PHP & MYSQL

Freelance PHP MySQL Jobs

2008-03-22T01:01:00.001-07:00

As far as i know Scriptlance is one of the best place to find freelance programming jobs. Each day you can find about 50 new job postings. Most of the jobs will require advance knowledge on PHP and MySQL like creating a dating website, car rental website, or a shopping cart but some are quite easy like creating a site counter and signup form.

When you are new to Scriptlance it's better if you stick to find these easy jobs first and try to get good reviews. As you go learn how to do the more difficult ones. Check out the job (project) descriptions just to see what kind of jobs in demand and keep it in a list. Because there may be similar jobs in the future you should create a draft on the design (algorithm, database, process, etc). That way when you get enough experience and you see a similar job posted you can complete it faster

If you want to do some freelance jobs here's a little checklist that might help :
Get a clear description of the project. Ask whenever you are unsure about something. Create a demo / mockup whenever possible so you can be sure that you and your client are talking about the same thing.

Can you do it? Seriously, can you complete each and every features requested? Your client won't be happy if you say you can complete the job but fail to do so. One quick way to be sure is to make a prototype before even bidding the project then propose it to your (future) client to see if it is what she expected.

Don't be too optimistic. If you think you can complete a job in one day make sure you can do it in one day. This include all the testing and bug fixing.

Can you accept the payment? Some will want to pay using PayPal if you can accept PayPal it's no problem but if you can't maybe you should consider finding another project.

Ask for the PHP and MySQL version used by your client and develop the project using the same version. This will reduce the risk of creating buggy scripts just because your version and your client's version is different

Test and retest.

Be ready to fix bugs. All software have bugs, but make sure you are ready to fix them when it's found. Your clients will certainly expect a prompt response so give it to them. Even if your script is buggy but if you are prompt in responding and fixing it you can get good reviews.

KYOB
That's short for Kick Your Own Butt ! Freelancing requires hard discipline and because there's no boss or supervisor breathing on your neck it can be hard to feel that you are working. Sure, you still have deadlines, but the client is probably on the other side of the planet and most likely you will never see her face to face. It just doesn't feel the same as an ordinary job. KYOB is probably the most important ability you must master if you really want to be a successful freelancer.

By the way, if you're interested i suggest you read about Site Build It.

From my personal experience you can really earn a substantial income by making a website about something you know and enjoy. Your website doesn't always need to be related to computers, programming, web development or internet. You can make a site related your hobby if you want to. SBI's step by step process really works.

I do feel you really should take a peek on SBI and when you still have doubts just go ask a real humang being about it .

Finding Web Hosting For PHP And MySQL

2008-03-22T01:00:00.000-07:00

There are a lot of things to consider when choosing a web hosting company. But one thing for sure is that price is no longer important. Web hosting is a very competitive field so the price just keeps getting lower and lower. It is so easy to find cheap web hosting for PHP and MySQL

The important things to consider when choosing PHP and MySQL web hosting are :

PHP and MySQL versions
If a web hosting company say that they support PHP 4 make sure it's the latest version not the 4.0.1 version. Same thing for MySQL but with an extra precaution. Some webhosting companty only support MyISAM tables, so if you need InnoDB make sure you ask if it's available.

Specific setting / feature
For example, you want to create a PHP script which change a file's permission using chmod(). Guess what, if PHP is run as the server your code won't work and there is nothing you can do about it. This exact thing happen to me with this website. I didn't foresee that i would make such application. Anyway just try imagining what you want to do with your web site and if you are uncertain whether a web host will support a feature, just ask.

Connection speed
All web hosting company claim that they have fast connection speed, but you have to test it to believe it. Use NetMechanic's free service to test the web host company's homepage. If the result is good then the claim is most likely true.

Data transfer
When you just started a website it doesn't matter much. But as your website grows you have to make sure you have enough bandwidth. One or two gigabytes (Gb) per month is more than enough for most web sites

Access to raw log file and online statistics (log file analyzer)
If you are serious in building a website, for commercial purposes for example, this is very critical. You can discover a lot of information from log files like the keywords used to find your website, most visited pages, peak times etc.

Storage space
Measure your own website, start small but leave room for expansion. For a small website 15 megabytes is plenty.

Customer support
They have to be there when you need them, period. Try asking some questions before you decide to go with a hosting company. If it takes more than 24 hours for them to reply then find another host.

For those of you who just want to experiment you can use MySQL PHP free hosting. There are probably hundreds of them out there, you just need to pick one. They usually place banners or other kinds of advertising on you web page and most are slow. Anyway you can't expect much from free services.

Actually even if you just experimenting with PHP and MySQL it's better to have you own web site. Free hosting usually have lots of restriction so you really can't do much experiment like opening a socket connection and stuff like that.

There's this one website that rank ten PHP MySQL website hosting company based on price, quality, performance and features. If you need a second opinion you can go there.

A bit off topic here. If you intend to build an e-business (for yourself or for a client) instead of just a website you should consider about Site Build It. It's an all-in-one site-building, site-hosting, and site-marketing service. It even outperformed Microsoft's bCentral and Yahoo Web Hosting Pro. The only drawback is that the HTML templates provided look a bit lame. But since now you can upload your own template i guess it's not a big deal anymore.

PHP MySQL Image Gallery

2008-03-22T00:57:00.000-07:00

On the previous tutorial you already know how to upload and download files to the server. Now we're gonna reuse the codes to build an image gallery. It's a simple image gallery where the admin ( that's you ) is the only one who can add/modify/delete the album and images. The "normal folks" can only browse around the image gallery checking out the images from one album to another

The admin section contain the following :
Add New Album
Album List
Edit & Delete Album
Add Image
Image List
Edit & Delete Image

And the visitor page contain these :
Display Album List
Display Image List
Display Image Detail

Now, before we go straight to the codes we need to talk about the database design, directory layout, and configurations.
Database Design

For a simple image gallery like this we only need two tables, tbl_album and tbl_image. Here is the SQL to create these tables

Source code : image-gallery.sql
CREATE TABLE tbl_album (
al_id INT NOT NULL AUTO_INCREMENT,
al_name VARCHAR(64) NOT NULL,
al_description TEXT NOT NULL,
al_image VARCHAR(64) NOT NULL,
al_date DATETIME NOT NULL,
PRIMARY KEY(al_id)
);

CREATE TABLE tbl_image (
im_id INT NOT NULL AUTO_INCREMENT,
im_album_id INT NOT NULL,
im_title VARCHAR(64) NOT NULL,
im_description TEXT NOT NULL,
im_type VARCHAR(30) NOT NULL,
im_image VARCHAR(60) NOT NULL,
im_thumbnail VARCHAR(60) NOT NULL,
im_date DATETIME NOT NULL,
PRIMARY KEY(im_id)
);
Directory Layout

The image below show the file organization for the image gallery

The images directory is where we kept all of the images. The image icons are stored in the thumbnail sub-directory uder the gallery. Please remember to set write access to the album, gallery, and thumbnail directories otherwise the gallery script will not be able to save the images.
Configurations

There are some constants in the config file that you should change :
ALBUM_IMG_DIR, GALLERY_IMG_DIR
These are the absolute path to the images directories

THUMBNAIL_WIDTH
The PHP script will create a thumbnail ( icons ) for each image that you upload. In addition when you add an album image that image will also resized automatically.

One more note. If you want to test this gallery on your own computer please make sure you already have GD library installed. To check if GD library is installed on your system save the following code and run it.
if (function_exists('imagecreate')) {
echo 'OK, you already have GD library installed';
} else {
echo 'Sorry, it seem that GD library is not installed/enabled';
}
?>

This is a very simple form where you can enter the album name, description and image. After you click the "Add Album" button the script will do the followings :
Save the album image, resize it if necessary
Save the album information to database

Below is the screenshot of the form:

And here is the code snippet :

Example : admin/add-album.php
Source code : admin/add-album.phps

require_once '../library/config.php';
require_once '../library/functions.php';

if(isset($_POST['txtName']))
{
$albumName = $_POST['txtName'];
$albumDesc = $_POST['mtxDesc'];

$imgName = $_FILES['fleImage']['name'];
$tmpName = $_FILES['fleImage']['tmp_name'];

// we need to rename the image name just to avoid
// duplicate file names
// first get the file extension
$ext = strrchr($imgName, ".");

// then create a new random name
$newName = md5(rand() * time()) . $ext;

// the album image will be saved here
$imgPath = ALBUM_IMG_DIR . $newName;

// resize all album image
$result = createThumbnail($tmpName, $imgPath, THUMBNAIL_WIDTH);

if (!$result) {
echo "Error uploading file";
exit;
}

if (!get_magic_quotes_gpc()) {
$albumName = addslashes($albumName);
$albumDesc = addslashes($albumDesc);
}

$query = "INSERT INTO tbl_album (al_name, al_description, al_image, al_date)
VALUES ('$albumName', '$albumDesc', '$newName', NOW())";

mysql_query($query)
or die('Error, add album failed : ' . mysql_error());

// the album is saved, go to the album list
echo "";
exit;
}

Since we save the images as files instead inserting them to the database we need to make sure there won't be any name duplication problem. To prevent this we just generate some random name for every images that we upload. Take a look at code below :
$ext = strrchr($imgName, ".");
$newName = md5(rand() * time()) . $ext;
The first line is to extract the file extension from the file name. As an example let say we upload an image named "hyperalbum.jpg". Then strrchr("hyperalbum.jpg", ".") will return ".jpg". On the second line we generate a random number using rand() multiply it with current time and generate the hash code using md5(). It is a very common practice to use the combination of md5(), rand() and time() functions to generate a random name. After we append the file extension to the new name we can then use it to save the uploaded image.

But before we save the image we need to resize the image if it's too large. As you can see in the album list we only need small images for the album icons. To make the thumbnail we use createThumbnail() function defined in functions.php . Once everything is saved we print a little javascript code to go to the album list page. Note that we cannot simply use header("Location: index.php?page=list-album") to redirect to the album list page since a call to header() will only have an effect when no other output in sent before the call.

Admin : Album List

When your first login to the admin area and after adding a new album you can see this page. There's nothing really interesting on this one. It just a plain list of albums where we can see the albums we have and how many images on each album. Here is the snapshot :

In the "Images" column you can see how many images contained in an album. If you click on the number you will go to the image list so can see all the images in a particular album. And i'm sure i don't need to explain what that button with "Add Album" written on it does.

If you re-read the sql containing the table definitions of this gallery you can see that tbl_album doesn't contain any column storing the number of images in it. That number is the result of the left join in the sql query. You can see the sql code below.
$sql = "SELECT al_id,
al_name,
al_image,
COUNT(im_album_id) AS al_numimage
FROM tbl_album al
LEFT JOIN tbl_image im ON al.al_id = im.im_album_id
GROUP by al_id
ORDER BY al_name ";

In this query we must use LEFT JOIN instead of INNER JOIN because an album can have zero image in it. If we use INNER JOIN then the empty albums will not be shown in the list.

Now, if you right click on an album icon and view it's properties you can see that the url fo the icon is pointing to a PHP script instead of an image. The url look like this : viewImage.php?type=album&name=3b6a267a967d7535ff3b1ebc3d9e3c1e.jpg

In this image gallery whenever we would want to display an album or image icon or the full-size image we always use the viewImage.php file instead of linking to the actual image. There are several reasons to do this. The first is so you could move the images directory outside of your web root to prevent leechers from taking all the images.

The image gallery in our example doesn't do this. You could go to the images directory and list all the images in the gallery. If you set the value of ALBUM_IMG_DIR and GALLERY_IMG_DIR to a directory outside your webroot then you can prevent this. For example if your web root is /home/myname/public_html you can set ALBUM_IMG_DIR to /home/myname/images/album and GALLERY_IMG_DIR to /home/myname/images/gallery/.

The second reason is that you may want to restrict the access your gallery. For example the visitors must login before they can see the images. In viewImage.php you could check for the session variable to determine that. So if the visitors hasn't login yet you just display some blank or warning images

You can checkout the code here. It's really a simple script which requires two inputs. The type of image you wish to display ( album icon, image icon or full size image ) and the image file name. Then we only need to set the appropriate headers, read the image file and send it to the browser.

Next we'll see how to modify & delete an album.

User Authentication

2008-03-22T00:54:00.000-07:00

With this basic authentication method we store the user information ( user id and password ) directly in the script. This is only good if the application only have one user since adding more user means we must also add the new user id and password in the script.

Let's start by making the login form first. You can see the code below.

Example : basic/login.php
Source : basic/login.phps

// ... we will put some php code here

?>

Basic Login

if ($errorMessage != '') {
?>

}
?>

Nothing sophisticated in that form. It's just a basic login form with two input for entering the user id and password. Make sure that the form method is set to post since we certainly don't want to show up the user id and password in the address bar.

Right before the login form we there's a code for printing an error message. We can ignore this for now since we'll be talking about it shortly.

Once we submit the form we can start the authentication process. We simply check if the user id and password exist in $_POST and check if these two match the hardcoded user id and password.

Example : basic/login.php
Source : basic/login.phps
// we must never forget to start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// check if the user id and password combination is correct
if ($_POST['txtUserId'] === 'theadmin' && $_POST['txtPassword'] === 'chumbawamba') {
// the user id and password match,
// set the session
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
}
?>

// ... here is the login form shown previously

But before we start matching the user id and password. We must start the session first. Never forget to start the session before doing anything to the session since it won't work.

You can see above that the hardcoded user id and password are "theadmin" and "chumbawamba". If the submitted user id and password match these two then we set the value of $_SESSION['basic_is_logged_in'] to true. After that we move the application's main page. In this case it's called main.php

If the user id and password don't match we set the error message. This message will be shown on top of the login form.

Note : When starting the session you may stumble upon this kind of error :

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at C:\Webroot\examples\user-authentication\basic\login.php:1) in C:\Webroot\examples\user-authentication\basic\login.php on line 3

PHP will spit this error message if the script that call session_start() already send something ( a blank space, newline, etc ). The error above happen when i add a single space on the first line right before the php opening tag (

Checking if the user is logged in or not

Since the application main page, main.php, can only be accessed by those who already authenticated themselves we must check that before displaying the page.

The checking process is fairly simple. We just see if $_SESSION['basic_is_logged_in'] is set or not. If it is set we check if the value is true. If either of this condition is not met then the one accessing this page haven't login yet. And so we redirect to the login page and quit the script.

If $_SESSION['basic_is_logged_in'] is set and it's value is true then we can continue showing the rest of the page.

Here is the code for main.php

Example : basic/main.php
Source : basic/main.phps

// like i said, we must never forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['basic_is_logged_in'])
|| $_SESSION['basic_is_logged_in'] !== true) {

// not logged in, move to login page
header('Location: login.php');
exit;
}

?>

Main User Page

This is the main application page. You are free to play around here since you
are an autenthicated user :-)

Logout

A little note about naming a session variable. As you can see the session that we used to mark whether a user is logged in or not is named 'basic_is_logged_in'. When setting a name for a session variable it's a good thing to use the application name as the prefix. In this case the prefix is 'basic_' . This is especially important when you have multiple application on one site where each requires different login information.

For example, suppose we have a cms application and a link exchange application where each have their own user authentication system. In both application we use the session variable $_SESSION['is_logged_in']. In this case if we already logged in in the cms application we will no longer be required to login in the link exchange application since both are using the same session name. This is usually not an intended feature. To avoid that kind of thing we can instead use $_SESSION['cms_is_logged_in'] and $_SESSION['exchange_is_logged_in']

The Logout Script

No login script is complete without the logout script right? So let's start making the logout script now.

The process of logging out a user is actually depends on how we check if a user is logged in or not. In our case we check if $_SESSION['basic_is_logged_in'] is already set or not and check whether it's value is true. Using this information we can build the logout script to simply unset this session or set the session value to false.

The logout script below use the first method ( unset the session ). Here is the code :

Example : basic/logout.php
Source : basic/logout.phps

// i will keep yelling this
// DON'T FORGET TO START THE SESSION !!!
session_start();

// if the user is logged in, unset the session
if (isset($_SESSION['basic_is_logged_in'])) {
unset($_SESSION['basic_is_logged_in']);
}

// now that the user is logged out,
// go to login page
header('Location: login.php');
?>

Before we unset the session we first check if the session is actually exist or not. In case you access the logout script before using the login form then this session variable won't exist yet.

Unsetting a variable is done simply by using the unset() statement. After we unset the session the next thing we do is simply moving to the login page. Pretty simple huh ?

Another note : You may already notice this but in each script i keep repeating about not to forget to start the session. The reason is that it is a very very very common error to forget about it when handling session. Once i spent a lot of time debugging a script and it was all because i forgot to add that one line.

A more common method of authenticating a user is by checking the database to see if the submitted user id and password combination exist. To use this kind of authentication we must first build the database table. The sql code to build it is shown below. We also add two user accounts for testing the login script

Source : database/tbl_auth_user.sql
CREATE TABLE tbl_auth_user (
user_id VARCHAR(10) NOT NULL,
user_password CHAR(32) NOT NULL,

PRIMARY KEY (user_id)
);

INSERT INTO tbl_auth_user (user_id, user_password) VALUES ('theadmin', PASSWORD('chumbawamba'));
INSERT INTO tbl_auth_user (user_id, user_password) VALUES ('webmaster', PASSWORD('webmistress'));

We will use the same html code to create login form created in previous example. We will only need to modify the login process a bit. The login script's content is shown below :

Example : database/login.php
Source : database/login.phps
// we must never forget to start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
include 'library/config.php';
include 'library/opendb.php';

$userId = $_POST['txtUserId'];
$password = $_POST['txtPassword'];

// check if the user id and password combination exist in database
$sql = "SELECT user_id
FROM tbl_auth_user
WHERE user_id = '$userId'
AND user_password = PASSWORD('$password')";

$result = mysql_query($sql)
or die('Query failed. ' . mysql_error());

if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['db_is_logged_in'] = true;

// after login we move to the main page
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}

include 'library/closedb.php';
}
?>

// ... same html login form as previous example

Instead of checking the user id and password against a hardcoded info we query the database if these two exist in the database using the SELECT query. If we found a match we set the session variable and move to the main page. Note that the session name is prefixed by 'db_' to make it different than the previous example.

