book

PHP6 and MySQL® 6 Bible

Name: PHP6 and MySQL® 6 Bible
ISBN: 9780470384503

by Tim Converse, Steve Suehring, Joyce Park

January 2009

Intermediate to advanced

911 pages

20h 32m

English

Wiley

Read now

Unlock full access

Copyright
About the Authors
Credits
Acknowledgments
Introduction
What Is PHP?Why PHP?What's New in This Edition?New PHP 6 featuresWho wrote the book?Whom This Book Is ForThis Book Is Not the ManualHow the Book Is OrganizedPart I: PHP: The BasicsPart II: PHP and MySQLPart III: Advanced TechniquesPart IV: ConnectionsPart V: Case StudiesAppendicesConventions Used in This BookWhat the Icons Mean
I. Introducing PHP
1. Why PHP and MySQL?
1.1. What Is PHP?1.2. What Is MySQL?1.3. Deciding on a Web Application Platform1.3.1. Cost1.3.2. Ease of Use1.3.3. HTML-embeddedness1.3.4. Cross-platform compatibility1.3.5. Stability1.3.6. Many extensions1.3.7. Fast feature development1.3.8. Not proprietary1.3.9. Strong user communities1.4. Summary
2. Server-Side Scripting Overview
2.1. Static HTML2.2. Client-Side Technologies2.3. Server-Side Scripting2.4. What Is Server-Side Scripting Good For?2.5. Summary
3. Getting Started with PHP
3.1. Installing PHP3.1.1. Installation procedures3.1.1.1. Installing PHP on CentOS3.1.1.2. Installing PHP on Debian3.1.1.3. Installing PHP from source3.1.1.4. Microsoft Windows and Apache3.1.1.5. Other web servers3.1.2. Development tools3.2. What's to Come?3.3. Your HTML Is Already PHP-Compliant!3.4. Escaping from HTML3.4.1. Canonical PHP tags3.4.2. Hello World3.4.3. Jumping in and out of PHP mode3.4.4. Including files3.5. Summary
4. Learning PHP Syntax and Variables
4.1. PHP Is Forgiving4.2. HTML Is Not PHP4.3. PHP's Syntax Is C-Like4.3.1. PHP is whitespace insensitive4.3.2. PHP is sometimes case sensitive4.3.3. Statements are expressions terminated by semicolons4.3.3.1. Expressions are combinations of tokens4.3.3.2. Expressions are evaluated4.3.3.3. Precedence, associativity, and evaluation order4.3.3.4. Expressions and types4.3.3.5. Assignment expressions4.3.3.6. Reasons for expressions and statements4.3.4. Braces make blocks4.4. Comments4.4.1. C-style multiline comments4.4.2. Single-line comments: # and //4.5. Variables4.5.1. PHP variables are Perl-like4.5.2. Declaring variables (or not)4.5.3. Assigning variables4.5.4. Reassigning variables4.5.5. Unassigned variables4.5.5.1. Default values4.5.5.2. Checking assignment with isset4.5.6. Variable scope4.5.6.1. Functions and variable scope4.5.7. You can switch modes if you want4.5.8. Constants4.6. Types in PHP: Don't Worry, Be Happy4.6.1. No variable type declarations4.6.2. Automatic type conversion4.6.3. Types assigned by context4.7. Type Summary4.8. The Simple Types4.8.1. Integers4.8.1.1. Read formats4.8.1.2. Range4.8.2. Doubles4.8.2.1. Read formats4.8.3. Booleans4.8.3.1. Boolean constants4.8.3.2. Interpreting other types as Booleans4.8.3.3. Examples4.8.3.3.1. Don't use doubles as Booleans4.8.4. NULL4.8.5. Strings4.8.5.1. Singly quoted strings4.8.5.2. Doubly quoted strings4.8.5.3. Single versus double quotation marks4.8.5.4. Variable interpolation4.8.5.5. Newlines in strings4.8.5.6. Limits4.9. Output4.9.1. Echo and print4.9.1.1. Echo4.9.1.2. Print4.9.2. Variables and strings4.9.2.1. HTML and linebreaks4.10. Summary

