Currently browsing books
Sat, 31 Jan 2009 3:42 UTC
When I was contacted by a representative of Packt Publishing to review RESTful PHP Web Services by Samisa Abeysinghe, I was naturally interested. After all, I’ve written and spoken a lot about representational state transfer (REST). But I was also skeptical because plenty of people these days talk about RESTful web services, but they don’t really explain REST.
Abeysinghe approaches the topic from a very practical level. From the very first chapter to the last, RESTful PHP is chock full of code samples and discussion of tools to access and build RESTful services. The problem, though, as Lorna Mitchell points out, is that ”[v]ery few services that claim to be RESTful actually are, which makes writing anything along these lines very tricky.” I agree. I would have liked to have seen a more critical look at the so-called RESTful services profiled in the book, with the author explaining the principles of REST by showing how the services examined are or are not RESTful.
In addition, the book devotes very little space to actually describing the principles of the REST architectural style. Instead, there is only a small section in the first chapter that lists some of the principles of REST in a bullet list. I say “some,” because the book fails to mention the principles of client-server, caching, layering, and code-on-demand. Of particular importance to me are the principles of caching and layering because I think these make for the most compelling arguments for using the REST style. Later, when the book tries to make a case for the need for RESTful web services, it talks only about the need for web services and why PHP programmers need to know how to consume REST services, rather than actually explaining why REST itself is important.
While my criticism of the author’s lack of focus on defining and explaining REST is harsh, I will return again to my point about the practically of the book’s examples. It is filled to the brim with working code examples that show how to consume Flickr, BBC News, Yahoo Maps, and other web services, and he discusses many tools to use as HTTP clients in PHP, from curl to Zend_Rest_Client. He also goes into much detail explaining how to design and implement RESTful web services, using a fictional library service as an example. In truth, the real focus on the book isn’t on REST but on the resource-oriented architecture, and to that end, he does offer some good discussion, even covering such topics important to the community as PUT vs. POST and URL design, nuances of design that REST does not cover. And, at the end of the day, what is really more important to a programmer who needs to quickly consume web services for a project: pragmatism or theoretical discussion? My bet is on pragmatism, and this book offers plenty of it.
So, if you’re looking for a full-fledged definition of representational state transfer, this book is not for you. Read Roy Fielding’s dissertation, if you want that. However, if what you’re looking for is a practical approach to consuming resource-oriented web services, then RESTful PHP Web Services is what you’re looking for.
3 Comments »
Permalink
Tags: books, php, rest
Fri, 13 Oct 2006 13:12 UTC
While at PHP Appalachia, I had the pleasure of meeting David Rasch, the founder of Triangle PHP, which meets in the Raleigh-Durham-Chapel Hill region of North Carolina. One night, by the campfire, David and I launched into a discussion about how newbies learn PHP from current books on the market. He suggested that the format for teaching PHP needs to change and that these books need to start not by teaching PHP from the Web but by introducing newbies to PHP concepts by creating command-line applications. The idea being to introduce them early on to OOP and best practices, rather than trying to get them started fast with a simple “Hello, World” Web site.
While I agreed with the concept in general, I questioned the marketability of this approach. When a person picks up a book on PHP, I asked, what is it they want to do? The simple answer is: they want to create a dynamic Web site, and they want to do it now. Publishers will be very reluctant to publish a book that does not follow the traditional “teach them to create an application then teach them the best practices” model because the reader knows or has heard somewhere that PHP will enable and empower them to create an application—albeit a simple one—in a matter of minutes. This is what makes PHP so attractive to newcomers.
Nevertheless, David had some good points, and, while I was playing devil’s advocate in my comments, I agree that the way we introduce newbies to PHP needs to change at the fundamental level. Newbies must learn the fundamentals first, while still feeling like they are moving somewhere quickly and not being overburdened by a steep learning curve. Thus, David has followed up his original post with “Learning PHP sans bad habits,” which includes a proposed TOC for such a book. The proposed book introduces the reader to PHP syntax from the command line, but, by the second chapter, takes them into Web development with a simple framework that will protect them from bad practices (such as failing to filter input and escape output). At this point, the reader does not yet need to understand these principles or how the framework works (these are covered later in the book), but they are still learning how to protect themselves using best practices.
