PHP & MySQL® Web Development All-in-One Desk Reference For Dummies®


by Janet Valade with Tricia Ballad and Bill Ballad




About the Author

Janet Valade is the author of PHP &MySQL For Dummies, which is in its third edition. She has also written PHP & MySQL Everyday Apps For Dummies and PHP & MySQL: Your visual blueprint for creating dynamic, database-driven Web sites. In addition, Janet is the author of Spring into Linux and a co-author of Mastering Visually Dreamweaver CS3 and Flash CS3 Professional.

Janet has 20 years of experience in the computing field. Most recently, she worked as a Web designer and programmer in an engineering firm for four years. Prior to that, Janet worked for 13 years in a university environment, where she was a systems analyst. During her tenure, she supervised the installation and operation of computing resources, designed and developed a data archive, supported faculty and students in their computer usage, wrote numerous technical papers, and developed and presented seminars on a variety of technology topics.



This book is dedicated to everyone who finds it useful.


Author’s Acknowledgments

First, I wish to express my appreciation to the entire open source community. Without those who give their time and talent, there would be no cool PHP and MySQL for me to write about. Furthermore, I never would have learned this software without the lists where people generously spend their time answering foolish questions from beginners.

I want to thank my mother for passing on a writing gene, along with many other things. And my children always for everything.

And, of course, I want to thank the professionals who make it all possible. Without my agent and the people at Wiley Publishing, Inc., this book would not exist. Because they all do their jobs so well, I can contribute my part to this joint project.


Publisher’s Acknowledgments

We’re proud of this book; please send us your comments through our online registration form located at

Some of the people who helped bring this book to market include the following:

Acquisitions, Editorial, and Media Development

Project Editor: Jean Nelson

Acquisitions Editor: Kyle Looper

Copy Editor: Virginia Sanders

Technical Editor: Ryan Lowe

Editorial Manager: Kevin Kirschner

Media Development Project Manager: Laura Moss-Hollister OR Laura Atkinson

Media Development Assistant Producer: Angela Denny, Josh Frank, Kate Jenkins, OR Kit Malone

Editorial Assistant: Amanda Foxworth

Sr. Editorial Assistant: Cherie Case

Cartoons: Rich Tennant (

Composition Services

Project Coordinator: Erin Smith

Layout and Graphics: Claudia Bell, Carl Byers, Joyce Haughey, Melissa K. Jester, Barbara Moore, Ronald Terry, Christine Williams

