CONTENTS xi Web Database Architecture 180 Architecture 180 Further Reading 182 Next 182 8 Creating Your Web Database 183 A Note on Using the MySQL Monitor 185 How to Log In to MySQL 185 Creating Databases and Users 187 Creating the Database 187 Users and Privileges 187 Introduction to MySQL’s Privilege System 188 Principle of Least Privilege 188 Setting Up Users: The GRANT Command 188 Types and Levels of Privilege 190 The REVOKE Command 192 Examples Using GRANT and REVOKE 192 Setting Up a User for the Web 193 Logging Out As root 193 Using the Right Database 193 Creating Database Tables 194 What the Other Keywords Mean 196 Understanding the Column Types 196 Looking at the Database with SHOW and DESCRIBE 198 MySQL Identifiers 199 Column Data Types 200 Numeric Types 201 Further Reading 206 Next 206 9 Working with Your MySQL Database 207 What Is SQL? 208 Inserting Data into the Database 209 Retrieving Data from the Database 211 Retrieving Data with Specific Criteria 212 Retrieving Data from Multiple Tables 214 Retrieving Data in a Particular Order 219 Grouping and Aggregating Data 220 Choosing Which Rows to Return 222 Updating Records in the Database 223 Altering Tables After Creation 223 Deleting Records from the Database 225 Dropping Tables 226 00 7842 FM 3/6/01 3:38 PM Page xi PHP AND MYSQL WEB DEVELOPMENT Dropping a Whole Database 226 Further Reading 226 Next 226 10 Accessing Your MySQL Database from the Web with PHP 227 How Web Database Architectures Work 228 The Basic Steps in Querying a Database from the Web 232 Checking and Filtering Input Data 232 Setting Up a Connection 234 Choosing a Database to Use 235 Querying the Database 235 Retrieving the Query Results 236 Disconnecting from the Database 238 Putting New Information in the Database 238 Other Useful PHP-MySQL Functions 241 Freeing Up Resources 241 Creating and Deleting Databases 242 Other PHP-Database Interfaces 242 Further Reading 242 Next 243 11 Advanced MySQL 245 Understanding the Privilege System in Detail 246 The user Table 247 The db and host Tables 248 The tables_priv and columns_priv Tables 249 Access Control: How MySQL Uses the Grant Tables 250 Updating Privileges: When Do Changes Take Effect? 251 Making Your MySQL Database Secure 251 MySQL from the Operating System’s Point of View 252 Passwords 252 User Privileges 253 Web Issues 253 Getting More Information About Databases 254 Getting Information with SHOW 254 Getting Information About Columns with DESCRIBE 257 Understanding How Queries Work with EXPLAIN 257 Speeding Up Queries with Indexes 261 General Optimization Tips 261 Design Optimization 261 Permissions 261 xii 00 7842 FM 3/6/01 3:38 PM Page xii CONTENTS Table Optimization 262 Using Indexes 262 Use Default Values 262 Use Persistent Connections 262 Other Tips 262 Different Table Types 263 Loading Data from a File 263 Further Reading 264 Next 264 P ART III E-commerce and Security 265 12 Running an E-commerce Site 267 What Do You Want to Achieve? 268 Types of Commercial Web Sites 268 Online Brochures 269 Taking Orders for Goods or Services 271 Providing Services and Digital Goods 275 Adding Value to Goods or Services 276 Cutting Costs 276 Risks and Threats 277 Crackers 277 Failing to Attract Sufficient Business 278 Computer Hardware Failure 278 Power, Communication, Network, or Shipping Failures 278 Extensive Competition 278 Software Errors 279 Evolving Governmental Policies and Taxes 279 System Capacity Limits 279 Deciding on a Strategy 280 Next 280 13 E-commerce Security Issues 281 How Important Is Your Information? 282 Security Threats 283 Exposure of Confidential Data 283 Loss or Destruction of Data 285 Modification of Data 286 Denial of Service 287 Errors in Software 288 Repudiation 289 Balancing Usability, Performance, Cost, and Security 290 Creating a Security Policy 291 xiii 00 7842 FM 3/6/01 3:38 PM Page xiii PHP AND MYSQL WEB DEVELOPMENT Authentication Principles 291 Using Authentication 292 Encryption Basics 293 Private Key Encryption 294 Public Key Encryption 295 Digital Signatures 296 Digital Certificates 297 Secure Web Servers 298 Auditing and Logging 299 Firewalls 300 Backing Up Data 301 Backing Up General Files 301 Backing Up and Restoring Your MySQL Database 301 Physical Security 302 Next 302 14 Implementing Authentication