Index
Symbols
[] (array element operator), 35
-- (decrement operator), 30–31
$_POST array, 20
$.get() method, 510
$.getJSON() method, 510
$.getscript() method, 510
$.post() method, 510
$this pointer, 164
(backslash), escape sequences, 125–126
^ (caret symbol), 121
, (comma operator), 33
@ (error suppression operator), 34
`` (execution operator), 34–35
% (percent) symbol, printing, 110
& (reference operator), 31
() (parentheses), order of precedence, 37–38
?: (ternary operator), 34
| (vertical pipe), 123
A
absolute path, 56
abstract classes, 188
access control implementing, 366–369
visibility, controlling, 169–170
accessing
array elements, 79
with foreach loop, 80
assignment operators, 20
htmlspecialchars() function, 21–22
PHP, 12
accessor functions, 166–168, 178
ACID (atomicity, consistency, isolation, and durability), 317–318
addClass() method, 498
adding
addition operator, 28
address field (Bob’s Auto Parts order form), 54
administrator privileges (MySQL), 229
advantages of reusing code
consistency, 132
cost, 132
reliability, 132
AJAX (Asynchronous JavaScript and XML), 493–494
asynchronous requests, 493
$.get(), 510
$.getscript(), 510
$.post(), 510
real-time chat application, building chat server, 504–507
aliases
for namespaces, 198
ALTER TABLE command (SQL), 265–268
altering
error reporting settings, 554–556
tables after creation, 265–268
alternative control structure syntax, 51
anchoring regular expressions to beginning or end of string, 123
Apache
HTTP Server
configuring, 356
installing
applying
functions to arrray elements, 97–98
localization to web pages, 440–445
language selector page, 442–444
software engineering to web development, 530
templates to web pages, 134–139
arbitrary lengths, reading, 69
ARCHIVE table type, 316
arguments, 39
array elements, 76
accessing, 79
with foreach loop, 80
indices, 76
array key-value pairs for getdate() function, 427–428
array_multisort() function, 87–88
array_pop() function, 92
array_push() function, 92
array_reverse() function, 92
$_POST, 20
accessing contents, 77–78, 78–79
bounding box contents, 463
converting to scalar variables, 99–100
initializing, 79
multidimensional arrays, 75, 82–85
three-dimensional arrays, 84–85
numerically indexed arrays, 76–77
with shuffle() function, 90–91
reversing, 92
reverse sorting, 83
assigning values to variables, 24
assignment operators, 20
combined assignment operators, 30
values returned from, 29
asynchronous requests, 493
attackers, 339
attributes, 160, 162, 164–165, 177
preventing, 172
authentication, 333
custom authentication, creating, 377
passwords
storing, 369
logging out, 580
resetting forgotten passwords, 582–587
members_only.php, 489
auto_append_file directive, 139–140
_autoload() function, 189
AUTO_INCREMENT keyword (MySQL), 234
auto_prepend_file directive, 139–140
autocommit mode (MySQL), 318
automatically generated images, 456
available extensions, identifying, 522–523
avoiding FTP timeouts, 420
B
backing up
backreferences, 126
backtraces, 202
balancing security with usability, 342
basename() function, 397
basic values, filtering, 346–347
Bill Gates Wealth Clock, 407
bitwise operators, 33
blank canvas, creating, 452–453
BLOBs (binary large objects), 244
blocks, declaring, 42
Bob’s Auto Parts site
order form
address field, 54
fields, naming, 14
processing, 14
Smart Form Mail application, creating, 101–104
bookmarks (PHPbookmark project), 561
Book-O-Rama bookstore application, 213–214
inserting information into database, 282–285
schema, 221
Boolean values, 24
bottom-up approach to security, 343
branching, 123
browsedir2.php, 392
browsedir.php, 390
browsers
outputting images to, 455
session control, 475
sessions
registering variables, 478–479
starting, 478
browsing php.ini file, 355–356
Bubbler, 510
built-in functions, 144
buttons
base canvas, setting up, 460–461
outputting to browser, 465
positioning text on, 464
C
calculating
dates
calendar functions, 436
callable type, 24
calling
class operations, 165
canvas images
case of strings, changing, 111–112
case sensitivity, of identifiers, 239
catch blocks, 200
CHAR type columns, 235
character sets, 120–121, 438–440
multi-byte, 438
security implications, 439–440
single-byte, 438
characters. See also special characters, 123–124
reading, 69
charts, drawing from stored MySQL data, 465–474
chat application
chat server, building, 504–507
user interface, building, 510–517
checking
for existence of files, 70
choosing
development environment, 537–538
file mode, 55
keys, 217
chop() function, 104
classes, 161
$this pointer, 164
abstract classes, 188
converting to strings, 194
preventing, 172
