Introducing PHP
Installing PHP
Accessing the MySQL DBMS with PHP
Securing User Data
Managing Sessions
Writing Data with PHP
Using the HTML <form> Environment
Where to Find Out More
The triad of PHP, MySQL, and the Apache web server is one of the most popular web development platforms. There are several good reasons for PHP's popularity as a web scripting language: it is easy to include PHP scripts in HTML documents, PHP is free in a monetary and open source sense, it has over a hundred function libraries, and it shares syntax with C or Perl-like languages.
This chapter introduces you to building web database applications with PHP. To show PHP in action, we present a simple application: a wedding gift registry. The application shows how common database functions are used in practice, along with how to secure a system, pass data between scripts, and add login and logout features.
We introduce the following concepts in this chapter:
An introduction to the PHP language and a short guide to installing PHP on your platform
How common MySQL library functions are used to access the MySQL DBMS
How to handle MySQL DBMS errors, use include files to modularize code, and secure user data
How to write data to databases, manage sessions in applications, and control the web browser
Other resources for learning more about developing PHP and MySQL web database applications
Chapter 18 presents a complete reference to the PHP MySQL library functions.
PHP is a scripting language designed to be embedded into the HTML markup used for web pages. Web pages that contain PHP scripts are preprocessed by the PHP scripting engine and the source code replaced with the output of the script. Indeed, the acronym PHP suggests just that; PHP: Hypertext Preprocessor.
Consider a simple PHP script embedded in an HTML document:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" > <html> <head> <title>Hello, world</title> </head> <body> <?php echo "Hello, world"; ?> </body> </html>
When preprocessed by the PHP scripting engine, the short (and not very useful) script:
<?php echo "Hello, world"; ?>
is replaced with its output:
Hello, world
The text before and after the script is HTML; the first three lines define that HTML Version 4 is being used.
You can embed any number of PHP scripts in a single HTML document, as long as each PHP script is surrounded by the begin tag <?php and the end tag ?>. Other tags can also be used to delimit PHP scripts, but these are the most common and reliable.
One of the best language features of PHP is how it decodes user data and automatically initializes variables. Consider an example script stored in the file printuser.php:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" > <html> <head> <title>Saying hello</title> </head> <body> <?php echo "Hello, $username"; ?> </body> </html>
Let's assume that the file is stored in the document root of the web server. If the web server is Apache and the machine runs a variant of the Unix operating system, the document root is the directory /usr/local/apache/htdocs. The script can then be retrieved using a web browser—if it is running on the same machine as the web server—by requesting the URL http://localhost/printuser.php?username=Selina. In response to the request, the PHP engine replaces the script:
<?php echo "Hello, $username"; ?>
with the output:
Hello, Selina
The URL is automatically decoded. Also, a variable $username, that matches the name of the attribute in the URL is initialized, and its value is set to Selina. This automatic registration of variables is an excellent feature, but one that has security problems in some cases. How to guard against them is discussed in Section 11.4.
Files that contain PHP scripts usually have the extension .php instead of the HTML file extensions .html or .htm. The .php extension is the trigger for the web server to invoke the PHP scripting engine to preprocess the file. This is controlled by a directive in the web server's configuration file and is discussed in more detail in Section 11.2.
Passing variables and values using the URL is one way of transferring data from a web browser to a web server. However, the most common technique is to use an HTML <form> such as the following:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" > <html> <head> <title>Saying hello</title> </head> <body> <form method="GET" action="printuser.php"> Enter your name: <input type="text" name="username"> <br><input type="submit" value="Print it!"> </body> </html>
When this HTML document is rendered by a web browser, the user is able to enter a name into an input widget. Below the widget is a button labeled Print It!. When the user presses the button, the script listed as the action attribute of the <form> tag is requested, and the data in the input widget is sent to the server as part of the URL. For example, if the user enters the name Selina into the input widget and clicks on the Print It! button, the URL http://localhost/printuser.php?username=Selina is requested, and the output of the script is the same as before:
Hello, Selina
This section introduces the basic syntax of PHP. If you're familiar with high-level languages such as C, Java, JavaScript, or Perl, you'll be at home with PHP. The current version of PHP is PHP 4, and some details we present here are specific to this version.
