Author: Marc Rochkind
Aimed at: PHP developers who want to develop commercial apps
Reviewed by: Kay Ewbank
This book aims to take someone who knows the basics of PHP programming, and show them not just how to create PHP and MySQL projects, but how to build commercial-grade projects. Does it succeed?
Marc Rochkind, is probably best known for his book on advanced UNIX programming. His technical background is impressive, and that shows through in this well-written book.
The difference in attitude to many authors shows with where Rochkind starts – not with installing PHP and MySQL, but with a chapter on project organization covering topics such as creating a development team, setting the schedule, why projects fail, legalities such as having a written contract, intellectual rights, invoicing and getting the money. Now that’s the mark of a true contract developer!
Chapter 2 moves on to requirements in terms of the requirements document, setting the project scope, how to deal with requirements changing, and agile requirements. Again, all of this is general to all software projects, but interesting reading all the same.
Chapter 3 looks at the platform and tools, covering the server platform and LAMP stack, client platform, development platform and tools, and hosting options. Rochkind then looks at the database. There’s some history and general SQL coverage, a good section on E-R modeling, and useful explanations of normalization, constraints, and database security. All this is written using a nice mix of theory, code, and screenshots with step-by-step instructions.
Application structure comes next, covering how you access MySQL from PHP, interacting with the browser, sessions, and page frameworks. The explanations are clear and Rochkind makes a good case for why it’s best to use PHP Data Objects as your API of choice.
Security, forms and error handling are the next topic. Rochkind is strong on security, with useful outlines of the main methods hackers attempt to attack, and how to defend against them to illustrate why hashed passwords, two-factor authentication, and techniques such as submitting requests with POST instead of GET to make life tougher for the would-be attacker. The chapter wouldn’t turn you into a security expert, but it does make the issues and solutions nice and clear.
There’s a nice section on creating forms with code showing how to create and interact with text, check boxes, buttons, foreign keys, radio buttons etc. However, I got the impression that Rochkind thinks the user interface is simple enough to pick up as you go along concentrating on the really important stuff; like handling the user table and password management, handling forgotten passwords, interacting with Yubikeys, and error handling.
Reports and other outputs get a chapter showing how to use SQL queries as the basis of reports; the report class and when to use HTML and CSV output; and role based access control. There’s a good section on how to generate PDFs from PHP, and the benefits of the different PDF libraries. Rochkind is a fan of the free PDF library, FPDF, and shows how to use this.
The final chapter looks at data conversion, and how to get your existing data into MySQL and your PHP app.
Overall, this is an excellent book. Rochkind keeps things practical and uses clear examples and plenty of code, but he doesn’t ignore the theory behind the practice. The result is enjoyable and useful.