5. Learning PHP Control Structures and Functions
5.1. Boolean Expressions5.1.1. Boolean constants5.1.2. Logical operators5.1.2.1. Precedence of logical operators5.1.2.2. Logical operators short-circuit5.1.3. Comparison operators5.1.3.1. Operator precedence5.1.3.2. String comparison5.1.4. The ternary operator5.2. Branching5.2.1. If-else5.2.1.1. Else attachment5.2.1.2. Elseif5.2.2. Switch5.3. Looping5.3.1. Bounded loops versus unbounded loops5.3.2. While5.3.3. Do-while5.3.4. For5.3.5. Looping examples5.3.5.1. A bounded for loop5.3.5.2. An unbounded while loop5.3.6. Break and continue5.3.7. A note on infinite loops5.4. Alternate Control Syntaxes5.5. Terminating Execution5.6. Using Functions5.6.1. Return values versus side effects5.7. Function Documentation5.7.1. Headers in documentation5.7.2. Finding function documentation5.8. Defining Your Own Functions5.8.1. What is a function?5.8.2. Function definition syntax5.8.3. Function definition example5.8.4. Formal parameters versus actual parameters5.8.5. Argument number mismatches5.8.5.1. Too few arguments5.8.5.2. Too many arguments5.9. Functions and Variable Scope5.9.1. Global versus local5.9.2. Static variables5.9.3. Exceptions5.10. Function Scope5.10.1. Include and require5.10.1.1. Including only once5.10.1.2. The include path5.10.2. Recursion5.11. Summary
6. Passing Information with PHP
6.1. HTTP Is Stateless6.2. GET Arguments6.3. A Better Use for GET-Style URLs6.4. POST Arguments6.5. Formatting Form Variables6.5.1. Consolidating forms and form handlers6.6. PHP Superglobal Arrays6.7. Summary
7. Learning PHP String Handling
7.1. Strings in PHP7.1.1. Interpolation with curly braces7.1.2. Characters and string indexes7.1.3. String operators7.1.4. Concatenation and assignment7.1.5. The heredoc syntax7.2. String Functions7.2.1. Inspecting strings7.2.2. Finding characters and substrings7.2.3. Comparison and searching7.2.4. Searching7.2.5. Substring selection7.2.6. String cleanup functions7.2.7. String replacement7.2.8. Case functions7.2.8.1. strtolower()7.2.8.2. strtoupper()7.2.8.3. ucfirst()7.2.8.4. ucwords()7.2.9. Escaping functions7.2.10. Printing and output7.3. Summary
8. Learning Arrays
8.1. The Uses of Arrays8.2. What Are PHP Arrays?8.3. Creating Arrays8.3.1. Direct assignment8.3.2. The array() construct8.3.3. Specifying indices using array()8.3.4. Functions returning arrays8.4. Retrieving Values8.4.1. Retrieving by index8.4.2. The list() construct8.5. Multidimensional Arrays8.6. Inspecting Arrays8.7. Deleting from Arrays8.8. Iteration8.8.1. Support for iteration8.8.2. Using iteration functions8.8.3. Our favorite iteration method: foreach8.8.4. Iterating with current() and next()8.8.5. Starting over with reset()8.8.6. Reverse order with end() and prev()8.8.7. Extracting keys with key()8.8.8. Empty values and the each() function8.8.9. Walking with array_walk()8.9. Summary
9. Learning PHP Number Handling
9.1. Numerical Types9.2. Mathematical Operators9.2.1. Arithmetic operators9.2.2. Arithmetic operators and types9.2.3. Incrementing operators9.2.4. Assignment operators9.2.5. Comparison operators9.2.6. Precedence and parentheses9.3. Simple Mathematical Functions9.4. Randomness9.4.1. Seeding the generator9.4.2. Example: Making a random selection9.5. Summary
10. PHP Gotchas
10.1. Installation-Related Problems10.1.1. Symptom: Text of file displayed in browser window10.1.2. Symptom: PHP blocks showing up as text under HTTP or browser prompts you to save file10.1.3. Symptom: Server or host not found/Page cannot be displayed10.2. Rendering Problems10.2.1. Symptom: Totally blank page10.2.2. Symptom: PHP code showing up in Web browser10.3. Failures to Load Page10.3.1. Symptom: Page cannot be found10.3.2. Symptom: Failed opening [file] for inclusion10.4. Parse Errors10.4.1. Symptom: Parse error message10.4.2. The missing semicolon10.4.3. No dollar signs10.4.4. Mode issues10.4.5. Unescaped quotation marks10.4.6. Unterminated strings10.4.7. Other parse error causes10.5. Missing Includes10.5.1. Symptom: Include warning10.6. Unbound Variables10.6.1. Symptom: Variable not showing up in print string10.6.2. Symptom: Numerical variable unexpectedly zero10.6.3. Causes of unbound variables10.6.3.1. Case problems10.6.3.2. Scoping problems10.7. Function Problems10.7.1. Symptom: Call to undefined function my_function()10.7.2. Symptom: Call to undefined function ()10.7.3. Symptom: Call to undefined function array()10.7.4. Symptom: Cannot redeclare my_function()10.7.5. Symptom: Wrong parameter count10.8. Math Problems10.8.1. Symptom: Division-by-zero warning10.8.2. Symptom: Unexpected arithmetic result10.8.3. Symptom: NaN (or NAN)10.9. Timeouts10.10. Summary
