INDEX 501 multidimensional arrays, 48, 56 nowdoc syntax, 54 NULL data type, 48 object data type, 48 online documentation for PHP syntax, 47 performing calculations, 49 PHP as a weakly typed language, 48 PHP quick checklist of main language points, 67 precedence of arithmetic operators, table of, 50 print_r(), using to inspect the contents of an array, 57 resource data type, 48 return keyword, 66 side-effects of PHPs weak typing, 48 single and double quotes, 52 string data type, 48 switch statement, 60 ternary operator, 61 variables inside strings, 52 while loop, 62 See also overview of PHP referential integrity maintaining, 417, 431 preserving on record deletion, 452 RegexIterator class, 198, 202 register.php, 259, 261, 264–265, 268 register_01.php, 259 register_02.php, 262 register_03.php, 264–265 register_04.php, 267 register_05.php, 269 register_2way_mysqli.inc.php, 469 register_2way_pdo.inc.php, 470 register_db.php, 461, 465 register_globals, leaving turned off, 108 register_user_mysqli.inc.php, 462 register_user_pdo.inc.php, 462 register_user_text.inc.php, 265–267, 269 register_user_text.inc_01.php, 267 register_user_text.inc_02.php, 269, 461 register_user_text.php, 461 regular expressions (regex), 119 Relation view, 455 Reply-To header, 122 $_REQUEST, 108 require(), 71 require_once(), 71 $required array, 115, 134 required attribute, 105 resources, 48 return keyword, 66 rewind(), 188, 193 root superuser account, 288 rowCount(), 309–310, 322, 362, 375, 456, 465 <rss> tag, 204 RSS 2.0 feed RSS Specification, online location, 205 structure of, 204 rtrim(), 187 S safe_mode_include_dir, 181 Save as file check box, 298 scandir(), 168, 195 scope, 66 scope resolution (double colon) operator, 404 secretpage.php, 255–257 secretpage_01.php, 255 Secure Sockets Layer (SSL), 469 using for secure data transmission, 107 security checking user input before processing it, 6 using insecure email scripts, 6 SEEK_END, 193 SELECT command, 315, 355, 419 DISTINCT option, 377 linking tables in a SELECT query, 422 syntax of, 369, 377 WHERE clause, 377 <select> tag, 138 selected attribute, 138 self-processing form, 111 semicolons ending commands or statements with, 34, 40 using in SQL queries along with PHP, 315 $_SERVER, 37, 77, 100 server-side include, definition of, 69 session_start(), 258, 271 sessions adding a salt to a password before encryption, 258 array_merge(), 266 authenticate.inc.php, 253, 270 basename(), 274 buffering output with ob_start() (PHP Solution 9-2), 250 building a login page (PHP Solution 9-3), 251 byte order mark (BOM), 247 check(), 260–263 CheckPassword.php, 259, 262, 265 INDEX 502 CheckPassword_01.php, 262 CheckPassword_02.php, 264 contents of a simple session file, 245 creating a file-based user registration system (PHP Solution 9-7), 265 creating a password strength checker (PHP Solution 9-6), 258 creating a random salt for each password, 270 creating a reusable logout button (PHP Solution 9-5), 256 creating a simple session (PHP Solution 9-1), 247 creating PHP sessions, 245 creating session variables, 246 definition of, 243 destroying a session, 246 disabled cookies and, 245 encrypted.txt, 269 encrypting passwords with SHA-1, 258 ending a session after a period of inactivity (PHP Solution 9-9), 270 file(), 251 file-based authentication, 251 filesize(), 267 filetest_02.txt, 251 fopen(), 267 getErrors(), 261 handling the "headers already sent" error, 247, 249 header(), 247, 254–255, 275 ini_set(), 270 invalidating the session cookie, 246 login.php, 251, 255, 257, 269, 271 login_01.php, 269 login_02.php, 270 logout.inc.php, 257 making passwords more secure, 258 menu.php, 255–257 menu_01.php, 255 menu_02.php, 256 multiform.inc.php, 274–275 multiple_01.php, 273–274 multiple_02.php, 276 multiple_03.php, 276 multiple_04.php, 277 never using session variables to store sensitive information, 245 ob_end_clean(), 258 ob_end_flush(), 247, 251, 258 