This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Copyright Table of Contents Index Full Description Reviews Reader reviews Errata Web Database Applications with PHP & MySQL Hugh E Williams David Lane Publisher: O'Reilly First Edition March 2002 ISBN: 0-596-00041-3, 582 pages Web Database Applications with PHP and MySQL offers web developers a mixture of theoretical and practical information on creating web database applications Using PHP and MySQL, two open source technologies that are often combined to develop web applications, the book offers detailed information on designing relational databases and on web application architecture, both of which will be useful to readers who have never dealt with these issues before The book also introduces Hugh and Dave's Online Wine Store, a complete (but fictional) online retail site implemented using PHP and MySQL only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Web Database Applications with PHP & MySQL Preface What This Book Is About What You Need to Know How This Book Is Organized How to Use This Book Conventions Used in This Book How to Contact Us Web Site and Code Examples Acknowledgments Database Applications and the Web 1.1 Three-Tier Architectures 1.2 The Client Tier 1.3 The Middle Tier 1.4 The Database Tier 1.5 Our Case Study PHP 2.1 Introducing PHP 2.2 Conditions and Branches 2.3 Loops 2.4 A Working Example 2.5 Arrays 2.6 Strings 2.7 Regular Expressions 2.8 Date and Time Functions 2.9 Integer and Float Functions 2.10 User-Defined Functions 2.11 Objects 2.12 Common Mistakes MySQL and SQL 3.1 Database Basics 3.2 Quick Start Guide 3.3 MySQL Command Interpreter 3.4 Managing Databases, Tables, and Indexes 3.5 Inserting, Updating, and Deleting Data 3.6 Querying with SQL SELECT 3.7 Join Queries 3.8 Modifying the Database 3.9 Functions 3.10 More on SQL and MySQL This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com 3.10 More on SQL and MySQL Querying Web Databases 4.1 Connecting to a MySQL Database 4.2 Formatting Results 4.3 Case Study: The Front-Page Panel 4.4 Interacting with Other DBMSs Using PHP User-Driven Querying 5.1 User Input 5.2 Querying with User Input 5.3 Case Study: Previous and Next Browsing 5.4 Case Study: Producing a select List Writing to Web Databases 6.1 Database Inserts, Updates, and Deletes 6.2 Issues in Writing Data to Databases Validation on the Server and Client 7.1 Validation and Error Reporting for Web Database Applications 7.2 Server-Side Validation 7.3 Client-Side Validation with JavaScript Sessions 8.1 Building Applications That Keep State 8.2 Session Management Over the Web 8.3 PHP Session Management 8.4 Case Study: Adding Sessions to the Winestore 8.5 When to Use Sessions Authentication and Security 9.1 HTTP Authentication 9.2 HTTP Authentication with PHP 9.3 Authentication Using a Database 9.4 Web Database Applications and Authentication 9.5 Protecting Data on the Web 10 Winestore Customer Management 10.1 Overview of the Winestore Application 10.2 Customer Management 10.3 Authenticating Users 10.4 The Winestore Include Files 11 The Winestore Shopping Cart 11.1 The Winestore Home Page 11.2 The Shopping Cart Architecture 11.3 Managing Redirection 12 Ordering and Shipping at the Winestore 12.1 Finalizing Orders 12.2 HTML and Email Receipts 13 Related Topics 13.1 Automated Housekeeping 13.2 Templates 13.3 Searching and Browsing A Installation Guide A.1 Installing MySQL, Apache, and PHP A.2 Installing the Winestore Examples This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com A.3 Installing Apache to Use SSL A.4 Installation Resources B Internet and Web Protocols B.1 The Internet B.2 Hypertext Transfer Protocol C Modeling and Designing Relational Databases C.1 The Relational Model C.2 Entity-Relationship Modeling D Managing Sessions in the Database Tier D.1 Using a Database to Keep State D.2 PHP Session Management D.3 MySQL Session Store E Resources E.1 Client Tier Resources E.2 Middle Tier Resources E.3 Database Tier Resources E.4 Security and Cryptography Resources Colophon only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Web Database Applications with PHP & MySQL Copyright © 2002 O'Reilly & Associates, Inc All rights reserved Printed in the United States of America Published by O'Reilly & Associates, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472 O'Reilly & Associates books may be purchased for educational, business, or sales promotional use Online editions are also available for most titles (http://safari.oreilly.com) For more information contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com The O'Reilly logo is a registered trademark of O'Reilly & Associates, Inc Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and O'Reilly & Associates, Inc was aware of a trademark claim, the designations have been printed in caps or initial caps The association between the image of a platypus and the topic of web database applications with PHP and MySQL is a trademark of O'Reilly & Associates, Inc While every precaution has been taken in the preparation of this book, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Preface Web database applications integrate databases and the Web Well-known web destinations such as online auction sites, retail stores, news sites, discussion forums, and personalized home pages are all examples of web database applications The popularity of these applications stems