×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PHP 5 Recipes

samzenpus posted more than 8 years ago | from the properly-cooked dept.

Programming 121

jsuda writes " With all the books being published recently about PHP a new one will need to find and fill a niche to distinguish itself. PHP 5 Recipes: A Problem-Solution Approach, published by Apress, has done so, in my view. This is an intermediate-level volume exploring PHP 5 using a recipe approach where the basics of PHP 5's functionality are expressed systematically but in a small-topic by small-topic manner. Cook-book style, each topic is relatively autonomous and can be individually selected, as necessary, for information or review, similarly to how many refer to the Joy of Cooking for help on a cooking project. It's a source for instant solutions to common PHP-related problems. There are over 200 such recipes presented." Read the rest of jsuda's review.

Each of these recipes refers to a small element or aspect of PHP 5 and the presentations contain a brief overview of the topic, an explanation of how the code elements work, and where the code is applicable in projects. Overall, the book covers the whole range of PHP 5 functionality where each major element of PHP 5 is addressed in a recipe explaining and illuminating relevant code elements. You can easily get information about a specific PHP 5 element by going directly to the section of the book where it appears. Even better, the code snippets are designed to allow one to copy and paste them into your own applications or development easily and then to configure them as necessary. All of the code snippets are freely available for downloading at the publisher's website at www.apress.com.

There are 16 chapters and an index covering a total of 646 pages. The chapters are organized similarly to other PHP primers, covering the basic elements of PHP - data types, operations, arrays, strings, variables, files and directories, dates and times, functions, and regular expressions. The coverage for much of these concepts is relatively mundane and unoriginal. The discussion of dynamic imaging, however, is an exception. The writing throughout, however, is solid and clear. The book emphasizes the most important elements of new PHP 5. The object-oriented programming elements especially are covered - classes, objects, protected class variables, exception handling, interfaces, and the new mysqli database extension. The authors' discussions focus on PHP 5.0.4, MySQL 4.1, and cover Linux and Windows environments.

The book is directed at PHP programmers looking to learn the elements introduced by PHP 5, and for those looking to find fast solutions to coding problems. It assumes a basic knowledge of PHP. Many of the recipes discuss object-oriented programming and these are some of the more advanced sections of the book. I can say that Chapter 2, which introduces the object-oriented concepts is one of the better explanations of the topic that I've read. The chapter covers constructors, destructors, methods and properties, class diagrams and examples of these concepts at work in code snippets. There are a number of interesting segments containing custom coding of classes as reusable templates from which to create objects.

The book is well-designed and written. The discussion is clear and logical. The code snippets are well-explained. The authors are experienced programmers and developers, and Good and Stephens have authored or co-authored a number of technical books.

A large handful of the recipes contain projects, usually appearing at the end of the overview and presentation of code snippets covering the basics of the topics. The projects usually deal with the creation of higher-end classes and objects as solutions to common coding problems. The idea here is to show PHP 5 functionality at work providing useful code sections to be dropped into your custom applications. Chapter Five concludes with a sophisticated class dealing with dates and times issues. Other chapters contain constructions of string, file, graphics, and regular expression classes.

The last five chapters deal with using the PHP code in web applications and services. This material covers cookies (including construction of a cookie class), using HTTP headers, sessions, and using query strings. Much of this material has been covered elsewhere in the many primers on PHP already published. There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class.

This is a useful book to have in a programmer's library."


You can purchase Php 5 Recipes: A Problem-Solution Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

121 comments

beasters (-1, Troll)

Dragoonkain (704719) | more than 8 years ago | (#14204041)

hedis

Re:beasters (2, Funny)

Anonymous Coward | more than 8 years ago | (#14204179)

OMG why cant evryone juSt use teh Rubby on Raylls lol its teh fastest and generall bestest web-framewrok avaleabal. u can even use teh AJXA with it!!!!!1!

My PHP5 Recipe (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14204042)

Give Up

GHB recipies (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14204043)

TLA meals for the whole family.

f1rst p0st (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14204050)

f1rst p0st

What about security? (3, Insightful)

CyricZ (887944) | more than 8 years ago | (#14204069)

Do the examples show how to write solid, secure code?

Indeed, inexperienced programmers writing insecure code has plagued PHP for years now. Far too many PHP books that I have flipped through show very poor style. They don't verify the inputted data, for instance, before making a SQL query.

So while a professional, or even somebody with some level of experience, would see such an obvious problem, a beginner may not. And then the result is often a compromised server, a destroyed database, or some other shenanigans. Often times a problem with a user's PHP script ends up making other, completely innocent and unrelated projects (such as Apache or Linux) look to be at fault. That's not good for the image of the community.

Re:What about security? (3, Insightful)

NotoriousGOD (936922) | more than 8 years ago | (#14204106)

Many PHP/MySQL texts don't cover the aspect of security, except for maybe a subtle reference to having HTTPS set up on your server. I have referenced many books in backend or database programming and there is very little on the subject. Maybe someone should publish a book regarding security itself. But it would still be true that this book would stand out among the existing ones, as covered by the post and my reasons above.