II. MySQL Database Integration
11. Introducing Databases and MySQL
11.1. What Is a Database?11.2. Why a Database?11.2.1. Maintainability and scalability11.2.2. Portability11.2.3. Avoiding awkward programming11.2.4. Searching11.3. PHP-Supported Databases11.4. Our Focus: MySQL11.5. Summary
12. Installing MySQL
12.1. Obtaining MySQL12.2. Installing MySQL on Linux12.2.1. Installing MySQL Server on Debian and Ubuntu12.3. Installing MySQL on Microsoft Windows12.3.1. Installing MySQL on Windows12.4. Summary
13. Learning Structured Query Language (SQL)
13.1. Relational Databases and SQL13.2. SQL Standards13.3. The Workhorses of SQL13.3.1. SELECT13.3.1.1. Selecting Certain Records13.3.1.2. Joins13.3.1.3. Subselects13.3.2. INSERT13.3.3. UPDATE13.3.4. DELETE13.4. Database Design13.5. Privileges and Security13.5.1. Setting database permissions13.5.2. Keep database passwords outside the web area13.5.3. Learn to make backups13.6. Summary
14. Learning Database Administration and Design
14.1. Basic MySQL Client Commands14.2. MySQL User Administration14.2.1. Local development14.2.2. Standalone web site14.2.3. Shared-hosting web site14.3. Backups14.4. Replication14.5. Recovery14.5.1. myisamchk14.5.2. mysqlcheck14.6. Summary
15. Integrating PHP and MySQL
15.1. Connecting to MySQL15.2. Making MySQL Queries15.3. Fetching Data Sets15.4. Getting Data about Data15.5. Multiple Connections15.6. Building in Error Checking15.7. Creating MySQL Databases with PHP15.7.1. MySQL data types15.8. MySQL Functions15.9. Summary
16. Performing Database Queries
16.1. HTML Tables and Database Tables16.1.1. One-to-one mapping16.1.2. Example: A single-table displayer16.1.3. The sample tables16.1.4. Improving the displayer16.1.4.1. Displaying column headers16.1.4.2. Error checking16.1.4.3. Cosmetic issues16.1.4.4. Displaying arbitrary queries16.2. Complex Mappings16.2.1. Multiple queries versus complex printing16.2.2. A multiple-query example16.2.3. A complex printing example16.3. Creating the Sample Tables16.4. Summary
17. Integrating Web Forms and Databases
17.1. HTML Forms17.2. Basic Form Submission to a Database17.3. Self-Submission17.4. Editing Data with an HTML Form17.4.1. TEXT and TEXTAREA17.4.2. CHECKBOX17.4.3. RADIO17.4.4. SELECT17.5. Summary
18. Improving Database Efficiency
18.1. Connections — Reduce, Reuse, Recycle18.1.1. A bad example: one connection per statement18.1.2. Multiple results don't need multiple connections18.1.3. Persistent connections18.2. Indexing and Table Design18.2.1. Indexing18.2.1.1. What is an index?18.2.1.2. Indexing tradeoffs18.2.1.3. Primary keys18.2.2. Everything including the kitchen sink18.2.3. Other types of indexes18.2.3.1. UNIQUE18.2.4. Table design18.3. Making the Database Work for You18.3.1. It's probably faster than you are18.3.2. A bad example: looping, not restricting18.3.2.1. Sorting and aggregating18.3.2.2. Where possible, use MIN or MAX rather than sorting18.3.3. Creating date and time fields18.3.4. Finding the last inserted row18.4. Summary
19. MySQL Gotchas
19.1. No Connection19.2. Problems with Privileges19.3. Unescaped Quotes19.4. Broken SQL Statements19.4.1. Misspelled names19.4.2. Comma faults19.4.3. Unquoted string arguments19.4.4. Unbound variables19.5. Too Little Data, Too Much Data19.6. Specific SQL Functions19.6.1. mysql_affected_rows() versus mysql_num_rows()19.6.2. mysql_result()19.6.3. OCI_Fetch()19.7. Debugging and Sanity Checking19.8. Summary
III. More PHP
20. Introducing Object-Oriented PHP
20.1. What Is Object-Oriented Programming?20.1.1. The simple idea20.1.1.1. The procedural approach20.1.1.2. The object-oriented approach20.1.2. Elaboration: objects as data types20.1.3. Elaboration: Inheritance20.1.4. Elaboration: Encapsulation20.1.5. Elaboration: Constructors and destructors20.1.6. Terminology20.2. Basic PHP Constructs for OOP20.2.1. Defining classes20.2.2. Accessing member variables20.2.3. Creating instances20.2.4. Constructor functions20.2.5. Inheritance20.2.6. Overriding functions20.2.7. Chained subclassing20.2.8. Modifying and assigning objects20.2.9. Scoping issues20.3. Advanced OOP Features20.3.1. Public, Private, and Protected Members20.3.1.1. Private members20.3.1.2. Protected