Please create an account to participate in the Slashdot moderation system


Forgot your password?

Recommended Reading List for PHP 128

Steve writes "IBM developerWorks has put together a PHP recommended reading list. It provides resources for developers and admins adopting PHP and tackling advanced topics such as building extensions and writing secure code. There's also a list of books and blogs for keeping up with changes to the language itself."
This discussion has been archived. No new comments can be posted.

Recommended Reading List for PHP

Comments Filter:
  • Forgot one (Score:5, Funny)

    by Anonymous Coward on Thursday March 16, 2006 @06:27PM (#14937338)
    They forgot the most important article on PHP! What it is: []
  • Queue anti-PHP jokes...
  • by pestilence669 ( 823950 ) on Thursday March 16, 2006 @06:39PM (#14937401)
    This book was Slashdotted a few months ago. It's written and endorsed by members of the core PHP team. It's the most accurate language resource I've come across. It covers the PHP language, while I've found that other books tend to offer cookie-cutter "recipes" for common scenarios (code snippets). Sadly, its mention of interfaces is a bit sparse and it pre-dates PHP 5.1's PDO. Nevertheless, I still find it very relevant for anyone doing OOP with PHP. There are one or two gems not found in the online documentation.

    NOTE: It's better to have some PHP programming experience before reading.

    ISBN: 0-13-147149-X
  • by Duncan3 ( 10537 ) on Thursday March 16, 2006 @06:49PM (#14937479) Homepage
    Not a dupe...
    Actually useful...
    First post wasn't about a Beowulf cluster or Soviet Russia...

    What happened to Slashdot???

    My faith will be restored if this article is duped within 24 hours.
  • I'll have to check out those books. I'm ashamed to say that I don't know as much about PHP as I should. While I was busy trying to decipher Open Source Perl code (to learn from) the web standardised on PHP, and I know next to nothing about it!
    I just hope there's an emacs mode for PHP, I'd hate to have to go back to using VIM to code.
    • by Senzei ( 791599 ) on Thursday March 16, 2006 @07:55PM (#14937894)
      The web hasn't standardised on PHP, there is an emacs mode for it, and you will probably come to hate it.

      It has always seemed like the bash of web programming, except uglier and slightly more difficult to use. It works, but if you push it too hard or the wrong way it feels like you are trying to make a mud sculpture.

      • by Anonymous Coward
        Mud sculpture is close, but I think another brown substance might be more accurate.
      • by edwdig ( 47888 ) on Friday March 17, 2006 @03:22AM (#14940041)
        If you think PHP is ugly, try looking at ColdFusion. Same basic idea as PHP, but you get to write you code in HTML style syntax. You also get Fortran style operators (gte instead of >=, lt instead of <, etc) Damn near impossible to quickly glance at large block of code and figure out what's going on. The code doesn't stand out from the HTML, and you've got a ton of keywords due to all the information being passed HTML attribute style.

        Fun stuff like this...

        <cfloop index="i" from="0" to="10" step="1">
            <cfif i mod 2 is 1>
                <cfoutput>#i# is odd</cfoutput>
                <cfoutput>#i# is even</cfoutput>

        You also get some really odd language decisions. For example, when they first added support for functions there were no return values. To work around this, you had a special local variable called "caller" which was a structure containing the local variables of the previous scope. They eventually fixed this, but PHP's language problems don't look so bad compared to that.
        • The code doesn't stand out from the HTML

          Isn't that why God invented syntax colouring?
        • Yeah, I have seen coldfusion, it is that hideous. But hey, you can write all your code as valid xml... so it can be parsed or something. With namespace definitions it could be valid xhtml, if you wanted that for some reason. I, however, would use it for its true intended purpose: to torture junior programmers by forcing them to work with the page designers in their language.
    • I'm ashamed to say that I don't know as much about PHP as I should.

      I have learned just last week that the best way to learn PHP is to suddenly become a webmaster hosted on a Linux server using various installed content-management tools like b2evolution or WordPress for blogging and Coppermine for image gallery. You will simply be *thrust* into PHP with no second option. In fact, my host has something like 50 tools available to use and I think only 3 of them aren't PHP.

      Call it geek-fatigue, but the thing

  • If security is threated as advanced topic in PHP, no wonder this language has such lousy reputation.