with PHP and MySQL 303 Identifying Visitors 304 Implementing Access Control 305 Storing Passwords 308 Encrypting Passwords 310 Protecting Multiple Pages 312 Basic Authentication 312 Using Basic Authentication in PHP 314 Using Basic Authentication with Apache’s .htaccess Files 316 Using Basic Authentication with IIS 319 Using mod_auth_mysql Authentication 321 Installing mod_auth_mysql 322 Did It Work? 323 Using mod_auth_mysql 323 Creating Your Own Custom Authentication 324 Further Reading 324 Next 325 15 Implementing Secure Transactions with PHP and MySQL 327 Providing Secure Transactions 328 The User’s Machine 329 The Internet 330 Your System 331 Using Secure Sockets Layer (SSL) 332 Screening User Input 336 Providing Secure Storage 336 Why Are You Storing Credit Card Numbers? 338 xiv 00 7842 FM 3/6/01 3:38 PM Page xiv CONTENTS Using Encryption in PHP 338 Further Reading 347 Next 347 PART IV Advanced PHP Techniques 349 16 Interacting with the File System and the Server 351 Introduction to File Upload 352 HTML for File Upload 353 Writing the PHP to Deal with the File 354 Common Problems 358 Using Directory Functions 358 Reading from Directories 358 Getting Info About the Current Directory 360 Creating and Deleting Directories 360 Interacting with the File System 361 Get File Info 361 Changing File Properties 364 Creating, Deleting, and Moving Files 364 Using Program Execution Functions 365 Interacting with the Environment: getenv() and putenv() 367 Further Reading 368 Next 368 17 Using Network and Protocol Functions 369 Overview of Protocols 370 Sending and Reading Email 371 Using Other Web Services 371 Using Network Lookup Functions 374 Using FTP 378 Using FTP to Back Up or Mirror a File 378 Uploading Files 385 Avoiding Timeouts 385 Using Other FTP Functions 386 Generic Network Communications with cURL 387 Further Reading 389 Next 390 18 Managing the Date and Time 391 Getting the Date and Time from PHP 392 Using the date() Function 392 Dealing with UNIX Time Stamps 394 Using the getdate() Function 395 Validating Dates 396 xv 00 7842 FM 3/6/01 3:38 PM Page xv PHP AND MYSQL WEB DEVELOPMENT Converting Between PHP and MySQL Date Formats 396 Date Calculations 398 Using the Calendar Functions 399 Further Reading 400 Next 400 19 Generating Images 401 Setting Up Image Support in PHP 402 Image Formats 403 JPEG 403 PNG 403 WBMP 403 GIF 404 Creating Images 404 Creating a Canvas Image 405 Drawing or Printing Text onto the Image 406 Outputting the Final Graphic 408 Cleaning Up 410 Using Automatically Generated Images in Other Pages 410 Using Text and Fonts to Create Images 410 Setting Up the Base Canvas 414 Fitting the Text onto the Button 415 Positioning the Text 418 Writing the Text onto the Button 419 Finishing Up 419 Drawing Figures and Graphing Data 419 Other Image Functions 428 Further Reading 428 Next 428 20 Using Session Control in PHP 429 What Session Control Is 430 Basic Session Functionality 430 What Is a Cookie? 431 Setting Cookies from PHP 431 Using Cookies with Sessions 432 Storing the Session ID 432 Implementing Simple Sessions 433 Starting a Session 433 Registering Session Variables 433 Using Session Variables 434 Deregistering Variables and Destroying the Session 434 xvi 00 7842 FM 3/6/01 3:38 PM Page xvi CONTENTS Simple Session Example 435 Configuring Session Control 437 Implementing Authentication with Session Control 438 Further Reading 445 Next 445 21 Other Useful Features 447 Using Magic Quotes 448 Evaluating Strings: eval() 449 Terminating Execution: die and exit 450 Serialization 450 Getting Information About the PHP Environment 451 Finding Out What Extensions Are Loaded 451 Identifying the Script Owner 452 Finding Out When the Script Was Modified 452 Loading Extensions Dynamically 453 Temporarily Altering the Runtime Environment 453 Source Highlighting 454 Next 455 PART V Building Practical PHP and MySQL Projects 457 22 Using PHP and MySQL for Large Projects 459 Applying Software Engineering to Web Development 460 Planning and Running a Web Application Project 461 Reusing Code 462 Writing Maintainable Code 463 Coding Standards 463 Breaking Up Code 466 Using a Standard Directory Structure 467 Documenting and Sharing In-House Functions 467 Implementing Version Control 467 Choosing a Development