More of a community attitude issue. (-1, Troll)

CyricZ (887944) | more than 8 years ago | (#14204167)

It may also be that security doesn't play a prominent role in the PHP community. The emphasis is more on developing solutions quickly, that appear to give the desired results. But it is ignored that such systems are often vulnerable in numerous, very obvious ways. No system will ever be completely secure, but the attitude in the PHP community would appear to be one where security is considered to be of little consequence. The numerous security issues found in PHP and various applications built using PHP would appear to back up this fact.

Of course, anybody who has designed any serious web applications knows that security is paramount. The integrity of one's data is an utmost concern.

Now, writing secure code isn't always an easy task. But that's no reason for the majority of PHP users to remain ignorant of even the most basic techniques.

Re:More of a community attitude issue. (1)

NotoriousGOD (936922) | more than 8 years ago | (#14204217)

Well due to the numerous open-sourced products, the fact that Apache is free and it being a relatively (stress on this word) easy language, means that until it's replaced it will only become more popular. So good security practices need to be stressed and gone over in detail by someone. Otherwise how can people learn about it?

A lack of security-wise individuals. (-1, Troll)

CyricZ (887944) | more than 8 years ago | (#14204245)

That's the problem: there are very few in the PHP community who have the security knowledge and background to pass good advice and technique on to others.

What happens is that a developer with such background evaluates PHP, and sees that it is completely lacking with respect to security. Of course, such a developer does not use PHP for any serious project, and does not get involved with the PHP community. And this lack of involvement of trained or experienced individuals results in the ignorant trying to teach the ignorant. That leads to the massive and numerous security problems which plague PHP and much of the software developed with it.

Re:A lack of security-wise individuals. (0)

Anonymous Coward | more than 8 years ago | (#14204968)

Have a look at the PHP Security Consortium publications. PHP can be secure it's not got the same emphasis like lets say Java but thats one of the advnatges of PHP quick, fast and not restrictive.

Re:A lack of security-wise individuals. (2, Informative)

smagruder (207953) | more than 8 years ago | (#14205553)

Ridiculous anti-PHP bullshit. There are numerous articles on achieving security with PHP and other similar server-side scripting platforms.

What's really going on here is that due to PHP's clear popularity, not only with newbies, but with many serious programmers, is a backlash from programmers trying to defend their current bloated 'kings', such as Java or .NET.

I've had enough of reading this crap.

All programs are as good as their programmers, no matter what platform they are utilizing!!!!!!!!!!!!!!!!!!!

Re:A lack of security-wise individuals. (-1, Troll)

CyricZ (887944) | more than 8 years ago | (#14205616)

Any serious web developer (and no, a 15-year-old writing a site for his Counter Strike buddies is not a serious user) would choose not to use PHP because of its many security flaws and it's overall lack of quality.

Do a lot of people use it? Of course. Are those people partaking in serious work? Very few are, and those who do often run into security problems.

This has nothing to do with .NET or Java. I wouldn't necessarily suggest the use of those, either. They have shown, however, that they are far more suitable for serious web development than PHP is.

Call the fact that PHP has numerous serious problems "crap" if you want. Frankly, I'll stick to acknowledging them for the problems they are, because considering such information is what leads to better designs.

Re:A lack of security-wise individuals. (0)

Anonymous Coward | more than 8 years ago | (#14206683)

Then why do the mysql_* functions _still_ exist, despite being practically an invitation for SQL injection?

They're a perfect example of how PHP's advocates and designers have no idea about security, or proper software design principals.

Re:A lack of security-wise individuals. (3, Interesting)

Mr. Slippery (47854) | more than 8 years ago | (#14205707)

What happens is that a developer with such background evaluates PHP, and sees that it is completely lacking with respect to security.

In what way? Failing to check inputs before passing them on to a database or other module is an application, not a language, problem. You claim that there are "numerous security issues found in PHP" - please, describe them. I haven't found it to be any more insecure by nature than C, C++, Perl, etcetera...indeed I'd say it's easier to write reasonably secure code in PHP than in C or C++.

Re:A lack of security-wise individuals. (0)

Anonymous Coward | more than 8 years ago | (#14207073)

No no no no no there are lots of security conceous PHP developers, the problem is that security is complicated, much more than the functional aspect of the code often.

As the code works as a system and if any one piece breaks there is a whole, the entire source code must be evaluatable to determine if it is secure, but very few people are willing to have the source code freely available.

If the software was freely available peopel would point out flaws in it more than not, which would ultimitly lead to more peoepl knowing hwo to code securly.

Re:More of a community attitude issue. (4, Insightful)

bani (467531) | more than 8 years ago | (#14205462)

As opposed to say, perl [securityfocus.com], right [eweek.com]?

While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.

Are the majority of perl users well versed in perl security? I doubt it.

What, you going to recommend people use C instead of PHP then? python [securityfocus.com]? Even java [securityfocus.com] has issues.

It's very fashionable, hip and trendy to bash PHP on /., while ignoring the fact most other languages really aren't any better.

Re:More of a community attitude issue. (0)

Anonymous Coward | more than 8 years ago | (#14205840)

Why is everything in itbastardalics?

Re:What about security? (2, Insightful)

JabberWokky (19442) | more than 8 years ago | (#14204193)

I'd imagine that most bridges, dams and skyscrapers built by inexperienced or non-formally educated engineers would be pretty lousy.

