1NF (First Normal Form), 169–171
2NF (Second Normal Form), 172–174
3NF (Third Normal Form), 175–176
8-bit Unicode Transformation Format, 2
− operator, 23
!
operator, 45
!= operator, 140
$
escape sequence, 29
% operator, 23
* operator, 23
/ operator, 23
@
error suppression operator, 250, 270
'
escape sequence, 29
\
escape sequence, 29
"
escape sequence, 29
|
operator, 140
+ operator, 23
++ operator, 23
<
operator, 45
<-
operator, 45
< operator, 140
<= operator, 140
<> operator, 140
>-
operator, 45
>= operator, 140
!-
operator, 45
&&
(and) operator, 45, 48, 56, 140
*
(asterisk), using with SELECT
queries, 138
`
(backticks), use in SQL commands, 137
{} (curly braces)
using with conditionals, 45, 48
$
(dollar sign), using with variables, 14
==
(double equals sign) vs. =
(equals sign), 47
"
(double) quotation marks, using, 29–31
(
escape), using, 6
( ) (parentheses)
using with clauses, 25
using with functions, 8
#
(pound) symbol, using in comments, 10–11
;
(semicolon)
avoiding, 280
using with statements, 6
'
(single) quotation marks, using, 29–31
//
(slashes), using in comments, 10–11
[]
(square brackets)
using with databases, 114
using with functions, 104
_ (underscore), using with variables, 17
ABS( )
function, 157
absolute vs. relative paths, 76
access problems, debugging, 263
addition operator, symbol for, 23
AES_DECRYPT( )
function, 237
AES_ENCRYPT( )
function, 237, 239
Ajax. See also jQuery
creating JavaScript, 485
form, 481–482
handling request, 484
login_ajax.php
script, 484
login.php
script, 481–482
overview, 479–480
performing request, 486–491
server-side script, 483
ALTER
command, 230
ALTER
TABLE
clauses, 222
ANALYZE
command, 230
and not (XOR
) logical operator, 45, 48
AND
operator, 45, 48, 156, 140
argument values, setting defaults, 101–104
arguments
empty strings, 104
FALSE
value, 104
$name
, 103
NULL
value, 104
using with user-defined functions, 97–100
values, 104
arithmetic, precedence issue, 25
arithmetic operators
addition, 23
decrement, 23
division, 23
increment, 23
modulus, 23
multiplication, 23
subtraction, 23
array( )
function, using, 58
array values, printing during debugging, 261
array_map( )
function, 408
arrays
&&
(and) operator, 56
accessing, 58–59
$artists
, 54
calendar.php
document, 59–61
combining, 63
and conditionals, 56–57
$_COOKIE
superglobal, 55
creating, 58
creating and accessing, 59–60
defined, 54
$_ENV
superglobal, 55
examples, 54
$_GET
superglobal, 55
$GLOBALS
, 109
HTML table for sorting, 66
indexed, 54
indexing, 58
key-value pairs, 54
of Mexican states, 62–64
multidimensional, 61–64
naming rules, 54
natsort( )
function, 68
$_POST
superglobal, 55–56
printing, 55
printing after sorting, 67
randomizing order of, 68
referring to values in, 54
$_REQUEST
superglobal, 55–56
returning from functions, 108
$_SERVER
superglobal, 55
$_SESSION
superglobal, 55
shuffle( )
function, 68
sort( )
function, 65
sorting, 65–68
of sphenic numbers, 61
$states
, 54
and strings, 65
superglobals, 55–56
using, 56–57
using for pull-down menus, 59–60
using with loops, 70
usort( )
function, 68
arsort( )
function, using with arrays, 65, 68
asort( )
function, using with arrays, 65, 68
assignment operator (=), 140
example, 25
using for concatenation, 22
using with variables, 14
asterisk (*
), using with SELECT
queries, 138
AUTO_INCREMENT
example, 135
autocommit nature, altering, 236
AVG( )
grouping function, 214–215, 217
backslash code, 29
backticks (`
), use in SQL commands, 137
banking database
accounts table, 198
average account balance, 214
customers table, 197
transactions table, 199
BETWEEN
operator, 140
blacklist validation, 409
blank page
displaying in error, 8
error, 258
books database, 176
Boolean FULLTEXT
searches, performing, 227–229
Boolean mode operators, 227
boundaries, using with regular expressions, 444
browser
sending data to, 7–9
sending HTML to, 12
brute force attacks, preventing, 431
calculator.html
page
DOM manipulation, 474–478
saving, 468
calculator.js
page, saving, 472
calculator.php
document
changing echo
statement, 107
create_gallon_radio( )
function, 98
creating, 86
default argument values, 101–104
Filter extension, 422–424
formatting costs, 107
$name
argument, 103
radio buttons, 98–103
return
statement, 108
returning costs, 107
rewriting for sticky form, 90–94
saving for sticky form, 94
typecasting, 410–413
user-defined function, 98–100
calendar.php
document
creating, 59
loop examples, 70–71
saving, 61
call to undefined function error, 97, 258
cannot redeclare function error, 258
CAPTCHA test, 408
carriage return code, 29
CASCADE
action, using with foreign key constraints, 196
Cascading Style Sheets (CSS). See CSS (Cascading Style Sheets)
CASE( )
function, 219
ceil( )
function, 319
CEILING( )
function, 157
CHAR( )
function, 135
CHAR
vs. VARCHAR
, 117
character classes, using with regular expressions, 443–445
character codes, replacing with values, 29
character sets
assigning, 186–188
collations, 184
establishing for columns, 186
explained, 184
UTF-8, 188
UTF-8 encoding, 185
characters, printing, 31
CHARSET
command, 186
@charset "utf-8"
, using with CSS files, 5
cinema database, 172
clauses, grouping in parentheses, 25
COALESCE( )
function, 218
Codd, E.F., 166
collations
assigning, 186–188
establishing for columns, 186
explained, 184
specifying in queries, 188
viewing, 185
column types, choosing for databases, 114–117
column values, applying functions to, 153
columns, using indexes on, 179
comma, concatenating to variables, 21
comments
avoiding nesting, 13
example, 15
guidelines for, 13
HTML, 10
keeping up to date, 13
PHP, 10
using at end of line, 13
using to debug scripts, 259
writing, 10–13
comments.php
document
creating, 11
saving, 12
COMMIT
command, using with queries, 233, 236
comparative operators
--
(is equal to), 45
<
(less than), 45
<-
(less than or equal to), 45
>
(greater than), 45
>-
(greater than or equal to), 45
!-
(is not equal to), 45
comparison functions, 218
CONCAT( )
functions, 154–156
concatenating values, 22
concatenation
assignment operator (=
), 22
defined, 21
operator (.
