www.it-ebooks.info
“I’ve never purchased a better
programming book… This book proved to
be the most informative, easiest to follow,
and had the best examples of any other
computer-related book I have ever
purchased.The text is very easy to follow!”
—Nick Landman
“This book by Welling & Thomson is the
only one which I have found to be indis-
pensable.The writing is clear and straightfor-
ward but never wastes my time.The book is
extremely well laid out.The chapters are the
right length and chapter titles quickly take
you where you want to go.”
—Wright Sullivan, President,A&E
Engineering, Inc., Greer South Carolina
“I just wanted to tell you that I think the
book PHP and MySQL Web Development
rocks! It’s logically structured, just the right
difficulty level for me (intermediate),
interesting and easy to read, and, of course,
full of valuable information!”
—CodE-E, Austria
“There are several good introductory
books on PHP, but Welling & Thomson is an
excellent handbook for those who wish to
build up complex and reliable systems. It’s
obvious that the authors have a strong back-
ground in the development of professional
applications and they teach not only

now available to the commoners. Again, I
know 1/10000th of what there is to know,
and already I’m enthralled.”
—Tim Luoma,TnTLuoma.com
“Welling and Thomson’s book is a good
reference for those who want to get to
grips with practical projects straight off the
bat. It includes webmail, shopping cart,
session control, and web-forum/weblog
applications as a matter of course, and
begins with a sturdy look at PHP first,
moving to MySQL once the basics
are covered.”
—twilight30 on Slashdot
www.it-ebooks.info
“This book is absolutely excellent, to
say the least…. Luke Welling and Laura
Thomson give the best in-depth explana-
tions I’ve come across on such things as
regular expressions, classes and objects,
sessions etc. I really feel this book filled in a
lot of gaps for me with things I didn’t quite
understand….This book jumps right into
the functions and features most commonly
used with PHP, and from there it continues
in describing real-world projects, MySQL
integration, and security issues from a proj-
ect manager’s point of view. I found every
bit of this book to be well organized and
easy to understand.”

are built into many web sites.”
—Craig Cecil
“The book takes an easy, step-by-step
approach to introduce even the clueless
programmer to the language of PHP. On
top of that, I often find myself referring
back to it in my Web design efforts. I’m still
learning new things about PHP, but this
book gave me a solid foundation from
which to start and continues to help me to
this day.”
—Stephen Ward
“This book is one of few that really
touched me and made me ‘love’ it. I can’t
put it in my bookshelf; I must put it in a
touchable place on my working bench as I
always like to refer from it. Its structure is
good, wordings are simple and straight for-
ward, and examples are clear and step by
step. Before I read it, I knew nothing of
PHP and MySQL. After reading it, I have
the confidence and skill to develop any
complicated Web application.”
—Power Wong
“This book is God…. I highly recom-
mend this book to anyone who wants to
jump in the deep end with database driven
Web application programming. I wish more
computer books were organized this way.”
—Sean C Schertell

ity for errors or omissions. Neither is any liability assumed for damages
resulting from the use of the information contained herein.
Library of Congress Cataloging-in-Publication Data
Welling, Luke, 1972-
PHP and MySQL Web development / Luke Welling, Laura Thomson. 4th
ed.
p. cm.
ISBN 978-0-672-32916-6 (pbk. w/cd)
1. PHP (Computer program language) 2. SQL (Computer program language)
3. MySQL (Electronic resource) 4. Web sites Design. I. Thomson,
Laura. II. Title.
QA76.73.P224W45 2008
005.2'762 dc22
2008036492
Printed in the United States of America
First Printing: September 2008
ISBN-10: 0-672-32916-6
ISBN-13: 978-0-672-32916-6
Trademarks
All terms mentioned in this book that are known to be trademarks or serv-
ice marks have been appropriately capitalized. Pearson Education, Inc.
cannot attest to the accuracy of this information. Use of a term in this
book should not be regarded as affecting the validity of any trademark or
service mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied. The information provided
is on an “as is” basis. The authors and the publisher shall have neither lia-
bility nor responsibility to any person or entity with respect to any loss or
damages arising from the information contained in this book or from the use

