php and mysql - pearsoncmg.com › images › ... · php has native connections available to many...

PHP and MySQL® Web Development, Fourth EditionCopyright © 2009 by Pearson Education, Inc.

All rights reserved. No part of this book shall be reproduced, stored in aretrieval system, or transmitted by any means, electronic, mechanical, pho-tocopying, recording, or otherwise, without written permission from the pub-lisher. No patent liability is assumed with respect to the use of the infor-mation contained herein. Although every precaution has been taken in thepreparation of this book, the publisher and authors assume no responsibil-ity for errors or omissions. Neither is any liability assumed for damagesresulting from the use of the information contained herein.

Library of Congress Cataloging-in-Publication DataWelling, Luke, 1972-

PHP and MySQL Web development / Luke Welling, Laura Thomson. -- 4thed.

p. cm.ISBN 978-0-672-32916-6 (pbk. w/cd)

1. PHP (Computer program language) 2. SQL (Computer program language)3. MySQL (Electronic resource) 4. Web sites--Design. I. Thomson,

Laura. II. Title. QA76.73.P224W45 2008005.2'762--dc22

2008036492

Printed in the United States of America

First Printing: September 2008

ISBN-10: 0-672-32916-6ISBN-13: 978-0-672-32916-6

TrademarksAll terms mentioned in this book that are known to be trademarks or serv-ice marks have been appropriately capitalized. Pearson Education, Inc.cannot attest to the accuracy of this information. Use of a term in thisbook should not be regarded as affecting the validity of any trademark orservice mark.

Warning and DisclaimerEvery effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied. The information providedis on an “as is” basis. The authors and the publisher shall have neither lia-bility nor responsibility to any person or entity with respect to any loss ordamages arising from the information contained in this book or from the useof the CD-ROM or programs accompanying it.

Bulk SalesPearson Education, Inc. offers excellent discounts on this book whenordered in quantity for bulk purchases or special sales. For more informa-tion, please contact

U.S. Corporate and Government [email protected]

For sales outside the U.S., please contact

International [email protected]

Acquisitions EditorMark Taber

Development EditorMichael Thurston

Managing EditorPatrick Kanouse

Project EditorJennifer Gallant

Copy EditorBarbara Hacha

IndexerTim Wright

ProofreaderKathy Ruiz

Technical EditorTim Boronczyk

Publishing CoordinatorVanessa Evans

Multimedia DeveloperDan Scherf

Book Designer Gary Adair

CompositionBronkella Publishing

Introduction

WELCOME TO PHP AND MYSQL WEB DEVELOPMENT. Within its pages, you will finddistilled knowledge from our experiences using PHP and MySQL, two of the hottestweb development tools around.

In this introduction, we covern Why you should read this bookn What you will be able to achieve using this bookn What PHP and MySQL are and why they’re greatn What’s changed in the latest versions of PHP and MySQLn How this book is organized

Let’s get started.

Why You Should Read This BookThis book will teach you how to create interactive websites from the simplest orderform through to complex, secure e-commerce sites or interactive Web 2.0 sites.What’smore, you’ll learn how to do it using open source technologies.

This book is aimed at readers who already know at least the basics of HTML andhave done some programming in a modern programming language before but have notnecessarily programmed for the Internet or used a relational database. If you are a begin-ning programmer, you should still find this book useful, but digesting it might take a lit-tle longer.We’ve tried not to leave out any basic concepts, but we do cover them atspeed.The typical readers of this book want to master PHP and MySQL for the purposeof building a large or commercial website.You might already be working in another webdevelopment language; if so, this book should get you up to speed quickly.

We wrote the first edition of this book because we were tired of finding PHP booksthat were basically function references.These books are useful, but they don’t help whenyour boss or client has said,“Go build me a shopping cart.” In this book, we have doneour best to make every example useful.You can use many of the code samples directly inyour website, and you can use many others with only minor modifications.

2 Introduction

What You Will Learn from This BookReading this book will enable you to build real-world, dynamic websites. If you’ve builtwebsites using plain HTML, you realize the limitations of this approach. Static contentfrom a pure HTML website is just that—static. It stays the same unless you physicallyupdate it.Your users can’t interact with the site in any meaningful fashion.

Using a language such as PHP and a database such as MySQL allows you to makeyour sites dynamic: to have them be customizable and contain real-time information.

We have deliberately focused this book on real-world applications, even in the intro-ductory chapters.We begin by looking at a simple online ordering system and work ourway through the various parts of PHP and MySQL.

We then discuss aspects of electronic commerce and security as they relate to buildinga real-world website and show you how to implement these aspects in PHP and MySQL.

In the final part of this book, we describe how to approach real-world projects andtake you through the design, planning, and building of the following projects:

n User authentication and personalizationn Shopping cartsn Web-based emailn Mailing list managersn Web forumsn PDF document generationn Web services with XML and SOAPn Web 2.0 application with Ajax

You should be able to use any of these projects as is, or you can modify them to suityour needs.We chose them because we believe they represent some the most commonweb-based applications built by programmers. If your needs are different, this bookshould help you along the way to achieving your goals.

What Is PHP?PHP is a server-side scripting language designed specifically for the Web.Within anHTML page, you can embed PHP code that will be executed each time the page is vis-ited.Your PHP code is interpreted at the web server and generates HTML or other out-put that the visitor will see.

PHP was conceived in 1994 and was originally the work of one man, RasmusLerdorf. It was adopted by other talented people and has gone through four majorrewrites to bring us the broad, mature product we see today.As of November 2007, itwas installed on more than 21 million domains worldwide, and this number is growingrapidly. You can see the current number at http://www.php.net/usage.php.

http://www.php.net/usage.php

3Introduction

PHP is an Open Source project, which means you have access to the source code andcan use, alter, and redistribute it all without charge.

PHP originally stood for Personal Home Page but was changed in line with the GNUrecursive naming convention (GNU = Gnu’s Not Unix) and now stands for PHPHypertext Preprocessor.

The current major version of PHP is 5.This version saw a complete rewrite of theunderlying Zend engine and some major improvements to the language.

The home page for PHP is available at http://www.php.net.The home page for Zend Technologies is http://www.zend.com.

What Is MySQL?MySQL (pronounced My-Ess-Que-Ell ) is a very fast, robust, relational database managementsystem (RDBMS).A database enables you to efficiently store, search, sort, and retrievedata.The MySQL server controls access to your data to ensure that multiple users canwork with it concurrently, to provide fast access to it, and to ensure that only authorizedusers can obtain access. Hence, MySQL is a multiuser, multithreaded server. It usesStructured Query Language (SQL), the standard database query language. MySQL has beenpublicly available since 1996 but has a development history going back to 1979. It is theworld’s most popular open source database and has won the Linux Journal Readers’Choice Award on a number of occasions.

MySQL is available under a dual licensing scheme.You can use it under an opensource license (the GPL) free as long as you are willing to meet the terms of that license.If you want to distribute a non-GPL application including MySQL, you can buy a com-mercial license instead.

Why Use PHP and MySQL?When setting out to build a website, you could use many different products.You need to choose the following:

n Hardware for the web servern An operating systemn Web server softwaren A database management systemn A programming or scripting language

Some of these choices are dependent on the others. For example, not all operating systems run on all hardware, not all web servers support all programming languages, andso on.

In this book, we do not pay much attention to hardware, operating systems, or webserver software.We don’t need to. One of the best features of both PHP and MySQL isthat they work with any major operating system and many of the minor ones.

http://www.php.net

http://www.zend.com

4 Introduction

The majority of PHP code can be written to be portable between operating systemsand web servers.There are some PHP functions that specifically relate to the filesystemthat are operating system dependent, but these are clearly marked as such in the manualand in this book.

Whatever hardware, operating system, and web server you choose, we believe youshould seriously consider using PHP and MySQL.

Some of PHP’s StrengthsSome of PHP’s main competitors are Perl, Microsoft ASP.NET, Ruby (on Rails or oth-erwise), JavaServer Pages (JSP), and ColdFusion.

In comparison to these products, PHP has many strengths, including the following:n Performancen Scalabilityn Interfaces to many different database systemsn Built-in libraries for many common web tasksn Low costn Ease of learning and usen Strong object-oriented supportn Portabilityn Flexibility of development approachn Availability of source coden Availability of support and documentation

A more detailed discussion of these strengths follows.

PerformancePHP is very fast. Using a single inexpensive server, you can serve millions of hits per day.Benchmarks published by Zend Technologies (http://www.zend.com) show PHP out-performing its competition.

ScalabilityPHP has what Rasmus Lerdorf frequently refers to as a “shared-nothing” architecture.This means that you can effectively and cheaply implement horizontal scaling with largenumbers of commodity servers.

Database IntegrationPHP has native connections available to many database systems. In addition to MySQL,you can directly connect to PostgreSQL, Oracle, dbm, FilePro, DB2, Hyperwave,Informix, InterBase, and Sybase databases, among others. PHP 5 also has a built-in SQLinterface to a flat file, called SQLite.

http://www.zend.com

5Introduction

Using the Open Database Connectivity Standard (ODBC), you can connect to any data-base that provides an ODBC driver.This includes Microsoft products and many others.

In addition to native libraries, PHP comes with a database access abstraction layercalled PHP Database Objects (PDO), which allows consistent access and promotes securecoding practices.

Built-in LibrariesBecause PHP was designed for use on the Web, it has many built-in functions for per-forming many useful web-related tasks.You can generate images on the fly, connect toweb services and other network services, parse XML, send email, work with cookies, andgenerate PDF documents, all with just a few lines of code.

CostPHP is free.You can download the latest version at any time from http://www.php.netfor no charge.

Ease of Learning PHPThe syntax of PHP is based on other programming languages, primarily C and Perl. Ifyou already know C or Perl, or a C-like language such as C++ or Java, you will be pro-ductive using PHP almost immediately.

Object-Oriented SupportPHP version 5 has well-designed object-oriented features. If you learned to program inJava or C++, you will find the features (and generally the syntax) that you expect, suchas inheritance, private and protected attributes and methods, abstract classes and methods,interfaces, constructors, and destructors.You will even find some less common featuressuch as iterators. Some of this functionality was available in PHP versions 3 and 4, butthe object-oriented support in version 5 is much more complete.

PortabilityPHP is available for many different operating systems.You can write PHP code on freeUnix-like operating systems such as Linux and FreeBSD, commercial Unix versions suchas Solaris and IRIX, OS X, or on different versions of Microsoft Windows.

Well-written code will usually work without modification on a different system run-ning PHP.

Flexibility of Development ApproachPHP allows you to implement simple tasks simply, and equally easily adapts to imple-menting large applications using a framework based on design patterns such asModel–View–Controller (MVC).

http://www.php.net

6 Introduction

Source CodeYou have access to PHP’s source code.With PHP, unlike commercial, closed-sourceproducts, if you want to modify something or add to the language, you are free to do so.

You do not need to wait for the manufacturer to release patches.You also don’t needto worry about the manufacturer going out of business or deciding to stop supporting aproduct.

Availability of Support and DocumentationZend Technologies (www.zend.com), the company behind the engine that powers PHP,funds its PHP development by offering support and related software on a commercialbasis.

The PHP documentation and community are mature and rich resources with awealth of information to share.

What Is New in PHP 5?You may have recently moved to PHP 5 from one of the PHP 4.x versions.As youwould expect in a new major version, it has some significant changes.The Zend enginebeneath PHP has been rewritten for this version. Major new features are as follows:

n Better object-oriented support built around a completely new object model (seeChapter 6,“Object-Oriented PHP”)

n Exceptions for scalable, maintainable error handling (see Chapter 7,“Error andException Handling”)

n SimpleXML for easy handling of XML data (see Chapter 33,“Connecting to WebServices with XML and SOAP”)

Other changes include moving some extensions out of the default PHP install and intothe PECL library, improving streams support, and adding SQLite.

At the time of writing, PHP 5.2 was the current version, with PHP 5.3 on the nearhorizon. PHP 5.2 added a number of useful features including:

n The new input filtering extension for security purposesn JSON extension for better JavaScript interoperabilityn File upload progress trackingn Better date and time handlingn Many upgraded client libraries, performance improvements (including better

memory management in the Zend Engine), and bug fixes

Key Features of PHP 5.3You may have heard about a new major release of PHP, called PHP 6. At the time ofthis writing, PHP 6 is not in the release candidate stage, and hosting providers won’t be

www.zend.com

7Introduction

installing it for mass use for quite some time. However, some of the key features plannedin PHP 6 have been back-ported to PHP 5.3, which is a minor version release and clos-er to passing acceptance testing and thus installation by hosting providers (of course, ifyou are your own server’s administrator, you can install any version you like).Some of the new features in PHP 5.3 are listed below; additional information alsoappears throughout this book as appropriate:

n The addition of namespaces; for more information see http://www.php.net/language.namespaces

n The addition of the intl extension for application internationalization; for moreinformation see http://www.php.net/manual/en/intro.intl.php

n The addition of the phar extension for creating self-contained PHP applicationarchives; for more information see http://www.php.net/book.phar

n The addition of the fileinfo extension for enhanced ability to work with files;for more information see http://www.php.net/manual/en/book.fileinfo.php

n The addition of the sqlite3 extension for working with the SQLite EmbeddableSQL Database Engine; for more information see http://www.php.net/manual/en/class.sqlite3.php

n The inclusion of support for the MySQLnd driver, a replacement for libmysql; formore information see http://forge.mysql.com/wiki/PHP_MYSQLND

While the list above contains some of the highly-touted features of PHP 5.3, the releasealso includes a significant number of bug fixes and maintenance performed on existingfunctionality, such as:

n Removing support for any version of Windows older than Windows 2000 (such asWindows 98 and NT4)

n Ensuring the PCRE, Reflection, and SPL extensions are always enabledn Adding a few date and time functions for ease of date calculation and manipula-

tionn Improving the crypt(), hash(), and md5() functionality, as well as improving the

OpenSSL extensionn Improving php.ini administration and handling, including better error reportingn Continuing to fine-tune the Zend engine for better PHP runtime speed and

memory usage

Some of MySQLs StrengthsMySQLs main competitors are PostgreSQL, Microsoft SQL Server, and Oracle.MySQL has many strengths, including the following:

n High performancen Low cost

http://www.php.net/language.namespaces

http://www.php.net/language.namespaces

http://www.php.net/manual/en/intro.intl.php

http://www.php.net/book.phar

http://www.php.net/manual/en/book.fileinfo.php

http://www.php.net/manual/en/class.sqlite3.php

http://www.php.net/manual/en/class.sqlite3.php

http://forge.mysql.com/wiki/PHP_MYSQLND

8 Introduction

n Ease of configuration and learningn Portabilityn Availability of source coden Availability of support

A more detailed discussion of these strengths follows.

PerformanceMySQL is undeniably fast.You can see the developers’ benchmark page at http://web.mysql.com/whymysql/benchmarks. Many of these benchmarks show MySQL to beorders of magnitude faster than the competition. In 2002, eWeek published a benchmarkcomparing five databases powering a web application.The best result was a tie betweenMySQL and the much more expensive Oracle.

Low CostMySQL is available at no cost under an open source license or at low cost under a com-mercial license.You need a license if you want to redistribute MySQL as part of anapplication and do not want to license your application under an Open Source license. Ifyou do not intend to distribute your application—typical for most web applications, orare working on free or open source Software, you do not need to buy a license.

Ease of UseMost modern databases use SQL. If you have used another RDBMS, you should have notrouble adapting to this one. MySQL is also easier to set up than many similar products.

PortabilityMySQL can be used on many different Unix systems as well as under MicrosoftWindows.

Source CodeAs with PHP, you can obtain and modify the source code for MySQL.This point is notimportant to most users most of the time, but it provides you with excellent peace ofmind, ensuring future continuity and giving you options in an emergency.

Availability of SupportNot all open source products have a parent company offering support, training, consult-ing, and certification, but you can get all of these benefits from MySQL AB(www.mysql.com).

http://web.mysql.com/whymysql/benchmarks

http://web.mysql.com/whymysql/benchmarks

www.mysql.com

9Introduction

What Is New in MySQL 5?Major changes introduced for MySQL 5 include

n Viewsn Stored procedures (see Chapter 13,“Advanced MySQL Programming”)n Basic trigger supportn Cursor support

Other changes include more ANSI standard compliance and speed improvements.If you are still using an early 4.x version or a 3.x version of the MySQL server, youshould know that the following features were added to various versions from 4.0:

n Subquery supportn GIS types for storing geographical datan Improved support for internationalizationn The transaction-safe storage engine InnoDB included as standardn The MySQL query cache, which greatly improves the speed of repetitive queries

as often run by web applications

This book was written using MySQL 5.1 (Beta Community Edition).This version alsoadded support for

n Partitioningn Row based replication n Event schedulingn Logging to tablesn Improvements to MySQL Cluster, information schema, backup processes, and

many bug fixes

How Is This Book Organized?This book is divided into five main parts:

Part I,“Using PHP,” provides an overview of the main parts of the PHP languagewith examples. Each example is a real-world example used in building an e-commercesite rather than “toy” code.We kick off this section with Chapter 1,“PHP CrashCourse.” If you’ve already used PHP, you can whiz through this chapter. If you are newto PHP or new to programming, you might want to spend a little more time on it. Evenif you are quite familiar with PHP but you are new to PHP 5, you will want to readChapter 6,“Object-Oriented PHP,” because the object-oriented functionality haschanged significantly.

10 Introduction

Part II,“Using MySQL,” discusses the concepts and design involved in using relationaldatabase systems such as MySQL, using SQL, connecting your MySQL database to theworld with PHP, and advanced MySQL topics, such as security and optimization.

Part III,“E-commerce and Security,” covers some of the general issues involved indeveloping a website using any language.The most important of these issues is security.We then discuss how you can use PHP and MySQL to authenticate your users andsecurely gather, transmit, and store data.

Part IV,“Advanced PHP Techniques,” offers detailed coverage of some of the majorbuilt-in functions in PHP.We have selected groups of functions that are likely to be use-ful when building a website.You will learn about interaction with the server, interactionwith the network, image generation, date and time manipulation, and session variables.

Part V,“Building Practical PHP and MySQL Projects,” is our favorite section. It dealswith practical real-world issues such as managing large projects and debugging, and pro-vides sample projects that demonstrate the power and versatility of PHP and MySQL.

FinallyWe hope you enjoy this book and enjoy learning about PHP and MySQL as much aswe did when we first began using these products.They are really a pleasure to use. Soon,you’ll be able to join the many thousands of web developers who use these robust, pow-erful tools to easily build dynamic, real-time websites.

11Accessing Your MySQL Database

from the Web with PHP

PREVIOUSLY, IN OUR WORK WITH PHP,WE used a flat file to store and retrieve data.When we looked at this file in Chapter 2,“Storing and Retrieving Data,” we mentionedthat relational database systems make a lot of these storage and retrieval tasks easier, safer,and more efficient in a web application. Now, having worked with MySQL to create adatabase, we can begin connecting this database to a web-based front end.

In this chapter, we explain how to access the Book-O-Rama database from the Webusing PHP.You learn how to read from and write to the database and how to filterpotentially troublesome input data.

Key topics covered in this chapter includen How web database architectures workn Querying a database from the Web using the basic stepsn Setting up a connectionn Getting information about available databasesn Choosing a database to usen Querying the databasen Retrieving the query resultsn Disconnecting from the databasen Putting new information in the databasen Using prepared statementsn Using other PHP-database interfacesn Using a generic database interface: PEAR MDB2

268 Chapter 11 Accessing Your MySQL Database from the Web with PHP

How Web Database Architectures WorkIn Chapter 8,“Designing Your Web Database,” we outlined how web database architec-tures work. Just to remind you, here are the steps:

1. A user’s web browser issues an HTTP request for a particular web page. For exam-ple, the user might have requested a search for all the books written by MichaelMorgan at Book-O-Rama, using an HTML form.The search results page is calledresults.php.

