01_575872 ffirs.qxd 5/27/05 6:16 PM Page iii
PHP & MySQL® Everyday Apps FOR DUMmIES‰
by Janet Valade 01_575872 ffirs.qxd 5/27/05 6:16 PM Page ii 01_575872 ffirs.qxd 5/27/05 6:16 PM Page i
PHP & MySQL® Everyday Apps FOR DUMmIES‰ 01_575872 ffirs.qxd 5/27/05 6:16 PM Page ii 01_575872 ffirs.qxd 5/27/05 6:16 PM Page iii
PHP & MySQL® Everyday Apps FOR DUMmIES‰
by Janet Valade 01_575872 ffirs.qxd 5/27/05 6:16 PM Page iv
PHP & MySQL® Everyday Apps For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. MySQL is a registered trade- mark of MySQL AB Limited Company. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REP- RESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CON- TENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CRE- ATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CON- TAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FUR- THER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFOR- MATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.
For general information on our other products and services, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit www.wiley.com/techsupport. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Control Number: 2005923782 ISBN-13: 978-0-7645-7587-7 ISBN-10: 0-7645-7587-2 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1O/SQ/QW/QV/IN 01_575872 ffirs.qxd 5/27/05 6:16 PM Page v
About the Author Janet Valade has 20 years of experience in the computing field. Her back- ground includes work as a technical writer for several companies, as a Web designer/programmer for an engineering firm, and as a systems analyst in a university environment where, for over ten years, she supervised the installa- tion and operation of computing resources, designed and developed a state- wide data archive, provided technical support to faculty and staff, wrote numerous technical papers and documentation, and designed and presented seminars and workshops on a variety of technology topics.
Janet currently has two published books: PHP & MySQL For Dummies, 2nd Edition, and PHP 5 For Dummies. In addition, she has authored chapters for several Linux and Web development books. 01_575872 ffirs.qxd 5/27/05 6:16 PM Page vi 01_575872 ffirs.qxd 5/27/05 6:16 PM Page vii
Dedication This book is dedicated to anyone who finds it useful.
Author’s Acknowledgments I wish to express my appreciation to the entire Open Source community. Without those people who give their time and talent, there would be no cool PHP for me to write about. Furthermore, I never would have learned this soft- ware without the PHP lists where people generously spend their time answer- ing foolish questions from beginners. Many ideas have come from reading questions and answers on the lists.
I want to thank my mother for passing on a writing gene and a good work ethic. Anything I accomplish has its roots in my beginnings. And, of course, thank you to my children who manage to remain close, though far away, and nourish my spirit.
And, of course, I want to thank the professionals who made it all possible. Without my agent, my editors, and all the other people at Wiley, this book would not exist. Because they all do their jobs so well, I can contribute my part to this joint project. 01_575872 ffirs.qxd 5/27/05 6:16 PM Page viii
Publisher’s Acknowledgments We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/. Some of the people who helped bring this book to market include the following:
Acquisitions, Editorial, Composition Services and Media Development Project Coordinator: Nancee Reeves Project Editor: Nicole Sholly Layout and Graphics: Andrea Dahl, Acquisitions Editor: Terri Varveris Joyce Haughey, Clint Lahnen, Copy Editor: Virginia Sanders Barry Offringa, Lynsey Osborn, Melanee Prendergast, Heather Ryan Technical Editor: Craig Lukasik Proofreaders: Leeann Harney, Jessica Kramer, Editorial Manager: Kevin Kirschner Carl William Pierce, TECHBOOKS Permissions Editor: Laura Moss Production Services Media Development Specialist: Travis Silvers Indexer: TECHBOOKS Production Services Media Development Manager: Special Help: Kim Darosett, Andy Hollandbeck Laura VanWinkle Media Development Supervisor: Richard Graves Editorial Assistant: Amanda Foxworth Cartoons: Rich Tennant, www.the5thwave.com
Publishing and Editorial for Technology Dummies Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher Mary Bednarek, Executive Acquisitions Director Mary C. Corder, Editorial Director Publishing for Consumer Dummies Diane Graves Steele, Vice President and Publisher Joyce Pepple, Acquisitions Director Composition Services Gerry Fahey, Vice President of Production Services Debbie Stailey, Director of Composition Services 02_575872 ftoc.qxd 5/27/05 6:35 PM Page ix
