gethostbyaddr(), 458
gethostbyname(), 456–458
getmxrr(), 456
parse_url(), 458
online manual, 80
operators, 32
arithmetic operators, 33–34
array operator, 40
assignment operators, 28–36
associativity, 42–44
bitwise operators, 38
comma operator, 39
comparison operators, 36–37
error suppression operator, 39
execution operator, 39–40
logical operators, 38
new operator, 39
precedence, 42–44
string operators, 34
ternary operator, 39
totaling forms, 41–42
type operator, 40
unary operators, 33
optimizations, 546–547
PHP 5.3
bug fixes in, 7
crypt() functionality in, 7
date/time functions in, 7
date_add() function, 478
date_sub() function, 478
error reporting in, 7
fileinfo extension, 7
hash() functionality in, 7
intl extension, 7
md5() functionality in, 7
MySQLnd drivers, 7
namespaces, 7
new features of, 7
PCRE extension, 7
phar extension, 7
php.ini administration in, 7
Reflection extension, 7
SPL extension, 7
sqlite3 extension, 7
time/date functions in, 7
Zend engine improvements, 7
resources, 907–909
Resource Web site, 908–909
running
as CGI Interpreter, 890
as modules, 890
scripts, 551
errors, 562–567
modification dates, 529
programming errors, 551–558
MySQL passwords, 418
owners, identifying, 529
terminating execution, 526
serialization, 526–527
sessions. See sessions
SOAP libraries (Amazon), 814
statements, 19–20
tags, 18–19
ASP style, 19
require() statement, 136
SCRIPT style, 19
Short style, 19
variables
form variables, accessing, 23–27
identifiers, 28
names in code, 539
scope, 31–32
superglobal, 32
types, 29–30
user declared variables, 28
values, assigning, 28
writing, 434–438
XML style, 19
PHP Extension and Application Repository (PEAR)
installing, 905–906
Web site, 907
PHP, Hypertext Preprocessor Web site, 106
php.ini file
administration in PHP 5.3, 7
auto_append_file, 142–143
auto_prepend_file, 142–143
directives, editing, 529–530
examining, 380
phpautodoc Web site, 545
PHPBookmark application
Ajax elements, adding, 871
creating, 569
database schema, 573–574
front page, 574–577
function libraries, 572
extensions, 606
files, 572
project, 870–883
PHPBuilder.com Web site, 908
PHPCertifcation.pdf files (certification application), 779
PHPCertification.rtf files (certification application), 779
PHPCommunity Web site, 907
phpdoc Web site, 544
PHPDocumentor Web site, 544
PHPIndex.com Web site, 908
phpinfo() command, 31
PHPMyAdmin.Net Web site, 908
PHPWizard.net Web site, 908
php|architect Web site, 907
plain text (encryption), 351
plus symbols (+)
regular expressions, 126
Web forum articles, 748
PNG (Portable Network Graphics), 485
library Web site, 891
pollsetup.sql file, 500
polymorphism, 161
POP (Post Office Protocol), 452
POP3 (Post Office Protocol version 3), 651–652
populate.sql files (Shopping Cart application), 612
Portable Document Format. See PDF
Portable Network Graphics. See PNG
positioning text buttons, 498–499
POSIX regular expressions. See regular expressions
posix_getgrgid() function, 446
posix_getpwuid() function, 446
posix_getpwuid() functions, 444
Post Office Protocol (POP), 452
Post Office Protocol version 3 (POP3), 651–652
post-decrement operator, 35–36
post-increment operator, 35–36
posters (Web forum application), 744
Postnuke Web site, 909
PostScript, 774–775
Downloading fonts, 484
power failures, 359
pre-decrement operator, 35–36
pre-increment operator, 35–36
precedence, operators, 42–44
prepared statements, 280–281
preparing for DoS/DDoS attacks, 387
preprocessing script architecture, 694
Pretty Good Privacy (PGP), 419
pretty() function, 714
prev() function, 102
preventing
inheritance, 172
overriding, 172
previewing online newsletters, 732–733
PRIMARY KEY keyword, 231
primary keys (databases), 209–210
principle of least privilege, 223
print() function, 110
printf() function, 111–112
printing
header bar summaries (Shopping Cart application), 632
strings, 110–113
print() function, 110
printf() function, 111–112
sprintf() function, 111
text images, 487–489
privacy policies
commercial Web sites, 333
SSL (Secure Sockets Layer), 333
private access modifier, 166–167
visibility, controlling, 169–170
private keys
encryption, 353
Gnu Privacy Guard (GPG), 420
privileges
FILE, 295
GRANT, 295
MySQL, 223
global privileges, 224
GRANT command, 223–228
principle of least privilege, 223
REVOKE command, 227–228
PROCESS, 295
types, 225–227
system, 287–288
columns_priv table, 293
db table, 290–291
grant table, 293
host table, 290–291
privileges, updating, 293–294
slaves, 307
tables_priv table, 293
user table, 289–290
updating, 293–294
user database security, 295–296
process.php files (Shopping Cart application), 611
process.php script (Shopping Cart application), 639
Product class, 839
Product.php files (Tahuayo application), 819
progex.php file, 448–449
programming errors, 551, 553–554
logic errors, 558–559
runtime errors, 553–554
database interaction, 555–557
functions that don’t exist, 554–555
input data, checking, 558
network connections, 557–558
reading/writing files, 555
syntax errors, 552–553
programs. See also applications
install (Apache), 902
running command line, 531
project codes, installing (Amazon), 853–854
property files, changing, 446
protocols, 451–452
application layer protocols, 414
File Transfer Protocol (FTP), 459