), 21
using, 21–22
using with numbers, 21
using with strings, 21
concatenation operator (.
)
using, 21
using with constants, 26–27
concat.php
file, saving, 22
adding to print message, 47
default values, 48
else
, 45
elseif
, 45
$gender
variable, 46
if
, 45
if-elseif-else
, 47
indicating subsets of, 48
switch
, 48
using, 46–48
using with arrays, 56–57
connection scripts .php
with, 271
constants
accessing values of, 26
assigning scalar values, 26
concatenation (.) operator, 26–27
creating, 26
date, 27
define( )
function, 26
mysqli_fetch_array( )
, 281
naming, 26
omitting quotation marks, 26
PHP_OS
, 26
PHP_VERSION
, 26
predefined, 26
using, 27–28
vs. variables, 26
constants.php
document
creating, 27
saving, 28
constraints vs. triggers, 201
CONVERT( )
function, 188
CONVERT_TZ
function, 190
cookies
accessing, 380–382
creating logout link, 386–387
deleting, 384–385
expirations, 384
explained, 376
sending, 378–380
vs. sessions, 388
setting, 377
setting parameters, 382–384
size limit, 380
testing for, 376
Coordinated Universal Time (UTC)
explained, 189
using, 189
COUNT( )
grouping function, 214–215, 319
applying, 217
create_ad( )
function, calling, 97
create_gallon_radio( )
function, 98
CSS (Cascading Style Sheets)
error class, 51
using with HTML forms, 37
CSS file, declaring encoding for, 5
CUR( )
functions, 159–160
curly braces ({})
using with conditionals, 45, 48
data, validating by type, 409–413
database design
ERD (entity-relationship diagram), 169
foreign key constraints, 195–201
forum data, 166–167
indexes, 179–181
process, 169
reviewing, 177–178
database elements, naming, 112–113
database schema
explained, 166
MySQL Workbench program, 169
database structure, confirming, 188
database tables
altering, 222
deleting data in, 152
emptying, 152
joining three or more, 211–213
databases
AUTO_INCREMENT
, 118–119
banking, 196–197
“big,” 233
books, 176
choosing column types, 114–117
connecting to, 268–272
data types, 115
default values for columns, 119–120
deleting, 152
encrypting, 237–239
indexes, 118
Length attribute, 114
message board, 520–528
modeling, 169
movies table, 170
optimizing, 230
planning contents of, 166
PRIMARY KEY
, 118–119
relationships, 168–169
selecting, 268–272
square brackets ([ ]
), 114
TEXT
columns, 120
TIMESTAMP
column, 119
UNSIGNED
number types, 119–120
ZEROFILL
number types, 119
date and time
accessing on client, 163
*_FORMAT
parameters, 162
NOW( )
function, 163
returning current, 163
date constant, creating, 27
DATE( )
function, 159
date( )
function formatting
formatting, 362
parameters, 364
dates, handling consistently, 194
DateTime
class, 511–517
datetime.php
script, 513–514
DAY( )
functions, 159–160
debugging. See also error messages
access problems, 263
basics, 242–243
beginning, 244–246
with Firefox, 246
FLUSH PRIVILEGES
, 263
HTML errors, 246–247
JavaScript, 459
MySQL techniques, 262–263
PHP scripts, 5, 8, 33, 259–261
with phpinfo( )
script, 245
SQL techniques, 262–263
steps, 243–244
using display_errors
, 33
validation tools, 246
decimals vs. integers, 25
decrement operator, symbol for, 23
define( )
function, using with constants, 26
DELETE
command, 151
delete_user.php
script, 303–305
deleting
constrained records, 201
cookies, 384–385
data, 151–152
records, 297
session variables, 393
sessions, 393–395
die( )
function, using in debugging, 261, 270
display_errors, 248–249
confirming, 33
turned off, 8
using in debugging, 33
using to debug scripts, 259
display_errors.php
, opening, 251
division operator, symbol for, 23
do...while
, 70
documents, organizing, 271
dollar sign ($
)
code, 29–31
using with variables, 14
DOM manipulation, 473–478
double ("
) quotation marks, 29–31
double equals sign (==
) vs. equals sign (=
), 47
DROP
command, 152
dynamic Web sites. See also external files; HTML forms; Web sites
ease of maintenance, 78
handling HTML forms, 85–90
.html
file extension, 78
.inc
file extension, 78
including multiple files, 78–84
$page_title
variable, 82
security, 78
sticky forms, 91–94
structure, 78
echo
language construct
sending HTML code to browser, 8
using, 6–7
using over multiple lines, 9
using to debug scripts, 260
echo
statement
concatenation example, 21
in HTML forms, 43
using with strings, 20
e-commerce
add_artist.php
document, 613–618
add_cart.php
script, 645–648
add_print.php
document, 618–628
browse_prints.php
document, 634–637
checkout process, 654
checkout.php
script, 655–658
database, 606–611
footer.html
document, 631
header.html
document, 629–630
index.php
document, 631–632
order_contents table, 607, 610
product catalog, 633–644
public template, 629–632
recording orders, 654–658
security, 611
shopping cart, 645–653
show_image.php
document, 642–644
view_cart.php
script, 648–653
view_print.php
document, 638–642, 644
edit_user.php
script, 309–311
else
conditional, 45
elseif
conditional, 45
email, sending, 330–335
email.php
script, 332–333
array_map( )
function, 408
preventing spam, 404
empty( )
function, using with forms, 49
empty variable value error, 258
encoding
declaring for external CSS file, 5
explained, 2
indicating to Web browser, 2
listing, 184
encrypting databases, 237–239. See also security methods
enctype
, including with form
tag, 342, 347
ENUM
types, sorting on, 146
equals sign (=
) vs. double equals sign (==
), 47
ERD (entity-relationship diagram)
example, 178
explained, 169
error CSS class, defining, 51
error handlers, customizing, 253–257
error management
die( )
function, 261
exit( )
function, 261
error messages. See also debugging
access-denied, 263
call to undefined function error, 97
column values in MySQL, 137
deleting parent records, 195
SHOW WARNINGS
command, 137
trusting, 33
Undefined variable: variablename, 44
error reporting
adjusting in PHP, 250–252
levels, 250
notices, 250
warnings, 250
errors
in book, 247
display_errors
, 248–249
PHP, 248–249
suppressing with @, 250
syntactical, 242
types of, 242–243
escape (), 6
escape sequences, 29
exit( )
function, using in debugging, 261
extensions, 4
external files. See also Web sites
absolute paths, 76
include( )
function, 76–77, 82
referencing, 76
relative paths, 76
require( )
function, 76–77
using, 78
fetch_object( )
method, 507
file extensions, 4
file not found error, receiving, 5
file uploads
allowing for, 336–337
configurations, 336
$_FILES
array, 342
with PHP, 342–347
preparing server, 338–341
secure folder permissions, 337
Unix chmod
command, 341
Fileinfo extension, 415–416
files
including multiple, 76–84
validating by type, 414–417
$_FILES
array, using with uploads, 342
filters, 421–424
sanitation, 421
validation, 421
Firefox, using for debugging, 246
First Normal Form (1NF), 169–171
first.php
document
creating, 3
running in browser, 4
saving, 4
sending data to Web browser, 7
FLOOR( )
function, 157
FLUSH PRIVILEGES
, using in debugging, 263
folder permissions, securing, 337
footer file, including in HTML form, 90
creating, 81
saving, 82
for
loop. See also loops
example, 69
functionality, 70
rewriting foreach
loop as, 70–71
foreach
loop. See also loops
rewriting as for
loop, 70–71
using with arrays, 58–61, 63–64
foreign key constraints
accounts table, 198
action options, 195
banking database, 197
CASCADE
action, 196
creating, 197–201
customers table, 197
ON DELETE
action, 195
explained, 195–196
impact on INSERT
queries, 195
populating tables, 200
syntax, 195
transactions table, 199
ON UPDATE
action, 195
form data
adding CSS to HTML head
, 51
error CSS class, 51
if-else
conditional, 52
is_numeric( )
function, 53
validating, 49–53
validating gender variable, 51–52
form
tag
action
attribute, 36
method
attribute, 36
specifying encoding, 40
FORMAT( )
function, 157
*_FORMAT
parameters, date and time, 162
form.html
document
creating, 37
saving, 40
testing, 43
forms. See also HTML forms
preventing automated submissions, 408
validating, 56
validation errors, 279
forum database, 175. See also message board
atomic, 170
creating, 186
ERD (entity-relationship diagram), explained, 178
indexes, 181
items, 166–167
table types, 182
time zones, 190–194
forum page, creating for message board, 538–542
forums table, creating, 186
FULLTEXT
indexes, adding, 180, 223–224
FULLTEXT
searches
Boolean, 227–229
performing, 222–226
function.js
document
creating, 350
saving, 352
functions. See also MySQL functions; PHP functions; user-defined functions
[ ]
(square brackets), 104
applying to column values, 153
avoiding global variables in, 109
calling and returning arrays, 108
date and time, 159
errors, 258
grouping, 214
for numbers, 23
numeric, 157–158
optional parameters, 104
returning multiple values, 108
searching in PHP manual, 22
for strings, 22
text, 154–156
type validation, 409
