I had a chance to review the first edition of this book about six months ago, and I can't agree with your excessively snide review. I don't think this is the best book in the world, but I do think it's a lot better than most of the books with which is competes.

The main point of your review seems to be that the book is bad because it doesn't discuss security issues in enough detail. But as we all know, beginners usually can't get security right even when it is explained clearly. When I was reading your criticism, I tried to imagine what would have satisfied you, and I don't believe that anything would have, unless maybe it was a much fatter book. Since I think one of the book's greatest strengths is that it's so small, I think that including a large and comprehensive section on security would have been a bad decision, decreasing the worth of the book. A small, incomplete section on security evidently would not have solved the problem here. So what's Castro to do? Are you saying that any small book about CGI must necessarily be Evil and Wrong? So it would seem. But I can't agree. I think a small book with a brief security warning and references to further information is just what is appropriate for a first book about security, and that is what we have here. I suppose in your perfect world, everyone is willing to study security for a month before they write a 'Hello World' CGI program, but I don't think that is a very realistic belief.

I also don't think that your criticism about strict and -w is on the mark. The Perl community's dogmatism about these features gets increasingly silly every year. The programs in Perl and CGI for the World-Wide Web are never more than about twenty lines long. They don't need strict. I'll say it again: They do not need strict. Use of strict will confer no benefit in this case. There is no use of references, so there is nothing for strict 'refs' to do. There is no use of baseword strings, so there is nothing for strict 'subs' to do, and even if there were barewards, they are unlikely to cause a maintenance failure in a program this small. And in a twenty-line program there is practically no difference between a global and a lexical variable, so use of strict 'vars' and my would be a waste of effort and space.

The style and maintenance rules for large programs simply do not apply here, because these are not large programs. I've heard plenty of arguments that you have to learn these style rules right from the beginning, apparently from people who think that if you once turn down the Path of Darkness your Soul is Lost Forevermore, and I think it's bullshit. A programmer has plenty of time as their programs get bigger to learn how to write bigger programs effectively. But it is not Castro's job , or the job of this book, to teach them; they should have another book for that. Anyone relying on Perl and CGI for the World Wide Web as their sole source of Perl information is going to write some very bad Perl programs, certainly, but an introduction to use strict is not going to help that. If you are worried about readers of this book perpetrating bad code, I think a better criticism would be that the book has so little material about subroutines and encapsulation issues. But as I said, I don't consider this a problem. There is plenty of time for the reader of this book to go and get a copy of Learning Perl. You say you started with this book, and it doesn't seem to have done you any lasting harm.

Now, that all said, what did I like about the book?

I liked the way it was broken down into small, easily digested units, one per page. I think that that, and the book's shortness, may be its best features.

One of my major criticisms of most introductory programming books is that they have very few realistic examples. Perl and CGI for the World Wide Web succeeds tremendously here. Every page has a clear, brief, and realistic example.

I liked the extensive discussion of permissions and the chmod() operator. I think too many books try to skip past this or keep their fingers crossed and try to ignore the issue, which Castro tackled head-on. (In your frothing about security you somehow missed this.)

I liked the discussion on page 27 of the distinction between the value of an expression and its side effects, although the terminology was a little strange: Castro missed the opportunity to introduce the term 'side effect'.

I found very few actual errors. Compared with, say, Perl For Dummies, this book is a marvel of correctness. In fact, it compares favorably in this regard with Object-Oriented Perl. Unlike most computer books, it's clear that it was carefuly edited and composed.

My most serious criticism of this book would be that it doesn't seem to include very much discussion of programming issues, such as how the programmer decides what variables and functions to use, and how the programmer breaks the task down into steps. But perhaps people don't have as much trouble with this as I think they do, or perhaps the many small examples Castro shows will provide a natural jumping-off place for new programmers to gradually extend and enhance the examples. The other worry I have is that the book seems to encourage the reader to paste in code without understanding what it's doing. Many times, the book says "Type a close parenthesis". It's hard for me to pin down just what I thought was bizarre about that, but I'll try. It seems to me to suggest that programming is about typing the right sequence of characters in the right order, and I don't think that's true. To program you have to have a deeper understanding of what's going on. (It reminds me of a comedy sketch I once saw in which a Shakespearean actor explained that Hamlet was the hardest role to play, because not only does he have more words to say than any other character, but one must speak all 12,483 words in the right order.)

One occasionally sees people asking questions like 'what do I type to change all the a's to b's in a string?' and then a couple days later from the same person 'what do I type to change all the f's to r's?' This person is missing something fundamental. I worried that the style of Castro's book would encourage this kind of misunderstanding. On the other hand, I was never sure that this was a real problem---maybe it isn't. I tried to imagine what I would have liked in place of "To do this, type this:...", and what came to mind was that I probably would have written "To do this, use this:..." But that is not different in any meaningful way.

Perl and CGI for the World-Wide Web is not the best possible book, and it has some serious problems. But it is valuable, and I think it will do a lot more good than harm. I have recommended it to people in the past, and I am looking forward to the second edition.

--
Mark Dominus
Perl Paraphernalia

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.