from their accessibility and usability: thousands of users can access the same data at the same time without the need to install additional software on their machines only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile What This Book Is About This book is for developers who want to build database applications that are integrated with the Web It presents the principles and techniques of developing small- to medium-scale web database applications that store, manage, and retrieve data, as well as the basic techniques for securing an application The architecture we describe is a successful framework for applications that can run on modest hardware and process more than a million hits per day from users An important feature of this book is our ongoing case study, Hugh and Dave's Online Wines It's a complete but fictional online retail store that allows users to browse and search a database of wines, add items to a shopping cart, manage their membership, and purchase wines Searching, browsing, storing user data, validating user input, managing user transactions, and security are each the subject of a chapter, and each topic is illustrated with examples from the case study The completed winestore scripts are presented and briefly discussed at the end of the book We use open source software Our database management system (DBMS) is MySQL, a system known for its suitability to applications that require speed but low resource overheads Our scripting language is PHP, which is best known for its function libraries that interact with more than 15 relational database systems, the web environment, and many other services We use PHP to develop the application logic that brings together the Web and the relational database management system (RDBMS) Apache is our web server of choice only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile What You Need to Know This book is about understanding and developing application logic that brings databases and the Web together We introduce database systems over the course of the book, but our discussions don't replace a book or class dedicated to relational database theory, or a book about a specific relational database system such as MySQL Likewise, we assume you are already familiar with the Web We introduce but don't delve deeply into the three key web protocols, HTML, HTTP, and TCP/IP We also assume you can program in a third-generation programming language such as C, C++, Java, Perl, FORTRAN, or Visual Basic Our introduction to the PHP web scripting language doesn't assume you are familiar with web scripting or are an expert programmer, but we assume you understand the basic HTML constructs and are familiar with the popular web browsers If you can author an HTML document with a text editor that contains a and a element, you have sufficient HTML skills to use this book It is the principles of structure in the markup process that are important, not the attractiveness or usability of the presentation in the web browser We introduce advanced HTML concepts as required, but an HTML guide such as O'Reilly's HTML and XHTML: The Definitive Guide, by Chuck Musciano and William Kennedy, is a useful resource for understanding and building web database applications You may also find O'Reilly's Programming PHP, by Rasmus Lerdorf and Kevin Tatroe useful as well You don't need a detailed understanding of relational databases to use this book, but a working knowledge is helpful We present the relational database theory needed for developing simple applications, and we cover many other basic concepts, including how to tell when a database is the method of choice to store data, the architecture of a DBMS, the database query language SQL, and a case study that models system requirements and converts the model to a database design This book isn't a substitute for the many good resources on database theory, however, it's enough to begin developing the underlying databases for many web database applications We briefly introduce web servers and networking in Chapter and provide additional material in Appendix B Both web servers and networking are important to a web database application but aren't the focus of this book We present enough information to set up a web server and to understand how it fits in the architecture of a web database application For many applications, this is sufficient Likewise, we present sufficient detail so that you will understand what networking and network protocol issues impact web database application design only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile How This Book Is Organized There are 13 chapters and appendixes in this book Chapter to Chapter introduce web database applications, PHP, MySQL, and SQL: Chapter Discusses the three-tier architecture commonly used in web database applications and in those that we discuss in this book We introduce each of the three tiers and the features of each, and we introduce the software tools that we use We also briefly introduce web protocols The chapter concludes with an introduction to our case study example, Hugh and Dave's Online Wines We discuss the components of the winestore, the system requirements, and where in the book the techniques to develop each component are covered Chapter Introduces the PHP scripting language It covers programming in PHP and discusses the basic programming constructs, variables, types, functions, techniques, and common sources of bugs We include many short code examples to illustrate how to program with PHP Chapter Introduces the MySQL DBMS and how to interact with it using the database query language SQL Using examples from the online winestore, we introduce the SQL commands for creating, deleting, and updating data and databases We also present a longer, example-driven section on querying the online winestore The chapter concludes with discussion of advanced topics, including MySQL database tuning and configuration Chapter to Chapter cover the principles and practice of developing web database application logic Chapter Introduces the basics of connecting to the MySQL DBMS with PHP We explain the querying process used in most interactions with the DBMS and present examples that use most of the PHP MySQL library functions We also show how results from database queries can be formatted as HTML for delivery in a web browser The chapter is supported by the online winestore case study example, which shows how to build a moderately complex querying module Chapter This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com Chapter Continues the principles and practice of querying web databases Here we focus on user-driven querying, in which the user provides parameters to the querying process We show how data is encoded, sent in requests from a web browser to a web server, and decoded for processing in PHP We discuss the security implications in processing user data and show steps to secure interactive querying systems Our discussion is supported by a user-driven querying example with results that can be browsed page by page Chapter Covers writing data to web databases There are several reasons why writing data is different from reading it For example, reloading or printing a page from a web browser can cause data to be written to a database more than once Multiple users accessing the same database introduces other problems, such as data unexpectedly being changed by one user while it's being read by another We discuss how to solve problems related to the nature of the Web and multiple users We illustrate the principles with an example that adds and edits customer details in the online winestore Chapter This chapter is related to Chapter and presents the principles and techniques for user-input validation We introduce validation models and reporting methods that work in web database applications and show how these are implemented using PHP and supported by client-side, browser-based JavaScript Chapter Covers the principles of adding session management to web database applications Session management allows the interactions between a user and the application to be related so that, for example, a user can log in and log out of an application and be guided through a series of steps in a process We show how PHP manages sessions and illustrate the techniques with a case study of managing error feedback to users who are joining as customers of the winestore Chapter Presents topics in web security We show how PHP can be used for basic authentication, how databases can manage many users, and how communications can be secured with the network-level secure sockets layer Our case study is the login and logout process for the online winestore This extends our discussion of session management in Chapter Chapter 10 to Chapter 13 present and outline the completed winestore case study The outlines aren't comprehensive: we assume you have completed Chapter to Chapter and understand the principles of developing web database applications We recommend that you view, edit, and use the winestore PHP scripts while reading Chapter 10 through Chapter 13 This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com emptying , 2nd housekeeping for updating quantities in , 2nd short-circuit evaluation property SHOW command show_HTML_receipt( ) showCart( ) showerror( ) , 2nd , 3rd showLogin( ) showMessage( ) , 2nd showPanel( ) showPricing( ) , 2nd showVarieties( ) , 2nd , 3rd browsing and vs showPricing( ) showWines( ) Smarty PHP template engine sort( ) sorting arrays output space( ) split( ) spreadsheets, vs databases sprintf( ) SQL (Structured Query Language) , 2nd , 3rd components of This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com converting E/R model to queries and winestore application, creating with working with MySQL and SQL interpreter SQL server (Microsoft) srand( ) , 2nd SSL protocol installing Apache to use start/end tags include statement and omitting starvation problem state building applications to maintain stateless applications, building stored procedures str_pad( ) str_replace( ) strcasecmp( ) strcmp( ) , 2nd , 3rd strftime( ) string assignments string clean( ) string comparison operators/functions string crypt( ) string getCustomerID( ) This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com string literals , 2nd string mysql_tablename( ) string session_id( ) string showWine( ) strings comparing converting to timestamp , 2nd converting to/from integers splitting into an array stristr( ) strlen( ) strncasecmp( ) strncmp( ) strpos( ) , 2nd strrchr( ) strrpos( ) strstr( ) strtotime( ) , 2nd strtr( ) Structured Query Language strval( ) subject string subsecond times substr( ) , 2nd substr_replace( ) substring( ) substrings This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com substrings