2. The web server receives the request for results.php, retrieves the file, and passesit to the PHP engine for processing.

3. The PHP engine begins parsing the script. Inside the script is a command to con-nect to the database and execute a query (perform the search for books). PHPopens a connection to the MySQL server and sends on the appropriate query.

4. The MySQL server receives the database query, processes it, and sends the results—a list of books—back to the PHP engine.

5. The PHP engine finishes running the script.This usually involves formatting thequery results nicely in HTML. It then returns the resulting HTML to the webserver.

6. The web server passes the HTML back to the browser, where the user can see thelist of books she requested.

Now you have an existing MySQL database, so you can write the PHP code to performthe preceding steps. Begin with the search form.The code for this plain HTML form isshown in Listing 11.1.

Listing 11.1 search.html— Book-O-Rama’s Database Search Page

<html>

<head>

<title>Book-O-Rama Catalog Search</title>

</head>

<body>

<h1>Book-O-Rama Catalog Search</h1>

<form action="results.php" method="post">

Choose Search Type:<br />

<select name="searchtype">

<option value="author">Author</option>

<option value="title">Title</option>

<option value="isbn">ISBN</option>

</select>

<br />

Enter Search Term:<br />

<input name="searchterm" type=”"text" size="40"/><br />

269How Web Database Architectures Work

<input type="submit" name="submit" value="Search"/></form>

</body>

</html>

This HTML form is reasonably straightforward.The output of this HTML is shown inFigure 11.1.

Listing 11.1 Continued

Figure 11.1 The search form is quite general, so you can search for a bookby its title, author, or ISBN.

The script that will be called when the Search button is clicked is results.php. It islisted in full in Listing 11.2.Through the course of this chapter, we discuss what thisscript does and how it works.

Listing 11.2 results.php—This Script Retrieves Search Results from the MySQLDatabase and Formats Them for Display

<html>

<head>

<title>Book-O-Rama Search Results</title>

</head>

<body>

<h1>Book-O-Rama Search Results</h1>

<?php

// create short variable names

$searchtype=$_POST['searchtype'];

$searchterm=trim($_POST['searchterm']);


if (!$searchtype || !$searchterm) {

echo 'You have not entered search details. Please go back and try again.';

exit;

}

if (!get_magic_quotes_gpc()){

$searchtype = addslashes($searchtype);

$searchterm = addslashes($searchterm);

}

@ $db = new mysqli('localhost', 'bookorama', 'bookorama123', 'books');

if (mysqli_connect_errno()) {

echo 'Error: Could not connect to database. Please try again later.';

exit;

}

$query = "select * from books where ".$searchtype." like '%".$searchterm."%'";

$result = $db->query($query);

$num_results = $result->num_rows;

echo "<p>Number of books found: ".$num_results."</p>";

for ($i=0; $i <$num_results; $i++) {

$row = $result->fetch_assoc();

echo "<p><strong>".($i+1).". Title: ";

echo htmlspecialchars(stripslashes($row['title']));

echo "</strong><br />Author: ";

echo stripslashes($row['author']);

echo "<br />ISBN: ";

echo stripslashes($row['isbn']);

echo "<br />Price: ";

echo stripslashes($row['price']);

echo "</p>";

}

$result->free();

$db->close();

?>

</body>

</html>


271Querying a Database from the Web

Note that this script allows you to enter the MySQL wildcard characters % and _(underscore).This capability can be useful for the user, but you can escape these charac-ters if they will cause a problem for your application.

Figure 11.2 illustrates the results of using this script to perform a search.

Figure 11.2 The results of searching the database for books about Java arepresented in a web page using the results.php script.

Querying a Database from the WebIn any script used to access a database from the Web, you follow some basic steps:

1. Check and filter data coming from the user.

2. Set up a connection to the appropriate database.

3. Query the database.

4. Retrieve the results.

5. Present the results back to the user.

These are the steps we followed in the script results.php, so now let’s go through eachof them in turn.

Checking and Filtering Input DataYou begin the script by stripping any whitespace that the user might have inadvertentlyentered at the beginning or end of his search term.You do this by applying the functiontrim() to the value of $_POST['searchterm'] when giving it a shorter name:



The next step is to verify that the user has entered a search term and selected a searchtype. Note that you check whether the user entered a search term after trimming white-space from the ends of $searchterm. If you arrange these lines in the opposite order,you could encounter situations in which a user’s search term is not empty and thereforedoes not create an error message; instead, it is all whitespace, so it is deleted by trim():


echo "You have not entered search details. Please go back and try again.";

exit;

}

You check the $searchtype variable, even though in this case it’s coming from anHTML SELECT.You might ask why you should bother checking data that has to be filledin. It’s important to remember that there might be more than one interface to your data-base. For example,Amazon has many affiliates who use its search interface.Also, it’s sensi-ble to screen data in case of any security problems that can arise because of users comingfrom different points of entry.

When you plan to use any data input by a user, you need to filter it appropriately forany control characters.As you might remember, in Chapter 4,“String Manipulation andRegular Expressions,” we described the functions addslashes(), stripslashes(), andget_magic_quotes_gpc().You need to escape data when submitting any user input to adatabase such as MySQL.

In this case, you check the value of the get_magic_quotes_gpc() function. It tellsyou whether quoting is being done automatically. If it is not, you use addslashes() toescape the data:

if (!get_magic_quotes_gpc()) {



}

You also use stripslashes() on the data coming back from the database. If the magicquotes feature is turned on, the data will have slashes in it when it comes back from thedatabase, so you need to take them out.

Here you use the function htmlspecialchars() to encode characters that have spe-cial meanings in HTML.The current test data does not include any ampersands (&), lessthan (<), greater than (>), or double quotation mark (“) symbols, but many fine booktitles contain an ampersand. By using this function, you can eliminate future errors.

Setting Up a ConnectionThe PHP library for connecting to MySQL is called mysqli (the i stands for improved).When using the mysqli library in PHP, you can use either an object-oriented or proce-dural syntax.


You use the following line in the script to connect to the MySQL server:


This line instantiates the mysqli class and creates a connection to host localhost withusername bookorama, and password bookorama123.The connection is set up to use thedatabase called books.

Using this object-oriented approach, you can now invoke methods on this object toaccess the database. If you prefer a procedural approach, mysqli allows for this, too.Toconnect in a procedural fashion, you use

@ $db = mysqli_connect('localhost', 'bookorama', 'bookorama123', 'books');

This function returns a resource rather than an object.This resource represents the con-nection to the database, and if you are using the procedural approach, you will need topass this resource in to all the other mysqli functions.This is very similar to the way thefile-handling functions, such as fopen(), work.

Most of the mysqli functions have an object-oriented interface and a proceduralinterface. Generally, the differences are that the procedural version function names startwith mysqli_ and require you to pass in the resource handle you obtained frommysqli_connect(). Database connections are an exception to this rule because they canbe made by the mysqli object’s constructor.

The result of your attempt at connection is worth checking because none of the rest ofcode will work without a valid database connection.You do this using the following code:


echo 'Error: Could not connect to database. Please try again later.';exit;

}

(This code is the same for the object-oriented and procedural versions.) Themysqli_connect_errno() function returns an error number on error, or zero on success.

Note that when you connect to the database, you begin the line of code with theerror suppression operator, @.This way, you can handle any errors gracefully. (This couldalso be done with exceptions, which we have not used in this simple example.)

Bear in mind that there is a limit to the number of MySQL connections that canexist at the same time.The MySQL parameter max_connections determines what thislimit is.The purpose of this parameter and the related Apache parameter MaxClients isto tell the server to reject new connection requests instead of allowing machineresources to be completely used up at busy times or when software has crashed.

You can alter both of these parameters from their default values by editing the con-figuration files.To set MaxClients in Apache, edit the httpd.conf file on your system.To set max_connections for MySQL, edit the file my.conf.


Choosing a Database to UseRemember that when you are using MySQL from a command-line interface, you needto tell it which database you plan to use with a command such as

use books;

You also need to do this when connecting from the Web.The database to use is specifiedas a parameter to the mysqli constructor or the mysqli_connect() function. If youwant to change the default database, you can do so with the mysqli_select_db() func-tion. It can be accessed as either

$db->select_db(dbname)

or as

mysqli_select_db(db_resource, db_name)

Here, you can see the similarity between the functions that we described before:Theprocedural version begins with mysqli_ and requires the extra database handleparameter.

Querying the DatabaseTo actually perform the query, you can use the mysqli_query() function. Before doingthis, however, it’s a good idea to set up the query you want to run:


In this case, you search for the user-input value ($searchterm) in the field the user spec-ified ($searchtype). Notice the use of like for matching rather than equal: it’s usuallya good idea to be more tolerant in a database search.

TipRemember that the query you send to MySQL does not need a semicolon at the end of it, unlike a query you

type into the MySQL monitor.

You can now run the query:


Or, if you want to use the procedural interface, you use

$result = mysqli_query($db, $query);

You pass in the query you want to run and, in the procedural interface, the database link(again, in this case $db).

The object-oriented version returns a result object; the procedural version returns aresult resource. (This is similar to the way the connection functions work.) Either way,


you store the result in a variable ($result) for later use.This function returns false onfailure.

Retrieving the Query ResultsA large variety of functions is available to break the results out of the result object oridentifier in different ways.The result object or identifier is the key to accessing the rowsreturned by the query.

In this example, you counted the number of rows returned and also used themysqli_fetch_assoc() function.

When you use the object-oriented approach, the number of rows returned is storedin the num_rows member of the result object, and you can access it as follows:

$num_results = $result->num_rows;

When you use a procedural approach, the function mysqli_num_rows() gives you thenumber of rows returned by the query.You should pass it the result identifier, like this:

$num_results = mysqli_num_rows($result);

It’s useful to know this if you plan to process or display the results, because you nowknow how many there are and can loop through them:


// process results

}

In each iteration of this loop, you call $result->fetch_assoc() (ormysqli_fetch_assoc()).The loop does not execute if no rows are returned.This is afunction that takes each row from the resultset and returns the row as an array, with eachkey an attribute name and each value the corresponding value in the array:

$row = $result->fetch_assoc();

Or you can use a procedural approach:

$row = mysqli_fetch_assoc($result);

Given the array $row, you can go through each field and display it appropriately, asshown in this example:



As previously mentioned, you call stripslashes() to tidy up the value before display-ing it.


Several variations can be used to get results from a result identifier. Instead of an arraywith named keys, you can retrieve the results in an enumerated array withmysqli_fetch_row(), as follows:

$row = $result->fetch_row($result);

or

$row = mysqli_fetch_row($result);

The attribute values are listed in each of the array values $row[0], $row[1], and so on.(The mysqli_fetch_array() function allows you to fetch a row as either or both kindsof array.)

You could also fetch a row into an object with the mysqli_fetch_object() func-tion:

$row = $result->fetch_object();

or

$row = mysqli_fetch_object($result);

You can then access each of the attributes via $row->title, $row->author, and so on.

Disconnecting from the DatabaseYou can free up your resultset by calling either

$result->free();

or

mysqli_free_result($result);

You can then use

$db->close();

or

mysqli_close($db);

to close a database connection. Using this command isn’t strictly necessary because theconnection will be closed when a script finishes execution anyway.

Putting New Information in the DatabaseInserting new items into the database is remarkably similar to getting items out of thedatabase.You follow the same basic steps: make a connection, send a query, and check theresults. In this case, the query you send is an INSERT rather than a SELECT.

Although this process is similar, looking at an example can sometimes be useful. InFigure 11.3, you can see a basic HTML form for putting new books into the database.

The HTML for this page is shown in Listing 11.3.

277Putting New Information in the Database

Figure 11.3 This interface for putting new books into the database could beused by Book-O-Rama’s staff.

Listing 11.3 newbook.html— HTML for the Book Entry Page

<html>

<head>

<title>Book-O-Rama - New Book Entry</title>

</head>

<body>

<h1>Book-O-Rama - New Book Entry</h1>

<form action="insert_book.php" method="post">

<table border="0">

<tr>

<td>ISBN</td>

<td><input type="text" name="isbn" maxlength="13" size="13"></td>

</tr>

<tr>

<td>Author</td>

<td> <input type="text" name="author" maxlength="30" size="30"></td>

</tr>

<tr>

<td>Title</td>

<td> <input type="text" name="title" maxlength="60" size="30"></td>

</tr>

<tr>

<td>Price $</td>

<td><input type="text" name="price" maxlength="7" size="7"></td>


</tr>

<tr>

<td colspan="2"><input type="submit" value="Register"></td>

</tr>

</table>

</form>

</body>

</html>

The results of this form are passed along to insert_book.php, a script that takes thedetails, performs some minor validations, and attempts to write the data into the data-base.The code for this script is shown in Listing 11.4.

Listing 11.4 insert_book.php— This Script Writes New Books into the Database

<html>

<head>

<title>Book-O-Rama Book Entry Results</title>

</head>

<body>

<h1>Book-O-Rama Book Entry Results</h1>

<?php


$isbn=$_POST['isbn'];

$author=$_POST['author'];

$title=$_POST['title'];

$price=$_POST['price'];

if (!$isbn || !$author || !$title || !$price) {

echo "You have not entered all the required details.<br />"

."Please go back and try again.";

exit;

}


$isbn = addslashes($isbn);

$author = addslashes($author);

$title = addslashes($title);

$price = doubleval($price);

}



echo "Error: Could not connect to database. Please try again later.";

exit;

}


279Putting New Information in the Database

$query = "insert into books values

('".$isbn."', '".$author."', '".$title."', '".$price."')";


if ($result) {

echo $db->affected_rows." book inserted into database.";

} else {

echo "An error has occurred. The item was not added.";

}

$db->close();

?>

</body>

</html>

The results of successfully inserting a book are shown in Figure 11.4.


Figure 11.4 The script completes successfully and reports that the book hasbeen added to the database.

If you look at the code for insert_book.php, you can see that much of it is similar tothe script you wrote to retrieve data from the database.You check that all the form fieldswere filled in, and you format them correctly for insertion into the database (if required)with addslashes():


$isbn = addslashes($isbn);


$author = addslashes($author);

$title = addslashes($title);

$price = doubleval($price);

}

Because the price is stored in the database as a float, you don’t want to put slashes intoit.You can achieve the same effect of filtering out any odd characters on this numericalfield by calling doubleval(), which we discussed in Chapter 1,“PHP Crash Course.”This also takes care of any currency symbols that the user might have typed into theform.

Again, you connect to the database by instantiating the mysqli object and setting upa query to send to the database. In this case, the query is an SQL INSERT:

$query = "insert into books values

('".$isbn."', '".$author."', '".$title."', '".$price."')";


This query is executed on the database by calling $db->query() (or mysqli_query() ifyou want to do things procedurally).

One significant difference between using INSERT and SELECT is in the use ofmysqli_affected_rows().This is a function in the procedural version or a class mem-ber variable in the object-oriented version:

echo $db->affected_rows." book inserted into database.";

In the previous script, you used mysqli_num_rows() to determine how many rows werereturned by a SELECT.When you write queries that change the database, such asINSERTs, DELETEs, and UPDATEs, you should use mysqli_affected_rows() instead.

We’ve now covered the basics of using MySQL databases from PHP.

Using Prepared StatementsThe mysqli library supports the use of prepared statements.They are useful for speedingup execution when you are performing large numbers of the same query with differentdata.They also protect against SQL injection-style attacks.

The basic concept of a prepared statement is that you send a template of the queryyou want to execute to MySQL and then send the data separately.You can send multiplelots of the same data to the same prepared statement; this capability is particularly usefulfor bulk inserts.

You could use prepared statements in the insert_book.php script, as follows:

$query = "insert into books values(?, ?, ?, ?)";

$stmt = $db->prepare($query);

$stmt->bind_param("sssd", $isbn, $author, $title, $price);

$stmt->execute();

echo $stmt->affected_rows.' book inserted into database.';

$stmt->close();

281Using Prepared Statements

Let’s consider this code line by line.When you set up the query, instead of substituting in the variables as done previously,

you put in question marks for each piece of data.You should not put any quotationmarks or other delimiters around these question marks.

The second line is a call to $db->prepare(), which is called mysqli_stmt_prepare() in the procedural version.This line constructs a statement object or resourcethat you will then use to do the actual processing.

The statement object has a method called bind_param(). (In the procedural version,it is called mysqli_stmt_bind_param().) The purpose of bind_param() is to tell PHPwhich variables should be substituted for the question marks.The first parameter is a for-mat string, not unlike the format string used in printf().The value you are passinghere (“sssd”) means that the four parameters are a string, a string, a string, and a double,respectively. Other possible characters in the format string are i for integer and b forblob.After this parameter, you should list the same number of variables as you have ques-tion marks in your statement.They will be substituted in this order.

The call to $stmt->execute() (mysqli_stmt_execute() in the procedural version)actually runs the query.You can then access the number of affected rows and close thestatement.

So how is this prepared statement useful? The clever thing is that you can change thevalues of the four bound variables and re-execute the statement without having to repre-pare.This capability is useful for looping through bulk inserts.

As well as binding parameters, you can bind results. For SELECT type queries, you canuse $stmt->bind_result() (or mysqli_stmt_bind_result()) to provide a list of vari-ables that you would like the result columns to be filled into. Each time you call $stmt->fetch() (or mysqli_stmt_fetch()), column values from the next row in the resultsetare filled into these bound variables. For example, in the book search script you lookedat earlier, you could use

$stmt->bind_result($isbn, $author, $title, $price);

to bind these four variables to the four columns that will be returned from the query.After calling

$stmt->execute();

you can call

$stmt->fetch();

in the loop. Each time this is called, it fetches the next result row into the four boundvariables.

You can also use mysqli_stmt_bind_param() and mysqli_stmt_bind_result() inthe same script.


Using Other PHP-Database InterfacesPHP supports libraries for connecting to a large number of databases, including Oracle,Microsoft SQL Server, and PostgreSQL.

In general, the principles of connecting to and querying any of these databases aremuch the same.The individual function names vary, and different databases have slightlydifferent functionality, but if you can connect to MySQL, you should be able to easilyadapt your knowledge to any of the others.

If you want to use a database that doesn’t have a specific library available in PHP, youcan use the generic ODBC functions. ODBC, which stands for Open DatabaseConnectivity, is a standard for connections to databases. It has the most limited function-ality of any of the function sets, for fairly obvious reasons. If you have to be compatiblewith everything, you can’t exploit the special features of anything.

In addition to the libraries that come with PHP, available database abstraction classessuch as MDB2 allow you to use the same function names for each type of database.

Using a Generic Database Interface: PEAR MDB2Let’s look at a brief example using the PEAR MDB2 abstraction layer.This is one of themost widely used of all the PEAR components. Instructions for installing the MDB2abstraction layer can be found in the “PEAR Installation” section in Appendix A,“Installing PHP and MySQL.”

For comparative purposes, let’s look at how you could write the search results scriptdifferently using MDB2.

