by Janet Valade PHP & MySQL ® Everyday Apps FOR DUMmIES ‰ 01_575872 ffirs.qxd 5/27/05 6:16 PM Page iii PHP & MySQL ® Everyday Apps For Dummies ® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. MySQL is a registered trade- mark of MySQL AB Limited Company. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REP- RESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CON- TENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CRE- ATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CON- TAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FUR- THER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFOR- MATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. For general information on our other products and services, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit www.wiley.com/techsupport. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Control Number: 2005923782 ISBN-13: 978-0-7645-7587-7 ISBN-10: 0-7645-7587-2 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1O/SQ/QW/QV/IN 01_575872 ffirs.qxd 5/27/05 6:16 PM Page iv About the Author Janet Valade has 20 years of experience in the computing field. Her back- ground includes work as a technical writer for several companies, as a Web designer/programmer for an engineering firm, and as a systems analyst in a university environment where, for over ten years, she supervised the installa- tion and operation of computing resources, designed and developed a state- wide data archive, provided technical support to faculty and staff, wrote numerous technical papers and documentation, and designed and presented seminars and workshops on a variety of technology topics. Janet currently has two published books: PHP & MySQL For Dummies, 2nd Edition, and PHP 5 For Dummies. In addition, she has authored chapters for several Linux and Web development books. 01_575872 ffirs.qxd 5/27/05 6:16 PM Page v Dedication This book is dedicated to anyone who finds it useful. Author’s Acknowledgments I wish to express my appreciation to the entire Open Source community. Without those people who give their time and talent, there would be no cool PHP for me to write about. Furthermore, I never would have learned this soft- ware without the PHP lists where people generously spend their time answer- ing foolish questions from beginners. Many ideas have come from reading questions and answers on the lists. I want to thank my mother for passing on a writing gene and a good work ethic. Anything I accomplish has its roots in my beginnings. And, of course, thank you to my children who manage to remain close, though far away, and nourish my spirit. And, of course, I want to thank the professionals who made it all possible. Without my agent, my editors, and all the other people at Wiley, this book would not exist. Because they all do their jobs so well, I can contribute my part to this joint project. 01_575872 ffirs.qxd 5/27/05 6:16 PM Page vii Publisher’s Acknowledgments We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/. Some of the people who helped bring this book to market include the following: Acquisitions, Editorial, and Media Development Project Editor: Nicole Sholly Acquisitions Editor: Terri Varveris Copy Editor: Virginia Sanders Technical Editor: Craig Lukasik Editorial Manager: Kevin Kirschner Permissions Editor: Laura Moss Media Development Specialist: Travis Silvers Media Development Manager: Laura VanWinkle Media Development Supervisor: Richard Graves Editorial Assistant: Amanda Foxworth Cartoons: Rich Tennant, www.the5thwave.com Composition Services Project Coordinator: Nancee Reeves Layout and Graphics: Andrea Dahl, Joyce Haughey, Clint Lahnen, Barry Offringa, Lynsey Osborn, Melanee Prendergast, Heather Ryan Proofreaders: Leeann Harney, Jessica Kramer, Carl William Pierce, TECHBOOKS Production Services Indexer: TECHBOOKS Production Services Special Help: Kim Darosett, Andy Hollandbeck Publishing and Editorial for Technology Dummies Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher Mary Bednarek, Executive Acquisitions Director Mary C. Corder, Editorial Director Publishing for Consumer Dummies Diane Graves Steele, Vice President and Publisher Joyce Pepple, Acquisitions Director Composition Services Gerry Fahey, Vice President of Production Services Debbie Stailey, Director of Composition Services 01_575872 ffirs.qxd 5/27/05 6:16 PM Page viii Contents at a Glance Introduction 1 Part I: Introducing Application Development 7 Chapter 1: Building Your Application 9 Chapter 2: Building in Application Security 23 Part II: Building a User Authentication Application 43 Chapter 3: User Authentication with HTTP 45 Chapter 4: User Login Application 77 Part III: Building Online Sales Applications 129 Chapter 5: Online Catalog Application 131 Chapter 6: Shopping Cart Application 159 Part IV: Building Other Useful Applications 233 Chapter 7: Building a Content Management System 235 Chapter 8: Hosting Discussions with a Web Forum 309 Part V: The Part of Tens 373 Chapter 9: Ten Hints for Application Development 375 Chapter 10: Ten Sources of PHP Code 379 Part VI: Appendixes 383 Appendix A: Introducing Object-Oriented Programming 385 Appendix B: Object-Oriented Programming with PHP 391 Appendix C: The MySQL and MySQL Improved Extensions 407 Appendix D: About the CD 411 Index 417 02_575872 ftoc.qxd 5/27/05 6:35 PM Page ix Table of Contents Introduction 1 About This Book 1 Conventions Used in This Book 1 Foolish Assumptions 2 How This Book Is Organized 3 Part I: Introducing Application Development 3 Part II: Building a User Authentication Application 4 Part III: Building Online Sales Applications 4 Part IV: Building Other Useful Applications 4 Part V: The Part of Tens 4 Part VI: Appendixes 4 About the CD 5 Icons Used in This Book 5 Where to Go from Here 5 Part I: Introducing Application Development 7 Chapter 1: Building Your Application . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Understanding PHP and MySQL Versions 10 MySQL 11 PHP 11 PHP and MySQL together 12 Using the Application Source Code 13 Choosing a location 13 Understanding the PHP code 14 Procedural versus object-oriented programs 15 Modifying the Source Code 16 Programming editors 17 Integrated Development Environment (IDE) 18 Planning Your Application 19 Planning the software 20 Additional planning 20 Chapter 2: Building in Application Security . . . . . . . . . . . . . . . . . . . . .23 Understanding Security Risks 24 Building Security into Your PHP Scripts 24 Don’t trust any information from an outside source 25 Storing information 30 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xi Using system calls 31 Handling errors 32 MySQL Security 33 Setting up accounts and passwords 33 Accessing MySQL from PHP scripts 37 Understanding SQL injection attacks 38 Backing up your databases 40 Using a Secure Web Server 41 Part II: Building a User Authentication Application 43 Chapter 3: User Authentication with HTTP . . . . . . . . . . . . . . . . . . . . . .45 Understanding HTTP Authentication 46 Understanding how the WWW works 46 Requesting a password-protected file 47 Authorizing access 48 Using HTTP Authentication with Apache 49 Configuring Apache 49 Creating the .htaccess file 50 Creating the password file 51 Apache HTTP authentication in action 52 Designing an HTTP Authentication Application in PHP 52 Creating a User Database 54 Designing the user database 54 Creating the user database 55 Accessing the user database 55 Building the Authentication Application in PHP: The Procedural Approach 56 Building the Authentication Application in PHP: The Object-Oriented Approach 60 Developing the objects 60 Writing the PasswordPrompter class 61 Writing the Database class 62 Writing the Account class 66 Writing the WebPage class 71 Writing the Auth-OO script 73 Chapter 4: User Login Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Designing the Login Application 78 Creating the User Database 78 Designing the database 79 Building the database 80 Accessing the database 81 Adding data to the database 81 PHP & MySQL Everyday Apps For Dummies xii 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xii Building the Login Web Page 82 Designing the login Web page 82 Writing the code for the login page 83 Displaying the login Web page 91 Building the Login Application: The Procedural Approach 91 Writing the application script 92 Protecting your Web pages 100 Building the Login Application: The Object-Oriented Approach 101 Developing the objects 101 Writing the WebForm class 102 Writing the Database class 110 Writing the Account class 111 Writing the Session class 114 Writing the Email class 117 Writing the login application script 119 Protecting your Web pages 126 Adding Features to the Application 126 Part III: Building Online Sales Applications 129 Chapter 5: Online Catalog Application . . . . . . . . . . . . . . . . . . . . . . . . .131 Designing the Online Catalog Application 131 Creating the Catalog Database 132 Designing the Catalog database 132 Building the Catalog database 134 Accessing the food database 134 Adding data to the database 135 Building the Catalog Web Pages 135 Designing the catalog Web pages 136 Writing the code for the index page 138 Writing the code for the products page 140 Displaying the catalog Web pages 145 Building the Online Catalog Application: Procedural Approach 145 Building the Online Catalog Application: The Object-Oriented Approach 149 Developing the Objects 149 Writing the Catalog class 150 Writing the catalog application script 155 Growing the Catalog class 157 Chapter 6: Shopping Cart Application . . . . . . . . . . . . . . . . . . . . . . . . .159 Designing the Shopping Cart Application 159 Basic application design decisions 159 Application functionality design 161 xiii Table of Contents 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xiii Creating the Shopping Cart Database 162 Designing the shopping cart database 162 Building the shopping cart database 164 Accessing the shopping cart database 165 Adding data to the shopping cart database 165 Building the Shopping Cart Web Pages 166 Designing the shopping cart Web pages 166 Writing the code for the product information page 171 Writing the code for the shopping cart Web page 175 Writing the code for the shipping information form 182 Writing the code for the summary page 187 Building the Shopping Cart Application: The Procedural Approach 193 Writing ShopCatalog.php 193 Writing ShoppingCart.php 197 Writing ProcessOrder.php 200 Building the Shopping Cart Application: The Object-Oriented Approach 207 Developing the objects 207 Writing the Catalog class 208 Writing the Item class 210 Writing the ShoppingCart class 212 Writing the Database class 215 Writing the Order class 216 Writing the WebForm class 221 Writing the WebPage class 222 Writing the Email Class 223 Writing the shopping cart application script 223 Adding Features to the Application 231 Part IV: Building Other Useful Applications 233 Chapter 7: Building a Content Management System . . . . . . . . . . . . .235 Designing the CMS Application 235 Creating the CMS Database 236 Designing the CMS database 237 Building the CMS database 240 Accessing the CMS database 243 Designing the CMS Web Pages 243 Building the CMS Application: Procedural Approach 246 Writing the login code 246 Writing CompanyHome.php, a data retrieval file 253 Writing company.inc, the main HTML display file 262 Writing the content detail code 265 Writing Admin.php, the data manipulation code 269 PHP & MySQL Everyday Apps For Dummies xiv 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xiv [...]