For the next two scripts ( main.php and logout.php ) the code is similar to previous one. The only difference is the session name. Here is the code for these two

Example : database/main.php
Source : database/main.phps

session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in'])
|| $_SESSION['db_is_logged_in'] !== true) {

// not logged in, move to login page
header('Location: login.php');
exit;
}

?>

// ... some html code here

Example : database/logout.php
Source : dabase/logout.phps

session_start();

// if the user is logged in, unset the session
if (isset($_SESSION['db_is_logged_in'])) {
unset($_SESSION['db_is_logged_in']);
}

// now that the user is logged out,
// go to login page
header('Location: login.php');
?>

Content Management System (CMS) Using PHP And MySQL

2008-03-22T00:53:00.000-07:00

A Content Management System ( CMS ) is used to add, edit, and delete content on a website. For a small website, such as this, adding and deleting a page manually is fairly simple. But for a large website with lots of pages like a news website adding a page manually without a content management system can be a headache.

A CMS is meant to ease the process of adding and modifying new content to a webpage. The pages content are stored in database, not in the file server.

This tutorial will present an example of a simple content management system. You will be able to add, edit and delete articles using HTML forms.

For the database table we'll call it the news table. It consist of three columns :
id : The article's id
title : The title of an article
content : The article itself

First we need to create a script to add an article. It is just a form where a user can enter the article's title and content.

Example : cms-add.php
Source code : cms-add.phps , cms.txt

Whe an article is added the script just insert the article into the database. An article id is automatically generated by MySQL because the id column was created with AUTO_INCREMENT parameter .

if(isset($_POST['save']))
{
$title = $_POST['title'];
$content = $_POST['content'];

if(!get_magic_quotes_gpc())
{
$title = addslashes($title);
$content = addslashes($content);
}
include 'library/config.php';
include 'library/opendb.php';

$query = " INSERT INTO news (title, content) ".
" VALUES ('$title', '$content')";
mysql_query($query) or die('Error ,query failed');

include 'library/closedb.php';

echo "Article '$title' added";
}
?>

Now that we have the script to add articles let's create another script to view those articles. The script is list the title of articles available in database as clickable links. The article link have the article id appended like this

http://www.php-mysql-tutorial.com/examples/cms/article1.php?id=3

One possible implementation of article1.php is presented below :

Example : article1.php
Source code : article1.phps

include 'library/config.php';
include 'library/opendb.php';

// if no id is specified, list the available articles
if(!isset($_GET['id']))
{
$self = $_SERVER['PHP_SELF'];

$query = "SELECT id, title FROM news ORDER BY id";
$result = mysql_query($query) or die('Error : ' . mysql_error());

// create the article list
$content = '

$title

echo $content;

// when displaying an article show a link
// to see the article list
if(isset($_GET['id']))
{
?>

Article List

}
?>

If you click on an article link the script will fetch the article's title and content from the database, save it to $title and $content variable and print the HTML file . At the bottom of the page we place a code to show the link to the article list which is the file itself without any query string ( $_SERVER['PHP_SELF'] )

With this implementation each article request involve one database query. For a heavy load website with lots of articles using the above implementation can cause a very high amount of database-request. So we need a better cms solution to reduce the load.

One feasible solution is to implement caching ( cache ) which load an article from the database only once when the article was first requested. The article is then saved to a cache directory as a regular HTML file. Subsequent request to the article will no longer involve any database request. The script just need to read the requested article from the cache directory.

Example : article2.php
Source code : article2.phps

include 'library/config.php';
include 'library/opendb.php';

$cacheDir = dirname(__FILE__) . '/cache/';

if (isset($_GET['id'])) {
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
} else {
$cacheFile = $cacheDir . 'index.html';
}

if (file_exists($cacheFile))
{
header("Content-Type: text/html");
readfile($cacheFile);
exit;
}

// ... more code coming

?>

First we need to specify the cache directory where all cache files are located. For this example the cache directory is located in the same place as the article2.php script. I mean if article2.php is stored in C:/webroot then the cache dir is in C:/webroot/cache/

The script thent check if the article was already in the cache. An article is saved into the cache directory using a filename generated from it's id. For example if you request the article using a link like this :

http://www.php-mysql-tutorial.com/examples/cms/article2.php?id=3

Then the cache file for the article is

_3.html

This filename is just an underscore ( _ ) followed by the article id. In case article2.php is called like this :

http://www.php-mysql-tutorial.com/examples/cms/article2.php

no id is defined so we make the cache file name as index.html

If the cache file is found , the content is read and printed using readfile() and the script terminate. When the article is not found in the cache then we need to look in the database and get the page content from there.

Example : article2.php
Source code : article2.phps

// ... previous code

if(!isset($_GET['id']))
{
$self = $_SERVER['PHP_SELF'];

$query = "SELECT id, title FROM news ORDER BY id";
$result = mysql_query($query) or die('Error : ' . mysql_error());

$content = '

$title

';

$title = 'Available Articles';
} else {
// get the article info from database
$query = "SELECT title, content FROM news WHERE id=".$_GET['id'];
$result = mysql_query($query) or die('Error : ' . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);

$title = $row['title'];
$content = $row['content'];
}

include 'library/closedb.php';

// ... still more code coming

?>

As you can see above the process of fetching the article list and content is the same as article1.php. But before showing the page we have to start output buffering so we can save the content of the generated HTML file.

See the code below. Just before printing the html we callob_start() to activate output buffering. From this point no output is sent from the script to the browser. So in the code example below anything between and tag is not sent to the browser but stored in an internal buffer first.

After the closing html tag we useob_get_contents() to get the buffer content and store int in a temporary variable, $buffer. We then call ob_end_flush() which stop the output buffering ( so the page is now sent to the browser ).

Example : article2.php
Source code : article2.phps

// ... previous code

ob_start();
?>

// ... same html code as article1.php

// get the buffer
$buffer = ob_get_contents();

// end output buffering, the buffer content
// is sent to the client
ob_end_flush();

// now we create the cache file
$fp = fopen($cacheFile, "w");
fwrite($fp, $buffer);
fclose($fp);
?>

Downloading Files From MySQL Database

2008-03-22T00:52:00.001-07:00

When we upload a file to database we also save the file type and length. These were not needed for uploading the files but is needed for downloading the files from the database.

The download page list the file names stored in database. The names are printed as a url. The url would look like download.php?id=3. To see a working example click here. I saved several images in my database, you can try downloading them.

Example : download.php
Source code : download.phps

Download File From MySQL

include 'library/config.php';
include 'library/opendb.php';

$query = "SELECT id, name FROM upload";
$result = mysql_query($query) or die('Error, query failed');
if(mysql_num_rows($result) == 0)
{
echo "Database is empty
";
}
else
{
while(list($id, $name) = mysql_fetch_array($result))
{
?>

}
}
include 'library/closedb.php';
?>

When you click the download link, the $_GET['id'] will be set. We can use this id to identify which files to get from the database. Below is the code for downloading files from MySQL Database.

Example : download.php
Source code : download.phps
if(isset($_GET['id']))
{
// if id is set then get the file with the id from database

include 'library/config.php';
include 'library/opendb.php';

$id = $_GET['id'];
$query = "SELECT name, type, size, content " .
"FROM upload WHERE id = '$id'";

$result = mysql_query($query) or die('Error, query failed');
list($name, $type, $size, $content) = mysql_fetch_array($result);

header("Content-length: $size");
header("Content-type: $type");
header("Content-Disposition: attachment; filename=$name");
echo $content;

include 'library/closedb.php';
exit;
}

?>

Before sending the file content using echo first we need to set several headers. They are :
header("Content-length: $size")
This header tells the browser how large the file is. Some browser need it to be able to download the file properly. Anyway it's a good manner telling how big the file is. That way anyone who download the file can predict how long the download will take.
header("Content-type: $type")
This header tells the browser what kind of file it tries to download.
header("Content-Disposition: attachment; filename=$name");
Tells the browser to save this downloaded file under the specified name. If you don't send this header the browser will try to save the file using the script's name (download.php).

After sending the file the script stops executing by calling exit.

NOTE :
When sending headers the most common error message you will see is something like this :

Warning: Cannot modify header information - headers already sent by (output started at C:\Webroot\library\config.php:7) in C:\Webroot\download.php on line 13

This error happens because some data was already sent before we send the header. As for the error message above it happens because i "accidentally" add one space right after the PHP closing tag ( ?> ) in config.php file. So if you see this error message when you're sending a header just make sure you don't have any data sent before calling header(). Check the file mentioned in the error message and go to the line number specified

Uploading Files To MySQL Database

2008-03-22T00:51:00.000-07:00

Using PHP to upload files into MySQL database sometimes needed by some web application. For instance for storing pdf documents or images to make som kind of online briefcase (like Yahoo briefcase).

For the first step, let's make the table for the upload files. The table will consist of.
id : Unique id for each file
name : File name
type : File content type
size : File size
content : The file itself

For column content we'll use BLOB data type. BLOB is a binary large object that can hold a variable amount of data. MySQL have four BLOB data types, they are :
TINYBLOB
BLOB
MEDIUMBLOB
LONGBLOB

Since BLOB is limited to store up to 64 kilobytes of data we will use MEDIUMBLOB so we can store larger files ( up to 16 megabytes ).

Example : upload.txt
CREATE TABLE upload (
id INT NOT NULL AUTO_INCREMENT,
name VARCHAR(30) NOT NULL,
type VARCHAR(30) NOT NULL,
size INT NOT NULL,
content MEDIUMBLOB NOT NULL,
PRIMARY KEY(id)
);

Uploading a file to MySQL is a two step process. First you need to upload the file to the server then read the file and insert it to MySQL.

For uploading a file we need a form for the user to enter the file name or browse their computer and select a file. The input type="file" is used for that purpose.

Example : upload.php
Source code : upload.phps

An upload form must have encytype="multipart/form-data" otherwise it won't work at all. Of course the form method also need to be set to method="post". Also remember to put a hidden input MAX_FILE_SIZE before the file input. It's to restrict the size of files.

After the form is submitted the we need to read the autoglobal $_FILES. In the example above the input name for the file is userfile so the content of $_FILES are like this :

$_FILES['userfile']['name']
The original name of the file on the client machine.

$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".

$_FILES['userfile']['size']
The size, in bytes, of the uploaded file.

$_FILES['userfile']['tmp_name']
The temporary filename of the file in which the uploaded file was stored on the server.

$_FILES['userfile']['error']
The error code associated with this file upload. ['error'] was added in PHP 4.2.0

Example : upload.php
Source code : upload.phps

if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}

include 'library/config.php';
include 'library/opendb.php';

$query = "INSERT INTO upload (name, size, type, content ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$content')";

mysql_query($query) or die('Error, query failed');
include 'library/closedb.php';

echo "
File $fileName uploaded
";
}
?>
Before you do anything with the uploaded file. You should not assume that the file was uploaded successfully to the server. Always check to see if the file was successfully uploaded by looking at the file size. If it's larger than zero byte then we can assume that the file is uploaded successfully.

PHP saves the uploaded file with a temporary name and save the name in $_FILES['userfile']['tmp_name']. Our next job is to read the content of this file and insert the content to database. Always make sure that you use addslashes() to escape the content. Using addslashes() to the file name is also recommended because you never know what the file name would be.

That's it now you can upload your files to MySQL. Now it's time to write the script to download those files.

Creating A Guestbook Using PHP and MySQL

2008-03-22T00:50:00.000-07:00

You've seen it at least once right? Guestbook is one of the most common thing to find in a website. In this tutorial we'll create a guestbook using PHP and MySQL.

I have split this tutorial into two section, each covering a specific feature of the guestbook.
Creating The Sign-Guestbook Form
This part will cover creating the database tables, the guestbook form and the process of saving the entry to database

Viewing The Entries
You want to see the guestbook entries of course. This section covers fetching the entries from database and put int into an HTML table. You will also learn to show the entries in multiple pages using MySQL paging.

I think you should take a quick look what the finished guestbook look like. Just click here to see it.

Creating The Sign-Guestbook Form

We start by creating the table to store the data, guestbook. There are six fields in the guestbook table:1. id : the unique identifier for an entry in the guestbook
2. name : the visitor's name
3. email : visitor's email address
4. url : visitor's website url, if she has one
5. message : the message
6. entry_date : when did this entry added

I have put the SQL query needed to create the table in guestbook.txt.

Below is the HTML form code. It's pretty simple, we have text box for name, email and url plus a textarea to hold the message. The submit button is attached with a javascript function because we want to check the input values before the page is submitted.

Example :guestbook.php
Source code : guestbook.phps, guestbook.txt

Below is the javascript code to check the input form. The checkForm() function is called when the "Sign Guestbook" button is clicked.

The mandatory fields are name and message so if either is empty we pop an alert box to tell the visitor to enter the name and message. Email is not a mandatory field so we only check if in an email address is entered but we won't complain if there's none .

function checkForm()
{
// the variables below are assigned to each
// form input
var gname, gemail, gurl, gmessage;

with(window.document.guestform)
{
gname = txtName;
gemail = txtEmail;
gurl = txtUrl;
gmessage = mtxMessage;
}

// if name is empty alert the visitor
if(trim(gname.value) == '')
{
alert('Please enter your name');
gname.focus();
return false;
}
// alert the visitor if email is empty or
// if the format is not correct
else if(trim(gemail.value) != '' && !isEmail(trim(gemail.value)))
{
alert('Please enter a valid email address or leave it blank');
gemail.focus();
return false;
}
// alert the visitor if message is empty
else if(trim(gmessage.value) == '')
{
alert('Please enter your message');
gmessage.focus();
return false;
}
else
{
// when all input are correct
// return true so the form will submit
return true;
}
}

/*
Strip whitespace from the beginning and end of a string
*/
function trim(str)
{
return str.replace(/^\s+|\s+$/g,'');
}

/*
Check if a string is in valid email format.
*/
function isEmail(str)
{
var regex = /^[-_.a-z0-9]+@(([-a-z0-9]+\.)+(ad|ae|aero|af|ag|
ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|
bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|
ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|
ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|
gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|
il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|
kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|
ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|
ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|
pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|
si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|
tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|
vu|wf|ws|ye|yt|yu|za|zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|[2]
[0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2]
[0-4][0-9]|[2][5][0-5]))$/i;
return regex.test(str);
}

After the form is submitted our job turns to saving the input into the database.

In the code below I include config.php and opendb.php which contain the database configuration and the code needed to open a connection to MySQL. It's a good practice to put these actions in separate file. That way everytime you need to connect to MySQL you can include these files instead of rewriting the code. Also you can change the database information from just one file instead of changing it in every file that use MySQL. To see what the content of config.php, opendb.php and closedb.php go to : Connecting to MySQL database

include 'library/config.php';
include 'library/opendb.php';

if(isset($_POST['btnSign']))
{
include 'library/config.php';
include 'library/opendb.php';

$name = trim($_POST['txtName']);
$email = trim($_POST['txtEmail']);
$url = trim($_POST['txtUrl']);
$message = trim($_POST['mtxMessage']);

if(!get_magic_quotes_gpc())
{
$message = addslashes($message);
}

// if the visitor do not enter the url
// set $url to an empty string
if ($url == 'http://')
{
$url = '';
}

$query = "INSERT INTO guestbook (name,
email,
url,
message,
entry_date)
VALUES ('$name',
'$email',
'$url',
'$message',
current_date)";

mysql_query($query) or die('Error, query failed');

header('Location: ' . $_SERVER['REQUEST_URI']);
exit;
}
?>

The script check if the $_POST['btnSign'] variable is set. If it is then the "Sign Guestbook" button must have been clicked and now we can read name, email, url and message from the $_POST global variable. After that we create an INSERT query string and execute the query using mysql_query().

Sometimes a message can contain single quotes, we need to escape these single quotes ( replacing it with \' ) otherwise MySQL will think that it's the end of a string and the query will fail. We use the addslashes() function to escape the string.

Unfortunately some web hosts set the magic_quotes_gpc setting on. This will make values containing single-quotes in $_GET, $_POST and $_COOKIE will be automatically escaped. If we use addslashes() when the string is already escaped the result would be a mess.

To check if magic_quotes_gpc is On use get_magic_quotes_gpc(). If it returns true then we don't have to call addslashes().

Ok, now affter all input is ready we can build the query string to enter the name, email, url, message and entry date. Note that for the entry_date field we use current_date. This is not a PHP variable or function, it's a built in MySQL function that returns ( guess what? ) the current date.

You also see that I didn't explicitly insert the value of id field. This is because id is set as auto_increment so when we insert a new row into the table a new value for id is automatically generated ( incremented for each new row).

After inserting the new guestbook entry the next thing we do is redirect back to current page using header('Location: ' . $_SERVER['REQUEST_URI']);

Why?

The redirect is just to prevent double submission. Suppose we don't use the redirect and the visitor hit the refresh button after signing up the guestbook then the form will be submitted again.

Note : If you get this kind of error message

Warning: Cannot modify header information - headers already sent by (output started at C:\webroot\guestbook\library\config.php:7) in C:\webroot\guestbook\guestbook.php on line 43

this mean the redirect failed because you already sent something to the browser. I got the error message above because i "accidentally" have a space right after the closing tag ( ?> ) in config.php. By removing this space the error is fixed.

This kind of errror is actually very common to see when your code is sending headers and fixing it is easy like the example above. Just check the file pointed by the error message and see if you accidentally sent ( print ) anyhing to the browser.

Form Validation With PHP

2008-03-22T00:48:00.000-07:00

Whenever you make a form you should not leave it alone without any form validation. Why? Because there is no guarantee that the input is correct and processing incorrect input values can make your application give unpredictable result.

You can validate the form input on two places, client side and server side.

Client side form validation usually done with javascript. Client side validation makes your web application respond 'faster' while server side form validation with PHP can act as a backup just in case the user switch off javascript support on her browser. And since different browsers can behave differently there is always a possibility that the browser didn't execute the javascript code as you intended.

Some things you need to check :
empty values
numbers only
input length
email address
strip html tags

To show form validation with php in action I'll use the contact form in this website. Click here to see the contact form and then take a look at the source code.