importing, 198
subnamespaces, 197
naming, 177
ObjectIterator, 192
calling, 165
polymorphism, 161
accessor functions, 178
metatags, 177
click event, 500
Clifford, John, 510
closedir() function, 391
code
checking out, 537
operations, 181
commenting, 534
maintainability, 532
in large web projects, 531–532
securing, 343
source code, highlighting, 525–526
standards, 532
defining naming conventions, 532–534
code blocks, 42
displaying, 302
indexes, creating, 238
MySQL
CHAR type, 235
primary key, 211
combined assignment operators, 30
command line
MySQL
CREATE INDEX, 238
CREATE USER, 226
DESCRIBE, 304
show tables, 237
use, 232
mysql, 223
SQL
DELETE, 268
ORDER BY clause, 259
UPDATE, 265
comparing
constants and variables, 26
SQL and MySQL, 248
strings, 115
concatenating strings, 22
conditionals, 41
code blocks, 42
configuring
Apache HTTP Server, 356
connecting
to network services, interaction failures, 548–549
ODBC, 286
constants, 26
error reporting levels, 553–554
per-class constants, 185
and variables, 26
constructors, 163
consuming data from other websites, 404–408
control structures
alternative syntax, 51
conditionals, 41
code blocks, 42
do.while loops, 50
stopping, 50
for stored procedures, 323–327
declare handlers, 325
controlling visibility, 169–170
conversion specification, 109
converting
arrays to scalar variables, 99–100
classes to strings, 194
dates and times to Unix timestamp, 426
Gregorian to Julian calendar, 436
between PHP and MySQL date formats, 431–433
session ID, 476
correlated subqueries, 264
counted subexpressions, 123
counting array elements, 98–99
crackers, 339
CREATE INDEX command, 238
CREATE USER command, 226
creating
Bob’s Auto Parts order form, 12–14
buttons
base canvas, setting up, 460–461
outputting to browser, 465
text, positioning, 464
column indexes, 238
directories, 394
files, 398
MySQL users, 224
cross joins, 258
crypt() function, 370
CSV table type, 316
custom authentication, creating, 377
customer feedback form (Bob’s Auto Parts site), creating, 101–104
customer order form
address field, 54
fields, naming, 14
processing, 14
D
data hiding, 160
data storage, RDBMSs, 74
scalar values, 26
type casting, 25
type strength, 25
databases. See also RDBMSs (relational database management systems)
advantages of, 209
MySQL, 209
chat server, building, 504–507
DATE_FORMAT() function, 431–432
displaying, 302
restoring, 311
UNIX_TIMESTAMP() function, 432–433
ODBC, 286
design optimization, 309
table optimization, 310
PHPbookmark project, implementing, 565–566
querying, 278
RDBMSs, 74
initial data transfer, performing, 313
slaves, setting up, 313
schemas, 212
update anomalies, 215
web database architecture, 218–220, 272
Date, C.J., 220
date and time type columns, 243–244
date() function, 18, 19–20, 424–427
DATE_FORMAT() function, 431–432
dates
calculating
calendar functions, 436
converting between PHP and MySQL formats, 431–433
Gregorian dates, 436
Julian dates, 436
validating with checkdate() function, 428–429
DDL (Data Definition Language), 248
declare handlers, 325
declaring
blocks, 42
constants, 26
functions, 144
define() function, 26
defining naming conventions for large projects, 532–534
DELETE command (SQL), 268
deleting
records from database, 268
deletion anomalies, 215
delimiters, 120
denial of service, 335–337, 361
descenders, 463
DESCRIBE command, 304
designing
destroying
image identifiers, 455
sessions, 479
destructors, 163
directories
creating, 394
retrieving information, 394
submission form, 408
directory structure for large projects, 536
disconnecting from MySQL database, 281
disgruntled employees, threats posed by, 339
displaying
columns, 302
databases, 302
MySQL privileges, 302
tables, 237
division operator, 28
DML (Data Manipulation Language), 248
DMZs (demilitarized zones), 360–361
function libraries, 536
PHP manual, 531
project documentation, 538
dot notation, 255
double-quoted strings, interpolation, 22
do.while loops, 50
dropping
tables, 268
DSN (data source name), 288
dump_array() function, 552–553
dynamic content, adding, 18–19
E
each() construct, accessing array contents, 80–81
each() function, 80
echo statement, 22
email, sending and reading, 404
statements, 16
tags, 16
whitespace, 17
empty() function, 40
encapsulation, 160
environment variables, 401–402
equi-joins, 258
error handling, 208
error reporting levels, 553–554
logging errors, 560
graceful error logging, 557–559
triggering your own errors, 556
error messages for undefined functions, 142–143
error reporting levels, 553–554
error reporting settings, altering, 554–556
error suppression operator, 34, 60
escapeshellcmd() function, 354