members20.3.2. Interfaces20.3.3. Constants20.3.4. Abstract Classes20.3.5. Simulating class functions20.3.6. Calling parent functions20.3.6.1. Calling parent constructors20.3.7. Automatic calls to parent constructors20.3.8. Simulating method overloading20.3.9. Serialization20.3.9.1. Sleeping and waking up20.3.9.2. Serialization gotchas20.4. Introspection Functions20.4.1. Function overview20.4.2. Example: Class genealogy20.4.3. Example: matching variables and DB columns20.4.4. Example: Generalized test methods20.5. Extended Example: HTML Forms20.6. Gotchas and Troubleshooting20.6.1. Symptom: Member variable has no value in member function20.6.2. Symptom: Parse error, expecting T_VARIABLE . . .20.7. OOP Style in PHP20.7.1. Naming conventions20.7.2. Accessor functions20.7.3. Designing for inheritance20.8. Summary
21. Advanced Array Functions
21.1. Transformations of Arrays21.1.1. Retrieving keys and values21.1.2. Flipping, reversing, and shuffling21.1.3. Merging, padding, slicing, and splicing21.2. Stacks and Queues21.3. Translating between Variables and Arrays21.4. Sorting21.5. Printing Functions for Visualizing Arrays21.6. Summary
22. Examining Regular Expressions
22.1. Tokenizing and Parsing Functions22.2. Why Regular Expressions?22.2.1. Regex in PHP22.2.2. An example of POSIX-style regex22.2.3. Regular expression functions22.3. Perl-Compatible Regular Expressions22.4. Example: A simple link-scraper22.4.1. The regular expression22.4.2. Using the expression in a function22.4.2.1. Applying the function22.4.2.2. Extending the code22.5. Advanced String Functions22.5.1. HTML functions22.5.2. Hashing using MD522.5.3. Strings as character collections22.5.4. String similarity functions22.6. Summary
23. Working with the Filesystem
23.1. Understanding PHP File Permissions23.2. File Reading and Writing Functions23.2.1. File open23.2.1.1. HTTP fopen23.2.1.2. FTP fopen23.2.1.2.1. Standard I/O fopen23.2.1.2.2. Filesystem fopen23.2.2. File read23.2.3. Constructing file downloads by using fpassthru()23.2.4. File write23.2.5. File close23.3. Filesystem and Directory Functions23.3.1. feof23.3.2. file_exists23.3.3. filesize23.4. Network Functions23.4.1. Syslog functions23.4.2. DNS functions23.4.3. Socket functions23.5. Date and Time Functions23.5.1. If you don't know either date or time23.5.2. If you've already determined the date/time/timestamp23.6. Calendar Conversion Functions23.7. Summary
24. Working with Cookies and Sessions
24.1. What's a Session?24.1.1. So what's the problem?24.1.2. Why should you care?24.2. Home-grown Alternatives24.2.1. IP address24.2.2. Hidden variables24.2.3. Cookie-based home-grown sessions24.3. How Sessions Work in PHP24.3.1. Making PHP aware of your session24.3.2. Propagating session variables24.3.2.1. The simple approach (using $_SESSION)24.3.3. Where is the data really stored?24.4. Sample Session Code24.5. Session Functions24.6. Configuration Issues24.7. Cookies24.7.1. The setcookie() function24.7.2. Examples24.7.3. Deleting cookies24.7.4. Reading cookies24.7.5. Cookie pitfalls24.7.5.1. Sending something else first24.7.5.2. Reverse-order interpretation24.7.5.3. Cookie refusal24.8. Sending HTTP Headers24.8.1. Example: Redirection24.8.2. Example: HTTP authentication24.8.3. Header gotchas24.9. Gotchas and Troubleshooting24.10. Summary
25. Learning PHP Types
25.1. Type Round-up25.2. Resources25.2.1. What are resources?25.2.2. How to handle resources25.3. Type Testing25.4. Assignment and Coercion25.4.1. Type conversion behavior25.4.2. Explicit conversions25.4.3. Conversion examples25.4.4. Other useful type conversions25.4.5. Integer overflow25.4.6. Finding the largest integer25.5. Summary
26. Learning PHP Advanced Functions
26.1. Variable Numbers of Arguments26.1.1. Default arguments26.1.2. Arrays as multiple-argument substitutes26.1.3. Multiple arguments in PHP4 and above26.2. Call-by-value26.3. Call-by-reference26.4. Variable function names26.5. An extended example26.6. Summary
27. Performing Math with PHP
27.1. Mathematical Constants27.2. Tests on Numbers27.3. Base Conversion27.4. Exponents and Logarithms27.5. Trigonometry27.6. Arbitrary Precision (BC)27.6.1. An arbitrary-precision example27.6.2. Converting code to arbitrary-precision27.7. Summary
28. Securing PHP
28.1. Possible Attacks28.1.1. Site defacement28.1.2. Accessing source code28.1.3. Reading arbitrary files28.1.4. Running arbitrary programs28.1.5. Viruses and other e-critters28.2. FYI: Security Web Sites28.3. Summary