This contact form requires four input :
sender name
sender email
message subject
message body

First let's focus on the client side validation. On the "Send Message" button I put this javascript code : onClick="return checkForm();", which is triggered when you click on it. Clicking the button will run the function checkForm().Every input is checked to see whether they are valid input. When an invalid input is found the function returns false so the form is not submitted. When you insert valid input the function will return true and the form is submitted.

Go ahead and play around with the form. Try entering only spaces for the input value or enter glibberish string as email address.

The code snippet below shows the client part of contact form.

Example : contact.php
Source code : contact.phps

Contact Form

Now we'll take a better look at checkForm() function :

function checkForm()
{
var cname, cemail, csubject, cmessage;
with(window.document.msgform)
{
cname = sname;
cemail = email;
csubject = subject;
cmessage = message;
}

// ... the rest of the code

}

In the beginning of the function I use the keyword var to declare four variables to reference the form input . They are cname, cemail, csubject and cmessage. These variables will reference the form input sname, email, subject and message respectively.

Javascript treats a document and it's element as object. The message form is named msgform so to access is we use window.document.msgform and to access the sname input text we can use window.document.msgform.sname.

To avoid the hassle of writing the window.document.msgform part whenever we want to access a form object I use the with() keyword. Without it the checkForm() function would look like :

function checkForm()
{
var cname, cemail, csubject, cmessage;

cname = window.document.msgform.sname;
cemail = window.document.msgform.email;
csubject = window.document.msgform.subject;
cmessage = window.document.msgform.message;

// ... the rest of the code

}

Next we'll validate each form input.

function checkForm()
{
// variable declarations goes here ...

if(trim(cname.value) == '')
{
alert('Please enter your name');
cname.focus();
return false;
}
else if(trim(cemail.value) == '')
{
alert('Please enter your email');
cemail.focus();
return false;
}
else if(!isEmail(trim(cemail.value)))
{
alert('Email address is not valid');
cemail.focus();
return false;
}
// The rest of validation code goes here ...
}

To access the value of the name input box we use cname.value. The name values is trimmed to remove extra spaces from the beginning and end of the name. If you do not enter your name or only entering spaces then an alert box will pop up. Using cname.focus() the cursor will be placed to the name input box and then checkForm() return false which cancel the form submit.

The code above uses trim() function. This is not a built in javascript function. I can't understand why there is no trim() function in javascript, even VBScript has it. Anyway it's not a big deal because we can just make our own trim() function. The solution here uses regular expression to replace any spaces in the beginning and end of a string with blank string.

function trim(str)
{
return str.replace(/^\s+|\s+$/g,'');
}

The forward slash (/) is used to create a regular expression. Note that it is not a string, you don't have to use quotes and it won't work if you use quotes. Let's chop the regular expression notation so we can understand it better :
^ : the beginning of a string
$ : end of string.
\s : single whitespace character (tab also count as whitespace)
+ : one or more
| : conditional (OR)
g : global, mainly used for search and replace operation

So in english the search replace function above can be read as :

"Replace one or more whitespace character from the beginning or ending of a string with blank character"

As for the email input, we need to double check it. First, check if the email is entered and second check if the input is in a valid email format. For the second check well use isEmail() function. This function also uses regular expression.

A valid email format can be described as :

[ a string consisting of alphanumeric characters, underscores, dots or dash ] @ ( [ a valid domain name ] DOT [ a valid TLD ]) OR [a valid IP adress ]

In case you're wondering TLD means Top Level Domain such as com, net, org, biz, etc.

When you see the source code you will see that the regular expression in isEmail() function is actually written in one line. I have to break them into multiple lines just to fit the space. The PHP Manual explains the regular expression syntax for PHP in depth, but if you want to learn regular expression for javascript you can go to : http://www.regular-expressions.info

Finally, if all input are considered valid checkForm() returns true and the form will be submitted. This will set the $_POST['send'] variable and now we start validating the input on the server side using PHP.

$errmsg = ''; // error message
$sname = ''; // sender's name
$email = ''; // sender's email addres
$subject = ''; // message subject
$message = ''; // the message itself

if(isset($_POST['send']))
{
$sname = $_POST['sname'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];

if(trim($sname) == '')
{
$errmsg = 'Please enter your name';
}
else if(trim($email) == '')
{
$errmsg = 'Please enter your email address';
}
else if(!isEmail($email))
{
$errmsg = 'Your email address is not valid';
}
else if(trim($subject) == '')
{
$errmsg = 'Please enter message subject';
}
else if(trim($message) == '')
{
$errmsg = 'Please enter your message';
}

// ... more code here
?>

The PHP validation is doing the same thing as the javascript validation. It check each value to see if it's empty and if it is we consider that as an error. We also recheck the validity of the email address.

When we find an error we set the value of $errmsg. We will print this value so the user can fix the error.

If everything is okay the value of $errmsg will be blank. So we continue processing the input.

// ... previous validation code

if($errmsg == '')
{
if(get_magic_quotes_gpc())
{
$subject = stripslashes($subject);
$message = stripslashes($message);
}

$to = "email@yourdomain.com";
$subject = '[Contact] : ' . $subject;
$msg = "From : $sname \r\n " . $message;
mail($to,
$subject,
$msg,
"From: $email\r\nReturn-Path: $email\r\n");

// ... more code here
?>

Some web host set the PHP directive magic_quotes_gpc to 'on' which runs addslashes() to every GET, POST, and COOKIE data so we got an extra work to strip the slashes from the input.

Because the addslashes() function only add slashes before single quote ( ' ), double quote ( " ), backslash ( \ ) and NULL, we only need to worry about the $subject and $message. This is because (usually ) only these two can contain such characters. However, we can't be sure if magic_quotes_gpc is On or Off so we have to check it's value first using the get_magic_quotes_gpc() function

After finishing all that boring job of validating the input we finally come to the last, and the most important step, sending the message using the mail() function.

The first parameter we pass to the mail() function is the receiver's email address. The second is the email subject. The third is the message itself and the fourth is an additional headers.

I'm sure you already understand the purpose of the first three parameters so I'll just discuss about the fourth one, the additional parameter ( additional headers )

"From: $email\r\nReply-To: $email\r\nReturn-Path: $email\r\n"

Each headers are separated by the "\r\n" ( newline ) characters. The first two ( From and Reply-To ) is self explanatory. But what about the third one ( Return-Path )?

The reason is some spam filter will check the Return-Path header and compare it with the From header. If these two don't match then the email is considered as spam and you're email won't get delivered ( or sent to the spam folder ). So it's better to play safe and put Return-Path header when we want to send an email to make sure it gets delivered.

Using PHP To Backup MySQL Database

2008-03-22T00:47:00.002-07:00

There are at least three ways to backup your MySQL Database :

Execute a database backup query from PHP file.
Run mysqldump using system() function.
Use phpMyAdmin to do the backup.

Execute a database backup query from PHP file

Below is an example of using SELECT INTO OUTFILE query for creating table backup :

include 'config.php';
include 'opendb.php';

$tableName = 'mypet';
$backupFile = 'backup/mypet.sql';
$query = "SELECT * INTO OUTFILE '$backupFile' FROM $tableName";
$result = mysql_query($query);

include 'closedb.php';
?>

To restore the backup you just need to run LOAD DATA INFILE query like this :

include 'config.php';
include 'opendb.php';

$tableName = 'mypet';
$backupFile = 'mypet.sql';
$query = "LOAD DATA INFILE 'backupFile' INTO TABLE $tableName";
$result = mysql_query($query);

include 'closedb.php';
?>

It's a good idea to name the backup file as tablename.sql so you'll know from which table the backup file is

Run mysqldump using system() function

The system() function is used to execute an external program. Because MySQL already have built in tool for creating MySQL database backup (mysqldump) let's use it from our PHP script

include 'config.php';
include 'opendb.php';

$backupFile = $dbname . date("Y-m-d-H-i-s") . '.gz';
$command = "mysqldump --opt -h $dbhost -u $dbuser -p $dbpass $dbname | gzip > $backupFile";
system($command);
include 'closedb.php';
?>

Use phpMyAdmin to do the backup

This option as you may guessed doesn't involve any programming on your part. However I think i mention it anyway so you know more options to backup your database.

To backup your MySQL database using phpMyAdmin click on the "export" link on phpMyAdmin main page. Choose the database you wish to backup, check the appropriate SQL options and enter the name for the backup file.

MySQL Update and Delete

2008-03-22T00:47:00.001-07:00

There are no special ways in PHP to perform update and delete on MySQL database. You still use mysql_query() to execute the UPDATE or DELETE statement.

For instance to update a password in mysql table for username phpcake can be done by executing an UPDATE statement with mysql_query() like this:

Example : update.php
Source code : update.phps
include 'library/config.php';
include 'library/opendb.php';

mysql_select_db('mysql')
or die('Error, cannot select mysql database');

$query = "UPDATE user SET password = PASSWORD('newpass')". "WHERE user = 'phpcake'";

mysql_query($query) or die('Error, query failed');
include 'library/closedb.php';
?>

There is one important thing that you should be aware of when updating and deleting rows from database. That is data integrity.

If you're using InnoDB tables you can leave the work of maintaining data integrity to MySQL . However when you're using other kind of tables you need to enforce the data integrity manually.

To make sure that your update and delete queries will not break the data integrity. You have to make appropriate update and delete queries for all tables referencing to the table you update or delete.

For example, suppose you have two tables, Class and Student. The Student table have a foreign key column, cid which references to the class_id column in table Class. When you want to update a class_id in Class table you will also need to update the cid column in Student table to maintain data integrity.

Suppose i want to change the class_id of Karate from 3 to 10. Since there is a row in Student table with cid value of 3, I have to update that row too.

$query = "UPDATE Class SET class_id = 10 WHERE class_id = 3";
mysql_query($query);

$query = "UPDATE Student SET cid = 10 WHERE cid = 3";
mysql_query($query);

Below are the data in Table and Student class before an update query : Table Class
class_id class_name
1
Silat
2 Kungfu
3 Karate
4 Taekwondo

Table Student
student_id student_name cid
1 Uzumaki Naruto 1
2 Uchiha Sasuke 3
3 Haruno Sakura 2

Now the content of Table and Student class after the update query are : Table Class
class_id class_name
1
Silat
2 Kungfu
10 Karate
4 Taekwondo

Table Student
student_id student_name cid
1 Uzumaki Naruto 1
2 Uchiha Sasuke 10
3 Haruno Sakura 2

You can go as far as creating your own functions in PHP to ensure the data integrity. I have done this before and I hope you don't do it. Save yourself the headache and just write appropriate queries to maintain your data integrity whenever you update / delete rows from a table.

This means that whenever you make a query to update / delete always consult your database design to see if you need to update / delete another table to maintain data integrity. Your code will be more portable like this.

Using LOCK TABLES

When your web application is used by more than one user using LOCK TABLES before any update / delete query is a safe bet. This will make sure that only one user change the table at a time.

Using the above update code examples again, suppose there are two users. The first one want to update one row in Class table and the second want to delete it

$query = "LOCK TABLES Class WRITE, Student WRITE";
mysql_query($query);

$query = "DELETE FROM Class WHERE class_id = 3";
mysql_query($query);

$query = "DELETE FROM Student WHERE class_id = 3";
mysql_query($query);

$query = "UNLOCK TABLES";
mysql_query($query);

The update queries above can be rewritten as :

$query = "LOCK TABLES Class WRITE, Student WRITE";
mysql_query($query);

$query = "UPDATE Class SET class_id = 10 WHERE class_id = 3";
mysql_query($query);

$query = "UPDATE Student SET cid = 10 WHERE cid = 3";
mysql_query($query);

$query = "UNLOCK TABLES";
mysql_query($query);

By issuing the LOCK TABLES all other users are blocked from reading and writing to the tables. So you're update / delete query will continue to completion without any worries that the intended table already changed by another user

Using Paging

2008-03-22T00:45:00.000-07:00

Ever use a Search Engine? I'm sure you have, lots of time. When Search Engines found thousands of results for a keyword do they spit out all the result in one page? Nope, they use paging to show the result little by little.

Paging means showing your query result in multiple pages instead of just put them all in one long page. Imagine waiting for five minutes just to load a search page that shows 1000 result. By splitting the result in multiple pages you can save download time plus you don't have much scrolling to do.

To show the result of a query in several pages first you need to know how many rows you have and how many rows per page you want to show. For example if I have 295 rows and I show 30 rows per page that mean I'll have ten pages (rounded up).

For the example I created a table named randoms that store 295 random numbers. Each page shows 20 numbers.

Example: paging.php
Source code :paging.phps

include 'library/config.php';
include 'library/opendb.php';

// how many rows to show per page
$rowsPerPage = 20;

// by default we show first page
$pageNum = 1;

// if $_GET['page'] defined, use it as page number
if(isset($_GET['page']))
{
$pageNum = $_GET['page'];
}

// counting the offset
$offset = ($pageNum - 1) * $rowsPerPage;

$query = " SELECT val FROM randoms " .
" LIMIT $offset, $rowsPerPage";
$result = mysql_query($query) or die('Error, query failed');

// print the random numbers
while($row = mysql_fetch_array($result))
{
echo $row['val'] . '
';
}

// ... more code here
?>

Paging is implemented in MySQL using LIMIT that take two arguments. The first argument specifies the offset of the first row to return, the second specifies the maximum number of rows to return. The offset of the first row is 0 ( not 1 ).

When paging.php is called for the first time the value of $_GET['page'] is not set. This caused $pageNum value to remain 1 and the query is :

SELECT val FROM randoms LIMIT 0, 20

which returns the first 20 values from the table. But when paging.php is called like this http://www.php-mysql-tutorial.com/examples/paging/paging.php?page=4
the value of $pageNum becomes 4 and the query will be :

SELECT val FROM randoms LIMIT 60, 20

this query returns rows 60 to 79.

After showing the values we need to print the links to show any pages we like. But first we have to count the number of pages. This is achieved by dividing the number of total rows by the number of rows to show per page :

$maxPage = ceil($numrows/$rowsPerPage);

// ... the previous code

// how many rows we have in database
$query = "SELECT COUNT(val) AS numrows FROM randoms";
$result = mysql_query($query) or die('Error, query failed');
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$numrows = $row['numrows'];

// how many pages we have when using paging?
$maxPage = ceil($numrows/$rowsPerPage);

// print the link to access each page
$self = $_SERVER['PHP_SELF'];
$nav = '';

for($page = 1; $page <= $maxPage; $page++)
{
if ($page == $pageNum)
{
$nav .= " $page "; // no need to create a link to current page
}
else
{
$nav .= " $page ";
}
}

// ... still more code coming
?>

The mathematical function ceil() is used to round up the value of $numrows/$rowsPerPage.

In this case the value of total rows $numrows is 295 and $rowsPerPage is 20 so the result of the division is 14.75 and by using ceil() we get $maxPage = 15

Now that we know how many pages we have we make a loop to print the link. Each link will look something like this:

5

You see that we use $_SERVER['PHP_SELF'] instead of paging.php when creating the link to point to the paging file. This is done to avoid the trouble of modifying the code in case we want to change the filename.

We are almost complete. Just need to add a little code to create a 'Previous' and 'Next' link. With these links we can navigate to the previous and next page easily. And while we at it let's also create a 'First page' and 'Last page' link so we can jump straight to the first and last page when we want to.

// ... the previous code

// creating previous and next link
// plus the link to go straight to
// the first and last page

if ($pageNum > 1)
{
$page = $pageNum - 1;
$prev = " [Prev] ";

$first = " [First Page] ";
}
else
{
$prev = ' '; // we're on page one, don't print previous link
$first = ' '; // nor the first page link
}

if ($pageNum < $maxPage)
{
$page = $pageNum + 1;
$next = " [Next] ";

$last = " [Last Page] ";
}
else
{
$next = ' '; // we're on the last page, don't print next link
$last = ' '; // nor the last page link
}

// print the navigation link
echo $first . $prev . $nav . $next . $last;

// and close the database connection
include '../library/closedb.php';

// ... and we're done!
?>

Making these navigation link is actually easier than you may think. When we're on the fifth page we just make the 'Previous' link point to the fourth. The same principle also apply for the 'Next' link, we just need to add one to the page number.

One thing to remember is that we don't need to print the 'Previous' and 'First Page' link when we're already on the first page. Same thing for the 'Next' and 'Last' link. If we do print them that would only confuse the one who click on it. Because we'll be giving them the exact same page.

We got a problem here...

Take a look at this slightly modified version of paging.php. Instead of showing 20 numbers in a page, I decided to show just three.

See the problem already?

Those page numbers are running across the screen! Yuck!

This call for a little modification to the code. Instead of printing the link to each and every page we will just saying something like "Viewing page 4 of 99 pages".

Than means we havel remove these code :

// ... the previous code

$nav = '';

for($page = 1; $page <= $maxPage; $page++)
{
if ($page == $pageNum)
{
$nav .= " $page "; // no need to create a link to current page
}
else
{
$nav .= " $page ";
}
}

// ... the rest here
?>

And then modify this one

// ...

// print the navigation link
echo $first . $prev . $nav . $next . $last;

// ...
?>

Into this

// ...

// print the navigation link
echo $first . $prev .
" Showing page $pageNum of $maxPage pages " . $next . $last;

// ...
?>

Source : http://www.php-mysql-tutorial.com/

Convert MySQL Query Result To Excel

2008-03-22T00:44:00.000-07:00

Using PHP to convert MySQL query result to Excel format is also common especially in web based finance applications. The finance data stored in database are downloaded as Excel file for easy viewing. There is no special functions in PHP to do the job. But you can do it easily by formatting the query result as tab separated values or put the value in an HTML table. After that set the content type to application/vnd.ms-excel

Example : convert.php
Source : convert.php, students.txt

include 'library/config.php';
include 'library/opendb.php';

$query = "SELECT fname, lname FROM students";
$result = mysql_query($query) or die('Error, query failed');

$tsv = array();
$html = array();
while($row = mysql_fetch_array($result, MYSQL_NUM))
{
$tsv[] = implode("\t", $row);
$html[] = "" .implode("", $row) . "";
}

$tsv = implode("\r\n", $tsv);
$html = "" . implode("\r\n", $html) . "

";

$fileName = 'mysql-to-excel.xls';
header("Content-type: application/vnd.ms-excel");
header("Content-Disposition: attachment; filename=$fileName");

echo $tsv;
//echo $html;

include 'library/closedb.php';
?>

In the above example $tsv is a string containing tab separated values and $html contain an HTML table. I use implode() to join the values of $row with tab to create a tab separated string.

