Practical Web 2.0 Applications with PHP

This book review was published by Slashdot, .

Practical Web 2.0 Applications with PHP

Web 2.0 applications and sites commonly employee a number of technologies: PHP, MySQL, XHTML, CSS, JavaScript/Ajax, microformats (standard formats for HTML data), tags (keywords for categorizing site content), and Web feeds (formatted and streamed Web content, usually in XML, such as an RSS feed). Because learning and using most of these technologies can be rather challenging to a Web developer, perhaps the best way to get started doing so is by using all of them to create a single Web-based application, with no pretense at mastering any one of them. This is the approach taken in Quentin Zervaas's book, Practical Web 2.0 Applications with PHP.

The book was published by Apress, on 20 December 2007, under the ISBN 978-1590599068. On the book's Web page, visitors can read and submit errata (apparently none, as of this writing), read the online table of contents, download Chapter 11 ("A Dynamic Image Gallery") as a PDF file, and purchase an electronic version of the book.

Given the number and complexity of the technologies discussed in the book, it is little wonder that it is 569 pages long. There is certainly a generous amount of material, and it is grouped into 14 chapters: planning and designing the sample application; application framework setup; user authentication, authorization, and management; user registration, login, and logout; Prototype and Scriptaculous; page styling using CSS; creating a blogging system; extending the blog manager; personalized user areas; Web 2.0 features (tags, Web feeds, microformats, and public profiles); the image gallery; site search functionality; integrating Google Maps; deploying and maintaining the site.

The first two chapters set the stage for the rest of the book. Chapter 1 provides a brief overview of Web 2.0, the sample Web-based application to be developed in the book, database connectivity, search engine optimization, PHPDoc, templating, and security, as well as the major features of the sample application, namely, a blog site. Chapter 2 describes how the reader can set up the application framework needed to follow along as the author explains how to build the sample application. This includes brief descriptions of how to install Apache, MySQL, PHP, and the Zend Framework. In fact, the book makes so much use of the Zend Framework that, after reading it from cover to cover, the reader will have gained a strong understanding of how some of the most popular components of that framework can be employed in their own projects. The chapter describes the file system structure the author has chosen, how to configure your Web server, how to set up the database, and how to connect to that database. It also provides an introduction to the Model-View-Controller (MVC) design pattern, as well as the Smarty template engine — both of which are used later.

While the introductory material in the first two chapters is essential — particularly to any inexperienced programmer — and generally spot on, some of the material could use a significant amount of expansion and clarification. For instance, in Chapter 2, the instructions on how to configure one's Web server, could easily prove confusing to most readers, because the author refers to the IP address, with no explanation as to what it is and how it relates to the usual local Web server address, (localhost). His recommendation for a "hosts" file entry, " phpweb20", certainly does not help clarify matters. Furthermore, the author does not explain why "phpweb20" should be used instead of "localhost". In the subsequent discussion on virtual hosting and Linux, in a "Note", he mentions that the reader "must have previously included the NameVirtualHost in your main Web server configuration..." In another note on the same page, he provides instructions on the PHP setup that should have been included earlier, in the section on installing PHP. In general, there are too many instances in the early chapters where key information is presented not where the reader would need it, but pages later. This can be especially exasperating to readers who are fairly new to the technologies, and are trying their best to follow the author's examples, every step of the way.

Chapter 3 discusses user authentication, authorization, and management. Unlike most PHP books, this one does not limit the reader to using MySQL as the relational database management system in conjunction with the sample application. The downloadable code for the book makes it possible for the reader to use PostgreSQL, even though the text itself focuses on MySQL. This flexibility is made possible by the author's use of the Zend_Db class. Admittedly of little significance, some of the book's SQL code looks a bit puzzling in some places. For instance, on pages 46-47, unneeded blank lines are contained within the "create table users" statement, with no reason given. Of greater importance, the chapter includes a short but valuable section describing the potential problems of date and datetime values in MySQL caused by server time zones, daylight savings, etc. — a topic well worth reading up on. The fourth chapter explores user registration, login, and logout functionality. Crucial topics such as password reset are covered, while some others, such as password strength, are not — no doubt due to space limitations.

Ajax is considered a central part of the new Web 2.0 trend, and for doing Ajax, the author recommends Scriptaculous, which is based on Prototype — both introduced in Chapter 5. The basic CSS styling of the sample application's Web pages, is covered in Chapter 6. The only flaw in the sample CSS code is that the author formats the declarations within each rule inconsistently, with some rules having multiple declarations on a single line, and others having each declaration on a separate line, which most people find easier to read and maintain. A highlight of the chapter is the author's comparison of the advantages and disadvantages to using a print-only CSS stylesheet versus a dedicated secondary print page — a topic not even seen in Web programming books that focus on design and CSS. The chapter concludes with a discussion of client-side form validation using JSON.