The problem is that it's illegal to have a non certified engineer working on a project that can impact others. Those engineers are expensive because you're paying for their recognized skills and the years it took them to obtain them.

Meanwhile, 15 year olds are bidding on software projects and it's seen as a great opportunity. There are certainly some benefits to the industry being willing to hire self-trained and inexperienced programmers, but those inexperienced programmers are being handed even mission critical projects.

--
Evan

Developer's Union? (2, Interesting)

mcrbids (148650) | more than 8 years ago | (#14204621)

The term "Engineer" is, in most contexts, a priviledged term. Not just anybody can be labelled an "Engineer" until they've gone through some rigor.

Why not apply this idea to software? If there was a coalition or Union of workers, with a commonly agreed-upon set of requirements and certifications, with annual fees and a good reason to require a decent demonstration of competence? Something with real teeth, and ongoing certification requirements. Think, the Bar, only for software engineers instead of Attorneys. As with Real Estate, being a "Realtor" is a priviledged term.

If done right, it would be AWESOME to mention on a resume, and would likely become something like the Underwriter's Laboratories - a private entity, but one that's almost required by law simply because it's a reasonable assurance of safety.

There are a number of VENDOR certifications (EG: CCNE, RHCE, and the laughable MCSE, etc) but is there any platform-neutral, "This guy knows how to validate input and write qualifiable code" organization?

Re:Developer's Union? (2, Insightful)

lewp (95638) | more than 8 years ago | (#14204826)

Because companies would have to spend a whole lot more money to get those people. They're not going to do that unless the consumer demands it. The consumer isn't going to demand it unless the certification/standard/seal of approval becomes well known. And that isn't going to happen unless someone spends a large amount of money creating and marketing it.

Basically, the industry would have to foot the bill for something that would end up costing them a lot of money in the long run with nothing to gain except stable software. Of course, software companies nowadays make tons of cash off selling what amounts to bugfixes for their previous products, so there's more money down the tubes. I guess it could be done in a grassroots fashion, but you have to remember that what you're suggesting would essentially call most of the people working in the industry "unqualified". Doubt they're going to go for it.

In short, this isn't going to happen. Not anytime soon, at least. Definitely not until consumers learn to stop taking it up the keister and stop buying software that doesn't work just because they don't know any better.

Not that I'm jaded...

Re:Developer's Union? (2, Insightful)

IAmTheDave (746256) | more than 8 years ago | (#14205216)

Because companies would have to spend a whole lot more money to get those people.

As far as I'm aware, developers are pretty well paid in the overall job market, more than twice as much as teachers in many cases.

I did spend time getting degrees in CS and CE, and it would be nice to seperate myself from those who simply have MSP on their resume. But wait - that's right - I DO seperate myself, by putting my CS and CE degrees on my resume.

Rarely is software life threatening (yeah, I know, there are examples) but hospitals rarely bid out to teenagers to build their software. The reason so much engineering (bridges, homes) requires such certifications is because a collapsing bridge is a bit more of a problem then a buggy PHP website. So if company A wants to hire Joe Teenager to build their website, well, so be it.

I get hired because of my degrees and years of experience, and while I do write some web code, most of my time is spent on more valued tasks, like writing mission critical software that drives the businesses I'm in - and I get paid more than Joe Teenager gets paid to build the website, because of those abilities.

Rarely, if ever, have I heard some 20 year old non-college educated designer/developer called an engineer.

Re:Developer's Union? (1)

mcrbids (148650) | more than 8 years ago | (#14205273)

I did spend time getting degrees in CS and CE, and it would be nice to seperate myself from those who simply have MSP on their resume. But wait - that's right - I DO seperate myself, by putting my CS and CE degrees on my resume.

Really? The underlying POINT at this poing in the thread is that there's not enough differentiation. And, truthfully, I've seen an incredible amount of shoddy, negative-worth work done by highly credentialled, CS/CE developers!

Somebody with a CS/CE degree is going to do better at developing software than the average joe, I'll grant that easily. And, I'd grant that it's probably more likely that somebody with the CS/CE is going to do a better job than somebody that's self taught. But, there's certainly no assurance that it will be any better at all.

Combine the Better Business Bureau, the Bar, and the Association of Realtors, and you have pretty much captured my idea...

Re:Developer's Union? (1)

IAmTheDave (746256) | more than 8 years ago | (#14205503)

Combine the Better Business Bureau, the Bar, and the Association of Realtors, and you have pretty much captured my idea...

Unless sarcasm was your goal, barring the BBB, the Bar and the Association of Realtors is hardly a group that guarentees any sort of quality. There are some crappy lawyers out there (Harvey Birdman and Lionel Hutz come to mind, but I digress, because it makes it seem like I'm trying to be funny) and some really crappy/corrupt realtors out there.

Just because someone passed the bar doesn't make them a good lawyer. For instance, Delaware is one of the hardest bar exams to pass in the country, with its next door neighbor, NJ, being one of the easiest. I know some people that can't pass Delaware and slept through the NJ bar exam. (Although, in this "tri-state area", not passing all three - including Pennsylvania, makes it harder to get a job...)