After the while loop implode() is used once again to join the rows using newline characters. The headers are set and the value of $tsv is then printed. This will force the browser to save the file as mysql-to-excel.xsl

Try running the script in your own computer then try commenting echo $tsv and uncomment echo $html to see the difference.

Get Data From MySQL Database

2008-03-22T00:43:00.000-07:00

Using PHP you can run a MySQL SELECT query to fetch the data out of the database. You have several options in fetching information from MySQL. PHP provide several functions for this. The first one is mysql_fetch_array()which fetch a result row as an associative array, a numeric array, or both.

Below is an example of fetching data from MySQL, the table contact have three columns, name, subject and message.

Example : select.php
Source code : select.phps, contact.txt

include 'config.php';
include 'opendb.php';

$query = "SELECT name, subject, message FROM contact";
$result = mysql_query($query);

while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo "Name :{$row['name']}
" .
"Subject : {$row['subject']}
" .
"Message : {$row['message']}

";
}

include 'closedb.php';
?>

The while() loop will keep fetching new rows until mysql_fetch_array() returns FALSE, which means there are no more rows to fetch. The content of the rows are assigned to the variable $row and the values in row are then printed. Always remember to put curly brackets when you want to insert an array value directly into a string.

In above example I use the constant MYSQL_ASSOC as the second argument to mysql_fetch_array(), so that it returns the row as an associative array. With an associative array you can access the field by using their name instead of using the index . Personally I think it's more informative to use $row['subject'] instead of $row[1].

PHP also provide a function called mysql_fetch_assoc() which also return the row as an associative array.

include 'config.php';
include 'opendb.php';

$query = "SELECT name, subject, message FROM contact";
$result = mysql_query($query);

while($row = mysql_fetch_assoc($result))
{
echo "Name :{$row['name']}
" .
"Subject : {$row['subject']}
" .
"Message : {$row['message']}

";
}

include 'closedb.php';
?>

You can also use the constant MYSQL_NUM, as the second argument to mysql_fetch_array(). This will cause the function to return an array with numeric index.

include 'config.php';
include 'opendb.php';

$query = "SELECT name, subject, message FROM contact";
$result = mysql_query($query);

while($row = mysql_fetch_array($result, MYSQL_NUM))
{
echo "Name :{$row[0]}
" .
"Subject : {$row[0]}
" .
"Message : {$row[0]}

";
}

include 'closedb.php';
?>

Using the constant MYSQL_NUM with mysql_fetch_array() gives the same result as the function mysql_fetch_row().

There is another method for you to get the values from a row. You can use list(), to assign a list of variables in one operation.

include 'config.php';
include 'opendb.php';

$query = "SELECT name, subject, message FROM contact";
$result = mysql_query($query);

while(list($name,$subject,$message)= mysql_fetch_row($result))
{
echo "Name :$name
" .
"Subject : $subject
" .
"Message : $row

";
}

include 'closedb.php';
?>

In above example, list() assign the values in the array returned by mysql_fetch_row() into the variable $name, $subject and $message.

Of course you can also do it like this

include 'config.php';
include 'opendb.php';

$query = "SELECT name, subject, message FROM contact";
$result = mysql_query($query);

while($row = mysql_fetch_row($result))
{
$name = $row[0];
$subject = $row[1];
$message = $row[2];

echo "Name :$name
" .
"Subject : $subject
" .
"Message : $row

";
}

include 'closedb.php';
?>

Source : http://www.php-mysql-tutorial.com/

Insert Data To MySQL Database

2008-03-22T00:42:00.000-07:00

Inserting data to MySQL is done by using mysql_query() to execute INSERT query. Note that the query string should not end with a semicolon. Below is an example of adding a new MySQL user by inserting a new row into table user in database mysql :

Example : insert.php
Source code : insert.phps

include 'library/config.php';
include 'library/opendb.php';

mysql_select_db($mysql);
$query = "INSERT INTO user (host, user, password, select_priv, insert_priv, update_ priv) VALUES ('localhost', 'phpcake', PASSWORD('mypass'), 'Y', 'Y', 'Y')";

mysql_query($query) or die('Error, insert query failed');

$query = "FLUSH PRIVILEGES";
mysql_query($query) or die('Error, insert query failed');

include 'library/closedb.php';
?>

In the above example mysql_query() was followed by die(). If the query fail the error message will be printed and the script's execution is terminated. Actually you can use die() with any function that might not execute properly. That way you can be sure that the script won't continue to run when an error occured.

In a real application the values of an INSERT statement will be form values. As a safe precaution always escape the values using addslashes() if get_magic_quotes_gpc() returns false. Below is an example of using form values with INSERT. It's the same as above except that the new username and password are taken from $_POST :

Example : adduser.php
Source code : adduser.phps

Add New MySQL User

if(isset($_POST['add']))
{
include 'library/config.php';
include 'library/opendb.php';

$username = $_POST['username'];
$password = $_POST['password'];

$query = "INSERT INTO user (host, user, password, select_priv, insert_priv, update_ priv) VALUES ('localhost', '$username', PASSWORD('$password'), 'Y', 'Y', 'Y')";
mysql_query($query) or die('Error, insert query failed');

$query = "FLUSH PRIVILEGES";
mysql_query($query) or die('Error, insert query failed');

include 'library/closedb.php';
echo "New MySQL user added";
}
else
{
?>

}
?>

Source : http://www.php-mysql-tutorial.com/

Create MySQL Database With PHP

2008-03-22T00:40:00.000-07:00

To create a database use the mysql_query() function to execute an SQL query like this

include 'config.php';
include 'opendb.php';

$query = "CREATE DATABASE phpcake";
$result = mysql_query($query);

include 'closedb.php';
?>

Please note that the query should not end with a semicolon.

PHP also provide a function to create MySQL database, mysql_create_db(). This function is deprecated though. It is better to use mysql_query() to execute an SQL CREATE DATABASE statement instead like the above example.

If you want to create MySQL database using PHP mysql_create_db() function you can do it like this :

include 'config.php';
include 'opendb.php';

mysql_create_db('phpcake');

include 'closedb.php';
?>

If you want to create tables in the database you just created don't forget to call mysql_select_db() to access the new database.

Note: some webhosts require you to create a MySQL database and user through your website control panel (such as CPanel). If you get an error when trying to create database this might be the case.
Creating the Tables

To create tables in the new database you need to do the same thing as creating the database. First create the SQL query to create the tables then execute the query using mysql_query() function.

Example : contact.php
Source code : contact.phps

include 'config.php';
include 'opendb.php';

$query = 'CREATE DATABASE phpcake';
$result = mysql_query($query);

mysql_select_db('phpcake') or die('Cannot select database');

$query = 'CREATE TABLE contact( '.
'cid INT NOT NULL AUTO_INCREMENT, '.
'cname VARCHAR(20) NOT NULL, '.
'cemail VARCHAR(50) NOT NULL, '.
'csubject VARCHAR(30) NOT NULL, '.
'cmessage TEXT NOT NULL, '.
'PRIMARY KEY(cid))';

$result = mysql_query($query);

include 'closedb.php';
?>

Of course when you need to create lots of tables it's a good idea to read the query from a file then save in $query variable instead of writing the query in your script.

include 'config.php';
include 'opendb.php';

$queryFile = 'myquery.txt';

$fp = fopen($queryFile, 'r');
$query = fread($fp, filesize($queryFile));
fclose($fp);
$result = mysql_query($query);

include 'closedb.php';
?>

Deleting a Database

As with creating a database, it is also preferable to use mysql_query() and to execute the SQL DROP DATABASE statement instead of using mysql_drop_db()

include 'config.php';
include 'opendb.php';

// ... do something here

$query = 'DROP DATABASE phpcake';
$result = mysql_query($query);

// ... probably do something here too

include 'closedb.php';
?>

Source : http://www.php-mysql-tutorial.com/

Connect to MySQL Database

2008-03-22T00:39:00.000-07:00

Opening a connection to MySQL database from PHP is easy. Just use the mysql_connect() function like this

$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'petstore';
mysql_select_db($dbname);
?>

$dbhost is the name of MySQL server. When your webserver is on the same machine with the MySQL server you can use localhost or 127.0.0.1 as the value of $dbhost. The $dbuser and $dbpass are valid MySQL user name and password. For adding a user to MySQL visit this page : MySQL Tutorial

Don't forget to select a database using mysql_select_db() after connecting to mysql. If no database selected your query to select or update a table will not work.

Sometimes a web host will require you to specify the MySQL server name and port number. For example if the MySQL server name is db.php-mysql-tutorial.com and the port number is 3306 (the default port number for MySQL) then you you can modify the above code to :

$dbhost = 'db.php-mysql-tutorial.com:3306';
$dbuser = 'root';
$dbpass = 'password';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'petstore';
mysql_select_db($dbname);
?>

It's a common practice to place the routine of opening a database connection in a separate file. Then everytime you want to open a connection just include the file. Usually the host, user, password and database name are also separated in a configuration file.

An example of config.php that stores the connection configuration and opendb.php that opens the connection are :

Source code : config.phps , opendb.phps

// This is an example of config.php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$dbname = 'phpcake';
?>

// This is an example opendb.php
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
mysql_select_db($dbname);
?>

So now you can open a connection to mysql like this :

include 'config.php';
include 'opendb.php';

// ... do something like insert or select, etc

?>

Closing the Connection

The connection opened in a script will be closed as soon as the execution of the script ends. But it's better if you close it explicitly by calling mysql_close() function. You could also put this function call in a file named closedb.php.

Source code : closedb.phps

// an example of closedb.php
// it does nothing but closing
// a mysql database connection

mysql_close($conn);
?>

Now that you have put the database configuration, opening and closing routines in separate files your PHP script that uses mysql would look something like this :

include 'config.php';
include 'opendb.php';

// ... do something like insert or select, etc

include 'closedb.php';
?>

Source : http://www.php-mysql-tutorial.com/

MySQL Update And Delete

2008-03-22T00:37:00.000-07:00

The statement UPDATE is used to change the value in a table. For example to change to species name from Turtle to Dog

mysql> UPDATE species SET name = 'Dog' WHERE name = 'Turtle';
Query OK, 1 row affected (0.02 sec)
Rows matched: 1 Changed: 1 Warnings: 0

mysql> SELECT * FROM species;
+----+-------+
| id | name |
+----+-------+
| 1 | Cat |
| 2 | Bird |
| 3 | Fish |
| 4 | Dog |
+----+-------+
4 rows in set (0.00 sec)

Delete Data

The DELETE statement deletes rows from a table that satisfy the condition given by the WHERE clause. For example to delete a record from species table where id equals 1

mysql> DELETE FROM species WHERE id = 1;
Query OK, 1 row affected (0.00 sec)

mysql> SELECT * FROM species;
+----+-------+
| id | name |
+----+-------+
| 2 | Bird |
| 3 | Fish |
| 4 | Dog |
+----+-------+
3 rows in set (0.01 sec)

Now that you alredy know the basics of MySQL it's time to continue the tutorial. You will start learning how to connect to MySQL database using PHP.

By the way this is a good time for you to download download the MySQL reference manual ( if you haven't done so). It covers in detail about everything you need to know about MySQL. As with the PHP manual you should download the compiled HTML version of MySQL manual because it's easier to browse than other formats.

Get Data From MySQL

2008-03-22T00:36:00.000-07:00

Retrieving the table data is easy, just use the SELECT statement like this

mysql> SELECT * FROM species;
+----+--------+
| id | name |
+----+--------+
| 1 | Cat |
| 2 | Bird |
| 3 | Fish |
| 4 | Turtle |
+----+--------+
4 rows in set (0.00 sec)

The * from the SELECT statement means select all columns. If you only want the names you can write

mysql> SELECT name FROM species;
+--------+
| name |
+--------+
| Cat |
| Bird |
| Fish |
| Turtle |
+--------+
4 rows in set (0.00 sec)

To select only the records that interest you, you can use WHERE statement followed by the definition. For example to select a record from species table where id equals 4 you can do this :

mysql> SELECT * FROM species WHERE id = 4;
+----+--------+
| id | name |
+----+--------+
| 4 | Turtle |
+----+--------+
1 row in set (0.59 sec)

If you want to order the returned rows by a criteria you can use ORDER BY like this :

mysql> SELECT * FROM species ORDER BY name;
+----+--------+
| id | name |
+----+--------+
| 2 | Bird |
| 1 | Cat |
| 3 | Fish |
| 4 | Turtle |
+----+--------+
4 rows in set (0.00 sec)

By default the result is sorted in ascending order. So this query will give the same result :

mysql> SELECT * FROM species ORDER BY name ASC;
+----+--------+
| id | name |
+----+--------+
| 2 | Bird |
| 1 | Cat |
| 3 | Fish |
| 4 | Turtle |
+----+--------+
4 rows in set (0.00 sec)

The ASC means ascending order. To get a descending order you just change the ASC with DESC like this :

mysql> SELECT * FROM species ORDER BY name DESC;
+----+--------+
| id | name |
+----+--------+
| 4 | Turtle |
| 3 | Fish |
| 1 | Cat |
| 2 | Bird |
+----+--------+
4 rows in set (0.00 sec)

Insert Data To MySQL

2008-03-22T00:26:00.000-07:00

You can insert data to the tables directly from mysql> prompt or by loading a file containing the data. The values will be tab separated one line represent one record.

To insert the data directly from mysql use the INSERT statement. The format for INSERT is INSERT INTO (column1, column2, ....) values ( 'value1', 'value2', ...). For example to insert a species name into the table species the command is like this :

mysql> INSERT INTO species (name) values ('Cat');
Query OK, 1 row affected (0.00 sec)

Remember to put single quotes around a value it is a string.

Notice that i don't have to set the value of id because id have AUTO_INCREMENT attribute. Whenever you insert a new record to the table the value of id is set automatically by mysql with increasing values. The AUTO_INCREMENT attribute is commonly used to create unique identity for new rows

Next example will show how to insert data from a text file, you can get the file here and try in on your computer.

mysql> LOAD DATA LOCAL INFILE "insert.txt" INTO TABLE species;
Query OK, 3 rows affected (0.00 sec)

You can also run SQL queries directly from the DOS prompt. Assuming insert.txt is in C:\ you can run the query in insert.txt like this

C:\mysql < insert.txt

Create New Table

2008-03-22T00:23:00.002-07:00

For this example we'll create two tables. The first one describe the species of animals available in a pet store and the second will store the data of a pet in the store. The table names will be species and pet

The species table will consist of the id and the animal species, and the pet table will consist of animal id, species, sex, and price

mysql> CREATE TABLE species (id INT NOT NULL AUTO_INCREMENT, species varchar(30) NOT NULL, primary key(id));
Query OK, 0 rows affected (0.02 sec)

mysql> CREATE TABLE pet(id INT NOT NULL AUTO_INCREMENT, sp_id INT NOT NULL, sex CHAR(1) NOT NULL, price DECIMAL(4,2) NOT NULL, primary key(id));
Query OK, 0 rows affected (0.03 sec)

mysql> SHOW tables;
+--------------------+
| Tables_in_petstore |
+--------------------+
| pet |
| species |
+--------------------+
2 rows in set (0.00 sec)

mysql> DESCRIBE species;
+---------+-------------+----+-----+---------+---------------+
| Field | Type |Null| Key | Default | Extra |
+---------+-------------+----+-----+---------+---------------+
| id | int(11) | | PRI | NULL | auto_increment|
| name | varchar(30) | | | | |
+---------+-------------+----+-----+---------+---------------+
2 rows in set (0.05 sec)

mysql> DESC pet;
+-------+--------------+----+-----+---------+----------------+
| Field | Type |Null| Key | Default | Extra |
+-------+--------------+----+-----+---------+----------------+
| id | int(11) | | PRI | NULL | auto_increment |
| sp_id | int(11) | | | 0 | |
| sex | char(1) | | | | |
| price | decimal(4,2) | | | 0.00 | |
+-------+--------------+----+-----+---------+----------------+
4 rows in set (0.00 sec)

The SQL sytax to create table is : CREATE TABLE ()

The DESCRIBE or DESC statement is used to show a description of a table. You can also use EXPLAIN or SHOW COLUMNS

mysql> EXPLAIN pet;
+-------+--------------+----+-----+---------+----------------+
| Field | Type |Null| Key | Default | Extra |
+-------+--------------+----+-----+---------+----------------+
| id | int(11) | | PRI | NULL | auto_increment |
| sp_id | int(11) | | | 0 | |
| sex | char(1) | | | | |
| price | decimal(4,2) | | | 0.00 | |
+-------+--------------+----+-----+---------+----------------+
4 rows in set (0.00 sec)

mysql> SHOW COLUMNS FROM pet;
+-------+--------------+----+-----+---------+----------------+
| Field | Type |Null| Key | Default | Extra |
+-------+--------------+----+-----+---------+----------------+
| id | int(11) | | PRI | NULL | auto_increment |
| sp_id | int(11) | | | 0 | |
| sex | char(1) | | | | |
| price | decimal(4,2) | | | 0.00 | |
+-------+--------------+----+-----+---------+----------------+
4 rows in set (0.00 sec)

Source : http://www.php-mysql-tutorial.com/

Create New MySQL Database

2008-03-22T00:23:00.001-07:00

You need to use mysqladmin to create MySQL database. The command is simple just write mysqladmin in a dos window followed by the database name you want to create
C:\>mysqladmin create petstore

C:\>mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3 to server version: 4.0.18-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> SHOW databases;
+----------+
| Database |
+----------+
| mysql |
| petstore |
| test |
+----------+
2 rows in set (0.00 sec)

mysql>

You can also type the query in mysql> prompt like this

mysql> CREATE database petstore;
Query OK, 1 row affected (0.00 sec)

To show available databases in mysql use the command show databases on mysql> prompt. Now use the database by typing USE petstore and then type SHOW tables to see what tables are available in the database

mysql> USE petstore;
Database changed
mysql> SHOW tables;
Empty set (0.00 sec)

Next I will show you how to create table in mysql database

Add New MySQL User

2008-03-22T00:14:00.000-07:00

For adding a new user to MySQL you just need to add a new entry to user table in database mysql. Below is an example of adding new user phpcake with SELECT, INSERT and UPDATE privileges with the password mypass the SQL query is :
mysql> use mysql;
Database changed

mysql> INSERT INTO user (host, user, password, select_priv, insert_priv, update_priv) VALUES ('localhost', 'phpcake', PASSWORD('mypass'), 'Y', 'Y', 'Y');
Query OK, 1 row affected (0.20 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 1 row affected (0.01 sec)

mysql> SELECT host, user, password FROM user WHERE user = 'phpcake';
+-----------+---------+------------------+
| host | user | password |
+-----------+---------+------------------+
| localhost | phpcake | 6f8c114b58f2ce9e |
+-----------+---------+------------------+
1 row in set (0.00 sec)

When adding a new user remember to encrypt the new password using PASSWORD() function provided by MySQL. As you can see in the above example the password mypass is encrypted to 6f8c114b58f2ce9e.

