I normally like to be charitable, but this publication really has nothing to recommend it. Don't touch it with a bargepole.It's a book about secure, object orientated PHP applications by a guy who doesn't understand security, doesn't understand OOP and can't write.
Despite the title "Secure PHP", there are whole classes of security exploits which are not even mentioned. There is no comprehensive and authoritative discussion of security at any point.
The code samples are poorly laid out, riddled with errors, littered with notes to the author from the technical reviewer, and astonishingly repetitive. You will often get large chunks of code repeated many times just to show changes in a couple of lines buried somewhere in the middle.
Not that the code is worth the effort of reading. The design is often naive, the organisation unclear and the coding practices poor.
For example, he uses a naming convention for constants ($MY_CONSTANT) rather than defining proper constants as provided for by the PHP language via define().
Another example: on page 41 he exhorts his readers to use good naming standards. Yet the abstract application class that forms the core of the book is full of method names such as: name() number() currency() show_status()... I could go on. There are dozens of other equally cryptic examples.
The copy editing and proofreading is the worst I have ever seen in a technical book: it is a disgrace to the profession. There is a grammatical error in the second sentence! Here is a sample of what you can expect, from the 3rd page:
"Next, you need to consider how user interfaces will be presented and how can you allow for maximum customization that can be done without changing your core code. This is typically done by introducing external HTML templates for interface."
Even the section headings are ungrammatical: "Using relational database" (p21)
The 16 editors and proofreaders credited in the frontmatter should hang their heads in shame. This has severly damaged my confidence in Wiley as a brand - they clearly have no concept of quality control. I will be very wary of buying their products in future. The cover strapline "Timely. Practical. Reliable." is a sick joke...
Product Description
* Offers fifty practical and secure PHP applications that readers can immediately put to use
* Explains the entire life cycle of each PHP application, including requirements, design, development, maintenance, and tuning
* Reviews application development line-by-line and module-by-module to help readers understand specific coding practices and requirements
* Applications can be readily adapted to many real-world business situations
* CD-ROM contains fifty ready-to-use PHP applications, an evaluation version of Zend tools, and the latest versions of PHP, Apache, and MySQL
From the Back Cover
Your in-depth guide to designing and developing secure PHP applications
It's a hacker's dream come true: over one million Web sites are now vulnerable to attack through recently discovered flaws in the PHP scripting language. So how do you protect your site? In this book, bestselling author Mohammed Kabir provides all the tools you'll need to close this security gap. He presents a collection of 50 secure PHP applications that you can put to use immediately to solve a variety of practical problems. And he includes expert tips and techniques that show you how to write your own secure and efficient applications for your organization.
You'll learn how to:
- Implement the featured applications in business environments such as intranets, Internet Web sites, and system administrations
- Develop e-mail and intranet solutions using PHP
- Determine the importance of certain coding practices, coding styles, and coding security requirements
- Follow the entire process of each PHP application life cycle from requirements, design, and development to maintenance and tuning.
- Use PHP in groupware, document management, issue tracking, bug tracking, and business applications
- Mature as a PHP developer by using software practices as part of your design, development, and software life cycle decisions
- Improve the performance of PHP applications
The companion CD-ROM contains:
- 50 ready-to-use PHP applications
- Searchable e-version of the book
- The latest versions of PHP, Apache, and MySQL™
Click Here to see more reviews about: Secure PHP Development: Building 50 Practical Applications (Paperback)
No comments:
Post a Comment