Thanks for the feedback. You raise some good issues and I realize that I should have tried to pay attention to some of the good in the book, rather than focus on the bad. This was a blunder on my part and clearly a blind spot that I tend to have.

That being said, unlike footpad, I disagree with you strongly regarding the security and 'strict' issues. I'm on the beginners-cgi mailing list and I try to answer questions for them (sometimes I even get an answer right). However, I've noticed a disturbing trend: many of these people seem to be maintaining or developing sites for businesses. I try as well as I can to steer them to better coding practices, but I am seeing so many people doing work that should be handled better.

Now admittedly, I may be biased here. I worked for a company where the lead programmer (of a small shop) learned Perl from Castro's book. While a sample of one is not the most useful for statistical analysis :), I saw poor coding habits that simply didn't need to be there. He never used strict. As a former Javascript programmer, he tended to end his Perl subs with return true;, not realizing that this was useless. Of course, his subs didn't need to return anything because all variables were global. He didn't check the status of his opens. He didn't validate any incoming data. He didn't...

Well, you get the picture. The surprising thing is, this guy was brilliant. He just had never been exposed to proper coding practices. Others that I have worked with (confession time: I'm one of them) have had tendencies to push back when new things are introduced. Many, many people get into a routine where they are comfortable and when another programmer comes along and says "you really should use strict", they resist. You don't need strict when you've found all of the bugs in your code, right?

Ask anyone who works with moderately complex systems (project management, software design, medicine, economics, etc.) and they'll all tell you the same thing: it's cheaper and quicker to prevent a problem than to clean it up after the fact. Pushing the glass away from the edge is a better solution than sweeping up the pieces. The same goes for good programming style: teach everyone from the start and they'll just do it. They won't know better. How many times have you heard someone say "I tried using strict but it breaks everything?" When that happens, more often then not, they just give up.

Dominus wrote:

When I was reading your criticism, I tried to imagine what would have satisfied you, and I don't believe that anything would have, unless maybe it was a much fatter book.

Well, this is something I can agree with. I don't think the book would have to be huge, but essentially, Castro gave a 'Cliff Notes' version of Perl/CGI programming. Can you imagine a thin calculus book? I'm not saying that Perl/CGI is as difficult as the Calculus, but what I am saying is that, to know Perl/CGI programming, there is much more territory to cover than what Castro has presented. The readers of the book were short-changed.

Dominus, I have a lot of respect for you, but I simply can't agree with you here. Too many people are exposed to poor code and are happy. They don't want to be told they're 'doing it wrong'. They often see it as a personal affront when someone points out code issues. If their stuff works, they're happy. Frankly, if their stuff works, I'm happy too. But not if I have to maintain it. Not if someone stores the price in hidden fields on a Web site. Not when someone defaces yet another Web site due to poor code. I, too, am looking forward to her next book, but only because davorg mentioned that it will be much better. Why deliberately start people out on a path that you know they must veer from?

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.