Index
Numbers
1NF (First Normal Form), 169–171
2NF (Second Normal Form), 172–174
3NF (Third Normal Form), 175–176
8-bit Unicode Transformation Format, 2
Symbols
− operator, 23
! operator, 45
!= operator, 140
$ escape sequence, 29
% operator, 23
* operator, 23
/ operator, 23
@ error suppression operator, 250, 270
' escape sequence, 29
\ escape sequence, 29
" escape sequence, 29
| operator, 140
+ operator, 23
++ operator, 23
< operator, 45
<- operator, 45
< operator, 140
<= operator, 140
<> operator, 140
>- operator, 45
>= operator, 140
!- operator, 45
&& (and) operator, 45, 48, 56, 140
* (asterisk), using with SELECT queries, 138
`(backticks), use in SQL commands, 137
{} (curly braces)
using with conditionals, 45, 48
$ (dollar sign), using with variables, 14
== (double equals sign) vs. = (equals sign), 47
" (double) quotation marks, using, 29–31
(escape), using, 6
( ) (parentheses)
using with clauses, 25
using with functions, 8
# (pound) symbol, using in comments, 10–11
; (semicolon)
avoiding, 280
using with statements, 6
' (single) quotation marks, using, 29–31
// (slashes), using in comments, 10–11
[] (square brackets)
using with databases, 114
using with functions, 104
_ (underscore), using with variables, 17
A
ABS( ) function, 157
absolute vs. relative paths, 76
access problems, debugging, 263
addition operator, symbol for, 23
AES_DECRYPT( ) function, 237
AES_ENCRYPT( ) function, 237, 239
Ajax. See also jQuery
creating JavaScript, 485
form, 481–482
handling request, 484
login_ajax.php script, 484
login.php script, 481–482
overview, 479–480
performing request, 486–491
server-side script, 483
ALTER command, 230
ALTER TABLE clauses, 222
ANALYZE command, 230
and not (XOR) logical operator, 45, 48
AND operator, 45, 48, 156, 140
argument values, setting defaults, 101–104
arguments
empty strings, 104
FALSE value, 104
$name, 103
NULL value, 104
using with user-defined functions, 97–100
values, 104
arithmetic, precedence issue, 25
arithmetic operators
addition, 23
decrement, 23
division, 23
increment, 23
modulus, 23
multiplication, 23
subtraction, 23
array( ) function, using, 58
array values, printing during debugging, 261
array_map( ) function, 408
arrays
&& (and) operator, 56
accessing, 58–59
$artists, 54
calendar.php document, 59–61
combining, 63
and conditionals, 56–57
$_COOKIE superglobal, 55
creating, 58
creating and accessing, 59–60
defined, 54
$_ENV superglobal, 55
examples, 54
$_GET superglobal, 55
$GLOBALS, 109
HTML table for sorting, 66
indexed, 54
indexing, 58
key-value pairs, 54
of Mexican states, 62–64
multidimensional, 61–64
naming rules, 54
natsort( ) function, 68
$_POST superglobal, 55–56
printing, 55
printing after sorting, 67
randomizing order of, 68
referring to values in, 54
$_REQUEST superglobal, 55–56
returning from functions, 108
$_SERVER superglobal, 55
$_SESSION superglobal, 55
shuffle( ) function, 68
sort( ) function, 65
sorting, 65–68
of sphenic numbers, 61
$states, 54
and strings, 65
superglobals, 55–56
using, 56–57
using for pull-down menus, 59–60
using with loops, 70
usort( ) function, 68
arsort( ) function, using with arrays, 65, 68
asort( ) function, using with arrays, 65, 68
assignment operator (=), 140
example, 25
using for concatenation, 22
using with variables, 14
asterisk (*), using with SELECT queries, 138
AUTO_INCREMENT example, 135
autocommit nature, altering, 236
AVG( ) grouping function, 214–215, 217
B
backslash code, 29
backticks (`), use in SQL commands, 137
banking database
accounts table, 198
average account balance, 214
customers table, 197
transactions table, 199
BETWEEN operator, 140
blacklist validation, 409
blank page
displaying in error, 8
error, 258
books database, 176
Boolean FULLTEXT searches, performing, 227–229
Boolean mode operators, 227
boundaries, using with regular expressions, 444
browser
sending data to, 7–9
sending HTML to, 12
brute force attacks, preventing, 431
C
calculator.html page
DOM manipulation, 474–478
saving, 468
calculator.js page, saving, 472
calculator.php document
changing echo statement, 107
create_gallon_radio( ) function, 98
creating, 86
default argument values, 101–104
Filter extension, 422–424
formatting costs, 107
$name argument, 103
radio buttons, 98–103
return statement, 108
returning costs, 107
rewriting for sticky form, 90–94
saving for sticky form, 94
typecasting, 410–413
user-defined function, 98–100
calendar.php document
creating, 59
loop examples, 70–71
saving, 61
call to undefined function error, 97, 258
cannot redeclare function error, 258
CAPTCHA test, 408
carriage return code, 29
CASCADE action, using with foreign key constraints, 196
Cascading Style Sheets (CSS). See CSS (Cascading Style Sheets)
CASE( ) function, 219
ceil( ) function, 319
CEILING( ) function, 157
