Programming With PHP and Mysql With Security in Mind.
It could be said that one the major selling features of (PHP) web frameworks are they can sometimes prevent novice coders from doing truly insecure things by merely following the way things are demonstrated in a dozen PHP books. Many books still show pulling data from the $_POST variable and sticking it onto a page — or worse — into a database. Now, of course, that is fine if you’ve got the Internet to yourself, but sooner or later someone or something unexpected will bite you. Fortunately, this book will show you a couple of good ways to head off many potential holes in your application early on.
Security is one of the best reasons to pick up this book, even if you are relying on the built-in sanitation of your framework of choice. All the good stuff from asking yourself where are the problems going to come from and securing your server and database in various ways to explaining and how to SSL works and using it. And of course asking questions like, “do I need to be storing your customers’ credit card details in the first place?”- Probably not.
Some other good things about this book: the designing databases section is quite good. I like the approach they take asking, “what do you want to ask MySQL?” as a way of organizing the database leading to efficient query. Another good part is on choosing field types (not every numeric field has to be an INT) and avoiding redundant or empty fields. The book uses MySQL 5.1, so it has coverage of stored procedures, views, replication and a few other features. I was a bit surprised that they use the PEARMBD2 library for DB access, not PDO. But I think it’s a good decision, as a good database library can save a lot of repetitive code and performance-wise it’s pretty good. In short, the book is a few steps above the usual coverage MySQL.
After the first four sections (covering PHP, MySQL, e-commerce, advanced PHP), there is a section of projects. These seven include a shopping cart, e-mail service (WarmMail), a forum and a PDF generator. There’s some coverage of Ajax and using web services as well. I particularly liked the forum, as, like other things in this book, it seemed more like something that could be used in an actual project.
If there is an area that the book doesn’t cover, it’s testing — every programmer’s favourite task –, except for some mentions of it, there isn’t a section dedicated to it. The closest is the coverage in the Developing large projects section. Here they cover planning, prototyping, debugging, but beyond the mention of regression testing, there isn’t too much.
Like the MySQL book reviewed last week, this is a significant volume, also about 1000 pages. A bit of an oddity in this day is the book comes with a CD with the source code for the book, the text in .pdf format and installs for Windows and Linux of PHP, Apache and MySQL. With the coverage of both MySQL 5 and some of the newest features of PHP 5.3, it’s a book that won’t be outdated next month. I’m not sure if this is a complete beginner’s book, but it’s probably one book that all intermediate PHP developers could benefit from.