Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Secure PHP Development: Building 50 Practical Applications Paperback – Apr 25 2003


See all formats and editions Hide other formats and editions
Amazon Price New from Used from
Paperback
"Please retry"
CDN$ 51.70 CDN$ 6.44



Product Details

  • Paperback: 903 pages
  • Publisher: Wiley; 1 edition (April 25 2003)
  • Language: English
  • ISBN-10: 0764549669
  • ISBN-13: 978-0764549663
  • Product Dimensions: 18.9 x 4.8 x 23.4 cm
  • Shipping Weight: 1.4 Kg
  • Average Customer Review: 1.8 out of 5 stars  See all reviews (12 customer reviews)
  • Amazon Bestsellers Rank: #2,882,803 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description

From the Back Cover

Your in-depth guide to designing and developing secure PHP applications

It’s a hacker’s dream come true: over one million Web sites are now vulnerable to attack through recently discovered flaws in the PHP scripting language. So how do you protect your site? In this book, bestselling author Mohammed Kabir provides all the tools you’ll need to close this security gap. He presents a collection of 50 secure PHP applications that you can put to use immediately to solve a variety of practical problems. And he includes expert tips and techniques that show you how to write your own secure and efficient applications for your organization.

You’ll learn how to:

  • Implement the featured applications in business environments such as intranets, Internet Web sites, and system administrations
  • Develop e-mail and intranet solutions using PHP
  • Determine the importance of certain coding practices, coding styles, and coding security requirements
  • Follow the entire process of each PHP application life cycle from requirements, design, and development to maintenance and tuning.
  • Use PHP in groupware, document management, issue tracking, bug tracking, and business applications
  • Mature as a PHP developer by using software practices as part of your design, development, and software life cycle decisions
  • Improve the performance of PHP applications

The companion CD-ROM contains:

  • 50 ready-to-use PHP applications
  • Searchable e-version of the book
  • The latest versions of PHP, Apache, and MySQL™

About the Author

MOHAMMED J. KABIR is the founder and CEO of Evoknow, Inc., a company specializing in customer relationship management software development. His previous books include Red Hat® Security and Optimization, Red Hat® Linux® 7 Server, Red Hat® Linux® Administrator’s Handbook, Red Hat® Linux® Survival Guide, and Apache 2 Server Bible (all from Wiley).

Inside This Book (Learn More)
First Sentence
PHP BEGAN AS A PERSONAL home page scripting tool. Read the first page
Explore More
Concordance
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

1.8 out of 5 stars
Share your thoughts with other customers

Most helpful customer reviews

Format: Paperback
I normally like to be charitable, but this publication really has nothing to recommend it. Don't touch it with a bargepole.
It's a book about secure, object orientated PHP applications by a guy who doesn't understand security, doesn't understand OOP and can't write.
Despite the title "Secure PHP", there are whole classes of security exploits which are not even mentioned. There is no comprehensive and authoritative discussion of security at any point.
The code samples are poorly laid out, riddled with errors, littered with notes to the author from the technical reviewer, and astonishingly repetitive. You will often get large chunks of code repeated many times just to show changes in a couple of lines buried somewhere in the middle.
Not that the code is worth the effort of reading. The design is often naive, the organisation unclear and the coding practices poor.
For example, he uses a naming convention for constants ($MY_CONSTANT) rather than defining proper constants as provided for by the PHP language via define().
Another example: on page 41 he exhorts his readers to use good naming standards. Yet the abstract application class that forms the core of the book is full of method names such as: name() number() currency() show_status()... I could go on. There are dozens of other equally cryptic examples.
The copy editing and proofreading is the worst I have ever seen in a technical book: it is a disgrace to the profession. There is a grammatical error in the second sentence! Here is a sample of what you can expect, from the 3rd page:
"Next, you need to consider how user interfaces will be presented and how can you allow for maximum customization that can be done without changing your core code.
Read more ›
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
Like other reviewers, I bought this book with high hopes, only to end up feeling victimized.
At least 2/3 of the book is simply a print-out of the source code contained in the accompanying CD--no elaboration, no value-added. I might be fine with that, if the source were of any value, but it's riddled with errors: I counted 47 show-stoppers in the first 100 pages of printouts, then quit counting. It is literally impossible that the author ever tested this source as it is--not only are entire files missing from the CD, but there are misnamed variables and other bugs that prevent even the most basic parts of his 'framework' from ever running. The author's website (Evoknow) claims to have updated source, but the link to it is broken.
The source also contains plenty of hints that nobody copy-edited before printing (my favorite: a comment in a main application class--faithfully reprinted in the book's text--that asks "Asif, what is this function doing here?" For the record, I don't know what it's doing there either, Asif.). Some listings are printed twice, one instance running right into the next; other bad/good coding-practice comparisons make it difficult to tell whether you're looking at the bad or the good.
Possibly the worst job of copy editing I've ever seen in any book--and regrettably, I read a lot of badly edited books. I'll never buy another book by this author, and my trust in Wiley has been seriously damaged as well.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
I have a few issues to raise regarding the quality of this book and the supporting source code.
Firstly, the book is littered with errors, typos, and poor grammar. It appears as though it was rushed into publication without any real editorial and technical review. Now this is nothing new in the world of IT books, but it is always disappointing. And there is not even an errata list on the wiley site or the evoknow site.
Secondly, the source code does not run out of the box. This is normally ok if you are given clear instructions as to setting up and configuring, but alas there is no such information. Of course there have been source code updates (which are completely different file structure to the original on the cd, rendering the cd essentially useless) which indicates again that the publication was rushed without proper scrutiny and testing. Loading the code tree under "demo" and browsing to your web server accordingly immediately comes up with errors when loading the index.php home page. Not a good sign, I mean come on, is that the way to start us off? And how exactly has the source code itself changed? How can one know whether what is being read will match the supplied source code???
Thirdly, you have made it clear your source code has not been tested on a Windows environment. I find this a major oversight as a large proportion of PHP development is done on Windows, even if it ends up running on *nix servers. There are also no setup instructions for Windows, only Linux. This is a seriously flawed presumption in my mind.
I am hoping things get better with this book once I am able to set up and run the applications properly, and see the theory in the book (which is useful in the majority of cases) in practice. However, after paying ...
Read more ›
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
When I saw this book at the local bookstore (one of only 10 PHP related books in stock), I thought, "Awesome! I've been looking for some more securing applications techniques." It turned out to be a big let down.
The book is roughtly 750 pages (large print), the first 50 or so was an introduction and gave a few bad examples vs. good examples of code (which was good, and actually made me think the rest of the book was going to be good), then jumped directly into "here's 650 pages worth of class based applications for you to use". The last 40-50 pages of the book was a chapter called something to the effect of "Optimizing and Securing PHP". Of the whole book, this was the most dissapointing aspect, split equally between the 2 topics. I thought the whole book was going to be about writing secure PHP, not just 20 pages.
Even the sample code they gave was in my opinion, poor. The author encouraged a strong misuse of OOP, having every single script have its own class dedicated to it. For example, one of the 50 "ready to use applications" was for handling users for their intranet. They wrote a class with methods for updating the user's information, adding a user, selecting the user's email address from the database, etc. The goal of OOP is to be abstract so that it can be used in more than one area, something the author didn't bother to learn before he wrote this book.
Even the optimizing portion of the last chapter was a big let down. It felt like there was really only one example of code optimization. The rest of the pages explained how to make a particular PEAR script do a speed test on your code. How is that supposed to help me if I'm not even certain how to write it more efficiently?
Read more ›
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Most recent customer reviews



Feedback