garbage collection, 394
gender radio buttons, validating, 46
gender variable, validating, 51–52
GET
request, using with HTML forms, 85
$_GET
variable vs. variable scope, 109
getdate( )
array, 363
getimagesize( )
array, 352
$GLOBALS
array, adding elements to, 109
greater than (>
) operator, 45
greater than or equal to (>-
) operator, 45
GREATEST( )
function, 218
GROUP BY
clauses, using with joins, 215
GROUP_CONCAT( )
grouping function, 214
grouping
functions, 214–215
data, 216–217
handle_form.php
document
for arrays, 56–57
conditionals example, 46–48
creating, 42
using stripslashes( )
function in, 44
validating form data, 49–53
HAVING
clause, explained, 217
header( )
function, 356–361
header.html
file
for logout link, 386
modifying, 266–267
for session variables, 392
headers already sent error, 258
hidden form inputs, 304–308
home page, creating for message board, 537
HOUR( )
function, 159
.htaccess
file, 337
HTML
printing with PHP, 31
resource for, 5
sending to Web browser, 12
HTML attributes, double quoting, 94
HTML code, sending, 8
HTML errors, debugging, 246–247
HTML for Web page script, 80
HTML forms. See also dynamic Web sites; forms; sticky forms
age
element, 42
beginning, 89
comments
element, 42
completing, 89
creating, 37–40
CSS (Cascading Style Sheets), 37
echo
statement, 43
email
element, 42
encoding for form
tag, 39
footer file, 90
form data variables, 42
gender
element, 42
gender radio button, 46
GET
method, 36
GET
request, 85
.html
extension, 39
input types, 44
method
attribute, 36
multidimensional arrays from, 64
name
element, 42
number_format( )
function, 88
performing calculations, 88
printing, 42
printing results, 88
printing values in, 42
$_REQUEST[ ]
variables, 42–43
sample script, 37–38
starting, 38
submit
element, 42
submitting back to itself, 90
testing, 43
testing submission of, 85–86
text box for comments, 39
text inputs, 38
textarea element, 39
validating, 88
variables for form elements, 42
HTML source code
altering spacing of, 9
checking, 33
HTML table, creating to sort arrays, 66
HTML template script, 79
HTML5, development of, 3
HTML-embedded language, PHP as, 2
htmlentities( )
function, 418–420
.html
extension, 39
htmlspecialchars( )
function, 418, 420
HTTP headers, 355–357
if
conditional, 45
if-else
conditional, 52
if-elseif-else
conditional, 47
IFNULL( )
function, 221
images.php
document. See also show_image.php
script
creating, 352
date and time functions, 363–365
script, 353–355
IN
operator, 140
.inc
file extension, 78
include( )
function
vs. require( )
function, 84
increment operator, symbol for, 23
index page, creating for message board, 537
indexes
creating, 179–181
FULLTEXT
, 180
PRIMARY KEY
, 180
UNIQUE
, 180
using on columns, 179
using with JOIN
s, 181
index.php
file
saving, 83
using to create function, 95
ini_set( )
function, 248–249
InnoDB storage engine
features, 182
foreign key constraints, 195
vs. MyISAM, 182
integers
vs. decimals, 25
maximum, 25
is equal to
(--
) operator, 45
IS FALSE
operator, 140
is not equal to (!-
) operator, 45
IS NOT NULL
operator, 140
IS NULL
operator, 140–141
IS TRUE
operator, 140
is_*
type validation functions, 409
is_numeric( )
function, using with forms, 53
is_uploaded_file( )
function, 347
ISO-8859-1 encoding, use of, 5
isset( )
function
using with conditionals, 45
JavaScript
alert( )
call, 470
debugging, 459
event handling, 469–472
form submission, 470–472
form validation, 491
formatting numbers, 472
test.js
file, 470
JavaScript file
creating, 349–354
creating with PHP, 352–354
join types, 232
joining tables, 211–213
joins
creating, 211
GROUP BY
clauses in, 215
outer, 208–211
performing, 204–205
self-, 210
JOIN
s, using indexes with, 181
jQuery. See also Ajax
$(document)
, 466
DOM manipulation, 473–478
hosted, 461
HTML form, 467–468
incorporating, 460–462
overview, 458–459
selecting page elements, 466–468
selecting Web documents, 466
using, 463–465
jQuery( )
function, calling, 465
keys
assigning, 167
foreign, 167
primary, 167
ksort( )
function, using with arrays, 65, 67
LEFT( )
function, 154
less than (<
) operator, 45
less than or equal to (<-
) operator, 45
LIKE
keyword, 222
literal underscore, 144
percentage, 144
using, 143–144
LIMIT
clause
using with queries, 147–148
using with UPDATE
, 150
list( )
function, 108
loggedin.php
script, 381, 391, 398
logical operators
!
