Skip to main content

Books: Python 3 Web Development Beginner’s Guide


Packt Publishing asked me to review Python 3 Web Development Beginner's Guide. I'll have to admit, it's a bit of an odd duck. A better (albeit overly verbose) title might have been "An Introduction to Rich Internet Application Development Using jQuery UI, a Very Modern Version of Python, a Relatively Old Python Web Application Framework Named CherryPy, and an Ancient Version of HTML Written by a Guy Who Uses Windows".

The first tipoff that this book was a bit strange was that the author uses Windows and some combination of Firefox and IE. It seems like most web developers use OS X (or occasionally Linux), and they prefer Chrome over IE.

The next tipoff was the use of jQuery UI. jQuery UI is a very modern technology which is often used to build rich internet applications. RIAs really aren't the sort of thing that I would expect to see in a book for beginners. What happened to the old days when beginning web applications focused on the server dynamically generating HTML? If I took the time to count the number of lines of code, I wouldn't be surprised if this book had more JavaScript than Python.

The title of this book mentions Python 3, but if you search for "Python 3" in the book, there are extremely few mentions of it. This book really isn't about Python 3 per se (as compared to Python 2); it has a lot more to do with jQuery UI.

Whereas Python 3 and jQuery UI are very modern technologies, standing in contrast is the book's use of HTML 4 and CherryPy. HTML 4 is an *ancient* version of HTML. I would expect anyone using jQuery UI to use either XHTML or HTML5. At the very least, I would have expected one of the transitional DTDs. Similarly, he uses CherryPy. Although I agree that CherryPy is solid code, it's also fairly old. It predates any of the modern Python frameworks.

This book claims to teach web development "without having to learn another web framework" [p. 1]. That's simply not true. It makes heavy use of CherryPy. The home page for CherryPy calls it an "HTTP framework" and says that it has "everything you would expect from a decent web framework." It's not as full-featured as, say, Django, but parts in the example code such as "@cherrypy.expose" [p. 36] are certainly framework features. In fact, "@cherrypy.expose" is part of CherryPy's object publishing system, which it uses as a replacement for regex-based URL routing.

Another thing that's a bit strange about this book is that the author doesn't use a client-side or a server-side templating language. In JavaScript, he tends to use string concatenation, which is weird because there is a templating plugin for jQuery. On the server, he embeds HTML directly in the Python code, which is pretty ugly (as he mentions on p. 229).

Furthermore, the code is extremely sloppy. The code does not follow Python's style guide concerning whitespace (PEP-8) (see, for example, p. 145) even though PEP-8 is extremely standard in the Python community. I don't know of anyone who puts a space before the colon in expressions such as "if not isinstance(name,str) :" [p. 146]. Nor is it even self consistent. The indentation in the JavaScript is not only non-standard and inconsistent, it's occasionally completely wrong [p. 118] (i.e. the indentation disagrees with the braces).

Aside from bad style, I'm a little concerned about various coding practices. For instance, the JavaScript at the bottom of p. 40 has variables that don't use var. This means they're effectively global. This is extremely bad practice. Fortunately, he does use var in other places in the book.

On the subject of security, there are several standard security vulnerabilities that web applications must protect against: XSS (cross-site scripting vulnerabilities), SQL injection attacks, XSRF (cross-site request forgeries), and session fixation (or session hijacking) attacks. Every book on web development should cover these.

The book mentions XSS, but I fear it's approach may not be thorough enough. It does not mention the term "SQL injection" attack, but the ORM shown in the book does look to be somewhat safe. It mentions XSRF, but says that it's out of scope. It doesn't mention "session fixation" or "session hijacking" at all. In general, I don't think the book is good enough about "escaping things" properly. For instance, on p. 293 the author creates a URL in JavaScript using values from a form, but he doesn't take care to URL encode the parameters.

Despite all of the above, I can say this about the book. The author does a good job explaining the web to beginners. Modern web applications are fairly complicated beasts. There's the client, the web server, and the database server, and they each require their own syntaxes. The author does a decent job explaining what runs where. It can be difficult for an expert web developer, such as myself, to remember that newbies might not know all these things.

In summary, will this book help you become a competent, professional web developer? Absolutely not. Is it as well written as, say, Agile Web Development with Rails. No. However, might it be a good way for a beginner to dip his toes in web development with Python and jQuery UI? Maybe.

(Disclaimers: Packt gave me a free electronic copy of this book in trade for my review. I have not read the whole thing. I did read the first 50 pages and skimmed various key sections.)

