Wrox Programmer Forums
BOOK: Professional PHP 5 ISBN: 978-0-7645-7282-1
This is the forum to discuss the Wrox book Professional PHP5 by Ed Lecky-Thompson, Heow Eide-Goodman, Steven D. Nowicki, Alec Cove; ISBN: 9780764572821
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional PHP 5 ISBN: 978-0-7645-7282-1 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old January 3rd, 2005, 11:36 PM
Registered User
Join Date: Dec 2004
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Professional PHP5 Comment


I just thought I would give my input on something. The 'GenericObject' class that is given in chapter 7 of 'Profesional PHP5' causes quite a bit of vulnerability in some cases. For example, suppose we have a class 'User' that extends GenericObject, which references the 'user' table in an SQL database. In this particular example, assume that the login system is implemented with a 'username' and a 'password', which is md5 encrypted. With GenericObject, there is no 'obvious' way to ensure that some other employees or contractors using the User class will not change the 'password' field to a NON-MD5 value (unless this is automatically done by the database).

The only solution I can think of is to overwrite the 'save' function to automatically MD5 the password field if necessary. Some code has to be rewritten this way, though.

Anyway, I just solved my own problem, but if you ever print any new versions of your book, you might think about giving a warning somewhere.

On another note, your book was extremely helpful & thought-provoking. One of the better ones that I have read. Thank you :)

Old February 20th, 2005, 10:19 PM
Registered User
Join Date: Feb 2005
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts

I have a question that has been puzzling me for a few hours... In Chapter 10: Event-Driven Programming, it mentions the Handled interface. But the Event_Handler abstract class doesn't 'implement' it in the code example in the book. It includes the file 'interface.Handled.php' but it isn't using it.

Now, it is possible that I am not understanding it correctly, and that the mere existence of the included file does something, but it doesn't seem right.

Other than that, it's a great book!


Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible Errors in Professional PHP5 zimdawg79 Pro PHP 0 July 27th, 2006 06:39 AM
Professional PHP5 p25 Interface Problem mercury7 Beginning PHP 0 January 13th, 2006 03:18 AM
GenericObject class from Professional PHP5 codecowboy Pro PHP 0 December 14th, 2005 06:31 PM
Professional PHP5 Ch. 15 Custom Session Handler superrobotpope Pro PHP 4 February 4th, 2005 08:32 PM
Help me about write a comment. fujinova JSP Basics 0 October 1st, 2003 08:22 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.