And so my point is, these shoddy developers with CS/CE degrees are pretty equal to the shoddy lawyers who passed a bar - I don't know what school they went to, but the one I attended did not make passing easy. Any implication that getting a CS degree should be easier comes from someone that did not attend the same college I did.

Re:What about security? (1, Interesting)

merreborn (853723) | more than 8 years ago | (#14204418)

I've noticed you post a very similar PHP security troll on every PHP thread.

I have to ask -- do you also point out C++'s flaws, in the realm of buffer overflows? It is, after all, an inherently insecure language.

Which languages do you consider secure? Java?

Re:What about security? (0, Troll)

CyricZ (887944) | more than 8 years ago | (#14204475)

You call it a "troll", I call it pointing out weaknesses with PHP's design and implementation. I'd rather those problems be acknowledged, rather than brushed under the carpet. After all, that's what true engineering is all about: knowing how your design is insufficient, and knowing how to properly deal with such issues.

It's widely acknowledged that C++ suffers from various security problems. Anyone who has any level of formal training or experience knows that. Not only that, they know how to avoid such problems. The use of a garbage collector, the STL string class, and so forth can go a long way towards avoiding security issues.

Of course, if you want to write truly solid code it's best to use languages like Haskell or Standard ML, amongst others. Then you can formally verify your implementation, in addition to avoiding the problems that many other languages suffer from.

Re:What about security? (1)

fishybell (516991) | more than 8 years ago | (#14204625)

Just because it's been said a million times before does not make the statement less valid. Nor is a discussion on potential security holes in C++ invalid either.

Re:What about security? (1)

kuzb (724081) | more than 8 years ago | (#14205074)

The statement is invalid when nothing is provided to back it up. He runs around screaming that PHP is going to kill your dog, and then doesn't tell you why.

Re:What about security? (0)

Anonymous Coward | more than 8 years ago | (#14206286)

If it's said a million times, chances are I'll punch you in the fucking throat for being obnoxious: valid statements or not.

Re:What about security? (1)

metallic (469828) | more than 8 years ago | (#14206988)

There's no such thing as a security hole in a language. If a security hole crops up in a piece of software, the blame falls squarely on the programmer. The only thing a programming language can try to do is include features that will encourage good programming practices.

Re:What about security? (1)

ooh456 (122890) | more than 8 years ago | (#14206123)

Thanks for calling this troll a troll. You should modded up to 7. He must be another ASP/PERL/JAVA programmer who is upset because of the mass exodus towards PHP. If anything about PHP needs a rant... it's not form security its Magic Quotes. Lose them, I say.

Re:What about security? (0)

Anonymous Coward | more than 8 years ago | (#14204727)

There are a few books on PHP security, one of which has a nice web site and code repository:

Essential PHP Security [phpsecurity.org]

Re:What about security? (1)

FST777 (913657) | more than 8 years ago | (#14206594)

The answer is quite simple: let everyone use the docs at php.net and think for themselves. An experienced computer user (all other beings shouldn't program anyway, not even in a scripting language like PHP) will realize the security consequences involved.

This might sound elite, but this is how I did. I used a book to learn the basics of SQL and I'm now teaching myself to use other ways to get rid of the security and efficiency issues I keep programming in MySQL-routines because of that dreaded book. I learned PHP using just the docs on php.net and I'm quite confident that I'm both efficient and secure in all my PHP-routines.

(all my boss ever wanted is that I would comment my scripts to 'easily replace' me 'when necessary'. I still don't quite get it ;-) )

Really :o (2, Funny)

JonN (895435) | more than 8 years ago | (#14204073)

Am I finally going to learn how to display "Hello World!"?

Hello World is easy in PHP. (5, Funny)

JohnBaleshiski (785383) | more than 8 years ago | (#14205972)

Pfff, "Hello World!" is cake in PHP. They really couldn't make it easier:
<?php
$arrData = array(72,101,108,108,111,32,87,111,114,108,100,33) ;
 
for($i=0; $i<count($arrData); $i++) {
        $char = $arrData[$i];
        $char = fConvertChar($char);
        print $char;
}
 
function fConvertChar($char) {
 
        $char = 72 + 2 * $char / 4 * 2 - (8.32 * 8.65384);
        $char = chr($char);
        return $char;
}
 
?>

Does it tell you how to upgrade PHP? (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14204077)

Due to the constant vulnerability announcements and lack of RedHat legacy rpm support, we've been removing PHP from all our webservers.

Re:Does it tell you how to upgrade PHP? (1)

Bandman (86149) | more than 8 years ago | (#14204096)

I wouldn't think that upgrading PHP (compiled from source, mind you) would be all that difficult.

As for RPMs....no idea. I don't use them.

Re:Does it tell you how to upgrade PHP? (0)

Anonymous Coward | more than 8 years ago | (#14204115)

Thanks for bringing nothing to the table! Hope you can continue doing so in the forseeable future!