CHAR( ) function, 135
CHAR vs. VARCHAR, 117
character classes, using with regular expressions, 443–445
character codes, replacing with values, 29
character sets
assigning, 186–188
collations, 184
establishing for columns, 186
explained, 184
UTF-8, 188
UTF-8 encoding, 185
characters, printing, 31
CHARSET command, 186
@charset "utf-8", using with CSS files, 5
cinema database, 172
clauses, grouping in parentheses, 25
COALESCE( ) function, 218
Codd, E.F., 166
collations
assigning, 186–188
establishing for columns, 186
explained, 184
specifying in queries, 188
viewing, 185
column types, choosing for databases, 114–117
column values, applying functions to, 153
columns, using indexes on, 179
comma, concatenating to variables, 21
comments
avoiding nesting, 13
example, 15
guidelines for, 13
HTML, 10
keeping up to date, 13
PHP, 10
using at end of line, 13
using to debug scripts, 259
writing, 10–13
comments.php document
creating, 11
saving, 12
COMMIT command, using with queries, 233, 236
comparative operators
-- (is equal to), 45
< (less than), 45
<- (less than or equal to), 45
> (greater than), 45
>- (greater than or equal to), 45
!- (is not equal to), 45
comparison functions, 218
CONCAT( ) functions, 154–156
concatenating values, 22
concatenation
assignment operator (=), 22
defined, 21
operator (.), 21
using, 21–22
using with numbers, 21
using with strings, 21
concatenation operator (.)
using, 21
using with constants, 26–27
concat.php file, saving, 22
adding to print message, 47
default values, 48
else, 45
elseif, 45
$gender variable, 46
if, 45
if-elseif-else, 47
indicating subsets of, 48
switch, 48
using, 46–48
using with arrays, 56–57
connection scripts .php with, 271
constants
accessing values of, 26
assigning scalar values, 26
concatenation (.) operator, 26–27
creating, 26
date, 27
define( ) function, 26
mysqli_fetch_array( ), 281
naming, 26
omitting quotation marks, 26
PHP_OS, 26
PHP_VERSION, 26
predefined, 26
using, 27–28
vs. variables, 26
constants.php document
creating, 27
saving, 28
constraints vs. triggers, 201
CONVERT( ) function, 188
CONVERT_TZ function, 190
cookies
accessing, 380–382
creating logout link, 386–387
deleting, 384–385
expirations, 384
explained, 376
sending, 378–380
vs. sessions, 388
setting, 377
setting parameters, 382–384
size limit, 380
testing for, 376
Coordinated Universal Time (UTC)
explained, 189
using, 189
COUNT( ) grouping function, 214–215, 319
applying, 217
create_ad( ) function, calling, 97
create_gallon_radio( ) function, 98
CSS (Cascading Style Sheets)
error class, 51
using with HTML forms, 37
CSS file, declaring encoding for, 5
CUR( ) functions, 159–160
curly braces ({})
using with conditionals, 45, 48
D
data, validating by type, 409–413
database design
ERD (entity-relationship diagram), 169
foreign key constraints, 195–201
forum data, 166–167
indexes, 179–181
process, 169
reviewing, 177–178
database elements, naming, 112–113
database schema
explained, 166
MySQL Workbench program, 169
database structure, confirming, 188
database tables
altering, 222
deleting data in, 152
emptying, 152
joining three or more, 211–213
databases
AUTO_INCREMENT, 118–119
banking, 196–197
“big,” 233
books, 176
choosing column types, 114–117
connecting to, 268–272
data types, 115
default values for columns, 119–120
deleting, 152
encrypting, 237–239
indexes, 118
Length attribute, 114
message board, 520–528
modeling, 169
movies table, 170
optimizing, 230
planning contents of, 166
PRIMARY KEY, 118–119
relationships, 168–169
selecting, 268–272
square brackets ([ ]), 114
TEXT columns, 120
TIMESTAMP column, 119
UNSIGNED number types, 119–120
ZEROFILL number types, 119
date and time
accessing on client, 163
*_FORMAT parameters, 162
NOW( ) function, 163
returning current, 163
date constant, creating, 27
DATE( ) function, 159
date( ) function formatting
formatting, 362
parameters, 364
dates, handling consistently, 194
DateTime class, 511–517
datetime.php script, 513–514
DAY( ) functions, 159–160
debugging. See also error messages
access problems, 263
basics, 242–243
beginning, 244–246
with Firefox, 246
FLUSH PRIVILEGES, 263
HTML errors, 246–247
JavaScript, 459
MySQL techniques, 262–263
PHP scripts, 5, 8, 33, 259–261
with phpinfo( ) script, 245
SQL techniques, 262–263
steps, 243–244
using display_errors, 33
validation tools, 246
decimals vs. integers, 25
decrement operator, symbol for, 23
define( ) function, using with constants, 26
DELETE command, 151
delete_user.php script, 303–305
deleting
constrained records, 201
cookies, 384–385
data, 151–152
records, 297
session variables, 393
sessions, 393–395
die( ) function, using in debugging, 261, 270
display_errors, 248–249
confirming, 33
turned off, 8
using in debugging, 33
using to debug scripts, 259
display_errors.php, opening, 251