Notice the the FLUSH PRIVILEGES statement. This tells the server to reload the grant tables. If you don't use it then you won't be able to connect to mysql using the new user account (at least until the server is reloaded).

You can also specify other privileges to a new user by setting the values of these columns in user table to 'Y' when executing the INSERT query :
Select_priv
Insert_priv
Update_priv
Delete_priv
Create_priv
Drop_priv
Reload_priv
Shutdown_priv
Process_priv
File_priv
Grant_priv
References_priv
Index_priv
Alter_priv

Starting MySQL

2008-03-22T00:11:00.000-07:00

Before starting the MySQL client make sure the server is turned on. If you run Windows 9x start the mysqld.exe or if you run Windows 2000/XP run the mysqld-nt.exe

The --console option tells mysqld-nt not to remove the console window. if you are running Windows NT/2000/XP it's better to install MySQL as a service. That way mysql server will be automatically started when you start Windows.

Use mysqld-nt --install to install mysqld as a service and mysqld-nt --remove to remove mysqld from the service list

Once the server is on, open another DOS window and type mysql, you should see something like this
C:\>mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3 to server version: 4.0.18-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Or if you need to specify a user name and password you can start mysql like this :
C:\>mysql -h localhost -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 4.0.18-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

You can also specify the database you want to use. If you already have a database named petstore you can start mysql as
C:\>mysql petstore
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5 to server version: 4.0.18-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Once you're done you can end mysql client by typing quit or exit at the mysql> prompt
mysql> exit
Bye

C:\>

Note : If you get this kind of error message when trying to run mysql from the DOS window
C:\>mysql
'mysql' is not recognized as an internal or external command,
operable program or batch file.

that means you haven't set the path to mysql bin directory. To solve the problem you can add the following line to your autoexec.bat file :

path=%path%;c:\mysql\bin

assuming that you install MySQL in c:\mysql. Or if you're using Windows XP you can go to :

Start->Settings->Control Panel->System->Advanced->Environment Variables

Chose Edit on the System Variables section and add c:\mysql\bin to the path environment variable.

Installing PHP

2008-03-22T00:08:00.001-07:00

First, extract the PHP package ( php-4.3.10-Win32.zip ). I extracted the package in the directory where Apache was installed ( C:\Program Files\Apache Group\Apache2 ). Change the new created directory name to php ( just to make it shorter ). Then copy the file php.ini-dist in PHP directory to you windows directory ( C:\Windows or C:\Winnt depends on where you installed Windows ) and rename the file to php.ini. This is the PHP configuration file and we'll take a look what's in it later on.

Next, move the php4ts.dll file from the newly created php directory into the sapi subdirectory. Quoting from php installation file you can also place php4ts.dll in other places such as :
In the directory where apache.exe is start from ( C:\Program Files\Apache Group\Apache2 \bin)
In your %SYSTEMROOT%\System32, %SYSTEMROOT%\system and %SYSTEMROOT% directory.
Note: %SYSTEMROOT%\System32 only applies to Windows NT/2000/XP)
In your whole %PATH%

Modifying File ( php.ini )

2008-03-22T00:06:00.000-07:00

PHP stores all kinds of configuration in a file called php.ini.You can find this file in the directory where you installed PHP. Sometimes you will need to modify this file for example to use a PHP extension. I won't explain each and every configuration available just the ones that often need modification or special attention.

Some of the configurations are :
register_globals
error_reporting and display_errors
extension and extension_path
session.save_path
max_execution_time
register_globals

Before PHP 4.2.0 the default value for this configuration is On and after 4.2.0 the default value is Off. The reason for this change is because it is so easy to write insecure code with this value on. So make sure that this value is Off in php.ini.
error_reporting and display_errors

Set the value to error_reporting = E_ALL during development but after production set the value to error_reporting = E_NONE .

The reason to use E_ALL during development is so you can catch most of the nasty bugs in your code. PHP will complain just about any errors you make and spit out all kinds of warning ( for example if you're trying to use an uninitialized variable ).

However, after production you should change the value to E_NONE so PHP will keep quiet even if there's an error in your code. This way the user won't have to see all kinds of PHP error message when running the script.

One important thing to note is that you will also need to set the value of display_erros to On. Even if you set error_reporting = E_ALL you will not get any error message ( no matter how buggy our script is ) unless display_errors is set to On.
extension and extension_path

PHP4 comes with about 51 extensions such as GD library ( for graphics creation and manipulation ), CURL, PostgreSQL support etc. These extensions are not turned on automatically. If you need to use the extension, first you need to specify the location of the extensions and then uncomment the extension you want.

The value of extension_path must be set to the directory where the extension is installed which is PHP_INSTALL_DIR/extensions, with PHP_INSTALL_DIR is the directory where you install PHP. For example I installed PHP in C:\Program Files\Apache Group\Apache2\php so the extensions path is :

extension_path = C:/Program Files/Apache Group/Apache2/php/extensions/

Don't forget to add that last slash or it won't work

After specifying the extension_path you will need to uncomment the extension you want to use. In php.ini a comment is started using a semicolon (;). As an example if you want to use GD library then you must remove the semicolon at the beginning of ;extension=php_gd2.dll to extension=php_gd2.dll
session.save_path

This configuration tells PHP where to save the session data. You will need to set this value to an existing directory or you will not be able to use session. In Windows you can set this value as session.save_path = c:/windows/temp/
max_execution_time

The default value for max_execution_time is 30 ( seconds ). But for some scripts 30 seconds is just not enough to complete it's task. For example a database backup script may need more time to save a huge database.

If you think your script will need extra time to finish the job you can set this to a higher value. For example to set the maximun script execution time to 15 minutes ( 900 seconds ) you can modify the configuration as max_execution_time = 900

PHP have a convenient function to modify PHP configuration in runtime, ini_set(). Setting PHP configuration using this function will not make the effect permanent. It last only until the script ends.

Source : http://www.php-mysql-tutorial.com/

Installing MySQL

2008-03-22T00:01:00.000-07:00

First extract the package ( mysql-4.0.18-win.zip ) to a temporary directory, then run setup.exe. Keep clicking the next button to complete the installation. By default MySQL will be installed in C:\mysql.

Open a DOS window and go to C:\mysql\bin and then run mysqld-nt --console , you should see some messages like these :

C:\mysql\bin>mysqld-nt --console
InnoDB: The first specified data file .\ibdata1 did not exist:
InnoDB: a new database to be created!
040807 10:54:09 InnoDB: Setting file .\ibdata1 size to 10 MB
InnoDB: Database physically writes the file full: wait...
040807 10:54:11 InnoDB: Log file .\ib_logfile0 did not exist: new to be created

InnoDB: Setting log file .\ib_logfile0 size to 5 MB
InnoDB: Database physically writes the file full: wait...
040807 10:54:12 InnoDB: Log file .\ib_logfile1 did not exist: new to be created

InnoDB: Setting log file .\ib_logfile1 size to 5 MB
InnoDB: Database physically writes the file full: wait...
InnoDB: Doublewrite buffer not found: creating new
InnoDB: Doublewrite buffer created
InnoDB: Creating foreign key constraint system tables
InnoDB: Foreign key constraint system tables created
040807 10:54:31 InnoDB: Started
mysqld-nt: ready for connections.
Version: '4.0.18-nt' socket: '' port: 3306

Now open another DOS window and type C:\mysql\bin\mysql

if your installation is successful you will see the MySQL client running :

C:\mysql\bin>mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.0.18-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Type exit on the mysql> prompt to quit the MySQL client.

Now let's install MySQL as a Service. The process is simple just type mysqld-nt --install to install the service and net start mysql to run the service. But make sure to shutdown the server first using mysqladmin -u root shutdown

C:\mysql\bin>mysqladmin -u root shutdown

C:\mysql\bin>mysqld-nt --install
Service successfully installed.

C:\mysql\bin>net start mysql

The MySQL service was started successfully.

C:\mysql\bin>mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.0.18-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Source : http://www.php-mysql-tutorial.com/

Installing Apache

2008-03-21T21:38:00.000-07:00

The first step is to download the packages :
Apache : www.apache.org
PHP : www.php.net
MySQL : www.mysql.com

Installing apache is easy if you download the Microsoft Installer ( .msi ) package. Just double click on the icon to run the installation wizard. Click next until you see the Server Information window. You can enter localhost for both the Network Domain and Server Name. As for the administrator's email address you can enter anything you want.

I'm using Windows XP and installed Apache as Service so everytime I start Windows Apache is automatically started.

Click the Next button and choose Typical installation. Click Next one more time and choose where you want to install Apache ( I installed it in the default location C:\Program Files\Apache Group ). Click the Next button and then the Install button to complete the installation process.

To see if you Apache installation was successful open up you browser and type http://localhost in the address bar. You should see something like this :

By default Apache's document root is set to htdocs directory. The document root is where you must put all your PHP or HTML files so it will be process by Apache ( and can be seen through a web browser ). Of course you can change it to point to any directory you want. The configuration file for Apache is stored in C:\Program Files\Apache Group\Apache2\conf\httpd.conf ( assuming you installed Apache in C:\Program Files\Apache Group ) . It's just a plain text file so you can use Notepad to edit it.

For example, if you want to put all your PHP or HTML files in C:\www just find this line in the httpd.conf :

DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"

and change it to :

DocumentRoot "C:/www"

After making changes to the configuration file you have to restart Apache ( Start > Programs > Apache HTTP Server 2.0.50 > Control Apache Server > Restart ) to see the effect.

Another configuration you may want to change is the directory index. This is the file that Apache will show when you request a directory. As an example if you type http://www.php-mysql-tutorial.com/ without specifying any file the index.php file will be automatically shown.

Suppose you want apache to use index.html, index.php or main.php as the directory index you can modify the DirectoryIndex value like this :

DirectoryIndex index.html index.php main.php

Now whenever you request a directory such as http://localhost/ Apache will try to find the index.html file or if it's not found Apache will use index.php. In case index.php is also not found then main.php will be used.

Modifying Apache Configuration

Apache doesn't know that you just install PHP. We need to tell Apache about PHP and where to find it. Open the Apache configuration file in C:\Program Files\Apache Group\Apache2\conf\httpd.conf and add the following three lines :

LoadModule php4_module php/sapi/php4apache2.dll
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

The first line tells Apache where to load the dll required to execute PHP and the second line means that every file that ends with .php should be processed as a PHP file. You can actually change it to anything you want like .html or even .asp! The third line is added so that you can view your php file source code in the browser window. You will see what this mean when you browse this tutorial and click the link to the example's source code like this one.

Now restart Apache for the changes to take effect ( Start > Programs > Apache HTTP Server 2.0.50 > Control Apache Server > Restart ) . To check if everything is okay create a new file, name it as test.php and put it in document root directory ( C:\Program Files\Apache Group\Apache2\htdocs ). The content of this file is shown below.

phpinfo();
?>

phpinfo() is the infamous PHP function which will spit out all kinds of stuff about PHP and your server configuration. Type http://localhost/test.php on your browser's address bar and if everything works well you should see something like this :

Membuat Dynamic Title dengan PHP

2008-03-21T10:35:00.000-07:00

SEO, atau lengkapnya Search Engine Optimization, yaitu sebuah cara yang mempermudah
sebuah website dikenali dan direcord dalam database search engine. Bagi anda seorang web
master banyak hal yang tentunya telah anda lakukan guna mempromosikan website anda
dengan mengikuti syarat-syarat SEO tersebut. Seperti penggunaan CSS, submit web ke
penyedia jasa search engine, membuat url yang friendly dengan mod_rewrite, membuat
dynamic title, dan segudang syarat lainnya.
Sesuai dengan judul yang telah saya berikan, kali ini saya akan menjelaskan secara sederhana
bagaimana membuat Dynamic Title.
Sederhananya untuk membuat Dynamic Title yaitu dengan memanfaatkan tag title pada html,
kemudian variable global $_REQUEST[], dan tentunya database MySQLnya.
Yup, langsung saja, yang akan kita lakukan adalah membuat databasenya terlebih dahulu :
//database.sql
create database cms_db;
use cms_db;
create table tablenyah(id int(5) auto_increment primary key,
judul_artikel varchar(100), penulis_artikel varchar(50), isi_artikel text);
insert into tablenyah values("","Membuat Dynamic Title dengan PHP","Loka Dwiartara",
"Pada suatu hari ada seorang penulis ...");
insert into tablenyah values("","Ryuzaki nggak ganteng","Al-k",
"Ryuzaki pada dasarnya emang nggak ganteng huehuehuheuhe .... ");

Berikut ini adalah source code lengkap-nya :
File konfigurasi, koneksi antara mysql dan php.
// config.php
$host = "localhost";
$username = "root";
$password = "";
$databasename = "cms_db";
$connect = mysql_connect($host, $username, $password) or die("Gagal Koneksi !!!");
$database = mysql_select_db($databasename, $connect);
?>
Dan script inti index.php
// index.php

 <?php // Dynamic Title // by : Loka Dwiartara a.k.a Al-k // http://www.ilmuwebsite.com include "config.php"; $id = $_REQUEST['id']; $query1 = "select judul_artikel from tablenyah where id='$id' "; $runquery1 = mysql_query($query1); $judul = mysql_fetch_array($runquery1); if($_REQUEST['mode'] == "tutorial_php") { print "Tutorial PHP"; if (!ISSET($_REQUEST['id'])) { print " | ilmuwebsite.com "; } else { print " | ". $judul['judul_artikel']; } } Komunitas eLearning IlmuKomputer.Com Copyright © 2003-2007 IlmuKomputer.Com 2 else { print "Ilmuwebsite.com"; } ?> 

$query2 = "select id, judul_artikel, penulis_artikel, isi_artikel from tablenyah";
$runquery2 = mysql_query($query2);
$query3 = "select judul_artikel, penulis_artikel, isi_artikel from tablenyah where id='$id'";
$runquery3 = mysql_query($query3);
if (ISSET($_REQUEST['mode']))
{
if (!ISSET($_REQUEST['id']))
{
while ($result = mysql_fetch_array($runquery2))
{
print "
$result[judul_artikel]
";
}
print "
Kembali";
}
else
{
$content = mysql_fetch_array($runquery3);
$judul = $content['judul_artikel'];
$penulis = $content['penulis_artikel'];
$isi = $content['isi_artikel'];
print "$judul
";
print "Penulis : $penulis

";
print "$isi";
print "

Kembali";
}
}
Komunitas eLearning IlmuKomputer.Com
Copyright © 2003-2007 IlmuKomputer.Com
3
else
{
print "Tutorial PHP
";
}
?>

Ya, saya akan sedikit membahas source tersebut.
Pada file config.php diatas ...
$connect = mysql_connect($host, $username, $password) or die("Gagal Koneksi !!!");
$database = mysql_select_db($databasename, $connect);
Variable $connect berfungsi mengkoneksikan Server PHP dengan database MySQL,
sedangkan variable $database melakukan seleksi database apa yang akan digunakan nantinya.
Pada index.php, saya hanya menjelaskan bagian intinya saja, yakni :
include "config.php";
$id = $_REQUEST['id'];
$query1 = "select judul_artikel from tablenyah where id='$id' ";
$runquery1 = mysql_query($query1);
$judul = mysql_fetch_array($runquery1);
if($_REQUEST['mode'] == "tutorial_php")
{
print "Tutorial PHP";
if (!ISSET($_REQUEST['id']))
{
print " | ilmuwebsite.com ";
}
else
{
print " | ". $judul['judul_artikel'];
}
}
else
{
print "Ilmuwebsite.com";
}
?>
Logikanya kira-kira seperti ini, ketika user masuk pada halaman index.php kemudian
melakukan klik pada link, dalam hal ini misalnya Tutorial PHP yang kemudian menghasilkan

4
variable global $_REQUEST['mode']-nya berisi "tutorial_php" maka yang terjadi adalah tag
title akan berisi Tutorial PHP, diambil dari ekspresi :
...
if($_REQUEST['mode'] == "tutorial_php")
{
print "Tutorial PHP";
...
Dan dan tag title pun akan berubah pada kondisi ketika user melakukan klik pada salah satu sub
link dengan memanfaatkan variable global $_REQUEST['id'].
Sederhananya seperti itu.
Selamat Mencoba.

5
Biografi Penulis
Loka Dwiartara. Mahasiswa semester 5 yang sedang berusaha untuk menamatkan kuliahnya di
Sekolah Tinggi Teknologi Telematika. Mencoba mengembangkan ilmuwebsite.com, juga
mendalami pemrogaman web dengan PHP, dan MySQL, jaringan komputer berbasis Linux dan
juga sedang memulai hobinya untuk membuat game 2D pertamanya dengan bahasa c++ dalam
environment SDL ( Simple Direct Medialayer ). Tergabung dalam Game Developer yang masih
menjadi kecambah, Weckerz:Indonesian Game Developer. Tergolong masih hijau dalam
pembuatan artikel lepas :D. Maka dari itu, mohon kritiknya. Terima kasih.