29. Learning PHP Configuration
29.1. Viewing Environment Variables29.2. Understanding PHP Configuration29.2.1. Compile-time options29.2.1.1. --with-apache[=DIR] or --with-apache2=[DIR]29.2.1.2. --with-apxs[=DIR] or --with-apxs2[=DIR]29.2.1.3. --with-[database][=DIR]29.2.1.4. --with-mcrypt[=DIR]29.2.1.5. --with-java[=DIR]29.2.1.6. --with-xmlrpc29.2.1.7. --with-dom[=DIR]29.2.1.8. --enable-bcmath29.2.1.9. --enable-calendar29.2.1.10. --with-config-file-path=DIR29.2.1.11. --enable-url-includes29.2.1.12. --disable-url-fopen-wrapper29.2.2. CGI compile-time options29.2.2.1. --with-exec-dir[=DIR]29.2.2.2. --enable-discard-path29.2.2.3. --enable-force-cgi-redirect29.2.3. Apache configuration files29.2.3.1. Timeout29.2.3.2. DocumentRoot29.2.3.3. AddType29.2.3.4. Action29.2.3.5. LoadModule29.2.3.6. AddModule29.2.4. The php.ini file29.2.4.1. short_open_tag = Off29.2.4.2. disable_functions = [function1, function2, function3 . . . functionn]29.2.4.3. max_execution_time = 3029.2.4.4. error_reporting = E_ALL & ~E_NOTICE29.2.4.5. error_prepend_string = ["<font color=ff0000>"]29.2.4.6. warn_plus_overloading = Off29.2.4.7. variables_order = EGPCS29.2.4.8. gpc_order = GPC29.2.4.9. auto-prepend-file = [path/to/file]29.2.4.10. auto-append-file = [path/to/file]29.2.4.11. include_path = [DIR]29.2.4.12. doc_root = [DIR]29.2.4.13. upload_tmp_dir = [DIR]29.2.4.14. session.save-handler = files29.2.4.15. ignore_user_abort = [On/Off]29.3. Improving PHP Performance29.4. Summary
30. Handing Exceptions with PHP
30.1. Error Handling in PHP30.1.1. Errors and exceptions30.1.2. The Exception class30.1.3. The try/catch block30.1.4. Throwing an exception30.1.5. Defining your own Exception subclasses30.1.6. Limitations of Exceptions in PHP30.2. Other Methods of Error Handling30.2.1. Native PHP errors30.2.2. Defining an error handler30.2.3. Triggering a user error30.3. Logging and Debugging30.4. Summary
31. Debugging PHP Programs
31.1. General Troubleshooting Strategies31.1.1. Change one thing at a time31.1.2. Try to isolate the problem31.1.3. Simplify, then build up31.1.4. Check the obvious31.1.5. Document your solution31.1.6. After fixing, retest31.2. A Menagerie of Bugs31.2.1. Compile-time bugs31.2.2. Runtime bugs31.2.3. Logical bugs31.3. Using Web Server Logs31.3.1. Apache31.3.1.1. The Common Log Format31.3.1.2. HTTP response codes31.3.1.3. Monitoring Apache logs with tail31.3.2. IIS31.4. PHP Error Reporting and Logging31.4.1. Error reporting31.4.2. Error logging31.4.3. Choosing which errors to report or log31.5. Error-Reporting Functions31.5.1. Diagnostic print statements31.5.2. Using var_dump()31.5.3. Using syslog()31.5.4. Logging to a custom location31.5.5. Using error_log()31.6. Summary
32. Learning PHP Style
32.1. The Uses of Style32.2. Readability32.2.1. Comments32.2.2. PHPDoc32.2.3. File and variable names32.2.3.1. Long versus short32.2.3.2. Underscores versus camelcaps32.2.3.3. Reassigning variables32.2.4. Uniformity of style32.3. Maintainability32.3.1. Avoid magic numbers32.3.2. Functions32.3.3. Include files32.3.4. Object wrappers32.3.5. Consider using version control32.4. Robustness32.4.1. Unavailability of service32.4.2. Unexpected variable types32.5. Efficiency and Conciseness32.5.1. Efficiency: only the algorithm matters32.5.2. Efficiency optimization tips32.5.2.1. Don't reinvent the wheel32.5.2.2. Discover the bottleneck32.5.2.3. Focus on database queries32.5.2.4. Focus on the innermost loop32.5.3. Conciseness: the downside32.5.3.1. Conciseness rarely implies efficiency32.5.3.2. Conciseness trades off with readability32.5.4. Conciseness tips32.5.4.1. Use return values and side effects at the same time32.5.4.2. Use incrementing and assignment operators32.5.4.3. Reuse functions32.5.4.4. There's nothing wrong with Boolean32.5.4.5. Use short-circuiting Boolean expressions32.6. HTML Mode or PHP Mode?32.6.1. Minimal PHP32.6.2. Maximal PHP32.6.3. Medium PHP32.6.4. The heredoc style32.7. Separating Code from Design32.7.1. Functions32.7.2. Cascading style sheets in PHP32.7.3. Templates and page consistency32.8. Summary
IV. Other Databases
33. Connecting PHP and PostgreSQL
33.1. Why Choose PostgreSQL?33.2. Why Object-Relational Anyway?33.2.1. But is it a database yet?33.3. Down to Real Work33.4. PHP and PostgreSQL33.5. The Cartoons Database33.6. Summary
34. Using PEAR DB with PHP
