Skip to main content

Books: Python 3 Web Development Beginner’s Guide


Packt Publishing asked me to review Python 3 Web Development Beginner's Guide. I'll have to admit, it's a bit of an odd duck. A better (albeit overly verbose) title might have been "An Introduction to Rich Internet Application Development Using jQuery UI, a Very Modern Version of Python, a Relatively Old Python Web Application Framework Named CherryPy, and an Ancient Version of HTML Written by a Guy Who Uses Windows".

The first tipoff that this book was a bit strange was that the author uses Windows and some combination of Firefox and IE. It seems like most web developers use OS X (or occasionally Linux), and they prefer Chrome over IE.

The next tipoff was the use of jQuery UI. jQuery UI is a very modern technology which is often used to build rich internet applications. RIAs really aren't the sort of thing that I would expect to see in a book for beginners. What happened to the old days when beginning web applications focused on the server dynamically generating HTML? If I took the time to count the number of lines of code, I wouldn't be surprised if this book had more JavaScript than Python.

The title of this book mentions Python 3, but if you search for "Python 3" in the book, there are extremely few mentions of it. This book really isn't about Python 3 per se (as compared to Python 2); it has a lot more to do with jQuery UI.

Whereas Python 3 and jQuery UI are very modern technologies, standing in contrast is the book's use of HTML 4 and CherryPy. HTML 4 is an *ancient* version of HTML. I would expect anyone using jQuery UI to use either XHTML or HTML5. At the very least, I would have expected one of the transitional DTDs. Similarly, he uses CherryPy. Although I agree that CherryPy is solid code, it's also fairly old. It predates any of the modern Python frameworks.

This book claims to teach web development "without having to learn another web framework" [p. 1]. That's simply not true. It makes heavy use of CherryPy. The home page for CherryPy calls it an "HTTP framework" and says that it has "everything you would expect from a decent web framework." It's not as full-featured as, say, Django, but parts in the example code such as "@cherrypy.expose" [p. 36] are certainly framework features. In fact, "@cherrypy.expose" is part of CherryPy's object publishing system, which it uses as a replacement for regex-based URL routing.

Another thing that's a bit strange about this book is that the author doesn't use a client-side or a server-side templating language. In JavaScript, he tends to use string concatenation, which is weird because there is a templating plugin for jQuery. On the server, he embeds HTML directly in the Python code, which is pretty ugly (as he mentions on p. 229).

Furthermore, the code is extremely sloppy. The code does not follow Python's style guide concerning whitespace (PEP-8) (see, for example, p. 145) even though PEP-8 is extremely standard in the Python community. I don't know of anyone who puts a space before the colon in expressions such as "if not isinstance(name,str) :" [p. 146]. Nor is it even self consistent. The indentation in the JavaScript is not only non-standard and inconsistent, it's occasionally completely wrong [p. 118] (i.e. the indentation disagrees with the braces).

Aside from bad style, I'm a little concerned about various coding practices. For instance, the JavaScript at the bottom of p. 40 has variables that don't use var. This means they're effectively global. This is extremely bad practice. Fortunately, he does use var in other places in the book.

On the subject of security, there are several standard security vulnerabilities that web applications must protect against: XSS (cross-site scripting vulnerabilities), SQL injection attacks, XSRF (cross-site request forgeries), and session fixation (or session hijacking) attacks. Every book on web development should cover these.

The book mentions XSS, but I fear it's approach may not be thorough enough. It does not mention the term "SQL injection" attack, but the ORM shown in the book does look to be somewhat safe. It mentions XSRF, but says that it's out of scope. It doesn't mention "session fixation" or "session hijacking" at all. In general, I don't think the book is good enough about "escaping things" properly. For instance, on p. 293 the author creates a URL in JavaScript using values from a form, but he doesn't take care to URL encode the parameters.

