Hi,

I just thought I would give my input on something. The 'GenericObject' class that is given in chapter 7 of 'Profesional PHP5' causes quite a bit of vulnerability in some cases. For example, suppose we have a class 'User' that extends GenericObject, which references the 'user' table in an SQL database. In this particular example, assume that the login system is implemented with a 'username' and a 'password', which is md5 encrypted. With GenericObject, there is no 'obvious' way to ensure that some other employees or contractors using the User class will not change the 'password' field to a NON-MD5 value (unless this is automatically done by the database).

The only solution I can think of is to overwrite the 'save' function to automatically MD5 the password field if necessary. Some code has to be rewritten this way, though.

Anyway, I just solved my own problem, but if you ever print any new versions of your book, you might think about giving a warning somewhere.

On another note, your book was extremely helpful & thought-provoking. One of the better ones that I have read. Thank you :)

-Kevin

I have a question that has been puzzling me for a few hours... In Chapter 10: Event-Driven Programming, it mentions the Handled interface. But the Event_Handler abstract class doesn't 'implement' it in the code example in the book. It includes the file 'interface.Handled.php' but it isn't using it.

Now, it is possible that I am not understanding it correctly, and that the mere existence of the included file does something, but it doesn't seem right.

Other than that, it's a great book!

-Farid