34.1. Pear DB Concepts34.1.1. Data Source Names (DSNs)34.1.2. Connection34.1.3. Query34.1.4. Row retrieval34.1.5. Disconnection34.1.6. A complete example34.2. PEAR DB Functions34.2.1. Members of the DB class34.2.2. Members of the DB_Common class34.2.3. Members of the DB_Result class34.3. Summary
35. An Overview of Oracle
35.1. When Do You Need Oracle?35.1.1. Money35.1.2. Other rivalrous resources35.1.3. Huge data sets35.1.4. Lots of big formulaic writes or data munging35.1.5. Triggers35.1.6. Legal liability35.1.7. Bottom line: two-year outlook35.2. Oracle and Web Architecture35.2.1. Specialized team members35.2.2. Shared development databases35.2.3. Limited schema changes35.2.4. Tools (or lack thereof)35.2.5. Replication and failover35.2.6. Data caching35.3. Using OCI8 Functions35.3.1. Escaping strings35.3.2. Parsing and executing35.3.3. Error reporting35.3.4. Memory management35.3.5. Ask for nulls35.3.6. Fetching entire data sets35.3.7. All caps35.3.8. Transactionality35.3.9. Stored procedures and cursors35.4. Project: Point Editor35.5. Project: Batch Editor35.6. Summary
36. An Introduction to SQLite
36.1. An Introduction to SQLite36.2. Using SQLite-related Functions36.2.1. Creating Databases36.2.2. Running Queries36.2.2.1. Creating Tables36.2.2.2. Inserting Data36.2.2.3. Fetching Data36.3. More on SQLite36.4. Summary
V. Connections
37. Sending E-Mail with PHP
37.1. Sending E-Mail with PHP37.1.1. Windows configuration37.1.2. Linux configuration37.1.3. The mail function37.2. Sending Mail from a Form37.3. Summary
38. Integrating PHP and Java
38.1. PHP for Java programmers38.1.1. Similarities38.1.1.1. Syntax38.1.1.2. Operators38.1.1.3. Object model38.1.1.4. Memory management38.1.1.5. Packages and libraries38.1.2. Differences38.1.2.1. Compiled versus scripting38.1.2.2. Variable declaration and loose typing38.1.3. Java Server Pages and PHP38.1.3.1. Embedded HTML38.1.3.2. Choose your scripting language38.2. Integrating PHP and Java38.2.1. The Java SAPI38.2.1.1. Installation and setup38.2.1.2. Further information38.2.2. The Java extension38.2.2.1. Installation and setup38.2.2.2. Testing38.2.3. The Java object38.2.4. Errors and exceptions38.2.5. Potential gotchas38.2.5.1. Installation problems38.2.5.2. It's the classpath, stupid38.2.5.3. Here comes that loose typing again38.2.5.4. Speed38.2.6. The sky's the limit38.3. Summary
39. Integrating PHP and JavaScript
39.1. Outputting JavaScript with PHP39.1.1. Dueling objects39.1.2. PHP doesn't care what it outputs39.1.3. Where to use JavaScript39.2. PHP as a Backup for JavaScript39.3. Static versus Dynamic JavaScript39.3.1. Dynamically generated forms39.3.2. Passing data back to PHP from JavaScript39.4. Summary
40. Integrating PHP and XML
40.1. What Is XML?40.2. Working with XML40.3. Documents and DTDs40.3.1. The structure of a DTD40.3.2. Validating and nonvalidating parsers40.4. SAX versus DOM40.5. DOM40.5.1. Using DOM XML40.5.2. DOM functions40.6. SAX40.6.1. Using SAX40.6.2. SAX options40.6.3. SAX functions40.7. SimpleXML API40.7.1. Using SimpleXML40.7.2. SimpleXML functions40.8. A Sample XML Application40.9. Gotchas and Troubleshooting40.10. Summary
41. Creating and Consuming Web Services with PHP
41.1. The End of Programming as We Know It41.1.1. The ugly truth about data movement41.1.2. Brutal simplicity41.2. REST, XML-RPC, SOAP, .NET41.2.1. REST41.2.2. SOAP41.3. Current Issues with Web Services41.3.1. Large Footprint41.3.2. Potentially heavy load41.3.3. Standards41.3.4. Hide and seek41.3.5. Who pays and how?41.4. Project: A REST Client41.5. Summary
42. Creating Graphics with PHP
42.1. Your Options42.2. HTML Graphics42.3. Creating images using gd42.3.1. What is gd?42.3.2. Image formats and browsers42.3.3. Installation42.3.4. gd Concepts42.3.4.1. Colors42.3.4.1.1. Palette-based images42.3.4.1.2. Truecolor42.3.4.1.3. Transparency42.3.4.2. Drawing coordinates and commands42.3.4.3. Format translation42.3.4.4. Freeing resources42.3.5. Functions42.3.6. Images and HTTP42.3.6.1. Full-page images42.3.6.2. Embedded images from files42.3.6.3. Embedded images from scripts42.3.7. Example: fractal images42.4. Gotchas and Troubleshooting42.4.1. Symptom: completely blank image42.4.2. Symptom: headers already sent42.4.3. Symptom: broken image42.5. Summary
VI. Case Studies
43. Developing a Weblog with PHP
43.1. Why Weblogs?43.2. The Simplest Weblog43.3. Adding an HTML-Editing Tool43.4. Changes and Additions43.5. Summary
44. A Trivia Game
