01_575872 ffirs.qxd 5/27/05 6:16 PM Page iii PHP & MySQL® Everyday Apps FOR DUMmIES ‰ by Janet Valade 01_575872 ffirs.qxd 5/27/05 6:16 PM Page iv PHP & MySQL®Everyday Apps For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks:Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. MySQL is a registered trade- mark of MySQL AB Limited Company. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REP- RESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CON- TENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CRE- ATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CON- TAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FUR- THER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFOR- MATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. For general information on our other products and services, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit www.wiley.com/techsupport. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Control Number: 2005923782 ISBN-13: 978-0-7645-7587-7 ISBN-10: 0-7645-7587-2 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1O/SQ/QW/QV/IN 01_575872 ffirs.qxd 5/27/05 6:16 PM Page v About the Author Janet Valade has 20 years of experience in the computing field. Her back- ground includes work as a technical writer for several companies, as a Web designer/programmer for an engineering firm, and as a systems analyst in a university environment where, for over ten years, she supervised the installa- tion and operation of computing resources, designed and developed a state- wide data archive, provided technical support to faculty and staff, wrote numerous technical papers and documentation, and designed and presented seminars and workshops on a variety of technology topics. Janet currently has two published books: PHP & MySQL For Dummies,2nd Edition, and PHP 5 For Dummies.In addition, she has authored chapters for several Linux and Web development books. 01_575872 ffirs.qxd 5/27/05 6:16 PM Page vii Dedication This book is dedicated to anyone who finds it useful. Author’s Acknowledgments I wish to express my appreciation to the entire Open Source community. Without those people who give their time and talent, there would be no cool PHP for me to write about. Furthermore, I never would have learned this soft- ware without the PHP lists where people generously spend their time answer- ing foolish questions from beginners. Many ideas have come from reading questions and answers on the lists. I want to thank my mother for passing on a writing gene and a good work ethic. Anything I accomplish has its roots in my beginnings. And, of course, thank you to my children who manage to remain close, though far away, and nourish my spirit. And, of course, I want to thank the professionals who made it all possible. Without my agent, my editors, and all the other people at Wiley, this book would not exist. Because they all do their jobs so well, I can contribute my part to this joint project. 01_575872 ffirs.qxd 5/27/05 6:16 PM Page viii Publisher’s Acknowledgments We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/. Some of the people who helped bring this book to market include the following: Acquisitions, Editorial, Composition Services and Media Development Project Coordinator: Nancee Reeves Project Editor:Nicole Sholly Layout and Graphics: Andrea Dahl, Acquisitions Editor:Terri Varveris Joyce Haughey, Clint Lahnen, Barry Offringa, Lynsey Osborn, Copy Editor:Virginia Sanders Melanee Prendergast, Heather Ryan Technical Editor:Craig Lukasik Proofreaders: Leeann Harney, Jessica Kramer, Editorial Manager:Kevin Kirschner Carl William Pierce, TECHBOOKS Permissions Editor:Laura Moss Production Services Media Development Specialist:Travis Silvers Indexer: TECHBOOKS Production Services Media Development Manager: Special Help: Kim Darosett, Andy Hollandbeck Laura VanWinkle Media Development Supervisor: Richard Graves Editorial Assistant:Amanda Foxworth Cartoons:Rich Tennant, www.the5thwave.com Publishing and Editorial for Technology Dummies Richard Swadley,Vice President and Executive Group Publisher Andy Cummings,Vice President and Publisher Mary Bednarek,Executive Acquisitions Director Mary C. Corder,Editorial Director Publishing for Consumer Dummies Diane Graves Steele,Vice President and Publisher Joyce Pepple,Acquisitions Director Composition Services Gerry Fahey,Vice President of Production Services Debbie Stailey,Director of Composition Services 02_575872 ftoc.qxd 5/27/05 6:35 PM Page ix Contents at a Glance Introduction.................................................................1 Part I: Introducing Application Development .................7 Chapter 1: Building Your Application .............................................................................9 Chapter 2: Building in Application Security .................................................................23 Part II: Building a User Authentication Application .....43 Chapter 3: User Authentication with HTTP .................................................................45 Chapter 4: User Login Application ................................................................................77 Part III: Building Online Sales Applications ...............129 Chapter 5: Online Catalog Application .......................................................................131 Chapter 6: Shopping Cart Application ........................................................................159 Part IV: Building Other Useful Applications ...............233 Chapter 7: Building a Content Management System .................................................235 Chapter 8: Hosting Discussions with a Web Forum ..................................................309 Part V: The Part of Tens ...........................................373 Chapter 9: Ten Hints for Application Development ..................................................375 Chapter 10: Ten Sources of PHP Code ........................................................................379 Part VI: Appendixes .................................................383 Appendix A: Introducing Object-Oriented Programming .........................................385 Appendix B: Object-Oriented Programming with PHP .............................................391 Appendix C:The MySQL and MySQL Improved Extensions ....................................407 Appendix D: About the CD ...........................................................................................411 Index.......................................................................417 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xi Table of Contents Introduction..................................................................1 About This Book ..............................................................................................1 Conventions Used in This Book ....................................................................1 Foolish Assumptions ......................................................................................2 How This Book Is Organized ..........................................................................3 Part I: Introducing Application Development ....................................3 Part II: Building a User Authentication Application ..........................4 Part III: Building Online Sales Applications ........................................4 Part IV: Building Other Useful Applications .......................................4 Part V: The Part of Tens ........................................................................4 Part VI: Appendixes ...............................................................................4 About the CD ..........................................................................................5 Icons Used in This Book .................................................................................5 Where to Go from Here ...................................................................................5 Part I: Introducing Application Development ..................7 Chapter 1: Building Your Application . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Understanding PHP and MySQL Versions ..................................................10 MySQL ...................................................................................................11 PHP ........................................................................................................11 PHP and MySQL together ...................................................................12 Using the Application Source Code ............................................................13 Choosing a location .............................................................................13 Understanding the PHP code .............................................................14 Procedural versus object-oriented programs ..................................15 Modifying the Source Code ..........................................................................16 Programming editors ..........................................................................17 Integrated Development Environment (IDE) ...................................18 Planning Your Application ...........................................................................19 Planning the software .........................................................................20 Additional planning .............................................................................20 Chapter 2: Building in Application Security . . . . . . . . . . . . . . . . . . . . .23 Understanding Security Risks .....................................................................24 Building Security into Your PHP Scripts ....................................................24 Don’t trust any information from an outside source ......................25 Storing information .............................................................................30 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xii xii PHP & MySQL Everyday Apps For Dummies Using system calls ...............................................................................31 Handling errors ....................................................................................32 MySQL Security .............................................................................................33 Setting up accounts and passwords .................................................33 Accessing MySQL from PHP scripts ..................................................37 Understanding SQL injection attacks ...............................................38 Backing up your databases ................................................................40 Using a Secure Web Server ..........................................................................41 Part II: Building a User Authentication Application ......43 Chapter 3: User Authentication with HTTP . . . . . . . . . . . . . . . . . . . . . .45 Understanding HTTP Authentication .........................................................46 Understanding how the WWW works ...............................................46 Requesting a password-protected file ..............................................47 Authorizing access ..............................................................................48 Using HTTP Authentication with Apache ..................................................49 Configuring Apache .............................................................................49 Creating the .htaccess file ..................................................................50 Creating the password file ..................................................................51 Apache HTTP authentication in action ............................................52 Designing an HTTP Authentication Application in PHP ...........................52 Creating a User Database .............................................................................54 Designing the user database ..............................................................54 Creating the user database ................................................................55 Accessing the user database .............................................................55 Building the Authentication Application in PHP: The Procedural Approach ........................................................................56 Building the Authentication Application in PHP: The Object-Oriented Approach ...............................................................60 Developing the objects .......................................................................60 Writing the PasswordPrompter class ...............................................61 Writing the Database class .................................................................62 Writing the Account class ..................................................................66 Writing the WebPage class .................................................................71 Writing the Auth-OO script ................................................................73 Chapter 4: User Login Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Designing the Login Application .................................................................78 Creating the User Database .........................................................................78 Designing the database .......................................................................79 Building the database .........................................................................80 Accessing the database ......................................................................81 Adding data to the database ..............................................................81 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xiii xiii Table of Contents Building the Login Web Page .......................................................................82 Designing the login Web page ............................................................82 Writing the code for the login page ...................................................83 Displaying the login Web page ...........................................................91 Building the Login Application: The Procedural Approach .....................91 Writing the application script ............................................................92 Protecting your Web pages ..............................................................100 Building the Login Application: The Object-Oriented Approach ..........101 Developing the objects .....................................................................101 Writing the WebForm class ..............................................................102 Writing the Database class ...............................................................110 Writing the Account class ................................................................111 Writing the Session class ..................................................................114 Writing the Email class .....................................................................117 Writing the login application script ................................................119 Protecting your Web pages ..............................................................126 Adding Features to the Application ..........................................................126 Part III: Building Online Sales Applications ...............129 Chapter 5: Online Catalog Application . . . . . . . . . . . . . . . . . . . . . . . . .131 Designing the Online Catalog Application ...............................................131 Creating the Catalog Database ..................................................................132 Designing the Catalog database ......................................................132 Building the Catalog database .........................................................134 Accessing the food database ...........................................................134 Adding data to the database ............................................................135 Building the Catalog Web Pages ................................................................135 Designing the catalog Web pages ....................................................136 Writing the code for the index page ................................................138 Writing the code for the products page .........................................140 Displaying the catalog Web pages ...................................................145 Building the Online Catalog Application: Procedural Approach ..........145 Building the Online Catalog Application: The Object-Oriented Approach ..................................................................................................149 Developing the Objects ....................................................................149 Writing the Catalog class ..................................................................150 Writing the catalog application script ............................................155 Growing the Catalog class ................................................................157 Chapter 6: Shopping Cart Application . . . . . . . . . . . . . . . . . . . . . . . . .159 Designing the Shopping Cart Application ................................................159 Basic application design decisions .................................................159 Application functionality design .....................................................161
Description: