Book Reviews

The following book reviews are the copyright of their respective authors and no part should be reproduced without the express permission of the author. Publishers and Authors of the books reviewed may reproduce the whole or extracts of a review for their book. To request copyright permission please email webmaster@birmingham.pm.org.

All the reviews herein are the opinions of the reviewer and are not necessarily the views of Birmingham Perl Mongers and its members. If you feel a review or comment has been made in error, please contact webmaster@birmingham.pm.org to rectify the situation.

Perl Books

Static Link: http://birmingham.pm.org/reviews/10

 
MySQL and Perl for the Web
Title:MySQL and Perl for the Web
Author(s):Paul DuBois
ISBN:0735710546
Publisher:New Riders
Reviewer:Jon Allen

'MySQL and Perl for the Web' has been written by Paul DuBois, the author of the book 'MySQL' (also published by New Riders), the definitive work on the MySQL database. While 'MySQL' did include some details about using Perl to interact with the database, the new book aims to provide much more in depth information, including examples of complete web-based applications.

To start with we are presented with some trivial CGI scripts to check that the web server is set up correctly, and both command line and CGI scripts which use DBI, the Perl database interface. These introduce a number of DBI functions, such as using placeholders in queries, and returning results as arrays, hashes, or references to either.

The coding style used in the numerous examples is exactly what I would expect from an experienced Perl programer. The 'strict' and 'warnings' pragmas are always used, and the author is also careful to use CGI.pm functions for generating [X]HTML instead of printing code directly. Sometimes when books deal with multiple technologies or products, it can be noticed that the author is an expert on either one or the other. But while of course DuBois' knowledge of MySQL is without question, it is nice to say that I could find no real issues with any of the Perl code in the book.

Another item of note is the early introduction of mod_perl. Apart from the usual increase in processing speed, the enabling of persistent database connections (with the Apache::DBI module) makes mod_perl even more important for any database driven application. The disadvantages of mod_perl are also discussed, e.g. the lack of support for suEXEC and problems with variable scope, but these are relatively minor concerns compared with the many positive features that mod_perl brings. The rest of the book actually assumes that an Apache/mod_perl environment is used, but for the benefit of those without access to mod_perl, most of the code is compatible with a CGI environment as well.

Security should be a primary concern for any web or network enabled application, but becomes even more important when there are direct interfaces between your web site and the main back-end databases which run your company. DuBois clearly takes this very seriously - before any code is written, we are told that "...security is a requirement, not an option". 'MySQL and Perl' has a complete chapter dedicated to security and privacy issues, detailing many different types of possible security breaches. The information given is very comprehensive, covering a wide range of topics from using SSH port forwarding to set up an encrypted tunnel between the Apache webserver and the MySQL database server, to advice that the value of cookies set by your application should not be trusted, as cookie data can easily be changed on a user's PC. My only complaint about this chapter is that while we are repeatedly told not to trust user input, there is no mention of using Perl's taint mode to force external data to be validated.

As well as the technical content, DuBois has included a lot of useful information about design issues. Some of these are quite subtle, for example when marking which fields are compulsory in a form, we are advised not to use red text (as this is useless to colour-blind people) or to make them bold (which will not show up on all browsers). This attention to detail is found throughout the book, and really emphasises that the author has a thorough knowledge of the subject matter.

As I'm sure you will have guessed, I like 'MySQL and Perl' a lot. Even if you are using a different database like DB2 or Oracle, the techniques and ideas that DuBois gives will still be very useful. 'MySQL and Perl' offers a comprehensive and authoritative treatment of the subject matter, and I would recommend it without hesitation to anyone involved in developing a database-driven web application.