replacing , 2nd superuser support functions swapping memory switch statement synchronization, problems with caused by sessions system requirements for the winestore application system( ) only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Web Database Applications with PHP & MySQL [Symbol][A][B][C][D][E][F][G][H][I][J][K][L][M][N][O][P][Q][R][S][T][U][V][W] [X][Z] T table aliases , 2nd tables creating with visual appeal displaying details of locking temporary working with tainted data TCP/IP protocol HTTP and templates temporary tables terminology for databases testing variables text files bulk loading data from vs databases thesame( ) thick clients , 2nd thin clients threads three-tier architectures This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com three-tier architectures reasons for using time time-outs , 2nd time string time( ) , 2nd timestamp tracking transaction management transactions commit/rollback and trigger_error( ) triggers trigonometry functions trim( ) , 2nd trimming whitespace two-component querying two-phase locking type conversion type-casting types only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Web Database Applications with PHP & MySQL [Symbol][A][B][C][D][E][F][G][H][I][J][K][L][M][N][O][P][Q][R][S][T][U][V][W] [X][Z] U uasort( ) unary not operator Unix cron tables Unix timestamp unix_timestamp( ) UNLOCK TABLES statement unrepeatable read problem , 2nd unset( ) Update Quantities button UPDATE statement limitations of privileges and WHERE clause and update( ) updateDiscount( ) updatePassword( ) updates updating data upper( ) URL rewrite feature URLs Apache server , 2nd ApacheSSL This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com embedded passing data with mod_ssl MySQL OpenSSL documentation for passing data with PHP manual for PHP Triad for Windows PostgreSQL Smarty PHP template engine this book winestore application XTemplate class library user agents user input querying with security and user tracking user-driven querying users adding/deleting authenticating customer authentication and authorizing access for customer management and This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com element comparisons defined by functions defined by login requirement for multiple, issues affecting reload problem and session handlers defined by which web browser used by usort( ) comparing strings and sorting arrays and only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Web Database Applications with PHP & MySQL [Symbol][A][B][C][D][E][F][G][H][I][J][K][L][M][N][O][P][Q][R][S][T][U][V][W] [X][Z] V validation , 2nd client-side for dates , 2nd for email addresses for numbers server-side validation scripts for customers validator for HTML var_dump( ) , 2nd variable substitution variables assignment and content/type of, examining debugging and initializing with PHP passing to functions scope and verify( ) views not supported in MySQL void loginButtons( ) void selectDistinct ( ) This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com void showCart( ) void showLogin( ) , 2nd void showMessage( ) void showPricing( ) void showVarieties( ) volumeDiscount( ) only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Web Database Applications with PHP & MySQL [Symbol][A][B][C][D][E][F][G][H][I][J][K][L][M][N][O][P][Q][R][S][T][U][V][W] [X][Z] W W3C validator for HTML Web (the) protocols and web browsers web database applications authentication and building case study illustrating components of locking tables and web pages, reload problem and web scripting languages , 2nd web servers web sites, personalizing web spiders WHERE clause join queries and while loop whitespace wildcards window.close( ) window.open( ) window.print( ) This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com windows.history.go(-1) winestore application components of creating with SQL customer authentication for customer management for customer validation for database for loading ER modeling for front-page panel for home page for ordering and shipping wines from , 2nd regions, adding to relations in sample PHP scripts for, downloading/installing scripts for , 2nd , 3rd sessions, adding to shopping cart for system requirements for wines, adding to wizards write-lock queue , 2nd only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Web Database Applications with PHP & MySQL [Symbol][A][B][C][D][E][F][G][H][I][J][K][L][M][N][O][P][Q][R][S][T][U][V][W] [X][Z] X XTemplate class library only for RuBoard - not distribute or recompile This document is created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Web Database Applications with PHP & MySQL [Symbol][A][B][C][D][E][F][G][H][I][J][K][L][M][N][O][P][Q][R][S][T][U][V][W] [X][Z] Z Zend engine , 2nd only for RuBoard - not distribute or recompile ... use with web servers and web protocols This book is about bringing together the Web and databases Most web database applications this through three layers of application logic At the base is a database. .. module, with around 40% of the Apache HTTP servers having PHP capabilities.[3] PHP is particularly suited to web database applications because of its integration tools for the Web and database. .. created with a trial version of CHM2PDF Pilot http://www.colorpilot.com only for RuBoard - not distribute or recompile Preface Web database applications integrate databases and the Web Well-known web