    • I noticed that as well, pretty much sums up the general PHP attitude to secuirty...
    • If you consider security in a server-side application something even a beginner can handle, then I question the security of your code.
    • What intro to (insert my-favorite-super-leet-flavor-here) language talks about security first? Really, that is great that security is old hat to all the seasoned pros and was obviously the first thing they must have covered right after "Hello, world!". In TFA, on the first page at the very top:
      Recommended PHP reading list
      Level: Introductory
      So, c'mon, lighten up, you know? PHP is such an easy target. Go bash the Perl or Python geeks. What about Ada? Not enough folks bashing Ada...
      ps- not a spell
  • Nooo!!!! (Score:5, Insightful)

    by drew ( 2081 ) on Thursday March 16, 2006 @07:22PM (#14937709) Homepage
    And this is why I hate web programming and web programming languages:

    It provides resources for developers and admins adopting PHP and tackling advanced topics such as building extensions and writing secure code.

    Why is this considered an advanced topic? Security should be the first thing anyone writing software for the web learns. And web programing languages need to make it easy to write secure code by default. *Sigh*
    • Re:Nooo!!!! (Score:3, Interesting)

      Out of honest curiosity, is that how perl is? I'm a fledgling programmer myself, using PHP. There's a lot of talk about it being insecure, and not being a True Programming Nerd, I have no real idea why.

      This itself raises the issue that if a language is too easy to write securely by default, people starting out in it won't learn to think about security when they code, which is a short term vs long term thing. The phrase "too secure" does sound a little moronic though...

      For the record, my code is incredibly p

      • Re:Nooo!!!! (Score:5, Funny)

        by Hosiah ( 849792 ) on Thursday March 16, 2006 @08:41PM (#14938159)
        is that how perl is

        Perl: Take every programming language you know now. Mix them all together. That's Perl. No, not the functionality, just the syntax.

      • Re:Nooo!!!! (Score:4, Informative)

        by Craig Maloney ( 1104 ) * on Thursday March 16, 2006 @10:01PM (#14938595) Homepage
        The reason people find PHP so insecure is because you can plop a script practically anywhere on the server, and have it run. So, if one of the scripts allows someone to upload somewhere where they shouldn't, BAM, you're compromised.

        I've found this out first-hand with a few PHP scripts I've run. It's amazingly easy to set up, but it's also a discipline in itself to ensure it keeps crackers out.
        • Sorry, but if you put a powerful and insecure script in any language on a server then you've got the same problem.
          • True, but PHP turns writable directories that should not have executables (images, uploads, etc) into fertile territory for attackers. I can secure cgi-bin in Perl and be reasonably comfortable (with the right Apache configuration) that a rogue script in a writable directory without execute permissions won't be able to be run. I cannot say the same for PHP, which makes every writable directory on the web server a target for attacks.

            Please correct me if I'm wrong. Part of the reason I'm not much of a fan of
            • I see what you're saying. You can turn off PHP execution with .htaccess (either a PHP directive or ), and I think it works with all versions of PHP, Apache only though. The other thing to do (and the normal thing) is to scan extentensions of incoming files, and have a black list (PHP should be at the top of this list), or a white list if you only want a certain type of file (like images) in there. A third way is to store the uploaded files in a place inaccessible by the web.

              I doubt Perl scripts would stor

              • The first way (.htaccess) may work. The second way unfortunately doesn't work, as you can upload a PHP file as a .gif file and the server will execute it just fine. The third way is also a bit tricky as the server software will have to put the files somewhere when the upload is approved, requiring a writable directory eventually. I've adopted a manual process for handling these, but quite frankly it makes the whole push for PHP a bit distateful to me.
                • The second way unfortunately doesn't work, as you can upload a PHP file as a .gif file and the server will execute it just fine.

                  Not true, at least with Apache- I just tested it. Perhaps for other servers... Unless you havemod_mime_magic enabled apache determines file type by extension, so unless for some bizarre reason you have configured Apache to parse *.gif as a PHP file, this is not an issue.

                  At any rate, any time you allow anonymous users to upload arbitrary files to a webserver, you have to be carefu
      • PHP used to have horrible defaults. This has improved, but a lot of application programmers still require old style settings.

