET. If you perform an ad-hoc query using data supplied by a user, you are going to have to escape that string.

Re:A lack of security-wise individuals.

[nxtw]

I have never made such an "ad-hoc" query using .NET. I do simple data verification to make sure user input fits the context/database. I also use a database that makes my database API throw an exception upon bad input, unlike other databases that silently replace bad data with null or zero.

It's really easy to use parameterized queries, so I simply do not have to deal with escaping strings before they go into the database. For example:

command.CommandText = "INSERT INTO sometable (field1, field2, field3)

Re:A lack of security-wise individuals.

[bitdamaged]

What you mean like those rookies at yahoo [com.com] and friendster arent' serious web developers?

Re:A lack of security-wise individuals.

[metallic]

I've been using PHP for a little over 6 years now and I have yet to see what you call an overall lack of quality. About the only complaint that I do have with PHP is some inconsistent naming with some of the functions, but this is something that you easily get used to after a while. I've used it mostly on small to medium size websites, but I've also used it on a couple of large projects. To this day, I have yet to see a security issue crop up in one of my projects in which it wasnt a problem that I created

Re:A lack of security-wise individuals.

[Mr. Slippery]

What happens is that a developer with such background evaluates PHP, and sees that it is completely lacking with respect to security.

In what way? Failing to check inputs before passing them on to a database or other module is an application, not a language, problem. You claim that there are "numerous security issues found in PHP" - please, describe them. I haven't found it to be any more insecure by nature than C, C++, Perl, etcetera...indeed I'd say it's easier to write reasonably secure code in PHP th

Re:More of a community attitude issue.

[bani]

As opposed to say, perl [securityfocus.com], right [eweek.com]?

While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.

Are the majority of perl users well versed in perl security? I doubt it.

What, you going to recommend people use C instead of PHP then? python [securityfocus.com]? Even java [securityfocus.com] has issues.

It's very fashionable, hip and trendy to bash PHP on /., while ignoring the fact most other languages really aren't any better.

Re:What about security?

[AKAImBatman]

But-but-but...

Uncyclopedia says that PHP is super-secure! [uncyclopedia.org] I read it online, it must be true!

* Tongue planted firmly in cheek

Re:What about security?

[JabberWokky]

I'd imagine that most bridges, dams and skyscrapers built by inexperienced or non-formally educated engineers would be pretty lousy.

The problem is that it's illegal to have a non certified engineer working on a project that can impact others. Those engineers are expensive because you're paying for their recognized skills and the years it took them to obtain them.

Meanwhile, 15 year olds are bidding on software projects and it's seen as a great opportunity. There are certainly some benefits to the industr

Developer's Union?

[mcrbids]

The term "Engineer" is, in most contexts, a priviledged term. Not just anybody can be labelled an "Engineer" until they've gone through some rigor.

Why not apply this idea to software? If there was a coalition or Union of workers, with a commonly agreed-upon set of requirements and certifications, with annual fees and a good reason to require a decent demonstration of competence? Something with real teeth, and ongoing certification requirements. Think, the Bar, only for software engineers instead of Attorney

Re:Developer's Union?

[lewp]

Because companies would have to spend a whole lot more money to get those people. They're not going to do that unless the consumer demands it. The consumer isn't going to demand it unless the certification/standard/seal of approval becomes well known. And that isn't going to happen unless someone spends a large amount of money creating and marketing it.

Basically, the industry would have to foot the bill for something that would end up costing them a lot of money in the long run with nothing to gain except s

Re:Developer's Union?

[IAmTheDave]

Because companies would have to spend a whole lot more money to get those people.

As far as I'm aware, developers are pretty well paid in the overall job market, more than twice as much as teachers in many cases.

I did spend time getting degrees in CS and CE, and it would be nice to seperate myself from those who simply have MSP on their resume. But wait - that's right - I DO seperate myself, by putting my CS and CE degrees on my resume.

Rarely is software life threatening (yeah, I know, there are exa

Re:Developer's Union?

[mcrbids]

I did spend time getting degrees in CS and CE, and it would be nice to seperate myself from those who simply have MSP on their resume. But wait - that's right - I DO seperate myself, by putting my CS and CE degrees on my resume.

Really? The underlying POINT at this poing in the thread is that there's not enough differentiation. And, truthfully, I've seen an incredible amount of shoddy, negative-worth work done by highly credentialled, CS/CE developers!

Somebody with a CS/CE degree is going to do better at dev

Re:Developer's Union?

[IAmTheDave]

Combine the Better Business Bureau, the Bar, and the Association of Realtors, and you have pretty much captured my idea...

