Table Of Content01_575872 ffirs.qxd 5/27/05 6:16 PM Page iii
PHP & MySQL®
Everyday Apps
FOR
DUMmIES
‰
by Janet Valade
01_575872 ffirs.qxd 5/27/05 6:16 PM Page iv
PHP & MySQL®Everyday Apps For Dummies®
Published by
Wiley Publishing, Inc.
111 River Street
Hoboken, NJ 07030-5774
www.wiley.com
Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana
Published by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or
by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit-
ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written
permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the
Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600.
Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing,
Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at
http://www.wiley.com/go/permissions.
Trademarks:Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the
Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade
dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United
States and other countries, and may not be used without written permission. MySQL is a registered trade-
mark of MySQL AB Limited Company. All other trademarks are the property of their respective owners.
Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REP-
RESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CON-
TENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT
LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CRE-
ATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CON-
TAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE
UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR
OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A
COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE
AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION
OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FUR-
THER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFOR-
MATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE.
FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE
CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.
For general information on our other products and services, please contact our Customer Care
Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.
For technical support, please visit www.wiley.com/techsupport.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may
not be available in electronic books.
Library of Congress Control Number: 2005923782
ISBN-13: 978-0-7645-7587-7
ISBN-10: 0-7645-7587-2
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
1O/SQ/QW/QV/IN
01_575872 ffirs.qxd 5/27/05 6:16 PM Page v
About the Author
Janet Valade has 20 years of experience in the computing field. Her back-
ground includes work as a technical writer for several companies, as a Web
designer/programmer for an engineering firm, and as a systems analyst in a
university environment where, for over ten years, she supervised the installa-
tion and operation of computing resources, designed and developed a state-
wide data archive, provided technical support to faculty and staff, wrote
numerous technical papers and documentation, and designed and presented
seminars and workshops on a variety of technology topics.
Janet currently has two published books: PHP & MySQL For Dummies,2nd
Edition, and PHP 5 For Dummies.In addition, she has authored chapters for
several Linux and Web development books.
01_575872 ffirs.qxd 5/27/05 6:16 PM Page vii
Dedication
This book is dedicated to anyone who finds it useful.
Author’s Acknowledgments
I wish to express my appreciation to the entire Open Source community.
Without those people who give their time and talent, there would be no cool
PHP for me to write about. Furthermore, I never would have learned this soft-
ware without the PHP lists where people generously spend their time answer-
ing foolish questions from beginners. Many ideas have come from reading
questions and answers on the lists.
I want to thank my mother for passing on a writing gene and a good work
ethic. Anything I accomplish has its roots in my beginnings. And, of course,
thank you to my children who manage to remain close, though far away, and
nourish my spirit.
And, of course, I want to thank the professionals who made it all possible.
Without my agent, my editors, and all the other people at Wiley, this book
would not exist. Because they all do their jobs so well, I can contribute my
part to this joint project.
01_575872 ffirs.qxd 5/27/05 6:16 PM Page viii
Publisher’s Acknowledgments
We’re proud of this book; please send us your comments through our online registration form
located at www.dummies.com/register/.
Some of the people who helped bring this book to market include the following:
Acquisitions, Editorial, Composition Services
and Media Development
Project Coordinator: Nancee Reeves
Project Editor:Nicole Sholly
Layout and Graphics: Andrea Dahl,
Acquisitions Editor:Terri Varveris Joyce Haughey, Clint Lahnen,
Barry Offringa, Lynsey Osborn,
Copy Editor:Virginia Sanders
Melanee Prendergast, Heather Ryan
Technical Editor:Craig Lukasik
Proofreaders: Leeann Harney, Jessica Kramer,
Editorial Manager:Kevin Kirschner Carl William Pierce, TECHBOOKS
Permissions Editor:Laura Moss Production Services
Media Development Specialist:Travis Silvers Indexer: TECHBOOKS Production Services
Media Development Manager: Special Help: Kim Darosett, Andy Hollandbeck
Laura VanWinkle
Media Development Supervisor:
Richard Graves
Editorial Assistant:Amanda Foxworth
Cartoons:Rich Tennant, www.the5thwave.com
Publishing and Editorial for Technology Dummies
Richard Swadley,Vice President and Executive Group Publisher
Andy Cummings,Vice President and Publisher
Mary Bednarek,Executive Acquisitions Director
Mary C. Corder,Editorial Director
Publishing for Consumer Dummies
Diane Graves Steele,Vice President and Publisher
Joyce Pepple,Acquisitions Director
Composition Services
Gerry Fahey,Vice President of Production Services
Debbie Stailey,Director of Composition Services
02_575872 ftoc.qxd 5/27/05 6:35 PM Page ix
Contents at a Glance
Introduction.................................................................1
Part I: Introducing Application Development .................7
Chapter 1: Building Your Application .............................................................................9
Chapter 2: Building in Application Security .................................................................23
Part II: Building a User Authentication Application .....43
Chapter 3: User Authentication with HTTP .................................................................45
Chapter 4: User Login Application ................................................................................77
Part III: Building Online Sales Applications ...............129
Chapter 5: Online Catalog Application .......................................................................131
Chapter 6: Shopping Cart Application ........................................................................159
Part IV: Building Other Useful Applications ...............233
Chapter 7: Building a Content Management System .................................................235
Chapter 8: Hosting Discussions with a Web Forum ..................................................309
Part V: The Part of Tens ...........................................373
Chapter 9: Ten Hints for Application Development ..................................................375
Chapter 10: Ten Sources of PHP Code ........................................................................379
Part VI: Appendixes .................................................383
Appendix A: Introducing Object-Oriented Programming .........................................385
Appendix B: Object-Oriented Programming with PHP .............................................391
Appendix C:The MySQL and MySQL Improved Extensions ....................................407
Appendix D: About the CD ...........................................................................................411
Index.......................................................................417
02_575872 ftoc.qxd 5/27/05 6:35 PM Page xi
Table of Contents
Introduction..................................................................1
About This Book ..............................................................................................1
Conventions Used in This Book ....................................................................1
Foolish Assumptions ......................................................................................2
How This Book Is Organized ..........................................................................3
Part I: Introducing Application Development ....................................3
Part II: Building a User Authentication Application ..........................4
Part III: Building Online Sales Applications ........................................4
Part IV: Building Other Useful Applications .......................................4
Part V: The Part of Tens ........................................................................4
Part VI: Appendixes ...............................................................................4
About the CD ..........................................................................................5
Icons Used in This Book .................................................................................5
Where to Go from Here ...................................................................................5
Part I: Introducing Application Development ..................7
Chapter 1: Building Your Application . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Understanding PHP and MySQL Versions ..................................................10
