13. Cookies, Sessions, and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Using Cookies in PHP 279 Setting a Cookie 281 Accessing a Cookie 281 Destroying a Cookie 282 HTTP Authentication 282 Storing Usernames and Passwords 285 Salting 285 Using Sessions 289 Starting a Session 289 Ending a Session 292 Session Security 293 Test Your Knowledge: Questions 296 14. Exploring JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 JavaScript and HTML Text 299 Using Scripts Within a Document Head 301 Older and Nonstandard Browsers 301 Including JavaScript Files 302 Debugging JavaScript Errors 303 Using Comments 305 Semicolons 305 Variables 306 String Variables 306 Numeric Variables 307 Arrays 307 Operators 308 Arithmetic Operators 308 Assignment Operators 308 Comparison Operators 309 Logical Operators 309 Variable Incrementing and Decrementing 310 String Concatenation 310 Escaping Characters 310 Variable Typing 311 Functions 312 Global Variables 312 Local Variables 312 The Document Object Model 314 Browser Incompatibilities 316 Using the DOM 317 Test Your Knowledge: Questions 318 Table of Contents | ix 15. Expressions and Control Flow in JavaScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Expressions 319 Literals and Variables 320 Operators 321 Operator Precedence 321 Associativity 322 Relational Operators 323 The with Statement 325 Using onError 326 Using try catch 327 Conditionals 328 The if Statement 328 The switch Statement 329 The ? Operator 331 Looping 331 while Loops 331 do while Loops 332 for Loops 332 Breaking Out of a Loop 333 The continue Statement 334 Explicit Casting 334 Test Your Knowledge: Questions 335 16. JavaScript Functions, Objects, and Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 JavaScript Functions 337 Defining a Function 337 Returning a Value 339 Returning an Array 341 JavaScript Objects 341 Declaring a Class 341 Creating an Object 343 Accessing Objects 343 The prototype Keyword 344 JavaScript Arrays 346 Numeric Arrays 346 Associative Arrays 347 Multidimensional Arrays 348 Using Array Methods 349 Test Your Knowledge: Questions 353 17. JavaScript and PHP Validation and Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Validating User Input with JavaScript 355 The validate.html Document (Part One) 356 x | Table of Contents The validate.html Document (Part Two) 358 Regular Expressions 361 Matching Through Metacharacters 361 Fuzzy Character Matching 362 Grouping Through Parentheses 363 Character Classes 363 Indicating a Range 364 Negation 364 Some More Complicated Examples 364 Summary of Metacharacters 367 General Modifiers 369 Using Regular Expressions in JavaScript 369 Using Regular Expressions in PHP 369 Redisplaying a Form After PHP Validation 370 Test Your Knowledge: Questions 375 18. Using Ajax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 What Is Ajax? 378 Using XMLHttpRequest 378 Your First Ajax Program 380 Using GET Instead of POST 385 Sending XML Requests 387 Test Your Knowledge: Questions 391 19. Using YUI for Ajax and More . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393 Choosing a Framework 393 Using YUI 394 Compressed Versions 396 Using YUI for Ajax 396 Other Uses for YUI 400 A Simple YUI Calendar 401 Test Your Knowledge: Questions 403 20. Bringing It All Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 Designing a Social Networking Site 405 About Third-Party Add-Ons 406 On the Website 406 rnfunctions.php 406 The Functions 407 rnheader.php 409 rnsetup.php 410 index.php 411 rnsignup.php 412 Table of Contents | xi Checking for Username Availability 412 rnsignup.php (YUI version) 415 rncheckuser.php 417 rnlogin.php 417 rnprofile.php 419 Adding the “About Me” Text 420 Adding a Profile Image 420 Processing the Image 420 Displaying the Current Profile 421 rnmembers.php 424 Viewing a User’s Profile 424 Adding and Dropping Friends 424 Listing All Members 424 rnfriends.php 427 rnmessages.php 430 rnlogout.php 432 A. Solutions to the Chapter Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 B. Online Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 C. MySQL’s FULLTEXT Stopwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457 D. MySQL Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461 E. Using PEAR and PHPUnit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 xii | Table of Contents Preface The combination of PHP and MySQL is the most convenient approach to dynamic, database-driven web design, holding its own in the face of challenges from integrated frameworks—such as Ruby on Rails—that are harder to learn. Due to its open source roots (unlike the competing Microsoft .NET framework), it is free to implement and is therefore an extremely popular option for web development. Any would-be developer on a Unix/Linux or even a Windows/Apache platform will need to master these technologies. At the same time, the JavaScript is important, as it provides the hidden communication with the web server to create seamless interfaces. Audience This book is for people who wish to learn how to create effective and dynamic websites. This may include webmasters or graphic designers who are already creating static web- sites but wish to take their skills to the next level as well as high school and college students, recent graduates, and self-taught individuals. In fact, anyone ready to learn the fundamentals behind the Web 2.0 technology known as Ajax will obtain a thorough grounding in all three of the core technologies: PHP, MySQL, and JavaScript. Assumptions This Book Makes This book assumes that you have a basic understanding of HTML and can at least put together a simple, static website, but does not assume that you have any prior knowl- edge of PHP, MySQL, or JavaScript—although if you do, your progress through the book will be even quicker. xiii Organization of This Book The chapters in this book are written in a specific order, first introducing all three of the core technologies it covers and then walking you through their installation on a web development server, so that you will be ready to work through the examples. In the following section, you will gain a grounding in the PHP programming language, covering the basics of