Proofreaders: John Greenough, Caitie Kelly, Christine Sabooni

Indexer: Silvoskey Indexing Services

Special Help: Susan Christopherson, Kelly Ewing, and Laura K. Miller

Publishing and Editorial for Technology Dummies

Richard Swadley, Vice President and Executive Group Publisher

Andy Cummings, Vice President and Publisher

Mary Bednarek, Executive Acquisitions Director

Mary C. Corder, Editorial Director

Publishing for Consumer Dummies

Diane Graves Steele, Vice President and Publisher

Joyce Pepple, Acquisitions Director

Composition Services

Gerry Fahey, Vice President of Production Services

Debbie Stailey, Director of Composition Services




About This Book

Conventions Used in This Book

What You’re Not to Read

Foolish Assumptions

How This Book Is Organized

Icons Used in This Book

Getting Started

Book I : Setting Up Your Environment

Chapter 1: Setting Up Your Web Environment

The Required Tools

Choosing a Host for Your Web Site

Choosing Your Development Environment

Setting Up Your Local Computer for Development

Keeping Up with PHP and MySQL Changes

Chapter 2: Installing PHP

Checking the PHP Installation

Obtaining PHP

Installing PHP

Configuring Your Web Server for PHP

Configuring PHP

Testing PHP

Activating MySQL Support


Chapter 3: Setting Up the MySQL Environment

Checking the MySQL Installation

Obtaining MySQL

Installing MySQL

Configuring MySQL

Starting and Stopping the MySQL Server

Testing MySQL

Troubleshooting MySQL

Installing MySQL GUI Administration Programs

Installing phpMyAdmin

Troubleshooting phpMyAdmin

Chapter 4: Installing a Web Server

Testing Your Web Server

Installing and Configuring Apache

Installing IIS

Chapter 5: Setting Up Your Web Development Environment with the XAMPP Package

Obtaining XAMPP

Installing XAMPP

Using the XAMPP Control Panel

Testing Your Development Environment

Configuring Your Development Environment

Uninstalling and Reinstalling XAMPP


Book II : PHP Programming

Chapter 1: PHP Basics

How PHP Works

Structure of a PHP Script

PHP Syntax

Writing PHP Code

Displaying Content in a Web Page

Using PHP Variables

Using PHP Constants

Understanding Data Types

Using Arrays

Using Dates and Times

Understanding PHP Error Messages

Adding Comments to Your PHP Script

Chapter 2: Building PHP Scripts

Setting Up Conditions

Using Conditional Statements

Repeating Actions with Loops

Using Functions

Organizing Scripts

Chapter 3: PHP and Your Operating System

Managing Files

Using Operating System Commands

Using FTP

Reading and Writing Files

Exchanging Data with Other Programs

Using SQLite

Chapter 4: Object-Oriented Programming

Introducing Object-Oriented Programming

Developing an Object-Oriented Script

Defining a Class

Using a Class in a Script

Using Abstract Methods in Abstract Classes and Interfaces

Preventing Changes to a Class or Method

Handling Errors with Exceptions

Copying Objects

Comparing Objects

Getting Information about Objects and Classes

Destroying Objects

Book III : Using MySQL

Chapter 1: Introducing MySQL

How MySQL Works

Understanding Database Structure

Communicating with MySQL

Protecting Your MySQL Databases

Chapter 2: Administering MySQL

Understanding the Administrator Responsibilities

Default Access to Your Data

Controlling Access to Your Data

Setting Up MySQL Accounts

Backing Up Your Database

Restoring Your Data

Upgrading MySQL

Chapter 3: Designing and Building a Database

Designing a Database

Building a Database

Changing the Database Structure

Chapter 4: Using the Database

Adding Information to a Database

Looking at the Data in a Database

Retrieving Information from a Database

Updating Information in a Database

Removing Information from a Database

Chapter 5: Communicating with the Database from PHP Scripts

How MySQL and PHP Work Together

PHP Functions That Communicate with MySQL

Communicating with MySQL

Selecting a Database

Handling MySQL Errors

Using Other Helpful mysqli Functions

Converting mysqli Functions to mysql Functions

Book IV : Security

Chapter 1: General Security Considerations

Understanding Security Roles

Understanding Security Threats

Developing a Security Policy

Chapter 2: An Overview of Authentication and Encryption

Understanding Authentication

Exploring Encryption

Chapter 3: Creating a Secure Environment

Securing Apache

Securing IIS

Setting Security Options in php.ini

Chapter 4: Programming Securely in PHP

Handling Errors Safely

Sanitizing Variables

Uploading Files without Compromising the Filesystem

Chapter 5: Programming Secure E-Commerce Applications

Securing Your Database

Sending Encrypted Data with Secure Sockets Layer

Keeping Sessions Secure

Preventing Cross-Site Scripting

Keeping Up to Date

Book V : PHP Extensions

Chapter 1: Introduction to Extensions

How Extensions Fit into the PHP Architecture

Finding Out Which Extensions Are Loaded

Loading Extensions

Chapter 2: Using PEAR

Introducing PEAR

Downloading and Installing the PEAR Package Manager

Installing a PEAR Package

Using a PEAR Package in Your Own Code

Chapter 3: Using the XML Extension

Understanding the Document Object Model

XML Validation Using Schema

Giving Your Documents Some Style with XSLT

Searching XML Documents with XPath

Chapter 4: Manipulating Images with the GD Extension

Configuring the GD Extension

Image Manipulations

Chapter 5: Mail Extensions

Sending E-Mail with PHP

Accessing IMAP and mBox Mailboxes

Book VI : PHP Web Applications

Chapter 1: Building and Processing Dynamic Forms

Using Static HTML Forms

Displaying Dynamic HTML Forms

Processing Information from the Form

Creating a Form That Allows Customers to Upload a File

Chapter 2: Making Information Available on Multiple Web Pages

Navigating Web Sites with Multiple Pages

Passing Information from One Page to the Next

Making Information Available to All Pages in the Web Site

Chapter 3: Building a Login Application

Designing the Login Application

Creating the User Database

Building the Login Web Page

Building the Login Script

Protecting Your Web Pages

Chapter 4: Building an Online Catalog

Designing the Online Catalog

Creating the Catalog Database

Building the Catalog Web Pages

Building the Online Catalog Application Script

Chapter 5: Building a Shopping Cart

Designing the Shopping Cart

Creating the Shopping Cart Database

Building the Shopping Cart Web Pages

Building the Shopping Cart Scripts


When the World Wide Web was first developed, it was a static place. It was mainly a really big library with information that visitors could read. Documents were linked together so that the information was easy to find, but the Web pages were basically static. Every visitor to a Web site saw the same Web page.