Despite all of the above, I can say this about the book. The author does a good job explaining the web to beginners. Modern web applications are fairly complicated beasts. There's the client, the web server, and the database server, and they each require their own syntaxes. The author does a decent job explaining what runs where. It can be difficult for an expert web developer, such as myself, to remember that newbies might not know all these things.

In summary, will this book help you become a competent, professional web developer? Absolutely not. Is it as well written as, say, Agile Web Development with Rails. No. However, might it be a good way for a beginner to dip his toes in web development with Python and jQuery UI? Maybe.

(Disclaimers: Packt gave me a free electronic copy of this book in trade for my review. I have not read the whole thing. I did read the first 50 pages and skimmed various key sections.)

Comments

Anonymous said…
Hi,

Would you know a good book on a modern Python (django?) and jQuery/node.js/backbone development?
Joe said…
I have to object to your dismissal of CherryPy as "old" or even "relatively old." If Wikipedia is correct, CherryPy is the only framework that supports Python 3.x. CherryPy may not have as large a following as Django, Pylons or Zope and it certainly doesn't have bells and whistles (or preferred bells/whistles) like the others, but for some of us that can be considered an advantage.
Anonymous said…
"The first tipoff that this book was a bit strange was that the author uses Windows and some combination of Firefox and IE. It seems like most web developers use OS X (or occasionally Linux), and they prefer Chrome over IE."

Are you intentionally trolling here with this blanket statement? If you aren't testing your websites on internet explorer, I sure wouldn't want you developing websites for me.
Anonymous said…
Most developers, at least the ones that I know, don't use OS X. I'm not going to get into why, but it's not at all strange to use Windows. 92%+ of most peoples' customers/users use Windows, so it makes sense for the developer to use Windows also.

Not sure where you got the idea that OS X dominates the programming scene.

P.S., CherryPy may just be the best way to make web apps in Python. It's also fast. Being "relatively old" and still in use means *it works*. C is pretty old. We haven't all switched over to C# simply because it's newer.

Anyway, I'm done ranting. I am not terribly interested in the book, nor am I interested in a reviewer who apparently knows everything about everything.
jjinux said…
> Would you know a good book on a modern Python (django?) and jQuery/node.js/backbone development?

As for Python itself, I recommend "Learning Python" and "Python Essential Reference". I can't comment on Django since I try to avoid it. The last time I went to look for a jQuery book, I decided it was better to just read the tutorials. As for node.js, I suggest you look at gEvent instead.
jjinux said…
> I have to object to your dismissal of CherryPy as "old" or even "relatively old." If Wikipedia is correct, CherryPy is the only framework that supports Python 3.x. CherryPy may not have as large a following as Django, Pylons or Zope and it certainly doesn't have bells and whistles (or preferred bells/whistles) like the others, but for some of us that can be considered an advantage.

I apologize that it sounded like I'm dismissing CherryPy. I know Robert Brewer personally, and I think he's a fantastic coder. What I'm referring to is the fact that CherryPy has been around for a really long time. That doesn't mean you shouldn't use it.
jjinux said…
> Are you intentionally trolling here with this blanket statement? If you aren't testing your websites on internet explorer, I sure wouldn't want you developing websites for me.

I'm actually not trolling. I'm making a comment on culture. For instance, the entire Rails core team likes to brag about using TextMate on OS X. How many famous Python or Ruby web app developers can you think of that use Windows? I'm not saying that you can't use Windows. I'm just saying that it seems to be unpopular these days.
jjinux said…
> Most developers, at least the ones that I know, don't use OS X. I'm not going to get into why, but it's not at all strange to use Windows. 92%+ of most peoples' customers/users use Windows, so it makes sense for the developer to use Windows also.

The likelihood that a developer uses Windows for development seems to be inversely proportional to his distance from San Francisco. I generally work at startups in or around San Francisco, and the norm is to use Ruby on Rails with OS X. The further you get away from San Francisco, the more likely someone will prefer .NET on Windows.
jjinux said…
> Not sure where you got the idea that OS X dominates the programming scene.