syntax, arrays, functions, and object-oriented programming. Then, with PHP under your belt, you will move on to an introduction to the MySQL database system, where you will learn everything from how MySQL databases are structured up to generating complex queries. After that, you will learn how you can combine PHP and MySQL to start creating your own dynamic web pages by integrating forms and other HTML features. You will then spend some time looking at ways to speed up your web development using Smarty templates. In the next three chapters, you will get down to the nitty-gritty practical aspects of PHP and MySQL development by learning a variety of useful functions and how to manage cookies and sessions, as well as how to maintain a high level of security. In the following four chapters, you will gain a thorough grounding in JavaScript, from simple functions and event handling to accessing the Document Object Model and in- browser validation and error handling. With an understanding of all three of these core technologies, you will then learn how to make behind-the-scenes Ajax calls and turn your websites into highly dynamic environments. Finally, you’ll put together everything you’ve learned in a complete set of PHP programs that together constitute a fully working social networking website. Along the way, you’ll also find plenty of pointers and advice on good programming practices and tips that could help you find and solve hard-to-detect programming er- rors. There are also plenty of links to websites containing further details on the topics covered. Supporting Books Once you have learned to develop using PHP, MySQL, and JavaScript you will be ready to take your skills to the next level using the following reference books: • Dynamic HTML: The Definitive Reference by Danny Goodman (O’Reilly) • PHP in a Nutshell by Paul Hudson (O’Reilly) • MySQL in a Nutshell by Russell Dyer (O’Reilly) • JavaScript: The Definitive Guide by David Flanagan (O’Reilly) xiv | Preface Conventions Used in This Book The following typographical conventions are used in this book: Plain text Indicates menu titles, options, and buttons. Italic Indicates new terms, URLs, email addresses, filenames, file extensions, pathnames, directories, and Unix utilities. Constant width Indicates command-line options, variables and other code elements, HTML tags, macros, the contents of files, and the output from commands. Constant width bold Shows commands or other text that should be typed literally by the user; also occasionally used for emphasis. Constant width italic Shows text that should be replaced with user-supplied values. This icon signifies a tip, suggestion, or general note. This icon indicates a warning or caution. Using Code Examples This book is here to help you get your job done. In general, you may use the code in this book in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission. We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Learning PHP, MySQL, and JavaScript, by Robin Nixon. Copyright 2009 Robin Nixon, 978-0-596-15713-5.” If you feel your use of code examples falls outside fair use or the permission given here, feel free to contact us at permissions@oreilly.com. Preface | xv We’d Like to Hear from You Every example in this book has been tested on various platforms, but occasionally you may encounter problems; for example, if you have a nonstandard installation or a dif- ferent version of PHP, and so on. The information in this book has also been verified at each step of the production process. However, mistakes and oversights can occur and we will gratefully receive details of any you find, as well as any suggestions you would like to make for future editions. You can contact the author and editors at: O’Reilly Media, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 (800) 998-9938 (in the United States or Canada) (707) 829-0515 (international or local) (707) 829-0104 (fax) We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at: http://www.oreilly.com/catalog/9780596157135 There is also a companion website to this book available online at: http://lpmj.net where you can see all the examples with color-highlighted syntax. To comment or ask technical questions about this book, send email to the following address, mentioning its ISBN number (9780596157135): bookquestions@oreilly.com For more information about our books, conferences, Resource Centers, and the O’Reilly Network, see our website at: http://www.oreilly.com Safari® Books Online When you see a Safari® Books Online icon on the cover of your favorite technology book, that means the book is available online through the O’Reilly Network Safari Bookshelf. Safari offers a solution that’s better than e-books. It’s a virtual library that lets you easily search thousands of top tech books, cut and paste code samples, download chapters, and find quick answers when you need the most accurate, current information. Try it for free at http://my.safaribooksonline.com. xvi | Preface Acknowledgments A huge thank you goes to my editor, Andy Oram, and all the folks at O’Reilly who worked so hard on this book, and without whom it could never have been written. In particular I must thank my technical reviewers, Derek DeHart, Christoph Dorn, Tomislav Dugandzic, Becka Morgan, Harry Nixon, Alan Solis, and Demian Turner, for their help in ensuring the accuracy of this book. I wish to also thank my wife, Julie, for her constant encouragement, and also Rachel, Hannah, Laura, Matthew, Harry, and Naomi, wonderful children who all helped with this project—each in their own way. Preface | xvii . the Current Profile 421 rnmembers.php 424 Viewing a User’s Profile 424 Adding and Dropping Friends 424 Listing All Members 424 rnfriends.php 427 rnmessages.php 430 rnlogout.php 4 32 A. Solutions. Availability 4 12 rnsignup.php (YUI version) 415 rncheckuser.php 417 rnlogin.php 417 rnprofile.php 419 Adding the “About Me” Text 420 Adding a Profile Image 420 Processing the Image 420 Displaying the. Networking Site 405 About Third-Party Add-Ons 406 On the Website 406 rnfunctions.php 406 The Functions 407 rnheader.php 409 rnsetup.php 410 index.php 411 rnsignup.php 4 12 Table of Contents | xi Checking