anonymous login, 462
backing up files, 459–465
ftp_get() function, 466
ftp_mdtm() function, 464
ftp_nlist() function, 467
ftp_size() function, 467
mirroring files, 459–465
set_time_limit() function, 467
timeouts, avoiding, 467
uploading files, 466
FTP (File Transfer Protocol), 64–65
HTTP (Hypertext Transfer Protocol), 414
handshaking, 414–415
opening files, 64–65
Secure Sockets Layer (SSL), 414
IMAP (Internet Message Access Protocol), 452, 651–652
IP (Internet Protocol), 414
NNTP (Network News Transfer Protocol), 452
POP (Post Office Protocol), 452
POP3 (Post Office Protocol version 3), 651–652
RFCs (Requests for Comments), 451–452
SMTP (Simple Mail Transfer Protocol), 452, 652
SOAP (Simple Object Access Protocol), 845–846
stacks, 413–414
TCP (Transmission Control Protocol), 414
Web Services
SOAP (Simple Object Access Protocol), 811–812
WSDL (Web Services Description Language), 812
prototypes
code, 545–546
functions, 144
public access modifier, 166–170
public keys
encryption, 353–354
Gnu Privacy Guard (GPG), 420–422
purchase.php files (Shopping Cart application), 611
purchase.php script (Shopping Cart application), 634, 639
putenv() function, 450
PX-PHP Code Exchange Web site, 908
Q
queries
EXPLAIN statement, 299–303
indexes, 304
INSERT, 276–280
subqueries, 258–259
correlated, 260
operators, 259
row, 260
temporary tables, 260
Web databases, 271
adding data, 276–280
connections, setting up, 273
disconnecting from databases, 276
input data, 271–272
mysql_query() function, 274–275
prepared statements, 280–281
retrieving results, 275–276
selecting databases, 274
quotes, magic quotes, 115
R
r+ file mode, 63
RAID (Redundant Array of Inexpensive Disks), 358
range() function, 83
RDBMS (relational database management systems), 80, 243
readdir($dir) function, 440
readers, PDF, 794–795
readfile() function, 74
reading
from directories, 439–441
feof() function, 73
fgetc() function, 75
fgetcsv() function, 73–74
fgets() function, 73
fgetss() function, 73
file() function, 74
fopen() function, 72
fpassthru() function, 74
fread() function, 75
readfile() function, 74
runtime errors, 555
Warm Mail application, 671, 681
mailbox contents, viewing, 674–676
real-world objects, modeling (Web databases), 211–212
recommend.php files (PHPBookmark application), 572
recommend_urls() function, 603, 605
recommendations
bookmarks, 571
records
deleting, 264
updating, 261
tables, 209
recursive functions, 156–158
red, green, and blue (RGB), 488
Redundant Array of Inexpensive Disks (RAID), 358
redundant data, avoiding (Web databases), 212–213
reference operator, 36
reflection API, 190–191
Reflection extension, 7
REGEXP keyword, 249
register() function, 582
register_form.php files (PHPBookmark application), 572
register_new.php files (PHPBookmark application), 572
registering
session variables, 513
user authentication, 577, 580–583
regression, 377
regular expressions, 123–124
* symbol, 126
+ symbol, 126
branching, 127
caret symbol (^), 126–127
characters
classes, 125
sets, 124–125
curly braces ({}), 126
functions versus string functions, 131
Perl, 123
slash (), 127
Smart Form Mail application, 128–129
special characters, 127–128
splitting strings, 130
string anchoring, 126–127
subexpressions, 126
substrings
finding, 129–130
replacing, 130
Web references, 131
reinterpreting variables, 46
relational database management systems. See RDBMS
relational databases, 208, 210
benefits, 207
keys, 209
foreign keys, 210
primary keys, 210
relationships, 211
many-to-many relationships, 211
one-to-many relationships, 211
one-to-one relationships, 211, 216
schemas, 210
tables, 208
columns, 209
rows, 209
values, 209
relationships (databases), 211
many-to-many relationships, 211
one-to-many relationships, 211
one-to-one relationships, 211, 216
relative paths, 62
RELOAD privilege, 226
remote FTP connections, 463
rename() function, 447
reordering arrays, 96
array_reverse() function, 97–98
shuffle() function, 96
repetitive tasks. See loops
replacing substrings, 122–123
with regular expressions, 130
replication, databases, 306–307
data transfer, 306–308
master servers, 306–307
slaves, 306–308
REPLICATION CLIENT privilege, 226
REPLICATION SLAVE privilege, 226
replying to email, Warm Mail application, 684–685
repository (version control, code), 542
repudiation, 348–349
requests
HTTP, 856–857
MySQL database, 293
server response, 866
Requests for Comments (RFCs), 451–452
require() statement, 135–136
auto_append_file (php.ini file), 142–143
auto_prepend_file (php.ini file), 142–143
filename extensions, 136
PHP tags, 136
Web site templates, 137–142
reset password() function, 592
reset() function, 102
resetting passwords, user authentication, 593
resources, 907
Apache, 909
data types, 29
MySQL and SQL, 909
PHP, 907–909
Web development, 910
responses (HTTP), 866
REST/XML (Amazon), 838–839, 844
restoring databases, 306
restricting access
to .php files, 374–375
to sensitive data, 364
result identifiers, retrieving query results (Web databases), 275–276
results.php script, 269
retrieve_message() function, 678
returning
assignment operator, 34–35
from functions, 154–155
keywords, 154–155
policies, 333
rows, 258
statements, 154
benefits, 133–134
consistency, 134
cost, 134
reliability, 134