division operator, symbol for, 23
do...while, 70
documents, organizing, 271
dollar sign ($)
code, 29–31
using with variables, 14
DOM manipulation, 473–478
double (") quotation marks, 29–31
double equals sign (==) vs. equals sign (=), 47
DROP command, 152
dynamic Web sites. See also external files; HTML forms; Web sites
ease of maintenance, 78
handling HTML forms, 85–90
.html file extension, 78
.inc file extension, 78
including multiple files, 78–84
$page_title variable, 82
security, 78
sticky forms, 91–94
structure, 78
E
echo language construct
sending HTML code to browser, 8
using, 6–7
using over multiple lines, 9
using to debug scripts, 260
echo statement
concatenation example, 21
in HTML forms, 43
using with strings, 20
e-commerce
add_artist.php document, 613–618
add_cart.php script, 645–648
add_print.php document, 618–628
browse_prints.php document, 634–637
checkout process, 654
checkout.php script, 655–658
database, 606–611
footer.html document, 631
header.html document, 629–630
index.php document, 631–632
order_contents table, 607, 610
product catalog, 633–644
public template, 629–632
recording orders, 654–658
security, 611
shopping cart, 645–653
show_image.php document, 642–644
view_cart.php script, 648–653
view_print.php document, 638–642, 644
edit_user.php script, 309–311
else conditional, 45
elseif conditional, 45
email, sending, 330–335
email.php script, 332–333
array_map( ) function, 408
preventing spam, 404
empty( ) function, using with forms, 49
empty variable value error, 258
encoding
declaring for external CSS file, 5
explained, 2
indicating to Web browser, 2
listing, 184
encrypting databases, 237–239. See also security methods
enctype, including with form tag, 342, 347
ENUM types, sorting on, 146
equals sign (=) vs. double equals sign (==), 47
ERD (entity-relationship diagram)
example, 178
explained, 169
error CSS class, defining, 51
error handlers, customizing, 253–257
error management
die( ) function, 261
exit( ) function, 261
error messages. See also debugging
access-denied, 263
call to undefined function error, 97
column values in MySQL, 137
deleting parent records, 195
SHOW WARNINGS command, 137
trusting, 33
Undefined variable: variablename, 44
error reporting
adjusting in PHP, 250–252
levels, 250
notices, 250
warnings, 250
errors
in book, 247
display_errors, 248–249
PHP, 248–249
suppressing with @, 250
syntactical, 242
types of, 242–243
escape (), 6
escape sequences, 29
exit( ) function, using in debugging, 261
extensions, 4
external files. See also Web sites
absolute paths, 76
include( ) function, 76–77, 82
referencing, 76
relative paths, 76
require( ) function, 76–77
using, 78
F
fetch_object( ) method, 507
file extensions, 4
file not found error, receiving, 5
file uploads
allowing for, 336–337
configurations, 336
$_FILES array, 342
with PHP, 342–347
preparing server, 338–341
secure folder permissions, 337
Unix chmod command, 341
Fileinfo extension, 415–416
files
including multiple, 76–84
validating by type, 414–417
$_FILES array, using with uploads, 342
filters, 421–424
sanitation, 421
validation, 421
Firefox, using for debugging, 246
First Normal Form (1NF), 169–171
first.php document
creating, 3
running in browser, 4
saving, 4
sending data to Web browser, 7
FLOOR( ) function, 157
FLUSH PRIVILEGES, using in debugging, 263
folder permissions, securing, 337
footer file, including in HTML form, 90
creating, 81
saving, 82
for loop. See also loops
example, 69
functionality, 70
rewriting foreach loop as, 70–71
foreach loop. See also loops
rewriting as for loop, 70–71
using with arrays, 58–61, 63–64
foreign key constraints
accounts table, 198
action options, 195
banking database, 197
CASCADE action, 196
creating, 197–201
customers table, 197
ON DELETE action, 195
explained, 195–196
impact on INSERT queries, 195
populating tables, 200
syntax, 195
transactions table, 199
ON UPDATE action, 195
form data
adding CSS to HTML head, 51
error CSS class, 51
if-else conditional, 52
is_numeric( ) function, 53
validating, 49–53
validating gender variable, 51–52
form tag
action attribute, 36
method attribute, 36
specifying encoding, 40
FORMAT( ) function, 157
*_FORMAT parameters, date and time, 162
form.html document
creating, 37
saving, 40
testing, 43
forms. See also HTML forms
preventing automated submissions, 408
validating, 56
validation errors, 279
forum database, 175. See also message board
atomic, 170
creating, 186
ERD (entity-relationship diagram), explained, 178
indexes, 181
items, 166–167
table types, 182
time zones, 190–194
forum page, creating for message board, 538–542
forums table, creating, 186
FULLTEXT indexes, adding, 180, 223–224
FULLTEXT searches
Boolean, 227–229
performing, 222–226
function.js document
creating, 350
saving, 352