As discussed previously, PHP scripts are surrounded by the PHP start tag <?php and the end tag ?>. You'll often see the start tag abbreviated as <?, but this conflicts with the emerging XHTML standard and should be avoided.
Statements in a script are terminated with a semicolon. Statements can be formatted for readability by including any amount of whitespace—such as space characters, tab characters, or blank lines—in a script.
Comments can be included in a PHP script using the following styles:
// One line comment # Another one line comment /* A multiple line comment */
Data can be output with the statements print, echo, and printf. The first two are often interchangeable, but echo has an advantage in that it can take more than one argument. The printf statement is used for more complex output and is identical to that used in other programming languages such as C and scripting languages such as awk. Consider a few examples:
// These are the same echo "This is output"; print "This is output"; // echo can output more than one argument echo 123, "is a number"; // printf can be used to control formatting // This outputs 3.14 printf("pi is %.2f\n", 3.14159);
Variables are identified by the prefix dollar sign ($) and variable names are case sensitive. Variables are declared and given a type when they're first used. For example, the following creates a variable $x of type integer:
$x = 4;
The type of a variable can change in a script. For example, the following is valid:
// $x is an integer $x = 4; // Now it is a string $x = "Selina";
PHP has four scalar variable types: integer, Boolean, string, and float. There are two compound types: object and array. Compound types contain elements that are scalar variables, and their types can be mixed. The object type isn't discussed in this chapter, but here are examples of the other five types:
// $x is an integer $x = 4; // $x is a float $x = 3.142; // $x is a string $x = "Richmond"; // $x and $y are Boolean $x = true; $y = false; // $x is an array of strings $x = array("one", "two", "three", "four", "five");
Arrays can be accessed by their numeric index or associatively. Index elements are numbered from zero. Consider two example arrays:
// This is an associative array $x = array("one" => 1, "two" => 2, "three" => 3); // This prints 1 echo $x["one"]; // This is a numerically indexed array $x = array(1, 2, 3); // This prints 2 echo $x[1];
Two functions are useful for checking the state of a variable:
// Has the variable been declared? if (isset($x)) echo "x is set"; // Is the variable empty? if (empty($x)) echo "x is empty";
A variable that doesn't exist is always empty. However, a variable that's empty may or may not exist. If it does, it has a NULL value.
Variables are assigned with a single = character, and equality is tested with the double equals (==) syntax:
$x = 4; if ($x == 4) echo "x is four!";
A triple equals (===) can be used to test if the parameters are equal and of the same type:
$x = 0; // This is true if ($x == false) echo "$x is false"; // This is false if ($x === false) echo "$x is false";
The arithmetic shortcuts that work in many other languages also work in PHP:
$x = 4; // add one to $x in three different ways $x++; $x = $x + 1; $x += 1; // subtract one in three different ways $x--; $x = $x - 1; $x -= 1;
The standard loop constructs are for, while, and do...while:
for ($x=0; $x<10; $x++) echo $x; $x = 0; while ($x < 10) { echo $x; $x++; } $x = 0; do { echo $x; $x++; } while ($x < 10);
The foreach statement is used to iterate through an array:
// $x is an array of strings $x = array("one", "two", "three", "four", "five"); // This prints out each element of the array foreach ($x as $element) echo $element;
The if and switch statements are the most frequently used conditionals:
if ($x < 5) echo "x is less than 5"; switch ($x) { case 1: echo "x is 1"; break; case 2: echo "x is 2"; break; case 3: echo "x is 3"; break; default: echo "x is not 1, 2, or 3"; }
There is other basic syntax that isn't discussed here. There are also over a hundred libraries that can be used for tasks as diverse as string manipulation, network communications, data compression, and disk access. If you'd like more detail, a list of references is included at the end of this chapter in Section 11.8.
Copyright © 2003 O'Reilly & Associates. All rights reserved.