Dan Scherf
Book Designer
Gary Adair
Composition
Bronkella Publishing
www.it-ebooks.info
❖
To our Mums and Dads
❖
www.it-ebooks.info
Contents at a Glance
Introduction 1
I Using PHP
1 PHP Crash Course 13
2 Storing and Retrieving Data 59
3 Using Arrays 81
4 String Manipulation and Regular Expressions 107
5 Reusing Code and Writing Functions 133
6 Object-Oriented PHP 159
7 Error and Exception Handling 193
II Using MySQL
8 Designing Your Web Database 207
9 Creating Your Web Database 219
10 Working with Your MySQL Database 243
11 Accessing Your MySQL Database from the Web
with PHP 267
12 Advanced MySQL Administration 287
13 Advanced MySQL Programming 311
III E-commerce and Security
14 Running an E-commerce Site 327

B Web Resources 907
Index 911
www.it-ebooks.info
Table of Contents
Introduction 1
I Using PHP
1 PHP Crash Course 13
Before You Begin: Accessing PHP 14
Creating a Sample Application: Bob’s Auto Parts 14
Creating the Order Form 14
Processing the Form 16
Embedding PHP in HTML 17
PHP Tags 18
PHP Statements 19
Whitespace 20
Comments 20
Adding Dynamic Content 21
Calling Functions 22
Using the date() Function 22
Accessing Form Variables 23
Short, Medium, and Long Variables 23
String Concatenation 26
Variables and Literals 27
Understanding Identifiers 28
Examining Variable Types 29
PHP’s Data Types 29
Type Strength 29
Type Casting 30
Variable Variables 30
Declaring and Using Constants 31

Next 57
2 Storing and Retrieving Data 59
Saving Data for Later 59
Storing and Retrieving Bob’s Orders 60
Processing Files 61
Opening a File 61
Choosing File Modes 61
Using fopen() to Open a File 62
Opening Files Through FTP or HTTP 64
Addressing Problems Opening Files 65
www.it-ebooks.info
xii
Contents
Writing to a File 67
Parameters for fwrite() 68
File Formats 68
Closing a File 69
Reading from a File 71
Opening a File for Reading: fopen() 72
Knowing When to Stop: feof() 73
Reading a Line at a Time: fgets(), fgetss(), and
fgetcsv() 73
Reading the Whole File: readfile(), fpassthru(), and
file() 74
Reading a Character: fgetc() 75
Reading an Arbitrary Length: fread() 75
Using Other Useful File Functions 76
Checking Whether a File Is There:
file_exists() 76
Determining How Big a File Is: filesize() 76

Reverse User Sorts 95
Reordering Arrays 96
Using shuffle() 96
Using array_reverse() 97
Loading Arrays from Files 98
Performing Other Array Manipulations 102
Navigating Within an Array: each(), current(),
reset(), end(), next(), pos(), and prev() 102
Applying Any Function to Each Element in an
Array: array_walk() 103
Counting Elements in an Array: count(), sizeof(),
and array_count_values() 104
Converting Arrays to Scalar Variables:
extract() 105
Further Reading 106
Next 106
4 String Manipulation and Regular
Expressions 107
Creating a Sample Application: Smart Form Mail 107
Formatting Strings 110
Trimming Strings: chop(), ltrim(), and
trim() 110
Formatting Strings for Presentation 110
Formatting Strings for Storage: addslashes() and
stripslashes() 114
Joining and Splitting Strings with String
Functions 116
Using explode(), implode(), and join() 116
Using strtok() 117
Using substr() 118

Further Reading 131
Next 131
5 Reusing Code and Writing Functions 133
The Advantages of Reusing Code 133
Cost 134
Reliability 134
Consistency 134
Using require() and include() 134
Filename Extensions and require() 135
Using require() for Website Templates 137
www.it-ebooks.info
xv
Contents
Using auto_prepend_file and
auto_append_file 142
Using Functions in PHP 143
Calling Functions 143
Calling an Undefined Function 145
Understanding Case and Function Names 146
Defining Your Own Functions 146
Examining Basic Function Structure 146
Naming Your Function 147
Using Parameters 148
Understanding Scope 150
Passing by Reference Versus Passing by Value 153
Using the return Keyword 154
Returning Values from Functions 155
Implementing Recursion 156
Namespaces 158
Further Reading 158

Using Per-Class Constants 184
Implementing Static Methods 184
Checking Class Type and Type Hinting 184
Late Static Bindings 185
Cloning Objects 186
Using Abstract Classes 186
Overloading Methods with __call() 186
Using __autoload() 187
Implementing Iterators and Iteration 188
Converting Your Classes to Strings 190
Using the Reflection API 190
Next 191
7 Error and Exception Handling 193
Exception Handling Concepts 193
The Exception Class 195
User-Defined Exceptions 196
Exceptions in Bob’s Auto Parts 199
Exceptions and PHP’s Other Error Handling
Mechanisms 202
Further Reading 203
Next 203
II Using MySQL
8 Designing Your Web Database 207
Relational Database Concepts 208
Tables 208
Columns 209
www.it-ebooks.info
xvii
Contents
Rows 209

Using the Right Database 229
Creating Database Tables 229
Understanding What the Other Keywords
Mean 231
Understanding the Column Types 232
www.it-ebooks.info
xviii
Contents
Looking at the Database with SHOW and
DESCRIBE 233
Creating Indexes 234
Understanding MySQL Identifiers 235
Choosing Column Data Types 236
Numeric Types 236
Date and Time Types 238
String Types 239
Further Reading 241
Next 241
10 Working with Your MySQL Database 243
What Is SQL? 243
Inserting Data into the Database 244
Retrieving Data from the Database 246
Retrieving Data with Specific Criteria 248
Retrieving Data from Multiple Tables 249
Retrieving Data in a Particular Order 255
Grouping and Aggregating Data 256
Choosing Which Rows to Return 258
Using Subqueries 258
Updating Records in the Database 261
Altering Tables After Creation 261

Tables 292
Access Control: How MySQL Uses the Grant
Tables 293
Updating Privileges:When Do Changes Take
Effect? 293
Making Your MySQL Database Secure 294
MySQL from the Operating System’s Point of
View 294
Passwords 295
User Privileges 295
Web Issues 296
Getting More Information About Databases 296
Getting Information with SHOW 296
Getting Information About Columns with
DESCRIBE 299
Understanding How Queries Work with
EXPLAIN 299
Optimizing Your Database 304
Design Optimization 304
Permissions 304
Table Optimization 304
www.it-ebooks.info
xx
Contents
Using Indexes 305
Using Default Values 305
Other Tips 305
Backing Up Your MySQL Database 305
Restoring Your MySQL Database 306
Implementing Replication 306

Cutting Costs 335
Understanding Risks and Threats 336
Crackers 337
Failure to Attract Sufficient Business 337
Computer Hardware Failure 337
Power, Communication, Network, or Shipping
Failures 338
Extensive Competition 338
Software Errors 338
Evolving Governmental Policies and Taxes 339
System Capacity Limits 339
Choosing a Strategy 339
Next 339
15 E-commerce Security Issues 341
How Important Is Your Information? 342
Security Threats 342
Exposure of Confidential Data 343
Loss or Destruction of Data 344
Modification of Data 345
Denial of Service 346
Errors in Software 347
Repudiation 348
Usability, Performance, Cost, and Security 349
Creating a Security Policy 349
Authentication Principles 350
Encryption Basics 351
Private Key Encryption 353
Public Key Encryption 353
Digital Signatures 354
Digital Certificates 355

Securing Your Code 367
Filtering User Input 367
Escaping Output 371
Code Organization 374
What Goes in Your Code 374
File System Considerations 375
Code Stability and Bugs 376
Execution Quotes and exec 377
Securing Your Web Server and PHP 378
Keep Software Up-to-Date 378
Browse the php.ini file 380
www.it-ebooks.info
xxiii
Contents
Web Server Configuration 380
Commercially Hosted Web Applications 382
Database Server Security 383
Users and the Permissions System 383
Sending Data to the Server 384
Connecting to the Server 384
Running the Server 385
Protecting the Network 385
Install Firewalls 386
Use a DMZ 386
Prepare for DoS and DDoS Attacks 387
Computer and Operating System Security 387
Keep the Operating System Up-to-Date 387
Run Only What Is Necessary 388
Physically Secure the Server 388
Disaster Planning 388

Storing Credit Card Numbers 419
Using Encryption in PHP 419
Installing GPG 420
Testing GPG 422
Further Reading 427
Next 428
IV Advanced PHP Techniques
19 Interacting with the File System and the
Server 431
Uploading Files 431
HTML for File Upload 433
Writing the PHP to Deal with the File 434
Avoiding Common Upload Problems 438
Using Directory Functions 439
Reading from Directories 439
Getting Information About the Current
Directory 442
Creating and Deleting Directories 443
Interacting with the File System 443
Getting File Information 444
Changing File Properties 446
Creating, Deleting, and Moving Files 447
Using Program Execution Functions 447
www.it-ebooks.info