MySQL ...................................................................................................11
PHP ........................................................................................................11
PHP and MySQL together ...................................................................12
Using the Application Source Code ............................................................13
Choosing a location .............................................................................13
Understanding the PHP code .............................................................14
Procedural versus object-oriented programs ..................................15
Modifying the Source Code ..........................................................................16
Programming editors ..........................................................................17
Integrated Development Environment (IDE) ...................................18
Planning Your Application ...........................................................................19
Planning the software .........................................................................20
Additional planning .............................................................................20
Chapter 2: Building in Application Security . . . . . . . . . . . . . . . . . . . . .23
Understanding Security Risks .....................................................................24
Building Security into Your PHP Scripts ....................................................24
Don’t trust any information from an outside source ......................25
Storing information .............................................................................30
02_575872 ftoc.qxd 5/27/05 6:35 PM Page xii
xii
PHP & MySQL Everyday Apps For Dummies
Using system calls ...............................................................................31
Handling errors ....................................................................................32
MySQL Security .............................................................................................33
Setting up accounts and passwords .................................................33
Accessing MySQL from PHP scripts ..................................................37
Understanding SQL injection attacks ...............................................38
Backing up your databases ................................................................40
Using a Secure Web Server ..........................................................................41
Part II: Building a User Authentication Application ......43
Chapter 3: User Authentication with HTTP . . . . . . . . . . . . . . . . . . . . . .45
Understanding HTTP Authentication .........................................................46
Understanding how the WWW works ...............................................46
Requesting a password-protected file ..............................................47
Authorizing access ..............................................................................48
Using HTTP Authentication with Apache ..................................................49
Configuring Apache .............................................................................49
Creating the .htaccess file ..................................................................50
Creating the password file ..................................................................51
Apache HTTP authentication in action ............................................52
Designing an HTTP Authentication Application in PHP ...........................52
Creating a User Database .............................................................................54
Designing the user database ..............................................................54
Creating the user database ................................................................55
Accessing the user database .............................................................55
Building the Authentication Application in PHP:
The Procedural Approach ........................................................................56
Building the Authentication Application in PHP:
The Object-Oriented Approach ...............................................................60
Developing the objects .......................................................................60
Writing the PasswordPrompter class ...............................................61
Writing the Database class .................................................................62
Writing the Account class ..................................................................66
Writing the WebPage class .................................................................71
Writing the Auth-OO script ................................................................73
Chapter 4: User Login Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Designing the Login Application .................................................................78
Creating the User Database .........................................................................78
Designing the database .......................................................................79
Building the database .........................................................................80
Accessing the database ......................................................................81
Adding data to the database ..............................................................81
02_575872 ftoc.qxd 5/27/05 6:35 PM Page xiii
xiii
Table of Contents
Building the Login Web Page .......................................................................82
Designing the login Web page ............................................................82
Writing the code for the login page ...................................................83
Displaying the login Web page ...........................................................91
Building the Login Application: The Procedural Approach .....................91
Writing the application script ............................................................92
Protecting your Web pages ..............................................................100
Building the Login Application: The Object-Oriented Approach ..........101
Developing the objects .....................................................................101
Writing the WebForm class ..............................................................102
Writing the Database class ...............................................................110
Writing the Account class ................................................................111
Writing the Session class ..................................................................114
Writing the Email class .....................................................................117
Writing the login application script ................................................119
Protecting your Web pages ..............................................................126
Adding Features to the Application ..........................................................126
Part III: Building Online Sales Applications ...............129
Chapter 5: Online Catalog Application . . . . . . . . . . . . . . . . . . . . . . . . .131
Designing the Online Catalog Application ...............................................131
Creating the Catalog Database ..................................................................132
Designing the Catalog database ......................................................132
Building the Catalog database .........................................................134
Accessing the food database ...........................................................134
Adding data to the database ............................................................135
Building the Catalog Web Pages ................................................................135
Designing the catalog Web pages ....................................................136
Writing the code for the index page ................................................138
Writing the code for the products page .........................................140
Displaying the catalog Web pages ...................................................145
Building the Online Catalog Application: Procedural Approach ..........145
Building the Online Catalog Application: The Object-Oriented
Approach ..................................................................................................149
Developing the Objects ....................................................................149
Writing the Catalog class ..................................................................150
Writing the catalog application script ............................................155
Growing the Catalog class ................................................................157
Chapter 6: Shopping Cart Application . . . . . . . . . . . . . . . . . . . . . . . . .159
Designing the Shopping Cart Application ................................................159
Basic application design decisions .................................................159
Application functionality design .....................................................161
Description:PHP and MySQL Everyday Apps For Dummies is a one-stop reference providing all you need to build dynamic, real-world, ready-to-use apps with the popular PHP (a scripting language) and MySQL (a database system) software. The book is a hands-on, go-to-guide that Walks you through installing the applica