escaping
from HTML, 16
evaluating
event handling
click event, 500
focusout event, 503
ready event, 499
submit event, 504
exception handling, 199–201, 557
in Bob’s Auto Parts site, 204–208
catch blocks, 200
finally blocks, 200
throw keyword, 200
try blocks, 199
user-defined exceptions, 202–204
existence of files, checking for, 70
splitting strings with, 112–113
extensions
loaded extensions, identifying, 522–523
PDO data access abstraction extension, 286–289
php_gd2.dll extension, registering, 450
F
feedback form (Bob’s Auto Parts site), creating, 101–104
fgetc() function, 69
fields, naming, 14
file mode, 55
choosing, 55
fopen() function, 57
file systems
absolute path, 56
file information, retrieving, 395–397
relative path, 56
security, 352
file_exists() function, 70
file_get_contents() function, 68–69
file_put_contents() function, 61
fileatime() function, 397
fileowner() function, 397
fileperms() function, 397
files
characters, reading, 69
creating, 398
existence of, checking for, 70
problems with, 73
image files
GIFs, 451
JPEGs, 450
logging errors to, 560
moving, 398
opening, 55
through FTP or HTTP, 58
in PHPbookmark application, 564–565
processing, 55
reading from, 55, 65–66, 67–68, 68–69
as cause for runtime errors, 546–547
size of, determining, 70
tracking upload progress, 387–388
troubleshooting, 389
writing the file handling script, 382–387
filtering
double-checking expected values, 344–346
for output to browser, 105–106
final keyword, 172
finally blocks, 200
finding
strings within strings, 116–117
substrings with regular expressions, 128–129
firewalls, 360
problems with, 73
float data type, 25
floating-point types, 242
floatval() function, 41
focusout event, 503
fonts, TrueType, 457
file mode, 57
parameters, 56
accessing array elements, 80
FOREIGN KEY keyword (MySQL), 235
Book-O-Rama bookstore application, 221
format codes, date() function, 424–425
formatting
strings
conversion specification, 109
forms
Book-O-Rama bookstore application
customer order form
fields, naming, 14
processing, 14
Smart Form Mail application
submission form, 408
fputs() function, 61
fread() function, 69
front end interface, building for chat application, 504–507
FTP
avoiding timeouts, 420
backing up files with, 412–420
files, opening, 58
ftp_nlist() function, 421
ftp_size() function, 420
func_num_args() function, 148
functions, 140
_autoload(), 189
accessor functions, 166–168, 178
aggregate functions (MySQL), 259–261
applying to array elements, 97–98
arguments, 39
array_pop(), 92
array_push(), 92
array_reverse(), 92
backtraces, 202
basename(), 397
built-in, 144
case functions, 112
case sensitivity, 143
chop(), 104
closedir(), 391
crypt(), 370
define(), 26
each(), 80
empty(), 40
escapeshellcmd(), 354
splitting strings with, 112–113
fgetc(), 69
file_exists(), 70
file_put_contents(), 61
fileatime(), 397
fileowner(), 397
fileperms(), 397
floatval(), 41
file mode, 57
parameters, 56
fputs(), 61
fread(), 69
ftp_nlist(), 421
ftp_size(), 420
func_num_args(), 148
fwrite(), 61
parameters, 62
get_loaded_extensions(), 523
array key-value pairs, 427–428
getlastmod(), 524
gettype(), 39
header(), 455
highlight_string(), 525
htmlspecialchars(), 21–22, 105–106
imagecolorallocate(), 453
imagecreatetruecolor(), 452–453
imagecreatfrompng(), 461
imagefilledrectangle(), 472
imageline(), 472
imagestring(), 454
imagettftext(), 462
implode(), 113
ini_set(), 524
intval(), 41
join(), 113
krsort(), 83
libraries, 536
ltrim(), 104
microtime(), 435
mkdir(), 394
multibyte string functions, 440
mysqli(), 547
importing, 198
subnamespaces, 197
nonexistent, as cause for runtime errors, 545–546
number_format(), 37
in ObjectIterator class, 192
opendir(), 391
overloading, 145
passing, 141
passthru(), 399
range(), 77
readdir(), 391
returning values from, 153
rmdir(), 394
rsort(), 83
serialize(), 521
session_start(), 478
setcookie(), 476
settype(), 39
show_source(), 525
sprintf(), 109
strcasecmp(), 115
strchr(), 117
strcmp(), 115
stristr(), 117
strnatcmp(), 115
strtolower(), 112
strtoupper(), 112
strval(), 41
substr(), 114
system(), 399
trigger_error(), 556
trim(), 104
uasort(), 89
ucfirst(), 112
ucwords(), 112
uksort(), 89
umask(), 394
undefined functions, calling, 142–143
unlink(), 70
unserialize(), 521
urlencode(), 407
user-defined, 144
variable functions, 146
variable handling functions, 39–40
vprintf(), 111
vsprintf(), 111
fwrite() function, 61
parameters, 62
G
GD2 image library, 449
generating
bar charts from stored MySQL data, 465–474
charts from stored MySQL data, 465–474
get_loaded_extensions() function, 523
array key-value pairs, 427–428
getlastmod() function, 524