Copyright © 2003-2007 IlmuKomputer.Com

PHP and XML: Parsing RSS 1.0

2008-03-21T08:48:00.000-07:00

A Brief Tour Of RSS 1.0

RSS (previously stood for Rich Site Summary developed by Netscape, but now refers to RDF Site Summary, an updated and XML-compliant version of the Netscape technology) is an XML document format intended to describe, summarize, and distribute the contents of a Web site as a 'channel'. Sites such as MoreOver.com and O'Reilly's Meerkat process RSS feeds provided by news and other content sites and provide combined headline newsfeed services. RSS is currently developed by the RSS-DEV Working Group.

As with most XML document formats, the meaning of the document can be gleaned fairly easily simply by looking over a sample document. SitePoint.com provides summaries of its front-page articles in RSS format at http://www.sitepoint.com/rss.php. If you are using Internet Explorer 5 or later, you can view the current version of this XML document directly in your browser. For everyone else, here is the current SitePoint.com RSS file at the time of this writing:

xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns="http://purl.org/rss/1.0/">

SitePoint.com
Master the Web!
http://www.sitepoint.com/

Escape Search Engine Caching
Did you know that many search engines cache your pages?
While this practice can speed up a search, users might not see your
most recent site updates! Ralph shows how you can stop search engines
caching your pages.
http://www.PromotionBase.com/article/551

Add JavaScript to Fireworks
Does your design need more pizazz? Add interactivity to
your site without learning JavaScript! Matt explains the creation of
JavaScript effects in Fireworks, and explores in detail the use of
this program's tools.
http://www.WebmasterBase.com/article/541

eMail Campaigns in 8 Steps - Part 2
Ok, so you've reeled in your prospects and they're on
your mailing list. Now what? How do you communicate effectively, and
turn them into customers? Jason reveals all...
http://www.eCommerceBase.com/article/552

The Need for a Written Website Contract
A written agreement is essential if you pay others to
design, build or maintain your Websites. Ivan explains the necessity
of contracts to those who work on the Web.
http://www.eCommerceBase.com/article/505

Search Engine Strategies 2001 - Conference Report
Sinewave Interactive's Gavin Appel talks to Matt about
this year's Search Engine Strategies conference. He outlines the
discussions and predictions of industry leaders.
http://www.PromotionBase.com/article/556

Better eCommerce Questionnaire
Overhaul your ecommerce strategy now! Face up to the
tough questions with Lee, as he guides you through a simple process
to optimize your ecommerce strategy.
http://www.eCommerceBase.com/article/508

As you can see, the file begins with a tag that contains the title, description, and URL of the site that the RSS file describes as well as a list of the that the channel currently contains. This tag is then followed by an tag for each of the articles that appear of the front page of SitePoint.com. For each, the title, description, and URL are provided. It should be noted that this is a bare-bones RSS file -- many sites make use of standard extensions to the RSS format to include things like author names, images, and publication dates for the items in their channel, but for the purposes of this article this basic RSS file will do.

Now, since most Web browsers can't read XML pages and the browsers that can only display the code of the page (Internet Explorer 5+) or the textual portions of the page (Netscape 6+) by default, you need some intermediate technology to convert this RSS document into something presentable if you want to display it to users. Other possibilities include reading the file and storing the headlines into a database, or emailing subscribed users if particular keywords appear in the descriptions of new articles. In any case, you're going to need something that can read XML. Of the many options available in this arena, this article will examine the use of PHP to parse an XML document.

Generate PDFs with PHP

2008-03-21T08:35:00.000-07:00

In order to use PHP's PDF manipulation capabilities, you need to have the PDFLib library installed on your system. If you're working on Linux, you can download a copy from http://www.pdflib.com/pdflib/index.html and compile it for your box. If you're running Windows, your job is even simpler - a pre-built PDF library is bundled with your distribution, and all you need to do is activate it by uncommenting the appropriate lines in your PHP configuration file.

Additionally, you'll need a copy of the (free!) Adobe Acrobat PDF reader, so that you can view the documents created via the PDFLib library. You can download a copy of this reader from http://www.adobe.com/

Once you've got everything in place, it's time to create a simple PDF file. Here goes:

// create handle for new PDF document
$pdf = pdf_new();

// open a file
pdf_open_file($pdf, "philosophy.pdf");

// start a new page (A4)
pdf_begin_page($pdf, 595, 842);

// get and use a font object
$arial = pdf_findfont($pdf, "Arial", "host", 1); pdf_setfont($pdf, $arial, 10);

// print text
pdf_show_xy($pdf, "There are more things in heaven and earth, Horatio,", 50, 750); pdf_show_xy($pdf, "than are dreamt of in your philosophy", 50, 730);

// end page
pdf_end_page($pdf);

// close and save file
pdf_close($pdf);
?>

Save this file, and then browse to it through your Web browser. PHP will execute the script, and a new PDF file will be created and stored in the location specified at the top of the script. Here's what you'll see when you open the file:

1225_1 (click to view image)
Anatomy Lesson

Let's take a closer look at the code used in the example above.

Creating a PDF file in PHP involves four basic steps: creating a handle for the document; registering fonts and colours for the document; writing or drawing to the handle with various pre-defined functions; and saving the final document.

Let's take the first step - creating a handle for the PDF document.

// create handle for new PDF document
$pdf = pdf_new();

This is accomplished via the pdf_new() function, which returns a handle to the document. This handle is then used in all subsequent operations involving the PDF document.

Next up, you need to give the PDF file a name - this is accomplished via the pdf_open_file() function, which requires the handle returned in the previous operation, together with a user-defined file name.

// open a file
pdf_open_file($pdf, "philosophy.pdf");

Once a document has been created, you can insert new pages in it with the
pdf_begin_page() function,

// start a new page (A4)
pdf_begin_page($pdf, 595, 842);

and end pages with the - you guessed it! - pdf_end_page() function.

// end page
pdf_end_page($pdf);

Note that the pdf_begin_page() function requires two additional parameters, which represent the width and height of the page to be created in points (a point is 1/72 of an inch). In case math isn't your strong suit, the PHP manual provides width and height measurements for most standard page sizes, including A4, the one used in the example above.

In between the calls to pdf_begin_page() and pdf_end_page() comes the code that actually writes something to the PDF document, be it text, images or geometric shapes. In this case, all I'm doing is writing a line of text to the document - so all I need to do is pick a font, and then use that font to write the text string I need to the document.

Selecting and registering a font is accomplished via the pdf_findfont() and pdf_setfont() functions. The pdf_findfont() function prepares a font for use within the document, and requires the name of the font, the encoding to be used, and a Boolean value indicating whether or not the font should be embedded in the PDF file; it returns a font object, which may be used via a call to pdf_setfont().

$arial = pdf_findfont($pdf, "Arial", "host", 1); pdf_setfont($pdf, $arial, 10);

Once the font has been set, the pdf_show_xy() function can be used to write a text string to a particular position on the page.

// print text
pdf_show_xy($pdf, "There are more things in heaven and earth, Horatio,", 50, 750); pdf_show_xy($pdf, "than are dreamt of in your philosophy", 50, 730);

As you can see, this function requires a handle to the PDF document, a reference to the font object to be used, the text string to be written (obviously!), and the X and Y coordinates of the position at which to begin writing the text. These coordinates are specified with respect to the origin (0,0), which is located at the bottom left corner of the document.

Once the text has been written, the page is closed via a call to pdf_end_page(). You can then add one or more extra pages, or - as I've done here - simply close the document via pdf_close(). This will save the document contents to the file specified in the initial call to pdf_open_file(), and destroy the document handle created.

Using Regular Expressions in PHP

2008-03-21T04:09:00.000-07:00

When I first started programming in PHP, I found regular expressions very difficult. They were complicated, looked ugly, were hard to figure out, and there seemed to be a real lack of documentation in this area. This article will provide you with an insight as to what they are, how they are useful, and how to apply them.
What are Regular Expressions?

Regular expressions started out as a feature of the Unix shell. They were designed to make it easier to find, replace and work with strings -- and since their invention, they've been in wide use in many different parts of Unix based Operating Systems. They were commonly used in Perl, and since then have been implemented into PHP.
What could I use them for?

There are a few common uses for regular expressions. Perhaps the most useful is form validation. For example, you could use regular expressions to check that an email address entered into a form uses the correct syntax. We'll consider this specific example later on in this article.

You could also use them to complete complex search and replace operations within a given body of text that would not be possible with PHP's standard str_replace function. Yes, the possibilities are endless!
How do I use them?

Let's look at how we might use a regular expression to check the syntax of an email address entered into a form that's submitted to a PHP script.

There are two types of regular expression functions included in PHP:

# the ereg functions -- PHP's standard regular expression syntax
# the preg functions, which use a Perl-compatible regular expression syntax

For this article we'll use the eregi function. The eregi function is used to match a string to a particular regular expression. The 'i' in the function name means 'case insensitive' -- you can also use ereg if you want it to be case sensitive.

You can see the PHP Manual pages for the eregi function here.

Now, as you know, email address are always in a particular format:

username @ domain . extension

That makes them an ideal candidate to be tested with a regular expression. So let's take a look at an expression I wrote to check the validity of an email address. We'll look at each section of the expression individually, and then I'll include a syntax reference at the end of the article. But first, here's the expression itself:

eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9-]
+\.[a-zA-Z.]{2,5}$', $email)

If you're anything like I was when I first used regular expressions, that example probably looks very confusing! Let's split it into sections and make sense of each part individually:

^[a-zA-Z0-9._-]+@

This part of the expression validates the 'username' section of the email address. The hat sign (^) at the beginning of the expression represents the start of the string. If we didn't include this, then someone could key in anything they wanted before the email address and it would still validate.

Contained in the square brackets are the characters we want to allow in this part of the address. Here, we are allowing the letters a-z, A-Z, the numbers 0-9, and the symbols underscore (_), period (.), and dash (-). As you've probably noticed, I've included letters both in capitals and lower case. In this instance, this isn't strictly necessary, as we're using the eregi (case insensitive) function. But I've included them here for completeness, and to show you how the functions work. The order of the character pairs within the brackets doesn't matter.

The plus (+) sign after the square brackets indicates 'one or more of the contents of the previous brackets'. So, in this case, we require one or more of any of the characters in the square brackets to be included in the address in order for it to validate. Finally, there is the '@' sign, which means that we require the presence of one @ sign immediately following the username.

[a-zA-Z0-9._-]+\.

This part of the expression is very similar to the section we t looked at. It validates the domain name in the email address. As before, we have a series of characters in square brackets that we'll allow in this part of the address, followed by a plus (+) sign, requiring one or more of those characters.

At the end of this section, there is a backslash, then a period sign. This tells the expression that a period is required at this point in the expression (ie. between the domain and extension). However, the backslash is slightly more complicated. In a regular expression, a period actually means 'any character'. In order to make this expression take the period's literal value rather than use it as a wildcard for any character, we need to 'escape' it -- this is done by preceding the period with a backslash. You may have come across this before if you use databases such as MySQL, as escaping characters is very important there too.

[a-zA-Z]{2,4}$

This is the final part of the expression. At the beginning is another set of characters enclosed in square brackets. This time, I have simply allowed the letters a-z and A-Z, because numbers and other characters are not valid in domain extensions.

Introducing PHP 5's Standard Library

2008-03-21T03:25:00.000-07:00

Much of the buzz surrounding PHP5 has focused on its new object-oriented syntax and capabilities, and comparisons with Java. While all that was going on, the promisingly named "Standard PHP Library" (SPL) extension quietly made its way into the core PHP 5 distribution.

Although work is still in progress, the Standard PHP Library's current offering significantly increases the chances of getting PHP developers to agree on something (thereby increasing the chances of code re-use). It may also make your cunningly constructed class interface very easy for other people to use, as the SPL extension makes it possible to "overload" basic PHP syntax and make objects look like normal PHP arrays.

In this tutorial, I'll introduce the functionality available with the SPL extension and PHP5 with just enough examples to get you started. Be warned: PHP5's syntax will be used. If you need to catch up, try SitePoint's PHP5 review.

Today's iterations:

* Introducing the SPL: what's it all about?
* Looping the Loop: did someone say Iterator?
* Iterations foreach of us: the "wow" factor
* Admiring the Tree: a short tour of SPL classes and interfaces
* Objects as Arrays: easier for your web page designer
* The Big Deal: why you gotta like it

Don't for get to download all the code included in this article for your own use.
Introducing the SPL

The "Standard PHP Library" is a PHP extension developed by Marcus Boerger which (as the manual says) "is a collection of interfaces and classes that are meant to solve standard problems." As part of the core distribution of PHP5, it should be "always on".

If you've been around the block with PHP4, you'll know there are a few areas in which wheels are perpetually re-invented by almost every new PHP project. Standardizing some of the fundamentals is a good way to get PHP developers singing from the same sheet, and increases the chances of our being able to re-use code from Project X in Project Y.

Today the SPL extension addresses a single subset of problems: Iterators. What makes the SPL Iterator implementation interesting is not only that it defines a standard for everyone to use in PHP5, but also that it "overloads" certain parts of PHP syntax such as the foreach construct and basic array syntax, making it easier to work with objects of your classes.
Looping the Loop

So, what is an Iterator? In this context, Iterator refers to a software "design pattern", identified by the "Gang of Four" in their ground-breaking Design Patterns book.

The intent of an Iterator is to "provide an object which traverses some aggregate structure, abstracting away assumptions about the implementation of that structure."

As with all general definitions, the exact meaning of this statement may be none too clear at first glance.

By "aggregate structure" we're basically talking about anything you might "loop over" in PHP, such as the rows in a database result set, a list of files in a directory or each new line in a text file.

Using "normal" PHP, you might use the following to loop through a MySQL query:

// Fetch the "aggregate structure"
$result = mysql_query("SELECT * FROM users");

// Iterate over the structure
while ( $row = mysql_fetch_array($result) ) {
// do stuff with the row here
}

To read the contents of a directory, you might use:

// Fetch the "aggregate structure"
$dh = opendir('/home/harryf/files');

// Iterate over the structure
while ( $file = readdir($dh) ) {
// do stuff with the file here
}

And to read the contents of a file, you might use:

// Fetch the "aggregate structure"
$fh = fopen("/home/hfuecks/files/results.txt", "r");

// Iterate over the structure
while (!feof($fh)) {

$line = fgets($fh);
// do stuff with the line here

}

A glance at the above examples shows that they're very similar. Although each one works with a different type of resource, and uses PHP functions specific to that resource, the mantra is simple: "fetch resource; loop over contents".

If it was somehow possible to "abstract out" the specific PHP functions from the above examples and use some kind of generic interface instead, it might be possible to make the job of looping over the data look the same, irrespective of the type of resource that was being used. With no requirement to modify the loop for a different data source, it may be possible for the code in which the loop appears (perhaps a function that generated an HTML list) to be reused elsewhere.

That's where an Iterator comes in. The Iterator defines an abstract interface for use by your code. Specific implementations of the Iterator take care of each different type of structure with which you want to work, without the code that uses the Iterator having to care about the details.

That's the basic theory of Iterators. If you're interested to know more, you'll find starting points at the C2 Wiki and Wikipedia. More thoughts from me can be found at phpPatterns on the Iterator Pattern and in The PHP Anthology - Volume II, Applications.
Iterations foreach of Us

So what's so exciting about the SPL Iterators? Well, if you've written more than a line or two of PHP, you've probably run into the foreach construct, which is used to make easy work of looping through an array:

// A list of colors
$colors = array (
'red',
'green',
'blue',
);

foreach ( $colors as $color ) {
echo $color.'
';
}

Wouldn't it be nice if all loops where that easy, irrespective of whatever it was that you were looping over?

How about this?

// A magic class... (explained in a moment)
class DirectoryReader extends DirectoryIterator {

function __construct($path) {
parent::__construct($path);
}

function current() {
return parent::getFileName();
}

function valid() {
if ( parent::valid() ) {
if ( !parent::isFile() ) {
parent::next();
return $this->valid();
}
return TRUE;
}
return FALSE;
}

function rewind() {
parent::rewind();
}
}

// Create a directory reader for the current directory
$Reader = new DirectoryReader('./');

// Loop through the files in the directory ?!?
foreach ( $Reader as $Item ) {
echo $Item.'
';
}
?>

Filename: directoryreader.php

If you ignore the class itself for a moment and look at the last few lines, you'll see that I've used the DirectoryReader object right there in the foreach loop. I've pulled items from it without having to call any of its methods! So long as you obey certain rules (which I'll get to shortly), the SPL extension allows to iterate over your own classes (where appropriate) in just the same way.

In fact, with the above example, I've jumped in at the deep end! Let's take a few steps back so I can explain what really happened here.
Iteration with SPL

Now that your appetite is whet, you first need to be warned that the PHP manual currently lacks the capabilities needed to fully document the SPL extension. It's geared primarily to documenting native functions, and lacks a clear means to fully describe something like an in-built class; interfaces fail even to get a mention.

Instead, you'll need to look at the generated documentation Marcus maintains, and trawl the source under CVS. Be aware also that the SPL extension is a moving target that's being actively developed and expanded. The code in this tutorial was tested under PHP 5.0.1, but if you're reading at a significantly distant point in the future, you may find parts of this code outdated.

The SPL extension defines a hierarchy of classes and interfaces. Some of these will already be loaded in your PHP5 installation (see what get_declared_classes() turns up). They correspond the interface and class definitions defined here and here (the PHP files found here should disappear eventually, once Marcus has time to implement them in C). Some of classes found in the examples directory (with the .inc extension) also form part of the hierarchy, but are not loaded by default; if you wish to use them, you'll need to make sure copies for inclusion are located somewhere in your PHP include path. More examples of the classes' use can be found with the tests while independent examples can be found at http://www.wiki.cc/php/PHP5#Iterators.

Although the number of classes and interfaces in the hierarchy may be daunting at first, don't panic! Basic use of the iterators requires only a single interface. If you're new to the idea of interfaces, have a look at this discussion of interfaces on SitePoint.

