Book Review: Programming PHP 3rd Edition

Michael Ross writes "As a hugely popular scripting language with an 18-year history, PHP has been the topic of countless computer language books. One of the most comprehensive offerings has been Programming PHP, published by O'Reilly Media. The first edition appeared in March 2002, and was written by Rasmus Lerdorf (the original developer of PHP) and Kevin Tatroe. A second edition was released in May 2006, and saw the addition of another co-author, Peter MacIntyre. With the many changes to the language during the past seven years, the book has again been updated, to cover all of the major new features made available in version 5 of PHP." Keep reading for the rest of Michael's review.

Programming PHP, 3rd Edition
author	Kevin Tatroe, Peter MacIntyre and Rasmus Lerdorf
pages	540
publisher	O'Reilly Media
rating	8/10
reviewer	Michael Ross
ISBN	978-1449392772
summary	An extensive tutorial of the PHP web programming language.

This third edition was published on 22 February 2013, under the ISBN 978-1449392772, with the same three authors at the helm. At a substantial 540 pages, the information is organized into 17 chapters, each focusing on a particular area of the language and its usage. This material precedes an appendix of almost 130 pages, which serves as a reference for all of the language's built-in functions. In fact, not only could this book suffice as a reference guide, it could also serve as a tutorial, because it is accessible to programmers of all levels, including beginners who have never before worked with PHP. The preface notes that the material assumes only "a working knowledge of HTML." However, the example code seems to also assume that the reader is comfortable with fundamental programming concepts, such as conditionals and loops.

To learn more about the book, prospective readers and buyers may wish to visit the publisher's website, where they will find a description of the book, its table of contents, a free copy of its first chapter, and the example code for ten of the chapters. Speaking of formats, the book is available in print and electronic media. (This review is based upon a copy of the print version kindly provided by the publisher.)

The first three chapters explain the bedrock fundamentals of the language, including its lexical structure, data types, variables, expressions, operators, flow-control statements, code inclusion methods, and functions. All of the information appears to be valid, aside from several technical blemishes: In Example 1-1, most of the lines of code are duplicated. Example 1-5, which supposedly creates a PNG file, does not seem to work. The section on constants (page 21) should have mentioned the core predefined constants and also distinguished those from magic ones. The binary literal 0b01100000 is 96, not 1 (page 23). It is claimed that an object is evaluated as false if it contains no values or functions (page 25), and yet: "class C{} assert( new C );." The closure example code (page 29) fails because it includes a function name and no terminating semicolon. The example code in the middle of page 66 contradicts the claim that an inner function "cannot be called from code parsed after the outer function." The example code starting at the end of that page fails because $a in foo() is undefined. Nonetheless, even experienced PHP programmers could pick up knowledge not encountered before, or at least refresh what was learned years ago and since forgotten due to disuse.

The next two chapters explore in detail further essential components of PHP: strings, regular expressions, and arrays. As with the earlier chapters, readers will encounter example code that does not appear to have been tested. For instance, the print_r() output of an object is missing the class name (page 84). On the same page, print_r() and var_dump() of $GLOBALS do indicate "*RECURSION*," but do not loop infinitely or three times, respectively, as claimed. The $record on page 86 is missing its trailing tab character. For these errors and others, it is not clear whether the authors or the technical reviewers are ultimately responsible. Regardless, readers should find useful the tables summarizing regular expression character classes, anchors, quantifiers, and options. On the other hand, the treatment of conditional expressions is sorely in need of examples. Also, readers will be baffled when told that "The preg_match() function takes the same arguments and gives the same return value as the preg_match() function []" (page 112). Lastly, the callback example code is faulty (pages 131, 133, and 141). The sixth chapter, covering object-oriented programming is well-written, aside from the confusing phrase "including it to a different name" (page 160) and the anti-Nietzschean "this will fatal" (page 161).

With Chapter 7, the book shifts gears from the basic underpinnings of PHP to more applied topics, in this case, web techniques — specifically HTTP, global variables, server information, web form processing, sessions, and more. The narrative is quite clear, except when the reader is told that periods in field names are converted to underscores because periods are illegal in PHP variable names (page 178); the connection is not explained. The next chapter looks at server-side data storage, including the topics of PDO, MySQLi, SQLite, and MongoDB. Confusingly, readers are told that the sample SQL database code is available in a file, but they are not told where to find it (http://examples.oreilly.com/0636920012443/).

Chapters 9 through 11 address PHP's support for three specialized file types: graphics, PDF, and XML. The explanations are excellent, and the authors provide numerous examples. The only obvious flaws are in Example 11-1 (page 269), where the echo statement is missing the "<?" and two of the lines have mismatched single and double quotes.

