PHP 5 in Practice

Michael J. Ross writes "Computer programming books come in all varieties, but there are at least four general categories: introductory texts, which typically have the lowest content per page; language references, which have become increasingly supplanted by online sources; "advanced" treatments, which are often a mishmash of errata-riddled articles; and "how-to" books, usually at the intermediate level, and sometimes presented as "cookbooks." It is that last category that has been growing in popularity, and for good reason. When an experienced software developer needs assistance, it is rarely for language syntax, but instead a desire to see how someone else solved a specific problem. For solutions using the PHP language, one source of information is PHP 5 in Practice." Read the rest of Michael's review.

PHP 5 in Practice
author	Elliott White III and Jonathan D. Eisenhamer
pages	456
publisher	Sams Publishing
rating	8
reviewer	Michael J. Ross
ISBN	0672328887
summary	One of the most meaty, immediately useful, and fluff-free PHP books available

The book was authored by Elliott White III and Jonathan D. Eisenhamer, and put out in July 2006 by Sams Publishing (an imprint of Pearson Education). Given today's standards of hefty technical books, this particular one is relatively light, weighing in at 456 pages, which are organized into an introduction, numerous chapters, and three appendices.

Its introduction is more interesting than that of most similar books, whose introductions usually consist of formatting conventions and explanations as to why the book was written — all such content providing little to no value to the impatient programmer facing a deadline, and invariably ignored (the content, that is, not the deadline).

White and Eisenhamer took a refreshingly different tack, and chose instead to explain their use of coding standards, comments and whitespace, braces and parentheses, PHP short tags, PHP mode, and other language considerations that are more useful than the typical rundown of somewhat childish icons used in other texts, such as light bulbs and red warning signs.

Switching to the other end of the book, we find three appendices. The first one briefly discusses issues one might face in migrating from PHP version 4 to 5. The second introduces the Standard PHP Library (SPL), and the objects related to its primary design pattern, the Iterator. The third appendix discusses what composes the bulk of output from my PHP programs: error messages. Seriously, this appendix is worth reading, if only for the suggestions as to what to look for when you encounter some of the most common PHP error messages.

The bulk of the book's material is divided into 20 chapters, which are themselves divided into two parts: PHP internals, and applications. The internals are: strings, numbers, time and date, variables, arrays, functions, classes and objects, and files and directories. Starting off with a discussion of strings, might seem odd to the neophyte programmer, but to the veteran who has had to learn several languages during their career, the choice makes a lot of sense. There must be countless developers out there who, being fluent in the C language and object-oriented concepts, jumped into writing their first C++ program, and had to hit the books for the first time when they wanted to do some non-array-based string handling.

The book's second part covers some of the most common applications in PHP programming: Web page creation (using XHTML and CSS), Web form handling, data validation and standardization, sessions and user tracking, Web services and other protocols, relational databases and other data storage methods, e-mail, XML, images, error reporting and debugging, and user authentication and encryption. That last chapter, in the next edition, should be relocated so that it precedes or follows the chapter on sessions and user tracking.

Many of the chapters begin with a "Quick Hits" section, which briefly summarizes how to perform many of the most common and essential tasks related to that chapter's topic. For instance, in the chapter covering the use of variables, this first section explains how to: check if a variable has no value or if it is empty (not synonymous in PHP), undefine a variable, cast it to a certain data type, and do the same thing for a value. There is one minor erratum that should be noted: On page 71, in the first "Quick Hit," it reads "a variable has bee. given a value." ("been"'s "n" ended too soon.)

Each section within the chapter briefly explains the problem domain, and then presents sample code to solve the given problem. The code itself is fairly well commented, and the variable names are adequately descriptive (unlike in some programming books, whose coding standards border on the criminal).

All in all, the book offers a lot of worthwhile solutions to a wide range of problems, and does so in a straightforward manner. It is for this reason that it is not evident as to why this particular PHP title has received so little notice. For instance, on Amazon.com, it has received only one reader review, as of this writing, and does not even make it into the top quarter million books ranked in sales by Amazon.com. It is a pity, because the book deserves much more attention.

Even though this book is to be recommended, and is packed with code and text that are well worth studying, it has one unmistakable weakness for which this writer can think of no adequate justification. The book contains almost no illustrations, even when they are clearly called for — in fact, especially in those cases. For instance, the section that shows how to generate a calendar, does not show a calendar! The code is present, but the sample output — which is what the poor reader would appreciate, to see the results of the code — is missing.

Granted, an absence of figures and screenshots might be understandable for the first part of the book, which covers the PHP language itself. But the second part, covering applications, has far too many unillustrated PHP scripts. These include sections focusing on drop-down menus, progress bars, and graphical charts Web forms. In the last chapter, there is a section with code that generates captchas, but the reader is not shown what they look like. The entire 18th chapter is devoted to images, but contains not a single one! I cannot imagine why the authors and/or publisher chose to leave out these essential graphics. Was it to save money? Whatever the reason, it was a significant mistake, and one that should be corrected in the next edition.

Readers who agree with this assessment, or who have other thoughts concerning this otherwise excellent book, can leave feedback via the book's Web page on the Web site for Sams Publishing. This page offers details on the book, a description and table of contents, links for requesting instructor or review copies, and a tool for searching the book's contents within the Safari online technical library. The book's introduction states that the Web site hosts all of the code listings, as well as a list of errata. Yet, I was unable to find either one. (Sadly, the Pearson Education sites are still some of the least usable in the technical book publishing world.) Much better results were obtained on Eli White's site.

Despite an inexcusable and almost complete lack of needed illustrations, PHP 5 in Practice is possibly one of the most meaty, immediately useful, and fluff-free PHP books available. No serious PHP programmer should be without it.

Michael J. Ross is a Web consultant, freelance writer, and the editor of PristinePlanet.com's free newsletter. He can be reached at www.ross.ws, hosted by SiteGround.

---

You can purchase PHP 5 in Practice from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Opposite way of thinking?

When an experienced software developer needs assistance, it is rarely for language syntax, but instead a desire to see how someone else solved a specific problem.

Is that really true? I find myself more the opposite where I know how to solve a problem theoretically but I need to know the exact syntax (and sometimes even the libraries/classes already available) to allow me to do what I want. Is this because I'm only a recent (2 yrs) CS grad? Isn't this the normal way to approach the problem due to the myriad languages used out there? It seems to me this might be true only if you're very familiar with a particular language and are trying to use that for everything which may or may not be possible.

Re:Opposite way of thinking?

Is that really true? I find myself more the opposite where I know how to solve a problem theoretically but I need to know the exact syntax (and sometimes even the libraries/classes already available) to allow me to do what I want. Is this because I'm only a recent (2 yrs) CS grad? Isn't this the normal way to approach the problem due to the myriad languages used out there? It seems to me this might be true only if you're very familiar with a particular language and are trying to use that for everything which may or may not be possible.

Congratulations, you have discovered the difference between "experienced software developers" and computer scientists. Computer scientists know what they need to do and how to do it, so long as they can express it in the language they're using. Experienced software developers often know incredible amounts of detail about programming languages, but not necessarily about advanced algorithms and data structures.

Re:Opposite way of thinking?

I take it you're a computer scientist. :)

As someone who knows fourteen programming languages, but also has a degree in CS with a minor in math, the reason for the that practice among software developers is not because they don't know how (although, admittedly, I've met a few who probably couldn't write low level stuff for themselves), but because there's a best practice way of doing a lot of stuff in any given environment.

In other words, you try to do things the same way that most people who use the language do it so that your code can be used by other people, and so that you can use other people's code to help you do it. Otherwise you have to reinvent the wheel a lot.

Programming languages are a math unto themselves. It's pattern recognition, and "speaking" the languages is the crux of most of it. A CS program should teach you how to learn them quickly. The seasoned programmer, whether CS grad or experienced developer, should be the ability to think in different languages by understanding the differences in their patterns.

Buy my forthcoming PHP book instead

Chapter 1 will discuss building PHP CLI classes that download and install OpenJDK. Chapters 2-22 will teach you Java.

Where's the security section of the book?

I'm a bit disappointed to read in the book review that there wasn't a chapter dedicated to security. Considering that PHP will let you do things like do external includes from other web servers that can modify your PHP environment, etc...

What PHP needs is not more features, but better designed security model.