Contents at a Glance
Introduction ...... 1 Part I: Introducing Application Development ...... 7 Chapter 1: Building Your Application ...... 9 Chapter 2: Building in Application Security ...... 23 Part II: Building a User Authentication Application .....43 Chapter 3: User Authentication with HTTP ...... 45 Chapter 4: User Login Application ...... 77 Part III: Building Online Sales Applications ...... 129 Chapter 5: Online Catalog Application ...... 131 Chapter 6: Shopping Cart Application ...... 159 Part IV: Building Other Useful Applications ...... 233 Chapter 7: Building a Content Management System ...... 235 Chapter 8: Hosting Discussions with a Web Forum ...... 309 Part V: The Part of Tens ...... 373 Chapter 9: Ten Hints for Application Development ...... 375 Chapter 10: Ten Sources of PHP Code ...... 379 Part VI: Appendixes ...... 383 Appendix A: Introducing Object-Oriented Programming ...... 385 Appendix B: Object-Oriented Programming with PHP ...... 391 Appendix C: The MySQL and MySQL Improved Extensions ...... 407 Appendix D: About the CD ...... 411 Index ...... 417 02_575872 ftoc.qxd 5/27/05 6:35 PM Page x 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xi
Table of Contents
Introduction...... 1 About This Book ...... 1 Conventions Used in This Book ...... 1 Foolish Assumptions ...... 2 How This Book Is Organized ...... 3 Part I: Introducing Application Development ...... 3 Part II: Building a User Authentication Application ...... 4 Part III: Building Online Sales Applications ...... 4 Part IV: Building Other Useful Applications ...... 4 Part V: The Part of Tens ...... 4 Part VI: Appendixes ...... 4 About the CD ...... 5 Icons Used in This Book ...... 5 Where to Go from Here ...... 5
Part I: Introducing Application Development ...... 7
Chapter 1: Building Your Application ...... 9 Understanding PHP and MySQL Versions ...... 10 MySQL ...... 11 PHP ...... 11 PHP and MySQL together ...... 12 Using the Application Source Code ...... 13 Choosing a location ...... 13 Understanding the PHP code ...... 14 Procedural versus object-oriented programs ...... 15 Modifying the Source Code ...... 16 Programming editors ...... 17 Integrated Development Environment (IDE) ...... 18 Planning Your Application ...... 19 Planning the software ...... 20 Additional planning ...... 20 Chapter 2: Building in Application Security ...... 23 Understanding Security Risks ...... 24 Building Security into Your PHP Scripts ...... 24 Don’t trust any information from an outside source ...... 25 Storing information ...... 30 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xii
xii PHP & MySQL Everyday Apps For Dummies
Using system calls ...... 31 Handling errors ...... 32 MySQL Security ...... 33 Setting up accounts and passwords ...... 33 Accessing MySQL from PHP scripts ...... 37 Understanding SQL injection attacks ...... 38 Backing up your databases ...... 40 Using a Secure Web Server ...... 41
Part II: Building a User Authentication Application ...... 43
Chapter 3: User Authentication with HTTP ...... 45 Understanding HTTP Authentication ...... 46 Understanding how the WWW works ...... 46 Requesting a password-protected file ...... 47 Authorizing access ...... 48 Using HTTP Authentication with Apache ...... 49 Configuring Apache ...... 49 Creating the .htaccess file ...... 50 Creating the password file ...... 51 Apache HTTP authentication in action ...... 52 Designing an HTTP Authentication Application in PHP ...... 52 Creating a User Database ...... 54 Designing the user database ...... 54 Creating the user database ...... 55 Accessing the user database ...... 55 Building the Authentication Application in PHP: The Procedural Approach ...... 56 Building the Authentication Application in PHP: The Object-Oriented Approach ...... 60 Developing the objects ...... 60 Writing the PasswordPrompter class ...... 61 Writing the Database class ...... 62 Writing the Account class ...... 66 Writing the WebPage class ...... 71 Writing the Auth-OO script ...... 73 Chapter 4: User Login Application ...... 77 Designing the Login Application ...... 78 Creating the User Database ...... 78 Designing the database ...... 79 Building the database ...... 80 Accessing the database ...... 81 Adding data to the database ...... 81 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xiii
Table of Contents xiii