functions. See also MySQL functions; PHP functions; user-defined functions
[ ] (square brackets), 104
applying to column values, 153
avoiding global variables in, 109
calling and returning arrays, 108
date and time, 159
errors, 258
grouping, 214
for numbers, 23
numeric, 157–158
optional parameters, 104
returning multiple values, 108
searching in PHP manual, 22
for strings, 22
text, 154–156
type validation, 409
G
garbage collection, 394
gender radio buttons, validating, 46
gender variable, validating, 51–52
GET request, using with HTML forms, 85
$_GET variable vs. variable scope, 109
getdate( ) array, 363
getimagesize( ) array, 352
$GLOBALS array, adding elements to, 109
greater than (>) operator, 45
greater than or equal to (>-) operator, 45
GREATEST( ) function, 218
GROUP BY clauses, using with joins, 215
GROUP_CONCAT( ) grouping function, 214
grouping
functions, 214–215
data, 216–217
H
handle_form.php document
for arrays, 56–57
conditionals example, 46–48
creating, 42
using stripslashes( ) function in, 44
validating form data, 49–53
HAVING clause, explained, 217
header( ) function, 356–361
header.html file
for logout link, 386
modifying, 266–267
for session variables, 392
headers already sent error, 258
hidden form inputs, 304–308
home page, creating for message board, 537
HOUR( ) function, 159
.htaccess file, 337
HTML
printing with PHP, 31
resource for, 5
sending to Web browser, 12
HTML attributes, double quoting, 94
HTML code, sending, 8
HTML errors, debugging, 246–247
HTML for Web page script, 80
HTML forms. See also dynamic Web sites; forms; sticky forms
age element, 42
beginning, 89
comments element, 42
completing, 89
creating, 37–40
CSS (Cascading Style Sheets), 37
echo statement, 43
email element, 42
encoding for form tag, 39
footer file, 90
form data variables, 42
gender element, 42
gender radio button, 46
GET method, 36
GET request, 85
.html extension, 39
input types, 44
method attribute, 36
multidimensional arrays from, 64
name element, 42
number_format( ) function, 88
performing calculations, 88
printing, 42
printing results, 88
printing values in, 42
$_REQUEST[ ] variables, 42–43
sample script, 37–38
starting, 38
submit element, 42
submitting back to itself, 90
testing, 43
testing submission of, 85–86
text box for comments, 39
text inputs, 38
textarea element, 39
validating, 88
variables for form elements, 42
HTML source code
altering spacing of, 9
checking, 33
HTML table, creating to sort arrays, 66
HTML template script, 79
HTML5, development of, 3
HTML-embedded language, PHP as, 2
htmlentities( ) function, 418–420
.html extension, 39
htmlspecialchars( ) function, 418, 420
HTTP headers, 355–357
I
if conditional, 45
if-else conditional, 52
if-elseif-else conditional, 47
IFNULL( ) function, 221
images.php document. See also show_image.php script
creating, 352
date and time functions, 363–365
script, 353–355
IN operator, 140
.inc file extension, 78
include( ) function
vs. require( ) function, 84
increment operator, symbol for, 23
index page, creating for message board, 537
indexes
creating, 179–181
FULLTEXT, 180
PRIMARY KEY, 180
UNIQUE, 180
using on columns, 179
using with JOINs, 181
index.php file
saving, 83
using to create function, 95
ini_set( ) function, 248–249
InnoDB storage engine
features, 182
foreign key constraints, 195
vs. MyISAM, 182
integers
vs. decimals, 25
maximum, 25
is equal to (--) operator, 45
IS FALSE operator, 140
is not equal to (!-) operator, 45
IS NOT NULL operator, 140
IS NULL operator, 140–141
IS TRUE operator, 140
is_* type validation functions, 409
is_numeric( ) function, using with forms, 53
is_uploaded_file( ) function, 347
ISO-8859-1 encoding, use of, 5
isset( ) function
using with conditionals, 45
J
JavaScript
alert( ) call, 470
debugging, 459
event handling, 469–472
form submission, 470–472
form validation, 491
formatting numbers, 472
test.js file, 470
JavaScript file
creating, 349–354
creating with PHP, 352–354
join types, 232
joining tables, 211–213
joins
creating, 211
GROUP BY clauses in, 215
outer, 208–211
performing, 204–205
self-, 210
JOINs, using indexes with, 181
jQuery. See also Ajax
$(document), 466
DOM manipulation, 473–478
hosted, 461
HTML form, 467–468
incorporating, 460–462
overview, 458–459
selecting page elements, 466–468
selecting Web documents, 466
using, 463–465
jQuery( ) function, calling, 465
K
keys
assigning, 167
foreign, 167
primary, 167
ksort( ) function, using with arrays, 65, 67
L
LEFT( ) function, 154
less than (< ) operator, 45
less than or equal to (<-) operator, 45
LIKE keyword, 222
literal underscore, 144
percentage, 144
using, 143–144
LIMIT clause
using with queries, 147–148
using with UPDATE, 150
list( )function, 108
loggedin.php script, 381, 391, 398
logical operators
! (not), 45