ob_start(), 247, 258 one-way encryption, 258 PHPSESSID, 244 preg_match(), 260, 264 preg_match_all(), 264 Ps2_CheckPassword class, 260 regenerating the session ID, 247 register.php, 259, 261, 264–265, 268 register_01.php, 259 register_02.php, 262 register_03.php, 264–265 register_04.php, 267 register_05.php, 269 register_user_text.inc.php, 265–267, 269 register_user_text.inc_01.php, 267 register_user_text.inc_02.php, 269 removal of inactive session files, 245 restricting access to a page with a session (PHP Solution 9-4), 255 secretpage.php, 255–257, 272 secretpage_01.php, 255 $_SESSION, 37, 246 session ID, 243 session variables, 244 session_01.php, 247 session_02.php, 247, 250 session_03.php, 248, 250 session_destroy(), 246 session_name(), 246 session_regenerate_id(), 247 session_register(), 246 session_start(), 245, 247, 250, 258, 271 session_timeout.inc.php, 271 session_unregister(), 246 setcookie(), 247, 250 setting a time limit on sessions, 270 sha1(), 269 str_replace(), 275 strlen(), 260 time(), 271 trim(), 259 unsetting session variables, 246 using an encrypted login (PHP Solution 9-8), 269 using sessions for a multipage form (PHP Solution 9-10), 273 using sessions to restrict website access, 247 See also encryption; one-way encryption; passwords; SHA-1; two-way encryption SET data type, 301 set_include_path(), 98, 100 Download from Wow! eBook <www.wowebook.com> INDEX 503 setDate(), 406 setDestination(), 225 setMaxSize(), 164, 226 setPermittedTypes(), 162, 165 setter methods, 222 setThumbDestination(), 239 setTime(), 406 setTimezone(), 407 creating a DateTimeZone object, 209 setting up PHP (Mac OS X) installing MAMP, procedure for, 19 testing and configuring MAMP, procedure for, 20 See also PHP test environment setting up PHP (Windows) choosing a web server, 12 configuring XAMPP, procedure for, 14 developing web pages using ASP or ASP.NET, 12 displaying filename extensions, 11 installing MySQL on IIS, 17 installing PHP using the Web Platform Installer (Web PI), procedure for, 16 installing phpMyAdmin on IIS, 18 installing XAMPP, procedure for, 12 Internet Information Services (IIS), 12 logging on as an Administrator before installing, 11 starting Apache and MySQL automatically with XAMPP, 15 troubleshooting, 14 See also PHP test environment SHA-1, 265 encrypting passwords with, 258 one-way encryption, 258 sha1(), 269, 463, 468 See also encryption; one-way encryption; passwords; sessions; two-way encryption SimpleXML, 58, 179 consuming an RSS news feed (PHP Solution 7-5), 206 Coordinated Universal Time (UTC), 209 DateTime class, 208 <description> tag, 208 extracting information from XML, 205 getOffset(), 209 newsfeed.php, 206 <pubDate> tag, 208 setTimezone(), 209 simplexml_load_file(), 205, 207 SimpleXMLElement class, 205 SimpleXMLIterator class, 207 <title> tag, 208 See also Extensible Markup Language (XML) single-line comments, 35 site-root-relative path, 100 Skype, changing the incoming port, 11 <span> tag, 114 SplFileInfo, table of methods, 197 SQL Server, using with PHP, 17 SQLyog, 284 Standard PHP Library (SPL), 179 DirectoryIterator class, 196 SplFileInfo, 196 static methods, 404 stmt_init(), 326 Storage Engine drop-down menu, 433, 452 storage_engines.php, 434 store_result(), 327 str_replace(), 81, 167, 275 strftime(), 401 strict, 46 strings, 48 concatenation (.) operator, 45 escaping single quotes and apostrophes in a single-quoted string, 53 joining strings in PHP, 45 single and double quotes, 52 variables inside strings, 52 See also quotes strip_tags(), 204 strlen(), 260 strpos(), 224, 385 strrpos(), 168, 385 strtolower(), 82 strtotime(), 403, 410 strtoupper(), 82 Structure icon, 293 Structure tab, 453, 455 Structured Query Language (SQL) adding comments to queries, 315 affected_rows property, 361 AS keyword, 384, 391 ASC keyword, 317 assigning an alias to a column, 384 BETWEEN, 378 BINARY keyword, 319 bind_param(), 328, 360 bind_result(), 