Unless sarcasm was your goal, barring the BBB, the Bar and the Association of Realtors is hardly a group that guarentees any sort of quality. There are some crappy lawyers out there (Harvey Birdman and Lionel Hutz come to mind, but I digress, because it makes it seem like I'm trying to be funny) and some really crappy/corrupt realtors out there.

Just because someone passed the bar d

Re:What about security?

[merreborn]

I've noticed you post a very similar PHP security troll on every PHP thread.

I have to ask -- do you also point out C++'s flaws, in the realm of buffer overflows? It is, after all, an inherently insecure language.

Which languages do you consider secure? Java?

Re:What about security?

[CyricZ]

You call it a "troll", I call it pointing out weaknesses with PHP's design and implementation. I'd rather those problems be acknowledged, rather than brushed under the carpet. After all, that's what true engineering is all about: knowing how your design is insufficient, and knowing how to properly deal with such issues.

It's widely acknowledged that C++ suffers from various security problems. Anyone who has any level of formal training or experience knows that. Not only that, they know how to avoid such prob

Re:What about security?

[fishybell]

Just because it's been said a million times before does not make the statement less valid. Nor is a discussion on potential security holes in C++ invalid either.

Re:What about security?

[kuzb]

The statement is invalid when nothing is provided to back it up. He runs around screaming that PHP is going to kill your dog, and then doesn't tell you why.

Re:What about security?

[metallic]

There's no such thing as a security hole in a language. If a security hole crops up in a piece of software, the blame falls squarely on the programmer. The only thing a programming language can try to do is include features that will encourage good programming practices.

Re:What about security?

[ooh456]

Thanks for calling this troll a troll. You should modded up to 7. He must be another ASP/PERL/JAVA programmer who is upset because of the mass exodus towards PHP. If anything about PHP needs a rant... it's not form security its Magic Quotes. Lose them, I say.

Re:What about security?

[bani]

I've noticed that too.

He keeps ranting about PHP like PHP is the sole exception from of the vast ocean of languages out there.

A more intelligent discussion would point out that security in general does not seem to be a priority, regardless of the language. (Maybe one could count java as the sole exception here, even though its record hasn't been stellar either.)

But this is way over cyricz's head. Like a freebsd zealot who bashes linux at every chance, he bashes PHP at every chance. In the end he comes off s

Re:What about security?

[TheTomcat]

There have been a couple recent PHP Security books [phparch.com].

Yes, I am affiliated with the publisher of the book I linked--but it's a good book! (-:

S

Re:What about security?

[FST777]

The answer is quite simple: let everyone use the docs at php.net and think for themselves. An experienced computer user (all other beings shouldn't program anyway, not even in a scripting language like PHP) will realize the security consequences involved.

This might sound elite, but this is how I did. I used a book to learn the basics of SQL and I'm now teaching myself to use other ways to get rid of the security and efficiency issues I keep programming in MySQL-routines because of that dreaded book. I learn

Really :o

[JonN]

Am I finally going to learn how to display "Hello World!"?

Re:Really :o yup

[RalphSleigh]

Maybe...

Hello World is easy in PHP.

[JohnBaleshiski]

Pfff, "Hello World!" is cake in PHP. They really couldn't make it easier:

<?php
$arrData = array(72,101,108,108,111,32,87,111,114,108,100,33) ;
 
for($i=0; $i<count($arrData); $i++) {
        $char = $arrData[$i];
        $char = fConvertChar($char);
        print $char;
}
 
function fConvertChar($char) {
 
        $char = 72 + 2 * $char / 4 * 2 - (8.32 * 8.65384);
        $char = chr($char);
        return $char;
}
 
?>

Re:Hello World is easy in PHP.

[alan.briolat]

Wow! Thats almost as easy as string manipulation in C!

Re:Really :o

[1110110001]

"Hello World" is already the code for displaying "Hello World" in PHP =)

b4n

Does it tell you how to upgrade PHP?

[Anonymous Coward]

Due to the constant vulnerability announcements and lack of RedHat legacy rpm support, we've been removing PHP from all our webservers.

Re:Does it tell you how to upgrade PHP?

[Bandman]

I wouldn't think that upgrading PHP (compiled from source, mind you) would be all that difficult.

As for RPMs....no idea. I don't use them.

Re:Does it tell you how to upgrade PHP?

[houseofzeus]

Apples to oranges. The redhat equivalent to apt-get is yum these days:

yum install $packagename

You can set redhat distros up to use apt however (though I see no reason to).