        The core language is huge. PHP lacks namespaces, making all variables global.

        PHP is _extremely_ easy for newbie programmers to mess with. This has practically made it the visual basic of the Linux/Unix world.

        On the other hand, Perl went through this evolution a few years ago. (The lack of use strict and use warnings by default is _still_ a known bug). Perl has a taint mode, where the
        • I am more or less an intermediate PHP hacker. Most of my experience is in Perl and mod_perl.

          Right now, what I find the most frustrating about PHP is the embedded model. It seems that you have to jump through a lot of hoops to work around that. Maybe once you get used to jumping through those hoops it is okay, but (for me anyway) it seems like I am working against the language when I want to abstract webpages away from their files, for example.

          It seems to me that this is one of those areas where the easy

      • PHP catches a lot of flack because it is by far the most popular language out there for building websites which offends the crowd who want work with a language only the ubergeeks can use.

        The thing is that a clueless newbie can be productive in less than 2 weeks with PHP (even though looking at his code will make your eyes bleed). While for more experienced programmers its very easy to use things like the object features in PHP5 combined with template tools like smarty [] and db libraries like ADODB [] to create

    • Why is this considered an advanced topic?

      Indeed. The one thing that makes the absurdity of this point of view apparent is when you point out that "secure code" is a synonym for "correct code". If you write bug-free code, then you've basically eliminated security holes. That reduces "security is an advanced topic" to "writing code that isn't full of bugs is an advanced topic", which isn't exactly defensible.

  • by caluml ( 551744 ) <slashdot@spamgoe ... minus poet> on Thursday March 16, 2006 @07:29PM (#14937743) Homepage
    Only thing I've ever needed to read to learn PHP is []. (Because the UK mirror is slower.)
  • Templating systems (Score:3, Informative)

    by Spy der Mann ( 805235 ) <spydermann.slashdot@ g m> on Thursday March 16, 2006 @07:34PM (#14937778) Homepage Journal
    This one's an ABSOLUTELY MUST-READ for those who don't know what template engines are: ngine []
    • Bleh. What's wrong with XML and XSL? Seriously... The developer generates the XML document structure, then passes it through the XSLT processor, applying an XSL stylesheet created by the web designer. Standards all the way...
      • Bleh. What's wrong with XML and XSL?

        It's not supported in PHP4. Sure, there are the extensions, but they're NOT installed by default in common server configs, so you'd have to do it by hand, and that's SLOOOOOOWWW.
        • It's not supported in PHP4. Sure, there are the extensions, but they're NOT installed by default in common server configs, so you'd have to do it by hand, and that's SLOOOOOOWWW.
          Oh, yeah... Good point. I've been using PHP5 long enough to have driven that from my mind.
      • (BJC = Baby Jesus Cries)

        It's slower than dirt. Slow dirt. ;) PHP5 is better about it than PHP4, but it's still slower than a native php-based templating engine. (And that assumes the best case of using as just a templater, throw misguided people pushing business logic willy-nilly into the xslt and not really grasping the fundamentally functional programming model it exposes and crappy debugging support and so on and it turns into a real god damned nightmare. [We use php5 and xml/xslt at work, work be

  • 5 good PHP sites (Score:5, Informative)

    by Anthony Boyd ( 242971 ) on Thursday March 16, 2006 @07:35PM (#14937784) Homepage

    Their list is great -- I'll be reading some of those articles for weeks before I get through them all. I'm especially interested in the 7 security blunders article. Nice!

    But they did leave off a lot of sites that are useful. Here are a few:

    • PHP Resource Index [] - a few thousand scripts for downloading, most free, all PHP.
    • PHP Builder Forums [] -- the PHP Builder site is pretty useful all by itself, but in the forums there are thousands of people willing to answer your PHP questions.
    • PHP Freaks [] -- one of the guys behind this site wrote a great PHP book. The site is excellent.
    • ADOdb Database Abstraction Layer [] -- okay, okay, this isn't really a site, so much as a product. But still, it's a very efficient DBAL, and it should be used for every database query.

    Anyone want to pitch in with some more? I'm sure there are some very useful sites that I've completely missed (and which the IBM site missed, too).