I'll summarize the purpose of all the pre-loaded classes and interfaces later in this tutorial, for you to browse at your leisure. Once you start to grasp what's on offer, you'll realize that Marcus has done an amazing job of addressing the most common, loop-related problems that recur in PHP. Life will get easier...

Let's return to the DirectoryReader example. How was it that I was able to iterate over my DirectoryReader object using foreach? The magic comes from the class I extended from, DirectoryIterator, which implements an interface called Iterator that's defined by the SPL extension.

Any class I write that implements the Iterator interface can be used in a foreach loop (note that this article explains how this works from the point of view of PHP internals). The Iterator interface is defined as follows:

interface Iterator extends Traversable {

/**
* Rewind the Iterator to the first element.
* Similar to the reset() function for arrays in PHP
* @return void
*/
function rewind();

/**
* Return the current element.
* Similar to the current() function for arrays in PHP
* @return mixed current element from the collection
*/
function current();

/**
* Return the identifying key of the current element.
* Similar to the key() function for arrays in PHP
* @return mixed either an integer or a string
*/
function key();

/**
* Move forward to next element.
* Similar to the next() function for arrays in PHP
* @return void
*/
function next();

/**
* Check if there is a current element after calls to rewind() or next().
* Used to check if we've iterated to the end of the collection
* @return boolean FALSE if there's nothing more to iterate over
*/
function valid();

}

Note that the SPL extension registers the Traversable interface from which Iterator inherits with the Zend Engine to allow the use of foreach. The Traversable interface is not meant to be implemented directly in PHP, but by other built-in PHP classes (currently, the SimpleXML extension does this; the SQLite extension probably should do this but, right now, it talks directly to the Zend API).

To implement this interface, your class must provide all of the methods defined above.

To show you how this works, I'll start by re-inventing the wheel and implementing an Iterator for native PHP arrays. Obviously, this is a pointless exercise, but it helps us understand how it works without getting lost in specific details.

To begin, I define a class to manage the iteration:

/**
* An iterator for native PHP arrays, re-inventing the wheel
*
* Notice the "implements Iterator" - important!
*/
class ArrayReloaded implements Iterator {

/**
* A native PHP array to iterate over
*/
private $array = array();

/**
* A switch to keep track of the end of the array
*/
private $valid = FALSE;

/**
* Constructor
* @param array native PHP array to iterate over
*/
function __construct($array) {
$this->array = $array;
}

/**
* Return the array "pointer" to the first element
* PHP's reset() returns false if the array has no elements
*/
function rewind(){
$this->valid = (FALSE !== reset($this->array));
}

/**
* Return the current array element
*/
function current(){
return current($this->array);
}

/**
* Return the key of the current array element
*/
function key(){
return key($this->array);
}

/**
* Move forward by one
* PHP's next() returns false if there are no more elements
*/
function next(){
$this->valid = (FALSE !== next($this->array));
}

/**
* Is the current element valid?
*/
function valid(){
return $this->valid;
}
}

Filename: arrayreloaded.php

Notice the "implements Iterator" at the start. This says I'm agreeing to abide by the Iterator "contract" and will provide all the required methods. The class then provides implementations of each method, performing the necessary work using PHP's native array functions (the comments explain the detail).

There are a couple of points of the Iterator's design that are worth being aware of when you write your own. The current() and key() Iterator methods could be called multiple times within a single iteration of the loop, so you need to be careful that calling them doesn't modify the state of the Iterator. That's not a problem in this case, but when working with files, for example, the temptation may be to use fgets() inside the current() method, which would advance the file pointer.

Otherwise, remember the valid() method should indicate whether the current element is valid, not the next element. What this means is that, when looping over the Iterator, we'll actually advance one element beyond the end of the collection and only discover the fact when valid() is called. Typically, it will be the next() and rewind() methods that actually move the Iterator and take care of tracking whether the current element is valid or not.

I can now use this class as follows:

// Create iterator object
$colors = new ArrayReloaded(array ('red','green','blue',));

// Iterate away!
foreach ( $colors as $color ) {
echo $color."
";
}

It's very easy to use! Behind the scenes, the foreach construct calls the methods I defined, beginning with rewind(). Then, so long as valid() returns TRUE, it calls current() to populate the $color variable, and next() to move the Iterator forward one element.

As is typical with foreach, I can also populate another variable with the value returned from the key() method:

// Display the keys as well
foreach ( $colors as $key => $color ) {
echo "$key: $color
";
}

Of course, nothing requires me to use foreach. I could call the methods directly from my code, like so:

// Reset the iterator - foreach does this automatically
$colors->rewind();

// Loop while valid
while ( $colors->valid() ) {

echo $colors->key().": ".$colors->current()."
";
$colors->next();

}

This example should help you see what foreach actually does to your object.

Note that the crude benchmarks I've performed suggest that calling the methods directly is faster than using foreach, because the latter introduces another layer of redirection that must be resolved at runtime by PHP.

Whip Up a Yahoo! Mashup Using PHP

2008-03-21T03:06:00.000-07:00

Yahoo! Search
Want to build a search function for your web site, or add related links to your web application? One of the more
traditional APIs from Yahoo!, the Search API allows powerful querying of the Yahoo! web search database.
Christian Langreiter offers a comparison of Yahoo and Google search results [14] in one of his mashups.
Each API has different usage restrictions, so check the relevant guidelines before you begin to develop an
application. Some APIs have rate limiting -- for example, the Web Search API is restricted to 5000 queries per IP
address per 24 hour period. In addition, not all APIs can be used for commercial purposes. Yahoo! requires
developers to register their applications with the developer network to receive an application ID, and include this
application ID in each request they make to an API. While this data doesn't affect rate limiting, it allows Yahoo! to
monitor API usage and contact developers if needed. You can get an application ID [15] -- and you'll need one to
try out the sample code in this article.
Consuming the Yahoo! APIs
All the standard Yahoo! APIs are RESTful in nature [16]; data is accessed via standard HTTP requests, where
query parameters are passed to the API through the URL. What this means is that you can fetch data from the
API as easily as you would fetch the HTML source of any web page, and you can test requests using any browser
that will render [17]. Take this sample URL:
http://api.search.yahoo.com/WebSearchService/V1/webSearch?
appid=YahooDemo&query=SitePoint&results=2
XML
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
4 of 16 2/17/2008 10:16 PM
Try it out -- visit the URL in your browser [18] and take a look at the XML output. Since the output is XML,
however, we need to parse the response XML with PHP in order to make use of it. A number of classes and XML
parsing functions are readily available for PHP, but Yahoo! goes a step further: it provides an option to get all the
output data in serialized form. This means that you can quickly fetch the data, run it through the
unserialize [19] function and start working with the data immediately. To get PHP serialized output, just
append &output=php to the query string. Here's a simple script that searches the web for "SitePoint" using the
web search API, all in three effective lines of code:
$output = file_get_contents(
'http://api.search.yahoo.com/WebSearchService/V1/'.
'webSearch?appid=your-app-id-here'.
'&query=SitePoint'.
'&results=2'.
'&output=php'
);
$output = unserialize($output);
echo ''.print_r($output,TRUE).'';
?>
Examining this snippet, we see that we first fetch the data in PHP format using the file_get_contents
[20] function, then convert it to an associative [21] with unserialize, before outputting a dump of the array
with print_r. I should note here that to be able to use file_get_contents to open a URL requires the
allow_url_fopen setting to be enabled in php.ini. Check with your host if you're not sure if this setting
is in place. Let's take a look at the output. $output['ResultSet']['Result'] contains the data we're
looking for. Here's a snippet of the first search result:
[Title] => SitePoint : New Articles, Fresh Thinking for Web Developers
and Designers
[Summary] => Network of sites that provice information, tools, and
resources for internet-focused businesses and web developers, including
WebmasterBase.com, eCommerceBase.com, and PromotionBase.com.
[Url] => http://www.sitepoint.com/
Compare this with the first result for the term "SitePoint" on the official Yahoo! Search site and you'll see it's the
same.
All the data you would normally get through a Yahoo! search is available through the API! Forget messy screen
scraping -- Yahoo! makes it easy to get the search results directly. With another few lines of code, we can turn our
array into a full search results page. You can probably already see how to make a search engine with the Yahoo!
web search API here -- it's that simple! Building your own search engine from scratch would usually involve
buying a data centre and spending years spidering the web, but Yahoo! provides all the data free of charge (with
usage restrictions, of course). You may have heard of rollyo.com [22], a site that lets you create your search
engine. Well, Rollyo is built using the Yahoo! APIs. With just a few lines of PHP, we can query the Yahoo! web
search API, parse the API output, extract the data, format it and output it -- that's a lot of power to have available
at your fingertips.
array
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
5 of 16 2/17/2008 10:16 PM
Most of the Yahoo! APIs are just as easy to use as Web Search, and Yahoo! provides a guide to constructing REST
queries [23] if you need further information about fetching data from the APIs. Each API method has a
documentation page outlining the parameters available, return values, possible output formats (XML, PHP, etc.)
and potential errors. It should be noted that all parameters are URL encoded, so php code should become
php+code, or the API may return unexpected output. PHP's inbuilt urlencode [24] function is sufficient for
this task. As a general guide, each service has a base URL something like the following:
http://api.search.yahoo.com/WebSearchService/V1/webSearch
Each service requires certain parameters, one of which will be your application ID, and most services will have a
query parameter. In the previous example search, we use the parameters appid, query, results and
output. In this case, appid is the application ID, query is what we are searching for ("SitePoint") and
output is the format we want the API output in (php for serialized PHP form, optional). The results
parameter is optional, however I use it here to limit the output to two search results in order to reduce server
load. If you don't need the standard 10 results, limiting the output through the results parameter is highly
advisable. We append a question mark and the parameters to the URI, separating each parameter with an
ampersand (&) and using the standard option=value format, just like any other HTTP request.
So now that you've had a gentle introduction to the usage of Yahoo! APIs, how they behave and what they provide
access to, let's take things up a notch and look at how we can actually put these APIs to good use.
PHP 5 and the Yahoo! APIs
PHP 5 has a number of features that help us make effective use of the Yahoo! APIs. PHP 5's improved internal
[25] support enables developers to efficiently build applications, and we can take advantage of this by using
classes to rapidly develop libraries that make use of the Yahoo! APIs. The introduction of the
file_get_contents function allows easy querying of the APIs, and as I mentioned before, PHP has the
added advantage of receiving serialized output from most of the APIs with inbuilt parsing functions. Even though
the HTTP extension [26] is available in PHP 5, we won't need it for low-end API consumption. PHP 5 developers
can easily query the APIs, parse the output, deal with errors and make use of the data without too much trouble.
Quick and Easy Mashups
To demonstrate the power of the Yahoo! APIs, we're going to put together a very simple, practical application
using PHP 5 and various Yahoo! APIs. What we want to do is query the local search API for data from Yahoo!
Local, where users discuss and rate local attractions, businesses and so on. Then we'll place that data on a map,
showing geographically where those attractions are located.
YahooAPI Client Class in PHP 5
To make our lives easier, we're going to use a PHP class that helps us to query the Yahoo! APIs. The base class
needs to have the following functionality:
Set the web service to be used.
Add parameters to the request.
Execute the call to the remote API.
Fetch the output.
I've built a very simple, extensible class to do just this, called YahooAPI -- take a look in the code archive for
this article [27]. While I won't go into the details of the YahooAPI class, using it is very easy. In the previous
OOP
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
6 of 16 2/17/2008 10:16 PM
example we searched for "SitePoint" on the Web. The same task can be achieved very easily with the class:
$api = new YahooAPI();
$api->setAppID('your-app-id-here');
$api->setService('http://api.search.yahoo.com/WebSearch
Service/V1/'.
'webSearch');
$api->setParam('output','php');
$api->setParam('query','SitePoint');
$api->setParam('results','2');
$output = $api->doAPICall();
This is exactly the same as the previous search example, except that now we use the client class. In this case, using
the class is more verbose, but with more complex and repeated calls to the API, using the class can save time and
simplify maintenance.
Manipulating Data from API Calls
Now that we have everything we need to get to work, I'll show you how to easily manipulate data from the Yahoo!
APIs.
Let's use our new YahooAPI class to search for 'Pizza' in 'Palo Alto, CA' using the Local Search API. Take a look at
the documentation page [28] for the latest version of the local search API. This is the base URL for the service:
http://local.yahooapis.com/Local
SearchService/V3/localSearch
So we'll call the setService method of the YahooAPI class and give it the base URL. Looking through the
request parameters in the documentation, we'll need to submit the 'appid', 'query' and 'location'
parameters. After we set the required application ID, we then need to choose a location -- we'll use a city and state
for now -- and a query. Let's say we're searching for 'Pizza' in 'Palo Alto, CA'. In simple, procedural PHP code
using the YahooAPI class, the search would look something like this:
$api = new YahooAPI();
$api->setService('http://local.yahooapis.com/LocalSearch
Service/V3/'.
'localSearch');
$api->setAppID('your-app-id-here');
$api->setParam('output','php');
$api->setParam('query','pizza');
$api->setParam('location','Palo Alto, CA');
$output = $api->doAPICall();
The call to the API here is the same as fetching
http://local.yahooapis.com/LocalSearch
Service/V3/localSearch?appid=your-app-id-here&
query=pizza&location=Palo+Alto,+CA
through any method, so take a look at that URL in your web browser. Clearly the information we're looking for is
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
7 of 16 2/17/2008 10:16 PM
within each node, and all nodes are within one big node. The PHP
version that we're fetching has exactly the same structure as the XML, except that it's in an easily usable array.
After fetching all that data into the $output variable, all we have to do is iterate over the
$output['ResultSet']['Result'] elements and fetch the data we need. Try it out -- add the
following code after the previous example and run it on your web server:
foreach($output['ResultSet']['Result'] as $result) {
echo $result['Title'].'
';
}
You should receive something like the following output:
Patxi's Chicago Pizza
Papa Murphys Pizza Take & Bake
New York Pizza
Round Table Pizza Palo Alto
Domino's Pizza
California Pizza Kitchen
Pizza My Heart
Ramonas Pizza
Round Table Pizza Palo Alto
Spot A Pizza
LocalSearch Client Class in PHP 5
Now let's extend the YahooAPI class to query the Yahoo! Local Search API. We can easily create a class that
manages all this work for us. Instead of the previous procedural code, if we extend the YahooAPI class and
create some appropriately-named methods -- for example locationSearch($query, $location) --
we can further simplify the process of interacting with the APIs.
I've written an example class that generally covers everything we need for interacting with the Local Search API.
It has three main methods: locationSearch, positionSearch and extractResults. Here's the
code:
require_once('yahooapi.class.php');
class LocalSearch extends YahooAPI
{
The constructor method sets the basic properties we'll always need for each Local Search API request:
public function __construct()
{
$this->setParam('output','php');
$this->setService('http://local.yahooapis.com/'.
'LocalSearchService/V3/localSearch');
$this->setAppID('your-app-id-here');
}
The two search methods represent different ways of performing a search, depending on whether or not we have a
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
8 of 16 2/17/2008 10:16 PM
location name or exact GPS coordinates. They simply set the required parameters and call the doAPICall
method of the parent YahooAPI class:
public function locationSearch($query,$in_location)
{
$this->setParam('query',$query);
$this->setParam('location',$in_location);
return $this->doAPICall();
}
public function positionSearch($lat,$long)
{
$this->setParam('query','*');
$this->setParam('latitude',$lat);
$this->setParam('longitude',$long);
return $this->doAPICall();
}
The extractResults method saves us entering ['ResultSet']['Result'] all the time when we
want to output the results, because the data we need will always be within that part of the returned array:
public function extractResults()
{
$return = $this->getResults();
$return = $return['ResultSet']['Result'];
return $return;
}
}
?>
You'll find a copy of the code in the archive for the article [29]. Keep it handy because we'll be using it in our
example mashup. We'll also build a similar class for the Maps API later, as it has some slightly different
requirements.
Our example "pizza" search, executed using our new LocalSearch class, now looks like this:
require_once('localsearch.class.php');
$localSearch = new LocalSearch();
$localSearch->locationSearch('Pizza','Palo Alto, CA');
$output = $localSearch->extractResults();
That's much easier, don't you think?
Yahoo! Maps [30] API
Perform a quick web search and you could find the web sites for these pizza places, each of which would list the
restaurant's address. But why would you go to all that trouble when Yahoo! provides all this data in the returned
array -- as well as latitude and longitude information? Here's an example of the data returned:
AJAX
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
9 of 16 2/17/2008 10:16 PM
[Title] => Patxi's Chicago Pizza
[Address] => 441 Emerson St
[City] => Palo Alto
[State] => CA
[Phone] => (650) 473-9999
[Latitude] => 37.445265
[Longitude] => -122.163432
Now that we have the location information, we need to figure out how to plot it on a map. Yahoo! provides a map
image API [31], offering raw images of maps in PNG format, and (in theory) we could use GD to draw markers on
the map. However, since we're building a web application, we can instead use the Maps AJAX API [32] to
generate a [33]-friendly, interactive Yahoo! maps display. We can then add markers to the map in preset
positions, using the bundled functions. (Note that the Maps AJAX API isn't really an Ajax API! In fact, there isn't
any real Ajax at all -- that is, there are no XMLHttpRequest calls -- but due to the fact that the term Ajax has come
to represent any web page technology that uses [34] and doesn't need to reload the web page to update
itself, Ajax would be the best way to describe it.)
Unlike the other Yahoo! APIs, the Maps AJAX API isn't a REST-based web service. Instead, you have to include a
JavaScript file on your page, create an instance of the map in a container on the page (usually a

) and
manipulate it through JavaScript calls. Luckily, the HTML and JavaScript required are quite simple. Take a look
at the mapoutput.php example in the code archive [35]. This is all the JavaScript you'll need to generate the
map:
var ymap = new YMap(document.getElementById('mC'),YAHOO_MAP_REG);
var mPoint = new YGeoPoint(37.4041960114344,-122.008194923401);
ymap.drawZoomAndCenter(mPoint, 3);
var marker = new YMarker(mPoint);
marker.addLabel('A');
marker.addAutoExpand('