login functions, making, 371–375
login page, making, 368–371
login_functions.inc.php script, 372–373
login_page.php script, 369
login.js file, creating, 486–488
Ajax, 481–482
with encryption, 397
with sessions, 389
logout link, creating for cookies, 386–387
loops. See also for loop; foreach loop; while loop
conditions, 70
do...while, 70
infinite, 70
parameters, 70
using, 70–71
using with arrays, 70
LOWER( ) function, 154
M
Magic Quotes. See also quotation marks
stripslashes( ) function, 44
undoing effect of, 44
mail( ) function, 330–335
many-to-many relationship, 168
matches.php document, 450, 452
mathematical calculations
assignment operators, 25
performing, 24
MAX( ) grouping function, 214
MAX_FILE_SIZE, 347
MD5( ) function, 135
message board. See also forum database
administering, 557
database, 520–528
footer file, 536
forum page, 538–542
header.html template, 530–536
home page, 537
index page, 537
languages table, 527
post_form.php page, 548–551
posting messages, 548–557
post.php file, 552–557
read.php file for thread page, 544–546
templates, 529–537
thread page, 543–547
threads table, 524
messages table, creating, 187
meta tag, using in encoding, 2
meta-characters, using in regular expressions, 438
method attribute, using with HTML forms, 36
MIN( ) grouping function, 214
MINUTE( ) function, 159
MOD( ) function, 157–158
modulus operator, symbol for, 23
MONTH( ) functions, 159
movies table, 170
multi.php document, creating, 62
multiplication operator, symbol for, 23
MyISAM table type, 182
MySQL. See also SQL (Structured Query Language)
accessing, 121–127
case sensitivity of identifiers, 113
CHAR( ) function, 135
column properties, 118–120
column types, 114–117
connecting to, 268–272
connection for OOP, 497–500
debugging techniques, 262–263
described, 111
errors related to column values, 137
FALSE keyword, 142
INTO in INSERT, 137
inserting rows, 133
length limits for element names, 113
MD5( ) function, 135
naming database elements, 112–113
NOT NULL value for columns, 118
NULL value for columns, 119
Query Browser, 121
selecting column types, 116–117
SHA1( ) function, 135, 137, 142
SHOW CHARACTER SET command, 184
SHOW command, 188
time zones, 189–194
TRUE keyword, 142
users table, 113
mysql client, 121–124
MySQL data types
BIGINT, 115
BINARY, 117
BOOLEAN, 117
DATE, 115
DATETIME, 115
DECIMAL, 115
DECIMAL vs. FLOAT or DOUBLE, 117
DOUBLE, 115
ENUM, 114–115
FLOAT, 115
INSERT, 117
INT, 115
LONGBLOB, 117
LONGTEXT, 115
MEDIUMBLOB, 117
MEDIUMINT, 115
MEDIUMTEXT, 115
SET, 114–115
SHOW ENGINES command, 183
SMALLINT, 115
TEXT, 115
TIME, 115
TINYBLOB, 117
TINYTEXT, 115
UPDATE, 117
VARBINARY, 117
MySQL functions, support for, 267. See also functions
MySQL Workbench program, 169
mysqli_connect.php document
creating, 268
saving, 270
script, 269
security, 271
mysqli_fetch_array( ) constants, 281
mysqli_num_rows( ) function, 290–291
mysqli_real_escape_string( ) function, 286–289, 425
N
(newline) character
escape sequence, meaning, 29, 31
printing, 9
namespaces, support for, 496
natsort( ) function, using with arrays, 68
newline (
) character, printing, 9
nl2br( ) function, 420
normalization
1NF (First Normal Form), 169–171
2NF (Second Normal Form), 172–174
3NF (Third Normal Form), 175–176
defined, 165
development, 166
forms, 169
overruling, 176
not (!) operator, 45
NOT BETWEEN operator, 140
NOT IN operator, 140
NOT LIKE keyword
literal underscore, 144
percentage, 144
using, 143–144
NOT operator, 140
Notepad, avoiding use of, 3–4
notices, error reporting, 250
NULL type, explained, 45
NULL values vs. empty strings, 141
number_format( ) function, 23, 25, 88
numbers
arithmetic operators, 23
functions for, 23
quoting, 23
sphenic, 61
using, 24–25
using typecasting with, 413
using variables with, 24
numbers.php document
creating, 24
quotation marks examples, 29–31
saving, 25
number-type variables, examples, 23
numeric functions, 157–158
O
one-to-many relationship, 168
one-to-one relationship, 168
OOP (Object-Oriented Programming). See also programming techniques
classes, 496
DateTime class, 511–517
executing queries, 501–504
fetch_object( ) method, 507
fetching results, 505–507
fundamentals, 494–495
MySQL connection, 497–500
outbound parameters, 510
prepared statements, 508–510
vs. procedural, 494
syntax in PHP, 495–496
operating system (OS) constant, 26
operators
comparative, 45
exclusive or, 48
logical, 45
ternary, 317
OPTIMIZE command, 230
ORDER BY clause
alias in, 155
using with indexes, 180
ORDER BY clause, using with queries, 145–146
OS (operating system) constant, 26
outbound parameters, 510
outer joins, 208–211
output buffering, 561
P
pagination, explained, 316
parameters. See arguments
parentheses (())
using with clauses, 25
using with functions, 8
parse error, 258
for arrays, 55
receiving, 8
