wicked cool php - gbv.de · wicked cool php real-world scripta tl1at solve difficmlt problelma by...
TRANSCRIPT
WICKED COOL PHP
Real-World ScriptA Tl1at Solve DifficMlt ProblelMA
by William Steinmetz with Brian Ward
NO STARCH
PRESS
San Francisco
'y means, eleetronic or
L'm, WiLhoUL Lhe prior
:dy:
inmetz and Brian
:. Olh,.,( r>roducL and
I.han USt' alrademark
'ial f""hion and LO the
''''"ution has been lj' liclbility to any Idir('erly by the
)
BRIEF CONTE TS
Introduction XIII
Chapter 1: The FAQs of life-
The Scripts Every PHP Programmer Wants (ar Needs) to Know 1
Chapter 2: Configuring PHP 19
Chapter 3: PHP Security 33
Chapter 4: Working with Forms 45
Chapter 5: Working with Text and HTML 59
Chapter 6: Working with Dates 81
Chapter 7: Working with Files 91
Chapter 8: User and Session Tracking 103
Chapter 9: Working with Email 119
Chapter 10: Working with Images , 129
Chapter 11: Using cURL to Interact with Web Services .................................................. 141
Chapter 12: Intermediate Projects 155
Appendix , 183
Index 185
CONTENTS IN DETAIL
INTRODUCTION xiii
1 THE FAQS OF L1FE-THE SCRIPTS EVERY PHP PROGRAMMER WANTS (OR NEEDS) TO KNOW 1
#1: Including Another File as aPart of Your Script . 2 What Can Go Wrong? 3
#2: Highlighting Alternate Row Colors in a Table 4 Hacking the Script 5
#3: Creating Previous/Next links 7 Using the Script 10
#4: Printing the Contents of an Array 11 #5: Turning an Array into a Nonarray Variable That Can Be Restored later 12
What Can Go Wrang? 12 #6: Sorting Multidimensional Arrays 13
Hacking the Script 14 #7: Templating Your Site with Smarty 14
Installing Smarty . .. 14 ABrief Smarty Tutorial 15 What Can Go Wrang? 16 Hacking the Script 17
2 CONFIGURING PHP 19
Configuration Settings and the php. ini File 20 locating Your php.ini File 20
#8: Revealing All of PHP's Settings 21 #9: Reading an Individual Setting 21 # 10: Error Reporting 22
Common Error Messages 23 # 11 : Suppressing All Error Messages 24 # 12: Extending the Run Time of a Script 24
What Can Go Wrong? 25 # 13: Preventing Users from Uploading large Files 25 #14: Turning Off Registered Global Variables 25 # 15: Enabling Magic Quotes 26
What Can Go Wrang? 26 # 16: Restricting the Files that PHP Can Access 26
What Can Go Wrong? 27 # 17: Shutting Down Specific Functions 27 # 18: Adding Extensions to PHP 27
Adding PHP Extensions 28 Installing Extensions with a Web-Based Control Panel 29 What Can Go Wrong? 32
3 PHP SECURny
Recommended Security Configuration Options #19: SQL Injection Altacks #20: Preventing Basic XSS Attacks #21: Using SafeHTML
What Can Go Wrong? #22: Proteeting Data with a One-Way Hash
Hacking the Script #23: Encrypting Data with Mcrypt
Hacking the Script #24: Generating Random Passwords
Using the Script
4 WORKING WITH FORMS Security Measures: Forms Are Not Trustworthy Verification Strategies Using $]OST, $_GET, $_REQUEST, and $_FILES to Access Form Data 47 #25: Fetching Form Variables Consistently and Safely #26: Trimming Excess Whitespace #27: Importing Form Variables into an Array #28: Making Sure a Response Is One of 0 Set of Given Values
Hacking the Script #29: Using Multiple Submit Buttons #30: Validating 0 Credit Card
Using the Script Hacking the Script
#31: Double-Checking a Credit Card's Expiration Date Using the Script
#32: Checking Valid Email Addresses #33: Checking American Phone Numbers
5 WORKING WITH TEXT AND HTML
#34: Extraeting Part of 0 String Hacking the Script
#35: Making 0 String Uppercase, Lowercase, or Capitalized What Can Go Wrong?
#36: Finding Substrings What Can Go Wrong?
#37: Replacing Substrings What Can Go Wrong?
#38: Finding and Fixing Misspelled Words with pspell Working with the Default Dictionary Adding 0 Custom Dictionary to pspell What Can Go Wrong?