Re:Does it tell you how to upgrade PHP? (1)

Fyre2012 (762907) | more than 8 years ago | (#14206439)

he certainly brought something to the table

in case you missed it, he pointed out that there are other package managers to use.
i prefer apt-get personally. Emerge is ok, but the same commands with rpm just comes off ugly and unnatural

apt-get install $packagename
rpm -Uvh ./path/to/package/$packagename.rpm


imho, apt-get is like butter, where rpm feels more like a hammer

Re:Does it tell you how to upgrade PHP? (0, Flamebait)

CyricZ (887944) | more than 8 years ago | (#14204129)

Perhaps the constant vulnerability issues with PHP, and also with the many applications built upon it, should tell you that it's not a suitable option for serious work.

For smaller sites, there are Ruby and Python-based solutions that often work far better, and are far more secure.

And the options for larger scale development are quite well know, as well.

Legacy products (0)

Anonymous Coward | more than 8 years ago | (#14204417)

It's hard to move them off PHP. The majority don't even use it, it only exists because it was included in the standard build (not my decision).

Re:Does it tell you how to upgrade PHP? (0)

Anonymous Coward | more than 8 years ago | (#14204597)

Re:Does it tell you how to upgrade PHP? (1)

malchus842 (741252) | more than 8 years ago | (#14205246)

Download and build apache and php from source. Remove the RPM versions. Install the newly built ones. Now you are no longer tied to the RPM that RedHat provides. I don't even bother installing RPM's for apache, php, perl, sendmail (and other packages) at this point.

This way, I get to control what version and what patches I run, on my schedule.

You can get the source for php from php.net and the source for apache from apache.org. It's really that easy. Or you can pay an apache/php geek to do the first one for you, then take over yourself.

Re:Does it tell you how to upgrade PHP? (1)

houseofzeus (836938) | more than 8 years ago | (#14206279)

That's kind of slack. However you might be interested to know that the PHP source packages contain a makerpm script. They are hells out of date however and needed quite a bit of tweaking to get going.

I have a set of PHP 4.4.1 RPMs for FC1 available here:

http://houseofzeus.com/notblog/?postid=322 [houseofzeus.com]

The SRPM is also there, so if you need another variant of PHP compiled then you can get to the SPEC file I modified and change it appropriately :)

Does the book also cover the fact (-1, Flamebait)

Megaweapon (25185) | more than 8 years ago | (#14204083)

that PHP sucks donkey anuses? That poorly designed, hackish, continually mutating language needs to die. Give it up. You lost the language war.

Re:Does the book also cover the fact (1, Informative)

Anonymous Coward | more than 8 years ago | (#14204143)

This is not flamebait. It is poorly designed, hackish and is continually mutating I would like to see someone argue that it's not all or any of these points. PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.

Re:Does the book also cover the fact (2, Interesting)

CyricZ (887944) | more than 8 years ago | (#14204215)

PHP is popular because it's easy to jump into and fairly easy to learn, not because it's an efficient stable development platform. PHP also has a history of security problems almost as long as Microsoft.

Indeed. A truer statement has rarely been stated.

From an engineering standpoint, PHP is abysmal. Many people will suggest otherwise, but they are often those who lack a formal education and background in designing secure, scalable, high-reliability software systems.

The Hardened-PHP [hardened-php.net] project is a perfect example of what is wrong with PHP. It's not that the Hardened-PHP project itself is bad (it's a very good thing!). The problem is that the core PHP developers have not taken such basic security concerns into consideration. The fact that they have to rely on a third party to provide such integral and necessary functionality is a very bad sign.

Re:Does the book also cover the fact (1)

aint (183045) | more than 8 years ago | (#14204566)

A version of the Hardened PHP patch will [most likely] exist in PHP (by default) as of PHP 6.0.0.

Re:Does the book also cover the fact (0, Redundant)

CyricZ (887944) | more than 8 years ago | (#14204617)

The fact that it will take them up until version 6.0 to include such essential and basic security functionality shows their lack of quality. For serious applications, that is just plain unacceptable.

Re:Does the book also cover the fact (0)

Anonymous Coward | more than 8 years ago | (#14204705)

Why do you have such a hard-on for php? Did it kick your dog?

Re:Does the book also cover the fact (0)

Anonymous Coward | more than 8 years ago | (#14205533)

Why do you have such a hard-on for dogs?

Re:Does the book also cover the fact (1)

kuzb (724081) | more than 8 years ago | (#14205043)

Perhaps you could outline some of these flaws in detail? You seem to think you know what you're talking about, but I have some serious doubts.

You sorta of come off as a disgruntled Perl programmer who had his job displaced by another language.

Re:Does the book also cover the fact (1)

ninjaonvacation (936875) | more than 8 years ago | (#14206335)

Oh stop it, version 6 is still something! Those poor PHP developers, they sure have a lot of past mistakes to undo / fix, (register global on? more than one way to enable magic quotes? ughh), I agree that version 4 must die now!!

Rewriting a web app in Perl, Python or Ruby is still so much more work than cleaning up PHP4 code to work in PHP5. Whatever haters say about it, PHP won't be dying anytime soon.

Re:Does the book also cover the fact (1)

Mr. Slippery (47854) | more than 8 years ago | (#14207128)

Many people will suggest otherwise, but they are often those who lack a formal education and background in designing secure, scalable, high-reliability software systems.