44.1. Concepts Used in This Chapter44.2. The Game44.2.1. Our version44.2.2. Sample screens44.2.3. The rules44.2.4. Playing the game yourself44.3. The Code44.3.1. Code files44.3.1.1. index.php44.3.1.1.1. Exceptions44.3.1.2. game_display_class.php44.3.1.3. game_text_class.php44.3.1.4. game_class.php44.3.1.4.1. Data members44.3.1.4.2. Public functions44.3.1.4.3. Database interaction44.3.1.4.4. Handling an answer44.3.1.4.5. Serialization and sleep()44.3.1.5. game_parameters_class.php44.3.1.6. certainty_utils.php44.3.1.7. question_class.php44.3.1.8. dbvars.php44.3.2. Creating the database44.3.2.1. Table definitions44.3.2.2. entry_form.php44.4. General Design Considerations44.4.1. Separation of code and display44.4.2. Persistence of data44.4.3. Exception handling44.5. Summary
45. Data Visualization with Venn Diagrams
45.1. Scaled Venn diagrams45.1.1. The task45.2. Outline of the code45.3. Necessary Trigonometry45.4. Planning the Display45.4.1. Simplifying assumptions45.4.2. Determining size and scale45.4.2.1. The easy cases45.4.2.2. The hard case45.5. Display45.5.1. Notes on circles45.5.2. Notes on centering text45.6. Visualizing a Database45.6.1. Trying it out45.7. Extensions45.8. Summary
A. PHP for C Programmers
A.1. SimilaritiesA.1.1. SyntaxA.1.2. OperatorsA.1.3. Control structuresA.1.4. Many function namesA.2. DifferencesA.2.1. Those dollar signsA.2.2. TypesA.2.3. Type conversionA.2.4. ArraysA.2.5. No structure typeA.2.6. ObjectsA.2.7. No pointersA.2.8. No prototypesA.2.9. Memory managementA.2.10. Compilation and linkingA.2.11. PermissivenessA.3. Guide to the BookA.4. A Bonus: Just Look at the Code!
B. PHP for Perl Hackers
B.1. SimilaritiesB.1.1. Compiled scripting languagesB.1.2. SyntaxB.1.3. Dollar-sign variablesB.1.4. No declaration of variablesB.1.5. Loose typing of variablesB.1.6. Strings and variable interpolationB.2. DifferencesB.2.1. PHP is HTML-embeddedB.2.2. No @ or % variablesB.2.3. Arrays versus hashesB.2.4. Specifying arguments to functionsB.2.5. Variable scoping in functionsB.2.6. No module system as suchB.2.7. Break and continue rather than next and lastB.2.8. No elsifB.2.9. More kinds of commentsB.2.10. Regular expressionsB.3. Miscellaneous TipsB.3.1. What about use of strict "vars"?B.3.2. Where's CPAN?B.4. Guide to the Book
C. PHP for HTML Coders
C.1. The Good NewsC.1.1. You already know HTMLC.1.2. PHP is an easy first programming language to learnC.1.3. Web development is increasingly prefab anywayC.2. The Bad NewsC.2.1. If programming were that easy, you'd already know howC.2.2. Backend servers can add complexityC.3. Concentrate On . . .C.3.1. Reading other people's codeC.3.2. Working on what interests youC.3.3. Thinking about programmingC.3.4. Learning SQL and other protocolsC.3.5. Making cosmetic changes to prefab PHP applicationsC.3.6. Debugging is programmingC.4. Avoid at First . . .C.4.1. Maximal PHP styleC.4.2. Programming large applications from scratchC.5. Consider This . . .C.5.1. Reading a book on C programmingC.5.2. Minimal PHP styleC.5.3. Use the right tools for the job
D. PHP Resources
D.1. The PHP Web SiteD.2. The PHP Mailing ListsD.2.1. Signing upD.2.2. Users' lists and developers' listsD.2.3. Regular and digestD.2.4. Mailing list etiquetteD.2.4.1. Remember, the community does all this work for free!D.2.4.2. People might be sick of your questionD.2.4.3. Give detailed descriptionsD.2.4.4. PHP is internationalD.2.4.5. There are limitsD.2.4.6. Do it yourselfD.2.4.7. It's probably youD.2.4.8. There are now commercial alternativesD.3. Other PHP Web SitesD.3.1. Core scripting engine and toolsD.3.2. PHP knowledgebaseD.3.3. Articles and tutorialsD.3.4. PHP codebasesD.3.5. Major PHP projects
E. PEAR
E.1. What Is PEAR?E.2. The PEAR Package SystemE.2.1. A sampling of PEAR packagesE.2.2. How the PEAR database worksE.2.3. The Package ManagerE.2.3.1. Installing the PEAR Package Manager on LinuxE.2.3.2. Updating the Package ManagerE.2.4. Using the ManagerE.2.4.1. Automatic package installationE.2.4.2. Automatic package removalE.2.4.3. Semiautomatic package installationE.2.4.4. Using PEAR packages in your scriptsE.3. PHP Foundation Classes (PFC)E.4. PHP Extension Code Library (PECL)E.5. The PEAR Coding StyleE.5.1. Indenting, whitespace, and line lengthE.5.2. Formatting control structuresE.5.2.1. if StatementsE.5.2.2. if/else StatementsE.5.2.3. if/elseif StatementsE.5.2.4. switch StatementsE.5.3. Formatting functions and function callsE.6. Summary

