March 2008 PHP Meetup

At the suggestion of my buddy Lee Springer, I hung out with the PHP geeks at the SF PHP Meetup in the CNET building last Thursday night. A couple of Zend guys talked about version 1.5 of Zend Framework. It was good to get a view into what they are up to, although in many ways they are making a super robust version of the techniques I was implementing about 10 years ago.

Oh man! It just hit me that it was about 10 years ago that I started writing the first edition of Core PHP Programming! Yikes!

There were about 50 people who showed up. That’s impressive based on my experience from years ago with the old PHP users group that dwindled into nothing. A guy named Mariano Peterson came up to me and recognized me as the author of Core PHP. That was cool! Michael Tougeron also made a point to say hello to me. He’s looking to get me to talk at some point, but I’m not feeling like a something significant to talk about.

The most remarkable part of the session was when someone asked if the new Zend Forms code filtered input for SQL injection attacks. Terry Chay spoke up about this, saying quite correctly that you should prepare data with escaping at the moment you send the data out. If it’s going to the browser, convert special characters to entities. If it’s going to the database, escape the special characters right before you assemble the query. You don’t want the mess we had many years ago with magic quotes.

Then, Terry made what seemed like a nonsequitur. After explaining how you would protect you Zend Framework app from SQL injection, he declared “I hate Zend Framework, but that’s how you’d do it.” That made me smile. He later clarified that he hates all frameworks. I can appreciate that attitude. I know I sometimes feel like frameworks are a solution looking for a problem. I’m not even sure if FreeEnergy is a true framework or just a set of idioms.

Anyway, I’m sure I’ll be showing up to the meetups now. Next time I’ll plan on staying later and chatting with more people.

News PHP Went Away

After something like seven years of minimal use, Jon took down the old server. That means all the old PHP code from the Whichever Group (FreeTrade, FreeAssociation, etc) is no longer available. The mailing list for FreeTrade didn’t have a post to it for more than a year, so I’m not too worried. But I did get a comment asking where the site went.

Click no freetrade.tar.gz to get a copy of the code as it existed the last time someone was working on it. I don’t actually have a copy of the repository or the official releases. If I ever have a reason (ie paying client) I’ll port the code to the latest FreeEnergy framework.


PHP Became Mainstream A Long Time Ago

Tim O’Reilly blogged PHP Becoming Mainstream today. It must have shown up thanks to Scoble’s Google Reader link stream. Scoble’s links are as good as the links that come out of digg. They’re different, so I read both.

Anyway, O’Reilly argues that since sales of “For Dummies” books have risen to the top of the PHP book charts that PHP has now become mainstream. How about another metric? How about the metric of clients saying “Sure!” instead “Huh?” when you suggest using PHP instead of Perl or Java? That happened about seven years ago. PHP went mainstream a long time ago.

I think that if Tim were to look at the history of books about PHP, they would find that Core PHP Programming, the first PHP book in English, was aimed at programming novices. It sold really well. Furthermore, the most popular PHP book of all time is PHP and MySQL Web Development by Luke Welling and Laura Thomson.