The remaining half dozen chapters cover critical aspects of PHP development. The chapter on security does not attempt to be exhaustive, but instead explains the most common attack vectors and how to block them. The chapter on application techniques discusses code libraries, templating, output buffering and compression, error handling, and performance tuning. Any programmer intrigued by the idea of replacing clunky VBA code with PHP, should be interested in Chapter 14, which explores the differences in running PHP on Windows vs. other platforms, with a brief look at manipulating the contents of Microsoft Word and Excel files using PHP. RESTful web services and XML-RPC are the topics of the next chapter, whose only apparent blemish is that json_encode() does not add spaces between the array values (page 339). The penultimate chapter addresses multiple environments, manual debugging, and the use of an IDE. The last chapter briefly covers PHP support for dates and times, and thus should have been located much earlier in the book, with the other material on fundamental concepts.

Overall, this book is quite approachable. Throughout, one will find programming style recommendations, However, as with any technical work of this size, there are passages that could be made more complete or clear. Occasionally the authors will mention something explained only later — e.g., "short echo tag" (page 60) — which can be frustrating to anyone new to a language.

The concepts of PHP being taught are extensively illustrated with example code. Some of it is concise enough so as not to distract from the narrative flow, but far too many examples involve much more code than necessary. This at first glance might seem to be an advantage, but it actually makes it more difficult for the reader to see the parts of the code relevant to the topic at hand. Also, the authors underutilize whitespace in the code, instead jamming tokens and parentheses together.

In a book of this size, we should not be astonished to find some errata: "Wordpress" (page xv), "try and" (same page; should read "try to"), "tick function registered when register_tick_function()" (55; should read "with" not "when"), "eXtensible" (59), "super-global" (67; should read "superglobal"), "display_classes() function" (vs. "function displayClasses()"; 164), "$var" (294 and 295; should read "$value"), "functions of blocks" (323; should read "functions or blocks"), "retried" (337; should read "retrieved"), and "a.k.a." (350; should read "e.g.").

In terms of the production of the book, like most other O'Reilly titles, this one is nicely put together, with readable font. But sometimes words are jammed together so much that lines appear to be a single word, e.g., "codeitselfbutplentifulenoughthatyoucanusethecommentstotellwhat'shappening" (page 17). Also, the publisher should avoid splitting the function names as if they were English words, e.g., "addc" and "slashes()" on separate lines (page 91). The index is missing some obvious entries, e.g., "closures." Many code snippets are missing the "Example" numbers and captions. This may be fine if the authors do not reference those snippets, but makes it problematic for anyone else to reference them.

Even though this is arguably one of the most comprehensive PHP books on the market, it does not cover all aspects of the language. On page 1, readers learn that PHP can be utilized in three major ways — server-side scripting, command-line scripting, and client-side GUI applications; but only the first is covered in the book. The appendix consumes over 120 pages, and comprises information easily available online in the PHP manual's function reference. Those pages could instead have been devoted to at least introducing command-line scripting and GUI applications. In fact, there are two major changes the authors could take in bringing this book much closer to perfection: Firstly, retest all of the code and root out any technical snafus. Secondly, replace the lengthy appendix with full coverage of the topics of command-line scripting and client-side GUI applications.

Regardless, Programming PHP is both a tutorial and a reference resource packed with information and example code. Benefiting from the author's deep expertise in the language and its usage, the book is the most promising single source for anyone who wishes to learn this ubiquitous web scripting language.

Michael Ross is a freelance web developer and writer.

You can purchase Programming PHP, 3rd Edition from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

Facebook?

[Anonymous Coward]

People still use PHP outside of Facebook? And, honestly, they're not even really using it with their cross compilers.

Re:Facebook?

[Grishnakh]

Honestly, I don't understand what all the complaining is about. It just seems like a lot of language snobbery to me. I used PHP on my small website because every cheap web host out there supports it, there's tons of example code, and it's easy to learn if you have a C/C++ background. It seems to work just fine. Is it suitable for a gigantic website like Facebook? I have no idea really, and I don't care, just like I don't care that bash shell scripts probably aren't suitable for writing, for instance, a full-featured application like a spreadsheet or a video editor, as shell scripts work quite well for the things I do use them for.

Re:But...

[KalvinB]

Even the manual acknowledges it is bad practice and includes the XKCD comic

There are so many languages that try to hide bad programmers. Give me a PHP programmer and his code and I can tell you if he's worth anything, The language lets you code like an idiot. Which is great, because then I can either not hire you or pay you accordingly if I think you have potential.

GOTO is not a part of PHP so you can use it. It's part of PHP so that if you use it, you are immediately fired and blackballed from the industry. It's a trap.

