CONTENTS
xi
Web Database Architecture 180
Architecture 180
Further Reading 182
Next 182
8 Creating Your Web Database 183
A Note on Using the MySQL Monitor 185
How to Log In to MySQL 185
Creating Databases and Users 187
Creating the Database 187
Users and Privileges 187
Introduction to MySQL’s Privilege System 188
Principle of Least Privilege 188
Setting Up Users: The GRANT Command 188
Types and Levels of Privilege 190
The REVOKE Command 192
Examples Using GRANT and REVOKE 192
Setting Up a User for the Web 193
Logging Out As root 193
Using the Right Database 193
Creating Database Tables 194
What the Other Keywords Mean 196
Understanding the Column Types 196
Looking at the Database with SHOW and DESCRIBE 198
MySQL Identifiers 199
Column Data Types 200
Numeric Types 201
Further Reading 206
Next 206
9 Working with Your MySQL Database 207

What Is SQL? 208
Inserting Data into the Database 209
Retrieving Data from the Database 211
Retrieving Data with Specific Criteria 212
Retrieving Data from Multiple Tables 214
Retrieving Data in a Particular Order 219
Grouping and Aggregating Data 220
Choosing Which Rows to Return 222
Updating Records in the Database 223
Altering Tables After Creation 223
Deleting Records from the Database 225
Dropping Tables 226
00 7842 FM 3/6/01 3:38 PM Page xi
PHP AND MYSQL WEB DEVELOPMENT
Dropping a Whole Database 226
Further Reading 226
Next 226
10 Accessing Your MySQL Database from the Web
with PHP 227
How Web Database Architectures Work 228
The Basic Steps in Querying a Database
from the Web 232
Checking and Filtering Input Data 232
Setting Up a Connection 234
Choosing a Database to Use 235
Querying the Database 235
Retrieving the Query Results 236
Disconnecting from the Database 238
Putting New Information in the Database 238
Other Useful PHP-MySQL Functions 241

Freeing Up Resources 241
Creating and Deleting Databases 242
Other PHP-Database Interfaces 242
Further Reading 242
Next 243
11 Advanced MySQL 245
Understanding the Privilege System in Detail 246
The user Table 247
The db and host Tables 248
The tables_priv and columns_priv Tables 249
Access Control: How MySQL Uses the Grant Tables 250
Updating Privileges: When Do Changes Take Effect? 251
Making Your MySQL Database Secure 251
MySQL from the Operating System’s Point of View 252
Passwords 252
User Privileges 253
Web Issues 253
Getting More Information About Databases 254
Getting Information with SHOW 254
Getting Information About Columns with DESCRIBE 257
Understanding How Queries Work with EXPLAIN 257
Speeding Up Queries with Indexes 261
General Optimization Tips 261
Design Optimization 261
Permissions 261
xii
00 7842 FM 3/6/01 3:38 PM Page xii
CONTENTS
Table Optimization 262
Using Indexes 262

Use Default Values 262
Use Persistent Connections 262
Other Tips 262
Different Table Types 263
Loading Data from a File 263
Further Reading 264
Next 264
P
ART III E-commerce and Security 265
12 Running an E-commerce Site 267
What Do You Want to Achieve? 268
Types of Commercial Web Sites 268
Online Brochures 269
Taking Orders for Goods or Services 271
Providing Services and Digital Goods 275
Adding Value to Goods or Services 276
Cutting Costs 276
Risks and Threats 277
Crackers 277
Failing to Attract Sufficient Business 278
Computer Hardware Failure 278
Power, Communication, Network, or Shipping Failures 278
Extensive Competition 278
Software Errors 279
Evolving Governmental Policies and Taxes 279
System Capacity Limits 279
Deciding on a Strategy 280
Next 280
13 E-commerce Security Issues 281
How Important Is Your Information? 282

Security Threats 283
Exposure of Confidential Data 283
Loss or Destruction of Data 285
Modification of Data 286
Denial of Service 287
Errors in Software 288
Repudiation 289
Balancing Usability, Performance, Cost, and Security 290
Creating a Security Policy 291
xiii
00 7842 FM 3/6/01 3:38 PM Page xiii
PHP AND MYSQL WEB DEVELOPMENT
Authentication Principles 291
Using Authentication 292
Encryption Basics 293
Private Key Encryption 294
Public Key Encryption 295
Digital Signatures 296
Digital Certificates 297
Secure Web Servers 298
Auditing and Logging 299
Firewalls 300
Backing Up Data 301
Backing Up General Files 301
Backing Up and Restoring Your MySQL Database 301
Physical Security 302
Next 302
14 Implementing Authentication with PHP and MySQL 303
Identifying Visitors 304
Implementing Access Control 305

