I consider myself a pragmatic person—one who uses the right tools for a job and employs the most straightforward and easy way to accomplish a task. To that end, I've been a great supporter and fan of Oracle's Application Express (APEX) from before the day it was introduced. I say "before the day" because I've had the honor and pleasure of using APEX long before it was released to the public at large. My web site, http://asktom.oracle.com, is one of the first ever built with the software that was to become known as APEX.

APEX is one of the most pragmatic database development tools I know of. It does one thing and one thing well: it rapidly implements fully functional database applications—applications that are used to predominantly access, display, and modify information stored in the database (you know, the important applications out there). It facilitates using the database and its feature set to the fullest, allowing you to implement some rather complex applications with as little work (code) as possible. It is possible to build extremely scalable applications with a huge user base (http://shop.oracle.com, for example, is built with APEX). It is possible to build extremely functional applications, with seriously powerful user interfaces (APEX itself is written in APEX, as proof of this). It is easy to build applications rapidly; for example, the current version of http://asktom.oracle.com was developed in a matter of days by two developers—in their spare time; it was not a full-time job.

While it all sounds wonderful and easy so far, APEX is a rather sophisticated tool with many bits of functionality and a large degree of control over how the generated application will look and feel. To fully utilize the power of APEX, you need to have a guide and a mentor to show you how to do so, very much akin to what I do with people regarding the Oracle database.

This book, Pro Oracle Application Express 4, is that guide. The authors, Tim Fox, John Scott, and Scott Spendolini are those mentors. The book walks you through the steps you need to understand after you've installed and started using APEX, to go beyond the sample applications. Covering diverse topics such as using the database features to full advantage (one of my favorite topics), to SQL injection attacks (what they are and how to avoid them in APEX), to printing, you'll find many real-world issues you will be faced with explained, demystified, and solved in this book.

This second edition of the book has been enhanced to cover some of the very latest additions to APEX. One of the most powerful new features is the ability to create your own components using a new plug-in architecture. You can create new components, and you can share those components in standardized ways. Chapter 12 goes into more detail on this exciting aspect of APEX development.

Other new features covered in this edition include Websheets and Dynamic Actions. Websheets provide a friendly and accessible way for end users to create their own applications. Dynamic Actions represents APEX 4.0's new support for Ajax, helping you to create highly interactive applications that run in the browser without constantly needing to refresh and load new pages.

Chapter 4, "Data Security," covers a wide breadth of topics about securing your database application, which is an even greater concern now than when the first edition was published. There is a section on URL injection issues that discusses what they are, how they are exploited, why you should care about them, and how to protect yourself from them. There is a section on session state protection that follows the same format: what it is, how it is exploited, why you should care, and how to protect yourself. The same mentoring occurs with data-level access, where the authors introduce how to use Virtual Private Database, a core database feature (not really an APEX feature) to protect your data from unauthorized access. Lastly, a critical application feature, auditing, is discussed in depth using the same "what it is, why it is, why you should care, and then how to do it" approach. While some of the content in this chapter is not specific to APEX, it is needed to give you a holistic view to building database applications, which is what this book is about.

This book covers not just the nitty-gritty details of building a secure application, but it also covers all you need to know to build database applications with APEX. When they are finished with security, the authors move on to other necessary topics, such as how to perform screen layout and application screen navigation, how to integrate reports and charts, how to integrate web services—enabling you to perform application integration—in an APEX environment, and much more.

If you are an APEX developer just starting out, or an APEX developer with experience under your belt and want to learn more about the environment you are using, this book is for you. It describes from start to finish how to build secure, functional, scalable applications using the APEX application development environment.

—Thomas Kyte

http://asktom.oracle.com