20 of 20 people found the following review helpful
Ask Felgall - Book Review,
This review is from: PHP Master: Write Cutting Edge Code (Paperback)
This book is an ideal choice for anyone who has a moderate knowledge of PHP to start them on the path toward a much higher knowledge of PHP. The book covers a range of topics such as object oriented programming, databases, APIs, design patterns, security, performance, testing, and QA. With each of these the chapter starts out assuming that the PHP programmer reading the chapter has little or no experience with the material the chapter is covering but does assume a reasonable knowledge of PHP and the content of the preceding chapters. For example the database chapter covers how to rewrite all your database access to use the PDO object oriented approach.
While I have many years of programming experience covering most of the concepts covered by the book, most of that experience is with other languages. My level of PHP experience is probably just about at the level that the book is directed at and I expect to be able to dramatically improve my programming in PHP as a result. The one topic that the book covers where I have perhaps already gone beyond the level covered in the book is "security" as that has been one of the top priorities that I had with the few PHP applications that I have written so far. This allows me a slightly different view of that chapter to what I have with respect to the rest of the book. While applying the information that the chapter provides would make an application far more secure than one that doesn't apply those techniques, not all of what the chapter presents is completely accurate.
One example that is provided in the chapter uses htmlentities to esc ape the action attribute of a form. While this provides the security that is being discussed it is not the most appropriate function to call to provide that security. Since an attribute cannot contain a tag at all and that particular attribute should never contain anything that could be mistaken for a tag, using strip_tags would be a more appropriate solution as then it would be less likely to crash the application if the value was compromised. Later in the chapter it mentions reverse hashing with a rainbow table being prevented if the salt is unknown whereas it is also prevented even when the salt is known (as it would be in the situation being discussed at that point).
Despite these minor flaws (and any similar flaws that the PHP masters may see in the other chapters), the book still fulfils the purpose it sets out to achieve and that is to present those with a limited experience of PHP with the information that they need to take the next step toward becoming a better and more efficient PHP programmer.