... Troubleshooting 414 Index 417 xvii xviii PHP & MySQL Everyday Apps For Dummies Introduction B ecause you’re looking at a book called PHP & MySQL Everyday Apps For Dummies, I assume you want to build a Web application with the PHP scripting language and a MySQL backend database If you need to build a dynamic Web application for a specific purpose, you’re in the right place You will... either PHP 4 or PHP 5, with the exception of the MySQL function calls See the following section, PHP and MySQL together,” for further information on the MySQL function calls The object-oriented programs in this book run only with PHP 5 PHP and MySQL together PHP interacts with MySQL by using built-in functions Currently, PHP provides two sets of functions for use when accessing MySQL databases: the MySQL. .. the MySQL Improved extension The MySQL Improved extension was made available with PHP 5 for use with MySQL 4.1 When you install PHP, you activate either the MySQL or the MySQL Improved extension PHP 4 activates MySQL automatically during installation You don’t need to activate it yourself PHP 4 activates the MySQL extension The MySQL Improved extension isn’t available with PHP 4 You can use the MySQL. .. 4.1 However, the functions used in PHP might or might not run correctly See the following section for information on PHP versions PHP Currently, PHP is maintaining two versions: PHP 4 and PHP 5 The current versions are PHP 4.3.11 and PHP 5.0.4 PHP 5 is a major change from PHP 4 Enhancing object-oriented programming features was an important goal in the development of PHP 5 The creation and use of objects... extension with MySQL 4.1; you just can’t use some of the new version 4.1 features PHP 5 doesn’t activate MySQL automatically You need to enable MySQL support yourself either by using the installation option — with -mysql or with-mysqli — on Linux/Mac or by uncommenting one of the following lines in php. ini: ;extension =php_ mysql. dll ;extension =php_ mysqli.dll In general, it’s best to use mysql with MySQL version... available for Windows only It’s an IDE for Apache, PHP, and MySQL on Windows and comes in two versions at different costs: Maguma Studio Desktop and Maguma Studio Enterprise, which offers features for huge sites with multiple servers Maguma Studio for PHP is a free version with support for PHP only www.maguma.com ߜ PHPEdit: This free IDE is available only for Windows www.phpedit.net/products/PHPEdit... possible Consequently, you need to be aware of versions and keep informed about PHP and MySQL versions, changes, and problems Chapter 1: Building Your Application MySQL Currently, MySQL offers three versions: MySQL 4.0, MySQL 4.1, and MySQL 5.0 At this time, MySQL 5.0 is a developmental version, not recommended for production uses It’s fine for testing or experimenting, but if you have a Web site that... features of PHP for people who know PHP, but are unfamiliar with the concepts and terminology of object-oriented programming Appendix B describes the syntax of PHP object-oriented features for those who are familiar with object-oriented Introduction programming in another language Appendix C provides information on PHP functions used to interact with MySQL It provides tables for converting from mysql functions... object-oriented programming 5 6 PHP & MySQL Everyday Apps For Dummies If you modify an application for use on your own Web site or build your own application by using the book applications as a pattern, you need to consider security issues Security is a major issue for Web applications Chapter 2 explains the security issues and describes how to write secure programs in PHP Part I Introducing Application... Post class .355 Writing the Database class .357 Writing the WebForm class 358 Writing the Forum application scripts 359 Writing the supporting functions 368 Possible Enhancements .371 xv xvi PHP & MySQL Everyday Apps For Dummies Part V: The Part of Tens 373 Chapter 9: Ten Hints for Application Development 375 Plan First 375 Be Consistent . by Janet Valade PHP & MySQL ® Everyday Apps FOR DUMmIES ‰ 01_575872 ffirs.qxd 5/27/05 6:16 PM Page iii PHP & MySQL ® Everyday Apps For Dummies ® Published by Wiley Publishing,. useful PHP and MySQL information 413 A bonus chapter 414 Troubleshooting 414 Index 417 xvii Table of Contents 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xvii PHP & MySQL Everyday Apps For Dummies. topics. Janet currently has two published books: PHP & MySQL For Dummies, 2nd Edition, and PHP 5 For Dummies. In addition, she has authored chapters for several Linux and Web development books.