Re:Does it tell you how to upgrade PHP?

[malchus842]

Download and build apache and php from source. Remove the RPM versions. Install the newly built ones. Now you are no longer tied to the RPM that RedHat provides. I don't even bother installing RPM's for apache, php, perl, sendmail (and other packages) at this point.

This way, I get to control what version and what patches I run, on my schedule.

You can get the source for php from php.net and the source for apache from apache.org. It's really that easy. Or you can pay an apache/php geek to do the first

Re:Does it tell you how to upgrade PHP?

[houseofzeus]

That's kind of slack. However you might be interested to know that the PHP source packages contain a makerpm script. They are hells out of date however and needed quite a bit of tweaking to get going.

I have a set of PHP 4.4.1 RPMs for FC1 available here:

http://houseofzeus.com/notblog/?postid=322 [houseofzeus.com]

The SRPM is also there, so if you need another variant of PHP compiled then you can get to the SPEC file I modified and change it appropriately :)

Does it delve into SQL?

[CyricZ]

Many PHP books I've seen often include an SQL tutorial. Due to space constrains, it is often quite lacking and only focuses on using SQL, rather than designing efficient and well-planned databases. Such half-assed tutorials may often be very misleading to new PHP users.

I recall working with one web developer who learned PHP from such a book. We told him that we wanted to use PostgreSQL as the backend for our site, but he insisted on using MySQL, since that was the only system mentioned in the book he had bought. We no longer required his services after that show of incompetence.

Does this book try to cover topics such as SQL and database design, which should be covered in their own, separate book(s)? Does it specifically refer readers interested in such subjects to consult other sources of information?

Re:Does it delve into SQL?

[Versalis]

No, it does not take an indepth look at MySQL database design. It only explains how to interact with an existing MySQL instance.

I have to say, I disagree with the importance you place on this in a PHP book. If a person needs to know more about MySQL then they should get a book on MySQL. This book also has examples of connecting to an FTP server - should it also go into the proper way to setup an FTP server? And creating clean HTML code? Optimizing Apache? Sendmail? If it did that it would no longer

Re:Does it delve into SQL?

[CyricZ]

You misunderstand my stance. We seem to be in agreement.

Indeed, I wanted to know if this book covers SQL just because if it were a good book, it would not cover topics such as SQL and databases. Those topics are best covered by experts writing their own books on such subjects. This book should at least recommend that interested readers consult other material to learn more about such subjects.

It would be a major blemish on this book if it did cover such topics.

Re:Does it delve into SQL?

[Versalis]

Ah, I misunderstood. <jedi mind trick>Forget I said anything.</jedi mind trick>

No, it does not reference other books. It only tells you how to work with an existing table.

May I sugest a great PHP tutorial?

[PromptZero]

I learned PHP using Kevin Yanks tutorials and articles 4 years ago. His books and tutorials are very easy to understand and use. His tutorials and articles can be read on http://sitepoint.com/ [sitepoint.com]

Re:May I sugest a great PHP tutorial?

[CyricZ]

How recently have his articles been updated? Indeed, there have been some preliminary security developments within the past four years.

Nothing could be worse than a new PHP user learning PHP from outdated tutorials which fail to show the proper techniques necessary for building solid, secure and trusted web applications.

First non-italicized post

[MBraynard]

Maybe /. can do a review of 'CLOSED TAGS FOR DUMMIES' next.

Unclosed italics tag

[tradiuz]

Someone has an unclosed italics tag somewhere...

Look, I fixed it!

Re:Unclosed italics tag

[op12]

Actually, looking at the code it's an unclosed <cite> tag at the end of the review.

Re:Unclosed italics tag

[Shai-kun]

In Internet Explorer, you didn't fix it.
In Firefox, there's no problem to begin with. :-P

Catalyst

[Ktistec Machine]

I'd like to see more distributions include Catalyst [perl.org]. I think Mandrake is the only one that does, now. If MVC frameworks like Catalyst were more universally available (as PHP is now) they'd get a lot more use.

Re:Catalyst

[CyricZ]

Writing an article may help with that.

If you can present a good case why people should move away from PHP towards alternative systems, then it might lead to some other distributions including far superior systems. Indeed, the best way to get this sort of a change is to raise awareness, and a well-publicized article may just do the trick.

I would imagine that there is a big enough community of serious web developers who are fed up with the insecurity and lack of quality that PHP poses. They might be able to o

Dangit!

[Plaid Phantom]

Now I'm hungry again!

