WICKED COOL PHP

Real-World ScriptA Tl1at Solve DifficMlt ProblelMA

by William Steinmetz with Brian Ward

NO STARCH

PRESS

San Francisco

'y means, eleetronic or

L'm, WiLhoUL Lhe prior

:dy:

inmetz and Brian

:. Olh,.,( r>roducL and

I.han USt' alrademark

'ial f""hion and LO the

''''"ution has been lj' liclbility to any Idir('erly by the

)

BRIEF CONTE TS

Introduction XIII

Chapter 1: The FAQs of life-

The Scripts Every PHP Programmer Wants (ar Needs) to Know 1

Chapter 2: Configuring PHP 19

Chapter 3: PHP Security 33

Chapter 4: Working with Forms 45

Chapter 5: Working with Text and HTML 59

Chapter 6: Working with Dates 81

Chapter 7: Working with Files 91

Chapter 8: User and Session Tracking 103

Chapter 9: Working with Email 119

Chapter 10: Working with Images , 129

Chapter 11: Using cURL to Interact with Web Services .................................................. 141

Chapter 12: Intermediate Projects 155

Appendix , 183

Index 185

CONTENTS IN DETAIL

INTRODUCTION xiii

1 THE FAQS OF L1FE-THE SCRIPTS EVERY PHP PROGRAMMER WANTS (OR NEEDS) TO KNOW 1

#1: Including Another File as aPart of Your Script . 2 What Can Go Wrong? 3

#2: Highlighting Alternate Row Colors in a Table 4 Hacking the Script 5

#3: Creating Previous/Next links 7 Using the Script 10

#4: Printing the Contents of an Array 11 #5: Turning an Array into a Nonarray Variable That Can Be Restored later 12

What Can Go Wrang? 12 #6: Sorting Multidimensional Arrays 13

Hacking the Script 14 #7: Templating Your Site with Smarty 14

Installing Smarty . .. 14 ABrief Smarty Tutorial 15 What Can Go Wrang? 16 Hacking the Script 17

2 CONFIGURING PHP 19

Configuration Settings and the php. ini File 20 locating Your php.ini File 20

#8: Revealing All of PHP's Settings 21 #9: Reading an Individual Setting 21 # 10: Error Reporting 22

Common Error Messages 23 # 11 : Suppressing All Error Messages 24 # 12: Extending the Run Time of a Script 24

What Can Go Wrong? 25 # 13: Preventing Users from Uploading large Files 25 #14: Turning Off Registered Global Variables 25 # 15: Enabling Magic Quotes 26

What Can Go Wrang? 26 # 16: Restricting the Files that PHP Can Access 26

What Can Go Wrong? 27 # 17: Shutting Down Specific Functions 27 # 18: Adding Extensions to PHP 27

Adding PHP Extensions 28 Installing Extensions with a Web-Based Control Panel 29 What Can Go Wrong? 32

3 PHP SECURny

Recommended Security Configuration Options #19: SQL Injection Altacks #20: Preventing Basic XSS Attacks #21: Using SafeHTML

What Can Go Wrong? #22: Proteeting Data with a One-Way Hash

Hacking the Script #23: Encrypting Data with Mcrypt

Hacking the Script #24: Generating Random Passwords

Using the Script

4 WORKING WITH FORMS Security Measures: Forms Are Not Trustworthy Verification Strategies Using $]OST, $_GET, $_REQUEST, and $_FILES to Access Form Data 47 #25: Fetching Form Variables Consistently and Safely #26: Trimming Excess Whitespace #27: Importing Form Variables into an Array #28: Making Sure a Response Is One of 0 Set of Given Values

Hacking the Script #29: Using Multiple Submit Buttons #30: Validating 0 Credit Card

Using the Script Hacking the Script

#31: Double-Checking a Credit Card's Expiration Date Using the Script

#32: Checking Valid Email Addresses #33: Checking American Phone Numbers

5 WORKING WITH TEXT AND HTML

#34: Extraeting Part of 0 String Hacking the Script

#35: Making 0 String Uppercase, Lowercase, or Capitalized What Can Go Wrong?

#36: Finding Substrings What Can Go Wrong?

#37: Replacing Substrings What Can Go Wrong?

#38: Finding and Fixing Misspelled Words with pspell Working with the Default Dictionary Adding 0 Custom Dictionary to pspell What Can Go Wrong?

33 35 35 37 38 39 40 41 41 43 43 44

45 45 46

47 47 48 51 51 52 52 54 55 55 56 56 57

59

59 61 62 62 63 64 64 65 65 66 68 69

TI lh

#39: Regular Expre Regular EJ Special Cl Pattern Rel Grouping Character Putting It P Matching Replacing

