book

PHP & MySQL: The Missing Manual, 2nd Edition

Name: PHP & MySQL: The Missing Manual, 2nd Edition
Author: Brett McLaughlin
ISBN: 9781449355548

by Brett McLaughlin

November 2012

Intermediate to advanced

546 pages

15h 24m

English

O'Reilly Media, Inc.

Read now

Unlock full access

PHP & MySQL: The Missing Manual, Second Edition
SPECIAL OFFER: Upgrade this ebook with O’Reilly
The Missing Credits
About the AuthorAbout the Creative TeamAcknowledgmentsThe Missing Manual Series
Introduction
What PHP and MySQL Can DoWhat Is PHP?What Is PHP Like?PHP Is All About the WebJavaScript Is Loose, PHP Is…Less SoPHP Is InterpretedPHP Doesn’t Run in the BrowserWhat Is MySQL?About This BookMacintosh and WindowsFTP: It’s CriticalAbout the OutlineAbout the Online ResourcesMissing CDRegistrationFeedbackErrataSafari® Books Online
1. PHP and MySQL Basics
1. PHP: What, Why, and Where?
PHP Comes in Two Flavors: Local and RemoteHTML and CSS Run Within a Web BrowserJavaScript Adds Complexity, but Not SoftwarePHP Is Not Part of Your BrowserWrite Anywhere, Run Where There’s PHPPHP: Going LocalPHP on the Windows-Based Computers (WampServer Installation)PHP on the Mac (Default Installation)PHP on the Mac (MAMP Installation)Get Out Your Text EditorWrite Your First ProgramRun Your First ProgramBut Where’s That Web Server?The PHP Interpreter Is a Program You Can RunBut, the HTML Is Coming…
2. PHP Meets HTML
Script or HTML?Determination by ExtensionHTML Is Treated as HTMLPHP Is Not HTML (by Extension)PHP Can Be HTML—by ResponsePHP Talks BackWrite Another PHP ScriptVariables VaryCheck Things Out LocallyRun PHP Scripts RemotelyUpload your HTML, CSS, and PHPRun Your Second ProgramWelcome to Programming!
3. PHP Syntax: Weird and Wonderful
Get Information from a Web FormAccessing Request Parameters DirectlyCreate Your Own VariablesWorking with Text in PHPCombine TextSearching Within TextChanging TextTrim and Replace TextRemoving Extra Whitespace by Using Trim()Replacing Characters in Text by Using Str_replace()The $_REQUEST Variable Is an ArrayArrays Can Hold Multiple ValuesPHP Gives You An Array of Request InformationWhat Do You Do with User Information?
4. MySQL and SQL: Database and Language
What Is a Database?Databases Are PersistentDatabases Are All about StructureGood Databases Are RelationalInstalling MySQLThe mysql Console Program: Your New Best FriendRun the mysql Tool on WampServerFind the MySQL Command-Line ProgramGive mysql the Right User and PasswordRun the mysql Tool on MAMPSet Up mysql for Your User ProfileGive mysql the Right User and PasswordRun Your First SQL QuerySQL Is a Language for Talking to DatabasesLogging In to Your Web Server’s DatabaseSelecting a Database with USEUsing CREATE to Make TablesUsing DROP to Delete TablesINSERT a Few RowsUsing SELECT for the Grand Finale
2. Dynamic Web Pages