Building the Login Web Page ...... 82 Designing the login Web page ...... 82 Writing the code for the login page ...... 83 Displaying the login Web page ...... 91 Building the Login Application: The Procedural Approach ...... 91 Writing the application script ...... 92 Protecting your Web pages ...... 100 Building the Login Application: The Object-Oriented Approach ...... 101 Developing the objects ...... 101 Writing the WebForm class ...... 102 Writing the Database class ...... 110 Writing the Account class ...... 111 Writing the Session class ...... 114 Writing the Email class ...... 117 Writing the login application script ...... 119 Protecting your Web pages ...... 126 Adding Features to the Application ...... 126
Part III: Building Online Sales Applications ...... 129
Chapter 5: Online Catalog Application ...... 131 Designing the Online Catalog Application ...... 131 Creating the Catalog Database ...... 132 Designing the Catalog database ...... 132 Building the Catalog database ...... 134 Accessing the food database ...... 134 Adding data to the database ...... 135 Building the Catalog Web Pages ...... 135 Designing the catalog Web pages ...... 136 Writing the code for the index page ...... 138 Writing the code for the products page ...... 140 Displaying the catalog Web pages ...... 145 Building the Online Catalog Application: Procedural Approach ...... 145 Building the Online Catalog Application: The Object-Oriented Approach ...... 149 Developing the Objects ...... 149 Writing the Catalog class ...... 150 Writing the catalog application script ...... 155 Growing the Catalog class ...... 157 Chapter 6: Shopping Cart Application ...... 159 Designing the Shopping Cart Application ...... 159 Basic application design decisions ...... 159 Application functionality design ...... 161 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xiv
xiv PHP & MySQL Everyday Apps For Dummies
Creating the Shopping Cart Database ...... 162 Designing the shopping cart database ...... 162 Building the shopping cart database ...... 164 Accessing the shopping cart database ...... 165 Adding data to the shopping cart database ...... 165 Building the Shopping Cart Web Pages ...... 166 Designing the shopping cart Web pages ...... 166 Writing the code for the product information page ...... 171 Writing the code for the shopping cart Web page ...... 175 Writing the code for the shipping information form ...... 182 Writing the code for the summary page ...... 187 Building the Shopping Cart Application: The Procedural Approach ...193 Writing ShopCatalog.php ...... 193 Writing ShoppingCart.php ...... 197 Writing ProcessOrder.php ...... 200 Building the Shopping Cart Application: The Object-Oriented Approach ...... 207 Developing the objects ...... 207 Writing the Catalog class ...... 208 Writing the Item class ...... 210 Writing the ShoppingCart class ...... 212 Writing the Database class ...... 215 Writing the Order class ...... 216 Writing the WebForm class ...... 221 Writing the WebPage class ...... 222 Writing the Email Class ...... 223 Writing the shopping cart application script ...... 223 Adding Features to the Application ...... 231
Part IV: Building Other Useful Applications ...... 233
Chapter 7: Building a Content Management System ...... 235 Designing the CMS Application ...... 235 Creating the CMS Database ...... 236 Designing the CMS database ...... 237 Building the CMS database ...... 240 Accessing the CMS database ...... 243 Designing the CMS Web Pages ...... 243 Building the CMS Application: Procedural Approach ...... 246 Writing the login code ...... 246 Writing CompanyHome.php, a data retrieval file ...... 253 Writing company.inc, the main HTML display file ...... 262 Writing the content detail code ...... 265 Writing Admin.php, the data manipulation code ...... 269 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xv
Table of Contents xv