password, validating, 277
password.php script, 292–297
paths, absolute vs. relative, 76
patterns
back references, 455
defining for regular expressions, 438–440
matching, 452–455
meta-characters, 438
modifiers, 450
replacing, 452–455
pcre.php script
character classes, 444–445
matching patterns, 435
quantifiers, 441–442
reporting matches, 446–449
using patterns, 439–440
PHP
adjusting error reporting, 250–252
debugging technique, 258–261
namespaces, 496
OOP syntax in, 495–496
updating records with, 292–297
PHP and JavaScript, 348
PHP code
executing, 5
objects in, 500
placing in PHP tags, 3
PHP errors
blank page, 258
call to undefined function, 258
cannot redeclare function, 258
displaying, 248–249
empty variable value, 258
headers already sent, 258
logging, 257
parse error, 258
undefined variable, 258
.php extension
using with connection scripts, 271
PHP files, including extensions with, 3
PHP functions, using with MySQL, 267. See also functions
PHP mail( ) dependencies, 330
PHP manual, accessing, 22
PHP pages, storing data sent to, 44
PHP scripts. See also scripts
for JavaScript, 352–354
making, 3–5
sending values to, 300–303
writing, 3
PHP tags, 4
PHP_OS constant
explained, 26
using, 27
PHP_VERSION constant
explained, 26
phpinfo( ) function
using, 33
using for debugging, 245
php.ini configuration file, include_path setting, 84
phpMyAdmin
INSERT form, 137
INSERT tab, 137
SELECT queries, 139
sitename database, 132
updating records, 150
using, 124–127
“Plain and Simple” template, 78
POST method, using with HTML forms, 85
$_POST variable vs. variable scope, 109
post_message.php script, 427–431, 508–510
pound (#) symbol, using in comments, 10–11
POW( ) function, 157
precedence, explained, 25
predefined.php document
creating, 15
saving, 17
preg_match( ) function, using with regular expressions, 446–447
preg_replace( ) function, 452–454
prepared statements
in OOP, 508–510
performance, 425
using, 427–431
primary key, assigning, 167
PRIMARY KEY index, adding, 180–181
print language construct
sending HTML code to browser, 8
using, 6–7
using over multiple lines, 9
using to debug scripts, 260
print_r( ) function, 500
arrays, 55
arrays after sorting, 67
backslashes, 29
characters, 31
date, 27
dollar signs, 30–31
HTML forms, 42
HTML with PHP, 31
names of scripts, 16
operating system information, 27
parse error, receiving, 55
PHP version, 27
quotation marks, 29
results of HTML forms, 88
server information, 16
user information for scripts, 16
validation results for form data, 52
values in HTML forms, 43
values of strings, 18
values of variables, 31
programming techniques. See also OOP (Object-Oriented Programming)
editing records, 309–315
hidden form inputs, 304–308
paginating query results, 316–322
sending values to scripts, 300–303
sortable displays, 323–327
proxy.php script, using with HTTP headers, 355
pull-down menu
adding to HTML form, 39
preselecting in sticky forms, 91
using arrays for, 59–60
Q
quantifiers, using with regular expressions, 441–442
queries
executing, 273–280
executing in OOP, 501–504
explaining, 231–233
identifying problems with, 233
limiting results, 147–148
optimizing, 230–233
ORDER BY clause, 145–146
performing calculations in, 142
quotes in, 134
sorting results, 145–146
specifying collations in, 188
query results
fetching, 284
paginating, 316–322
retrieving, 281–284
quotation marks. See also Magic Quotes
checking during debugging, 260
escape sequences, 29
printing, 29
single vs. double, 29–31
using in queries, 134
using with functions, 6–7
using with HTML attributes, 94
using with strings, 18
using with variables, 14
quotes.php file, saving, 31
R
escape sequence, meaning, 29
radio buttons
adding to HTML forms, 39
changing in sticky forms, 93
presetting in sticky forms, 91
using in HTML forms, 90
RAND( ) function, 157–158
RDBMS, “relational” aspect, 169
read.php, creating for thread page, 544–546
records
counting returned, 290–291
deleting constrained, 201
editing, 309–315
fetching, 506
finding in users table, 319
updating, 149–150
updating with PHP, 292–297
register.php script, 274–276
modifying, 291
mysqli_real_escape_string( ), 286–288
OOP example, 502–504
regular expressions
boundaries, 444
character classes, 443–446
finding matches, 446–449
matching patterns, 452–455
modifiers, 450–451
patterns, 438–440
preg_match( ) function, 446
quantifiers, 441–442
reducing greediness, 447–448
replacing patterns, 452–455
searching, 156
strstr( ) function, 440
test script, 434–437
many-to-many, 168
one-to-many, 168
one-to-one, 168
relative vs. absolute paths, 76
REPLACE command, 137
REPLACE( ) function, 154
$_REQUEST variable vs. variable scope, 109
require( ) function, vs. include( ) function, 84
return, including in messages, 9
return statement, using with functions, 105–108
