Hi Andrew, Wednesday, July 4, 2007, 4:23:38 PM, you wrote: >>> Avoid the O'Reilly one as it is flawed. >> In what way? > Its written by Chris Shiflett, isn't that enough reason? No, not really. The errata are clearly published online, and while you could argue that some of them shouldn't have existed in the text in the first place, security is such a moveable feast that whatever is written today will almost surely have changed within a very short period of time, regardless of the author. If just one person takes something useful away from his book, that makes them think "damn yes, I DO allow that in my scripts!", then it was a worthwhile purchase. He (along with a number of others) have done a wonderful job of raising the PROFILE of security (or lack thereof) in PHP applications and the PHP world in general. Before the likes of him and Steffan started blogging and writing about all the issues out there it was a piss-poorly covered area that most developers (*especially* new ones) ignored or were not even aware of. Even if some of the techniques in the book are now flawed, the profile and awareness he has generated did nothing to harm the PHP community, and does not warrant your shit slinging. Cheers, Rich -- Zend Certified Engineer http://www.corephp.co.uk "Never trust a computer you can't throw out of a window" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