Chapters 7 through 13 focus much more on the sample application's functionality: implementing the user blogging system, and supplementing it with a blog manager index, Ajax capabilities, and a WYSIWYG editor (FCKeditor); creating user areas that can be customized by the users themselves; implementing the aforesaid Web 2.0 features (tags, Web feeds, microformats, and public profiles); implementing a dynamic image gallery, using GD for resizing, etc.; adding site search capabilities using Zend_Search_Lucene; incorporating Google Maps into the users' public blogs. All of these chapters are chock full of sample code, which the energetic reader may want to test out in their own development environments — particularly if they want to follow the author in creating the sample application. Fortunately, the reader will not have to waste any of that energy typing in code, because it can all be downloaded from the author's book site.

Specifically, Chapters 7 and 8 are devoted to the blogging capabilities of the sample application. While the discussion of permanent links, filtering, and the FCKeditor WYSIWYG editor may be of interest to a reader not implementing blogging themselves, the book at this point becomes more narrow in the information that it conveys — focusing even more on the code of the sample application. After reading through dozens of pages listing the code for blog entry management, readers may begin asking themselves, "Why not just use a CMS, instead of reinventing the wheel?" It should be borne in mind that the point of the book is not to advocate reinventing the wheel, but rather to show how a sturdy and reliable wheel can be built. Nonetheless, readers will need fortitude to plow through the many pages of code.

Despite the obvious expertise of the author, readers should be alert and open-minded to potential pitfalls. In the sample application's code, for generating passwords, the author uses only a hash function, md5(), despite its vulnerability to rainbow tables. The reader is advised to use an encryption function instead of — or in conjunction with — any hash function. The book contains another example of inattention to data security: In Chapter 4, as part of the user registration process, the user's password is emailed to the new registrant, naturally in plaintext, making it visible to anyone who intercepts the email message. Years ago, all sorts of online organizations were following this lamentable practice; fortunately, "nasty grams" from security-savvy users seem to be turning the tide.

After exploring the possibilities of dynamic image galleries and Google Maps, the last chapter may appear relatively uninteresting to the reader, because it discusses application logging, error handling, and website deployment and maintenance, including backups. These topics may not seem too exciting, but failing to take the lessons to heart, and then experiencing a heart-stopping crisis on one's production site, will be the kind of excitement no Web programmer wants to experience.

What distinguishes this book from the majority of other PHP titles — for better or for worse — is that the author makes extensive use of specific frameworks and other tools, such as the Smarty templating engine and the Zend Framework, as well as classes that he has written, which are freely available in the source code. As a result, the value of the book to the reader is, to a certain extent, proportional to how much that reader wants to learn and possibly use those components. For example, if the reader chooses, for whatever reason, to not use the MVC design pattern and the Zend_Controller class for implementing MVC in their application, then the author's use of these will appreciably reduce the value of the book to that particular reader. In fact, given how lengthy Chapter 2 is, such a reader may mistakenly conclude that the rest of the book would be of no greater interest to them, and consequently become discouraged and quit reading. Other examples include the homebrew DatabaseObject and Profile classes, discussed in Chapter 3. Regardless, some readers may find that even if they do not use the author's chosen tools for their own applications, there is enough other programming and application-focused information that makes the book worthwhile to them. Other readers will be disappointed in the overall value of the book should they choose not to follow the author's recommended approaches. In addition, some programmers may be quite hesitant to base one of their own applications — particularly for paying clients — on classes created by a single developer, with no accompanying unit testing code to verify its soundness.

In terms of the production of the book, it is definitely up to par, with a font that is readable and yet small enough to get plenty of information on each page — in conjunction with the bottom margins being utilized better than in other books. However, at least for my particular copy of the book, several blocks of pages were cut with different widths, making it appear as if one or two blocks had become detached from the glue binding, when in fact they were all well attached. Within the binding glue, they were all attached at an equal depth, indicating that it was the cutting of the pages that caused the problem, and not how the blocks were set in the binding.

Even though some readers may find the book overly focused on particular frameworks and other tools, Practical Web 2.0 Applications with PHP is an instructive and expert demonstration of how to use PHP, MySQL, the Zend Framework, Smarty, Ajax, and other powerful technologies for creating robust websites.

Copyright © 2008 Michael J. Ross. All rights reserved.
bad bots block