  • by Anonymous Coward on Thursday March 16, 2006 @07:46PM (#14937835)
    PHP is a powerfull language not only for the web, but for general purpose programming. Please, experienced C and C++ programmers do a favor to yourselfs and give it a try, testing algorithms can be done in a very short little time, in contrast to other languages.
    It's a breeze in the ocean! [] []
    • Hehehehe. Oh my.

      Some mods failed to catch the subtle sarcasm of the parent post, eh? :)
      • by Jesus_666 ( 702802 ) on Friday March 17, 2006 @10:34AM (#14941383)
        Well, PHP is useful for general purpose scripting. I went from web scripting to shell scripting and I'm much more proficient at PHP than I am at Python or sh, so when I have to write shell scripts I usually go with PHP. Yes, I know that sh is faster. Yes, I know that Perl has better PR. But I can just crank out a PHP script in half the time it takes me to read awk's manpage or whatever I need to get that sh script going.

        It might not be the cleanest language around, but it allows for fairly rapid script development when you're familiar with it. Also, it has the most useful documentation of any scripting language I have ever seen, even more useful than Java's API documentation.
  • by MattW ( 97290 ) <> on Thursday March 16, 2006 @08:04PM (#14937941) Homepage
    I'm glad to see that at the top of the list. I haven't read all those php books, but I am a very experienced developer in the language, and that book is fabulous. It manages to cover many topics, and with astounding clarity and insight. Definitely a master work on the topic.
  • this one [], and then this one []. ;)


    //kept pushing my host to install PHP5 for months, before I got on the train
  • ... on when and when not to use PHP: Experiences of Using PHP in Large Websites [] (Aaron Crane, UKUUG Linux Conference 2002).
    • Anyone who's used PHP recently will recognise many inaccuracies and weak points made within that article - from the superglobals, to the Apache php_flag/php_value directives, to the fact that most of the "problems" mentioned are rarely used, fixable by using the recommended php.ini configuration, or by actually showing some self-discipline and not using bad practices (I mean, hey, people wouldn't blame C for someone #define-ing themself into oblivion, would they? No, they'd blame the programmer.)

      I'm not say
  • 'Programming Perl' by Larry Wall
  • "symfony is an open-source PHP5 web framework "professional web tools for lazy folks *

    /me is a bit too tired to write something witty about it here, you might want to judge a quote from the dev yourself:

    fabpot: "I'm not very strict with design patterns... I try to be pragmatic and to get things done quickly. That said, I know there is a lot of problems with this way of doing things and I try to correct them with new releases. symfony is a moving target..." (01/30/2006 08:28

  • by Anonymous Coward
    I have actual products and such written in PHP that I sell. I would consider myself "advanced" in php programming. (I've been at it a number of years)

    PHP is very easy, but compared to perl (or even JSP..) it is terrible. The only reason to learn it is if you are planning on reselling scripts or working (as in paid..) for others. Working with it is a pain. It's horrible when it comes time to move from host to host because it has "settings" (a language with an .ini file is NOT a language)

    PHP5 is a step in the
  • There seems to be no mention of PEAR []. In my opinion an extremely accessible and promising repository.

    With components like DB::DataObject, HTML::QuickForm and DB::DataObject::FormBuilder building web DB applications is shockingly quick!

  • Just took a look at Plone/Zope yesterday. Dropped it on Win32, built it on SuSE 9.1 (couldn't use the SuSE 10 RPM bundle, oh well configure, make, make install...) Java failed to integrate everything cost-effectively. Python stands the best chance now. Ruby isn't ready. PHP, though productive, isn't even in the same league. Execs are eyeing the piecemeal array of fragmented systems that have grown up in the last 8 years and thinking MSFT for everything. Need to do something else fast. Python or
  • It's been quite some time, now since I first read about IBM's interest in PHP []. I believe that this posting is further evidence that IBM intends on taping into the huge PHP development communities, allow IBM to quickly make up lost ground to Microsoft.

    IBM's interest in PHP probably says as much about the established development communities as it does the language itself. I'm far from an expert on deploying technology globally, but I suspect that one of the biggest obstacles to overcome is finding qualified

"The pyramid is opening!" "Which one?" "The one with the ever-widening hole in it!" -- The Firesign Theatre