Re:One page book

[schneidafunk]

Get over your bias, and use whatever programming language needed for the job. I'll take a job doing PHP, perl, ruby, python, java, even actionscript. If I'm paid well, I'll learn it. My resume gives me the flexibility to get jobs using different languages, precisely because I'm not biased and have worked professionally in most of them.

Re:Facebook?

[dkleinsc]

Honestly, I don't understand what all the complaining is about. It just seems like a lot of language snobbery to me.

As someone who works with PHP every working day: It's a language that wasn't designed, it was congealed. Its lack of design is very evident as soon as you start trying to build anything interesting with it. It was something that was created to solve a short-term problem for one guy, and more-or-less accidentally grew into what it is today. What structures it does have are poor attempts at imitating other languages.

Some examples of what went wrong:
- Arrays and hashes are the same data structure, for no readily apparent reason. Also, the simplest way of using that data structure is "array(a,b,c,...)", not "[a,b,c, ...]" like everyone else.
- All variables start with $, in imitation of Perl, but don't use the @ or % prefixes the way Perl does, instead just pretending everything's a scalar even though it's not.
- For a long time, OOP was an afterthought.
- Unlike other scripting languages like Python, Ruby, and Perl, PHP can't figure out which files to include for you when you reference something outside of the current file. Instead, it offers a global facility called an "autoloader" that allows you to write your own code to tell it how to find it, which completely breaks when multiple libraries have competing autoloaders trying to pick up two different classes with the same name.
- Library functions display no consistency whatsoever. Some are camelCase, some are under_scored. Some search functions put the needle before the haystack, some the other way around.
- Some operators are funky: Values can be equal without being the same thing, for example.
- A significant number of errors, instead of generating exceptions that can be caught and handled, generate fatal errors, which crash your application no matter what. By comparison, Perl, Python, Ruby, and Java allow you to handle almost any error.

I could go on, but the point is there's real reasons for hating PHP.

Re:But...

[narcc]

Indeed. GOTO is not inherently evil. You'll find it used appropriately in some surprising places -- including the Linux Kernel [oracle.com].

When describing a process, the oft-maligned GOTO certainly comes in handy. The over 30 crowd might remember seeing GOTO's in any number of guide books from auto repair to taxes. (The word wasn't always used, sometimes "skip to ..." or "continue with ..." etc.)

That's right: GOTO can actually make things easier to read and understand.

Even in software today, I'm willing to bet even the most ardent anti-GOT zealot has used a GOTO -- and recently at that -- cleverly disguised as a break or return statement.

The list of absuridities just never ends...

[js_sebastian]

Honestly, I don't understand what all the complaining is about. It just seems like a lot of language snobbery to me.

As someone who works with PHP every working day: It's a language that wasn't designed, it was congealed. Its lack of design is very evident as soon as you start trying to build anything interesting with it. It was something that was created to solve a short-term problem for one guy, and more-or-less accidentally grew into what it is today. What structures it does have are poor attempts at imitating other languages.

Some examples of what went wrong: - Arrays and hashes are the same data structure, for no readily apparent reason. Also, the simplest way of using that data structure is "array(a,b,c,...)", not "[a,b,c, ...]" like everyone else. - All variables start with $, in imitation of Perl, but don't use the @ or % prefixes the way Perl does, instead just pretending everything's a scalar even though it's not. - For a long time, OOP was an afterthought. - Unlike other scripting languages like Python, Ruby, and Perl, PHP can't figure out which files to include for you when you reference something outside of the current file. Instead, it offers a global facility called an "autoloader" that allows you to write your own code to tell it how to find it, which completely breaks when multiple libraries have competing autoloaders trying to pick up two different classes with the same name. - Library functions display no consistency whatsoever. Some are camelCase, some are under_scored. Some search functions put the needle before the haystack, some the other way around. - Some operators are funky: Values can be equal without being the same thing, for example. - A significant number of errors, instead of generating exceptions that can be caught and handled, generate fatal errors, which crash your application no matter what. By comparison, Perl, Python, Ruby, and Java allow you to handle almost any error.

I could go on, but the point is there's real reasons for hating PHP.

You could go on forever. Every day that I work on PHP code, I discover another absuridity in this moronic language. Here is today's: take the php function intval, which is meant to parse a string and return an integer:

- if you pass it an object, it emits an E_NOTICE and returns 1
- if you pass it NULL, an array(), and perhaps other things, who knows, it returns 0
- if you pass it a garbage string that is not a number it returns 0
- if you pass it a number with garbage appended it returns the number (e.g., "123aaaa" returns 123)
- if you pass it an overly large number it returns MAXINT

Apparently it did not occur to the people designing this that using valid return values to indicate error conditions is not a good idea.

Add to this, the fact that to know what a PHP API function REALLY does, you often have to read the comments under the API documentation page so you can find out of all the weirdnesses and special cases that the documentation does not mention.