gettext() function, 444–448, 446
gettype() function, 39
GIF (Graphics Interchange Format) files, 451
Git, 537
global keyword, 150
GNU gettext
graceful error logging, 557–559
GRANT command, 226–227, 230–231
connection verification, 298
request verification, 298
Greenspun, Philip, 407
Gregorian dates, 436
H
handle.php, 558
handles, 161
header() function, 455
$.get(), 510
$.getJSON(), 510
$.getscript(), 510
$.post(), 510
heredoc syntax, 23
highlight_string() function, 525
highlighting source code, 525–526
HTML
elements
selecting with jQuery selectors, 496–497
escaping, 16
statements, 16
whitespace, 17
reusing, applying templates to web pages, 134–139
submission form, 408
htmlspecialchars() function, 21–22, 105–106
HTTP files, opening, 58
I
case sensitivity, 239
rules, 239
identifying script owner, 523
IETF (Internet Engineering Task Force), 404
image identifiers, destroying, 455
imagecolorallocate() function, 453
imagecreatetruecolor() function, 452–453
imagecreatfrompng() function, 461
imagefilledrectangle() function, 472
imageline() function, 472
ImageMagick image library, 449
images
automatically generated, 456
bar chart, drawing from stored SQL data, 465–474
buttons
outputting to browser, 465
positioning text on, 464
canvas images
GIFs, 451
JPEGs, 450
libraries, 449
outputting to browser, 455
php_gd2.dll extension, registering, 450
support in PHP, configuring, 449–450
imagestring() function, 454
imagettftext() function, 462
IMAP4 (Internet Message Access protocol), 404
implode() function, 113
importing namespaces, 198
indenting code, 42
indexes, creating, 310
indices, 76
numerically indexed arrays, 76–77
preventing, 172
ini_set() function, 524
initializing arrays, 79
numerically indexed arrays, 76–77
inner joins, 258
InnoDB table type, 316
input data, filtering, 343–348
double-checking expected values, 344–346
inserting data into SQL database, 248–250, 282–285
insertion anomalies, 215
installing
Apache
PHP
with other web servers, 614
instanceof operator, 35, 185–186
instantiating classes, 163–164
integers, 25
integral data types, 241
interacting with the environment, 401–402
Book-O-Rama HTML form, 282–285
PDO data access abstraction extension, 286–289
applying to web pages, 440–445
language selector page, 442–444
locale-specific headers, 441–442
GNU gettext, installing, 444–445
interpolation, 22
intval() function, 41
accessing array contents, 78–79
do.while loops, 50
J
JavaScript. See also AJAX; jQuery
join() function, 113
joining strings, 113
joins
cross joins, 258
equi-joins, 258
inner joins, 258
joining more than two tables, 255–256
JPEG (Joint Photographic Experts Group) files, 450
addClass() method, 498
$.get(), 510
$.getJSON(), 510
$.getscript(), 510
$.post(), 510
click event, 500
focusout, 503
ready event, 499
submit, 504
namespace, 495
pseudo-selectors, 497
acting on, 498
selectors (jQuery), creating HTML elements, 497–498
val() method, 498
Julian dates, 436
K
Book-O-Rama bookstore application, 221
choosing, 217
success, 507
keywords
final, 172
global, 150
MySQL
AUTO_INCREMENT, 234
FOREIGN KEY, 235
NOT NULL, 234
static, 185
throw, 200
krsort() function, 83
L
languages
multi-byte, 438
single-byte, 438
large web application projects, 529
choosing a development environment, 537–538
coding standards, 532
commenting your code, 534
defining naming conventions, 532–534
directory structure, 536
documenting, 538
function libraries, 536
separating logic from content, 539–540
writing maintainable code, 532
length of strings, checking, 115–116
libraries
function libraries, 536
image libraries, 449
jQuery library, loading, 494–495
LIMIT clause (SELECT command), 261–262
line-by-line reading from files, 67–68
linking tables, 218
list() construct, 81
literals, 23
LOAD DATA INFILE statement, 315
loaded extensions, identifying, 522–523
loading
files with require() statement, 132–134
local variables, 323
locales, 438
applying to web pages, 440–445
language selector page, 442–444
multi-byte, 438
security implications, 439–440
single-byte, 438
GNU gettext, installing, 444–445
locales, 438
multibyte string functions, 440
logging errors
graceful error logging, 557–559
to log file, 560
logic, separating from content, 539–540
lookup.php, 405
loops
accessing array contents, 78–79
do.while loops, 50
ltrim() function, 104
M
Mac OS, installation packages, 612–613
maintainability of code, 532
many-to-many relationships, 213
master, setting up for replication, 312–313
matching
substrings with string functions, 116
max_execution_time directive, 524
members_only.php, 489
MEMORY table type, 316
Mercurial, 537
MERGE table type, 316
metatags, 177