include() statement, 134, 142–143
require() statement, 135–136, 142–143
auto_prepend_file (php.ini file), 142–143
filename extensions, 136
PHP tags, 136
Web site templates, 137–142
reverse sort order
arrays, 93
multidimensional arrays, 95
reverse spam, 346
REVOKE command, 227–228
rewind() function, 76
rewinddir($dir) function, 441
rewriting code, 537–538
RFCs (Requests for Comments), 451–452
RGB (red, green, and blue), 488
Rich Text Format (RTF), 771, 774
risks for commercial Web sites, 336
competition, 338
crackers, 337
failure to attract business, 337–338
hardware failure, 337
legislation and taxes, 339
service provider failures, 338
software errors, 338
system capacity limits, 339
rmdir() function, 443
rolled back transactions, 314
root elements (XML), 811
root nodes (Web forum tree structure), 743
rows
returning, 258
subqueries, 260
unmatched, 252–253
values, 209
RSA, 353
rsort() function, 93
RTF (Rich Text Format), 771, 774
generating certificates, 784–787
templates, creating, 776
rtrim() function, 110
running
Apache, 897
command line programs, 531
PHP
as CGI Interpreter, 890
as modules, 890
runtime errors, 553–554
database interaction, 555–557
functions that don’t exist, 554–555
input data, checking, 558
network connections, 557–558
reading/writing files, 555
S
S-HTTP (Secure Hypertext Transfer Protocol), 412
safeString() function, 825
scalar variables, 81,
converting arrays to, 105–106
schemas
Book-O-Rama application, 219, 230
database (PHPBookmark application), 573–577
scope
fields, 290
function scope, 151
global scope, 151
variable scope, 31–32, 150–153
score.php files (certification project), 779–784
screening user input, 417
SCRIPT style (PHP tags), 19
scripts
admin.php script (Shopping Cart application), 641, 643
architecture
footers, 694
headers, 694
online newsletters, 694–701
performing actions, 694
preprocessing, 694
authmain.php (authentication), 517–522
breaking out of, 56
buttons, calling, 493
catalog scripts (Shopping Cart application), 615–617
index.php, 615–620
show_book.php, 616, 622–623, 646
checkout.php script (Shopping Cart application), 633–638
edit_book_form.php (Shopping Cart application), 646
executing, 531
Hello World, 792–796
images, drawing, 486
insert_book.php, 278–279, 644–645
prepared statements, 280
insert_book_form.php script (Shopping Cart application), 644
logout.php (authentication), 523–524
make_button.php, 492
members_only.php (authentication), 522–523
modification dates, 529
mysqlhotcopy, database backup, 306
owners, identifying, 529
PHP, MySQL passwords, 418
process.php script (Shopping Cart application), 639
purchase.php script (Shopping Cart application), 634, 639
querying Web databases, 271
adding data, 276–280
connections, setting up, 273
disconnecting from databases, 276
input data, 271–272
mysql_query() function, 274–275
prepared statements, 280–281
retrieving results, 275–276
selecting databases, 274
results.php, 269
servertime.php, 863–864
show_book.php (Shopping Cart application), 646
show_cart.php script (Shopping Cart application), 623–627
adding items to cart, 630–631
header bar summary, printing, 632
updated carts, saving, 631–632
viewing contents of cart, 627–630
terminating execution, 526
Warm Mail application (email client), 657, 662–663
Web database architecture, 217
SearchDatabase.com Web site, 909
searching substrings, 120–121
find and replace, 122–123
numerical position, 121
regular expressions, 129–130
strchr() function, 121
stristr() function, 121
strpos() function, 121
strrchr() function, 121
strrpos() function, 122
strstr() function, 121
Secure Hypertext Transfer Protocol (S-HTTP), 412
Secure Socket Layer. See SSL
secure storage, 417–419
secure transactions, 409–410
Internet, 411–412
screening user input, 417
Secure Sockets Layer (SSL), 413–415
compression, 416
handshaking, 414–415
protocol stacks, 413–414
sending data, 415–416
secure storage, 417–419
systems, 412–413
user machines, 410–411
Web browsers, 410–411
Secure Web servers, 355–357
security, 362
access control, implementing, 392–395
basic authentication. See basic authentication
custom, creating, 408
digest authentication, 400
encrypting passwords, 397–399
identifying users, 391–392
mod_auth_mysql module, 406–408
multiple pages, protecting, 399
passwords, 350–351
storing passwords, 395
Web sites, 408
bottom-up approach, 363
bugs, testing for, 376–377
Certifying Authorities (CAs), 355
code organization, 374
commercial Web sites, 342
auditing, 357
authentication, 350–351
backing up data, 358
Certificate Signing Request (CSR), 356–357
compromises, 349
crackers, 337
digital certificates, 355
digital signatures, 354–355
encryption, 351–354
firewalls, 357–358
hash function, 354
importance of stored information, 342
log files, 357
passwords, 350–351
physical security, 359
Secure Web servers, 356–357
security policies, creating, 349–350
threats, 342–349
authentication, 383–384
connecting to servers, 384–385
operating system, 294
passwords, 295
servers, 385
user privileges, 295–296
Web issues, 296
denial of service, 364
disaster recovery, 364, 388–389
DMZ, 386–387
DoS attacks, preparing for, 387
effect on usability, 362
Data Encryption Standard (DES), 353
GPG (Gnu Privacy Guard), 419–427
PGP (Pretty Good Privacy), 419