(not), 45
login functions, making, 371–375
login page, making, 368–371
login_functions.inc.php
script, 372–373
login_page.php
script, 369
login.js
file, creating, 486–488
Ajax, 481–482
with encryption, 397
with sessions, 389
logout link, creating for cookies, 386–387
loops. See also for
loop; foreach
loop; while
loop
conditions, 70
do...while
, 70
infinite, 70
parameters, 70
using, 70–71
using with arrays, 70
LOWER( )
function, 154
Magic Quotes. See also quotation marks
stripslashes( )
function, 44
undoing effect of, 44
mail( )
function, 330–335
many-to-many relationship, 168
matches.php
document, 450, 452
mathematical calculations
assignment operators, 25
performing, 24
MAX( )
grouping function, 214
MAX_FILE_SIZE
, 347
MD5( )
function, 135
message board. See also forum database
administering, 557
database, 520–528
footer file, 536
forum page, 538–542
header.html
template, 530–536
home page, 537
index page, 537
languages table, 527
post_form.php
page, 548–551
posting messages, 548–557
post.php
file, 552–557
read.php
file for thread page, 544–546
templates, 529–537
thread page, 543–547
threads table, 524
messages table, creating, 187
meta
tag, using in encoding, 2
meta-characters, using in regular expressions, 438
method
attribute, using with HTML forms, 36
MIN( )
grouping function, 214
MINUTE( )
function, 159
MOD( )
function, 157–158
modulus operator, symbol for, 23
MONTH( )
functions, 159
movies table, 170
multi.php
document, creating, 62
multiplication operator, symbol for, 23
MyISAM table type, 182
MySQL. See also SQL (Structured Query Language)
accessing, 121–127
case sensitivity of identifiers, 113
CHAR( )
function, 135
column properties, 118–120
column types, 114–117
connecting to, 268–272
connection for OOP, 497–500
debugging techniques, 262–263
described, 111
errors related to column values, 137
FALSE
keyword, 142
INTO
in INSERT
, 137
inserting rows, 133
length limits for element names, 113
MD5( )
function, 135
naming database elements, 112–113
NOT NULL
value for columns, 118
NULL
value for columns, 119
Query Browser, 121
selecting column types, 116–117
SHA1( )
function, 135, 137, 142
SHOW CHARACTER SET
command, 184
SHOW
command, 188
time zones, 189–194
TRUE
keyword, 142
users table, 113
mysql client, 121–124
MySQL data types
BIGINT
, 115
BINARY
, 117
BOOLEAN
, 117
DATE
, 115
DATETIME
, 115
DECIMAL
, 115
DECIMAL
vs. FLOAT
or DOUBLE
, 117
DOUBLE
, 115
ENUM
, 114–115
FLOAT
, 115
INSERT
, 117
INT
, 115
LONGBLOB
, 117
LONGTEXT
, 115
MEDIUMBLOB
, 117
MEDIUMINT
, 115
MEDIUMTEXT
, 115
SET
, 114–115
SHOW ENGINES
command, 183
SMALLINT
, 115
TEXT
, 115
TIME
, 115
TINYBLOB
, 117
TINYTEXT
, 115
UPDATE
, 117
VARBINARY
, 117
MySQL functions, support for, 267. See also functions
MySQL Workbench program, 169
mysqli_connect.php
document
creating, 268
saving, 270
script, 269
security, 271
mysqli_fetch_array( )
constants, 281
mysqli_num_rows( )
function, 290–291
mysqli_real_escape_string( )
function, 286–289, 425
(newline) character
escape sequence, meaning, 29, 31
printing, 9
namespaces, support for, 496
natsort( )
function, using with arrays, 68
newline (
) character, printing, 9
nl2br( )
function, 420
normalization
1NF (First Normal Form), 169–171
2NF (Second Normal Form), 172–174
3NF (Third Normal Form), 175–176
defined, 165
development, 166
forms, 169
overruling, 176
not (!