Content preview from PHP6 and MySQL® 6 Bible

Chapter 28. Securing PHP

"Security is not a joking matter," proclaim signs at airports everywhere. The same sign should be posted near your PHP server. Anyone connecting a server to the Internet must take proper security measures or risk loss of data or even money to the keystrokes of malicious crackers.

The mantra of the security-conscious site designer is: Don't trust the network. If you're worried about the security of your site, chant this mantra as you code your pages. Any information transmitted to your server via the network — be it a URL, data from an HTML form, or data on some other network port — should be treated as potentially hazardous. This chapter suggests several techniques for sanitizing incoming information. You should apply these techniques and spend some time trying to discover other potential hazards and ways to prevent them.

The second rule of thumb for a secure site is: Minimize the damage. What if the program you just wrote, which you are sure is secure, is actually vulnerable? Just to be on the safe side, limit the damage an intruder can cause after he or she has taken advantage of the vulnerability.

When visitors come to your site, they trust that it contains valid information, that it is not harmful to them or to their computers, and that any information they provide to it is handled properly. Interacting with a site, whether an e-business, recreational, or informational site, involves certain security risks for a visitor. As ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780470384503Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

PHP6 and MySQL® 6 Bible

by Tim Converse, Steve Suehring, Joyce Park

Chapter 28. Securing PHP

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.