Listing 11.5 results_generic.php—Retrieves Search Results from the MySQLDatabase and Formats Them for Display

<html>

<head>

<title>Book-O-Rama Search Results</title>

</head>

<body>

<h1>Book-O-Rama Search Results</h1>

<?php


$searchtype=$_POST['searchtype'];



echo "You have not entered search details. Please go back and try again.";

exit;

}



283Using Other PHP-Database Interfaces


}

// set up for using PEAR MDB2

require_once('MDB2.php');

$user = 'bookorama';

$pass = 'bookorama123';

$host = 'localhost';

$db_name = 'books';

// set up universal connection string or DSN

$dsn = "mysqli://".$user.":".$pass."@".$host."/".$db_name;

// connect to database

$db = &MDB2::connect($dsn);

// check if connection worked

if (MDB2::isError($db)) {

echo $db->getMessage();

exit;

}

// perform query



// check that result was ok

if (MDB2::isError($result)) {


exit;

}

// get number of returned rows

$num_results = $result->numRows();

// display each returned row


$row = $result->fetchRow(MDB2_FETCHMODE_ASSOC);

echo "<p><strong>".($i+1).". Title: ";

echo htmlspecialchars(stripslashes($row['title']));

echo "</strong><br />Author: ";

echo stripslashes($row['author']);





echo "<br />Price: ";

echo stripslashes($row['price']);

echo "</p>";

}

// disconnect from database

$db->disconnect();

?>

</body>

</html>

Let’s examine what you do differently in this script.To connect to the database, you use the line

$db = MDB2::connect($dsn);

This function accepts a universal connection string that contains all the parameters nec-essary to connect to the database.You can see this if you look at the format of the con-nection string:

$dsn = "mysqli://".$user.":".$pass."@".$host."/".$db_name;

After this, you check to see whether the connection was unsuccessful using theisError() method and, if so, print the error message and exit:

if (MDB2::isError($db)) {


exit;

}

Assuming everything has gone well, you then set up a query and execute it as follows:


You can check the number of rows returned:

$num_results = $result->numRows();

You retrieve each row as follows:

$row = $result->fetchRow(DB_FETCHMODE_ASSOC);

The generic method fetchRow()can fetch a row in many formats; the parameterMDB2_FETCHMODE_ASSOC tells it that you would like the row returned as an associative array.

After outputting the returned rows, you finish by closing the database connection:

$db->disconnect();

As you can see, this generic example is similar to the first script.


285Next

The advantages of using MDB2 are that you need to remember only one set of data-base functions and that the code will require minimal changes if you decide to changethe database software.

Because this is a MySQL book, we use the MySQL native libraries for extra speedand flexibility.You might want to use the MDB2 package in your projects because some-times the use of an abstraction layer can be extremely helpful.

Further ReadingFor more information on connecting MySQL and PHP together, you can read theappropriate sections of the PHP and MySQL manuals.

For more information on ODBC, visit http://www.webopedia.com/TERM/O/ODBC.html.

NextIn the next chapter, we go into more detail about MySQL administration and discusshow to optimize databases.

http://www.webopedia.com/TERM/O/ODBC.html

http://www.webopedia.com/TERM/O/ODBC.html

Index

SYMBOLS! (logical operator), 38!= (comparison operator), 37!= (inequality operator), 40, 87!== (comparison operator), 37!== (non-identity operator), 40, 87$result->fetch_assoc() function, 275$type parameter, 829% (modulus operator), 33% (wildcard character), 293%= (combined assignment operator), 35& (bitwise operator), 38& (reference operator), 36&& (logical operator), 38+ (addition operator), 33+ (plus symbol), 126, 748+ (union operator), 40, 87++ (increment operator), 35-36+= (combined assignment operator), 35, (comma operator), 39- (subtraction operator), 33— (decrement operator), 35-36-= (combined assignment operator), 35. (string concatenation operator), 26-27.= (combined assignment operator), 35/ (division operator), 33/= (combined assignment operator), 35< (comparison operator), 37<< (bitwise operator), 38<= (comparison operator), 37= (assignment operator), 34== (comparison operator), 37== (equality operator), 40, 87== (equals comparison operator), 37=== (comparison operator), 37=== (identity operator), 40, 87?: (ternary operator), 39@ (error suppression operator), 39

Aa file mode, 63a+ file mode, 63about.php files (Tahuayo application), 819absolute paths, 62abstract classes, 186access

associative array contents, 85control (authentication)

implementing, 392-395multiple pages, protecting, 399passwords, 395-399

modifiers, 166-167MySQL, 219-220numerically indexed array contents,

accessing, 83-84to .php files, restricting, 374-375restricting to sensitive data, 364substrings, substr() function, 118-119

accountscreating, 668-669deleting, 670modifying, 670online newsletters, 702-705, 719selecting, 671, 673setting up, 666-668

ACID compliance transactions, 313Acrobat Web site, 776actions

Amazon, 826MLM, 701script architecture, 694

Add to Cart link, 817add_bm() function, 597-598, 881add_bms.php files (PHPBookmark applica-

tion), 572add_bm_form.php files (PHPBookmark

application), 572add_quoting() function, 766addBMResponse() function, 874adding Ajax elements to PHPbookmark proj-

ects, 871-880addition (+) operator, 33addNewBookmark() function, 873addslashes() function, 114, 272, 296, 417addToCart() function, 852

admin.php files (Shopping Cart application),611

admin.php script (Shopping Cart applica-tion), 641-643

admin_fns.php files (Shopping Cart applica-tion), 612

administration, 609, 643-650administration menu (admin.php),

641-643edit_book_form.php script, 646functions, online newsletters, 721insert_book.php script, 644-645insert_book_form.php script, 644show_book.php script, 646users, 226-227views, 609

AdobeFDF Web site, 789PostScript, 774-775Web site, 776

Advanced Maryland Automated NetworkDisk Archiver (AMANDA), 358

advanced OO features, 184-186, 191aggregate functions, MySQL, 256aggregating data, 256-257Ajax, 856

bookmarks, adding, 872developer Web sites, 885elements, 871-880JavaScript libraries, 884servers

communication, 863-864response, 866

XMLHTTPRrequest object, 860-862ajaxServerTime.html, 866-869aliases, tables, 253-254ALL privilege, 227ALTER privilege, 225ALTER TABLE statement, 261-263AMANDA (Advanced Maryland Automated

Network Disk Archiver), 358Amazon

actions, 826Associate ID, 813books, showing in categories, 826-828browse nodes, 816caching, 814-815, 846-849checking out, 852-853

912 a file mode

connecting, 807-808constants.php file, 823developer token, 813index.php file, 820-826PHP SOAP libraries, 814project codes, installing, 853-854REST/XML, 838-839, 844sessions, creating, 823shopping carts, building, 813, 849-852SOAP (Simple Object Access

Protocol), 845-846solution overview, 815-820Web Services interfaces, 813-814XML, parsing, 814

AmazonResultSet class, 819, 828-829Analog Web site, 330anchoring strings, 126-127and operator, 38anomalies, avoiding (Web databases), 213anonymous login (FTP), 462ANSI Web site, 265anti-aliasing text, 489Apache

configurations, PHP installations, 904HTTP server, 380-381installation

binary installations, 890source installations, 891Windows, 902

parameters, MaxClients, 273resources, 909running, 897Software Web site, 909Today Web site, 909Web server

basic authentication (HTTP),400-406

htpasswd program, 405mod_auth module, 402mod_auth_mysql module, 406-408

Web site, 891Week Web site, 909

applicationsarchives, 7Bob’s Auto Parts, 14, 17, 199-202

Book-O-Rama applicationDatabase Search page, 268schema, 219, 230

content, 546development environment, 544documentation, 544-545internationalization, 7layer protocols, 414logic, 546optimizations, 546-547PHPBookmark

creating, 569extensions, 606files, 572

planning, 536-537prototypes, 545-546rewriting code, 537-538running, 536-537Shopping Cart. See Shopping Cart

applicationSmart Form Mail

creating, 107-109regular expressions, 128-129

software engineering, 536Tahuayo (Amazon), 815-820testing code, 548tiers, 218version control, 542-543Web forum. See Web forum applica-

tionwriting maintainable code, 538

breaking up, 541-542code standards, 538commenting, 540directory structures, 542function libraries, 542indenting, 540-541naming conventions, 538-540

architecture, Web databases, 216-218archives

applications, 7BUGTRAQ, 437

arguments, 22Array data type (variables), 29array() language construct, 82array_count_values() function, 104

913array_count_values() function

array_push() function, 713array_reverse() function, 97-98array_walk() function, 103-104arrays, 81-82

associative, 85contents, accessing, 85each() function, 85-87initializing, 85list() function, 85-87looping through, 85-87

bounding box contents, 497categoryList, 827converting to scalar variables, 105-106elements, 82

applying functions, 103-104counting, 104

functions, passing by reference, 104indexes, 82key-value pairs, getdate() function, 473loading from files, 98-101medium style form variable, 24multidimensional, 81, 88-92

sorting, 93-95three-dimensional arrays, 90, 92two-dimensional arrays, 88-90

navigating within an array, 102numerically indexed arrays

accessing with loops, 84contents, accessing, 83-84initializing, 82-83

operators, 33-34, 87-88reordering, 96

array_reverse() function, 97-98shuffle() function, 96

set cardinality, 104sorting, 92

asort() function, 93ksort() function, 93reverse order, 93sort() function, 92

superglobal, 24article list (Web forum application), 747,

749adding new articles, 762-769displaying articles, 752-753plus symbols, 748

threadscollapsing, 748-752expanding, 748-751

treenode class, 753, 757-760viewing individual articles, 760-762

ASCII, 772ASINSearch() method, 829asort() function, 93ASP style (PHP tags), 19assignment operators, 28, 34

combination assignment operators, 35decrement operators, 35-36equal sign (=), 25increment operators, 35-36reference operator, 36returning values, 34-35

Associate ID (Amazon), 813associative arrays, 85. See also arrays

contents, accessing, 85each() function, 85-87initializing, 85list() function, 85-87looping through, 85, 87

associativity, operators, 42-44asterisk symbol (*), regular expressions, 126atomic column values (databases), 214-215attachments, email, 689attributes, 162-166

creating, 162-164overriding, 170-173

auditing, 357authentication, 343, 350-351, 383-384,

401-406. See also securityaccess control

encrypting passwords, 397-399implementing, 392-395multiple pages, protecting, 399storing passwords, 395

basic authentication (HTTP), 399-400with Apache .htaccess files,

402-406in PHP, 400-402

custom, creating, 408digest authentication (HTTP), 400identifying users, 391-392

914 array_push() function

mod_auth_mysql module, 406-408documentation Web sites, 408installing, 406-407testing, 407

passwords, 350-351session control, 517-524

authmain.php script, 517-522logout.php script, 523-524members_only.php script, 522-523

usersinput data, validating, 580logging in, 584-587logging out, 587-588passwords, 588-595registering, 577, 580-583

Web sites, 408authmain.php script (authentication),

517-522auto_append_file (php.ini file), 142-143AUTO_INCREMENT keyword, 231auto_prepend_file (php.ini file), 142-143autocommit mode, 314autoload()function, 187automatic generation of images, 490-491AVG(column) function, 256

Bb file mode, 63backing up, 358

AMANDA (Advanced MarylandAutomated Network Disk Archiver),358

databases, 305-306FTP functions, 459-463

checking update times, 464-465closing connections, 466downloads, 465-466logins, 463remote connections, 463

MySQL databases, 358backticks, 448backtrace (functions), 196base canvases, 495baseline descenders, 497basename() function, 442, 445

basic authentication (HTTP), 399-400with Apache .htaccess files, 402-406in PHP, 400-402

binary installations, 890MySQL, 892-893

binary large objects (BLOB types), 239, 241bind_param() method, 281bindings, late static bindings, 185-186bitwise operators, 38BLOB types (binary large objects), 239-241blocks, 47

catch (exception handling), 194try (exception handling), 193

Bob’s Auto Parts application, 14, 17exception handling, 199-202

book details page (Shopping Cart applica-tion), 616, 622-623, 646

Book-O-Rama applicationDatabase Search page, 268schema, 219, 230setting up, 243tables, SQL code, 245

book_fns.php files (Shopping Cart applica-tion), 612

book_sc database (Shopping Cart applica-tion), 612, 614-615

book_sc.sql files (Shopping Cart applica-tion), 612

book_sc_fns.php files (Shopping Cart appli-cation), 612

bookdisplayfunctions.php files (Tahuayoapplication), 819

bookmark_fns.php files (PHPBookmarkapplication), 572

bookmarks, 571adding, 596-599, 872bookmark.gif files (PHPBookmark

application), 572deleting, 600-602displaying, 599recommending, 571storing, 571

bookmarks.sql files (PHPBookmark applica-tion), 572

books, Amazon categories, 826, 828Boolean data type (variables), 29bottom-up approach to security, 363bottom.php files (Tahuayo application), 819

915bottom.php files (Tahuayo application)

bounding boxesarray contents, 497coordinates, 496

Boutell Web site, 508branching (regular expressions), 127break statement, 56breaking up code, 541-542brochureware sites, 328

common pitfalls, 330limitations, 328

answering feedback, 329lack of information, 328poor presentation, 329tracking success, 330-331updated information, 329

browse nodes (Amazon), 816browsedir.php file, 439browseNode variable, 824browseNodeSearch() function, 845browseNodeSearch() method, 829, 835browsers

authentication, 351directories, 439secure transactions, 410-411Web database architecture, 216

bugs, 376-377PHP 5.3 fixes, 7regression, 377

BUGTRAQ archives, 437building MLM, 687buttons

colors, 495make_button.php scripts, 492scripts, calling, 493text

colors/fonts, 492fitting onto, 495-498positioning, 498-499writing, 499

Ccache() function, 847-848cached() function, 847-848cachefunctions.php files (Tahuayo applica-

tion), 820caching Amazon, 814-815, 846-849calculate_items() function, 630-631

calculate_price() function, 630-631calculating dates

in MySQL, 478-480in PHP, 477-478

calendar functions, 480-481calling

button scripts, 493class operations, 167functions, 22, 143

case sensitivity, 146errors, 66parameters, 143-144prototypes, 144undefined functions, 145-146

canvasbase, 495images, creating, 487

caret symbol (^), regular expressions,126-127

Cartesian product, 250, 254cartfunctions.php files (Tahuayo application),

820CAs (Certifying Authorities), 355cascading style sheets (CSS), 546case sensitivity

calling functions, 146MySQL statements, 221strings, changing, 113-114

casts (variable types), 30catalog scripts (Shopping Cart application),

615-617index.php, 615-620show_book.php, 616, 622-623, 646show_cat.php, 615, 620-622

catch blocks (exception handling), 194categories, Amazon books, 826, 828category page (Shopping Cart application),

615, 620-622categoryfunctions.php files (Tahuayo applica-

tion), 820categoryList array, 827Certificate Signing Request (CSR), 356-357certification projects, personalized docu-

ments, 779files, 779index.html file, 780-781PDF, 788-796PDFlib, 796, 802-804

916 bounding boxes

RTF, 784-787score.php file, 782-784

Certifying Authorities (CAs), 355CGI Interpreter, 890CGI specification Web site, 450change_passwd.php files (PHPBookmark

application), 572change_passwd_form.php files

(PHPBookmark application), 572change_password() function, 590, 720change_password.php files (Shopping Cart

application), 611change_password_form.php files (Shopping

Cart application), 611characters

classes, 125escaping, 114padding, 112reading, 75sets, 124-125

check_admin_user() function, 700check_auth_user() function, 665check_logged_in() function, 700check_normal_user() function, 700check_valid_user() function, 585checkdate() function, 370, 474Checkout links, 818checkout.php files (Shopping Cart applica-

tion), 611checkout.php script (Shopping Cart applica-

tion), 633-638chgrp() function, 446child nodes (Web forum tree structure), 743chmod() function, 446chown() function, 446ciphertext (encryption), 351classes, 160-161

abstract, 186AmazonResultSet, 828-829attributes, 164-166calling, 167character (regular expressions), 125converting to strings, 190creating, 162-164CSS, 859designing, 174-175Exception, 195-196

extending, 196-197methods, 195

exceptions, creating, 196inheritance, 162instantiating, 164polymorphism, 161Product, 839tree_node class, 743treenode class (Web forum applica-

tion), 753-760type hinting, 184writing code for, 175-183

clausesGROUP BY, 256-257HAVING, 257LIMIT, 258ORDER BY, 255SELECT, 255-257throw, 196WHERE, 248

comparison operators, 248-249join condition, 250

client-side programming, 859cloning objects, 186closedir($dir) function, 440closing tags (XML), 810code

blocks, 47content, 546execution directives, 57indenting, 47logic, 546naming conventions, 539organizing, 374optimizations, 546-547prototypes, 545-546reusing. See reusing coderewriting, 537-538Shopping Cart application, 610testing, 548version control, 542-543

CVS (Concurrent VersionsSystem), 543

multiple programmers, 543repository, 542-543

writing, 538-541Codewalkers Web site, 909collapsing threads (Web forum application),

748, 752

917collapsing threads (Web forum application)

colorsbuttons, 495RGB (red, green, and blue), 488text, 492

columns, 232-236date and time types, 238-239DESCRIBE statement, 299keys, 209

creating, 215foreign keys, 210primary keys, 210

numeric types, 236-238floating point data types, 237-238integral data types, 237

string, 239-241values, 209

atomic column values, 214-215EXPLAIN statement, 303

columns_priv table, 288, 292-293combination assignment operators, 35comma (,) operator, 39command line, 531commands

DESCRIBE, 233-234GRANT, 223-228LOCK TABLES, 305mysql, 221mysql_dump, 305phpinfo(), 31REVOKE, 227-228SHOW, 233-234SQL, 229-231traceroute (UNIX), 344Web server functions, 447-450

comments, 20-21, 540commercial Web sites, 327, 336

adding value to goods or services, 335authentication, 343cutting costs, 335-336firewalls, 357-358importance of stored information, 342online brochures, 328

common pitfalls, 330limitations, 328-331

orders for goods or services, 331-334privacy policies, 333

providing services and digital goods,334-335

return policies, 333risks, 336

competition, 338crackers, 337failure to attract business, 337-338hardware failure, 337legislation and taxes, 339service provider failures, 338software errors, 338system capacity limits, 339

security, 342auditing, 357authentication, 350-351backing up data, 358Certificate Signing Request

(CSR), 356-357Certifying Authorities (CAs), 355compromises, 349digital certificates, 355digital signatures, 354-355encryption, 351-354hash function, 354log files, 357passwords, 350-351physical security, 359Secure Web servers, 356-357security policies, creating, 349-350threats, 342-348

SSL (Secure Sockets Layer), 333strategies, selecting, 339types, 327-328

committed transactions, 314comparing strings, 119

length, testing, 120strcasecmp() function, 119strcmp() function, 119strnatcmp() function, 119

comparison operators, 36-37equals operator, 37WHERE clauses, 248-249

compatibility of commercial Web sites, 334components, user personalization, 570compression, SSL (Secure Sockets Layer),

416

918 colors

compromised servers, 365Concurrent Versions System (CVS), 543conditionals, 46

code blocks, 47comparing, 51else statements, 47elseif statements, 48-49if statements, 46-47indenting code, 47switch statements, 49-51

conditions, join, 250configuration

DMZs, 386-387PHP, 894sessions, 516-517web servers

Apache HTTP server, 380-381Microsoft IIS, 381

connectionsAmazon, 807-808Database servers, 384-385FTP servers, closing, 466MySQL database, 293networks, runtime errors, 557-558remote FTP servers, 463Web databases, 273

constants, 31error reporting, 562

constants.php filesAmazon, 823Tahuayo application, 819

constructors, 163-164content (code), 546continuation symbol (MySQL), 220continue handlers, 320continue statements, 56control

characters\n (newline), 68\t (tab), 68

structures, 46, 49alternate syntax, 56breaking out of, 56conditionals, 46-51declare, 57

loops, 51-56stored procedures, 319-323

version (code), 542-543CVS (Concurrent Versions System),

543multiple programmers, 543repository, 542-543

conversionarrays to scalar variables, 105-106calendars, 481classes to strings, 190format strings, 112-113printf() function, 112-113type codes, 112-113

cookies, 510-511session IDs, 511-512setting, 510-511

coordinates, bounding boxes, 496copy() function, 447correlated subqueries, 260cos() function, 804count() function, 104COUNT(items) function, 256counting array elements, 104crackers, 337, 366CREATE privilege, 226CREATE TABLE command (SQL), 229-231CREATE TEMPORARY TABLES privilege, 226create_database.php files (Warm Mail appli-

cation), 655create_database.sql files, 745

MLM application, 691Web forum application, 744

credit card numbers, storing, 419criteria, retrieving from databases, 248-249cross join, 254crypt() function, 397-398

PHP 5.3, functionality in, 7cryptography, 352CSR (Certificate Signing Request), 356-357CSS (cascading style sheets), 546, 858

classes, 859curly braces ({}), regular expressions, 126current() function, 102cursors (stored procedures), 319-323custom authentication, creating, 408cutting costs (commercial Web sites), 335-336CVS (Concurrent Versions System), 543

919CVS (Concurrent Versions System)

Ddata

aggregating, 256-257encrypting, 418graphing, 499-507grouping, 256-257input

checking, 558user authentication validation, 580

inserting into databases, 244-245joins, 254-255loading from files, 311redundant data, avoiding (Web databas-

es), 212-213retrieving

from databases, 246-247from multiple tables, 249-250in a particular order, 255-256with specific criteria, 248-249

rows, returning, 258sensitive data

credit card numbers, storing, 419storing, 417-418

storing, 59tables

aliases, 253-254joining, 251-252rows unmatched, 252-253two-table joins, 250-251

transfer, 306-308types

BLOB types (binary large objects),239

date and time data types, 238-239floating point data types (numeric

column types), 237-238integral data types (numeric col-

umn types), 237TEXT types, 239variables, 29

Data Definition Languages (DDL), 244Data Encryption Standard (DES), 353Data Manipulation Languages (DML), 244data_valid_fns.php files

MLM application, 691PHPBookmark application, 572

Shopping Cart application, 612Warm Mail application, 655Web forum application, 744

databases, 208backing up, 305-306benefits, 80, 207Book-O-Rama

setting up, 243tables, SQL code, 245

book_sc database (Shopping Cartapplication), 612-615

creating with MySQL, 222data

aggregating, 256-257grouping, 256-257inserting, 244-245joins, 254-255loading from files, 311retrieving, 246-256rows unmatched, 252-253tables, 251-254two-table joins, 250-251

DDL (Data Definition Languages), 244DML (Data Manipulation Language),

244dropping, 264front page, 574-577information gathering, 296

EXPLAIN statement, 299-303SHOW statement, 296-297

keys, 209foreign keys, 210primary keys, 210

lists, 688MySQL, 287

aggregate functions, 256backing up, 358columns_priv table, 292connection verification, 293db table, 290-291host table, 291join types, 254-255request verification, 293results.php script, 269tables_priv table, 292

920 data

user table, 289Web database architecture, 268-271

optimizing, 304-305default values, 305designs, 304indexes, 305permissions, 304tables, 304

passwordsencrypting, 295storing, 295

PEAR, 284-285privilege system, 287-288

columns_priv table, 293db table, 290-291grant table, 293host table, 290-291privileges, updating, 293-294tables_priv table, 293user table, 289-290

queries, indexes, 304records

deleting, 264updating, 261

relational databases, 210relationships, 211

many-to-many relationships, 211one-to-many relationships, 211one-to-one relationships, 211, 216

replication, 306-307data transfer, 306-308master servers, 306-307slaves, 306-308

restoring, 306rows, returning, 258runtime errors, 555-557schemas, 210, 573-574security, 294

operating system, 294passwords, 295user privileges, 295-296Web issues, 296

selecting in MySQL, 229

serversconnecting to, 384-385security, 383-385

setting up (online newsletters),692-694

Shopping Cart application, 615SQL (Structured Query Language),

243-244subqueries, 258-259

correlated, 260operators, 259row, 260temporary tables, 260

subscribers, 688tables, 208

altering, 261-263Cartesian product, 250columns, 209, 232-241creating in MySQL, 229-231dropping, 264equi-joins, 251indexes, creating, 234-235joins, 250keywords, 231left joins, 252-253rows, 209types, 216, 229values, 209viewing, 233-234

Warm Mail application (email client),655-656

Web forum application, 744-745, 747date and time

calendars, 481column types, 238-239converting between PHP and MySQL

formats, 476-477data types, 238-239in MySQL

calculations, 478-480DATE_FORMAT() function,

476-477MySQL Web site, 481UNIX_TIMESTAMP() function,

476-477

921date and time

in PHP, 469, 474calculations, 477-478calendar functions, 480-481checkdate() function, 474date() function, 469-472floor() function, 478getdate() function, 473microseconds, 480mktime() function, 471-472PHP Web site, 481

date() function, 21-22, 445, 469-471format codes, 469-471Unix timestamps, 471-472

date_add() function, 478DATE_FORMAT() function, 476-477date_sub() function, 478db table, 288, 290-291db_connect() function, 583db_fns.php files

MLM application, 691PHPBookmark application, 572Shopping Cart application, 612Warm Mail application, 655Web forum application, 744

db_result_to_array() function, 619DDL (Data Definition Languages), 244DDoS (Distributed Denial of Service), 346,

364preparing for, 387

debugging variables, 559-561declare control structure, 57declare handlers, 320declaring

functions, 146-147stored functions, 318-319stored procedures, 316-317

decoct() function, 446decrement operators, 35-36decryption, 352default values, database optimization, 305DELETE privilege, 225DELETE statement, 264delete_account() function, 670delete_bm() function, 601delete_bms.php files

PHPBookmark application, 572Shopping Cart application, 612

delete_category.php files (Shopping Cartapplication), 612

delete_message() function, 681-682deletion anomalies, avoiding (Web databas-

es), 213Denial of Service (DoS), 346-347, 364deploying new software versions, 379deregistering variables, 513DES (Data Encryption Standard), 353DESC keyword, 255descenders (letters), 497DESCRIBE command, 233-234DESCRIBE statement, 299describe user; statement, 289design. See also configuration

classes, 174-175database optimization, 304Web databases, 211

anomalies, avoiding, 213atomic column values, 214-215keys, creating, 215null values, avoiding, 216questions, formulating, 215real-world objects, modeling, 211-212redundant data, avoiding, 212-213table types, 216

design_button.html file, 492-493destroying sessions, 513destructors, 163-164Details link, 817developer token (Amazon), 813development environments, 544Devshed Web site, 508, 908DHTML (Dynamic HTML), 857diagrams

entity relationship, 210online newsletters, 689-691

die() language construct, 526digest authentication (HTTP), 400digital certificates, 355digital goods (commercial Web sites), provid-

ing, 334-335digital signatures, 354-355directives

execution, 57magic_quotes_gpc, 417magic_quotes_runtime, 417php.ini file, editing, 529-530

922 date and time

directoriesbrowsing, 439extensions, copying libpdf_file, 899files, write permissions, 418functions, 439

creating directories, 443deleting directories, 443file paths, 442-443reading from directories, 439-441

structures, 542dirname() function, 442, 445disabling unnecessary OS applications, 388disaster recovery, 364

planning, 388-389disconnecting Web databases, 276discussion board application, 741-742,

763-764article list, 747-749

collapsing threads, 748-752displaying articles, 752-753expanding threads, 748-751individual articles, viewing,

760-762new articles, adding, 762-769plus symbols, 748treenode class, 753, 757-760

database design, 744-747extensions, 769files, 744posters, 744solutions, 742-744tree structure, 742-743tree_node class, 743

discussion boards, 741discussion_fns.php files (Web forum applica-

tion), 744disgruntled employees, 366disk_free_space($path) function, 443display() function, 758display_account_form() function, 667, 703,

719display_account_select() function, 672-673display_account_setup() function, 667, 669display_book_form() function, 647display_button() function, 733display_cart() function, 627-630display_categories() function, 618-619

display_information() function, 713-714display_items() function, 709display_list() function, 674display_list_form() function, 722display_mail_form() function, 726display_message() function, 678display_password_form() function, 719display_post() function, 762display_preview_button() function, 733display_registration_form() function, 577display_tree() function, 752-753display_user_menu() function, 585display_user_urls() function, 599displaying articles (Web forum application),

752-753Distributed Denial of Service (DDoS), 346division operator, 33DML (Data Manipulation Languages), 244DMZs (demilitarized zones), 366

configuring, 386-387dns_get_mx() function, 459do..while loops, 55-56do_html_header() function, 632, 672, 700Document Type Definition. See DTDdocumentation

gd,Web site, 508Web application projects, 544-545

documentsheaders, 779, 804personalized, 771RTF, 784-787

certification project, 779-781,788-796, 802-804

creating, 771-772extensions, 805formats, 772requirements, 776-777

DOM (Document Object Model), 857web resources, 884

DoS (Denial of Service), 346-347, 364preparing for, 387

double data type (variables), 29doubleval() function, 296downloading

files from FTP servers, 465-466FreeType library, 484jpeg-6b, 484

923downloading

PostScript Type 1 fonts, 484t1lib, 484

draw_star() function, 804drawing

figures, 499-507functions, 488images, scripts, 486text, 487-489

DROP DATABASE statement, 264DROP privilege, 226DROP TABLE statement, 264dropping

databases, 264tables, 264

DTD (Document Type Definition), 810dump variables.php file, 559dynamic content, 21

date() function, 21-22functions, 22

Ee-commerce Web sites, 327, 336

adding value to goods or services, 335authentication, 343cutting costs, 335-336online brochures, 328

common pitfalls, 330limitations, 328-331

orders for goods or services, 331-334privacy policies, 333providing services and digital goods,

334-335return policies, 333risks, 336


security, 342auditing, 357authentication, 350-351backing up data, 358

Certificate Signing Request (CSR),356-357

Certifying Authorities (CAs), 355compromises, 349digital certificates, 355digital signatures, 354-355encryption, 351-354firewalls, 357-358hash function, 354importance of stored information, 342log files, 357passwords, 350-351physical security, 359Secure Web servers, 356-357security policies, creating, 349-350threats, 342-348

SSL (Secure Sockets Layer), 333strategies, selecting, 339types, 327-328

each() function, 85, 87, 102echo statements, 26-27edit_book.php files (Shopping Cart applica-

tion), 612edit_book_form.php files (Shopping Cart

application), 612, 646edit_category.php files (Shopping Cart applica-

tion), 611edit_category_form.php files (Shopping Cart

application), 611elements, 82

applying functions, 103-104counting, 104root elements (XML), 811

else statements, 47elseif statements, 48-49email

accountscreating, 668-669deleting, 670modifying, 670selecting, 671, 673setting up, 666-668

attachments, 689encryption, 419-420

GPG (Gnu Privacy Guard),419-427

PGP (Pretty Good Privacy), 419

924 downloading

reading, 452sending, 452Warm Mail application

database, 655-656deleting email, 681-682email, 681-682extensions, 686files, 654-655forwarding/replying, 684-685IMAP function library, 652-653interface, 654logging in, 663-666logging out, 666reading mail, 671-681script architecture, 657, 662-663sending, 682-685solutions, 652-654

embedding PHP in HTML, 17-18comments, 20-21PHP

statements, 19-20tags, 18-19

whitespace, 20empty() function, 45encryption, 351-352, 419-420

algorithm, 351ciphertext, 351cryptography, 352data, 418Data Encryption Standard (DES), 353decryption, 352digital certificates, 355digital signatures, 354-355GPG (Gnu Privacy Guard), 419

installing, 420-422key pairs, 420-421testing, 422-427

hash functions, 354passwords, 295, 397-399PGP (Pretty Good Privacy), 419plain text, 351private keys, 353public keys, 353-354RSA, 353

end() function, 102engineering software, 536

entities (HTML), 372entity relationship diagrams, 210ENUM type, 241envelopes, SOAP, 812environments

development, 544PHP functions, 450

EPA Web site, 359equal sign (=) assignment operator, 25equality operator, 87equals operator, 37equi-joins, 251, 255Equifax Secure, 355ereg() function, 129-130eregi() function, 129ereg_replace() function, 130eregi_replace() function, 130errors

401 errors (HTTP), 404exception handling, 565-567exit statement, 56function calling, 66handling, 202logic, 558-559messages, 145-146PHP 5.3, 7programming, 551-554

logic errors, 558-559runtime errors, 553-555syntax errors, 552-553

reporting levels, 562-563runtime, 553-554

database interaction, 555-557functions that don’t exist, 554-555input data, checking, 558network connections, 557-558reading/writing files, 555

settings, 563-564software, 338, 347

developer assumptions, 347poor specifications, 347poor testing, 348

suppression operator, 39syntax, 552-553triggering, 564

escapeshellcmd() function, 378, 417, 449escaping characters, 114

925escaping characters

escaping output, 371eval() function, 525-526evaluating strings, 525-526Evil Walrus Web site, 909examining php.ini file, 380Exception class, 195-196

extending, 196-197methods, 195

exceptions, 193-195, 565-567Bob’s Auto Parts application, 199-202catch blocks, 194classes, 196Exception class, 195-197I/O (input/output) files, 199throwing, 193try blocks, 193tutorials, 203user-defined exceptions, 196-199

exec() function, 447executable content (stored data), 417execution

command line, 531directives, 57operator, 39-40quotes, 377-378

exithandlers, 321language constructs, 526statements, 56

expand_all() function, 751expanding threads (Web forum application),

748-751EXPLAIN statement, 299-303

column values, 303join types, 301-302

explode() function, 100-101, 116-117, 459expressions

regular, 123-124* symbol, 126+ symbol, 126branching, 127caret symbol (^), 126-127character sets, 124-125curly braces ({}), 126Perl, 123slash (\), 127

Smart Form Mail application,128-129

special characters, 127-128splitting strings, 130string anchoring, 126-127subexpressions, 126substrings

finding, 129-131extending

Exception class, 196-197syntax, 257

Extensible Markup Language. See XMLextensions

copying libpdf_file, 899loading, 528online newsletters, 740personalized documents, 805PHPBookmark application, 606require() statement, 136Shopping Cart application, 650Warm Mail application, 686Web forum application, 769

extract() function, 105-106extract_type parameter, 105

extract_type parameter, 105Extreme Programming Web site, 549

Ff file mode, 63FastTemplate Web site, 546fclose() function, 69, 440FDF Web site, 789fdf_create() function, 789fdf_set_file() function, 789fdf_set_value() function, 789Fedex Web site, 335feof() function, 73fetchRow() method, 284fgetc() function, 75fgetcsv() function, 73-74fgets() function, 73fgetss() function, 73fields

scope, 290tables, 209

figures, drawing, 499-507File Details view, 445

926 escaping output

FILE privilege, 226-227, 295File Transfer Protocol. See FTPfile() function, 74file_exists() function, 76fileatime() function, 445filedetails.php file, 444-445filegroup() function, 444, 446fileinfo extension, 7filemtime() function, 445filename extensions, require() statement,

136fileowner() function, 444, 446fileperms() function, 446files, 59-61, 443

backing up, 459-466browsedir.php, 439checking, 76closing, 69constants.php (Amazon), 823create_database.sql, 745creating, 447data, loading from, 311deleting, 76, 447design_button.html, 492-493dump variables.php, 559filedetails.php, 444-445formats, 68-69handle.php, 566htaccess files (Apache Web server),

402-406httpd.conf, 896-897I/O (input/output), 199index.html (certification application),

780-781index.php

MLM online newsletters, 694Tahuayo application, 820-826Warm Mail application, 657

libpdf_php, copying, 899limitations, 79loading arrays from, 98-101locking, 78-79log files, 357lookup.php, 453make_button.php, 493mirroring FTP functions, 459-466MLM, 690

modes, 61-62moving, 447multiple, uploading (online newslet-

ters), 727, 731navigating, 76-77new_post.php, 763newbooks.txt, 311opening, 61

file modes, 61-62fopen() function, 62-64FTP (File Transfer Protocol), 64-65HTTP (Hypertext Transfer

Protocol), 64-65potential problems, 65-66

paths, directories, 442-443pdflib.php, 796personalized documents, 779php.ini file

auto_append_file, 142-143auto_prepend_file, 142-143directives, editing, 529-530

PHPBookmark application, 572pollsetup.sql, 500progex.php, 448-449properties, changing, 446reading, 61, 71-72, 444-446

feof() function, 73fgetc() function, 75fgetcsv() function, 73-74fgets() function, 73fgetss() function, 73file() function, 74fopen() function, 72fpassthru() function, 74fread() function, 75readfile() function, 74

reading/writing, 555rtf.php, 786score.php (certification project),

782-784Shopping Cart application, 611-612showpoll.php, 502-506simplegraph.php, 486status function results, 448-449Tahuayo application, 819-820

927files

topbar.php, 825uploading, 431-432

displaying, 437FTP (File Transfer Protocol), 466HTML, 431-433online newsletters, 688-689PHP, writing, 434-438security, 434, 438troubleshooting, 438-439

utilityfunctions.php, 825vote.html, 500Warm Mail application (email client),

654-655Web forum application, 744write permissions, 418writing, 61

file formats, 68-69fputs() function, 67fwrite() function, 67fwrite() function, parameters, 68

filesize() function, 76, 446filetype() function, 446filled_out() function, 580-581filtering

input data (Web databases), 272user input, 367-371

final keyword, 172find and replace substrings, 122-123finding substrings, 120-121

numerical position, 121regular expressions, 129-130strchr() function, 121stristr() function, 121strpos() function, 121strrchr() function, 121strrpos() function, 122strstr() function, 121

findstr.exe, 377firewalls, 357-358, 386FishCartSQL, 650fitting text onto buttons, 495-498flat files, 59-61

checking, 76closing, 69deleting, 76formats, 68-69

limitations, 79locking, 78-79navigating, 76-77opening, 61



reading, 61, 71-72feof() function, 73fgetc() function, 75fgetcsv() function, 73-74fgets() function, 73fgetss() function, 73file() function, 74fopen() function, 72fpassthru() function, 74fread() function, 75readfile() function, 74

writing, 61file formats, 68-69fputs() function, 67fwrite() function, 67fwrite() function, parameters, 68

Float data type (variables), 29floating point data types (numeric column

types), 237-238flock() function, 78floor() function, 478focus groups, 330-331fonts

button text, 492descenders, 497FreeType library, downloading, 484images, creating, 491-499PDF readers, 794-795PostScript Type 1 fonts, downloading,

