Skip to page content or skip to Accesskey List.
Search evolt.org
evolt.org login: or register

Work

Main Page Content

Web Database Applications with PHP & MySQL

Posted on June 16, 2002

in Reviews & Links

by brian donovan (briandonovan)

Rated 3.92 (Ratings: 2) (Add your rating)

Log in to add a comment
(5 comments so far)

Want more?

 
Picture of briandonovan

brian donovan

Member info | Full bio

User since: June 23, 2001

Last login: June 23, 2001

Articles written: 3

Web Database Applications with PHP & MySQL
Authors : Hugh E. Williams and David Lane
563 pages
Publisher : O'Reilly & Associates
ISBN : 0-596-00041-3

Relevance

PHP's speed of execution, gentle learning curve, and ease of development have contributed to its popularity, especially when teamed with MySQL, as a tool for building dynamic sites. Williams and Lane have written a thorough step-by-step guide to building web database applications with PHP and MySQL.

The Meat of the Book

Part I (Chpts 1-3) of Web Database Applications with PHP & MySQL (Web DB Apps) introduces the "Hugh and Dave's Online Wines" case study that's used to highlight the points made throughout the text and treats readers to the fundamentals of PHP, MySQL, and SQL - appropriate since the book assumes only some prior programming experience (not necessarily in PHP) and a general familiarity with HTML.

Chapters 4-9 (Part II) deal with the aspects of web application logic common to practically all data-driven sites : querying and writing to databases, maintaining state, and security. Chapter 4, "Querying Web Databases", includes a good explanation (Ex. 4-1) of the mechanics of connecting to and querying a MySQL db via PHP – numbered blocks of the example script correspond to sections in the accompanying text detailing what's happening at each point in the process (connect, query, retrieve results, process results, and close connection- unless you're using persistent db connections).

Chapter 5, "User-Driven Querying", explains how to pass data to PHP scripts using HTTP GET and POST. Although readers are initially shown parameters and parameter values being passed directly (as they are when register_globals is turned on in php.ini), the authors later explain why the same param:value pairs should instead be accessed through the global associative arrays $HTTP_GET_VARS and $HTTP_POST_VARS (the book was completed before the switch to $_GET and $_POST respectively with PHP 4.1.0) for security reasons. What the authors refer to as "combined scripts" (where the same script performs different functions depending on which, if any, variables in the GET or POST arrays, have been set, for example) are introduced and the reader is walked through the oft-used "next and previous links for query results" scenario.

In Chapter 6, "Writing to Web Databases", in addition to inserts, updates, and deletes, the authors explain one solution to the reload problem – i.e. where reloading a results page after some operation that alters the contents of the database has been performed (or even accessing a bookmarked url if HTTP GET was used to initiate the action) can potentially result in the operation being silently repeated or, if HTTP POST was used, the user being confronted with a big ugly "would you like to repost the data?" dialog. Locking (mostly how to make the best use of table-level locking) is also discussed in all of its glory. Chapter 7 deals with the validation of user input. The authors recommend and give an example implementation of dual server and client side validation (with JavaScript). Chapter 8 covers sessions (with and without cookies).

The chapter on security (Chapter 9, "Authentication and Security") mostly concerns user authentication. HTTP Authentication, managed HTTP Authentication (using PHP to validate encoded credentials from the HTTP Authorized header field), and handling your own authentication are considered, along with the security concerns inherent in stateful web apps - i.e., third party sites maliciously tricking browsers into coughing up cookies with login or session information for your site, session hijacking by feeding random session ids to the scripts until one corresponds to an existing session, etc. SSL is explained briefly.

The third and final section of Web DB Apps (Chpts 10-13) consists of a detailed examination of the guts of the wine store case study. Readers who find the commingling of application logic and html in the snippets of the wine store application discussed in the book distasteful will be gratified to know that, since publication, the authors have released a modified version of the "Hugh and Dave's Online Wines" code that uses the Xtemplate class (http://sourceforge.net/projects/xtpl/) to separate code from markup. Both versions are available in their entirety for download from the book website.

The five appendices, in turn, cover the installation and configuration of PHP, MySQL, and Apache on a Linux system, the architecture and workings of the Internet and Web, designing relational databases using entity-relationship modeling, how to define your own session handler prototypes and store session data in a database instead of files (the default), and provide an annotated list of PHP and MySQL resources (books, web sites, etc.).

The Good and the Bad

While it's clear that Web Database Applications with PHP & MySQL was written with the goal in mind of providing novice coders with a solid foundation for continued growth (or filling the niche of "handy reference" on the shelf of intermediate/advanced developers), the book manages to be comprehensive without patronizing the reader.