Storing Passwords 308
Encrypting Passwords 310
Protecting Multiple Pages 312
Basic Authentication 312
Using Basic Authentication in PHP 314
Using Basic Authentication with Apache’s .htaccess Files 316
Using Basic Authentication with IIS 319
Using mod_auth_mysql Authentication 321
Installing mod_auth_mysql 322
Did It Work? 323
Using mod_auth_mysql 323
Creating Your Own Custom Authentication 324
Further Reading 324
Next 325
15 Implementing Secure Transactions with PHP and MySQL 327
Providing Secure Transactions 328
The User’s Machine 329
The Internet 330
Your System 331
Using Secure Sockets Layer (SSL) 332
Screening User Input 336
Providing Secure Storage 336
Why Are You Storing Credit Card Numbers? 338
xiv
00 7842 FM 3/6/01 3:38 PM Page xiv
CONTENTS
Using Encryption in PHP 338
Further Reading 347
Next 347
PART IV Advanced PHP Techniques 349

16 Interacting with the File System and the Server 351
Introduction to File Upload 352
HTML for File Upload 353
Writing the PHP to Deal with the File 354
Common Problems 358
Using Directory Functions 358
Reading from Directories 358
Getting Info About the Current Directory 360
Creating and Deleting Directories 360
Interacting with the File System 361
Get File Info 361
Changing File Properties 364
Creating, Deleting, and Moving Files 364
Using Program Execution Functions 365
Interacting with the Environment: getenv() and putenv() 367
Further Reading 368
Next 368
17 Using Network and Protocol Functions 369
Overview of Protocols 370
Sending and Reading Email 371
Using Other Web Services 371
Using Network Lookup Functions 374
Using FTP 378
Using FTP to Back Up or Mirror a File 378
Uploading Files 385
Avoiding Timeouts 385
Using Other FTP Functions 386
Generic Network Communications with cURL 387
Further Reading 389
Next 390

18 Managing the Date and Time 391
Getting the Date and Time from PHP 392
Using the date() Function 392
Dealing with UNIX Time Stamps 394
Using the getdate() Function 395
Validating Dates 396
xv
00 7842 FM 3/6/01 3:38 PM Page xv
PHP AND MYSQL WEB DEVELOPMENT
Converting Between PHP and MySQL Date Formats 396
Date Calculations 398
Using the Calendar Functions 399
Further Reading 400
Next 400
19 Generating Images 401
Setting Up Image Support in PHP 402
Image Formats 403
JPEG 403
PNG 403
WBMP 403
GIF 404
Creating Images 404
Creating a Canvas Image 405
Drawing or Printing Text onto the Image 406
Outputting the Final Graphic 408
Cleaning Up 410
Using Automatically Generated Images in Other Pages 410
Using Text and Fonts to Create Images 410
Setting Up the Base Canvas 414
Fitting the Text onto the Button 415

Positioning the Text 418
Writing the Text onto the Button 419
Finishing Up 419
Drawing Figures and Graphing Data 419
Other Image Functions 428
Further Reading 428
Next 428
20 Using Session Control in PHP 429
What Session Control Is 430
Basic Session Functionality 430
What Is a Cookie? 431
Setting Cookies from PHP 431
Using Cookies with Sessions 432
Storing the Session ID 432
Implementing Simple Sessions 433
Starting a Session 433
Registering Session Variables 433
Using Session Variables 434
Deregistering Variables and Destroying the Session 434
xvi
00 7842 FM 3/6/01 3:38 PM Page xvi
CONTENTS
Simple Session Example 435
Configuring Session Control 437
Implementing Authentication with Session Control 438
Further Reading 445
Next 445
21 Other Useful Features 447
Using Magic Quotes 448
Evaluating Strings: eval() 449

