I’ve been meaning to upgrade PHP on my macbook for a while now, today I finally got around to it with a little help from Marc Liyanage PHP Package.

Download the installer (~50MB), un-tar and run it. You should not have PHP5 installed on your system. However, you might have to do a bit of fiddling to get it working properly.

These are just the tweaks I needed, you might need to do more or less, but this might be useful in some fashion.

In httpd.conf the PHP4 module was still being loaded, so comment that out and add an entry to load the PHP5 module instead.

#LoadModule php4_module libexec/httpd/libphp4.so
LoadModule php5_module local/php5/libphp5.so

For some reason the PHP5 module was installed at a different path to the oldPHP4 module and all other Apache modules. Rather than move it (and risk other problems) I left it where it was and just used the different path.

Further down httpd.conf there’s another reference to PHP4, just update the number.

AddModule mod_php5.c

Restart Apache so the changes take effect, with sudo apachectl graceful

That should do it.

Let’s take a look…

This chapter covers the basics of creating HTML forms and how the form data is transmitted to your PHP script. It introduces several key concepts of real PHP programming, including how to debug and manage errors in your scripts.

Real PHP programming? Sounds good!

Unforunately it’s not. While it cover the basic mechanics of handling forms, it barely covers doing so responsibly.

What exactly is bad about it?

In the first examples register_globals is replied upon, a page or two later it does recomend you disable it, but no explanation of why register globals is considered harmful. This turn of phrase:

To combat register_globals being off, you need to use special variables like $_POST.

Is very worrying, suggesting register globals should be on, and no note of the positive aspects of using $_POST, $_GET, et al.

There’s no mention of magic_quotes or how it will potentially maim your data (if you’re using a database or not), for a basic form handling tutorial, i’m suprises this is skipped. A lot of people will be shocked when they enter a name with an apostorphe and a backslash appears out of nowhere.

No mention of not trusting, and where needed escaping, user data. Some people might consider this a bit ‘high-level’ for a relatively simple example, but I can’t help but think this is exactly when tutorials should mention these considerations and the associated dangers of XSS.

Would it really confuse a reader to recomend the use of htmlentities() or strip tags()? Or at least mention them.

Although some people would disagree with me, it’s a terrible idea to just throw all your PHP code straight in the middle of the body and start using print statements, let alone setting error_reporting mid page.

PHP was designed to be easily embeded into a page, and there’s nothing complicated about switching out of HTML to PHP to print variables, if anything that could be easier to grasp.

More importantly it shows the division between PHP and HTML, which to so many developers is a very blurry line.

Considerations

It may seem i’m being a little unfair this particular article - not everything i’ve mentioned is targeted at it - in it’s defence, at least mentioning error_reporting deserves praise.

Alas it has acted as a trigger for my frustration about the general quality of PHP learning material.

I’m also aware this article is an extract from a book, but it will found and treated as a stand alone guide just as the WSG list has done.

Giving PHP a bad name

One of the reasons PHP is looked down upon is the sheer number of poor programmers who use it, to disasterous results.

This is caused in part by the low entry barrier of PHP compared to some other languages, but also because it so many tutorials, books, etc just teach PHP badly! It’s very easy, even for good programmers to create truely shocking code because ‘thats what a guide said to do’ and they’ve not been told different.

It comes down to this; Garbage In, Garbage Out - If you’re not teaching good practice, you’re teaching bad practice and others are following what you say, either way.

Over the holidays I came discovered Code Golf and got quite addicted to one of the challenges, for those unfamiiar with it:

Based on the original perl golf, Code Golf allows you to show off your code-fu by trying to solve coding problems using the least number of keystrokes.

You’re not just limited to Perl either - PHP, Python and Ruby are all available too.

Challenges are always open, and your entries are automatically scored so you can start playing right away!

I spent most of the holidays tweeking and tuning my enrty for the 99 bottles and managed to get my entry down to 209 bytes. Far from a winning score, but for my first attempt - and using PHP - i’m quite pleased.

The resulting code is pretty much unreadable, no line breaks, single character variable names - and yes, that kind of code should never rear it’ ugly head in serious project, but its a work out for some of the coding muscles you may not use very often or even at all.

So have a go, try one of the challenges stretch your brain a bit, or if you’re learning a new language try one of those and get to know some of the dusty corners of the lanuage you’d other wise miss.

More importantly, have a go at 99 Bottles of Beer and tell me how you did.