#40: Rearranging e #41 : Creating a Sc

Hacking t~

#42: Converting PIe #43: Automatically #44: Stripping HTfv

6 WORKING W

How Unix Time Wo #45: Getting the Cl #46: Getting the Tir

Creating T Creating T

#47: Formatting Da #48: Calculating tho #49: Finding the Di

Using the ~

Hacking th MySQL Date Forma

7 WORKING W File Permissions .....

Permission fhe Comm What Can

#50: Placing 0 File' Hacking th What Can

#51 : Creating and: #52: Checking to $, #53: Deleting Files #54: Uploading Ime

Using the ~

What Can Hacking th

#55: Reading 0 COI

vii COrilenla in Deloll

33 .. 35

35 37 38 39

... 40 ........ 41 •...... 41 ......... 43 ........ 43 ......... 44

4S ......... 45 ........ 46 ......... 47 ......... 47 ......... 47 ........ 48 ......... 51 ......... 51 ........ 52 ......... 52 ......... 54 ......... 55 ........ 55 .......... 56 ......... 56 ......... 57

S9 .......... 59 .......... 61 ......... 62 .......... 62 ........ 63 .......... 64 .......... 64 .......... 65 .......... 65 .......... 66 .......... 68 .......... 69

#39: Regular Expressions : 69 Regular Expression Basics 69 Special Character Sequences 70 Pattern Repeaters 71 Grouping 71 Character Classes ...71 Putting It All Together 72 Matching and Extracting with Regular Expressions 72 Replacing Substrings with Regular Expressions 74

#40: Rearranging 0 Table 75 #41: Creating 0 Screen Scraper 75

Hacking the Script 77 #42: Converting Plaintext into HTMl-Ready Markup 77 #43: Automatically Hyperlinking URls 80 #44: Stripping HTMl Tags from Strings 80

6 WORKING WITH DATES 81 How Unix Time Works 81 #45: Getting the Current Timestamp 82 #46: Getting the Timestamp of 0 Date in the Post or Future 83

Creating Timestamps from 0 String 83 Creating Timestamps from Date Values 84

#47: Formatting Dates and Times 85 #48: Calculating the Day of the Week from 0 Given Date 88 #49: Finding the Difference Between Two Dates 88

Using the Script 89 Hacking the Script 90

MySQl Date Formats 90

7 WORKING WITH FILES 91

File Permissions 91 Permissions with an FTP Program 92 The Command line 93 What Can Go Wrong? 93

#50: Placing 0 File's Contents into 0 Variable 93 Hacking the Script 95 What Can Go Wrang? 95

#51: Creating and Writing to 0 File 96 #52: Checking to See If 0 File Exists 96 #53: Deleting Files 97 #54: Uploading Images to 0 Directory 97

Using the Script 101 What Can Go Wrong? 101 Hacking the Script 101

#55: Reading 0 Comma-Separated File 101

Conlenls In Oeloil ix

:Pf -';I

(

8 USER AND SESSION TRACKING 103 Using Cookies and Sessions to Track User Data 104

Cookies 104 Sessions 104

#56: Creating a "Welcome Back, Username!" Message with Cookies 105 What Can Go Wrang?

#57: Using Sessions to Temporarily Store Data What Can Go Wrong?

#58: Checking to See If a User's Browser Accepts Cookies #59: Redireeting Users to Different Pages #60: Forcing a User to Use SSl-Encrypted Pages #61 : Extracting Clien! Information #62: Session Timeouts #63: A Simple login System

9 WORKING WITH EMAIL

#64: Using PHPMaiier to Send Maii Installing PHPMaiier Using the Script Adding Attachments What Can Go Wrong?

#65: Using Email to Verify User Accounts

10 WORKING WITH IMAGES

#66: Creating a CAPTCHA (Security) Image #67: Creating Thumbnaillmages

1 1

106 107 109 109 110 111 111 115 116

119 120 120 121 122 123 124

129

129 136

USING cURL TO INTERACT WITH WEB SERVICES 141

#68: Connecting to Other Websites 142 #69: Using Cookies 144 #70: Transforming XMl into a Usable Form 144 #71: Using Mapping Web Services 146 #72: Using PHP and SOAP to Request Data from Amazon.com 149 #73: Building a Web Service 151

X Coole"".o D"'oll

12 INTERMEDIAT

#74: A User Poil ... Creating a Processing Getting Pol Hacking th,

#75: Electronic Grel Choosing ( Sending th, Viewing th, Hacking th.

#76: A Blogging Sy Creating BI Displaying Adding Co Creating a Hacking th,

APPENDIX

INDEX

103 ....... 104 ....... 104 ....... 104

... 105 ....... 106 ....... 107 ....... 109 ....... 109 ....... 110 ....... 111 ....... 111 ....... 115 ....... 116

119 ... 120

....... 120

....... 121

...... 122

....... 123

....... 124

129 ....... 129 ....... 136

141

....... 142 ........ 144 ...... 144 ....... 146 ....... 149 ....... 151

12 INTERMEDIATE PROJECTS

#74: A User Poil Creating a Ballot Form Processing the Ballot GeHing Poil Results Hacking the Script

#75: Electronic Greeting Cords Choosing a Cord Sending the Cord .. Viewing the Cord Hacking the Script

#76: A Blogging System Creating Blog Entries Displaying an Entry Adding Comments Creating a Blog Index Hacking the Script

APPENDIX

INDEX

155

156 157 159 160 162 162

.. 164 165 169 171 171 172 174 178 178

. 181

183

185

COl'lIltnl.\ H 0 10,1 xi