Over time, the Web has evolved. It’s now a dynamic environment where visitors interact with Web pages. Visitors provide information via HTML forms and see different information depending on their form input. This interaction leads to transactions of many types — commerce, research, forums, and so on.

Building dynamic Web sites requires a scripting language and a backend database. The most popular software for this purpose is PHP for scripting and MySQL to provide the backend database. Both are specifically designed for Web sites and provide many features to help you develop dynamic Web sites. This book provides the information you need to build a dynamic Web site for any purpose.

About This Book

Think of this book as your friendly guide to building a dynamic Web site. You need to know about the following:

bullet PHP: The language that you use to write the scripts that perform the tasks required on your Web site. Scripts create the displays that the user sees in the browser window, process the information that the user types in a form, and store and/or retrieve information from the database.

bullet MySQL: The database management system that you use to store data. The scripts can store information in the database or retrieve infor- mation from the database. You need to create and administer MySQL databases.

bullet PHP and MySQL as a pair: In this book, you use PHP and MySQL together, as a team. PHP can access MySQL by using simple built-in functions. You need to know how to access MySQL databases from PHP scripts.

bullet Building applications: Web sites frequently provide similar functionalities. For instance, dynamic Web sites need to collect information in HTML forms and process the information. You need to know how to use PHP and MySQL to provide the specific functionality your Web site needs.

bullet Security: You need to protect your Web site and the data your users provide from people with malicious intentions.

This book provides all the information you need to build dynamic Web sites that are quite complex. The book is intended as a reference, not a tutorial. Each minibook provides information on a different aspect of building dynamic Web sites.


So you don’t have to type out the code in this book, we put many of the code examples presented in this book on the Web site. Point your browser to to download the code samples.

Conventions Used in This Book

This book includes many examples of PHP programming statements, MySQL statements, and HTML. Such statements in this book are shown in a different typeface that looks like the following line:

A PHP program statement

In addition, snippets or key terms of PHP, MySQL, and HTML are sometimes shown in the text of a paragraph. When they are, the special text in the paragraph is also shown in the example typeface, different than the paragraph typeface. For instance, this text is an example of a PHP statement, showing the exact text, within the paragraph text.

In examples, you’ll sometimes see some words in italic. Italicized words are general types that need to be replaced with the specific name appropriate for your data. For instance, when you see an example like the following

SELECT field1,field2 FROM tablename

you know that field1, field2, and tablename need to be replaced with real names because they are in italic. When you use this statement in your program, you might use it in the following form:

SELECT name,age FROM Customer

In addition, you might see three dots (...) following a list in an example line. You don’t need to type the three dots. The three dots just mean that you can have as many items in the list as you want. For instance, when you see the following line

SELECT field1,field2,... FROM tablename

you don’t need to include the three dots in the statement. The three dots just mean that your list of fields can be longer than two. It means you can go on with field3, field4, and so forth. For example, your statement might be

SELECT name,age,height,shoesize FROM Customer

When the code examples get long and involved, and we want to point out particular lines, we add a line number at the far-right margin.


When you see a line number in the code, remember that the number doesn’t actually go in the code you type — it’s just a convention we use to point out a line of code within a large code block.

For example, this line is the thirty-fifth line from a long code block, and it has a line number callout in the right margin:

<?php 35

After the long code block, we then use a list to explain each of the code lines to which we added line numbers in the right margin. For example, this bullet follows the code block containing the previous code line:

35 A PHP section begins on this line.

From time to time, you’ll also see some things in bold type. Pay attention to these; they either indicate something we want you to see or something that you need to type.