files
system considerations, 375–376
firewalls, 386
hosting services, 382–383
malicious code injection, 365
monitoring, 363
output, escaping, 371
passwords, 362
.php files, restricting access to, 374–375
physical security, 388
restricting access to sensitive data, 364
Secure Socket Layer (SSL), 344
SQL injection attacks, 371
TCP/IP networks, 343
top-down approach, 363
transactions, 409–410
Internet, 411–412
screening user input, 417
Secure Sockets Layer (SSL), 413–416
secure storage, 417–419
systems, 412–413
user machines, 410–411
Web browsers, 410–411
user input, filtering, 367–371
SELECT clauses, 257
SELECT privileges, 225
SELECT statements, 246
LIMIT clause, 258
ORDER BY clause, 255
selecting
databases in MySQL, 229
Web databases, 274
selectors (CSS), 858
semicolon (;), MySQL, 220, 274
send() function, 734
send_message() function, 683–684
sending
email, 452
messages, online newsletters, 733, 737–739
forwarding/replying, 684–685
new messages, 682–684
sensitive data, storing, 417–419
serialization, 526–527
session variables, 514
serialize() function, 526–527, 848
server-side programming, 860
servers
Apache. See Apache, Web server
authentication, 351
communication with Ajax, 863–864
database servers, Web database architecture, 217
master, database replication, 306–307
response to HTTP requests, 866
secure storage, 417–419
Secure Web servers, 355–357
Web servers, Web database architecture, 216
servertime.php script, 863–864
services
providing, 334–335
taking orders for, 331–334
session_get_cookie_params() function, 511
session_register() function, 513
session_start() function, 512, 514–515
session_unregister() function, 513
authentication, 517–524
configuring, 516–517
cookies, 510–511
creating (Amazon), 823
destroying, 513
example session, 514–516
IDs, 509–512
Shopping Cart application, 608, 623
starting, 512
variables, 510
deregistering, 513
implementing, 513
registering, 513
serializing, 514
set cardinality (arrays), 104
SET type, 241
set_error_handler() function, 565
set_time_limit() function, 467
setcookie() function, 510–511
setting up
Book-O-Rama, 243
databases of lists, 688
settype() function, 44
SGML (Standard Generalized Markup Language), 808
shal1() function, 398
shell command executor, 377–378
shell script-style comments, 20
Shopping Cart application, 607, 617, 624, 643, 650
administration
interfaces, 609
views, 609–610
administration interface, 643–647, 650
administration menu (admin.php), 641, 643
edit_book_form.php script, 646
insert_book.php script, 644–645
insert_book_form.php script, 644
show_book.php script, 646
book_sc database, 612–615
catalog scripts, 615–617
index.php, 615–620
show_book.php, 616, 622–623, 646
code modules, 610
database, 615
extensions, 650
files, 611–612
online catalogs, building, 608
payments
modules, 639–641
systems, 608–609
shopping cart module
adding items, 630–631
checkout.php script, 633–638
header bar summary, printing, 632
show_cart.php script, 623–627
updates, saving, 631–632
viewing contents of, 627–630
solution overview, 609–612
tracking user’s purchases, 608
user view, 609–610
shopping carts, 607
building (Amazon), 813, 849–852
Short style (PHP tags), 19
short style form variable, 23–24
SHOW COLUMNS statement, 297
SHOW command, 233–234
SHOW DATABASES privilege, 226
SHOW statement, 296–297
SHOW TABLES statement, 297
show_book.php files (Shopping Cart application), 611
show_book.php script (Shopping Cart application), 616, 622–623, 646
show_cart.php files (Shopping Cart application), 611
show_cart.php script (Shopping Cart application), 623, 625, 627
adding items to cart, 630–631
header bar summary, printing, 632
updated carts, saving, 631–632
viewing contents of cart, 627–630
show_cat.php files (Shopping Cart application), 611
show_cat.php script (Shopping Cart application), 615, 620–622
show_source() function, 530–531
showBrowseNode() function, 826–827
showCart() function, 852
showCategories() function, 826
showpoll.php file, 502–504, 506
ShowSmallCart() function, 825
showSummary() function, 828, 844
shuffle() function, 96
SHUTDOWN privilege, 226
signature.png files (certification application), 779
Simple Mail Transfer Protocol (SMTP), 452, 652
Simple Object Access Protocol. See SOAP
simplegraph.php file, 486
sin() function, 804
single-line comments, 21
sites. Seecommercial Web sites; Web sites
sizeof() function, 104
slash (), 311
regular expressions, 127
slaves
database replication, 306–308
replication, 307
Smart Form Mail application
creating, 107–109
regular expressions, 128–129
SMTP (Simple Mail Transfer Protocol), 452, 652
SOAP (Simple Object Access Protocol), 808–812
envelopes, 812
example, 811
instances, 845
libraries, 812
PHP SOAP libraries (Amazon), 814
software
engineering, 536
developer assumptions, 347
poor specifications, 347
poor testing, 348
personalized documents, 776
PDF, 776–777
RTF, 776
updating, 378–379
solutions, user personalization, 570–572
sort() function, 92
sorting arrays, 92
asort() function, 93
ksort() function, 93
multidimensional, 93
reverse sorts, 95
user-defined sorts, 93–95
reverse order, 93
sort() function, 92
source installations, 891–896
SourceForge Web site, 545, 909
spam, 346
literal special characters (regular expressions), 127