I have an M.S. in Computer Science, spent my first three years as a professional developer working on the development of a secure (TCSEC B3 targeted) operating system, then another year and a half on a firewall project based on a secure OS. I've also worked in the telecom and space sciences fields for well-known companies such as Hughes, IBM, and TRW, designing and developing secure and reliable software. These days I work for a small company, still doing my best to design and develop secure and reliable software - now in PHP.

I don't claim to be a security expert - I've met some [ranum.com] of [avolio.com] the [std.com] experts [icann.org] and they're far beyond where I'll ever be [infamous.net] on the topic. But I certainly don't fit your description of uneducated or inexperienced. And I find your claims wrt PHP bogus.

Taking a quick look at the http://www.hardened-php.net/advisories.15.html [slashdot.org]"> advisories for the "Hardened PHP" project you mention, I see 1) issues with applications written in PHP - not the language's fault; 2) people doing stupid things with the language (for example, leaving phpinfo() called in deployed scripts [hardened-php.net]), which is not a language issue; or 3) addressing implementation bugs, which is no different than those found in other languages - except that with PHP we call something a "PHP bug" that in, for instance, C, would be a "libc bug".

If you've got specific claims, please, put them out. But all I see in this thread so far is vague allegations. Or maybe trolling.

Does it delve into SQL? (2, Insightful)

CyricZ (887944) | more than 8 years ago | (#14204113)

Many PHP books I've seen often include an SQL tutorial. Due to space constrains, it is often quite lacking and only focuses on using SQL, rather than designing efficient and well-planned databases. Such half-assed tutorials may often be very misleading to new PHP users.

I recall working with one web developer who learned PHP from such a book. We told him that we wanted to use PostgreSQL as the backend for our site, but he insisted on using MySQL, since that was the only system mentioned in the book he had bought. We no longer required his services after that show of incompetence.

Does this book try to cover topics such as SQL and database design, which should be covered in their own, separate book(s)? Does it specifically refer readers interested in such subjects to consult other sources of information?

Re:Does it delve into SQL? (1)

Versalis (29051) | more than 8 years ago | (#14204350)

No, it does not take an indepth look at MySQL database design. It only explains how to interact with an existing MySQL instance.

I have to say, I disagree with the importance you place on this in a PHP book. If a person needs to know more about MySQL then they should get a book on MySQL. This book also has examples of connecting to an FTP server - should it also go into the proper way to setup an FTP server? And creating clean HTML code? Optimizing Apache? Sendmail? If it did that it would no longer be a 600+ page book on PHP but rather a 10,000+ page library on the entire world of computing.

Re:Does it delve into SQL? (1)

CyricZ (887944) | more than 8 years ago | (#14204377)

You misunderstand my stance. We seem to be in agreement.

Indeed, I wanted to know if this book covers SQL just because if it were a good book, it would not cover topics such as SQL and databases. Those topics are best covered by experts writing their own books on such subjects. This book should at least recommend that interested readers consult other material to learn more about such subjects.

It would be a major blemish on this book if it did cover such topics.

Re:Does it delve into SQL? (1)

Versalis (29051) | more than 8 years ago | (#14204459)

Ah, I misunderstood. <jedi mind trick>Forget I said anything.</jedi mind trick>

No, it does not reference other books. It only tells you how to work with an existing table.

Re:Does it delve into SQL? (0)

Anonymous Coward | more than 8 years ago | (#14204635)

Since SQL is a different language altogether, as well the fact that database structure and implimentation is pretty involved, I doub't that they will get much into more than simple insert and select statements.

Maybe you should look into getting something more specific to SQL instead of trying to kill 50 birds with a small twig.

Doubt if the book even goes over PHP completely, so what you are looking for will likely have to be goten in another book.

PHP... (0)

Anonymous Coward | more than 8 years ago | (#14204122)

Too bad PHP is so popular, pulling work away from languages that are well-designed. Argh. Too bad it costs more to get Python or Ruby hosting, and one cannot even hardly find Scheme hosts.

i need a good recipe (0, Troll)

elvezZzZ (935966) | more than 8 years ago | (#14204125)

i tried looking on google. i need a good recipe about how to cook crack. i figure if i cook crack and sell it locally for about a few years i can make money. i'll save it up. no bling-bling for me. no car on rims. no prada jeans. no louie vutton flip flops either. while i sell/cook crack, i can seriously work on my rap game. i need to learn how to spit hot fire. after the spit game is going, i'll go into hollywood and get all the drug dealer parts in movies because i used to be one.


oh wait did 50 cent already do this?

PHP == PRETTY HORRIBLE PROGRAMMERS (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14204128)

Seriously slashdot, how you have fallen.

May I sugest a great PHP tutorial? (2, Informative)

PromptZero (936799) | more than 8 years ago | (#14204175)

I learned PHP using Kevin Yanks tutorials and articles 4 years ago. His books and tutorials are very easy to understand and use. His tutorials and articles can be read on http://sitepoint.com/ [sitepoint.com]

Re:May I sugest a great PHP tutorial? (2, Insightful)

CyricZ (887944) | more than 8 years ago | (#14204285)

How recently have his articles been updated? Indeed, there have been some preliminary security developments within the past four years.