RIGHT( ) function, 154
ROLLBACK command, with queries, 233, 236
round( ) function, 23
ROUND( ) function, 157
rows, inserting in MySQL, 133
S
sanitation filters, 421
savepoints, creating in transactions, 236
scandir( ) function, 352
schema, defined, 166
script files, 352
scripts. See also PHP scripts
dynamic, 17
printing names of, 16
searches, performing FULLTEXT, 222–226
SECOND( ) function, 159
Second Normal Form (2NF), 172–174
second.php file, saving, 7
secure SQL, ensuring, 285–289
security
e-commerce, 611
of sortable displays, 327
security methods. See also encrypting databases
approaching, 403
CAPTCHA test, 408
Filter extension, 421–424
preventing brute force attacks, 431
preventing spam, 402–408
preventing SQL injection attacks, 425–431
preventing XSS attacks, 418–420
recommendations, 430
validating data by type, 409–413
validating files by type, 414–417
SELECT queries
* (asterisk) used with, 138
adding conditionals to, 140–143
listing columns in, 139
retrieving columns, 139
using with column values, 153
selections, advanced, 218–221
self-joins, performing, 210
semicolon (;)
avoiding, 280
using with statements, 6
server, preparing for file uploads, 338–341
server information, printing, 16
session behavior, changing, 396
session fixation, preventing, 399
session variables
accessing, 390–392
deleting, 393
setting, 388–389
session_start( ) function, calling, 394
sessions
beginning, 389–390
vs. cookies, 388
deleting, 393–395
destroying, 393
improving security, 396–399
using, 388
setcookie( ) function, 377, 380
arguments, 384
result of, 387
SHA1( ) function, 135, 236, 239
SHOW CHARACTER SET command, 184
SHOW command, 188
SHOW ENGINES command, 183
SHOW WARNINGS command, 137
show_image.php script. See also images.php document
creating, 358
saving, 360
shuffle( ) function, using with arrays, 68
single (') quotation marks, 29–31
sitename database
creating, 130
SELECT queries, 140–142
users table, 131
slashes (//), using in comments, 10–11
sort( ) function, using with arrays, 65
sortable displays, making, 323–327
sorting
arrays, 65–68
on ENUM types, 146
query results, 145–146
sorting.php document
creating, 66
saving, 68
space, concatenating to variables, 21
spacing, altering in Web pages, 9
spam, preventing, 402–408
spam_scrubber( ) function, 404–406
special characters, printing, 31
sphenic numbers, creating array of, 61
SQL (Structured Query Language). See also MySQL
AUTO_INCREMENT, 135
character set, 132
collation, 132
conditionals, 140–142
confirming tables, 132
CREATE DATABASE syntax, 130
creating databases, 130–132
creating tables, 130–132
date and time functions, 159–161
debugging techniques, 262–263
DELETE command, 151
deleting data, 151–152
DESCRIBE tablename syntax, 132
DROP command, 152
formatting date and time, 162–163
formatting text, 155–156
functions, 153–156
INSERT command, 133–137
inserting records, 133–137
LIKE, 143–144
LIMIT clause, 147–148
limiting query results, 147–148
listing columns, 132
NOT LIKE, 143–144
NULL values, 133
numeric functions, 157–158
quotes in queries, 134
securing, 285–289
SELECT query, 138–139
SHOW COLUMNS FROM tablename, 132
SHOW TABLES syntax, 132
sorting query results, 145–146
specifying collation, 132
table types, 132
text columns, 132
text functions, 154–155
TRUNCATE TABLE command, 151
UPDATE syntax, 149–150
updating data, 149–150
users table, 131
WHERE term, 140–141
SQL commands
backticks (`) in, 137
entering, 127
REPLACE, 137
SELECT, 138–139
SQL injection attacks
bound value types, 426
prepared statements, 427–431
preventing, 425–431
SQRT( ) function, 157
square brackets ([ ])
using with databases, 114
using with functions, 104
sticky forms. See also HTML forms
changing distance input, 92
changing radio buttons, 93
described, 91
making, 92–94
preselecting pull-down menu, 91
presetting status of radio buttons, 91
presetting value of textarea, 91
select menu options, 94
value attribute, 91
storage engine, defined, 182
string equality, checking for, 143
strings. See also variables
and arrays, 65
assigning values to variables, 18
calculating length of, 22
comparing, 143
concatenating, 21–22
converting case of, 22
creating, 18
defined, 18
echo statement, 20
functions, 22
matching, 222
printing values of, 18
size consideration, 20
using, 19–20
using quotation marks with, 18
using variables with, 19
strings.php document
concatenation example, 21–22
creating, 19
saving, 20
strip_tags( ) function, 418, 420
stripslashes( ) function, 44
strlen( ) function, 22
strstr( ) function 440
strtolower( ) function, 22
strtoupper( ) function, 22
Structured Query Language (SQL). See SQL (Structured Query Language)
style.css file, downloading, 79
SUBSTRING( ) function, 154
subtraction operator, symbol for, 23
SUM( ) grouping function, 214, 217