regular expressions, 127–128
special privileges, 227
specifications, CGI Web site, 450
speed of queries, 304
SPL extension, 7
split() function, 130
splitting strings
explode() function, 116–117
regular expressions, 130
strtok() function, 117
substr() function, 118–119
sprintf() function, 111
SQL (Structured Query Language), 243
ANSI standard Web site, 265
Book-O-Rama database
setting up, 243
tables, code to populate, 245
Course Web site, 909
CREATE TABLE command, 229–231
databases, 246–256
defined, 243–244
dropping, 264
joins, 254–255
subqueries, 258–260
two-table joins, 250–251
DDL (Data Definition Languages), 244
DML (Data Manipulation Language), 244
MySQL
aggregate functions, 256
join types, 254–255
RDBMS (relational database management systems), 243
resources, 909
strings, security, 371
sqlite3 extension, 7
SSL (Secure Sockets Layer), 344, 412–415, 889
commercial Web sites, 333
compression, 416
handshaking, 414–415
protocol stacks, 413–414
sending data, 415–416
testing, 899
stability, planning for, 376–377
Standard Generalized Markup Language. See SGML
starting sessions, 512
startup parameters, 900
stat() function, 446
statements
ALTER TABLE, 261–263
break statement, 56
continue statement, 56
DELETE, 264
DESCRIBE, 299
describe user;, 289
DROP DATABASE, 264
DROP TABLE, 264
echo statements, 26–27
else statements, 47
elseif statements, 48–49
exit statement, 56
EXPLAIN, 299–303
column values, 303
join types, 301–302
if statements, 46–47
include() statement, 134
auto_append_file (php.ini file), 142–143
auto_prepend_file (php.ini file), 142–143
INSERT, 244
LOAD_DATA_INFILE, 311
MySQL case-sensitivity, 221
PHP statements, 19–20
prepared, 280–281
require() statement, 135–136
auto_append_file (php.ini file), 142–143
auto_prepend_file (php.ini file), 142–143
filename extensions, 136
PHP tags, 136
Web site templates, 137–140, 142
return statement, 154
SELECT, 246
LIMIT clause, 258
ORDER BY clause, 255
SHOW, 296–297
SHOW COLUMNS, 297
SHOW TABLES, 297
switch statements, 49–51
UPDATE, 261
static bindings, 185
static methods, implementing, 184
STD (column) function, 256
STDDEV (column) function, 256
storage engines, 312–313
InnoDB tables
foreign keys, 315–316
transactions, 314–315
MEMORY tables, 312
MERGE tables, 312
MyISAM, 312
store_account() function, 704
store_account_settings() function, 668–669
store_list() function, 723
store_new_post() function, 767
store_new_post.php files (Web forum application), 744
stored functions, declaring, 318–319
stored procedures, 316
control structures, 319–323
cursors, 319–323
declaring, 316–317
local variables, 319
stored functions, declaring, 318–319
storing
bookmarks, 571
redundant data (Web databases), 212–213
secure storage, 417–419
session IDs, cookies, 511–512
strings, 114–116
addslashes() function, 114
stripslashes() function, 116
str_replace() function, 122, 787
strategies, commercial Web sites, 339
strcasecmp() function, 119
strchr() function, 121
strcmp() function, 119
strings
anchoring, 126–127
case functions, 113–114
column types, 239–241
comparing, 119
length of strings, testing, 120
strcasecmp() function, 119
strcmp() function, 119
strnatcmp() function, 119
concatenation operator, 26–27
data type (variables), 29
evaluating, 525–526
formatting, 110
case, changing, 113–114
conversion specifications, 112–113
HTML formatting, 110–111
ltrim() function, 110
nl2br() function, 110–111
printing, 110–113
rtrim() function, 110
storage, 114–116
trim() function, 110
trimming whitespace, 110
functions versus regular expression functions, 131
joining
implode() function, 117
join() function, 117
length, testing, 120
operators, 34
ordering
strcasecmp() function, 119
strcmp() function, 119
strnatcmp() function, 119
printing, 110–113
print() function, 110
printf() function, 111–112
sprintf() function, 111
securing, 371
specifying, 27
splitting
explode() function, 116–117
regular expressions, 130
strtok() function, 117
substr() function, 118–119
substrings
accessing, substr() function, 118–119
numerical position of, finding, 121
tokens, 117
strip_tags() function, 417
stripslashes() function, 116, 272, 296
stristr() function, 121
strlen() function, 120
strnatcmp() function, 119
Stronghold Web site, 356
strpos() function, 121
strrchr() function, 121
strrpos() function, 122
strtok() function, 117
strtolower() function, 113
strtoupper() function, 113
Structured Query Language. See SQL
structures, directory, 542
style sheets, CSS, 859
subexpressions, 126
subqueries, 258–259
correlated, 260
operators, 259
row, 260
temporary tables, 260
subscribe() function, 717
subscribers
databases, 688
online newsletters, 717–718
substr() function, 118–119
substr_replace() function, 123
substrings
accessing, 118–119
finding, 120–121
numerical position, 121
regular expressions, 129–130
strchr() function, 121
stristr() function, 121
strpos() function, 121
strrchr() function, 121
strrpos() function, 122
strstr() function, 121
subtraction operator, 33
SUM(column) function, 256
Summary Web site, 330
SUPER privilege, 226
superglobal arrays, 24
superglobal variables, 32
switch statements, 49–51
switches
-h switch (mysql command), 221
-p switch (mysql command), 221
-u switch (mysql command), 221
syntactic sugar, 537
syntax, 552
ALTER TABLE statement, 262–263