Environment 469 Documenting Your Projects 470 Prototyping 471 Separating Logic and Content 471 Optimizing Code 472 Using Simple Optimizations 472 Using Zend Products 473 Testing 474 Further Reading 475 Next 475 xvii 00 7842 FM 3/6/01 3:38 PM Page xvii PHP AND MYSQL WEB DEVELOPMENT 23 Debugging 477 Programming Errors 478 Syntax Errors 478 Runtime Errors 480 Logic Errors 485 Variable Debugging Aid 486 Error Reporting Levels 489 Altering the Error Reporting Settings 490 Triggering Your Own Errors 492 Handling Errors Gracefully 492 Remote Debugging 494 Next 495 24 Building User Authentication and Personalization 497 The Problem 498 Solution Components 499 User Identification and Personalization 499 Storing Bookmarks 500 Recommending Bookmarks 500 Solution Overview 500 Implementing the Database 502 Implementing the Basic Site 504 Implementing User Authentication 506 Registering 507 Logging In 513 Logging Out 517 Changing Passwords 518 Resetting Forgotten Passwords 521 Implementing Bookmark Storage and Retrieval 526 Adding Bookmarks 526 Displaying Bookmarks 529 Deleting Bookmarks 530 Implementing Recommendations 532 Wrapping Up and Possible Extensions 537 Next 537 25 Building a Shopping Cart 539 The Problem 540 Solution Components 540 Building an Online Catalog 540 Tracking a User’s Purchases While She Shops 541 Payment 541 Administration Interface 542 xviii 00 7842 FM 3/6/01 3:38 PM Page xviii CONTENTS Solution Overview 542 Implementing the Database 546 Implementing the Online Catalog 548 Listing Categories 551 Listing Books in a Category 553 Showing Book Details 555 Implementing the Shopping Cart 556 Using the show_cart.php Script 557 Viewing the Cart 560 Adding Items to the Cart 563 Saving the Updated Cart 565 Printing a Header Bar Summary 566 Checking Out 566 Implementing Payment 572 Implementing an Administration Interface 575 Extending the Project 584 Using an Existing System 584 Next 585 26 Building a Content Management System 587 The Problem 588 Solution Requirements 588 Editing Content 589 Getting Content into the System 589 Databases Versus File Storage 591 Document Structure 592 Using Metadata 592 Formatting the Output 593 Image Manipulation 594 Solution Design/Overview 596 Designing the Database 598 Implementation 599 Front End 599 Back End 603 Searching 611 Editor Screen 614 Extending the Project 615 27 Building a Web-Based Email Service 617 The Problem 618 Solution Components 619 Solution Overview 620 Setting Up the Database 622 xix 00 7842 FM 3/6/01 3:38 PM Page xix PHP AND MYSQL WEB DEVELOPMENT Script Architecture 623 Logging In and Out 629 Setting Up Accounts 632 Creating a New Account 634 Modifying an Existing Account 636 Deleting an Account 636 Reading Mail 637 Selecting an Account 637 Viewing Mailbox Contents 640 Reading a Mail Message 643 Viewing Message Headers 647 Deleting Mail 648 Sending Mail 649 Sending a New Message 649 Replying To or Forwarding Mail 651 Extending the Project 652 Next 653 28 Building a Mailing List Manager 655 The Problem 656 Solution Components 657 Setting Up a Database of Lists and Subscribers 657 File Upload 657 Sending Mail with Attachments 658 Solution Overview 658 Setting Up the Database 660 Script Architecture 663 Implementing Login 672 Creating a New Account 673 Logging In 675 Implementing User Functions 678 Viewing Lists 679 Viewing List Information 684 Viewing List Archives 686 Subscribing and Unsubscribing 687 Changing Account Settings 689 Changing Passwords 689 Logging Out 692 Implementing Administrative Functions 693 Creating a New List 693 Uploading a New Newsletter 695 Handling Multiple File Upload 698 xx 00 7842 FM 3/6/01 3:38 PM Page xx . Tables 22 6 00 78 42 FM 3/6/01 3:38 PM Page xi PHP AND MYSQL WEB DEVELOPMENT Dropping a Whole Database 22 6 Further Reading 22 6 Next 22 6 10 Accessing Your MySQL Database from the Web with PHP 22 7 How. 454 Next 455 PART V Building Practical PHP and MySQL Projects 457 22 Using PHP and MySQL for Large Projects 459 Applying Software Engineering to Web Development 460 Planning and Running a Web Application. xii CONTENTS Table Optimization 26 2 Using Indexes 26 2 Use Default Values 26 2 Use Persistent Connections 26 2 Other Tips 26 2 Different Table Types 26 3 Loading Data from a File 26 3 Further Reading 26 4 Next 26 4 P ART