While I admit that I wouldn't have felt cheated if the authors had skipped the obligatory coverage of the history of the Internet, TCP/IP, and HTTP (Appendix B) in favor of, for instance, a discussion of web caching with an eye towards building cache-friendly apps, an important subject that all too often gets short shrift from authors of web dev books. Also, some readers may be disappointed to find that the chapter on security doesn't relate to battening down your site against script kiddies and exploits, but that's really the sort of information that you should be getting from sites like PHP Advisory and Securiteam anyway.

For seasoned developers, this could be the book that you wish you'd had when you started out building web database apps and data-driven sites. Keeping a copy around for reference, especially if you frequently jump back and forth between projects in different languages/environments, also might be helpful - for those occasions when you need of a quick refresher in PHP/MySQL dev. Moreover, if you find yourself in the position of having to mentor junior developers (or helping non-coder friends) tasked with building or maintaining PHP/MySQL-based sites or apps, then lending them your copy or recommending that they buy their own could save you quite a bit of time and frustration.

Table of Contents

  • Preface
  • Part I
    • Chapter 1. Database Applications and the Web
    • Chapter 2. PHP
    • Chapter 3. MySQL and SQL
  • Part II
    • Chapter 4. Querying Web Databases
    • Chapter 5. User-Driven Querying
    • Chapter 6. Writing to Web Databases
    • Chapter 7. Validation on the Server and Client
    • Chapter 8. Sessions
    • Chapter 9. Authentication and Security
  • Part III
    • Chapter 10. Winestore Customer Management
    • Chapter 11. The Winestore Shopping Cart
    • Chapter 12. Ordering and Shipping at the Winestore
    • Chapter 13. Related Topics
  • Appendix A. Installation Guide
  • Appendix B. Internet and Web Protocols
  • Appendix C. Modeling and Designing Relational Databases
  • Appendix D. Managing Sessions in the Database Tier
  • Appendix E. Resources
  • Index
5 comments on this article. Log in to add your comment |

ASP Vet, but PHP Newbie

Submitted by kenkogler on June 18, 2002 - 11:49.

OK, I'm a seasoned ASP guy. Been coding it for a few years now, and I'm very familiar with the language in and out. I've decided it's time to move on to PHP. Would you recommend this book? I don't need to read 6 pages describing the nature of ODBC and why connecting to a database is A Good Thing (tm) -- I just need a code snippet of "here's how you connect to a db in php" and a line-by-line walkthrough of the code.

So I guess the question is: is this book light on code and heavy on theory, or the other way around? From reading the review, it sounds like it's right down the middle...

login or register to post comments

Web Databases with PHP and MySQL

Submitted by wimill on June 18, 2002 - 15:19.

The book is definitely heavy on code, with a very strong focus on its included application, the Wine Store Database. The first 110 (of 550, incl. appendices) pages are quick references (half on SQL and mySQL, half on PHP), while the rest of the book builds up the code to the winestore app, followed by the appendices (80 pages). The only problems with the code are that it was made for a prior release of PHP (4.0.6), and it assumes a couple of PHP.ini settings that are no longer defaults and are recommended to be turned off. (register_globals, some session settings).
On one hand, this is good, because you have to get into the code and tweak it to make it work on a more recent install, but it also means that their apps don't work out of the box. On the whole though, to answer your question, the book is focused on the code for the 300 pages between the reference and the appendices, the meat of the book. Taken along with the annotated documentation on php.net, this book has served me as an excellent base for practical design.

login or register to post comments

Thanks

Submitted by kenkogler on June 19, 2002 - 08:58.

Thanks, wimill... looks like I need to set aside some more money for books... :)

login or register to post comments

Recommended reading

Submitted by aggie on June 20, 2002 - 15:39.

If you're beyond the basic language constructs and concepts, a decent book to look over is
"PHP Developers Cookbook" by Sterling Hughes (ISBN: 0672323257) - it's build around about 300 typical problems you encounter while doing web apps, with solutions, code snippets and some lines of discussion you can actually learn from once in a while.

Another good idea is, to use the samples in the function ref at php.net - they've got a good tip for quick reference lookups at http://www.php.net/tips.php - very useful if you got a general idea of what functionality you need.

login or register to post comments

Primary Keys in MySQL

Submitted by udreqt on December 4, 2002 - 15:50.

Hi, need some help sorting out how I am going to identify items in my database. It is for a stock control system. Departments must be created and in the Departments there are Sections which also have names. The problem I have is that both have a Primary Key which in MySQL can only be a number e.g. 124 (one digit for department two for section) How can I change that so the end result looks more like A12? I can do it via hardcoding it, but is there a way of the database incrementing via letters? Might be a bit deep, Roger

login or register to post comments

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.orgEvolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.