What You’re Not to Read

Some information in this book is flagged as Technical Stuff with an icon off to the left side. Sometimes you’ll see this technical stuff is in a gray sidebar: Consider it information that you don’t need to read in order to create a Web database application. This extra info might contain a further look under the hood or perhaps describe a technique that requires more technical knowledge to execute. You might be interested in the extra technical information or techniques, but feel free to ignore them if you don’t find them interesting or useful.

Foolish Assumptions

To write a focused book rather than an encyclopedia, we need to assume some background for you, the reader. We’re assuming that you know HTML and have created Web sites with HTML. Consequently, although we use HTML in many examples, we don’t explain the HTML. If you don’t have an HTML background, this book will be more difficult for you to use. We suggest that you read an HTML book — such as HTML 4 For Dummies Quick Reference, 2nd Edition, by Deborah S. Ray and Eric J. Ray (Wiley Publishing) — and build some practice Web pages before you start this book. In particular, some background in HTML forms and tables is useful. However, if you’re the impatient type, we won’t tell you it’s impossible to proceed without knowing HTML. You might be able to glean enough HTML from this book to build your particular Web site. If you choose to proceed without knowing HTML, we suggest that you have an HTML book by your side to assist you when you need to figure out some HTML that isn’t explained in this book.

If you’re proceeding without any experience with Web pages, you might not know some basics that are required. You must know how to create and save plain text files with an editor such as Notepad or save the file as plain text from your word processor (not in the word processor format). You also must know where to put the text files containing the code (HTML or PHP) for your Web pages so that the Web pages are available to all users with access to your Web site, and you must know how to move the files to the appropriate location.

You do not need to know how to design or create databases or how to program. All the information that you need to know about databases and programming is included in this book.

How This Book Is Organized

This book is divided into six minibooks, with several chapters in each minibook. The content ranges from an introduction to PHP and MySQL to installation to creating and using databases to writing PHP scripts.

Book I: Setting Up Your Environment

This minibook takes you through the process of setting up your development environment. We discuss finding a Web host and setting up a local development environment. We also describe how to install Apache, PHP, MySQL, and administrative programs, such as phpMyAdmin, that assist with the administration of MySQL databases.

Book II: PHP Programming

This minibook provides the details of writing PHP scripts that enable your Web pages to perform the tasks required by your Web application. The chapters in this minibook describe PHP syntax, features, best practices, and functions.

Book III: Using MySQL

This minibook shows you how to build and administer MySQL databases. Information on database structure and security is provided. We describe how to store data in a database and how to retrieve information from a database. We also explain how to access MySQL from PHP scripts.

Book IV: Security

Security is extremely important when developing a dynamic Web site. You need to protect your site, protect the people that access your site, and protect the information stored on your site. This minibook describes the security issues and how to protect against security threats.

Book V: PHP Extensions

Many packages that provided added functionality are available for PHP. A system for locating and installing the packages is included when PHP is installed. This minibook describes many of the extensions available and covers how to find and install extensions.

Book VI: PHP Web Applications

This minibook describes how to write PHP scripts that perform the tasks needed on your Web site. You find out how to display and process forms, a task performed frequently on dynamic Web sites. We provide and explain example scripts for common applications, such a login pages, online catalogs, and shopping carts.

Companion Web site

We put most of the code examples presented in this book on the Web site so you don’t have to type out long code blocks. Point your browser to to download the code samples.

Icons Used in This Book

If you see circular icons in the margins of the book, don’t be alarmed. We put them there on purpose.


Tips provide extra information for a specific purpose. Tips can save you time and effort, so they’re worth checking out.


You should always read warnings. Warnings emphasize actions that you must take or must avoid to prevent dire consequences.


This icon flags information and techniques that are extra geeky. The information here can be interesting and helpful, but you don’t need to understand it to use the information in the book.


This icon is a sticky note of sorts, highlighting information that’s worth committing to memory.

Getting Started

This book is designed as a reference guide, so you can either read it through, or more likely, pick and choose the topics that you need when you need them. If you’re a total newbie to dynamic Web sites, PHP, and MySQL, you might want to start with Book I, which describes how to set up your development environment. When your environment is ready to go, you’ll want to read the minibooks on PHP and MySQL (Books II and III). And when you’re ready to produce an actual Web site, with practical applications, you’ll want to read the practical examples in Book VI.

Book I

Setting Up Your Environment