Re:seasoned php programmers

[kuzb]

Did you know some professional film makers still use Betamax because it has superior image quality to the VHS format? If you're trying to flame PHP, you picked a really bad way to do it.

Re:seasoned php programmers

[Inopia_Aardbei]

Every technology has its niche market. Betamax (and v2000 with it) died because it failed to produce tapes longer than 1 hour in the early days, making it unsuitable for movie rental purposes. My point was just that PHP was a great technology when it was just released (like betamax was), but has long since been replaced by both better implementations of the same idea, and completely new approaches. People who still use it usually do so either because of legacy, or because they haven't investigated the alte

Re:seasoned php programmers

[Insensitive_Claudio]

No, professional film makers use Betacam (and Betacam SP). The only things similar is the tape size. Betamax is a consumer level product that is technically very similar to VHS.

Re:seasoned php programmers

[StarkRG]

If you mean that it's superior in every aspect but didn't get enough hype and eventually phased out? Then no, it got plenty of hype...

Affiliate Program?

[Thrakkerzog]

Does B&N have an affiliate program? Looking at the purchase link, I see it passing an encoded userid.

I'm just wondering if someone is trying to make a buck off of this.

Re:Affiliate Program?

[VP]

Yes, Slashdot gets referral credit for all books reviewed. This is not a secret, and is probably in a FAQ somewhere. By using the link in the article, you are supporting Slashdot, but no one is making you use that link.

Re:Affiliate Program?

[Thrakkerzog]

Thanks for the info!

ebook

[smoker2]

This title is available as an ebook [apress.com].

There is allegedly at least a 50% discount for the ebook as against the printed version, although the price of $22.50 means there is a nad less than a 50% discount from the full $44.99.

I guess publishers don't have to know maths, or they are just tight. That whole half cent makes their statement a lie..

Maybe they meant up to 50% discount.

Let the web language wars begin!!!

[Sir_Cockalot]

I've never seen so many people bag on a web scripting language. Perhaps there should be a whole discussion board dedicated to your web language of choice whether is Pearl, JSP/JAVA, PHP. ASP, .NET or ColdFusion.

I've heard great things and bad things about all of them. Pearl is hard to learn, but is super fast and secure. Java is super slow and hard to learn, but very secure. PHP is easy to learn moderately fast, but insecure. ASP is fast, but is being replaced by .NET. .Net is fast and easy, but you're stuc

Re:Let the web language wars begin!!!

[tetranz]

.Net is fast and easy, but you're stuck with Microsoft and it can be very browser specfic.

That last bit maybe true in ASP.NET 1.1 but Microsoft have made a big, and I think quite successful, effort to make ASP.NET 2 standards compliant.

Re:Let the web language wars begin!!!

[Sir_Cockalot]

Possibly, but I'm so tired of going to sites that can only use IE or MS platform.. I don't run windows, so I'm left in the cold all too often.

Re:Let the web language wars begin!!!

[nxtw]

No, it is not "possibly". ASP.NET 2.0 is much better at cross-browser compatibility than 1.1. I have yet to encounter an ASP.NET 2.0 control that does not have equivalent functionality in Firefox and Internet Explorer. ASP.NET 2.0 also outputs valid XHTML.
(Most of the issues in ASP.NET 1.1 were due to JavaScript code for validation and such that worked only in Internet Explorer. Even then, ASP.NET controls in other browsers would still work -- but without the added JavaScript functionality, basically meani

Re:Let the web language wars begin!!!

[Sir_Cockalot]

I always find ColdFusion sites to be buggy and slow, but that could just be the developer..

Flame on

[PyroX_Pro]

So what language would you PHP~Flamers suggest? RoR? Perl? JSP? .NET? As many others have stated, blame the newbie coders not the environment. Every year people die trying to blow-dry their hair in the shower, it's not the water company, electric company or hair dryer company's fault. Sure it lets you get into a mess rather quickly, but so does Linux in general. So does almost every other web language. Don't tell me you can't shoot yourself in the foot with Perl or ASP, if you think that you're a fool.

Re:Flame on

[nxtw]

While bad code is not exclusive to any environment, it is more prevalent on some compared to others.
From what I've seen of writings about ASP.NET, they tend to:

• encourage the use of parameterized queries, which eliminate the need for the escaping of strings for SQL input. ADO.NET makes this pretty easy to do.
• encourage the use of validators, which are, once again, easy to use in ASP.NET

So, in this case, good practices are widely promoted, where in other cases, they aren't. Measures like magic_quotes_gp

Apress in general

[misfit815]

At the risk of getting off-topic, I've found Apress to be a reliable publisher, in terms of the quality of books they put out. The topics have been interesting, the knowledge useful, and the text easy to read. It's the only publisher whose books I'd buy just on name recognition.