484TrueType, 492

footers, script architecture, 694fopen() function, 61-64, 72, 440, 454for loops, 54-55foreach loops, 54-55

iteration, 191

928 files

foreign keysdatabases, 210InnoDB tables, 315-316

forgot_form.php files (PHPBookmark appli-cation), 572

forgot_passwd.php files (PHPBookmarkapplication), 572

formatscodes, date() function, 469-471images, 484

GIF (Graphics InterchangeFormat), 485

JPEG (Joint Photographic ExpertsGroup), 485

PNG (Portable NetworkGraphics), 485

WBMP (Wireless Bitmap), 485personalized documents, 772

ASCII, 772HTML, 773paper, 772PDF, 775PostScript, 774-775RTF, 774word processors, 773

strings, 110case, changing, 113-114conversion specifications, 112-113HTML formatting, 110-111ltrim() function, 110nl2br() function, 110-111printing, 110, 112-113rtrim() function, 110storage, 114-116trim() function, 110trimming whitespace, 110

formsHTML, 268-269, 431

Bob’s Auto Parts application, 14, 17creating, 14-16processing, 16

totaling with operators, 41-42variables, accessing, 23-27

forum application. See Web forum applica-tion

forwarding to email, Warm Mail application,684-685

fpassthru() function, 74FPDF function library, 778fputs() function, 67fread() function, 75FreeType library, downloading, 484fseek() function, 77ftell() function, 76FTP (File Transfer Protocol), 459

anonymous login, 462backing up files, 459-463


FTP transfer modes, 466ftp_get() function, 466ftp_mdtm() function, 464ftp_nlist() function, 467ftp_size() function, 467mirroring files, 459-463


opening files, 64-65set_time_limit() function, 467timeouts, avoiding, 467uploading files, 466

ftp_connect() function, 463ftp_get() function, 466ftp_mdtm() function, 464ftp_nlist() function, 467ftp_size() function, 467full joins, 250, 254functions, 143-144, 151, 158. See also com-

mands$result->fetch_assoc(), 275add_bm(), 597-598add_quoting(), 766addslashes(), 114, 272, 296, 417addToCart(), 852aggregate, MySQL, 256applying to array elements, 103-104arguments, 22

929functions

array_count_values(), 104array_push(), 713array_reverse(), 97-98array_walk(), 103-104arsort(), 93asort(), 93autoload(), 187AVG(column), 256backtrace, 196basename(), 442, 445browseNodeSearch(), 845cache(), 847-848cached(), 847-848calculate_items(), 630-631calculate_price(), 630-631calendars, 480-481calling, 22, 143

case sensitivity, 146errors, 66parameters, 143-144prototypes, 144undefined functions, 145-146

change_password(), 590, 720check_admin_user(), 700check_auth_user(), 665check_logged_in(), 700check_normal_user(), 700check_valid_user(), 585checkdate(), 370, 474chgrp(), 446chmod(), 446chown(), 446closedir($dir), 440copy(), 447cos(), 804count(), 104COUNT(items), 256creating, 146crypt(), 397-398current(), 102date(), 21-22, 445, 469-471

format codes, 469-471Unix timestamps, 471-472

DATE_FORMAT(), 476-477db_connect(), 583

db_result_to_array(), 619declaring, 146-147decoct(), 446delete bm(), 601delete_account(), 670delete_message(), 681-682directories, 439

creating, 443deleting, 443file paths, 442-443reading from, 439-441

dirname(), 442, 445disk_free_space($path), 443display() function, 758display_account_form(), 667, 703, 719display_account_select(), 672-673display_account_setup(), 667, 669display_book_form(), 647display_button(), 733display_cart(), 627-630display_categories(), 618-619display_information(), 713-714display_items(), 709display_list(), 674display_list_form(), 722display_mail_form(), 726display_message(), 678display_password_form(), 719display_post(), 762display_preview_button(), 733display_registration_form(), 577display_tree(), 752-753display_user_menu(), 585display_user_urls(), 599do_html_header(), 632, 672, 700doubleval(), 296drawing parameters, 488draw_star(), 804each(), 85-87, 102empty(), 45end(), 102ereg(), 129-130eregi(), 129ereg_replace(), 130eregi_replace(), 130

930 functions

escapeshellcmd(), 378, 417, 449eval(), 525-526exec(), 447expand_all(), 751explode(), 100-101, 116-117extract(), 105-106fclose(), 69, 440fdf_create(), 789fdf_set_file(), 789fdf_set_value(), 789feof(), 73fgetc(), 75fgetcsv(), 73-74fgets(), 73fgetss(), 73file(), 74file_exists(), 76fileatime(), 445filegroup(), 444, 446filemtime(), 445fileowner(), 444, 446fileperms(), 446files

creating, 447deleting, 447moving, 447properties, changing, 446reading, 444-446status results, 448-449

filesize(), 76, 446filetype(), 446filled_out(), 580-581flock(), 78floor(), 478fopen(), 61-64, 72, 440, 454fpassthru(), 74fputs(), 67fread(), 75fseek(), 77ftell(), 76FTP functions, 459-466

backing up files, 459-466ftp_get(), 466ftp_mdtm(), 464ftp_nlist(), 467

ftp_size(), 467mirroring files, 459-466set_time_limit(), 467timeouts, avoiding, 467uploading files, 466

ftp_connect(), 463fwrite(), 67-68get_accounts(), 668get_account_list(), 671get_archive(), 716get_categories(), 618get_category_name(), 621get_current_user(), 529get_email(), 707get_extension_funcs(), 528get_loaded_extensions(), 528get_magic_quotes_gpc() function, 272get_post(), 761-762get_post_title(), 765get_random_word(), 593get_unsubscribed_lists(), 712get_user_urls(), 585, 599getARS(), 828, 844-846getCategoryName(), 826-827getdate(), 473getenv(), 450getlastmod(), 529gettype(), 44Header(), 489-490, 787highlight_file(), 530-531htmlentities, 372-374htmlspecialchars(), 272, 372-374, 417ImageColorAllocate(), 488ImageCreate(), 487ImageCreateFromGIF(), 487, 495ImageCreateFromJPEG(), 487, 495ImageCreateFromPNG(), 487, 495ImageDestroy(), 490ImageFill(), 488ImageFilledRectangle(), 505-507ImageGetTTFBBox(), 496ImageJPEG(), 490ImageLine(), 505ImagePNG(), 490, 495ImageRectangle(), 507

931functions

images, 507ImageString(), 488ImageTTFBBox(), 497ImageTTFText(), 496, 507IMAP function library, 652-653imap_body(), 679-680imap_delete(), 682imap_expunge(), 682imap_fetchheader(), 679imap_header(), 679imap_headers(), 676, 679imap_open(), 675-676implode(), 117ini_get(), 529-530ini_set(), 529-530insert_order(), 636intval(), 101is_uploaded_file(), 438isset(), 45, 155join(), 117krsort(), 93ksort(), 93libraries, 542

FPDF, 778mail_fns.php, 668output_fns.php, 664PHPBookmark application, 572

list(), 85-87load_list_info(), 714login(), 585, 706lstat(), 446ltrim(), 110mail(), 109, 452, 595, 689max() function, 155-156MAX(column), 256microtime(), 480MIN(column), 256mkdir(), 443mktime(), 471-472my_error_handler (), 565mysql_affected_rows(), 280mysql_connect(), 274, 555mysql_query(), 274-275mysql_select_db(), 274mysqli_errno(), 556

mysqli_error(), 556mysqli_fetch_assoc(), 275mysqli_query(), 556naming, 147-148, 539network lookup, 455-459

dns_get_mx(), 459explode(), 459gethostbyaddr(), 458gethostbyname(), 456-458getmxrr(), 456parse_url(), 458

next(), 102nl2br(), 110-111notify_password(), 592-594number_of_accounts(), 671ODBC (Open Database connectivity),

282open_mailbox(), 675opendir(), 440overloading, 147parameters, 22, 148-150

pass by reference, 153-154pass by value, 153-154

passing functions by reference, 104passthru(), 448pdf_add_outline(), 794pdf_begin_page(), 793pdf_close(), 796pdf_fill(), 804pdf_rect(), 802pdf_replace(), 789pdf_setlinewidth(), 802pdf_set_info(), 793pdf_show(), 795pdf_show_xy(), 803pdf_stringwidth(), 803pdf_stroke(), 802PHP environment variables, 450phpinfo(), 450, 778posix_getgrgid(), 446posix_getpwuid(), 444-446pretty(), 714prev(), 102print(), 110printf(), 111-112

932 functions

prototypes, 144putenv(), 450range(), 83readdir($dir), 440readfile(), 74recommend_urls(), 603-605recursive functions, 156-158register(), 582rename(), 447reset_password(), 592reset(), 102retrieve_message(), 678returning from, 154-155rewind(), 76rewinddir($dir), 441rmdir(), 443rsort(), 93rtrim(), 110runtime errors, 554-555safeString(), 825scope, 151send(), 734send_message(), 683-684serialize(), 526-527, 848session_get_cookie_params(), 511session_register(), 513session_start(), 512-515session_unregister(), 513set_error_handler(), 565setcookie(), 510-511settype(), 44shal1(), 398shopping carts (Amazon), 849show_source(), 530-531showBrowseNode(), 826-827showCart(), 852showCategories(), 826ShowSmallCart(), 825showSummary(), 828, 844shuffle(), 96sin(), 804sizeof(), 104sort(), 92split(), 130sprintf(), 111

stat(), 446STD(column), 256STDDEV(column), 256store_account(), 704store_account_settings(), 668-669store_list(), 723store_new_post(), 767stored, declaring, 318-319str_replace(), 122, 787strcasecmp(), 119strchr(), 121strcmp(), 119strings

case, 113-114versus regular expressions, 131

strip_tags(), 417stripslashes(), 116, 272, 296stristr(), 121strlen(), 120strnatcmp(), 119strpos(), 121strrchr(), 121strrpos(), 122strstr(), 121, 597strtok() function, 117strtolower(), 113strtoupper(), 113subscribe(), 717substr(), 118-119substr_replace(), 123SUM(column), 256system(), 448touch(), 447trim(), 110, 271uasort(), 95ucfirst(), 113ucwords(), 114uksort(), 95umask(), 443undefined, calling, 145-146UNIX_TIMESTAMP(), 476-477unlink(), 76, 447unserialize(), 527, 848unset(), 45unsubscribe(), 717

933functions

urlencode(), 399, 455usort(), 94valid_email(), 581values, returning, 155-156variables, 44, 148

reinterpreting, 46scope, 151-153status, testing, 45type, setting/testing, 44-45

fwrite() function, 67-68

Ggd documentation Web site, 508generating images automatically, 490-491get_account_list() function, 671get_accounts() function, 668get_archive() function, 716get_categories() function, 618get_category_name() function, 621get_current_user() function, 529get_email() function, 707get_extension_funcs() function, 528get_loaded_extensions() function, 528get_magic_quotes_gpc() function, 272get_post() function, 761-762get_post_title() function, 765get_random_word() function, 593get_unsubscribed_lists() function, 712get_user_urls() function, 585, 599getARS() function, 828, 844, 846getCategoryName() function, 826-827getdate() function, 473getenv() function, 450gethostbyaddr() function, 458gethostbyname() function, 456-458getlastmod() function, 529getmxrr() function, 456getServerTime() function, 862-868gettype() function, 44Ghostscript Web site, 775GIF (Graphics Interchange Format), 485global privileges, 224global scope, 151global variables, 151GMT (Unix Epoch), 471Gnu Privacy Guard (GPG), 419

installing, 420-422key pairs, 420-421

testing, 422-427Web site, 419

goods (commercial Web sites)adding value to, 335digital goods, providing, 334-335taking orders for, 331-334

Google Web site, 811GPG (Gnu Privacy Guard), 419

installing, 420-422key pairs, 420-421testing, 422-427Web site, 419

GRANT command, 223-228GRANT privilege, 295GRANT statements, 287, 297grant tables, 288, 293Graphics Interchange Format (GIF), 485graphs

data, 499-507tutorials, 508

Gregorian calendar, 480-481GROUP BY clause, 256-257grouping data, 256-257

H-h switch (mysql command), 221hackers, 366handle.php file, 566handlers

continue, 320declare, 320exit, 321

handlingerrors, 202exceptions, 193-195, 565-567

Bob’s Auto Parts application,199-202

catch blocks, 194classes, creating, 196Exception class, 195-197I/O (input/output) files, 199throwing exceptions, 193try blocks, 193tutorials, 203user-defined exceptions, 196-199

handshaking, 414-415

934 functions

hardwarefailure (commercial Web sites), 337thieves, 366

hash() function, 354PHP 5.3, functionality in, 7

HAVING clause, 257header bar summaries, printing (Shopping

Cart application), 632Header() function, 489-490, 787headers

generating certificates, 804message headers (Warm Mail applica-

tion), 680-681script architecture, 694

HEAP tables, 312Hello World scripts, PDFlib, 792-796heredoc syntax, 27highlight_file() function, 530-531highlighting syntax, 530-531host table, 288, 290-291hosting services, 382-383HotScripts.com Web site, 908htaccess files (Apache Web server), 402-406HTML (Hypertext Markup Language), 773

embedding PHP, 17-18comments, 20-21statements, 19-20tags, 18-19whitespace, 20

entities, 372file upload, 433formatting (strings), 110-111forms

file upload, 431order, creating, 14-16processing, 14, 17

htmlentities() function, 372-374htmlspecialchars() function, 272, 372-374,

417htpasswd program (Apache Web server), 405HTTP (Hypertext Transfer Protocol), 414, 856

authentication Web sites, 408basic authentication, 399-400

401 errors, 404with Apache .htaccess files,

402-406in PHP, 400-402

digest authentication, 400handshaking, 414-415opening files, 64-65requests, 856-857Secure Sockets Layer (SSL), 414XML Amazon connections, 808

httpd.conf, 896-897HTTPResponse() function, 866Hypertext Markup Language. See HTMLHypertext Transfer Protocol. See HTTP

II/O (input/output) files, exception handling,

199IDE (Integrated Development Environment),

544identifiers, 28

images, destroying, 490MySQL identifiers, 235-236results identifiers, 275-276

identity operator, 87if statements, 46-47ImageColorAllocate() function, 488ImageCreate() function, 487ImageCreateFromGIF() function, 487, 495ImageCreateFromJPEG() function, 487, 495ImageCreateFromPNG() function, 487, 495ImageDestroy() function, 490ImageFill() function, 488ImageFilledRectangle() function, 505, 507ImageGetTTFBBox() function, 496ImageJPEG() function, 490ImageLine() function, 505ImageMagick library, 483ImagePNG() function, 490, 495ImageRectangle() function, 507images

canvas, creating, 487colors, RGB (red, green, and blue),

488creating, 486-487

fonts, 491-495text, 491-495, 499

data, graphing, 499-507drawing scripts, 486figures, drawing, 499-507

935images

formats, 484GIF (Graphics Interchange

Format), 485JPEG (Joint Photographic Experts

Group), 485PNG (Portable Network

Graphics), 485WBMP (Wireless Bitmap), 485

functions, 507generating automatically, 490-491identifiers, destroying, 490inline, dynamically produced, 491outputting, 489-490supporting PHP, 484text

drawing/printing, 487-489fitting onto buttons, 495-498positioning, 498-499writing onto buttons, 499

ImageString() function, 488ImageTTFBBox() function, 497ImageTTFText() function, 496, 507IMAP (Internet Message Access Protocol),

452, 651-652client Web site, 891function library, 652-653

imap_body() function, 679-680imap_delete() function, 682imap_expunge() function, 682imap_fetchheader() function, 679imap_header() function, 679imap_headers() function, 676, 679imap_open() function, 675-676implementing

inheritance, 167-168login (online newsletters), 702PHPBookmark database, 573-577recommendations, 602-605

implode() function, 117importing public keys (Gnu Privacy Guard),

422include() statement, 134

auto_append_file (php.ini file),142-143

auto_prepend_file (php.ini file),142-143

include_fns.php filesMLM application, 691Warm Mail application, 655Web forum application, 744

increment operators, 35-36indenting code, 47, 540-541INDEX privilege, 225index.html files (certification application),

779-781index.php file

MLM application, 691MLM online newsletters, 694Shopping Cart application, 611Tahuayo application, 819-826Warm Mail application, 655-657Web forum application, 744

index.php script (Shopping Cart application),615-620

indexesarrays, 304creating (MySQL), 234-235database optimization, 305queries, 304

inequality operator, 87inheritance, 162

implementing, 167-168multiple inheritance, 172-174preventing, 172

ini_get() function, 529-530ini_set() function, 529-530initializing

associative arrays, 85numerically indexed arrays, 82-83

inline images, dynamically produced, 491inner join, 254InnoDB tables

foreign keys, 315-316transactions, 314-315

input datachecking, 271, 558filtering, 272validating, 580

input/output (I/O) files, exception handling,199

insert book.php script, prepared statements,280

INSERT privilege, 225INSERT queries, 276-280

936 images

INSERT statement, 244insert_book.php files (Shopping Cart applica-

tion), 611insert_book.php script, 278-279insert_book.php script (Shopping Cart applica-

tion), 644-645insert_book_form.php files (Shopping Cart

application), 611insert_book_form.php script (Shopping Cart

application), 644insert_category.php files (Shopping Cart appli-

cation), 611insert_category_form.php files (Shopping Cart

application), 611insert_order() function, 636insertion anomalies, avoiding (Web databas-

es), 213install program (Apache), 902installation

Apache,Windows, 902binary installations, 890-893GPG (Gnu Privacy Guard), 420-422MIME mail package, 905mod_auth_mysql module, 406-407MySQL, 900-901PEAR (PHP Extension and Application

Repository), 905-906PHP, 14, 894, 903-905project codes,Amazon, 853-854source installations, 891-896

instanceof type operator, 40instances, SOAP (Simple Object Access

Protocol), 845instantiating classes, 164integer data types

numeric column types, 237variables, 29

Integrated Development Environment (IDE), 544interfaces

administration interface (Shopping Cartapplication), 643-650

administrator, Shopping Cart applica-tion, 609

PHP database interfaces, 282Warm Mail application (email client), 654Web Services (Amazon), 813-814

internationalization (applications), 7Internet Message Access Protocol (IMAP),

452, 651-652

Internet Protocol (IP), 414Internet, secure transactions, 411-412intl extension, 7intval() function, 101IP (Internet Protocol), 414is_uploaded_file() function, 438isset() function, 45, 155iteration. See loops

JJavaScript

add_BM() function, 881addBMResponse() function, 874addNewBookmark() function, 873libraries for Ajax applications, 884XMLHTTPRequest, 860, 862

JD (Julian Day) Count calendar, 480-481join() function, 117joins, 254-255

Cartesian product, 254conditions,WHERE clause, 250cross, 254equi-joins, 251, 255EXPLAIN statement, 301-302full, 250, 254inner, 254left, 252-255strings

implode() function, 117join() function, 117

tables, 251-252two-table, 250-251types, MySQL, 254-255

JPEG (Joint Photographic Experts Group),485, 778, 891

jpeg-6b, downloading, 484Julian calendar, 480-481

Kkeys

arrays, 82, 473databases

creating, 215foreign keys, 210primary keys, 210

937keys

pairs, installing, 420-421private keys, 420public keys, 420-422

keywordsAUTO_INCREMENT, 231DESC, 255LIKE, 249NOT NULL, 231PRIMARY KEY, 231REGEXP, 249return, 154-155UNSIGNED, 231

krsort() function, 93ksort() function, 93

Llanguages

constructsarray(), 82die(), 526exit, 526

DDL (Data Definition Languages),244

DML (Data Manipulation Language),244

late static bindings, 185-186leaf nodes (Web forum tree structure), 743left joins, 252-255length of strings, testing, 120letters, descenders, 497libpdf_php file, copying, 899libraries. See also functions, libraries

FreeType, downloading, 484function, 542, 572ImageMagick, 483mysqli prepared statements, 280-281PDFlib

certificates, 796, 802-804PDF documents, 792-796

PECL (PHP Extension Class Library),483

PHP, 891database interfaces, 282SOAP libraries (Amazon), 814

SOAP, 812

LIKE keyword, 249LIMIT clause, SELECT statement, 258links

Add to Cart, 817Checkout, 818Details, 817Web forum tree structure, 742

list() function, 85, 87lists

creating (online newsletters), 722-724databases, 688viewing (online newsletters), 708-716

literals, 27special characters (regular expressions),

127LOAD_DATA_INFILE statement, 311load_list_info() function, 714loading

arrays from files, 98-101data from files, 311extensions, 528

local variables, 151stored procedures, 319

LOCK TABLES command, 226, 305locking files, 78-79logging in

log files, 357MySQL, 221-222online newsletters, 705-707user authentication, 584-587Warm Mail application (email client),