By looking around at what developers are using at PyCon.
René Dudfield said…
Most web developers use windows... by a massive margin. See the number of pypi downloads that are for windows, or the market share of windows in general as proof. That's just for python, which is used for a tiny amount of development compared to the larger platforms. Web developers who develop for users, use windows (and osx, and linux...) since most users are on windows too.

Cherrypy is one of the most modern, and elegant web frame works. For example, it was one of the first to support python 3, and the newer version of wsgi. Cherrypy apps can often just be python objects. The expose decorator is an option for cherrypy, you can just use expose attributes instead if you like.

I feel like I just fed the trolls. I do agree with your part about html4 though ;)
jjinux said…
> Most web developers use windows

I stand corrected. I just saw some stats, and you're right. I guess I just happen to live in a bubble. Window usage among startups in San Francisco and among Python users at PyCon is fairly low, which led me to believe it was low for web developers everywhere.

The people all around me tend to use Macs for their laptops and Linux on their servers, but perhaps the Mac part of that equation is not so common elsewhere.
jjinux said…
I'm at JSCamp.Asia. The majority of the speakers have used Macs. I'm sitting in a row with a bunch of other speakers, and every single one of us has a Mac.

The percentage of Mac users is much higher among the speakers than the audience, but even the audience has a fairly high percentage of Mac users.

Popular posts from this blog

Ubuntu 20.04 on a 2015 15" MacBook Pro

I decided to give Ubuntu 20.04 a try on my 2015 15" MacBook Pro. I didn't actually install it; I just live booted from a USB thumb drive which was enough to try out everything I wanted. In summary, it's not perfect, and issues with my camera would prevent me from switching, but given the right hardware, I think it's a really viable option. The first thing I wanted to try was what would happen if I plugged in a non-HiDPI screen given that my laptop has a HiDPI screen. Without sub-pixel scaling, whatever scale rate I picked for one screen would apply to the other. However, once I turned on sub-pixel scaling, I was able to pick different scale rates for the internal and external displays. That looked ok. I tried plugging in and unplugging multiple times, and it didn't crash. I doubt it'd work with my Thunderbolt display at work, but it worked fine for my HDMI displays at home. I even plugged it into my TV, and it stuck to the 100% scaling I picked for the othe

ERNOS: Erlang Networked Operating System

I've been reading Dreaming in Code lately, and I really like it. If you're not a dreamer, you may safely skip the rest of this post ;) In Chapter 10, "Engineers and Artists", Alan Kay, John Backus, and Jaron Lanier really got me thinking. I've also been thinking a lot about Minix 3 , Erlang , and the original Lisp machine . The ideas are beginning to synthesize into something cohesive--more than just the sum of their parts. Now, I'm sure that many of these ideas have already been envisioned within Tunes.org , LLVM , Microsoft's Singularity project, or in some other place that I haven't managed to discover or fully read, but I'm going to blog them anyway. Rather than wax philosophical, let me just dump out some ideas: Start with Minix 3. It's a new microkernel, and it's meant for real use, unlike the original Minix. "This new OS is extremely small, with the part that runs in kernel mode under 4000 lines of executable code.&quo

Haskell or Erlang?

I've coded in both Erlang and Haskell. Erlang is practical, efficient, and useful. It's got a wonderful niche in the distributed world, and it has some real success stories such as CouchDB and jabber.org. Haskell is elegant and beautiful. It's been successful in various programming language competitions. I have some experience in both, but I'm thinking it's time to really commit to learning one of them on a professional level. They both have good books out now, and it's probably time I read one of those books cover to cover. My question is which? Back in 2000, Perl had established a real niche for systems administration, CGI, and text processing. The syntax wasn't exactly beautiful (unless you're into that sort of thing), but it was popular and mature. Python hadn't really become popular, nor did it really have a strong niche (at least as far as I could see). I went with Python because of its elegance, but since then, I've coded both p