33 35 35 37 38 39 40 41 41 43 43 44
45 45 46
47 47 48 51 51 52 52 54 55 55 56 56 57
59
59 61 62 62 63 64 64 65 65 66 68 69
TI lh
#39: Regular Expre Regular EJ Special Cl Pattern Rel Grouping Character Putting It P Matching Replacing
#40: Rearranging e #41 : Creating a Sc
Hacking t~
#42: Converting PIe #43: Automatically #44: Stripping HTfv
6 WORKING W
How Unix Time Wo #45: Getting the Cl #46: Getting the Tir
Creating T Creating T
#47: Formatting Da #48: Calculating tho #49: Finding the Di
Using the ~
Hacking th MySQL Date Forma
7 WORKING W File Permissions .....
Permission fhe Comm What Can
#50: Placing 0 File' Hacking th What Can
#51 : Creating and: #52: Checking to $, #53: Deleting Files #54: Uploading Ime
Using the ~
What Can Hacking th
#55: Reading 0 COI
vii COrilenla in Deloll
33 .. 35
35 37 38 39
... 40 ........ 41 •...... 41 ......... 43 ........ 43 ......... 44
4S ......... 45 ........ 46 ......... 47 ......... 47 ......... 47 ........ 48 ......... 51 ......... 51 ........ 52 ......... 52 ......... 54 ......... 55 ........ 55 .......... 56 ......... 56 ......... 57
S9 .......... 59 .......... 61 ......... 62 .......... 62 ........ 63 .......... 64 .......... 64 .......... 65 .......... 65 .......... 66 .......... 68 .......... 69
#39: Regular Expressions : 69 Regular Expression Basics 69 Special Character Sequences 70 Pattern Repeaters 71 Grouping 71 Character Classes ...71 Putting It All Together 72 Matching and Extracting with Regular Expressions 72 Replacing Substrings with Regular Expressions 74
#40: Rearranging 0 Table 75 #41: Creating 0 Screen Scraper 75
Hacking the Script 77 #42: Converting Plaintext into HTMl-Ready Markup 77 #43: Automatically Hyperlinking URls 80 #44: Stripping HTMl Tags from Strings 80
6 WORKING WITH DATES 81 How Unix Time Works 81 #45: Getting the Current Timestamp 82 #46: Getting the Timestamp of 0 Date in the Post or Future 83
Creating Timestamps from 0 String 83 Creating Timestamps from Date Values 84
#47: Formatting Dates and Times 85 #48: Calculating the Day of the Week from 0 Given Date 88 #49: Finding the Difference Between Two Dates 88
Using the Script 89 Hacking the Script 90
MySQl Date Formats 90
7 WORKING WITH FILES 91
File Permissions 91 Permissions with an FTP Program 92 The Command line 93 What Can Go Wrong? 93
#50: Placing 0 File's Contents into 0 Variable 93 Hacking the Script 95 What Can Go Wrang? 95
#51: Creating and Writing to 0 File 96 #52: Checking to See If 0 File Exists 96 #53: Deleting Files 97 #54: Uploading Images to 0 Directory 97
Using the Script 101 What Can Go Wrong? 101 Hacking the Script 101
#55: Reading 0 Comma-Separated File 101
Conlenls In Oeloil ix
:Pf -';I
(
8 USER AND SESSION TRACKING 103 Using Cookies and Sessions to Track User Data 104
Cookies 104 Sessions 104
#56: Creating a "Welcome Back, Username!" Message with Cookies 105 What Can Go Wrang?
#57: Using Sessions to Temporarily Store Data What Can Go Wrong?
#58: Checking to See If a User's Browser Accepts Cookies #59: Redireeting Users to Different Pages #60: Forcing a User to Use SSl-Encrypted Pages #61 : Extracting Clien! Information #62: Session Timeouts #63: A Simple login System
9 WORKING WITH EMAIL
#64: Using PHPMaiier to Send Maii Installing PHPMaiier Using the Script Adding Attachments What Can Go Wrong?
#65: Using Email to Verify User Accounts
10 WORKING WITH IMAGES
#66: Creating a CAPTCHA (Security) Image #67: Creating Thumbnaillmages
1 1
106 107 109 109 110 111 111 115 116
119 120 120 121 122 123 124
129
129 136
USING cURL TO INTERACT WITH WEB SERVICES 141
#68: Connecting to Other Websites 142 #69: Using Cookies 144 #70: Transforming XMl into a Usable Form 144 #71: Using Mapping Web Services 146 #72: Using PHP and SOAP to Request Data from Amazon.com 149 #73: Building a Web Service 151
X Coole"".o D"'oll
12 INTERMEDIAT
#74: A User Poil ... Creating a Processing Getting Pol Hacking th,
#75: Electronic Grel Choosing ( Sending th, Viewing th, Hacking th.
#76: A Blogging Sy Creating BI Displaying Adding Co Creating a Hacking th,
APPENDIX
INDEX
103 ....... 104 ....... 104 ....... 104
... 105 ....... 106 ....... 107 ....... 109 ....... 109 ....... 110 ....... 111 ....... 111 ....... 115 ....... 116
119 ... 120
....... 120
....... 121
...... 122
....... 123
....... 124
129 ....... 129 ....... 136
141
....... 142 ........ 144 ...... 144 ....... 146 ....... 149 ....... 151
12 INTERMEDIATE PROJECTS
#74: A User Poil Creating a Ballot Form Processing the Ballot GeHing Poil Results Hacking the Script
#75: Electronic Greeting Cords Choosing a Cord Sending the Cord .. Viewing the Cord Hacking the Script
#76: A Blogging System Creating Blog Entries Displaying an Entry Adding Comments Creating a Blog Index Hacking the Script
APPENDIX
INDEX
155
156 157 159 160 162 162
.. 164 165 169 171 171 172 174 178 178
. 181
183
185
COl'lIltnl.\ H 0 10,1 xi