663-666logging out

MySQL, 229online newsletters, 721user authentication, 587-588Warm Mail application (email client),

666logic, 546

errors, 558-559separating from content, 546

logical operators, 38login

anonymous login (FTP), 462FTP servers, 463implementing (online newsletters), 702

login() function, 585, 706

938 keys

login.php filesPHPBookmark application, 572-577Shopping Cart application, 611

logout.php filesPHPBookmark application, 572Shopping Cart application, 611

logout.php script (authentication), 523-524long style form variable, 24-26lookup functions

dns_get_mx(), 459explode(), 459networks, 455-459

gethostbyaddr(), 458gethostbyname(), 456-458getmxrr(), 456parse_url(), 458

lookup.php file, 453loops, 51-53

accessing numerically indexed arrays,84

associative arrays, 85-87break statement, 56do..while loops, 55-56for loops, 54-55foreach loops, 54-55iteration, 188-191while loops, 53-54

lstat() function, 446ltrim() function, 110

Mmagic quotes, 115magic_quotes_gpc directive, 417magic_quotes_runtime directive, 417Mail Exchange (MX) records, 459mail() function, 109, 452, 595, 689mail_fns.php files (Warm Mail application),

655mail_fns.php function library, get_accounts()

function, 668mailbox (Warm Mail application), viewing

contents of, 674-676mailing list manager. See MLMmain page (Shopping Cart application),

615-620

maintainability of code, 538breaking up, 541-542code standards, 538commenting, 540directory structures, 542function libraries, 542indenting, 540-541naming conventions, 538-540

make_button.php file, 492-493malicious code injection, 365many-to-many relationships (databases),

211master servers, database replication,

306-307matching

regular expressions, 123-124* symbol, 126+ symbol, 126branching, 127caret symbol (^), 126-127character classes, 125character sets, 124-125curly braces ({}), 126finding substrings, 129-130literal special characters, 127replacing substrings, 130slash (\), 127special characters, 127-128splitting strings, 130string anchoring, 126-127subexpressions, 126Web references, 131

substrings, 120-121find and replace, 122-123numerical position, 121regular expressions, 129-130strchr() function, 121stristr() function, 121strpos() function, 121strrchr() function, 121strrpos() function, 122strstr() function, 121

max() function, 155-156MAX(column) function, 256max_connections parameter, 273MaxClients parameter (Apache), 273

939MaxClients parameter (Apache)

md5(), PHP 5.3, functionality in, 7medium style form variable, 24member.php files (PHPBookmark applica-

tion), 572members_only.php script (authentication),

522-523MEMORY tables, 312MERGE tables, 312messages. See also errors, messages

sending, 733, 737-739viewing, 680-681

methods. See also functionsASINSearch(), 829bind_param(), 281browseNodeSearch(), 829, 835_call(), 186-187Exception class, 195fetchRow(), 284overloading, 186-187parseXML(), 838static, 184

microseconds, measuring, 480Microsoft

IIS, configuring, 381Web site, 773Word, RTF, 774

microtime() function, 480MIME mail package, installing, 905MIN(column) function, 256mirroring

FTP functions, 459-463checking update times, 464-465closing connections, 466downloads, 465-466logins, 463remote connections, 463

RAID (Redundant Array ofInexpensive Disks), 358

mktime() function, 471-472MLM (mailing list manager), 687

actions, 701building, 687files, 690online newsletters, 687

account settings, 702-705, 719administrative functions, 721databases, 688, 692-694

diagrams, 689-691email attachments, 689extensions, 740file upload, 688-689lists, 708-717, 722-724logging in, 705-707logging out, 721login, implementing, 702passwords, 719-721previewing, 732-733requirements, 688script architecture, 694, 700-701sending messages, 733, 737-739solution overview, 689-691subscribing, 717-718unsubscribing, 717-718uploading, 724-731

mlm_fns.php files (MLM application), 691mod_auth module (Apache Web server),

402mod_auth_mysql module, 406-408

documentation Web sites, 408installing, 406-407testing, 407

mode variable, 824modeling real-world objects (Web databas-

es), 211-212modes

autocommit, 314file modes, 61-62

modificationanomalies, avoiding (Web databases),

213dates (scripts), 529

modulescode, 539, 610mod_auth (Apache Web server), 402mod_auth_mysql, 406-408

installing, 406-407testing, 407

operator, 33PHP, running, 890

monitorsMySQL, 220-221security, 363

moving files, 447

940 md5(), PHP 5.3, functionality in

multidimensional arrays, 81-92sorting, 93

reverse sorts, 95user-defined sorts, 93-95

three-dimensional arrays, 90-92two-dimensional arrays, 88-90

multiline comments, 21multiple files, 727, 731multiple inheritance, 172-174multiple programmers, 543multiplication operator, 33MX (Mail Exchange) records, 459my_error_handler() function, 565MyISAM table, 312myisamchk utility, 303, 306MySQL

access, 219-220aggregate functions, 256continuation symbol, 220database, 287, 292

backing up, 358connection verification, 293creating, 222db table, 290-291host table, 291request verification, 293results.php script, 269selecting, 229tables, creating, 229-231tables_priv table, 292user table, 289viewing, 233-234Web database architecture, 268-271

date and timeconverting between PHP and

MySQL formats, 476-477date calculations, 478, 480DATE_FORMAT() function,


476-477GRANT command, 223-228identifiers, 235-236

installationbinary installations, 890-893source installations, 891Windows, 900Windows, setting PATH, 900-901

join types, 254-255logging in, 221-222logging out, 229max_connections parameter, 273mod_auth_mysql module, 406-408

documentation Web sites, 408installing, 406-407testing, 407

mysql command, 221online manual, 241passwords, 418privileges, 223

global privileges, 224GRANT command, 223-228principle of least privilege, 223REVOKE command, 227-228types, 225-227

resources, 909REVOKE command, 227-228runtime errors, 555-557semicolon (;), 220statements, 221syntax, 257users

GRANT command, 224-228REVOKE command, 227-228setting up, 223, 227-229

Web site, 220mysql command, 221mysql_affected_rows() function, 280mysql_dump command, 305mysql_query() function, 274-275mysql_select_db() function, 274mysqladmin facility, 235mysqlhotcopy script, 306mysqli_connect() function, 274, 555mysqli_errno() function, 556mysqli_error() function, 556mysqli_fetch_assoc() function, 275mysqli_query() function, 556

941mysqli_query() function

Nnamespaces, 158

PHP 5.3, 7XML, 811

namingconventions, 538-540functions, 147-148

Natural Order String Comparison Web site,119

navigatingwithin arrays, 102files, 76-77

Netcraft, 382Netscape Web site

cookie specification, 511SSL 3.0 Specification, 427

Network News Transfer Protocol (NNTP), 452networks

connecting, 557-558lookup functions, 455-459

dns_get_mx(), 459explode(), 459gethostbyaddr(), 458gethostbyname(), 456-458getmxrr(), 456parse_url(), 458

TCP/IP security, 343new operator, 39New York Times Web site, 392new_post.php files, 763

Web forum application, 744newbooks.txt file, 311newline control sequence (\n), 68newsletters, 687

accountsconfiguring, 719creating, 702-705

administrative functions, 721databases

configuring, 692-694lists/subscribers, 688

diagrams, 689-691email attachments, 689

extensions, 740file upload, 688-689lists

archives, viewing, 716-717creating, 722-724viewing, 708-716

logging in, 705-707logging out, 721login, implementing, 702passwords, 719-721previewing, 732-733requirements, 688script architecture, 694, 700-701sending messages, 733, 737-739solution overview, 689-691subscribing, 717-718unsubscribing, 717-718uploading, 724-731

next() function, 102nl2br() function, 110-111NNTP (Network News Transfer Protocol), 452nodes

browse nodes (Amazon), 816Web forum tree structure, 742

child nodes, 743leaf nodes, 743parent nodes, 743root nodes, 743

non-identity operator, 87NOT NULL keyword, 231notify_password() function, 592-594NULL data type (variables), 29null values, avoiding (Web databases), 216number_of_accounts() function, 671numeric column types, 236-238

date and time, 238-239floating point data types, 237-238integral data types, 237string, 239-241

numerical position of substrings, finding,121

numerically indexed arraysaccessing with loops, 84contents, accessing, 83-84initializing, 82-83

942 namespaces

OObject data type (variables), 29objects, 160-161

cloning, 186real-world modeling (Web databases),

211-212throwing, 196

ODBC (Open Database Connectivity) func-tions, 282

one-to-many relationships (databases), 211one-to-one relationships (databases), 211,

216online brochures (commercial Web sites),

328common pitfalls, 330limitations, 328

answering feedback, 329lack of information, 328poor presentation, 329tracking success, 330-331updated information, 329

online catalogs (Shopping Cart application),608

online newsletters, 687accounts

configuring, 719creating, 702-705

administrative functions, 721databases

configuring, 692-694lists/subscribers, 688

diagrams, 689-691email attachments, 689extensions, 740file upload, 688-689lists

archives, viewing, 716-717creating, 722-724viewing, 708-716

logging in, 702, 705-707logging out, 721passwords, 719-721previewing, 732-733requirements, 688script architecture, 694, 700-701sending messages, 733, 737-739

solution overview, 689-691subscribing, 717-718unsubscribing, 717-718uploading, 724-727, 731

OOP (object-oriented programming)classes, 160-161objects, 160-161polymorphism, 161

Open Database Connectivity (ODBC) func-tions, 282

open_mailbox() function, 675opendir() function, 440opening files, 61

file modes, 61-62fopen() function, 62-64FTP (File Transfer Protocol), 64-65HTTP (Hypertext Transfer Protocol),

64-65potential problems, 65-66tags (XML), 810

OpenSSLconfiguring, 894Web site, 891

operating systemsdatabase security, 294unnecessary applications, disabling, 388updating, 387-388

operationscreating, 162-164overriding, 173

operators, 32arithmetic operators, 33-34arrays, 40, 87-88assignment (=), 25, 28, 34

combination assignment operators,35

decrement operators, 35-36increment operators, 35-36reference operator, 36returning values, 34-35

associativity, 42-44bitwise operators, 38comma operator, 39comparison operators, 36-37

equals operator, 37WHERE clauses, 248-249

943operators

error suppression operator, 39execution operator, 39-40logical operators, 38new operator, 39precedence, 42-44strings

concatenation operator, 26-27operators, 34

subqueries, 259ternary operator, 39totaling forms, 41-42type operator, 40unary operators, 33

optimizingcode, 546-547databases, 304-305

default values, 305designs, 304indexes, 305permissions, 304tables, 304

Zend Optimizer, 547or operator, 38ORDER BY clause, 255order forms

creating, 14-16processing, 16

order.fns.php files (Shopping Cart applica-tion), 612

ordered data, retrieving, 255-256ordering strings

strcasecmp() function, 119strcmp() function, 119strnatcmp() function, 119

orders for goods or services (commercialWeb sites), 331-332

compatibility, 334trust, 333unanswered questions, 332user interfaces, 333-334

organizing code, 374output_fns.php files

MLM application, 691PHPBookmark application, 572Shopping Cart application, 612

Warm Mail application, 655Web forum application, 744

output_fns.php function library, 664outputting images, 489-490overloading

functions, 147methods, 186-187

overriding, 170-173owners (scripts), identifying, 529

P-p switch (mysql command), 221padding characters, 112pages. See Web pagesparameters, 22

$type, 829Apache, MaxClients, 273drawing functions, 488extract() function, 105function parameters, 148-150

calling functions, 143-144pass by reference, 153-154pass by value, 153-154

max_connections parameter, 273startup, 900

parent nodes (Web forum tree structure),743

parse_url() function, 458parseXML() method, 838parsing XML (Amazon), 814pass by value (function parameters),

153-154passing by reference, 104, 153-154passthru() function, 448passwords, 350-351, 362, 570

databasesaccess, 383-384security, 295

encrypting, 295, 397-399logging in to MySQL, 221-222MySQL, 418online newsletters, 719-721storing, 295, 395user authentication, 588-595

PATH settings, MySQL installations, 900-901

944 operators

pathsabsolute, 62file, 442-443relative, 62

paymentsmodules, 639-641systems, 608-609

PCRE extension, 7PDF (Portable Document Format), 771-775

generating certificates, 788-791headers, 804PDFlib, 792-804

personalized documents, 772readers, 794-795templates, creating, 776-777Web site, 775

pdf.php files (certification application), 779pdf_add_outline() function, 794pdf_begin_page() function, 793pdf_close() function, 796pdf_fill() function, 804pdf_rect() function, 802pdf_replace() function, 789pdf_set_info() function, 793pdf_setlinewidth() function, 802pdf_show() function, 795pdf_show_xy() function, 803pdf_stringwidth() function, 803pdf_stroke() function, 802PDFlib

certificates, 796, 802-804PDF documents, 792-796

pdflib.php files, 796certification application, 779

PEAR (PHP Extension and ApplicationRepository)

Databases, 284-285installing, 905-906Web site, 907

PECL (PHP Extension Class Library), 483Web site, 907

per-class constants, 184Perl regular expressions, 123permissions

database optimization, 304write files, 418

personalization, 771certification project, 779

files, 779index.html file, 780-781PDF, 788-791PDF, PDFlib, 792-796PDFlib, 796, 802-804RTF, 784-787score.php file, 782-784

creating, 771-772extensions, 805formats, 772

ASCII, 772HTML, 773paper, 772PDF, 775PostScript, 774-775RTF, 774word processors, 773

headers, 804requirements

questions/answers, 776software, 776-777

usersbookmarks, 571, 596-602defined, 569passwords, 570recommendations, implementing,

602-603, 605solutions, 570-572system requirements, 570usernames, 570

PGP (Pretty Good Privacy), 419phar extension, 7Philip and Alex’s Guide to Web Publishing

Web site, 910Phorum web forums project, 770PHP

advanced OO features, 184-186, 191Application Tools Web site, 909Base Library Web site, 908basic authentication (HTTP), 400-402calling functions, 22Center Web site, 908Classes Repository Web site, 908Club Web site, 908

945PHP

command line, 531configuring, 894constants, 31control structures, 46, 49

alternate syntax, 56breaking out of, 56conditionals, 46-51declare, 57loops, 51-56

database interfaces, 282date and time, 469, 474

calendar functions, 480-481checkdate() function, 474converting between PHP and

MySQL formats, 476-477date calculations, 477-478date() function, 469-472floor() function, 478getdate() function, 473microseconds, 480mktime() function, 471-472PHP Web site, 481

date() function, 21-22Developer Web site, 909Developer’s Network Unified Forums

Web site, 909development environments, 544embedding in HTML, 17-18

comments, 20-21statements, 19-20tags, 18-19whitespace, 20

environment variable functions, 450evaluating strings, 525-526extensions directory, copying

libpdf_files, 899functions

eval() function, 525-526get_current_user() function, 529get_extension_funcs(), 528get_loaded_extensions() function,

528getlastmod() function, 529highlight_file(), 530-531ini_get() function, 529-530

ini_set() function, 529-530my_error_handler() function, 565mysql connect() function, 555mysqli_errno() function, 556mysqli_error() function, 556mysqli_query() function, 556names in code, 539serialize() function, 526-527set_error_handler() function, 565show_source() functions, 530-531unserialize() function, 527variables, 44-46

gd documentation Web site, 508highlighting syntax, 530-531Homepage Web site, 908images

canvas, creating, 487creating, 486-499formats, 484generating automatically, 490-491GIF (Graphics Interchange

Format), 485identifiers, destroying, 490JPEG (Joint Photographic Experts

Group), 485outputting, 489-490PNG (Portable Network Graphics),

485supporting, 484text, 487-499WBMP (Wireless Bitmap), 485

installation, 14, 894binary installations, 890source installations, 891, 893-896Windows, 903-905

jpeg-6b, downloading, 484Kitchen Web site, 909language constructs

die(), 526exit, 526

libraries, 891Magazine Web site, 907modular names in code, 539network lookup functions, 455-459

dns_get_mx(), 459explode(), 459

946 PHP

gethostbyaddr(), 458gethostbyname(), 456-458getmxrr(), 456parse_url(), 458

online manual, 80operators, 32

arithmetic operators, 33-34array operator, 40assignment operators, 28-36associativity, 42-44bitwise operators, 38comma operator, 39comparison operators, 36-37error suppression operator, 39execution operator, 39-40logical operators, 38new operator, 39precedence, 42-44string operators, 34ternary operator, 39totaling forms, 41-42type operator, 40unary operators, 33

optimizations, 546-547PHP 5.3

bug fixes in, 7crypt() functionality in, 7date/time functions in, 7date_add() function, 478date_sub() function, 478error reporting in, 7fileinfo extension, 7hash() functionality in, 7intl extension, 7md5() functionality in, 7MySQLnd drivers, 7namespaces, 7new features of, 7PCRE extension, 7phar extension, 7php.ini administration in, 7Reflection extension, 7SPL extension, 7sqlite3 extension, 7time/date functions in, 7

Windows support for, 7, 900Zend engine improvements, 7

resources, 907-909Resource Web site, 908-909running

as CGI Interpreter, 890as modules, 890

scripts, 551debugging variables, 559, 561errors, 562-567modification dates, 529programming errors, 551-558MySQL passwords, 418owners, identifying, 529terminating execution, 526

serialization, 526-527sessions. See sessionsSOAP libraries (Amazon), 814statements, 19-20tags, 18-19

ASP style, 19require() statement, 136SCRIPT style, 19Short style, 19

variablesform variables, accessing, 23-27identifiers, 28names in code, 539scope, 31-32superglobal, 32types, 29-30user declared variables, 28values, assigning, 28

Web site, 481, 537, 891writing, 434-438XML style, 19

PHP Extension and Application Repository(PEAR)

installing, 905-906Web site, 907

PHP, Hypertext Preprocessor Web site, 106php.ini file

administration in PHP 5.3, 7auto_append_file, 142-143auto_prepend_file, 142-143

947php.ini file

directives, editing, 529-530examining, 380

phpautodoc Web site, 545PHPBookmark application

Ajax elements, adding, 871creating, 569

database schema, 573-574front page, 574-577function libraries, 572

extensions, 606files, 572project, 870-883

PHPBuilder.com Web site, 908PHPCertifcation.pdf files (certification appli-

cation), 779PHPCertification.rtf files (certification appli-

cation), 779PHPCommunity Web site, 907phpdoc Web site, 544PHPDocumentor Web site, 544PHPIndex.com Web site, 908phpinfo() command, 31phpinfo() function, 450, 778PHPMyAdmin.Net Web site, 908PHPWizard.net Web site, 908php|architect Web site, 907physical security, 359, 388plain text (encryption), 351plus symbols (+)

regular expressions, 126Web forum articles, 748

PNG (Portable Network Graphics), 485library Web site, 891

pollsetup.sql file, 500polymorphism, 161POP (Post Office Protocol), 452POP3 (Post Office Protocol version 3),

651-652populate.sql files (Shopping Cart applica-

tion), 612Portable Document Format. See PDFPortable Network Graphics. See PNGpositioning text buttons, 498-499POSIX regular expressions. See regular

expressionsposix_getgrgid() function, 446posix_getpwuid() function, 446posix_getpwuid() functions, 444

Post Office Protocol (POP), 452Post Office Protocol version 3 (POP3),

651-652post-decrement operator, 35-36post-increment operator, 35-36posters (Web forum application), 744Postnuke Web site, 909PostScript, 774-775