) operator, 45
NOT BETWEEN
operator, 140
NOT IN
operator, 140
NOT LIKE
keyword
literal underscore, 144
percentage, 144
using, 143–144
NOT
operator, 140
Notepad, avoiding use of, 3–4
notices, error reporting, 250
NULL
type, explained, 45
NULL
values vs. empty strings, 141
number_format( )
function, 23, 25, 88
numbers
arithmetic operators, 23
functions for, 23
quoting, 23
sphenic, 61
using, 24–25
using typecasting with, 413
using variables with, 24
numbers.php
document
creating, 24
quotation marks examples, 29–31
saving, 25
number-type variables, examples, 23
numeric functions, 157–158
one-to-many relationship, 168
one-to-one relationship, 168
OOP (Object-Oriented Programming). See also programming techniques
classes, 496
DateTime
class, 511–517
executing queries, 501–504
fetch_object( )
method, 507
fetching results, 505–507
fundamentals, 494–495
MySQL connection, 497–500
outbound parameters, 510
prepared statements, 508–510
vs. procedural, 494
syntax in PHP, 495–496
operating system (OS) constant, 26
operators
comparative, 45
exclusive or, 48
logical, 45
ternary, 317
OPTIMIZE
command, 230
ORDER BY
clause
alias in, 155
using with indexes, 180
ORDER BY
clause, using with queries, 145–146
OS (operating system) constant, 26
outbound parameters, 510
outer joins, 208–211
output buffering, 561
pagination, explained, 316
parameters. See arguments
parentheses (())
using with clauses, 25
using with functions, 8
parse error, 258
for arrays, 55
receiving, 8
password, validating, 277
password.php
script, 292–297
paths, absolute vs. relative, 76
patterns
back references, 455
defining for regular expressions, 438–440
matching, 452–455
meta-characters, 438
modifiers, 450
replacing, 452–455
pcre.php
script
character classes, 444–445
matching patterns, 435
quantifiers, 441–442
reporting matches, 446–449
using patterns, 439–440
PHP
adjusting error reporting, 250–252
debugging technique, 258–261
namespaces, 496
OOP syntax in, 495–496
updating records with, 292–297
PHP and JavaScript, 348
PHP code
executing, 5
objects in, 500
placing in PHP tags, 3
PHP errors
blank page, 258
call to undefined function, 258
cannot redeclare function, 258
displaying, 248–249
empty variable value, 258
headers already sent, 258
logging, 257
parse error, 258
undefined variable, 258
.php
extension
using with connection scripts, 271
PHP files, including extensions with, 3
PHP functions, using with MySQL, 267. See also functions
PHP mail( )
dependencies, 330
PHP manual, accessing, 22
PHP pages, storing data sent to, 44
PHP scripts. See also scripts
for JavaScript, 352–354
making, 3–5
sending values to, 300–303
writing, 3
PHP tags, 4
PHP_OS
constant
explained, 26
using, 27
PHP_VERSION
constant
explained, 26
phpinfo( )
function
using, 33
using for debugging, 245
php.ini
configuration file, include_path
setting, 84
phpMyAdmin
INSERT
form, 137
INSERT
tab, 137
SELECT
queries, 139
sitename
database, 132
updating records, 150
using, 124–127
“Plain and Simple” template, 78
POST
method, using with HTML forms, 85
$_POST
variable vs. variable scope, 109
post_message.php
script, 427–431, 508–510
pound (#
) symbol, using in comments, 10–11
POW( )
function, 157
precedence, explained, 25
predefined.php
document
creating, 15
saving, 17
preg_match( )
function, using with regular expressions, 446–447
preg_replace( )
function, 452–454
prepared statements
in OOP, 508–510
performance, 425
using, 427–431
primary key, assigning, 167
PRIMARY KEY
index, adding, 180–181
print
language construct
sending HTML code to browser, 8
using, 6–7
using over multiple lines, 9
using to debug scripts, 260
print_r( )
function, 500
arrays, 55
arrays after sorting, 67
backslashes, 29
characters, 31
date, 27
dollar signs, 30–31
HTML forms, 42
HTML with PHP, 31
names of scripts, 16
operating system information, 27
parse error, receiving, 55
PHP version, 27
quotation marks, 29
results of HTML forms, 88
server information, 16
user information for scripts, 16
validation results for form data, 52
values in HTML forms, 43
values of strings, 18
values of variables, 31
programming techniques. See also OOP (Object-Oriented Programming)
editing records, 309–315
hidden form inputs, 304–308
paginating query results, 316–322
sending values to scripts, 300–303
sortable displays, 323–327
proxy.php
script, using with HTTP headers, 355
pull-down menu
adding to HTML form, 39
preselecting in sticky forms, 91
using arrays for, 59–60
quantifiers, using with regular expressions, 441–442
queries
executing, 273–280
executing in OOP, 501–504
explaining, 231–233
identifying problems with, 233
limiting results, 147–148
optimizing, 230–233
ORDER BY
clause, 145–146
performing calculations in, 142
quotes in, 134
sorting results, 145–146
specifying collations in, 188
query results
fetching, 284
paginating, 316–322
retrieving, 281–284
quotation marks. See also Magic Quotes
checking during debugging, 260
escape sequences, 29
printing, 29
single vs. double, 29–31
using in queries, 134
using with functions, 6–7
using with HTML attributes, 94
using with strings, 18
using with variables, 14
quotes.php
file, saving, 31
escape sequence, meaning, 29
radio buttons
adding to HTML forms, 39
changing in sticky forms, 93
presetting in sticky forms, 91
using in HTML forms, 90
RAND( )