Terminating Execution: die and exit 450
Serialization 450
Getting Information About the PHP Environment 451
Finding Out What Extensions Are Loaded 451
Identifying the Script Owner 452
Finding Out When the Script Was Modified 452
Loading Extensions Dynamically 453
Temporarily Altering the Runtime Environment 453
Source Highlighting 454
Next 455
PART V Building Practical PHP and MySQL Projects 457
22 Using PHP and MySQL for Large Projects 459
Applying Software Engineering to Web Development 460
Planning and Running a Web Application Project 461
Reusing Code 462
Writing Maintainable Code 463
Coding Standards 463
Breaking Up Code 466
Using a Standard Directory Structure 467
Documenting and Sharing In-House Functions 467
Implementing Version Control 467
Choosing a Development Environment 469
Documenting Your Projects 470
Prototyping 471
Separating Logic and Content 471
Optimizing Code 472
Using Simple Optimizations 472
Using Zend Products 473
Testing 474
Further Reading 475

Next 475
xvii
00 7842 FM 3/6/01 3:38 PM Page xvii
PHP AND MYSQL WEB DEVELOPMENT
23 Debugging 477
Programming Errors 478
Syntax Errors 478
Runtime Errors 480
Logic Errors 485
Variable Debugging Aid 486
Error Reporting Levels 489
Altering the Error Reporting Settings 490
Triggering Your Own Errors 492
Handling Errors Gracefully 492
Remote Debugging 494
Next 495
24 Building User Authentication and Personalization 497
The Problem 498
Solution Components 499
User Identification and Personalization 499
Storing Bookmarks 500
Recommending Bookmarks 500
Solution Overview 500
Implementing the Database 502
Implementing the Basic Site 504
Implementing User Authentication 506
Registering 507
Logging In 513
Logging Out 517
Changing Passwords 518

Resetting Forgotten Passwords 521
Implementing Bookmark Storage and Retrieval 526
Adding Bookmarks 526
Displaying Bookmarks 529
Deleting Bookmarks 530
Implementing Recommendations 532
Wrapping Up and Possible Extensions 537
Next 537
25 Building a Shopping Cart 539
The Problem 540
Solution Components 540
Building an Online Catalog 540
Tracking a User’s Purchases While She Shops 541
Payment 541
Administration Interface 542
xviii
00 7842 FM 3/6/01 3:38 PM Page xviii
CONTENTS
Solution Overview 542
Implementing the Database 546
Implementing the Online Catalog 548
Listing Categories 551
Listing Books in a Category 553
Showing Book Details 555
Implementing the Shopping Cart 556
Using the show_cart.php Script 557
Viewing the Cart 560
Adding Items to the Cart 563
Saving the Updated Cart 565
Printing a Header Bar Summary 566

Checking Out 566
Implementing Payment 572
Implementing an Administration Interface 575
Extending the Project 584
Using an Existing System 584
Next 585
26 Building a Content Management System 587
The Problem 588
Solution Requirements 588
Editing Content 589
Getting Content into the System 589
Databases Versus File Storage 591
Document Structure 592
Using Metadata 592
Formatting the Output 593
Image Manipulation 594
Solution Design/Overview 596
Designing the Database 598
Implementation 599
Front End 599
Back End 603
Searching 611
Editor Screen 614
Extending the Project 615
27 Building a Web-Based Email Service 617
The Problem 618
Solution Components 619
Solution Overview 620
Setting Up the Database 622
xix

00 7842 FM 3/6/01 3:38 PM Page xix
PHP AND MYSQL WEB DEVELOPMENT
Script Architecture 623
Logging In and Out 629
Setting Up Accounts 632
Creating a New Account 634
Modifying an Existing Account 636
Deleting an Account 636
Reading Mail 637
Selecting an Account 637
Viewing Mailbox Contents 640
Reading a Mail Message 643
Viewing Message Headers 647
Deleting Mail 648
Sending Mail 649
Sending a New Message 649
Replying To or Forwarding Mail 651
Extending the Project 652
Next 653
28 Building a Mailing List Manager 655
The Problem 656
Solution Components 657
Setting Up a Database of Lists and Subscribers 657
File Upload 657
Sending Mail with Attachments 658
Solution Overview 658
Setting Up the Database 660
Script Architecture 663
Implementing Login 672
Creating a New Account 673

Logging In 675
Implementing User Functions 678
Viewing Lists 679
Viewing List Information 684
Viewing List Archives 686
Subscribing and Unsubscribing 687
Changing Account Settings 689
Changing Passwords 689
Logging Out 692
Implementing Administrative Functions 693
Creating a New List 693
Uploading a New Newsletter 695
Handling Multiple File Upload 698
xx
00 7842 FM 3/6/01 3:38 PM Page xx