MOHAMMED J. KABIR is the founder and CEO of Evoknow, Inc., a company specializing in customer relationship management software development. His previous books include Red Hat® Security and Optimization, Red Hat® Linux® 7 Server, Red Hat® Linux® Administrator’s Handbook, Red Hat® Linux® Survival Guide, and Apache 2 Server Bible (all from Wiley).
I normally like to be charitable, but this publication really has nothing to recommend it. Don't touch it with a bargepole. It's a book about secure, object orientated PHP applications by a guy who doesn't understand security, doesn't understand OOP and can't write. Despite the title "Secure PHP", there are whole classes of security exploits which are not even mentioned. There is no comprehensive and authoritative discussion of security at any point. The code samples are poorly laid out, riddled with errors, littered with notes to the author from the technical reviewer, and astonishingly repetitive. You will often get large chunks of code repeated many times just to show changes in a couple of lines buried somewhere in the middle. Not that the code is worth the effort of reading. The design is often naive, the organisation unclear and the coding practices poor. For example, he uses a naming convention for constants ($MY_CONSTANT) rather than defining proper constants as provided for by the PHP language via define(). Another example: on page 41 he exhorts his readers to use good naming standards. Yet the abstract application class that forms the core of the book is full of method names such as: name() number() currency() show_status()... I could go on. There are dozens of other equally cryptic examples. The copy editing and proofreading is the worst I have ever seen in a technical book: it is a disgrace to the profession. There is a grammatical error in the second sentence! Here is a sample of what you can expect, from the 3rd page: "Next, you need to consider how user interfaces will be presented and how can you allow for maximum customization that can be done without changing your core code. This is typically done by introducing external HTML templates for interface." Even the section headings are ungrammatical: "Using relational database" (p21) The 16 editors and proofreaders credited in the frontmatter should hang their heads in shame. This has severly damaged my confidence in Wiley as a brand - they clearly have no concept of quality control. I will be very wary of buying their products in future. The cover strapline "Timely. Practical. Reliable." is a sick joke...
Only 20 pages of "secure development techniques"2003/6/4
When I saw this book at the local bookstore (one of only 10 PHP related books in stock), I thought, "Awesome! I've been looking for some more securing applications techniques." It turned out to be a big let down. The book is roughtly 750 pages (large print), the first 50 or so was an introduction and gave a few bad examples vs. good examples of code (which was good, and actually made me think the rest of the book was going to be good), then jumped directly into "here's 650 pages worth of class based applications for you to use". The last 40-50 pages of the book was a chapter called something to the effect of "Optimizing and Securing PHP". Of the whole book, this was the most dissapointing aspect, split equally between the 2 topics. I thought the whole book was going to be about writing secure PHP, not just 20 pages. Even the sample code they gave was in my opinion, poor. The author encouraged a strong misuse of OOP, having every single script have its own class dedicated to it. For example, one of the 50 "ready to use applications" was for handling users for their intranet. They wrote a class with methods for updating the user's information, adding a user, selecting the user's email address from the database, etc. The goal of OOP is to be abstract so that it can be used in more than one area, something the author didn't bother to learn before he wrote this book. Even the optimizing portion of the last chapter was a big let down. It felt like there was really only one example of code optimization. The rest of the pages explained how to make a particular PEAR script do a speed test on your code. How is that supposed to help me if I'm not even certain how to write it more efficiently? I'm not interested in a book that shovels me a bunch of code the author wrote. If I wanted free code, there's tons of sites out there for that. I want a book that's going to teach me how to think more securely and write more securely and think about the best/most optimized way to write a particular portion of code. Sadly, this book isn't it.
Not a good book2004/6/22
I read the first Chapter of this book and that was enough to know that this book is no good. The examples are not well explained and when it comes to try the code, it doesn't work. Don't waste your money on this!
What's up with the Restrictive Software License?2003/5/27
John A. ODONOVAN
This looks like a good object-oriented framework for building PHP apps, but what is up with the restrictive license that accompanies the programming examples in the book? (see the back page of the book, and the license.txt file on the disk) "You may not (i) rent or lease the Software, (ii) copy or reproduce the software through a LAN or other network system or through any computer subscriber system or bulletin- board system, or (iii) modify, adapt, or create derivative works based on the Software." I've never seen a book try to restrice the programming examples in this way. Stay away if you intend to build professional products. There are many other frameworks available for PHP OOP.
Spend your money on dinner instead of this headache2004/6/16