function, 157–158
RDBMS, “relational” aspect, 169
read.php
, creating for thread page, 544–546
records
counting returned, 290–291
deleting constrained, 201
editing, 309–315
fetching, 506
finding in users table, 319
updating, 149–150
updating with PHP, 292–297
register.php
script, 274–276
modifying, 291
mysqli_real_escape_string( )
, 286–288
OOP example, 502–504
regular expressions
boundaries, 444
character classes, 443–446
finding matches, 446–449
matching patterns, 452–455
modifiers, 450–451
patterns, 438–440
preg_match( )
function, 446
quantifiers, 441–442
reducing greediness, 447–448
replacing patterns, 452–455
searching, 156
strstr( )
function, 440
test script, 434–437
many-to-many, 168
one-to-many, 168
one-to-one, 168
relative vs. absolute paths, 76
REPLACE
command, 137
REPLACE( )
function, 154
$_REQUEST
variable vs. variable scope, 109
require( )
function, vs. include( )
function, 84
return, including in messages, 9
return
statement, using with functions, 105–108
RIGHT( )
function, 154
ROLLBACK
command, with queries, 233, 236
round( )
function, 23
ROUND( )
function, 157
rows, inserting in MySQL, 133
sanitation filters, 421
savepoints, creating in transactions, 236
scandir( )
function, 352
schema, defined, 166
script
files, 352
scripts. See also PHP scripts
dynamic, 17
printing names of, 16
searches, performing FULLTEXT
, 222–226
SECOND( )
function, 159
Second Normal Form (2NF), 172–174
second.php
file, saving, 7
secure SQL, ensuring, 285–289
security
e-commerce, 611
of sortable displays, 327
security methods. See also encrypting databases
approaching, 403
CAPTCHA test, 408
Filter extension, 421–424
preventing brute force attacks, 431
preventing spam, 402–408
preventing SQL injection attacks, 425–431
preventing XSS attacks, 418–420
recommendations, 430
validating data by type, 409–413
validating files by type, 414–417
SELECT
queries
*
(asterisk) used with, 138
adding conditionals to, 140–143
listing columns in, 139
retrieving columns, 139
using with column values, 153
selections, advanced, 218–221
self-joins, performing, 210
semicolon (;
)
avoiding, 280
using with statements, 6
server, preparing for file uploads, 338–341
server information, printing, 16
session behavior, changing, 396
session fixation, preventing, 399
session variables
accessing, 390–392
deleting, 393
setting, 388–389
session_start( )
function, calling, 394
sessions
beginning, 389–390
vs. cookies, 388
deleting, 393–395
destroying, 393
improving security, 396–399
using, 388
setcookie( )
function, 377, 380
arguments, 384
result of, 387
SHA1( )
function, 135, 236, 239
SHOW CHARACTER SET
command, 184
SHOW
command, 188
SHOW ENGINES
command, 183
SHOW WARNINGS
command, 137
show_image.php
script. See also images.php
document
creating, 358
saving, 360
shuffle( )
function, using with arrays, 68
single ('
) quotation marks, 29–31
sitename
database
creating, 130
SELECT
queries, 140–142
users table, 131
slashes (//
), using in comments, 10–11
sort( )
function, using with arrays, 65
sortable displays, making, 323–327
sorting
arrays, 65–68
on ENUM
types, 146
query results, 145–146
sorting.php
document
creating, 66
saving, 68
space, concatenating to variables, 21
spacing, altering in Web pages, 9
spam, preventing, 402–408
spam_scrubber( )
function, 404–406
special characters, printing, 31
sphenic numbers, creating array of, 61
SQL (Structured Query Language). See also MySQL
AUTO_INCREMENT
, 135
character set, 132
collation, 132
conditionals, 140–142
confirming tables, 132
CREATE DATABASE
syntax, 130
creating databases, 130–132
creating tables, 130–132
date and time functions, 159–161
debugging techniques, 262–263
DELETE
command, 151
deleting data, 151–152
DESCRIBE tablename
syntax, 132
DROP
command, 152
formatting date and time, 162–163
formatting text, 155–156
functions, 153–156
INSERT
command, 133–137
inserting records, 133–137
LIKE
, 143–144
LIMIT
clause, 147–148
limiting query results, 147–148
listing columns, 132
NOT LIKE
, 143–144
NULL
values, 133
numeric functions, 157–158
quotes in queries, 134
securing, 285–289
SELECT
query, 138–139
SHOW COLUMNS FROM tablename
, 132
SHOW TABLES
syntax, 132
sorting query results, 145–146
specifying collation, 132
table types, 132
text columns, 132
text functions, 154–155
TRUNCATE TABLE
command, 151
UPDATE
syntax, 149–150
updating data, 149–150
users table, 131
WHERE
term, 140–141
SQL commands
backticks (`
) in, 137
entering, 127
REPLACE
, 137
SELECT
, 138–139
SQL injection attacks
bound value types, 426
prepared statements, 427–431
preventing, 425–431
SQRT( )
function, 157
square brackets ([ ]
)
using with databases, 114
using with functions, 104
sticky forms. See also HTML forms
changing distance input, 92
changing radio buttons, 93
described, 91
making, 92–94
preselecting pull-down menu, 91
presetting status of radio buttons, 91
presetting value of textarea, 91
select menu options, 94
value
attribute, 91
storage engine, defined, 182
string equality, checking for, 143
strings. See also variables
and arrays, 65
assigning values to variables, 18
calculating length of, 22
comparing, 143
concatenating, 21–22
converting case of, 22
creating, 18
defined, 18
echo
statement, 20
functions, 22
matching, 222
printing values of, 18
size consideration, 20