Building the CMS Application: Object-Oriented Approach ...... 275 Writing the object model ...... 275 Writing a basic data class ...... 277 Writing the Department class ...... 279 Writing the ContentType class ...... 281 Writing the ContentItem class ...... 283 Writing the ContentDownload class ...... 289 Writing the Database class ...... 291 Writing the WebForm class ...... 292 Writing the code for the login page ...... 293 Writing fields_content.inc and content_form.inc ...... 294 Writing the display code ...... 294 Writing Admin-OO.php, the data manipulation code ...... 303 Enhancing the Content Management System ...... 307 Chapter 8: Hosting Discussions with a Web Forum ...... 309 Designing the Forum Application ...... 309 Creating the Forum Database ...... 310 Designing the Forum database ...... 311 Building the forum tables ...... 314 Accessing the forum tables ...... 315 Adding data to the database ...... 316 Building the Forum Web Pages ...... 317 Designing the Forum Web pages ...... 317 Writing the code for the Forums page ...... 321 Writing the code for the Threads page ...... 324 Writing the code for the Messages page ...... 328 Writing the code for the New Message page ...... 331 Writing the code for the Reply page ...... 334 Building the Forum Application: Procedural Approach ...... 337 Writing viewForums.php ...... 337 Writing viewTopic.php ...... 338 Writing viewThread.php ...... 338 Writing postMessage.php ...... 339 Writing postReply.php ...... 342 Writing the supporting functions ...... 345 Building the Forum Application: The Object-Oriented Approach ...... 347 Developing the objects ...... 348 Writing the TableAccessor class ...... 349 Writing the Thread class ...... 353 Writing the Post class ...... 355 Writing the Database class ...... 357 Writing the WebForm class ...... 358 Writing the Forum application scripts ...... 359 Writing the supporting functions ...... 368 Possible Enhancements ...... 371 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xvi
xvi PHP & MySQL Everyday Apps For Dummies
Part V: The Part of Tens ...... 373
Chapter 9: Ten Hints for Application Development ...... 375 Plan First ...... 375 Be Consistent ...... 376 Test Code Incrementally ...... 376 Remember Those Who Follow ...... 376 Use Constants ...... 376 Write Reusable Code ...... 377 Separate Page Layout from Function ...... 377 Don’t Reinvent the Wheel ...... 377 Use the Discussion Lists Frequently, but Wisely ...... 378 Document Everything ...... 378 Chapter 10: Ten Sources of PHP Code ...... 379 SourceForge.net ...... 379 WeberDev ...... 380 PHP Classes ...... 380 Codewalkers ...... 380 PHP Builder ...... 381 HotScripts.com ...... 381 Zend ...... 381 PHP Freaks ...... 382 PX: The PHP Code Exchange ...... 382 Free PHP and MySQL Hosting Directory ...... 382
Part VI: Appendixes ...... 383
Appendix A: Introducing Object-Oriented Programming ...... 385 Understanding Object-Oriented Programming Concepts ...... 385 Objects and classes ...... 386 Properties ...... 386 Methods ...... 387 Abstraction ...... 387 Inheritance ...... 388 Information hiding ...... 389 Creating and Using the Class ...... 390 Appendix B: Object-Oriented Programming with PHP ...... 391 Writing a Class Statement ...... 391 The class statement ...... 391 Naming the class ...... 392 Adding the class code ...... 392 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xvii
Table of Contents xvii
Setting properties ...... 392 Adding methods ...... 394 Accessing properties and methods ...... 395 Writing the constructor ...... 396 Putting it all together ...... 397 Using inheritance in your class ...... 398 Using a Class ...... 399 Creating an object ...... 399 Using methods ...... 399 Accessing properties ...... 400 Using Exceptions ...... 400 Copying Objects ...... 401 Destroying Objects ...... 402 Using Abstract Classes ...... 403 Using Interfaces ...... 404 Testing an Object ...... 405 Object-Oriented Concepts That PHP 5 Omits ...... 405 Appendix C: The MySQL and MySQL Improved Extensions ...... 407
Appendix D: About the CD ...... 411 System Requirements ...... 411 Using the CD ...... 412 What You Can Find on the CD ...... 412 Source code files ...... 412 Links to useful PHP and MySQL information ...... 413 A bonus chapter ...... 414 Troubleshooting ...... 414 Index...... 417 02_575872 ftoc.qxd 5/27/05 6:35 PM Page xviii
xviii PHP & MySQL Everyday Apps For Dummies 03_575872 intro.qxd 5/27/05 6:31 PM Page 1
Introduction
ecause you’re looking at a book called PHP & MySQL Everyday Apps For BDummies, I assume you want to build a Web application with the PHP scripting language and a MySQL backend database. If you need to build a dynamic Web application for a specific purpose, you’re in the right place. You will find six popular applications in this book and one additional applica- tion chapter on the CD. If the exact application you need isn’t here, you can probably adapt one of the applications to suit your needs.
About This Book This book is a practical introduction to dynamic Web applications. It provides the code and information needed to build several of the most popular appli- cations on the Web. The applications in this book allow you to