Nothing could be worse than a new PHP user learning PHP from outdated tutorials which fail to show the proper techniques necessary for building solid, secure and trusted web applications.

An anti-PHP coalition? (-1, Flamebait)

CyricZ (887944) | more than 8 years ago | (#14204194)

Does anyone know if an anti-PHP coalition has been formed? What I envision is an organization of web developers who take time to point out the numerous flaws of PHP, and software written using PHP. They could even lobby distributions to not include PHP, due to the many security problems is poses.

Such a group could also give more useful reviews of books such as this. They could rate them with regards to their focus on security and writing quality code, for instance. It would also be beneficial if the group performed audits of various applications built using PHP, and put out notices suggesting which ones to avoid.

Re:An anti-PHP coalition? (0)

Anonymous Coward | more than 8 years ago | (#14204310)

ASP called, it want its Holy War back...

An anti-PHP/anti-ASP coalition. (1, Insightful)

CyricZ (887944) | more than 8 years ago | (#14204328)

An anti-PHP/anti-ASP coalition would be even better than separate anti-PHP and anti-ASP coalitions.

Either way, the fact remains that insecure, faulty systems are used far too often for web development. The best thing that can be done at this point is to raise awareness as to the flaws and problems associated with such systems. That may be the most effective way to eradicate their use, thus providing a far more secure Internet.

Re:An anti-PHP/anti-ASP coalition. (1)

BearCave (933225) | more than 8 years ago | (#14204885)

It is all very well and good to tell everyone not to use someting and that if you were an expert you would know better.

Do you really want everyone to pay highly qualified experts to build basic websites?

People use what they can, why not recmend something better instead of blowing smoke?

Re:An anti-PHP coalition? (2, Insightful)

kuzb (724081) | more than 8 years ago | (#14204995)

That has to be the worst argument I've ever seen. PHP doesn't pose many security problems, and those that it did does pose get fixed rapidly. The 'security risks' you see are due to 1) improper system administration and 2) badly written user code - neither of which can be blamed on PHP.

Your argument is goes something like this: "Because someone stabbed somoene else with a fork, we should rally together and make sure forks are banned from all households". You may as well form an anti-C coalition while you're at it, because there are a lot of insecure C applications out there. Perhaps we can get GCC removed from distrobutions as well.

Re:An anti-PHP coalition? (0, Troll)

CyricZ (887944) | more than 8 years ago | (#14205660)

You obviously do not understand my argument. There's no need to bring fork terrorism and other analogies into the discussion.

What it comes down to is that PHP is not well designed, and is not well engineered. This is shown by the numerous security issues involving PHP (even on systems that have been designed, set up and maintained regularly by experienced professionals). Don't take my word for it! Go do some research for yourself.

As for your attack on GCC, well, that just shows how clueless you are about such matters. GCC is one of the best engineered pieces of software in the open source world. It has professionals working on it, and that is shown by the extremely high quality of it. And StackGuard shatters your argument about C being insecure.

It may hurt your ego to admit it, but PHP is not a very good product. It has far too many deficiencies, and as such is unsuitable for serious use.

Unclosed italics tag (1, Redundant)

tradiuz (926664) | more than 8 years ago | (#14204288)

Someone has an unclosed italics tag somewhere...

Look, I fixed it!

Re:Unclosed italics tag (1)

op12 (830015) | more than 8 years ago | (#14204331)

Actually, looking at the code it's an unclosed <cite> tag at the end of the review.

Catalyst (1)

Ktistec Machine (159201) | more than 8 years ago | (#14204290)

I'd like to see more distributions include Catalyst [perl.org]. I think Mandrake is the only one that does, now. If MVC frameworks like Catalyst were more universally available (as PHP is now) they'd get a lot more use.

Re:Catalyst (1)

CyricZ (887944) | more than 8 years ago | (#14204311)

Writing an article may help with that.

If you can present a good case why people should move away from PHP towards alternative systems, then it might lead to some other distributions including far superior systems. Indeed, the best way to get this sort of a change is to raise awareness, and a well-publicized article may just do the trick.

I would imagine that there is a big enough community of serious web developers who are fed up with the insecurity and lack of quality that PHP poses. They might be able to offer the clout necessary to get PHP removed from mainstream distributions, and better alternatives added in its place.

seasoned php programmers (0, Troll)

Inopia_Aardbei (879957) | more than 8 years ago | (#14204716)

PHP, isn't that like the betamax of scripting languages?

Re:seasoned php programmers (1)

kuzb (724081) | more than 8 years ago | (#14204931)

Did you know some professional film makers still use Betamax because it has superior image quality to the VHS format? If you're trying to flame PHP, you picked a really bad way to do it.

Re:seasoned php programmers (1)

Inopia_Aardbei (879957) | more than 8 years ago | (#14205076)

Every technology has its niche market. Betamax (and v2000 with it) died because it failed to produce tapes longer than 1 hour in the early days, making it unsuitable for movie rental purposes. My point was just that PHP was a great technology when it was just released (like betamax was), but has long since been replaced by both better implementations of the same idea, and completely new approaches. People who still use it usually do so either because of legacy, or because they haven't investigated the alternatives. ps: pepper this comment with imho and smilies until you consider it an opinion instead of flamebait

Re:seasoned php programmers (1)

StarkRG (888216) | more than 8 years ago | (#14206692)

If you mean that it's superior in every aspect but didn't get enough hype and eventually phased out? Then no, it got plenty of hype...