using, 19–20
using quotation marks with, 18
using variables with, 19
strings.php
document
concatenation example, 21–22
creating, 19
saving, 20
strip_tags( )
function, 418, 420
stripslashes( )
function, 44
strlen( )
function, 22
strstr( )
function 440
strtolower( )
function, 22
strtoupper( )
function, 22
Structured Query Language (SQL). See SQL (Structured Query Language)
style.cs
s file, downloading, 79
SUBSTRING( )
function, 154
subtraction operator, symbol for, 23
SUM( )
grouping function, 214, 217
superglobal variable, $_REQUEST, 44
switch
conditional, 48
syntax, errors in, 242
escape sequence, meaning, 29
tab code, 29
table types
confirming, 223
establishing, 183
finding, 183
MyISAM, 182
storage engine, 182
using, 182
tables. See database tables
template system
creating, 77–78
header file, 266–267
index.php
page, 83
ternary operator, structure of, 317
text
converting, 188
formatting, 155–156
text box for comments, adding to HTML form, 39
text editor, 3
text functions, 154–156
textarea element
adding to HTML form, 39
presetting value in sticky forms, 91
Third Normal Form (3NF), 175–176
thread page, creating for message board, 543–547
Thumbs.db
file, 354
time. See date and time
time zones, changing, 190
transactions
creating savepoints in, 236
performing, 234–236
triggers vs. constraints, 201
TRIM( )
function, 154
TRUNCATE
command, 297
TRUNCATE TABLE
command, 151
.txt
extension, avoiding use of, 4
type validation functions, 409
typecasting, 410–413
ucfirst( )
function, 22
ucwords( )
function, 22
undefined variable error, 258
Undefined variable: variablename error, 44
underscore (_), using with variables, 17
UNIQUE
indexes, adding, 180
Unix chmod
command, using for file uploads, 341
UNIX_TIMESTAMP( )
functions, 159
UPDATE
query, running, 292–297
UPDATE
syntax, 149–150
upload_image.php
document, 343–345
upload_rtf.php
script, 415–417
UPPER( )
function, 153–154
URLs
appending variables to, 303
using with PHP scripts, 5, 7, 33
user information, printing, 16
user registration
account activation, 586–588
activation page, 586–588
activation process, 583
change_password.php
script, 599–603
configuration scripts, 566–573
database connection, 571–573
database scheme, 573
database script, 570
footer.html
file, 563–565
forgot_password.php
script, 594–599
header.html
file, 560–562
home page, 574–575
index.php
script, 574–575
login.php
script, 589–592
logout.php
script, 593
output buffering, 561
password management, 594–603
register.php
script, 576–585
site administration, 602
templates, 560–565
user-defined functions. See also functions
calculation script, 105–107
calling after creating, 97
case insensitivity, 95
create_ad( )
, 97
creating, 95–97
default argument values, 101–104
memory usage, 97
naming, 95
return
statement, 105
returning values from, 105–108
taking arguments, 97–100
variable scope, 109
users table
creating, 187
finding records in, 319
usort( )
function, using with arrays, 68
UTC (Coordinated Universal Time)
explained, 189
using, 191–194
UTC Offsets table, 189
UTC_TIMESTAMP( )
functions, 159
UTF-8 characters, increasing column size for, 188
validating files by type, 414–417
validation
blacklist, 409
typecasting, 410–413
whitelist, 409
validation errors, reporting forms, 279
validation filters, 421
validation tools, using for debugging, 246
$var
, removing backslashes from, 44
VARCHAR
vs. CHAR
, 117
variable names, replacing, 29
variable scope
altering, 109
circumventing, 109
global
statement, 109
superglobal alternative, 109
variables. See also strings
adding to function definitions, 97
appending to URLs, 303
arrays, 14
assignment operator (=), 14
Boolean, 14
case sensitivity, 14
confirming values of, 44
vs. constants, 26
defined, 14
floating point, 14
including underscore, 17
integer, 14
nonscalar, 14
NULL, 14
objects, 14
omitting spaces, 17
preceding with $
(dollar sign), 14
predefined, 14
printing, 14–15
printing values of, 31
scalar, 14
shorthand version, 16
strings, 14
superglobal, 44
syntactical rules, 14
tracking during debugging, 260
treatment of, 17
typecasting, 410
using, 15–17
using with numbers, 24
using with strings, 19
version of PHP constant, 26, 33
view_users.php
script, 282–283, 300–302
modifying, 290–291
OOP example, 506–507
paginating, 316–322
sortable displays, 323–325
warnings, error reporting, 250
Web applications
date and time functions, 362–365
file uploads, 336–338
file uploads with PHP, 342–347
HTTP headers, 355–361
PHP and JavaScript, 348–354
preparing servers for uploads, 338–341
sending email, 330–335
Web browser
sending data to, 7–9
sending HTML to, 12
Web pages, altering spacing in, 9
Web sites, dynamic vs. static, 75. See also dynamic Web sites
WHEN...THEN
clauses, 219
WHERE
clause, 140–141
using with indexes, 180
using with UPDATE
, 150
while
loop. See also loops
example, 69
functionality, 70
white space, areas of, 9
whitelist validation, 409
wildcards, using with LIKE
and NOT LIKE
, 144
WITH QUERY EXPANSION
modifier, 229
wordwrap( )
function, 333
www.query.com
, loading, 461
XHTML, resource for, 5
XHTML 1.0 Transitional document, 2
XML-style tags, 4
XOR
(and not) operator, 45, 48, 140
XSS attacks, preventing, 418–420
xss.php
script, 419
YEAR( )
function, 159
Z (Zulu) time
explained, 189
using, 191–194
3.145.177.115