control structures, 56
DESCRIBE statement, 299
errors, 552–553
extended, 257
heredoc, 27
highlighting, 530–531
system() function, 448
systems
capacity limits (commercial Web sites), 339
operating, 294
secure transactions, 412–413
user personalization, 570
T
t file mode, 63
t1lib, downloading, 484
tab control sequence ( ), 68
aliases, 253–254
altering, 261–263
Book-O-Rama database, 245
Cartesian product, 250
columns, 209
atomic column values, 214–215
DESCRIBE statement, 299
types, 232–233
columns_priv, 288–293
creating in MySQL, 229–231
indexes, creating, 234–235
keywords, 231
table types, 229
viewing tables, 233–234
databases
backup, 305
optimization, 304
db, 288–291
dropping, 264
equi-joins, 251
host, 288–291
InnoDB
foreign keys, 315–316
transactions, 314–315
joins, 250–255
keys, 209
creating, Web databases, 215
primary keys, 210
left joins, 252–253
MEMORY, 312
MERGE, 312
MyISAM, 312
rows, 209
returning, 258
unmatched, 252–253
values, 209
schemas, 210
scope fields, 290
tables_priv, 288–293
temporary, 260
two-table joins, 250–251
user, 288–290
tables_priv table, 288–293
tags
closing/opening (XML), 810
PHP tags, 18–19
ASP style, 19
require() statement, 136
SCRIPT style, 19
Short style, 19
XML style, 19
Tahuayo application (Amazon), 815–820
TCP (Transmission Control Protocol), 414
TCP/IP (Transmission Control Protocol/Internet Protocol), 386
security, 343
templates
PDF, creating, 776–777
RTF, creating, 776
Web sites, 137–142
temporary tables, subqueries, 260
terminating execution (scripts), 526
ternary operator, 39
testing
code, 548
GPG (Gnu Privacy Guard), 422–427
mod_auth_mysql module, 407
PHP
installations, 904–905
support, 897
regression, 377
SSL, 899
string length, 120
variable status, 45
text, 59–61
anti-aliasing, 489
baseline, 497
buttons, colors/fonts, 492
checking, 76
ciphertext (encryption), 351
closing, 69
deleting, 76
fitting onto buttons, 495–498
formats, 68–69
images
creating, 491–499
drawing or printing on, 487–489
limitations, 79
locking, 78–79
navigating, 76–77
opening, 61
file modes, 61–62
fopen() function, 62–64
FTP (File Transfer Protocol), 64–65
HTTP (Hypertext Transfer Protocol), 64–65
potential problems, 65–66
plain text (encryption), 351
positioning, 498–499
feof() function, 73
fgetc() function, 75
fgetcsv() function, 73–74
fgets() function, 73
fgetss() function, 73
file() function, 74
fopen() function, 72
fpassthru() function, 74
fread() function, 75
readfile() function, 74
file formats, 68–69
fputs() function, 67
fwrite() function, 67–68
TEXT type, 239–241
threaded discussion group application, 741–742, 763–764
displaying articles, 752–753
expanding threads, 748–751
individual articles, viewing, 760–762
new articles, adding, 762–769
plus symbols, 748
treenode class, 753–760
extensions, 769
files, 744
posters, 744
solutions, 742–744
tree structure, 742–743
tree_node class, 743
threads, 741
expanding, 748–753
threats to security
commercial Web sites, 342
DDoS (Distributed Denial of Service), 346
DoS (Denial of Service), 346–347
exposure of confidential data, 343–344
loss of data, 344–345
modification of data, 345–346
repudiation, 348–349
software errors, 347–348
crackers, 366
disgruntled employees, 366
hardware thieves, 366
infected machines, 366
three-dimensional arrays, 90–92
throw clause, 196
throwing exceptions, 193
tiers (applications), 218
TIFF library Web site, 778, 891
time and date
converting between PHP and MySQL formats, 476–477
in MySQL
date calculations, 478–480
DATE_FORMAT() function, 476–477
MySQL Web site, 481
UNIX_TIMESTAMP() function, 476–477
calendar functions, 480–481
checkdate() function, 474
date calculations, 477–478
date() function, 469–472
floor() function, 478
getdate() function, 473
microseconds, 480
mktime() function, 471–472
PHP Web site, 481
timeouts, avoiding, 467
timestamps, Unix, 471–472
tokens (strings), 117
top-down approach to security, 363
totaling forms with operators, 41–42
touch() function, 447
traceroute command (UNIX), 344
tracking user’s purchases (Shopping Cart application), 608
Transmission Control Protocol. See TCP
Transmission Control Protocol/Internet Protocol. See TCP/IP
transactions, 313
ACID compliance, 313
autocommit mode, 314
committed, 314
defined, 313
InnoDB tables, 314–315
rolled back, 314
secure transactions, 409–410
Internet, 411–412
screening user input, 417
Secure Sockets Layer (SSL), 413–416
secure storage, 417–419
systems, 412–413
user machines, 410–411
Web browsers, 410–411
transfer modes, FTP, 466
transferring data, database replication, 306–308
tree structure (Web forum application), 742–743
tree_node class, 743
treenode class (Web forum application), 753, 757–760
treenode_class.php files (Web forum application), 744
triggering errors, 564
Tripwire Web site, 346
troubleshooting
file uploads, 438–439
opening files, 65–66
TrueType fonts, 492
try blocks (exception handling), 193
tuples (tables), 209
tutorials
exception handling, 203
graphs, 508
two-dimensional arrays, 88–90
two-table joins, 250–251
type
conversion specification type codes, 112–113
hinting, 184
operator, 40
U
-u switch (mysql command), 221
uasort() function, 95
ucfirst() function, 113
ucwords() function, 114
uksort() function, 95
umask() function, 443
unary operators, 33
