Crockford has a simple premise: every programming language has its good and bad parts. What we have to keep in mind is that we don’t have to use everything a language offers. Javascript has a fair amount of bad parts. It was developed in a rush and became the language of the web in such a short period that it has never had the time to be polished and refined. Despite all that, it has some really amazing features. And it is on these that we should focus.

The book is composed of 10 chapters and 5 appendices. In the chapters, the author covers the good parts of javacript, going through objects, arrays and inheritance.

The chapter about Functions (chapter 4) is one of the best in the publication. According to Crockford this is the best thing about javascript. The chapter presents important topics as different patterns of invocation, how to augment types, scope and closure. The chapter about Regular Expressions (chapter 7) is also a highlight in the book. Regexps are usually not a simple subject to write about and it is really easy to confuse the reader even more. In this book it goes directly to the point in a really simple way.

The first 2 appendices are, in my opinion, the most precious for experienced users: Awful Parts (Appendix A) and Bad Parts (Appendix B) lists several features that are more trouble than useful and should be avoided. It is highly informative and shows curiosities like:

typeof NaN === 'number'      //true 

and

 0.1 + 0.2 === 0.3      //false  

The last 3 appendices focus on JSLint, syntax diagrams and JSON.

When we talk about Javascript, Douglas Crockford is God. The Yahoo! Architect even has a Crockford’s Facts website with lines like ‘Douglas Crockford does no eval’ and ‘Everytime you create a global variable, Douglas Crockford roadhouse kicks an intern’. His manner of writing is also brilliant, extremely concise and informative.

This was one of the technical books that I enjoyed reading the most, because it is so clear, simple and written in such a relaxed way. And it covers javascript in a totally different way from other books, it does not try to change the way you develop with it as it is more similar to most popular C-based languages. Instead it shows you how it should be used because of those differences. And it teaches you to appreciate it so much more while doing it.

Javascript: The Good Parts
Author: Douglas Crockford
Pages: 176
Year: 2008
Publisher: O’Reilly/Yahoo Press
on O’Reilly | on Amazon

The book covers a lot of ground, even though it looks rather thin. Derick does a wonderful job of introducing date/time matter in the opening chapter, covering all the calendar switches (Julian to Gregorian) and its complexities (did you know Feb 30th has already happened once?) as well as timezones, solar times and details of daylight-saving time. This is all invaluable information for anyone working with dates.

The remaining chapters delve into the various operations we use with and around date and time, like parsing, representing and manipulating date and time values. It directs attention to various features of the PHP functions that handles timezones and daylight savings. Its also very interesting that the book fully covers and makes crystal clear the new features in PHP 5.3 that pertains to this topic.

The book explores PHP internals and describes how to use timezones and to update the internal timezone database, as well as how to deal with database engines and still get back correctly timezoned dates.

Guide to Date and Time Programming is a really pleasant read. In a very orderly fashion Derick covers all the steps before introducing new issues, instead of just raising issues without fully explaining what they are about. The book functions very well as reference book, since documentation on this topic is not all it should be in the PHP Manual. This is a must-read book for anyone that has ever had to deal with handling date or time in a PHP system, or anyone who plans on launching systems that are aware of timezone differences.

php/architect’s Guide to Date and Time Programming

by Derick Rethans

Paperback: 152 pages

Publisher: Marco Tabini & Associates, Inc. (April 20, 2009)

Language: English

ISBN-10: 0981034500

ISBN-13: 978-0981034508

Available from Amazon

Even though it was published in 2005, the issues that “Essential PHP Security” addresses is still very relevant today. Written by Chris Shiflett, the book goes through various security aspects associated with a PHP application, and for that reason its content can be considered up to date and applicable to various day-to- day situations faced by developers.

The book has a very easy going approach to exposing the various aspects of security it addresses. These aspects are very clearly exposed and separated into differenct chapters, covering everything from forms to includes and security in shared hosting environments. Each topic is analyzed in detail and internally divided into exploits and attack strategies for that security flaw. In this way the book becomes an easy to access reference book where its possible to go directly to the chapter that addresses the specific aspect you are coding for right now and allowing you to know which flaws to look out for. The introductory chapter presents Principles and Practice of Security which can be applied in any application and any language, for example “Defense in Depth”, which demonstrates the fact that security is much bigger than merely analyzing specific points of you application.

Even thought is has been published a few years ago, the book addresses topics like XSS that play a important role in the AJAX driven web we observe nowadays. Old friends like Session Hijacking and SQL Injection are analyzed from various points of view, aligned to the various segments of an application. This structure makes for a very light and enjoyable reading experience which can easily be fit into a few spare moments, or even in the waiting room of the occasional visit to the doctor’s office (it worked for me anyway).

This book deserves to be part of any developer’s bookshelf, at least to serve as a reminder and inspiration for reflection, even in a world where more and more Frameworks internalize all aspects of security – but as I always say, we developers should always know what is going on behind the curtains.

Essential PHP Security A Guide to Building Secure Web Applications

By Chris Shiflett
October 2005
Pages: 124
ISBN 10: 0-596-00656-X | ISBN 13: 9780596006563

You can buy the book from Amazon