superglobal variable, $_REQUEST, 44
switch conditional, 48
syntax, errors in, 242
T
escape sequence, meaning, 29
tab code, 29
table types
confirming, 223
establishing, 183
finding, 183
MyISAM, 182
storage engine, 182
using, 182
tables. See database tables
template system
creating, 77–78
header file, 266–267
index.php page, 83
ternary operator, structure of, 317
text
converting, 188
formatting, 155–156
text box for comments, adding to HTML form, 39
text editor, 3
text functions, 154–156
textarea element
adding to HTML form, 39
presetting value in sticky forms, 91
Third Normal Form (3NF), 175–176
thread page, creating for message board, 543–547
Thumbs.db file, 354
time. See date and time
time zones, changing, 190
transactions
creating savepoints in, 236
performing, 234–236
triggers vs. constraints, 201
TRIM( ) function, 154
TRUNCATE command, 297
TRUNCATE TABLE command, 151
.txt extension, avoiding use of, 4
type validation functions, 409
typecasting, 410–413
U
ucfirst( ) function, 22
ucwords( ) function, 22
undefined variable error, 258
Undefined variable: variablename error, 44
underscore (_), using with variables, 17
UNIQUE indexes, adding, 180
Unix chmod command, using for file uploads, 341
UNIX_TIMESTAMP( ) functions, 159
UPDATE query, running, 292–297
UPDATE syntax, 149–150
upload_image.php document, 343–345
upload_rtf.php script, 415–417
UPPER( ) function, 153–154
URLs
appending variables to, 303
using with PHP scripts, 5, 7, 33
user information, printing, 16
user registration
account activation, 586–588
activation page, 586–588
activation process, 583
change_password.php script, 599–603
configuration scripts, 566–573
database connection, 571–573
database scheme, 573
database script, 570
footer.html file, 563–565
forgot_password.php script, 594–599
header.html file, 560–562
home page, 574–575
index.php script, 574–575
login.php script, 589–592
logout.php script, 593
output buffering, 561
password management, 594–603
register.php script, 576–585
site administration, 602
templates, 560–565
user-defined functions. See also functions
calculation script, 105–107
calling after creating, 97
case insensitivity, 95
create_ad( ), 97
creating, 95–97
default argument values, 101–104
memory usage, 97
naming, 95
return statement, 105
returning values from, 105–108
taking arguments, 97–100
variable scope, 109
users table
creating, 187
finding records in, 319
usort( ) function, using with arrays, 68
UTC (Coordinated Universal Time)
explained, 189
using, 191–194
UTC Offsets table, 189
UTC_TIMESTAMP( ) functions, 159
UTF-8 characters, increasing column size for, 188
V
validating files by type, 414–417
validation
blacklist, 409
typecasting, 410–413
whitelist, 409
validation errors, reporting forms, 279
validation filters, 421
validation tools, using for debugging, 246
$var, removing backslashes from, 44
VARCHAR vs. CHAR, 117
variable names, replacing, 29
variable scope
altering, 109
circumventing, 109
global statement, 109
superglobal alternative, 109
variables. See also strings
adding to function definitions, 97
appending to URLs, 303
arrays, 14
assignment operator (=), 14
Boolean, 14
case sensitivity, 14
confirming values of, 44
vs. constants, 26
defined, 14
floating point, 14
including underscore, 17
integer, 14
nonscalar, 14
NULL, 14
objects, 14
omitting spaces, 17
preceding with $ (dollar sign), 14
predefined, 14
printing, 14–15
printing values of, 31
scalar, 14
shorthand version, 16
strings, 14
superglobal, 44
syntactical rules, 14
tracking during debugging, 260
treatment of, 17
typecasting, 410
using, 15–17
using with numbers, 24
using with strings, 19
version of PHP constant, 26, 33
view_users.php script, 282–283, 300–302
modifying, 290–291
OOP example, 506–507
paginating, 316–322
sortable displays, 323–325
W
warnings, error reporting, 250
Web applications
date and time functions, 362–365
file uploads, 336–338
file uploads with PHP, 342–347
HTTP headers, 355–361
PHP and JavaScript, 348–354
preparing servers for uploads, 338–341
sending email, 330–335
Web browser
sending data to, 7–9
sending HTML to, 12
Web pages, altering spacing in, 9
Web sites, dynamic vs. static, 75. See also dynamic Web sites
WHEN...THEN clauses, 219
WHERE clause, 140–141
using with indexes, 180
using with UPDATE, 150
while loop. See also loops
example, 69
functionality, 70
white space, areas of, 9
whitelist validation, 409
wildcards, using with LIKE and NOT LIKE, 144
WITH QUERY EXPANSION modifier, 229
wordwrap( ) function, 333
www.query.com, loading, 461
X
XHTML, resource for, 5
XHTML 1.0 Transitional document, 2
XML-style tags, 4
XOR (and not) operator, 45, 48, 140
XSS attacks, preventing, 418–420
xss.php script, 419
Y
YEAR( ) function, 159
Z
Z (Zulu) time
explained, 189
using, 191–194