methods
$.get(), 510
$.getJSON(), 510
$.getscript(), 510
$.post(), 510
jQuery
addClass(), 498
val(), 498
static, 185
microseconds, 435
microtime() function, 435
mkdir() function, 394
modification anomalies, 215
modification date of scripts, obtaining, 523–524
modulus operator, 28
moving files, 398
multibyte string functions, 440
multidimensional arrays, 75, 82–85
with array_multisort() function, 87–88
three-dimensional arrays, 84–85
multiline comments, 17
multiplication operator, 28
MyISAM storage engine, 316
MySQL, 209, 221–222. See also MySQL monitor
autocommit mode, 318
chat server, building, 504–507
columns
indexes, creating, 238
commands
AUTO_INCREMENT keyword, 234
CREATE USER, 226
DESCRIBE, 304
FOREIGN KEY keyword, 235
mysql, 223
NOT NULL keyword, 234
databases
creating, 224
restoring, 311
selecting, 232
date format, converting to PHP, 431–433
DATE_FORMAT() function, 431–432
drawing charts from stored data, 465–474
case sensitivity, 239
rules, 239
installing
joins
cross joins, 258
equi-joins, 258
inner joins, 258
joining more than two tables, 255–256
design optimization, 309
table optimization, 310
displaying, 302
updating, 299
querying from the Web, 275–281
disconnecting from database, 281
filtering input data, 276
retrieving the results, 280–281
selecting the database, 278
setting up connection, 277–278
passwords, 300
web issues, 301
declare handlers, 325
local variables, 323
altering after creation, 265–268
dropping, 268
UNIX_TIMESTAMP() function, 432–433
creating, 224
principle of least privilege, 225
mysql command, 223
mysqli() function, 547
mysqli library, 277
N
aliasing, 198
importing, 198
jQuery, 495
subnamespaces, 197
naming
classes, 177
fields, 14
navigating
denial of service attacks, 361
firewalls, 360
network services, interaction failures, 548–549
Nginx servers, 614
nonexistent functions, as cause for runtime errors, 545–546
non-matching rows, finding, 256–257
NOT NULL keyword (MySQL), 234
NULL type, 24
number_format() function, 37
floating-point types, 242
integral data types, 241
numerically indexed arrays, 76–77
O
ObjectIterator class, 192
classes, 161
instantiating a class, 163–164
serializing, 521
ODBC (Open Database Connectivity), 286
one-to-many relationships, 213
one-to-one relationships, 213
one-way hash functions, 370
OO (object-oriented) development, 159
_autoload() function, 189
attributes, 160
classes, 161
abstract classes, 188
constructors, 163
converting to strings, 194
destructors, 163
ObjectIterator, 192
encapsulation, 160
preventing, 172
importing, 198
subnamespaces, 197
serializing, 521
operations, 160
calling, 165
per-class constants, 185
polymorphism, 161
static methods, 185
opendir() function, 391
opening files, 55
through FTP or HTTP, 58
operands, 28
operating system, securing, 361–362
calling, 165
constructors, 163
destructors, 163
preventing, 172
operators, 28
assignment operators, 20, 29–31
combined assignment operators, 30
values returned from, 29
bitwise operators, 33
error suppression operator, 34, 60
reference operator, 31
string concatenation operator, 22
string operators, 29
for subqueries, 263
ternary operator, 34
type operator, 35
design optimization, 309
table optimization, 310
options for session configuration, 482–483
ORDER BY clause, 259
order forms
address field, 54
fields, naming, 14
processing, 14
storing and retrieving orders, 54
strings, 115
outputting
buttons to browser, 465
images, 455
preventing, 172
owner of scripts, identifying, 523
P
extract() function, 100
fopen() function, 56
fwrite() function, 62
htmlspecialchars() function, 105–106
passing, 141
passing parameters, 141
passthru() function, 399
MySQL, 300
storing, 369
pattern matching, delimiters, 120
PEAR (PHP Extension and Application Repository), installing, 613–614
per-class constants, 185
performance, optimizing databases
design optimization, 309
table optimization, 310
permissions, 59
PHP
accessing, 12
tags, 16
whitespace, 17
English language manual, 531
environment information, obtaining, 522
installing
with other web servers, 614
statements, 16
tags
short style, 16
XML style, 16
PHP interpreter, 600
php_gd2.dll extension, registering, 450
PHPbookmark project, 561
basic site, implementing, 566–569
database, implementing, 565–566
implementing recommendations, 594–597
logging out, 580
resetting forgotten passwords, 582–587
php.ini file
date.timezone setting, 424
session upload progress configuration settings, 387
planning web application projects, 530–531
PNG (Portable Network Graphics) files, 450–451
PO (Portable Object) files, 445–446
Poedit, 446
pollServer() function, 515–516
polymorphism, 161