327 bindColumn(), 331 INDEX 504 binding the parameters, 360, 362 changing column options through user input (PHP Solution 11-10), 332 close(), 327 CONCAT(), 378 controlling the sort order, 316 COUNT(), 310, 348 cross-reference (linking) table, 417 DELETE command, 355, 375, 380 DESC keyword, 316 embedding variables in MySQLi prepared statements, 326 embedding variables in PDO prepared statements, 329 errorInfo(), 331 establishing relationships between tables through foreign keys, 415 execute(), 330–331, 361 fetch(), 327, 329 fetch_assoc(), 329 finding records that dont have a matching foreign key, 427 foreign key constraints, 432 formatting dates in a SELECT query with DATE_FORMAT(), 390 free_result(), 327 handling numbers, 315 handling security and error messages, 380 IN(), 378 INNER JOIN, 422 INSERT command, 357, 359, 379, 419 inserting a foreign key in a table, 419 inserting a new record with MySQLi (PHP Solution 13-1), 359 inserting a new record with PDO (PHP Solution 13-2), 361 inserting a string with real_escape_string() (PHP Solution 11-7), 323 inserting an integer from user input into a query (PHP Solution 11-6), 320 INTO, 379 is_numeric(), 319, 321 joint primary key, 417 keywords as case-insensitive, 314 LEFT JOIN, 427 LEFT(), 384 LIKE keyword, 318, 325 LIMIT clause, 349, 379 LIMIT keyword, 347 linking tables in a SELECT query, 422 main operators used in MySQL WHERE expressions, table of, 377 many-to-many relationship, 417 mysqli_03.php, 316 mysqli_integer_01.php, 320 mysqli_prepared_02.php, 329 named placeholders, 330 ON, 422 one-to-many relationship, 416 one-to-one relationship, 415 ORDER BY clause, 316, 379 pdo_03.php, 316 pdo_integer_01.php, 320 percentage sign as a wildcard character, 318 performing a case-sensitive search, 319 prepare(), 328 prepared statements, using, 320 preventing SQL injection attacks, 319 query(), 322 question mark placeholders, 330 quoting strings, 315 real_escape_string(), 320 referential integrity, maintaining, 417, 431 reversing the sort order, 316 reviewing the four essential SQL commands, 376 SELECT command, 355, 369, 377, 419 selecting columns, 315 stmt_init(), 326 store_result(), 327 understanding table relationships, 415 UPDATE command, 357, 367, 370, 380, 419 updating a record with MySQLi (PHP Solution 13-4), 367 updating a record with PDO (PHP Solution 13-5), 371 using a MySQLi prepared statement in a search (PHP Solution 11-8), 327 using a PDO prepared statement in a search (PHP Solution 11-9), 331 using a variable for a column name, 320 using semicolons in queries along with PHP, 315 USING() clause, 424, 427 WHERE clause, 317, 375, 424 whitespace ignored, 315 writing SQL queries, 314 See also databases; foreign keys; MySQL; PHP Data Objects (PDO); phpMyAdmin; phpsols database; primary keys; tables INDEX 505 sub(), 406, 409 SUBDATE(), 392 substr(), 168, 220, 223, 384–385 Sun Microsystems, 280 superglobal arrays $_FILES, 37, 144 $_GET, 36, 107, 109 get method, 36 $_POST, 36, 106–107, 109–111, 113, 116, 120–121, 132 post method, 36 $_REQUEST, 108 $_SERVER, 37 $_SESSION, 37, 246 See also arrays switch statement break keyword, 60 case keyword, 60 comparison operators and, 61 default keyword, 61 example of, 60 syntax of, 60 See also conditional statements; loops; operators Symfony, 100 T tables adding an extra column to a table (PHP Solution 15-1), 418 altering the structure of an existing table, 417 composite primary key, 436 converting an InnoDB table back to MyISAM, 455 converting tables from MyISAM to InnoDB, 452 cross-reference (linking) table, 417, 436 establishing relationships between tables through foreign keys, 415 finding records that dont have a matching foreign key, 427 INNER JOIN, 422 inserting a foreign key in a table, 419 inserting data into multiple tables (PHP Solution 16-4), 444 LEFT JOIN, 427 linking tables in a SELECT query, 422 many-to-many relationship, 417 one-to-many relationship, 