Introduction

It’s a big step from proficiency at PHP programming to being capable of developing commercial applications. As Fred Brooks estimated in his classic book, The Mythical Man Month (Addison-Wesley, 1995), “a programming product costs at least three times as much as a debugged program with the same function.”

My goal in writing this book is to help you take that big step.

What do you have to know beyond PHP programming? Well, there’s project organization (including staffing and scheduling), keeping the customer satisfied, identifying requirements (being agile but not sloppy), choosing the development and production platforms, designing the database, structuring the application to handle forms and buttons, dealing with security and error handling, and converting data from the old system to the new. That’s also the top-level list of topics in this book.

Pick up any of the many PHP/MySQL books in any large bookstore and you’ll find chapters on installing PHP, variables, statements, functions, string processing, arrays, objects, file handling, debugging, and, probably, a toy e-commerce site. Not this book! I assume you already know all that stuff, or can find it somewhere if you don’t. Instead, I tried to cover essential topics that I’ve never seen in any book, such as choosing between shared hosting and a virtual machine in the cloud, updating a live application, translating MySQL constraint errors to something the user can understand, protecting passwords the right way (hashed, salted, and stretched), implementing two-factor authentication, making your web site invulnerable to attack (via SQL injection, cross-site scripting, cross-site request forgery, or clickjacking), implementing validation with database triggers, developing reports as CSV files or PDFs, converting data with variant name spellings, avoiding legal disputes, and lots more that PHP/MySQL programmers struggle with every day as they develop industrial-strength applications.

Beyond the technical details, I’ve tried to pass on what I’ve learned over the four decades I’ve spent developing commercial software. One of my favorite quotations (the source is unknown) is, “Good judgment comes from experience and experience comes from bad judgment.” I’m sure I’ve exhibited more bad judgment than you ever will. I’ve had more bugs in my software, more wrong platform selections, more architectural dead ends, more user-interface catastrophes, and more customer-support fiascoes than anybody, but I like to think that’s because I’ve been at it longer than anybody. (After all, Babe Ruth struck out 1,330 times, a number no ordinary baseball player will ever come close to.) So my judgment is now pretty good, and you get the benefit. You can look forward to making your own original, creative mistakes—no need to repeat mine. I hope you’ll hit a lot of home runs, too, as I have. (Figuratively.)

I’ve also tried to just give the plain answer when I know it, and the reasons why it’s the answer, instead of listing the pros and cons and telling you to make the best choice for your situation. That saves you time. Use PDO for your PHP-MySQL interface, FPDF for your PDF library, MySQL Workbench for your database design tool, jQuery for your JavaScript library, Phpass for password hashing, and my 17-section requirements outline. You don’t have to do it my way, of course, but there are hundreds of design choices you have to make in the course of developing an application and you can’t afford to make each one into a research project. Wouldn’t it be a relief to just be told the best way to go?

There are code examples throughout the book, all of which you can download from www.apress.com. The principal techniques are embodied in PHP classes—Access, DbAccess, Form, Page, Report, and Security—that are robust enough to incorporate directly into your own applications. I present the code in small, somewhat disconnected, chunks, but you can keep from getting lost by downloading the source and following along in it as you read through the technical explanations of why and how I did things the way I did.

There are eight chapters in all, forming three groups. The first two-chapter group, Project Organization and Requirements, should be read together but can be skipped on first reading if you’re anxious to get right to PHP/MySQL programming, although I like to think that much of my most valuable insights are there. (You’ll enjoy my war stories.) The middle four chapters, Platforms and Tools, The Database, Application Structure, and Security, Forms, and Error Handling, form the guts of the programming part of the book and need to be read in order. The last two chapters, Reports and Other Outputs and Data Conversion, build on the middle chapters.

At this point the author usually thanks the reviewers for their work but admits that any remaining mistakes are his alone. Yeah, but the staff at Apress is so great, surely if anything got through it’s their fault, right? OK, I’m joking, just trying to be funny, and probably failing at it. I hope in reading this book you find that my other attempts at humor are more successful. And, back to being serious, please send an e-mail to [email protected] if you do find any of those remaining mistakes. They really are all mine. Still trying to improve my judgment.

—Marc Rochkind

Boulder, Colorado

July, 2013