POP (Post Office Protocol), 404
position of substrings, identifying, 117–118
positioning text on buttons, 464
POSIX-style regular expressions, 119
preg_match() function, 128–129
preg_split() function, 129–130
Pressman, Roger, 542
preventing inheritance, 172
primary key, 211
PRIMARY KEY keyword (MySQL), 234–235
primary keys, Book-O-Rama bookstore application, 221
principle of least privilege, 225
printing
echo statement, 22
formatting strings for, 109–111
percent symbol, 110
text on canvas images, 453–454
private access modifier, 166
visibility, controlling, 169–170
privileges (MySQL), 225–231, 227–230, 291–299, 300–301
administrator privileges, 229
CREATE USER command, 226
displaying, 302
principle of least privilege, 225
revoking, 230
special privileges, 230
updating, 299
user privileges, 228
processfeedback_v2.php, 108–109
processing
customer order form, 14
files, 55
creating, 14
dynamic content, adding, 18–19
with exception handling, 205–208
form variables, accessing, 20–22
functions, calling, 19
program execution functions, 398–401
properties of files, changing, 397–398
protected access modifier, 166
protecting multiple web pages, 371
prototyping web applications, 538–539
pseudo-selectors, 497
public access modifier, 166
visibility, controlling, 169–170
Q
querying databases
SELECT queries, evaluating, 304–309
correlated subqueries, 264
operators, 263
row subqueries, 264
as temporary table, 264
disconnecting from database, 281
filtering input data, 276
retrieving the results, 280–281
selecting the database, 278
setting up connection, 277–278
R
range() function, 77
RDBMSs (relational database management systems), 74
columns, 211
choosing, 217
MySQL
databases, creating, 224
databases, selecting, 232
mysql command, 223
users, creating, 224
relationships, 213
rows, 211
schemas, 212
update anomalies, 215
values, 211
readdir() function, 391
arbitrary lengths, 69
characters, 69
email, 404
from files, 55, 65–66, 67–68, 68–69
as cause for runtime errors, 546–547
ready event, 499
real-time chat application, chat server, building, 504–507
records
deleting, 268
storing, 62
updating, 265
reducing web application security risks
access to sensitive data, 332–333
malicious code injection, 337
reference operator, 31
registering
php_gd2.dll extension, 450
anchoring to beginning or end of string, 123
backreferences, 126
branching, 123
counted subexpressions, 123
delimiters, 120
POSIX, 119
repetition, 122
in Smart Form Mail application, 127–128
special characters, matching, 123–124
substrings, replacing, 129
relationships, 213
relative path, 56
with shuffle() function, 90–91
repetition in regular expressions, 122
accessing array contents, 78–79
do.while loops, 50
replacing substrings
with regular expressions, 129
with string functions, 116
initial data transfer, performing, 313
slaves, setting up, 313
adding templates to web pages, 134–139
resource type, 24
restoring MySQL databases, 311
querying from the Web, filtering input data, 276
retrieving data from SQL databases, 250–259
joining more than two tables, 255–256
finding rows that don’t match, 256–257
ORDER BY clause, 259
returning values from functions, 153
reusing code
consistency, 132
cost, 132
reliability, 132
functions, 140
built-in functions, 144
case sensitivity, 143
parameters, passing, 141
returning values from, 153
undefined functions, calling, 142–143
user-defined, 144
variable functions, 146
in large web projects, 531–532
maintainability, 532
applying templates to web pages, 134–139
reverse sorting functions, 83, 89–90
reversing arrays, 92
RFCs (Requests for Comments), 404
rmdir() function, 394
row subqueries, 264
rows, 211
inserting into SQL database, 248–250
non-matching rows, finding, 256–257
rsort() function, 83
rules
for identifiers, 239
of variable scope, 27
running PHP on command line, 526–527
runtime environment, temporarily modifying, 524–525
calls to nonexistent functions, 545–546
connections to network services, 548–549
failure to check input data, 549
interaction with MySQL, 547–548
reading or writing files, 546–547
S
SaaS version control systems, 537
scalar values, 26
scalar variables, creating from arrays, 99–100
scandir.php, 393
schemas, 212
scripts
browsedir2.php, 392
browsedir.php, 390
executing on command line, 526–527
functions, calling, 19
handle.php, 558
lookup.php, 405
members_only.php, 489
modification date, obtaining, 523–524
owner, identifying, 523
processfeedback_v2.php, 108–109
processorder.php
creating, 14
dynamic content, adding, 18–19
with exception handling, 205–208
scandir.php, 393
secret.php, 369
stopping, 50