Downloading fonts, 484power failures, 359pre-decrement operator, 35-36pre-increment operator, 35-36precedence, operators, 42-44prepared statements, 280-281preparing for DoS/DDoS attacks, 387preprocessing script architecture, 694Pretty Good Privacy (PGP), 419pretty() function, 714prev() function, 102preventing

inheritance, 172overriding, 172

previewing online newsletters, 732-733PRIMARY KEY keyword, 231primary keys (databases), 209-210principle of least privilege, 223print() function, 110printf() function, 111-112printing

header bar summaries (Shopping Cartapplication), 632

strings, 110-113print() function, 110printf() function, 111-112sprintf() function, 111

text images, 487-489privacy policies

commercial Web sites, 333SSL (Secure Sockets Layer), 333

private access modifier, 166-167visibility, controlling, 169-170

private keysencryption, 353Gnu Privacy Guard (GPG), 420

privilegesFILE, 295GRANT, 295

948 php.ini file

MySQL, 223global privileges, 224GRANT command, 223-228principle of least privilege, 223REVOKE command, 227-228

PROCESS, 295types, 225-227system, 287-288

columns_priv table, 293db table, 290-291grant table, 293host table, 290-291privileges, updating, 293-294slaves, 307tables_priv table, 293

user table, 289-290updating, 293-294user database security, 295-296

PROCESS privilege, 226, 295process.php files (Shopping Cart applica-

tion), 611process.php script (Shopping Cart applica-

tion), 639processing HTML forms, 14, 17Product class, 839Product.php files (Tahuayo application), 819progex.php file, 448-449programming errors, 551, 553-554

logic errors, 558-559runtime errors, 553-554

database interaction, 555-557functions that don’t exist, 554-555input data, checking, 558network connections, 557-558reading/writing files, 555

syntax errors, 552-553programs. See also applications

install (Apache), 902running command line, 531

project codes, installing (Amazon), 853-854property files, changing, 446protocols, 451-452

application layer protocols, 414File Transfer Protocol (FTP), 459

anonymous login, 462backing up files, 459-465

ftp_get() function, 466ftp_mdtm() function, 464ftp_nlist() function, 467ftp_size() function, 467mirroring files, 459-465set_time_limit() function, 467timeouts, avoiding, 467uploading files, 466

FTP (File Transfer Protocol), 64-65HTTP (Hypertext Transfer Protocol),

414handshaking, 414-415opening files, 64-65Secure Sockets Layer (SSL), 414

IMAP (Internet Message AccessProtocol), 452, 651-652

IP (Internet Protocol), 414NNTP (Network News Transfer

Protocol), 452POP (Post Office Protocol), 452POP3 (Post Office Protocol version

3), 651-652RFCs (Requests for Comments),

451-452SMTP (Simple Mail Transfer

Protocol), 452, 652SOAP (Simple Object Access

Protocol), 845-846stacks, 413-414TCP (Transmission Control Protocol),

414Web Services

SOAP (Simple Object AccessProtocol), 811-812

WSDL (Web Services DescriptionLanguage), 812

prototypescode, 545-546functions, 144

public access modifier, 166-170public keys

encryption, 353-354Gnu Privacy Guard (GPG), 420-422

purchase.php files (Shopping Cart applica-tion), 611

purchase.php script (Shopping Cart applica-tion), 634, 639

949purchase.php script (Shopping Cart application)

putenv() function, 450PX-PHP Code Exchange Web site, 908

Qqueries

EXPLAIN statement, 299-303indexes, 304INSERT, 276-280subqueries, 258-259


Web databases, 271adding data, 276-280connections, setting up, 273disconnecting from databases, 276input data, 271-272mysql_query() function, 274-275prepared statements, 280-281retrieving results, 275-276selecting databases, 274

quotes, magic quotes, 115

Rr+ file mode, 63RAID (Redundant Array of Inexpensive

Disks), 358range() function, 83RDBMS (relational database management

systems), 80, 243readdir($dir) function, 440readers, PDF, 794-795readfile() function, 74reading

from directories, 439-441files, 61, 71-72, 444-446

feof() function, 73fgetc() function, 75fgetcsv() function, 73-74fgets() function, 73fgetss() function, 73file() function, 74fopen() function, 72fpassthru() function, 74

fread() function, 75readfile() function, 74

runtime errors, 555Warm Mail application, 671, 681

mailbox contents, viewing, 674-676messages, 677-678, 680-681selecting accounts, 671, 673

real-world objects, modeling (Web databas-es), 211-212

recommend.php files (PHPBookmark appli-cation), 572

recommend_urls() function, 603, 605recommendations

bookmarks, 571implementing, 602-603, 605

recordsdeleting, 264updating, 261tables, 209

recursive functions, 156-158red, green, and blue (RGB), 488Redundant Array of Inexpensive Disks

(RAID), 358redundant data, avoiding (Web databases),

212-213reference operator, 36reflection API, 190-191Reflection extension, 7REGEXP keyword, 249register() function, 582register_form.php files (PHPBookmark appli-

cation), 572register_new.php files (PHPBookmark appli-

cation), 572registering

session variables, 513user authentication, 577, 580-583

regression, 377regular expressions, 123-124

* symbol, 126+ symbol, 126branching, 127caret symbol (^), 126-127characters

classes, 125sets, 124-125

curly braces ({}), 126functions versus string functions, 131

950 putenv() function

Perl, 123slash (\), 127Smart Form Mail application, 128-129special characters, 127-128splitting strings, 130string anchoring, 126-127subexpressions, 126substrings

finding, 129-130replacing, 130

Web references, 131reinterpreting variables, 46relational database management systems.

See RDBMSrelational databases, 208, 210

benefits, 207keys, 209

foreign keys, 210primary keys, 210

relationships, 211many-to-many relationships, 211one-to-many relationships, 211one-to-one relationships, 211, 216

schemas, 210tables, 208

columns, 209rows, 209values, 209

relationships (databases), 211many-to-many relationships, 211one-to-many relationships, 211one-to-one relationships, 211, 216

relative paths, 62RELOAD privilege, 226remote FTP connections, 463rename() function, 447reordering arrays, 96

array_reverse() function, 97-98shuffle() function, 96

repetitive tasks. See loopsreplacing substrings, 122-123

with regular expressions, 130replication, databases, 306-307

data transfer, 306-308master servers, 306-307slaves, 306-308

REPLICATION CLIENT privilege, 226REPLICATION SLAVE privilege, 226replying to email, Warm Mail application,

684-685repository (version control, code), 542repudiation, 348-349requests

HTTP, 856-857MySQL database, 293server response, 866

Requests for Comments (RFCs), 451-452require() statement, 135-136



filename extensions, 136PHP tags, 136Web site templates, 137-142

reset password() function, 592reset() function, 102resetting passwords, user authentication,

593resources, 907

Apache, 909data types, 29MySQL and SQL, 909PHP, 907-909Web development, 910

responses (HTTP), 866REST/XML (Amazon), 838-839, 844restoring databases, 306restricting access

to .php files, 374-375to sensitive data, 364

result identifiers, retrieving query results(Web databases), 275-276

results.php script, 269retrieve_message() function, 678returning

assignment operator, 34-35from functions, 154-155keywords, 154-155policies, 333rows, 258statements, 154values, 94, 155-156

951returning

reusing codebenefits, 133-134

consistency, 134cost, 134reliability, 134

include() statement, 134, 142-143require() statement, 135-136, 142-143


filename extensions, 136PHP tags, 136Web site templates, 137-142

reverse sort orderarrays, 93multidimensional arrays, 95

reverse spam, 346REVOKE command, 227-228rewind() function, 76rewinddir($dir) function, 441rewriting code, 537-538RFCs (Requests for Comments), 451-452

RFC Editor Web site, 451, 468RGB (red, green, and blue), 488Rich Text Format (RTF), 771, 774risks for commercial Web sites, 336


rmdir() function, 443rolled back transactions, 314root elements (XML), 811root nodes (Web forum tree structure), 743rows

returning, 258subqueries, 260unmatched, 252-253values, 209

RSA, 353rsort() function, 93RTF (Rich Text Format), 771, 774

generating certificates, 784-787templates, creating, 776

rtf.php files, 779, 786rtrim() function, 110running

Apache, 897command line programs, 531PHP

as CGI Interpreter, 890as modules, 890

runtime errors, 553-554database interaction, 555-557functions that don’t exist, 554-555input data, checking, 558network connections, 557-558reading/writing files, 555

SS-HTTP (Secure Hypertext Transfer Protocol),

412safeString() function, 825scalar variables, 81,

converting arrays to, 105-106schemas

Book-O-Rama application, 219, 230database (PHPBookmark application),

573-577scope

fields, 290function scope, 151global scope, 151variable scope, 31-32, 150-153

score.php files (certification project),779-784

screening user input, 417SCRIPT style (PHP tags), 19scripts

admin.php script (Shopping Cartapplication), 641, 643

architecturefooters, 694headers, 694online newsletters, 694-701performing actions, 694preprocessing, 694

authmain.php (authentication),517-522

breaking out of, 56

952 reusing code

buttons, calling, 493catalog scripts (Shopping Cart applica-

tion), 615-617index.php, 615-620show_book.php, 616, 622-623, 646show_cat.php, 615, 620-622

checkout.php script (Shopping Cartapplication), 633-638

edit_book_form.php (Shopping Cartapplication), 646

executing, 531Hello World, 792-796images, drawing, 486insert_book.php, 278-279, 644-645

prepared statements, 280insert_book_form.php script

(Shopping Cart application), 644logout.php (authentication), 523-524make_button.php, 492members_only.php (authentication),

522-523modification dates, 529mysqlhotcopy, database backup, 306owners, identifying, 529PHP, MySQL passwords, 418process.php script (Shopping Cart

application), 639purchase.php script (Shopping Cart

application), 634, 639querying Web databases, 271

adding data, 276-280connections, setting up, 273disconnecting from databases, 276input data, 271-272mysql_query() function, 274-275prepared statements, 280-281retrieving results, 275-276selecting databases, 274

results.php, 269servertime.php, 863-864show_book.php (Shopping Cart

application), 646show_cart.php script (Shopping Cart

application), 623-627adding items to cart, 630-631header bar summary, printing, 632

updated carts, saving, 631-632viewing contents of cart, 627-630

terminating execution, 526Warm Mail application (email client),

657, 662-663Web database architecture, 217

SearchDatabase.com Web site, 909searching substrings, 120-121

find and replace, 122-123numerical position, 121regular expressions, 129-130strchr() function, 121stristr() function, 121strpos() function, 121strrchr() function, 121strrpos() function, 122strstr() function, 121

Secure Hypertext Transfer Protocol (S-HTTP),412

Secure Socket Layer. See SSLsecure storage, 417-419secure transactions, 409-410

Internet, 411-412screening user input, 417Secure Sockets Layer (SSL), 413-415

compression, 416handshaking, 414-415protocol stacks, 413-414sending data, 415-416

secure storage, 417-419systems, 412-413user machines, 410-411Web browsers, 410-411

Secure Web servers, 355-357security, 362

authentication, 343, 401-406access control, implementing,

392-395basic authentication. See basic

authenticationcustom, creating, 408digest authentication, 400encrypting passwords, 397-399identifying users, 391-392mod_auth_mysql module, 406-408multiple pages, protecting, 399

953security

passwords, 350-351storing passwords, 395Web sites, 408

bottom-up approach, 363bugs, testing for, 376-377Certifying Authorities (CAs), 355code organization, 374commercial Web sites, 342

auditing, 357authentication, 350-351backing up data, 358Certificate Signing Request

(CSR), 356-357compromises, 349crackers, 337digital certificates, 355digital signatures, 354-355encryption, 351-354firewalls, 357-358hash function, 354importance of stored information,

342log files, 357passwords, 350-351physical security, 359Secure Web servers, 356-357security policies, creating, 349-350threats, 342-349

databases, 294, 384authentication, 383-384connecting to servers, 384-385operating system, 294passwords, 295servers, 385user privileges, 295-296Web issues, 296

denial of service, 364disaster recovery, 364, 388-389DMZ, 386-387DoS attacks, preparing for, 387effect on usability, 362encryption, 352-353, 419-420

Data Encryption Standard (DES),353

GPG (Gnu Privacy Guard),419-427

PGP (Pretty Good Privacy), 419files

system considerations, 375-376uploads, 434, 438

firewalls, 386hosting services, 382-383malicious code injection, 365monitoring, 363output, escaping, 371passwords, 362.php files, restricting access to,

374-375physical security, 388restricting access to sensitive data, 364Secure Socket Layer (SSL), 344SQL injection attacks, 371TCP/IP networks, 343top-down approach, 363transactions, 409-410

Internet, 411-412screening user input, 417Secure Sockets Layer (SSL),

413-416secure storage, 417-419systems, 412-413user machines, 410-411Web browsers, 410-411

user input, filtering, 367-371SELECT clauses, 257SELECT privileges, 225SELECT statements, 246

LIMIT clause, 258ORDER BY clause, 255

selectingdatabases in MySQL, 229Web databases, 274

selectors (CSS), 858semicolon (;), MySQL, 220, 274send() function, 734send_message() function, 683-684sending

email, 452messages, online newsletters, 733,

737-739

954 security

Warm Mail applicationforwarding/replying, 684-685new messages, 682-684

sensitive data, storing, 417-419serialization, 526-527

session variables, 514serialize() function, 526-527, 848server-side programming, 860servers

Apache. See Apache,Web serverauthentication, 351communication with Ajax, 863-864database servers,Web database archi-

tecture, 217master, database replication, 306-307response to HTTP requests, 866secure storage, 417-419Secure Web servers, 355-357Web servers,Web database architec-

ture, 216servertime.php script, 863-864services

adding, 335, 452-454providing, 334-335taking orders for, 331-334

session_get_cookie_params() function, 511session_register() function, 513session_start() function, 512, 514-515session_unregister() function, 513sessions, 509, 512

authentication, 517-524configuring, 516-517cookies, 510-511creating (Amazon), 823destroying, 513example session, 514-516IDs, 509-512Shopping Cart application, 608, 623starting, 512variables, 510

deregistering, 513implementing, 513registering, 513serializing, 514

set cardinality (arrays), 104

SET type, 241set_error_handler() function, 565set_time_limit() function, 467setcookie() function, 510-511setting up

Book-O-Rama, 243databases of lists, 688

settype() function, 44SGML (Standard Generalized Markup

Language), 808shal1() function, 398shell command executor, 377-378shell script-style comments, 20Shopping Cart application, 607, 617, 624,

643, 650administration

interfaces, 609views, 609-610

administration interface, 643-647, 650administration menu (admin.php),

641, 643edit_book_form.php script, 646insert_book.php script, 644-645insert_book_form.php script, 644show_book.php script, 646

book_sc database, 612-615catalog scripts, 615-617

index.php, 615-620show_book.php, 616, 622-623, 646show_cat.php, 615, 620-622

code modules, 610database, 615extensions, 650files, 611-612online catalogs, building, 608payments

modules, 639-641systems, 608-609

session variables, 608, 623shopping cart module

adding items, 630-631checkout.php script, 633-638header bar summary, printing, 632purchase.php script, 634, 639show_cart.php script, 623-627

955Shopping Cart application

updates, saving, 631-632viewing contents of, 627-630

solution overview, 609-612tracking user’s purchases, 608user view, 609-610

shopping carts, 607building (Amazon), 813, 849-852

Short style (PHP tags), 19short style form variable, 23-24SHOW COLUMNS statement, 297SHOW command, 233-234SHOW DATABASES privilege, 226SHOW statement, 296-297SHOW TABLES statement, 297show_book.php files (Shopping Cart applica-

tion), 611show_book.php script (Shopping Cart appli-

cation), 616, 622-623, 646show_cart.php files (Shopping Cart applica-

tion), 611show_cart.php script (Shopping Cart applica-

tion), 623, 625, 627adding items to cart, 630-631header bar summary, printing, 632updated carts, saving, 631-632viewing contents of cart, 627-630

show_cat.php files (Shopping Cart applica-tion), 611

show_cat.php script (Shopping Cart applica-tion), 615, 620-622

show_source() function, 530-531showBrowseNode() function, 826-827showCart() function, 852showCategories() function, 826showpoll.php file, 502-504, 506ShowSmallCart() function, 825showSummary() function, 828, 844shuffle() function, 96SHUTDOWN privilege, 226signature.png files (certification application),

779Simple Mail Transfer Protocol (SMTP), 452,

652Simple Object Access Protocol. See SOAPsimplegraph.php file, 486sin() function, 804

single-line comments, 21sites. See commercial Web sites; Web sitessizeof() function, 104slash (\), 311

regular expressions, 127Slashdot Web site, 392, 741slaves

database replication, 306-308replication, 307

Smart Form Mail applicationcreating, 107-109regular expressions, 128-129

SMTP (Simple Mail Transfer Protocol), 452,652

SOAP (Simple Object Access Protocol),808-812

Amazon, 807-808, 845-846envelopes, 812example, 811instances, 845libraries, 812PHP SOAP libraries (Amazon), 814

softwareengineering, 536errors, 338, 347

developer assumptions, 347poor specifications, 347poor testing, 348

personalized documents, 776PDF, 776-777RTF, 776

updating, 378-379solutions, user personalization, 570-572sort() function, 92sorting arrays, 92

asort() function, 93ksort() function, 93multidimensional, 93

reverse sorts, 95user-defined sorts, 93-95

reverse order, 93sort() function, 92

source installations, 891-896SourceForge Web site, 545, 909spam, 346

956 Shopping Cart application

special charactersliteral special characters (regular

expressions), 127regular expressions, 127-128

special privileges, 227specifications, CGI Web site, 450speed of queries, 304SPL extension, 7split() function, 130splitting strings

explode() function, 116-117regular expressions, 130strtok() function, 117substr() function, 118-119

sprintf() function, 111SQL (Structured Query Language), 243

ANSI standard Web site, 265Book-O-Rama database

setting up, 243tables, code to populate, 245

Course Web site, 909CREATE TABLE command, 229-231databases, 246-256

defined, 243-244dropping, 264joins, 254-255records, 261, 264rows, 252-253, 258subqueries, 258-260tables, 251-254, 261-263two-table joins, 250-251

DDL (Data Definition Languages),244

DML (Data Manipulation Language),244

MySQLaggregate functions, 256join types, 254-255

RDBMS (relational database manage-ment systems), 243

resources, 909strings, security, 371

sqlite3 extension, 7

SSL (Secure Sockets Layer), 344, 412-415,889

commercial Web sites, 333compression, 416handshaking, 414-415protocol stacks, 413-414sending data, 415-416testing, 899

stability, planning for, 376-377Standard Generalized Markup Language.