I think...

thissounds() like_a_really() interestingBook()

Teaching Bad Practices (Hopefully Not)

A few years back (circa 2002), I whipped up a rapid application prototype with PHP while working off from some on-line tutorials and using Beginning Php 4 from Wrox. I think the book and the tutorials were good a teaching the basic language features and syntax, but they taught me to use PHP dangerously because they did not teach good practices. My application worked but never got out of the prototype/demo stage back then for business reasons. Recently, I went back to it on my own time to try to clean it up, move it to PHP5, and make it deployable. I now cringe with horror at the extremely bad practices I was using back then. Granted, it was just a prototype, but I thought I was doing it "right" because I was following the examples in the book and the tutorials. I was doing stuff like accepting form data and passing it to the DB with out validation, outputting user submitted variables without checking for XSS, registering globals, etc, etc, etc. I was doing the kind of things that give me nightmares now.

So here is my point, all the tutorials, examples, and books that the neophytes are using to learn are _WRONG_. They are teaching _BAD_PRACTICES_. Because PHP is necessarily meant to be in a network environment (excluding the rarely used cli) and it WILL be exposed to potential maliciousness, secure practices should be taught markedly at the beginning, not as an aside. So as part of teaching how to pass form parameters they should include validation code, even if they have to comment that section as " /* trust us on this part for now, we'll show you how this part works latter, just remember you always have to validate the input before you use it */".

I think PHP is a great language for its purpose, which is simple web-apps. Lots of the criticism about its brain-dead defaults is correct, but they can be overcome with good practices by the application developer. PHP can be great, but it is typically taught wrong at the beginning and that just snowballs.

The editors and authors all the PHP books and tutorials out there need to make sure the new editions encapsulate good practice at the beginning of the learning process.

first disclaimer- I haven't read this particular book. I hope it is better than the other PHP books to which my comments apply.

Second, disclaimer- this is mostly a repost from my post [slashdot.org] at this discussion ( PHP Application Insecurity - PHP or Devs Fault? [slashdot.org])

Captchas

In the last chapter, there is a section with code that generates captchas, but the reader is not shown what they look like.

What the hell? How can you write about captchas without showing pictures?

Here is a good example. Note the varying font and background noise.
Here is a bad example. Note the uniform font and straight lettering.

How else do you get this point across properly?

my recent delvings

I recently finished up Gone With The Wind. Would you consider this book:

A. Funnier than GWTW
B. Just as funny as GWTW
C. Not as funnier as GWTW

Your valued insight into this fine work would be greatly appreciated and it would help me make my next book purchase easier.

Thanks in advance.

Another big, fat book of examples. Yawn

Another one of those huge low-density books of examples. Do we really need another one.

What's really hard today is finding a good reference manual. The original manual for Algol was 17 pages. The original manual for Scheme was 21 pages. 456 pages for PHP is a bit much. A big plastic card that boiled the language down to two pages - now that would be useful.

Re:Another big, fat book of examples. Yawn

Try this: the cheat sheets on this site are generally quite good.
http://www.ilovejackdaniels.com/cheat-sheets/php-c heat-sheet/ [ilovejackdaniels.com]

Enjoy

As a longtime(past tense) PHP developer I can say:

PHP books are good for one thing - making some money for the author(s). That being out of the way, here comes the rant:

With languages like Ruby, Python, Perl, etc. around, why bother with PHP?

PHP has:

• no first-class functions (and no, create_function [php.net] does not count)
• no usable object-model [php.net] (check out response of developer below!)
• no namespaces [bitstorm.org]
• problems [php.net] with [php.net] recursion [php.net]
• general problems with consistency [tnx.nl]
• countless [php.net] other [php.net] horrible [php.net] mis-designed "features" (not even starting on the security problems)

It does however have a good documentation. Without it though, programming PHP would be impossible. Try coding PHP without the documentation at hand.

"Was it function_name($foo, $bar) or functionname($bar, $foo)? Or rather prefix_function_name($foo,$bar,$baz) where $baz is always empty?"

I could go on and on. These are just the facts. What I ignored are the countless hours I wasted trying to debug some perfectly good looking piece of code only to find out in the end that PHP is the problem. On that occasions PHP ate away a part of my soul. (pretty poignant, eh?)

And yes, in case you wonder, I did very large PHP stuff. Megabytes of code in CVS. Luckily no more. (Could be written in kilobytes of Ruby anyway.)

Short answer

> PHP 5 In Practice

Way shorter book summary:

Don't.