Does php work in old browsers? (0)

Anonymous Coward | more than 8 years ago | (#14204784)

Thanks!

Affiliate Program? (1)

Thrakkerzog (7580) | more than 8 years ago | (#14204792)

Does B&N have an affiliate program? Looking at the purchase link, I see it passing an encoded userid.

I'm just wondering if someone is trying to make a buck off of this.

Re:Affiliate Program? (2, Informative)

VP (32928) | more than 8 years ago | (#14204838)

Yes, Slashdot gets referral credit for all books reviewed. This is not a secret, and is probably in a FAQ somewhere. By using the link in the article, you are supporting Slashdot, but no one is making you use that link.

ebook (1)

smoker2 (750216) | more than 8 years ago | (#14204888)

This title is available as an ebook [apress.com].

There is allegedly at least a 50% discount for the ebook as against the printed version, although the price of $22.50 means there is a nad less than a 50% discount from the full $44.99.

I guess publishers don't have to know maths, or they are just tight. That whole half cent makes their statement a lie..

Maybe they meant up to 50% discount.

Let the web language wars begin!!! (1)

Sir_Cockalot (924092) | more than 8 years ago | (#14205256)

I've never seen so many people bag on a web scripting language. Perhaps there should be a whole discussion board dedicated to your web language of choice whether is Pearl, JSP/JAVA, PHP. ASP, .NET or ColdFusion.

I've heard great things and bad things about all of them. Pearl is hard to learn, but is super fast and secure. Java is super slow and hard to learn, but very secure. PHP is easy to learn moderately fast, but insecure. ASP is fast, but is being replaced by .NET. .Net is fast and easy, but you're stuck with Microsoft and it can be very browser specfic. ColdFusion is slow, but super easy.

Do you choose your language because that's what feeds you or do you choose it because you believe it's the best technology?

Re:Let the web language wars begin!!! (1)

tetranz (446973) | more than 8 years ago | (#14205624)

.Net is fast and easy, but you're stuck with Microsoft and it can be very browser specfic.

That last bit maybe true in ASP.NET 1.1 but Microsoft have made a big, and I think quite successful, effort to make ASP.NET 2 standards compliant.

Re:Let the web language wars begin!!! (1)

Sir_Cockalot (924092) | more than 8 years ago | (#14205712)

Possibly, but I'm so tired of going to sites that can only use IE or MS platform.. I don't run windows, so I'm left in the cold all too often.

Re:Let the web language wars begin!!! (1)

orionware (575549) | more than 8 years ago | (#14205702)

After 10 years of development here's my take on your list:

Perl - Pretty easy to learn and extremely well supported. It's not quick, but a swiss army knife every programmer should know how to use. Runs on nearly every platform.

JSP/JAVA - Ahhhkk. I remember learning how to use this when it was going to rule the world. 99% of all development does not need this very heavy platform Any platform. Good developer community. Haven't done anything serious with this (or j2EE) for years.

PHP - I learned Perl first and LOVE PHP's syntax and built in functions for PDF and database manipulations. Hate the exploits that pop up. MS/Windows .ASP - Crap. Always was. MS only .NET - Very smart move on MS to bring traditional programmers into the web fold. Pain in the ass to perform menial tasks and build out applications with multiple developers, even with Source Control. MS Only

Coldfusion - Easy to learn and code, built on top of Java and code compiles down to bytecode. Works seamlessly with existing Java objects and code. Now as quick as jsp/.net. Seamless integration with all major datbases and most smaller ones. Extremely rapid development time and stable. Runs on ANY platform that runs Java and code does not generally need modification to do so.

Re:Let the web language wars begin!!! (1)

Sir_Cockalot (924092) | more than 8 years ago | (#14205882)

I always find ColdFusion sites to be buggy and slow, but that could just be the developer..

Flame on (1)

PyroX_Pro (579695) | more than 8 years ago | (#14205455)

So what language would you PHP~Flamers suggest? RoR? Perl? JSP? .NET? As many others have stated, blame the newbie coders not the environment. Every year people die trying to blow-dry their hair in the shower, it's not the water company, electric company or hair dryer company's fault. Sure it lets you get into a mess rather quickly, but so does Linux in general. So does almost every other web language. Don't tell me you can't shoot yourself in the foot with Perl or ASP, if you think that you're a fool. They don't FORCE you to write secure queries or data validation classes either. Most of you just like to cry about whatever others are. I'd wager some flamers here use FrontPage for their 'web development' tasks.

Apress in general (2, Informative)

misfit815 (875442) | more than 8 years ago | (#14205549)

At the risk of getting off-topic, I've found Apress to be a reliable publisher, in terms of the quality of books they put out. The topics have been interesting, the knowledge useful, and the text easy to read. It's the only publisher whose books I'd buy just on name recognition.

This book is for beginners only! (1)

v3xt0r (799856) | more than 8 years ago | (#14205690)

"There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class."

If you actually learn something 'new' from this book, then you still have a long way to go!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...