5. Connecting PHP to MySQL
Writing a Simple PHP Connection ScriptConnect to a MySQL DatabaseSelect the Database with PHPViewing Your Database’s Tables by Using SHOWHandling Errors by Determining If Your Results are NotPrint Out Your SQL ResultsCleaning Up Your Code with Multiple FilesReplacing Hand-Typed Values with VariablesAbstracting Important Values into a Separate FileVariables Vary, but Constants Stay ConstantBuilding a Basic SQL Query RunnerCreating an HTML Form with a Big Empty BoxConnecting to Your Database (Again)Running Your User’s SQL Query (Again)Entering Your First Web-Based QueryHandling Queries That Don’t SELECT InformationDealing with HumansAvoid Changing User Input Whenever Possible
6. Regular Expressions
String Matching, Double-TimeA Simple String SearcherSearch for One String…Or AnotherGetting into PositionDitch trim and strtoupperSearching for Sets of CharactersRegular Expressions: To Infinity and BeyondA Little Cleanup: Remove the echo Statements
7. Generating Dynamic Web Pages
Revisiting a User’s InformationPlanning Your Database TablesGood Database Tables Have ID ColumnsAuto Increment Is Your FriendIDs and Primary Keys are Good BedfellowsAdding Constraints to Your DatabaseSaving a User’s InformationBuilding Your SQL QueryInserting a UserA First Pass at ConfirmationUsers are Users, Not ProgrammersShow Me the UserCreating a Mockup of a User Profile PageChanging a Table’s Structure by Using ALTERBuilding Your Script: First PassUsing SELECT to Retrieve a User from Your DatabasePulling Values from a SQL Query ResultPassing a User ID into show_user.phpRevisiting (and Redirecting) the Create User ScriptUpdating Your User Signup FormUpdating Your User Creation ScriptRounding Things Out by Using Regular Expressions (Again)
3. From Web Pages to Web Applications
8. When Things Go Wrong (and They Will)
Planning Your Error PagesWhat Should Users See?Tell Your Users that a Problem has OccurredBring Down the Panic Level in the ProcessKnow When to Say WhenFinding a Middle Ground for Error Pages with PHPCreating a PHP Error PageTesting Your SolutionExpect the UnexpectedWelcome to Security and PhishingPhishing and Subtle RedirectionThe Dangers of Request ParametersAdd Debugging to Your ApplicationWho’s Using This App, Anyway?Now You See Me, Now You Don’tMoving from require to require_onceRedirecting On ErrorUpdate connect.php to show_user.phpSimplifying and Abstracting Your Coderedirect Is Path-Insensitive
9. Handling Images and Complexity
Images Are Just FilesHTML Forms Can Set the StageUploading a User’s Image to Your ServerSet Up Some Helper VariablesDid the File Upload with Any Errors?Is this Really an Uploaded File?Is the Uploaded File Really an Image?Move the File to a Permanent LocationStoring the Image Location in the DatabaseCreate a New Database ColumnInsert the Image Path Into Your TableCheck Your WorkImages Are for ViewingSELECTing the Image and Displaying ItConverting File System Paths to URLsDisplaying Your User’s Image: Take TwoAnd Now for Something Completely Different
10. Binary Objects and Image Loading
Storing Different Objects in Different TablesInserting a Raw Image into a TableBeware: getimagesize Doesn’t Return a File SizeThe file_get_contents Function Does What You Think It DoesINSERTing the ImageYour Binary Data Isn’t Safe to Insert…YetPrinting a String to a VariableGetting the Correct ID Before RedirectingConnecting Users and ImagesInserting an Image and then Inserting a UserJoining Tables by Using WHEREConnect Your Tables Through Common ColumnsAlias Your Tables (and Columns)Show Me the Image!Displaying an ImageMake a Game Plan for Your ScriptGet the Image IDBuild and Run a Select QueryGet the Results, Get the Image, and Deal with Potential ErrorsTell the Browser What’s ComingSend the Image DataHandling Errors with try and catchTest, Test, Always TestEmbedding an Image Is Just Viewing an ImageAll You Need Is an Image IDA Script Can Be an Image srcSo, Which Approach Is Best?OK, If You Insist on an Answer…
11. Listing, Iterating, and Administrating
Thinking about What You Need as an Admin(User Interface) Brevity Is Still the Soul of WitWish Lists Are Good, TooListing All Your UsersSELECTing What You Need (Now)Building a Simple Admin PageIterating Over Your ArrayDeleting a UserSurveying the Individual ComponentsPutting It All TogetherDeleting Users Shouldn’t Be MagicalStart with a Little JavascriptFinish with a Change in LinkingTalking Back to Your Usersredirect Has Some LimitationsJavaScript alert ReduxAn All-Javascript ApproachYour PHP Controls your Outputalert Is InterruptiveStandardizing on MessagingBuilding a New Utility Function for DisplayDuplicate Code Is a Problem Waiting to HappenView and Display Code Belongs TogetherIntegrating Utilities, Views, and MessagesCalling Repeated Code from a View ScriptFlexible Functions Are Better FunctionsUse Default Argument Values in Display_MessagesOutput a Standard Header with HeredocUpdate Your Script(s) to Use Display_HeadStandardizing and Consolidating Messaging in the ViewBuilding a Function to Call Two FunctionsJust Pass That Information Along
4. Security and the Real World
12. Authentication and Authorization
Basic AuthenticationUsing HTTP Headers for Basic AuthenticationBasic Authentication Is…Well, BasicThe Worst Authentication EverGetting Your User’s CredentialsCancel Is Not a Valid Means of AuthenticationGetting Your User’s CredentialsAbstracting What’s the SameAnother Utility Script: authorize.phpPasswords Don’t Belong in PHP ScriptsUpdating the users TableDealing with Newly Invalid DataGetting an Initial User Name and PasswordInserting the User Name and PasswordConnect authorize.php to Your users TablePasswords Create Security, But Should Be SecureEncrypting Text by Using the crypt Functioncrypt Is One-Way EncryptionEncryption Uses Salt
13. Cookies, Sign-Ins, and Ditching Crummy Pop-Ups
Moving Beyond Basic AuthenticationStarting with a Landing PageTaking Control of User Sign InsFrom HTTP Authentication to CookiesWhat is a Cookie?Create and Retrieve CookiesLogging In with CookiesDetermining Whether the User Is Already Signed InIs the User Trying to Sign In?Displaying the PageRedirecting as NeededLogging In the UserBlank Pages and Expiring CookiesErrors Aren’t Always InterruptiveAn Option for Repeat AttemptsAdding Context-Specific MenusPutting a Menu into PlaceFrom HTML to ScriptsAny HTML File Can Be Converted to PHPChallenge: Be Self-Referential with User CreationLogging Users OutRequiring the Cookie to Be Set
14. Authorization and Sessions
Modeling Groups in Your DatabaseAdding a Groups TableThe Many-to-Many RelationshipOne-to-One, One-to-Many, Many-to-ManyJoins are Best Done with IDSUse a Join Table to Connect Users with GroupsTesting Group MembershipChecking for Group Membershipauthorize.php Needs a FunctionTake in a List of GroupsIterating Over Each GroupAllow, Deny, RedirectGroup-Specific MenusEntering Browser SessionsSessions Are Server-SideSessions Must Be StartedFrom $_COOKIE to $_SESSIONSessions Must Be Restarted, Too$_REQUEST Doesn’t Include $_SESSIONMenu, Anyone?And Then, Sign Out…Memory Lane: Remember That Phishing Problem?Why Would You Ever Use Cookies?
5. Appendixes
A. Installing PHP on Windows Without WAMP
Installing PHP from www.php.net
B. Installing MySQL Without MAMP or WAMP
Installing MySQLMySQL on WindowsMySQL on Mac OS X
Index
About the Author
SPECIAL OFFER: Upgrade this ebook with O’Reilly
Copyright