undefined functions, calling, 145–146
uninterruptible power supply (UPS), 359
union operator, 87
Unix
binary installations, 890–893
date() function, 471–472
Epoch (GMT), 471
httpd.conf file, 896–897
libpdf_php file, copying, 899
PHP, testing, 897
source installations, 891, 893–896
SSL, testing, 899
traceroute command, 344
UNIX_TIMESTAMP() function, 476–477
unmatched rows, 252–253
unnecessary OS applications, disabling, 388
unserialize() function, 527, 848
unset() function, 45
UNSIGNED keyword, 231
unsubscribe() function, 717
unsubscribing online newsletters, 717–718
update anomalies (Web databases)
UPDATE privilege, 225
UPDATE statement, 261
updating
avoiding, 213
FTP servers, 464–465
operating systems, 387–388
privileges, 293–294
records, 261
Shopping Cart application, 631–632
software, 378–379
upload.php files (MLM application), 691
uploading
files, 431–432
displaying, 437
HTML, 433
HTML forms, 431
PHP, writing, 434–438
troubleshooting, 438–439
FTP (File Transfer Protocol), 466
online newsletters, 724–731
UPS (uninterruptible power supply), 359
url_fns.php files (PHPBookmark application), 572
urlencode() function, 399, 455
USAGE privilege, 227
user authentication
input data, validating, 580
logging in, 584–587
logging out, 587–588
passwords
resetting, 591–595
setting, 588–591
user declared variables, 28
user input, screening, 417
user interfaces, commercial Web sites, 333–334
user personalization
bookmarks
adding, 596–599
deleting, 600–602
displaying, 599
recommending, 571
storing, 571
defined, 569
passwords, 570
recommendations, 602–605
solutions, 570–572
system requirements, 570
usernames, 570
user privileges, database security, 295–296
user tables, 288–290
user views (Shopping Cart application), 609–610
user-defined exceptions, 196–197, 199
user-defined sorts, multidimensional arrays, 93–95
user_auth_fns.php files
MLM application, 691
PHPBookmark application, 572
Shopping Cart application, 612
Warm Mail application, 655
user_auth_fns.php library
check_auth_user() function, 665
usernames, 570
users
administrative user privileges, 226–227
access control, implementing, 392–395
basic authentication, 399
digest authentication, 400
encrypting passwords, 397–399
identifying users, 391–392
mod_auth_mysql module, 406–408
multiple pages, protecting, 399
storing passwords, 395
Web sites, 408
MySQL, setting up, 223
privileges, 223
global privileges, 224
GRANT command, 223–228
principle of least privilege, 223
REVOKE command, 227–228
types, 225–227
secure transactions, 410–411
setting up in MySQL, 223–229
Using mkdir() function, 443
usort() function, 94
utilities, myisamchk, 303
utilityfunctions.php file, 820, 825
V
valid email() function, 581
validating user authentication input data, 580
values
array elements, 82
assigning to variables, 28
atomic column values (databases), 214–215
columns, EXPLAIN statement, 303
default, database optimization, 305
null values, avoiding (Web databases), 216
returning, 94
assignment operator, 34–35
functions, max() function, 155–156
tables, 209
variables, 27, 30, 150–153, 539
arrays, 81–82
applying functions to elements, 103–104
associative arrays, 85
converting to scalar variables, 105–106
counting elements, 104
elements, 82
functions, passing by reference, 104
indexes, 82
loading from files, 98–101
multidimensional arrays, 88–95
navigating within an array, 102
numerically indexed arrays, accessing contents, 83–84
operators, 87–88
reordering, 96–98
set cardinality, 104
sorting, 92–93
browseNode, 824
debugging, 559–561
environment functions, 450
form variables, 23–27
reinterpreting, 46
status, testing, 45
types, setting/testing, 44–45
global variables, 151
identifiers, 28
local stored procedures, 319
local variables, 151
mode, 824
page, 824
scope, 31–32
sessions, 510
deregistering, 513
implementing, 513
registering, 513
serializing, 514
Shopping Cart application, 623
superglobal, 32
types, 29
casts, 30
data types, 29
strength, 29–30
variable variables, 30
user declared variables, 28
values, assigning, 28
verifications
connections, 293
requests, 293
VeriSign, 355
Web site, 348
version control (code), 542–543
CVS (Concurrent Versions System), 543
multiple programmers, 543
repository, 542–543
view_post.php files (Web forum application), 744
viewing
databases in MySQL, 233–234
individual articles (Web forum application), 760–762
lists (online newsletters), 708–717
message headers (Warm Mail application), 680–681
tables in MySQL, 233–234
views, File Details, 445
visibility, controlling, 169–170
vote.html file, 500
W
w file mode, 63
w+ file mode, 63
W3C Web site, 808
Warm Mail application (email client)
accounts
creating, 668–669
deleting, 670
modifying, 670
selecting, 671–673
setting up, 666–668
databases, setting up, 655–656
email, deleting, 681–682
extensions, 686
files, 654–655
IMAP function library, 652–653
interface, 654
logging in, 663–666
logging out, 666
mailbox contents, viewing, 674–676
messages, 677–681
script architecture, 657, 662–663
sending mail
forwarding/replying, 684–685
new messages, 682–684
solutions
components, 652–653
overview, 654–655
WBMP (Wireless Bitmap), 485
Web application projects
content, 546
database security, 296
development environment, 544
documentation, 544–545
logic, 546