Some Text

');
ymap.addOverlay(marker);
The first line creates a new instance of the YMap class, and assigns it to the element on the page with an ID of
'mC'. The second argument represents the desired map type, in this case a regular map rather than satellite
imagery, YAHOO_MAP_SAT, or a hybrid of the two, YAHOO_MAP_HYB. The second line creates a
YGeoPoint object, a point on the map based on latitude and longitude coordinates, while the third line calls
the map object and tells it to centre itself on this new point and display the map, at a zoom level of 3.
The final three lines of JavaScript create a YMarker object, a visual map marker that expands to reveal some
extra content when it's moused over. Our challenge is to generate all this with PHP, and to make the job easy,
we're going to build a class that generates all the code for us.
Mashup Time!
Now that we've sorted out how to query the APIs and deal with the data, it's mashup time! As I mentioned before,
we'll create a simple application that finds places with the local search API and, using the latitude and longitude
coordinates from the returned search data, marks the exact locations of these places on a map from the maps API.
And of course we'll wrap all the functionality up in a simple PHP class. The AJAX map API uses JavaScript code,
so we'll use our PHP class to generate the required JavaScript based on the returned search data.
UI
JavaScript
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
10 of 16 2/17/2008 10:16 PM
First, we'll start by querying the Maps API. I'll use the client class for the local search API, which I demonstrated
earlier, to execute this sample query: 'Pizza' in 'Palo Alto, CA'. We need an instance of the LocalSearch class,
and we'll use its locationSearch method to execute the API query. The extractResults method will give us
the data that we want to work with. Now that we've built our client classes, all this can be achieved in three lines
of code:
$localSearch = new LocalSearch();
$localSearch->locationSearch('Pizza','Palo Alto, CA');
$apiOutput = $localSearch->extractResults();
Let's take a step back for a moment and call print_r($apiOutput) to see what we have. The array
$apiOutput now contains a number of sub- [36], each of which is a single search result and contains
(among other things) a 'Title', 'Latitude' and 'Longitude'. That's all we need for the moment, so let's quickly
extract this information and delete the rest:
foreach($apiOutput as $id => $result)
{
$points[$id] = array($result['Title'],
$result['Latitude'],
$result['Longitude']);
}
Here are some sample values from our newly defined $points array:
[0] => Array
(
[0] => Patxi's Chicago Pizza
[1] => 37.445265
[2] => -122.163432
)
[1] => Array
(
[0] => Papa Murphys Pizza Take & Bake
[1] => 37.433243
[2] => -122.129291
)
For each marker we want to put on our map, we need to know its position, and we need some summary text that
we can have appear when the user mouses over it. In this case, when visitors mouse over one of our markers, we'll
show them the name of the place.
Now that we have all our locality information, we come to the tricky bit -- generating the map HTML and
JavaScript. Basically, our map code consists of two distinct sections -- the HTML and [37] (for the
map container), and the HTML and JavaScript. The includes the container

for the
map and some JavaScript for the Maps AJAX API. For each marker we want to add to the map, we need a
JavaScript YGeoPoint object to define its position, and a YMarker object to be the marker itself. We then
customise the marker through the addLabel and addAutoExpand methods (many more are documented
here [38]) before placing it on the map using the map object's addOverlay method. We'll now create a PHP
arrays
CSS
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
11 of 16 2/17/2008 10:16 PM
class that takes care of generating all of this JavaScript code, and call it AjaxMap.
Here's a summary of the methods our class will have:
getHeadHTML for generating code
getMapScript for generating code
initMarker for generating code for each marker
We'll also add some helper methods for customising the map:
setMapType for choosing between maps, satellite images, and hybrids
setMapContainer for setting the ID of the map container

addMarker for adding markers to the map
Let's begin our AjaxMap class:
require_once('yahooapi.class.php');
class AjaxMap
{
private $mapContainer;
private $mapType;
private $markers = array();
public $showZoom;
public $showPan;
We begin by including the YahooAPI class, which we'll use to generate the Yahoo! API calls. Our class has three
private properties: $mapContainer will contain the ID of the HTML element acting as the map container,
$mapType will represent the type of map desired and must be one of YAHOO_MAP_REG, YAHOO_MAP_SAT
or YAHOO_MAP_HYB, and the final private property, $markers will contain an array of map location
markers. The API offers the ability to add zoom and pan controls, so we'll add the public properties $showZoom
and $showPan, which can be set to true when required.
So, first to the easy methods: getHeadHTML, the set functions and addMarker. All the getHeadHTML
method needs to do is return a \n";
}
The set functions are just as simple -- they act as wrapper methods for modifying private properties. Here's the
code:
public function setMapContainer($id)
{
$this->mapContainer = $id;
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
12 of 16 2/17/2008 10:16 PM
}
public function setMapType($type)
{
$this->mapType = $type;
}
The addMarker method will add a new map marker entry to the private $markers array and takes a latitude
value, a longitude value and description text as its arguments:
public function addMarker($lat,$long,$descr)
{
$this->markers[] = array($lat,$long,$descr);
}
initMarker is a private method called for each of the desired map markers and generates the JavaScript code
required for the marker:
private function initMarker($id,$lat,$long,$descr,$init_geo = TRUE)
{
$js = '';
if($init_geo) $js .= "\nvar mPoint$id = ".
"new YGeoPoint($lat,$long);\n";
$js .= "var currmarker = new YMarker(mPoint$id);\n";
$js .= "currmarker.addLabel('$id');\n";
$js .= "currmarker.addAutoExpand('

".
addslashes($descr)."

');\n";
$js .= "ymap.addOverlay(currmarker);\n\n";
return $js;
}
initMarker takes all the information about the marker -- latitude and longitude for position, a short
description and some notes, plus a unique 'id' parameter -- and generates the JavaScript we need in order to
draw the marker. The $init_geo parameter for initMarker indicates whether or not we need to create a
YGeoPoint object for the marker; this may already have been done.
All that's left to do is bring everything together within the main JavaScript block. The getMapScript method
will generate this JavaScript and assign it to the $js variable:
public function getMapScript()
{
$js = '';
First, we have to initialise a YMap object. This is our main map object which will handle the drawing and
customisation of the map. The first part is simple -- we output the code required to create a new YMap object:
$js .= 'var ymap = new YMap(document.getElementById(\''.
$this->mapContainer.'\'),'.$this->mapType.");\n";
In this instance, the properties $mapContainer and $mapType include the relevant information about the
map, so setMapType and setMapContainer should be called before getMapScript.
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
13 of 16 2/17/2008 10:16 PM
Next, we output the JavaScript to add the zoom and pan controls if $showZoom and $showPan are set to
true. To add a zoom control in JavaScript, we use the addZoomShort method of the YMap object, and
addPanControl for a pan control:
if($this->showZoom) $js .= "ymap.addZoomShort();\n";
if($this->showPan) $js .= "ymap.addPanControl();\n";
We may have a number of markers to display, but the map can only be centred on one of them. To keep it simple,
we'll remove the last marker from the main set of markers, centre the map on it and draw it on the map before
proceeding to draw the remaining markers. Obviously, none of this is needed if no markers are to be drawn on
the map, so we check that markers exist here too. Here's the code that outputs the JavaScript required for
centring the map on the last marker, and drawing that marker:
if(count($this->markers) > 0)
{
$lastmarker = array_pop($this->markers);
$js .= 'var mPoint'.count($this->markers).' = new YGeoPoint('.
$lastmarker[0].','.$lastmarker[1].");\n";
$js .= 'ymap.drawZoomAndCenter(mPoint'.count($this->markers).
", 3);\n";
$js .= $this->initMarker(count($this->markers), $lastmarker[0],
$lastmarker[1], $lastmarker[2],
FALSE);
First we check if there are more than 0 markers (that is, we see if any have been set), and if so, extract the last of
these markers and use that marker's data to write the JavaScript required to create a new YGeoPoint object.
We then output the JavaScript required to draw the map, centre it on our last marker and set the zoom level to 3.
In JavaScript, we do this via the drawZoomAndCenter method of the YMap object. We then call our
initMarker function to generate the rest of the JavaScript, and through its last parameter, tell it not to output
the JavaScript to create a YGeoPoint object, as we've already taken care of it.
Finally, we generate the code for each remaining marker by quickly iterating over the markers array, calling
initMarker for each one and returning the $js string variable:
foreach($this->markers as $id=>$obj)
{
$js .= $this->initMarker($id,$obj[0],$obj[1],$obj[2],TRUE);
}
}
return $js;
}
}
?>
That also represents the end of our AjaxMap class!
Now we just have to use our local search class and AjaxMap class in a proper application. I've put together a
quick demonstration. First we need to include our two classes:
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
14 of 16 2/17/2008 10:16 PM
require_once('localsearch.class.php');
require_once('ajaxmap.class.php');
Next, we use our local search class to search for "pizza". We collect the locations from our search results and store
them in an array called $points:
$localSearch = new LocalSearch();
$localSearch->locationSearch('Pizza','Palo Alto, CA');
$apiOutput = $localSearch->extractResults();
foreach($apiOutput as $id => $result)
{
$points[$id] = array($result['Title'],
$result['Latitude'],
$result['Longitude']);
}
unset($apiOutput);
We then create a new AjaxMaps object and add to it all our locations:
$ajaxMap = new AjaxMap();
$ajaxMap->setMapContainer('mC');
$ajaxMap->setMapType('YAHOO_MAP_REG');
$ajaxMap->showPan = true;
$ajaxMap->showZoom = true;
foreach($points as $point)
{
$ajaxMap->addMarker($point[1],$point[2],$point[0]);
}
?>
Now that all our location markers have been added to our AjaxMap object, the only task that's left to do is write
the page HTML and output the JavaScript:
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

getHeadHTML(); ?>

The entire script is available in the code archive. Set your application IDs, load it up on your web server, and with
any luck you should see something like this:
Congratulations! You've just built a mashup using the Yahoo! APIs. With a bit of tweaking, you could add search
functionality, allowing the user to look for more than just 'Pizza' in 'Palo Alto, CA'. You could even integrate the
functionality into an existing application (although be aware of the terms of use for both APIs). The possibilities
are endless.
Where to From Here?
As you can see, exploiting the Yahoo! APIs with PHP5 to create useful mashups is a piece of cake, and there are
many interesting applications that can be built with the data. Rasmus Lerdorf himself has written a similar article
[41], taking a more in depth look at the Yahoo! Geocoding API, and how to easily use it with PHP5. It's also worth
noting that while we've used the output=php parameter throughout this article, most of the APIs also offer
JSON output for use via Ajax. The Yahoo! Developer Network's PHP Developer Center [42] has an excellent
collection of tutorials, code samples and other resources for consuming the APIs with PHP5.
Also check out Yahoo's Application Gallery [43] for inspiration and to see some great web apps built with various
Yahoo! APIs, If you build an interesting application, submit it to the gallery for some excellent exposure and
useful feedback.
Update: The Zend PHP Framework also includes a collection of similar [44] interfaces for the
Yahoo! APIs, which in many cases may be preferable to developing your own classes. The interfaces lie within the
object-oriented
Whip Up a Yahoo! Mashup Using PHP http://www.sitepoint.com/print/yahoo-mashup-php
16 of 16 2/17/2008 10:16 PM
framework's Zend_Service package [45].
Back to SitePoint.com
[1] /glossary.php?q=P#term_1
[2] http://en.wikipedia.org/wiki/Web_services
[3] http://www.sitepoint.com/subcat/php-tutorials/
[4] http://developer.yahoo.com/
[5] http://developer.yahoo.com/search
[6] http://developer.yahoo.com/maps/
[7] http://developer.yahoo.com/answers/
[8] http://del.icio.us/help/api/
[9] http://developer.yahoo.com/flickr/
[10] http://upcoming.yahoo.com/services/api/
[11] http://www.flickr.com/services/
[12] http://labs.systemone.at/retrievr/
[13] http://runningmap.com/
[14] http://www.langreiter.com/exec/yahoo-vs-google.html
[15] http://search.yahooapis.com/webservices/register_application
[16] http://en.wikipedia.org/wiki/REST
[17] /glossary.php?q=X#term_3
[18]
http://api.search.yahoo.com/WebSearchService/V1/webSearch?appid=YahooDemo&query=SitePoint&results=2
[19] http://php.net/unserialize
[20] http://php.net/file_get_contents/
[21] /glossary.php?q=%23#term_72
[22] http://rollyo.com
[23] http://developer.yahoo.com/search/rest.html
[24] http://php.net/urlencode
[25] /glossary.php?q=O#term_10
[26] http://php.net/manual/en/ref.http.php
[27] http://www.sitepoint.com/examples/yahooapi/YahooAPIarchive.zip
[28] http://developer.yahoo.com/search/local/V3/localSearch.html
[29] http://www.sitepoint.com/examples/yahooapi/YahooAPIarchive.zip
[30] /glossary.php?q=A#term_73
[31] http://developer.yahoo.com/maps/rest/V1/mapImage.html
[32] http://developer.yahoo.com/maps/ajax/index.html
[33] /glossary.php?q=U#term_67
[34] /glossary.php?q=J#term_9
[35] http://www.sitepoint.com/examples/yahooapi/YahooAPIarchive.zip
[36] /glossary.php?q=%23#term_72
[37] /glossary.php?q=C#term_8
[38] http://developer.yahoo.com/maps/ajax/V3/reference.html#YMarker
[39] /glossary.php?q=W#term_49
[40] /glossary.php?q=X#term_63
[41] http://toys.lerdorf.com/archives/35-GeoCool!.html
[42] http://developer.yahoo.com/php/
[43] http://gallery.yahoo.com/
[44] /glossary.php?q=O#term_10
[45] http://framework.zend.com/manual/en/zend.service.yahoo.html

Web Site Optimization: 13 Simple Steps

2008-03-21T03:01:00.000-07:00

This tutorial takes a practical, example-based approach to implementing those rules.
It's targeted towards web developers with a small budget, who are most likely using
shared hosting, and working under the various restrictions that come with such a
setup. Shared hosts make it harder to play with [2] configuration -- sometimes
it's even impossible -- so we'll take a look at what you can do, given certain common
restrictions, and assuming your host runs [3] and Apache.
The tutorial is divided into four parts:
1. basic optimization rules
2. optimizing assets (images, scripts, and styles)
3. optimizations specific to scripts
4. optimizations specific to styles
Credits and Suggested Reading
The article is not going to explain Yahoo!'s performance rules in detail, so you'd do well
to read through them on your own for a better understanding of their importance, the
reasoning behind the rules, and how they came to be. Here's the list of rules in
question:
1. Make fewer HTTP requests
2. Use a Content Delivery Network
3. Add an Expires header
4. Gzip components
5. Put [4] at the top
6. Move scripts to the bottom
Web Site Optimization: 13 Simple Steps
Apache
PHP
CSS
Web Site Optimization: 13 Simple Steps http://www.sitepoint.com/print/web-site-optimization-steps
2 of 17 2/17/2008 11:56 PM
7. Avoid CSS expressions
8. Make [5] and CSS external
9. Reduce [6] lookups
10. Minify JavaScript
11. Avoid redirects
12. Remove duplicate scripts
13. Configure ETags
You can read about these rules on the Yahoo! Developer Network [7] site. You can also check out the book "High Performance
Web Sites" by Steve Souders [8], and the performance research articles on the YUI blog by Tenni Theurer [9].
Basic Optimization Rules
Decrease Download Sizes
Decreasing download sizes isn't even in Yahoo!'s list of rules -- probably because it's so obvious. However I don't think it hurts
to reiterate the point -- let's call it Rule #0.
When we look at a simple web page we see:
some HTML code
different page components (assets) referenced by the HTML
The assets are images, scripts, styles, and perhaps some external media such as [10] movies or [11] applets
(remember those?). So, when it comes to download sizes, you should aim to have all the assets as lightweight as possible --
advice which also extends to the page's HTML content. Creating lean HTML code often means using better (semantic)
markup, which also overlaps with the [12] (search engine optimization) efforts that are a necessary part of the site
creation process. As most professional web developers know, a key characteristic of good markup is that it only describes the
content, not the presentation of the page (no layout tables!). Any layout or presentational elements should be moved to CSS.
Here's an example of a good approach to HTML markup for a navigation menu:

This sort of markup should provide "hooks" to allow for the effective use of CSS and make the menu look however you want it
to -- whether that means adding fancy bullets, borders, or rollovers, or placing the menu items into a horizontal menu. The
markup is minimal, which means there are fewer bytes to download; it's semantic, meaning it describes the content (a
navigation menu is a list of links); and finally, being minimal, it also gives you an SEO advantage: it's generally agreed that
search engines prefer a higher content-to-markup ratio in the pages that they index.
Once you're sure your markup is lightweight and semantic, you should go through your assets and make sure they are also of
minimal size. For example, check whether it's possible to compress images more without losing too much quality, or to choose
a different file format that gives you better compression. Tools such as PNGOUT [13] and pngcrush [14] are a good place to
start.
JavaScript
DNS
Flash Java
SEO
Web Site Optimization: 13 Simple Steps http://www.sitepoint.com/print/web-site-optimization-steps
3 of 17 2/17/2008 11:56 PM
Make Fewer HTTP Requests
Making fewer HTTP requests turns out to be the most important optimization technique, with the biggest impact [15]. If your
time is limited, and you can only complete one optimization task, pick this one. HTTP requests are generally the most
"expensive" activity that the browser performs while displaying your page. Therefore, you should ensure that your page makes
as few requests as possible.
How you can go about that, while maintaining the richness of your pages?
Combine scripts and style sheets: Do you have a few
To prevent this type of attack, you need to be careful about displaying user-submitted content verbatim on a Web
page. The easiest way to protect against this is simply to escape the characters that make up HTML syntax (in
particular, < and >) to HTML character entities (< and >), so that the submitted data is treated as plain text
for display purposes. Just pass the data through PHP's htmlspecialchars function as you are producing the
output.
If your application requires that your users be able to submit HTML content and have it treated as such, you will
instead need to filter out potentially harmful tags like

Name *
Email
Website URL
Message *

User Id
Password

Username
Password