Comments

Anonymous said…
Hi,

Would you know a good book on a modern Python (django?) and jQuery/node.js/backbone development?
Joe said…
I have to object to your dismissal of CherryPy as "old" or even "relatively old." If Wikipedia is correct, CherryPy is the only framework that supports Python 3.x. CherryPy may not have as large a following as Django, Pylons or Zope and it certainly doesn't have bells and whistles (or preferred bells/whistles) like the others, but for some of us that can be considered an advantage.
Anonymous said…
"The first tipoff that this book was a bit strange was that the author uses Windows and some combination of Firefox and IE. It seems like most web developers use OS X (or occasionally Linux), and they prefer Chrome over IE."

Are you intentionally trolling here with this blanket statement? If you aren't testing your websites on internet explorer, I sure wouldn't want you developing websites for me.
Anonymous said…
Most developers, at least the ones that I know, don't use OS X. I'm not going to get into why, but it's not at all strange to use Windows. 92%+ of most peoples' customers/users use Windows, so it makes sense for the developer to use Windows also.

Not sure where you got the idea that OS X dominates the programming scene.

P.S., CherryPy may just be the best way to make web apps in Python. It's also fast. Being "relatively old" and still in use means *it works*. C is pretty old. We haven't all switched over to C# simply because it's newer.

Anyway, I'm done ranting. I am not terribly interested in the book, nor am I interested in a reviewer who apparently knows everything about everything.
> Would you know a good book on a modern Python (django?) and jQuery/node.js/backbone development?

As for Python itself, I recommend "Learning Python" and "Python Essential Reference". I can't comment on Django since I try to avoid it. The last time I went to look for a jQuery book, I decided it was better to just read the tutorials. As for node.js, I suggest you look at gEvent instead.
> I have to object to your dismissal of CherryPy as "old" or even "relatively old." If Wikipedia is correct, CherryPy is the only framework that supports Python 3.x. CherryPy may not have as large a following as Django, Pylons or Zope and it certainly doesn't have bells and whistles (or preferred bells/whistles) like the others, but for some of us that can be considered an advantage.

I apologize that it sounded like I'm dismissing CherryPy. I know Robert Brewer personally, and I think he's a fantastic coder. What I'm referring to is the fact that CherryPy has been around for a really long time. That doesn't mean you shouldn't use it.
> Are you intentionally trolling here with this blanket statement? If you aren't testing your websites on internet explorer, I sure wouldn't want you developing websites for me.

I'm actually not trolling. I'm making a comment on culture. For instance, the entire Rails core team likes to brag about using TextMate on OS X. How many famous Python or Ruby web app developers can you think of that use Windows? I'm not saying that you can't use Windows. I'm just saying that it seems to be unpopular these days.
> Most developers, at least the ones that I know, don't use OS X. I'm not going to get into why, but it's not at all strange to use Windows. 92%+ of most peoples' customers/users use Windows, so it makes sense for the developer to use Windows also.

The likelihood that a developer uses Windows for development seems to be inversely proportional to his distance from San Francisco. I generally work at startups in or around San Francisco, and the norm is to use Ruby on Rails with OS X. The further you get away from San Francisco, the more likely someone will prefer .NET on Windows.
> Not sure where you got the idea that OS X dominates the programming scene.

By looking around at what developers are using at PyCon.
illume said…
Most web developers use windows... by a massive margin. See the number of pypi downloads that are for windows, or the market share of windows in general as proof. That's just for python, which is used for a tiny amount of development compared to the larger platforms. Web developers who develop for users, use windows (and osx, and linux...) since most users are on windows too.

Cherrypy is one of the most modern, and elegant web frame works. For example, it was one of the first to support python 3, and the newer version of wsgi. Cherrypy apps can often just be python objects. The expose decorator is an option for cherrypy, you can just use expose attributes instead if you like.

I feel like I just fed the trolls. I do agree with your part about html4 though ;)
Shannon Behrens said…
> Most web developers use windows

I stand corrected. I just saw some stats, and you're right. I guess I just happen to live in a bubble. Window usage among startups in San Francisco and among Python users at PyCon is fairly low, which led me to believe it was low for web developers everywhere.

The people all around me tend to use Macs for their laptops and Linux on their servers, but perhaps the Mac part of that equation is not so common elsewhere.
Shannon Behrens said…
I'm at JSCamp.Asia. The majority of the speakers have used Macs. I'm sitting in a row with a bunch of other speakers, and every single one of us has a Mac.

The percentage of Mac users is much higher among the speakers than the audience, but even the audience has a fairly high percentage of Mac users.