planning, 536–537
prototypes, 545–546
rewriting code, 537–538
running, 536–537
software engineering, 536
testing code, 548
version control, 542–543
writing maintainable code, 538
breaking up, 541–542
code standards, 538
commenting, 540
directory structures, 542
function libraries, 542
indenting, 540–541
naming conventions, 538–540
Web browsers
authentication, 351
secure transactions, 410–411
Web database architecture, 216
Web databases
architecture, 216–218, 268–271
designing, 211
anomalies, avoiding, 213
atomic column values, 214–215
keys, creating, 215
null values, avoiding, 216
questions, formulating, 215
real-world objects, modeling, 211–212
redundant data, avoiding, 212–213
table types, 216
update anomalies, avoiding, 213
querying, 271
adding data, 276–280
connections, setting up, 273
disconnecting from databases, 276
input data, 271–272
mysql_query() function, 274–275
prepared statements, 280–281
retrieving results, 275–276
selecting databases, 274
selecting in MySQL, 229
tables
column types, 232–241
creating, 229–231
indexes, creating, 234–235
keywords, 231
types, 229
viewing, 233–234
transaction process, 217
users, setting up, 228–229
viewing in MySQL, 233–234
Web development, 910
Web forum application, 741–742, 763–764
article list, 747–749
collapsing threads, 748–752
displaying articles, 752–753
expanding threads, 748–751
individual articles, viewing, 760–762
new articles, adding, 762–769
plus symbols, 748
treenode class, 753–760
database design, 744–747
extensions, 769
files, 744
posters, 744
solution components, 742–743
solution overview, 743–744
tree structure, 742–743
tree_node class, 743
Web forums
Phorum, 770
threads, 741
authentication, 399
Web resources for DOM, 884
Web servers
Apache. SeeApache, Web server
authentication, 351
commands, 447–450
file upload, 434–438
Microsoft IIS, configuring, 381
secure storage, 417–419
Secure Web servers, 355–357
Web database architecture, 216
Web Services. See also SOAP
adding to Web pages, 452–454
defined, 811
interfaces (Amazon), 813–814
protocols
SOAP (Simple Object Access Protocol), 811–812
WSDL (Web Services Description Language), 812
Web Services Description Language (WSDL), 812
Web sites
Adobe, FDF, 789
Adobe Acrobat, 776
Ajax development, 885
AMANDA (Advanced Maryland Automated Network Disk Archiver), 358
Analog, 330
ANSI, 265
Apache, 891
Apache Software, 909
Apache Today, 909
Apache Week, 909
authentication documentation, 408
Boutell, 508
BUGTRAQ archives, 437
CGI specification, 450
Codewalkers, 909
CVS (Concurrent Versions System), 543, 549
EPA, 359
Equifax Secure, 355
Evil Walrus, 909
Extreme Programming, 549
FastTemplate, 546
FDF, 789
Fedex, 335
FishCartSQL, 650
FPDF function library, 778
gd documentation, 508
Ghostscript, 775
GNU Privacy Guard, 419
Google, 811
HotScripts.com, 908
IMAP c client, 891
JPEG (Joint Photographic Experts Group), 485
Microsoft Word, 773
date and time functions, 481
online manual, 241
Natural Order String Comparison, 119
Netscape
cookie specification, 511
SSL 3.0 Specification, 427
New York Times, 392
OpenSSL, 891
PDF, 775
PEAR (PHP Extension and Application Repository), 907
PECL, 907
Philip and Alex’s Guide to Web Publishing, 910
Application Tools, 909
Base Library, 908
calendar functions, 481
Center, 908
Classes Repository, 908
Club, 908
Developer, 909
Developer’s Network Unified Forums, 909
Homepage, 908
Hypertext Preprocessor, 106
Kitchen, 909
Magazine, 907
online manual, 80
Resource, 908–909
phpautodoc, 545
PHPBuilder.com, 908
PHPCommunity, 907
phpdoc, 544
PHPDocumentor, 544
PHPIndex.com, 908
PHPMyAdmin.Net, 908
PHPWizard.net, 908
php|architect, 907
PNG (Portable Network Graphics), 485
PNG library, 891
Postnuke, 909
PX-PHP Code Exchange, 908
SearchDatabase.com, 909
SQL Course, 909
Stronghold, 356
Summary, 330
templates, 137–142
Tripwire, 346
UPS, 335
W3C, 808
Webalizer, 330
WeberDev.com, 908
WebMonkey.com, 908
Zend.Com, 907
zlib library, 891
Webalizer Web site, 330
WeberDev.com Web site, 908
WebMonkey.com Web site, 908
WHERE clause, 248
comparison operators, 248–249
join condition, 250
while loops, 53–54
wildcard character (%), 293
Windows
Apache, 902
MySQL, 900–901
PHP, 903–904
Apache configurations, 904
testing, 904–905
Wireless Bitmap (WBMP), 485
word processor formats, 773
code for classes, 175–183
file formats, 68–69
fputs() function, 67
fwrite() function, 67–68
maintainable code, 538
breaking up, 541–542
code standards, 538
commenting, 540
directory structures, 542
function libraries, 542
indenting, 540–541
naming conventions, 538–540
PHP file uploads, 434–438
runtime errors, 555
Text buttons, 499
WSDL (Web Services Description Language), 812
X-Y
x file mode, 63
x+ file mode, 63
XHTML (Extensible Hypertext Markup Language), 858
XML (Extensible Markup Language), 807, 860
Amazon connections, 807–808
defined, 808–810
DTD (Document Type Definition), 810
example, 808
namespaces, 811
parsing (Amazon), 814
REST/XML (Amazon), 838–839, 844
root elements, 811
SGML (Standard Generalized Markup Language), 808
styles, 19
tags (closing and opening), 810
XMLHTTPRequest object, 860, 862
XSLT (XSL Transformations), 860
XSS (Cross Site Scripting) attacks, 365
Z
Zend engines
Optimizers, 547
PHP 5.3, improvements for, 7
zlib library Web site, 891