there are. This is ment for the nephew stuk on a host that supports PHP4. ITs nice to be an ubergeek who workes in the world of the cuttign edge...most of the web is stuck in the past.

Yes a lot of dopes out there are still running with register_globals on ("its easier to code"). This will get corrected in 6...if you can convince all of hem to upgrade...most are still iffy on moving to 5. There is a large mass of bad PHP coders out there ("its an easy language"). We need to educate that crew.

Works great for the corp that has a DBA on staff. Now what about the mom and pop that wants a shoping cart, or the guy making a single site?

I am one of the authors of this book. We had several gigs hardening PHP applications for developers who where self taught, this is what qualified us to write the book (and yes we were engaged in that PHP community). I agree with your main point, if you are a slashdot reader, buy Shifletts book, its probably the best on this topic. My book was not meant for you. If you know someone who is not a hard-core techie writing a PHP website, please point them at mine...if they can comprehend what we wrote and are hungry for more, then point them at Mr Shiflett. Honestly most security books would go over our intended audience's head, we tried to write this in a straight forward manner that a non-techie could easily grasp. This did lead the book to simplify some ares. We felt that it was better to at least try to have some security then none at all. If you look at the book you may notice that we explicitly list Chris' book as a invaluable resource for further study.