416 one-to-one relationship, 415 referential integrity, maintaining, 417, 431 parent and child (dependent) tables, 417 understanding table relationships, 415 updating records in a cross-reference table, 449 See also databases; foreign keys; MySQL; PHP Data Objects (PDO); phpMyAdmin; phpsols database; primary keys; Structured Query Language (SQL) tags, opening and closing, 30 ternary operator, syntax of, 61 test(), 220, 225, 228, 233 text array_pop(), 388 blog_mysqli.php, 389 blog_pdo.php, 389 blog_ptags_mysqli.php, 387 blog_ptags_pdo.php, 387 count(), 388 displaying a text extract, 383 displaying database text as paragraphs, 386 displaying the first two sentences of an article (PHP Solution 14-1), 388 ending an extract on a complete word, 385 extracting a fixed number of characters, 384 extracting complete sentences, 387 getFirst(), 387–388 implode(), 388 LEFT(), 384 nl2br(), 386 preg_replace(), 386 preg_split(), 387 strpos(), 385 strrpos(), 385 substr(), 384–385 using the PHP_EOL constant, 385 utility_funcs.inc.php, 387–388 See also file system; fopen() <textarea> tag, 105, 118 TextEdit, 6, 9 $this->, 33, 153, 158 throwing an exception, 46–47 thumbnail images generating, 217 Ps2_Thumbnail class, building, 218 Thumbnail.php, 218, 222, 236 Thumbnail_01.php, 222 Thumbnail_02.php, 226–227 Thumbnail_03.php, 229, 231 Thumbnail_04.php, 234 INDEX 506 ThumbnailUpload.php, 236 See also gallery (online); images; Ps2_Thumbnail class; Ps2_ThumbnailUpload class thumbs folder, 337 time(), 271, 463 TIMESTAMP column, 394 automatically updating in a MySQL table, 356–357 TIMESTAMP data type, 300 timezones.php, 407 TINYBLOB data type, 301 <title> tag, 205, 208 title.inc.php, 79, 81–82 tmp_name, 148 toggle_fields.js, 442 transaction, definition of, 435 trim(), 187, 259 troubleshooting catch block, 95–96 display_errors directive, turning off, 94 open_basedir directive has been set, 94 Parse error, 10 server is running in safe mode, 93 suppressing error messages in a live website, 94 try block, 47, 95 See also error messages true keyword, 58 two-way encryption advantages and disadvantages of, 460 AES_DECRYPT(), 472 creating a login page with, 471 decrypting a password with, 472 storing a password in a database as a binary object, 469 using, 469 See also encryption; one-way encryption; passwords; sessions; SHA-1 type juggling, 166 U ucfirst(), 80 ucwords(), 81–82 underscores, 33, 36 Unicode (UTF-8), 117, 122 unlink(), 239 UNSIGNED, 300 UPDATE command, 357, 370, 419 syntax of, 367, 380 WHERE clause, 380 Update Entry button, 370, 375 Upload.php, 155, 160, 236 Upload_01.php, 156–157 Upload_02.php, 160, 162 Upload_04.php, 170, 172 Upload_05.php, 176 Upload_06.php, 438 upload_test folder, 164, 170 uploading files $this->, 158 adapting the Ps2_Upload class to handle multiple file uploads (PHP Solution 6-6), 172 adding a file-upload field to an HTML form, 143 adding the multiple attribute to the <input> tag, 171 addPermittedTypes(), 162–163, 165 allowing different MIME types and sizes to be uploaded (PHP Solution 6-4), 161 array_merge(), 162 casting operators, 162, 166 checkError(), 158–160, 173–174 checking an uploaded files name before saving it (PHP Solution 6-5), 166 checking the suitability of uploaded content, 141 checking upload errors, 156 checkName(), 169–170, 173 checkSize(), 158–159, 173–174 checkType(), 164–165, 173 common MIME types, table of, 161 configuration settings affecting file uploads, table of, 142 converting the Ps2_Upload class to use a namespace (PHP Solution 6-7), 176 copy(), 150 creating a basic file-upload class (PHP Solution 6-2), 151 creating a basic file-upload script (PHP Solution 6-1), 148 creating an upload folder for local testing on Mac OS X, procedure for, 147 creating an upload folder for local testing on Windows, 146 error levels in the $_FILES array, table of, 157 file_upload.php, 144, 150, 155–156, 160, 164–165, 170 file_upload_01.php, 