You'll get no disagreement here

I've gotta agree with some of the presuppositions and points in this review. PHP - in the right hands - is a powerful language. It's great that you can whip things up quickly. But too many of the books go through the fairly simple bits in mind-numbing detail (like, I know what an array is). Thanks to Eclipse and oXygen, most of the time that I'm at a screen, my editor can load the documentation in to a panel while I'm typing it (along with remembering class names, variable names and so on). If I'm coding PHP (or a lot of other languages, for that matter), Eclipse has the language reference. And oXygen gives me the documentation from XSD/RNG/DTD schemas for XML/XHTML etc. Language references aren't useful in dead tree format.

But something that dead tree can be useful for is conveying development experience. Of course, this can be transmitted in other means. Books that give me best practice guidelines are often far more useful than language guides. For instance, in PHP, there is a function called file_get_contents(). It does what it says. You give it a URL or file and it reads it in to a string. But what the language reference *doesn't* tell you is that for getting things off the 'net libcurl is a better way of doing it - it's quicker, more powerful and has a lot of extremely useful options - in short, something which, if one is intent on building a serious web application in PHP, one should probably use. This is one of the reasons why I think language references would be better if managed on a wiki - or, as PHP does it, with comments attached. That way, people can post code samples, bug reports, workarounds, common errors and so on. This is useful.

A measure of a successful technology book these days has to be "does this make me a better developer?". The fact that we have books which deal with best practice means that online documentation has gotten better and better and publishers are responding to that. Most of the languages and frameworks I use I carry the specifications for on my Palm Pilot in Plucker format. Reference books can't compete with that. A few publishers I've seen are shifting towards a tutorial style (in the web design sphere, Friends of Ed is a good example of this).

More good PHP Books

Here is a good source for browsing PHP Book Reviews [top-books.org]. PHP In Practice [top-books.org] hasn't made the top 50 yet.

programmingbooks.org

Rank this book if you've read it!
http://www.programmingbooks.org/PHP [programmingbooks.org]

There's a lot of horrible programming books out there. I wrote this web app to help programmers easily find the good ones. Basically programmers rank their top 5 books based on category(in this case, php books). It only works if people use it though, so rank the good programming books you've read!

Picture books?

So instead of pages of useless screenshots this book decided to go with content? What a gaping flaw! There are many books on PHP full of screenshots and little else if that's your thing. I see it as a bonus - if you want to see the screenshot you'll have to start doing some coding. Personally, I like PHP for a quick and dirty script, but would not recommend it for a project that was larger than around 3 lines of code.

Wonderful!

Can someone point me at a torrent of the eBook version?

(I kid, I kid)

Blah Blah Blah!!!

Same sh*t another day.
Some uber programmers doens't like PHP because of someting else... Then start to bashing again and again

Php can't do this, can't do that. Php can't scale, Php was ugly, yada yada yada....

First purpose of Php was templating engine for HTML.

Other things comes afer.

Also, Zend try to add OOP. WHY? Why we need OOP aproach, run once scripts...

In php you cannot store objects in the Memory by default... (if you not use Memcaced/Seralize things)

I still don't get it. It was stateless universe. Evrything runs once and goes to ashes.

Whe we need all those OOP overload ?

Maybe to get more respect from other languages ?

Paaah...

Php language for who can barelly handling HTML.
It may not look nice. It may have some problems. May diturbing over obsssed engineers.
Of course, you may do more nice OOP thing in ruby, python of course you may do some hiber,uber,hypernate in JAVA.

And you cannot give
this much ability
under this cost (both cpu/ram)
and with this usability...

Missed it by one...

You were one post late... admittedly, he was very polite for a troll.

Re:Die already

... I was too till he missed out perl.

Re:PHP is...

Yes, realize that the acronym for PHP Object Oriented Programming is POOP.

Thus, the title of the next PHP book should be along the lines of "How To Write Real POOPy Code".

Re:Update on the link

i don't think that is an associates link - i could be wrong. a lot of times, if i see a review in the 'mysterious future' i'll post an associates link. but it's just if i happen to catch it there -- which hasn't happened in a while. but i think various people do it when they get the opportunity. i don't know why people get so worked up about it.
 
i do know that it bothers some people (though i don't understand why) so i always mention that it is an associates link in the post and never post it anonymously.
 
but anyway - to get to your question specifically -- it's pretty easy to get first post if you are a subscriber and feel like taking time to wait for the story to go 'live'. i'd be interested in hearing why you think the practice is so offensive.