Re:Does the book also cover the fact

[Anonymous Coward]

This is not flamebait. It is poorly designed, hackish and is continually mutating I would like to see someone argue that it's not all or any of these points. PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.

Re:Does the book also cover the fact

[CyricZ]

PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.

Indeed. A truer statement has rarely been stated.

From an engineering standpoint, PHP is abysmal. Many people will suggest otherwise, but they are often those who lack a formal education and background in designing secure, scalable, high-reliability software systems.

The Hardened-PHP [hardened-php.net] project is a perfect examp

Re:Does the book also cover the fact

[aint]

A version of the Hardened PHP patch will [most likely] exist in PHP (by default) as of PHP 6.0.0.

Re:Does the book also cover the fact

[CyricZ]

The fact that it will take them up until version 6.0 to include such essential and basic security functionality shows their lack of quality. For serious applications, that is just plain unacceptable.

Re:Does the book also cover the fact

[kuzb]

Perhaps you could outline some of these flaws in detail? You seem to think you know what you're talking about, but I have some serious doubts.

You sorta of come off as a disgruntled Perl programmer who had his job displaced by another language.

Re:Does the book also cover the fact

[ninjaonvacation]

Oh stop it, version 6 is still something! Those poor PHP developers, they sure have a lot of past mistakes to undo / fix, (register global on? more than one way to enable magic quotes? ughh), I agree that version 4 must die now!!

Rewriting a web app in Perl, Python or Ruby is still so much more work than cleaning up PHP4 code to work in PHP5. Whatever haters say about it, PHP won't be dying anytime soon.

Re:Does the book also cover the fact

[Mr. Slippery]

Many people will suggest otherwise, but they are often those who lack a formal education and background in designing secure, scalable, high-reliability software systems.

I have an M.S. in Computer Science, spent my first three years as a professional developer working on the development of a secure (TCSEC B3 targeted) operating system, then another year and a half on a firewall project based on a secure OS. I've also worked in the telecom and space sciences fields for well-known companies such as Hughes,

Re:beasters

[Anonymous Coward]

OMG why cant evryone juSt use teh Rubby on Raylls lol its teh fastest and generall bestest web-framewrok avaleabal. u can even use teh AJXA with it!!!!!1!

An anti-PHP/anti-ASP coalition.

[CyricZ]

An anti-PHP/anti-ASP coalition would be even better than separate anti-PHP and anti-ASP coalitions.

Either way, the fact remains that insecure, faulty systems are used far too often for web development. The best thing that can be done at this point is to raise awareness as to the flaws and problems associated with such systems. That may be the most effective way to eradicate their use, thus providing a far more secure Internet.

Re:An anti-PHP coalition?

[kuzb]

That has to be the worst argument I've ever seen. PHP doesn't pose many security problems, and those that it did does pose get fixed rapidly. The 'security risks' you see are due to 1) improper system administration and 2) badly written user code - neither of which can be blamed on PHP.

Your argument is goes something like this: "Because someone stabbed somoene else with a fork, we should rally together and make sure forks are banned from all households". You may as well form an anti-C coalition while you

Re:An anti-PHP coalition?

[CyricZ]

You obviously do not understand my argument. There's no need to bring fork terrorism and other analogies into the discussion.

What it comes down to is that PHP is not well designed, and is not well engineered. This is shown by the numerous security issues involving PHP (even on systems that have been designed, set up and maintained regularly by experienced professionals). Don't take my word for it! Go do some research for yourself.

As for your attack on GCC, well, that just shows how clueless you are about su

Re:An anti-PHP coalition?

[kuzb]

You obviously do not understand my argument. There's no need to bring fork terrorism and other analogies into the discussion.

I do, your argument is stupid. It provides no supporting facts or details, just your rabid screaming about PHP, and how it's going to rape my dog, and kill my hamster.

What it comes down to is that PHP is not well designed, and is not well engineered. This is shown by the numerous security issues involving PHP (even on systems that have been designed, set up and maintained regul

Re:An anti-PHP coalition?

[CyricZ]

If you were truly capable of understanding my stance, then you would not be calling it "stupid". Only a complete cock fool would fail to understand that it is 100% correct.

Now, I don't know why you want to rape your dog and kill your hampster, but it's none of my business. Please keep that kind of nonsense to yourself.

The fact remains that PHP has a terrible record. It's been shown time and time again to be insecure. That's a fact that you cannot dispute.