I think David’s got some good ideas here that the community should definitely take into consideration when teaching and writing books about PHP. Now, I’m just waiting to see what publisher will approach David first to turn his proposed TOC into a reality. 
4 Comments »
Permalink
Tags: books, php, phpappalachia, teaching
Thu, 5 Oct 2006 21:51 UTC
Today, php|architect has released the latest in their line of nanobooks: php|architect’s Zend PHP 5 Certification Study Guide. Writing along with Davey Shafik, I’m proud to have been a part of this project. It was hard work, and Davey had to step in on more than one occassion to save my rear-end, but I think, in the end, all worked out well, and I can honestly say that the final product is more than simply a study guide for the Zend PHP 5 Certification Exam. In fact, it is an essential guide to PHP 5 in general.
php|architect’s Zend PHP 5 Certification Study Guide covers topics ranging from the basics of PHP to object-oriented programming to databases to Web services, and it does so all under the banner of PHP 5. If you want a general primer on PHP 5, then this book is for you. If you want to study for the Zend PHP 5 Certification Exam, then even better; this book is especially for you.
Coinciding with the release of the book is the announcment of a competition in which the grand prize winner will receive a Zend Studio Professional license, a voucher for the Zend PHP 5 Certification Exam, one year’s subscription to php|architect, and a signed copy of php|architect’s Zend PHP 5 Certification Study Guide.
To find out more about the competition, the book, the authors, and to read a sample chapter, check out the book’s official Web site at http://zceguide.com/. And don’t forget to buy the book!
Finally, since I’m often asked, my contribution to this book included the chapters Databases and SQL, XML and Web Services, and Security.
5 Comments »
Permalink
Tags: books, certification, php, php-architect, zce, zend
Thu, 27 Oct 2005 15:36 UTC
I’ve just finished reading Chris Shiflett’s Essential PHP Security, and I have to say that it’s a great book. It’s very small—weighing in at only 109 pages (including the appendices and index)—but I think Chris feels this is its main draw. Indeed, it’s a quick and easy read, but that doesn’t mean it’s lacking in thoughtful and careful attention to detail—on the contrary. Rather, Chris has created a very concise and easy-to-read guide to Web application security. The language is clear, as are the examples.
For anyone who’s ever attended one of Chris’s talks on PHP security, this is the ultimate companion. For those who haven’t had the privilege of sitting in on his talks, this book is everything that you’re missing.
It’s available on Amazon for $19.77.
Now, for some fun, I used the Rednoize MD5 database mentioned in Chapter 3 of Essential PHP Security to create a little AJAX application to create MD5 hashes of strings, as well as check for the existence of a hash in the MD5 database. According to the Rednoize blog, there are over 2 million MD5 hashes stored with their counterparts in the database. In addition, I’m using Paul Johnston’s JavaScript MD5 library to handle the string-to-MD5 conversion on the client side (rather than sending an extra request to the server).
Now, on the Rednoize MD5 site, when you enter a string (as opposed to an MD5 hash) that does not exist in the database, it automatically creates a hash of that string and adds it to the database. Thus, you should beware if you enter your own passwords, for then, your passwords and their corresponding MD5 hashes will be in the database. My implementation does not do this, however. If the string entered is not exactly 32 alpha-numeric characters, then it will not try to retrieve a value for it from the MD5 database.
If you want, give my little MD5 reversal application a try.
UPDATE: The MD5 database does not appear to store string values longer than 32 characters; it appears to truncate strings at 32 characters and save the MD5 hash of the truncated string. So, be sure all your passwords are > 32 characters.
UPDATE (6 Nov ‘05): I’ve moved my MD5 hash lookup application to http://md5.benramsey.com/, where it will live on a permanent basis.
8 Comments »
Permalink
Tags: ajax, books, md5, php, security
Thu, 4 Mar 2004 16:03 UTC
Just a few moments ago, I heard some steps on my front porch. It was the mail carrier, and she left Chris Shiflett’s book HTTP Developer’s Handbook at my front door!
And, yesterday, the mail person came bearing Advanced PHP Programming, George Schlossnagle’s book. I’ll have plenty of reading to do over the next few days, and I plan on posting a review of each book. Look for it.
In then meantime, check out these books on your own. Browse to George’s and Chris’s blogs, and buy the books through their sites so that they get some extra commission from Amazon.
No Comments
Permalink
Tags: books