search form (Book-0-Rama bookstore application), 272–273
security
application security threats
access to sensitive data, 331–333
compromised server, 338
malicious code injection, 337
modification of data, 334
attackers, 339
authentication
custom authentication, creating, 377
visitors, identifying, 365–366
code, securing, 343
crackers, 339
database servers, securing, 357–359
file systems, 352
passwords, 300
web issues, 301
denial of service attacks, 361
firewalls, 360
operating system, securing, 361–362
permissions, 59
strategies for handling, 341–343
balancing security and usability, 342
starting with the right mindset, 342
twofold approach to, 343
web pages, protecting, 371
web servers, securing, 354–357
browsing php.ini file, 355–356
shared hosting of web applications, 356–357
ORDER BY clause, 259
selecting
HTML elements with selectors, 496–497
MySQL database, 232
SQL databases from the web, 278
table types, 316
acting on, 498
HTML elements, creating, 497–498
pseudo-selectors, 497
sending email, 404
serialization, 521
serialize() function, 521
session control, 475
members_only.php, 489
sessions
destroying, 479
registering variables, 478–479
starting, 478
session ID, 476
unsetting, 479
session_start() function, 478
set_error_handler() function, 557–558
setcookie() function, 476
settype() function, 39
SGML (Standard Generalized Markup Language), 16
shared hosting of web applications, security issues, 356–357
short style PHP tags, 16
show tables command, 237
show_source() function, 525
simple tables, 218
single-byte languages, 438
single-line comments, 18
size of files, determining, 70
slaves, setting up for replication, 313
Smart Form Mail application
SMTP (Simple Mail Transfer Protocol), 404
Software Engineering: A Practitioner’s Approach, 542
software engineering, applying to web development, 530
solution components for PHPbookmark project, 561–565
multidimensional arrays, 87–90
reverse sorting, 83
source code, highlighting, 525–526
special privileges (MySQL), 230
splitting strings
with regular expressions, 129–130
with strtok() function, 113–114
with substr() function, 114
sprintf() function, 109
SQL (Structured Query Language), 247–248. See also MySQL
joins
cross joins, 258
equi-joins, 258
inner joins, 258
joining more than two tables, 255–256
querying from the Web, 275–281
disconnecting from database, 281
filtering input data, 276
retrieving the results, 280–281
selecting the database, 278
setting up connection, 277–278
with specific criteria, 251–253
correlated subqueries, 264
operators, 263
row subqueries, 264
as temporary table, 264
SSL (Secure Sockets Layer), troubleshooting, 610–612
stand-alone functions, _autoload(), 189
starting sessions, 478
statements, 16. See also commands
echo, 22
LOAD DATA INFILE, 315
applying templates to web pages, 134–139
semicolons, 16
static keyword, 185
status of variables, testing, 40–41
ARCHIVE, 316
CSV, 316
InnoDB, 316
foreign keys, 319
MEMORY, 316
MERGE, 316
MyISAM, 316
declare handlers, 325
local variables, 323
storing
dates and times, Unix timestamps, 426–427
orders, 54
in RDBMSs, 74
records, 62
str_replace() function, 107, 118–119
strategies for handling security, 341–343
balancing with usability, 342
starting with the right mindset, 342
strcasecmp() function, 115
strchr() function, 117
strcmp() function, 115
string operators, 29
strings. See also regular expressions
comparing, 115
concatenating, 22
creating from classes, 194
filtering for output, 105–107, 347–348
finding within strings, 116–117
formatting
conversion specification, 109
heredoc syntax, 23
interpolation, 22
joining, 113
multibyte string functions, 440
ordering, 115
regular expressions, anchoring to beginning or end of, 123
splitting
with regular expressions, 129–130
with strtok() function, 113–114
with substr() function, 114
substrings
find-and-replace operations, 118–119
replacing with string functions, 116
trimming, 104
stristr() function, 117
strnatcmp() function, 115
strtolower() function, 112
strtoupper() function, 112
structure
strval() function, 41
submit event, 504
subnamespaces, 197
correlated subqueries, 264
operators, 263
row subqueries, 264
as temporary table, 264
substr() function, 114
substr_replace() function, 118–119
substrings
find-and-replace operations, 118–119
finding with regular expressions, 128–129
replacing
with regular expressions, 129
with string functions, 116
subtraction operator, 28
Subversion, 537
success key, 507
support for images in PHP, setting up, 449–450
syntax
heredoc, 23
semicolons, 16
system() function, 399
T
table types
ARCHIVE, 316
CSV, 316
InnoDB, 316
foreign keys, 319
MEMORY, 316