Content preview from PHP & MySQL: The Missing Manual, 2nd Edition

Chapter 6. Regular Expressions

In the example in the last chapter example—a web form that lets users run SQL against a MySQL database—you did one of the most common things programmers do. You wrote code that solves a problem, but it’s ugly, messy, and a little hard to understand. Unfortunately, most programmers leave code in that state. That’s something you want to avoid.

Bad code is like sloppy plumbing or a poorly constructed house frame. At some point, things are going to go bad, and someone is going to have to fix problems. And, if you’ve ever had an electrician tell you what he has to charge you because the guy who did the work initially did it wrong before, you know how expensive it is to fix someone else’s mistakes.

But here’s the thing: Even good code is going to fail at some point. Any time you have a system that involves humans, at some point, someone will do something unexpected, or maybe just something you never thought about dealing with when you wrote your code. And that’s when you’re the electrician, trying to fix things when the customer’s unhappy—but in this scenario, there’s nobody else to blame.

So, writing ugly code that works really isn’t an option. At the moment, the code in run_query.php right now is very ugly. It’s all those if statements that are trying to figure out whether the user entered a CREATE or an UPDATE or an INSERT, or maybe a SELECT…or who knows what else? What you really need is a way to search the incoming query for all those keywords all at once ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449355517Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

PHP & MySQL: The Missing Manual, 2nd Edition

by Brett McLaughlin

Chapter 6. Regular Expressions

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.