See SGMLstarting sessions, 512startup parameters, 900stat() function, 446statements

ALTER TABLE, 261-263break statement, 56continue statement, 56DELETE, 264DESCRIBE, 299describe user;, 289DROP DATABASE, 264DROP TABLE, 264echo statements, 26-27else statements, 47elseif statements, 48-49exit statement, 56EXPLAIN, 299-303

column values, 303join types, 301-302

GRANT, 287, 297if statements, 46-47include() statement, 134



INSERT, 244LOAD_DATA_INFILE, 311MySQL case-sensitivity, 221PHP statements, 19-20prepared, 280-281require() statement, 135-136


957statements


filename extensions, 136PHP tags, 136Web site templates, 137-140, 142

return statement, 154SELECT, 246

LIMIT clause, 258ORDER BY clause, 255

SHOW, 296-297SHOW COLUMNS, 297SHOW TABLES, 297switch statements, 49-51UPDATE, 261

static bindings, 185static methods, implementing, 184STD (column) function, 256STDDEV (column) function, 256storage engines, 312-313

InnoDB tablesforeign keys, 315-316transactions, 314-315

MEMORY tables, 312MERGE tables, 312MyISAM, 312

store_account() function, 704store_account_settings() function, 668-669store_list() function, 723store_new_post() function, 767store_new_post.php files (Web forum appli-

cation), 744stored functions, declaring, 318-319stored procedures, 316

control structures, 319-323cursors, 319-323declaring, 316-317local variables, 319stored functions, declaring, 318-319

storingbookmarks, 571data, 59. See also filespasswords, 295, 395redundant data (Web databases),

212-213secure storage, 417-419

session IDs, cookies, 511-512strings, 114-116

addslashes() function, 114stripslashes() function, 116

str_replace() function, 122, 787strategies, commercial Web sites, 339strcasecmp() function, 119strchr() function, 121strcmp() function, 119strings

anchoring, 126-127case functions, 113-114column types, 239-241comparing, 119

length of strings, testing, 120strcasecmp() function, 119strcmp() function, 119strnatcmp() function, 119

concatenation operator, 26-27data type (variables), 29evaluating, 525-526formatting, 110

case, changing, 113-114conversion specifications, 112-113HTML formatting, 110-111ltrim() function, 110nl2br() function, 110-111printing, 110-113rtrim() function, 110storage, 114-116trim() function, 110trimming whitespace, 110

functions versus regular expressionfunctions, 131

joiningimplode() function, 117join() function, 117

length, testing, 120operators, 34ordering

strcasecmp() function, 119strcmp() function, 119strnatcmp() function, 119

958 statements

printing, 110-113print() function, 110printf() function, 111-112sprintf() function, 111

securing, 371specifying, 27splitting

explode() function, 116-117regular expressions, 130strtok() function, 117substr() function, 118-119

substringsaccessing, substr() function,

118-119finding, 120-121, 129-130numerical position of, finding, 121replacing, 122-123, 130

tokens, 117strip_tags() function, 417stripslashes() function, 116, 272, 296stristr() function, 121strlen() function, 120strnatcmp() function, 119Stronghold Web site, 356strpos() function, 121strrchr() function, 121strrpos() function, 122strstr() function, 121, 597strtok() function, 117strtolower() function, 113strtoupper() function, 113Structured Query Language. See SQLstructures, directory, 542style sheets, CSS, 859subexpressions, 126subqueries, 258-259


subscribe() function, 717subscribers

databases, 688online newsletters, 717-718

substr() function, 118-119substr_replace() function, 123

substringsaccessing, 118-119finding, 120-121

numerical position, 121regular expressions, 129-130strchr() function, 121stristr() function, 121strpos() function, 121strrchr() function, 121strrpos() function, 122strstr() function, 121

replacing, 122-123, 130subtraction operator, 33SUM(column) function, 256Summary Web site, 330SUPER privilege, 226superglobal arrays, 24superglobal variables, 32switch statements, 49-51switches

-h switch (mysql command), 221-p switch (mysql command), 221-u switch (mysql command), 221

syntactic sugar, 537syntax, 552

ALTER TABLE statement, 262-263control structures, 56DESCRIBE statement, 299errors, 552-553extended, 257heredoc, 27highlighting, 530-531

system() function, 448systems

capacity limits (commercial Web sites),339

operating, 294secure transactions, 412-413user personalization, 570

Tt file mode, 63t1lib, downloading, 484tab control sequence (\t), 68

959tab control sequence (\t)

tablesaliases, 253-254altering, 261-263Book-O-Rama database, 245Cartesian product, 250columns, 209

atomic column values, 214-215DESCRIBE statement, 299types, 232-233

columns_priv, 288-293creating in MySQL, 229-231

indexes, creating, 234-235keywords, 231table types, 229viewing tables, 233-234

databasesbackup, 305optimization, 304

db, 288-291dropping, 264equi-joins, 251grant, 288, 293host, 288-291InnoDB

foreign keys, 315-316transactions, 314-315

joins, 250-255keys, 209

creating,Web databases, 215primary keys, 210

left joins, 252-253MEMORY, 312MERGE, 312MyISAM, 312rows, 209

returning, 258unmatched, 252-253values, 209

schemas, 210scope fields, 290tables_priv, 288-293temporary, 260two-table joins, 250-251user, 288-290

tables_priv table, 288-293

tagsclosing/opening (XML), 810PHP tags, 18-19

ASP style, 19require() statement, 136SCRIPT style, 19Short style, 19XML style, 19

Tahuayo application (Amazon), 815-820TCP (Transmission Control Protocol), 414TCP/IP (Transmission Control

Protocol/Internet Protocol), 386security, 343

templatesPDF, creating, 776-777RTF, creating, 776Web sites, 137-142

temporary tables, subqueries, 260terminating execution (scripts), 526ternary operator, 39testing

code, 548GPG (Gnu Privacy Guard), 422-427mod_auth_mysql module, 407PHP

installations, 904-905support, 897

regression, 377SSL, 899string length, 120variable status, 45

text, 59-61anti-aliasing, 489baseline, 497buttons, colors/fonts, 492checking, 76ciphertext (encryption), 351closing, 69deleting, 76fitting onto buttons, 495-498formats, 68-69images

creating, 491-499drawing or printing on, 487-489

960 tables

limitations, 79locking, 78-79navigating, 76-77opening, 61



plain text (encryption), 351positioning, 498-499reading, 61, 71-72

feof() function, 73fgetc() function, 75fgetcsv() function, 73-74fgets() function, 73fgetss() function, 73file() function, 74fopen() function, 72fpassthru() function, 74fread() function, 75readfile() function, 74

writing, 61, 499file formats, 68-69fputs() function, 67fwrite() function, 67-68

TEXT type, 239-241Thawte Web site, 348, 355threaded discussion group application,

741-742, 763-764article list, 747, 749

collapsing threads, 748, 752displaying articles, 752-753expanding threads, 748-751individual articles, viewing,

760-762new articles, adding, 762-769plus symbols, 748treenode class, 753-760

database design, 744-745, 747extensions, 769files, 744posters, 744

solutions, 742-744tree structure, 742-743tree_node class, 743

threads, 741collapsing, 748, 752expanding, 748-753

threats to securitycommercial Web sites, 342

DDoS (Distributed Denial ofService), 346

DoS (Denial of Service), 346-347exposure of confidential data,

343-344loss of data, 344-345modification of data, 345-346repudiation, 348-349software errors, 347-348

crackers, 366disgruntled employees, 366hardware thieves, 366infected machines, 366

three-dimensional arrays, 90-92throw clause, 196throwing exceptions, 193tiers (applications), 218TIFF library Web site, 778, 891time and date

converting between PHP and MySQLformats, 476-477

in MySQLdate calculations, 478-480DATE_FORMAT() function,


476-477in PHP, 7, 469, 474

calendar functions, 480-481checkdate() function, 474date calculations, 477-478date() function, 469-472floor() function, 478getdate() function, 473microseconds, 480mktime() function, 471-472PHP Web site, 481

961time and date

timeouts, avoiding, 467timestamps, Unix, 471-472tokens (strings), 117top-down approach to security, 363topbar.php file, 819, 825totaling forms with operators, 41-42touch() function, 447traceroute command (UNIX), 344tracking user’s purchases (Shopping Cart

application), 608Transmission Control Protocol. See TCPTransmission Control Protocol/Internet

Protocol. See TCP/IPtransactions, 313

ACID compliance, 313autocommit mode, 314committed, 314defined, 313InnoDB tables, 314-315rolled back, 314secure transactions, 409-410

Internet, 411-412screening user input, 417Secure Sockets Layer (SSL),

413-416secure storage, 417-419systems, 412-413user machines, 410-411Web browsers, 410-411

transfer modes, FTP, 466transferring data, database replication,

306-308tree structure (Web forum application),

742-743tree_node class, 743treenode class (Web forum application),

753, 757-760treenode_class.php files (Web forum appli-

cation), 744triggering errors, 564trim() function, 110, 271Tripwire Web site, 346troubleshooting

errors, 66. See also errorsfile uploads, 438-439opening files, 65-66

TrueType fonts, 492try blocks (exception handling), 193tuples (tables), 209tutorials

exception handling, 203graphs, 508

two-dimensional arrays, 88-90two-table joins, 250-251type

conversion specification type codes,112-113

hinting, 184operator, 40

U-u switch (mysql command), 221uasort() function, 95ucfirst() function, 113ucwords() function, 114uksort() function, 95umask() function, 443unary operators, 33undefined functions, calling, 145-146uninterruptible power supply (UPS), 359union operator, 87Unix

binary installations, 890-893date() function, 471-472Epoch (GMT), 471httpd.conf file, 896-897libpdf_php file, copying, 899PHP, testing, 897source installations, 891, 893-896SSL, testing, 899traceroute command, 344

UNIX_TIMESTAMP() function, 476-477unlink() function, 76, 447unmatched rows, 252-253unnecessary OS applications, disabling, 388unserialize() function, 527, 848unset() function, 45UNSIGNED keyword, 231unsubscribe() function, 717unsubscribing online newsletters, 717-718update anomalies (Web databases)

962 timeouts, avoiding

UPDATE privilege, 225UPDATE statement, 261updating

avoiding, 213FTP servers, 464-465operating systems, 387-388privileges, 293-294records, 261Shopping Cart application, 631-632software, 378-379

upload.php files (MLM application), 691uploading

files, 431-432displaying, 437HTML, 433HTML forms, 431PHP, writing, 434-438security, 434, 438troubleshooting, 438-439

FTP (File Transfer Protocol), 466online newsletters, 724-731

UPS (uninterruptible power supply), 359url_fns.php files (PHPBookmark application),

572urlencode() function, 399, 455USAGE privilege, 227user authentication

input data, validating, 580logging in, 584-587logging out, 587-588passwords

resetting, 591-595setting, 588-591

registering, 577, 580-583user declared variables, 28user input, screening, 417user interfaces, commercial Web sites,

333-334user personalization

bookmarksadding, 596-599deleting, 600-602displaying, 599recommending, 571storing, 571

defined, 569passwords, 570recommendations, 602-605solutions, 570-572system requirements, 570usernames, 570

user privileges, database security, 295-296user tables, 288-290user views (Shopping Cart application),

609-610user-defined exceptions, 196-197, 199user-defined sorts, multidimensional arrays,

93-95user_auth_fns.php files

MLM application, 691PHPBookmark application, 572Shopping Cart application, 612Warm Mail application, 655

user_auth_fns.php librarycheck_auth_user() function, 665

usernames, 570users

administrative user privileges, 226-227authentication, 391, 401-406

access control, implementing,392-395

basic authentication, 399digest authentication, 400encrypting passwords, 397-399identifying users, 391-392mod_auth_mysql module, 406-408multiple pages, protecting, 399storing passwords, 395Web sites, 408

MySQL, setting up, 223privileges, 223

global privileges, 224GRANT command, 223-228principle of least privilege, 223REVOKE command, 227-228types, 225-227

secure transactions, 410-411setting up in MySQL, 223-229

Using mkdir() function, 443usort() function, 94

963usort() function

utilities, myisamchk, 303utilityfunctions.php file, 820, 825

Vvalid email() function, 581validating user authentication input data,

580values

array elements, 82assigning to variables, 28atomic column values (databases),

214-215columns, EXPLAIN statement, 303default, database optimization, 305null values, avoiding (Web databases),

216returning, 94

assignment operator, 34-35functions, max() function, 155-156

tables, 209variables, 27, 30, 150-153, 539

arrays, 81-82applying functions to elements,

103-104associative arrays, 85converting to scalar variables,

105-106counting elements, 104elements, 82functions, passing by reference, 104indexes, 82loading from files, 98-101multidimensional arrays, 88-95navigating within an array, 102numerically indexed arrays, access-

ing contents, 83-84operators, 87-88reordering, 96-98set cardinality, 104sorting, 92-93

browseNode, 824debugging, 559-561environment functions, 450form variables, 23-27

functions, 44, 148reinterpreting, 46status, testing, 45types, setting/testing, 44-45

global variables, 151identifiers, 28local stored procedures, 319local variables, 151mode, 824page, 824scalar variables, 81, 105-106scope, 31-32sessions, 510

deregistering, 513implementing, 513registering, 513serializing, 514Shopping Cart application, 623

superglobal, 32types, 29

casts, 30data types, 29strength, 29-30variable variables, 30

user declared variables, 28values, assigning, 28

verificationsconnections, 293requests, 293

VeriSign, 355Web site, 348

version control (code), 542-543CVS (Concurrent Versions System),

543multiple programmers, 543repository, 542-543

view_post.php files (Web forum application),744

viewingdatabases in MySQL, 233-234individual articles (Web forum appli-

cation), 760-762lists (online newsletters), 708-717message headers (Warm Mail applica-

tion), 680-681tables in MySQL, 233-234

964 utilities, myisamchk

views, File Details, 445visibility, controlling, 169-170vote.html file, 500

Ww file mode, 63w+ file mode, 63W3C Web site, 808Warm Mail application (email client)

accountscreating, 668-669deleting, 670modifying, 670selecting, 671-673setting up, 666-668

databases, setting up, 655-656email, deleting, 681-682extensions, 686files, 654-655IMAP function library, 652-653interface, 654logging in, 663-666logging out, 666reading mail, 671, 681

mailbox contents, viewing, 674-676messages, 677-681selecting accounts, 671, 673

script architecture, 657, 662-663sending mail

forwarding/replying, 684-685new messages, 682-684

solutionscomponents, 652-653overview, 654-655

WBMP (Wireless Bitmap), 485Web application projects

content, 546database security, 296development environment, 544documentation, 544-545logic, 546planning, 536-537prototypes, 545-546rewriting code, 537-538

running, 536-537software engineering, 536testing code, 548version control, 542-543writing maintainable code, 538

breaking up, 541-542code standards, 538commenting, 540directory structures, 542function libraries, 542indenting, 540-541naming conventions, 538-540

Web browsersauthentication, 351secure transactions, 410-411Web database architecture, 216

Web databasesarchitecture, 216-218, 268-271designing, 211

anomalies, avoiding, 213atomic column values, 214-215keys, creating, 215null values, avoiding, 216questions, formulating, 215real-world objects, modeling,

211-212redundant data, avoiding, 212-213table types, 216update anomalies, avoiding, 213

querying, 271adding data, 276-280connections, setting up, 273disconnecting from databases, 276input data, 271-272mysql_query() function, 274-275prepared statements, 280-281retrieving results, 275-276selecting databases, 274

selecting in MySQL, 229tables

column types, 232-241creating, 229-231indexes, creating, 234-235

965Web databases

keywords, 231types, 229viewing, 233-234

transaction process, 217users, setting up, 228-229viewing in MySQL, 233-234

Web development, 910Web forum application, 741-742, 763-764

article list, 747-749collapsing threads, 748-752displaying articles, 752-753expanding threads, 748-751individual articles, viewing,

760-762new articles, adding, 762-769plus symbols, 748treenode class, 753-760

database design, 744-747extensions, 769files, 744posters, 744solution components, 742-743solution overview, 743-744tree structure, 742-743tree_node class, 743

Web forumsPhorum, 770threads, 741

Web pagesauthentication, 399services, adding, 452, 454

Web resources for DOM, 884Web servers

Apache. See Apache,Web serverauthentication, 351commands, 447-450file upload, 434-438Microsoft IIS, configuring, 381secure storage, 417-419Secure Web servers, 355-357Web database architecture, 216

Web Services. See also SOAPadding to Web pages, 452-454defined, 811

interfaces (Amazon), 813-814protocols

SOAP (Simple Object AccessProtocol), 811-812

WSDL (Web Services DescriptionLanguage), 812

Web Services Description Language (WSDL),812

Web sitesAdobe, FDF, 789Adobe Acrobat, 776Ajax development, 885AMANDA (Advanced Maryland

Automated Network Disk Archiver),358

Analog, 330ANSI, 265Apache, 891Apache Software, 909Apache Today, 909Apache Week, 909authentication documentation, 408Boutell, 508BUGTRAQ archives, 437CGI specification, 450Codewalkers, 909CVS (Concurrent Versions System),

543, 549Devshed, 508, 908EPA, 359Equifax Secure, 355Evil Walrus, 909Extreme Programming, 549FastTemplate, 546FDF, 789Fedex, 335FishCartSQL, 650FPDF function library, 778gd documentation, 508Ghostscript, 775GNU Privacy Guard, 419Google, 811HotScripts.com, 908IMAP c client, 891

966 Web databases

JPEG (Joint Photographic ExpertsGroup), 485

JPEG library, 778, 891Microsoft Word, 773MySQL, 220, 309, 891, 909

date and time functions, 481online manual, 241

Natural Order String Comparison,119

Netscapecookie specification, 511SSL 3.0 Specification, 427

New York Times, 392OpenSSL, 891PDF, 775PEAR (PHP Extension and

Application Repository), 907PECL, 907Philip and Alex’s Guide to Web

Publishing, 910PHP, 537, 891

Application Tools, 909Base Library, 908calendar functions, 481Center, 908Classes Repository, 908Club, 908Developer, 909Developer’s Network Unified

Forums, 909Homepage, 908Hypertext Preprocessor, 106Kitchen, 909Magazine, 907online manual, 80Resource, 908-909

phpautodoc, 545PHPBuilder.com, 908PHPCommunity, 907phpdoc, 544PHPDocumentor, 544PHPIndex.com, 908PHPMyAdmin.Net, 908PHPWizard.net, 908

php|architect, 907PNG (Portable Network Graphics),

485PNG library, 891Postnuke, 909PX-PHP Code Exchange, 908RFC Editor, 451, 468SearchDatabase.com, 909Slashdot, 392, 741SourceForge, 545, 909SQL Course, 909Stronghold, 356Summary, 330templates, 137-142Thawte, 348, 355TIFF library, 778, 891Tripwire, 346UPS, 335VeriSign, 348, 355W3C, 808Webalizer, 330WeberDev.com, 908WebMonkey.com, 908Zend, 131, 508Zend.Com, 907zlib library, 891

Webalizer Web site, 330WeberDev.com Web site, 908WebMonkey.com Web site, 908WHERE clause, 248

comparison operators, 248-249join condition, 250

while loops, 53-54whitespace, 20, 110wildcard character (%), 293Windows

Apache, 902MySQL, 900-901PHP, 903-904

Apache configurations, 904testing, 904-905

support, 7, 900Wireless Bitmap (WBMP), 485word processor formats, 773

967word processor formats

writingcode for classes, 175-183files, 61, 418

file formats, 68-69fputs() function, 67fwrite() function, 67-68

maintainable code, 538breaking up, 541-542code standards, 538commenting, 540directory structures, 542function libraries, 542indenting, 540-541naming conventions, 538-540

PHP file uploads, 434-438runtime errors, 555Text buttons, 499

WSDL (Web Services Description Language),812

X-Yx file mode, 63x+ file mode, 63XHTML (Extensible Hypertext Markup

Language), 858XML (Extensible Markup Language), 807,

860Amazon connections, 807-808defined, 808-810DTD (Document Type Definition),

810example, 808namespaces, 811parsing (Amazon), 814REST/XML (Amazon), 838-839, 844root elements, 811SGML (Standard Generalized Markup

Language), 808styles, 19tags (closing and opening), 810

XMLHTTPRequest object, 860, 862XSLT (XSL Transformations), 860XSS (Cross Site Scripting) attacks, 365

ZZend engines

Optimizers, 547PHP 5.3, improvements for, 7Web site, 131, 508, 907

zlib library Web site, 891

968 writing

php and mysql - pearsoncmg.com › images › ... · php has native connections available to many...

Documents