MERGE, 316
MyISAM, 316
selecting, 316
altering after creation, 265–268
CHAR type, 235
displaying, 302
dropping, 268
connection verification, 298
request verification, 298
joining
linking tables, 218
optimizing, 310
records
deleting, 268
updating, 265
relationships, 213
retrieving data
rows, inserting into SQL database, 248–250
simple tables, 218
subqueries as temporary table, 264
tags
PHP, 16
short style, 16
XML style, 16
templates, applying to web pages, 134–139
temporarily modifying runtime environment, 524–525
ternary operator, 34
testing
PHP support, 610
text
descenders, 463
positioning on buttons, 464
regular expressions
anchoring to beginning or end of string, 123
backreferences, 126
branching, 123
counted subexpressions, 123
delimiters, 120
repetition, 122
in Smart Form Mail application, 127–128
special characters, matching, 123–124
threats to web application security
access to sensitive data, 331–333
compromised server, 338
malicious code injection, 337
modification of data, 334
three-dimensional arrays, 84–85
throw keyword, 200
time, microseconds, 435
timestamps, formatting, 429–431
top-down approach to security, 343
totals, calculating on order forms, 36–37
tracking file upload progress, 387–388
trigger_error() function, 556
triggering your own errors, 556
trim() function, 104
trimming strings, 104
troubleshooting. See also error handling; exception handling
file upload, 389
TrueType fonts, 457
try blocks, 199
twofold approach to security, 343
type casting, 25
type codes for conversion specification, 110–111
type operator, 35
type strength, 25
U
uasort() function, 89
ucfirst() function, 112
ucwords() function, 112
uksort() function, 89
umask() function, 394
undefined functions, calling, 142–143
UNIX
Unix Epoch, 426
converting date and time to, 426
UNIX_TIMESTAMP() function, 432–433
unlink() function, 70
unserialize() function, 521
unsetting session variables, 479
update anomalies, 215
UPDATE command (SQL), 265
updating
privileges, 299
records, 265
tracking upload progress, 387–388
troubleshooting, 389
writing the file handling script, 382–387
urlencode() function, 407
usability, balancing with security, 342
use command, 232
user interface for chat application, building, 504–507
user personalization, 561
user-defined exceptions, 202–204
user-defined functions, 144
parameters, 147
users
authentication, identifying visitors, 365–366
principle of least privilege, 225
V
val() method, 498
validating dates with checkdate() function, 428–429
values, 211
basic values, filtering, 346–347
variable functions, 146
variable handling functions, 39–40
variables, 23
converting to scalar variables, 99–100
initializing, 79
multidimensional arrays, 75
numerically indexed arrays, 76–77
reversing, 92
three-dimensional arrays, 84–85
assigning values to, 24
assignment operators, 20
and constants, 26
scalar values, 26
type casting, 25
type strength, 25
environment variables, 401–402
handles, 161
interpolation, 22
local variables, 323
serializing, 521
unsetting, 479
visibility, controlling, 169–170
visitors, identifying, 365–366
vprintf() function, 111
vsprintf() function, 111
W
web access, configuring for MySQL users, 231–232
web application development
applying to software engineering, 530
chat server, building, 504–507
user interface, building, 510–517
internationalized software, 437–438
large projects
choosing a development environment, 537–538
coding standards, 532
commenting your code, 534
defining naming conventions, 532–534
directory structure, 536
documenting, 538
function libraries, 536
separating logic from content, 539–540
writing maintainable code, 532
locales, 438
operating system, securing, 361–362
security
database servers, securing, 357–359
file system considerations, 352
strategies for handling, 341–343
threats
access to sensitive data, 331–333
compromised server, 338
malicious code injection, 337
modification of data, 334
web database architecture, 218–220, 272
web pages
internationalization
language selector page, 442–444
locale-specific headers, 441–442
protecting, 371
templates, applying with require() statement, 134–139
Apache HTTP Server
configuring, 356
Nginx, 614
browsing php.ini file, 355–356
shared hosting of web applications, 356–357
websites
Bill Gates Wealth Clock, 407
consuming date from other sites, 404–408
session control, 475
visitors, identifying, 365–366
WHERE clause (SELECT command), 252–253
whitespace, 17
Windows operating system, installation packages, 612–613
writing
accessor functions, 178
attributes, 177
metatags, 177
operations, 181
as cause for runtime errors, 546–547
X
XML style PHP tags, 16