144 file_upload_02.php, 144, 161 INDEX 507 file_upload_03.php, 148 file_upload_04.php, 148 file_upload_05.php, 156 file_upload_06.php, 171 file_upload_07.php, 171 file_uploads, 142 getMaxSize(), 158–159 getMessages(), 157 giving global access (chmod 777) to upload directories, 146 hosting companies and file/directory permissions, 146 how PHP handles file uploads, 142 how the $_FILES array handles multiple files, 171 in_array(), 163, 168–169 inspecting the $_FILES array, 144 is_int(), 163 is_numeric(), 163 isset(), 145 isValidMime(), 162–163 making changes to protected properties on the fly, 161 max_execution_time, 142 MAX_FILE_SIZE, 148, 150, 164 max_input_time, 142 move(), 158–159, 164, 170, 173–174 move_uploaded_file(), 148–150, 154, 159–160, 173 moving a temporary file to the upload folder, 148 number_format(), 159 post_max_size, 142–143 preventing existing files from being overwritten, 166 print_r(), 145 processFile(), 173–175 Ps2_Upload class, 151 scandir(), 168 security recommendations for file uploads, 178 setMaxSize(), 164 setPermittedTypes(), 162, 165 specifying a maximum size for an uploaded file in an HTML form, 148 steps required to ensure a secure file-upload process, 150 str_replace(), 167 strrpos(), 168 substr(), 168 testing the error level, file size, and MIME type (PHP Solution 6-3), 157 tmp_name, 148 type juggling, 166 Upload button, 146, 149 upload directory, establishing, 146 Upload.php, 151, 155, 160 Upload_01.php, 156–157 Upload_02.php, 160, 162 Upload_03.php, 167 Upload_04.php, 170, 172 Upload_05.php, 176 upload_max_filesize, 143 upload_test folder, 146–147, 149–150, 164, 170 upload_tmp_dir, 143 uploading multiple files, 171 using the Ps2_Upload class in a script, 177 See also Ps2_Upload class URL encoding, 106 users table creating, 460 table of columns, 460 users_2way table creating, 469 table of columns, 469 USING() clause, 424, 427 utility_funcs.inc.php, 387–388, 396–398, 424 V value attribute, 139 Value field, 295 variables, 32 assigning values to, 33 assignment (=) operator, 33 camel case, 33 ending commands or statements with a semicolon, 34 rules for naming variables, 33 scope of, 66 $this->, 33 underscores, 33 using a variable variable, 126 variables inside strings, 52 virtual host setting up a virtual host for testing, 101 setting up your site in a virtual host, 27 INDEX 508 W WampServer, 12 warnings, 46 websites building PHP pages dynamically in response to a browser request, 3 checking for PHP support on your website, 9 checking the current running version of PHP, 9 displaying the current year in a copyright notice, 2 how PHP makes web pages dynamic, 2 include files, 3 suppressing error messages in a live website, 94 testing your pages on your own website, 10 uses for PHP, 1 using PHP to introduce logic into web pages, 4 using the W3Cs Markup Validation Service, 5 WHERE clause, 317, 375, 377, 380, 424 while loop syntax of, 62 while.php, 62 whitespace in code, 42 wordwrap(), 126 World Wide Web Consortium (W3C), Markup Validation Service, 5 X, Y XAMPP configuring, procedure for, 14 confirming that Apache and MySQL are running, 13 Control Panel, 13 Explore button, 14 installing on Windows, procedure for, 12 Port-Check button, 14 troubleshooting, 14 Z Zend Framework, 100, 176 Zend Studio, 8 INDEX 509 . 271 login_01 .php, 269 login_02 .php, 270 logout.inc .php, 257 making passwords more secure, 258 menu .php, 255–257 menu_01 .php, 255 menu_02 .php, 256 multiform.inc .php, 274–275 multiple_01 .php, 273–274 multiple_02 .php, . establishing, 146 Upload .php, 151, 155, 160 Upload_01 .php, 156–157 Upload_02 .php, 160, 162 Upload_03 .php, 167 Upload_04 .php, 170, 172 Upload_05 .php, 176 upload_max_filesize, 143 upload_test folder,. file_upload .php, 144, 150, 155–156, 160, 164–165, 170 file_upload_01 .php, 144 file_upload_02 .php, 144, 161 INDEX 507 file_upload_03 .php, 148 file_upload_04 .php, 148 file_upload_05 .php,