Section 25.3. The LAMP Server in Action


25.3. The LAMP Server in Action

Now you have all the components for your LAMP server in place; it is time to run a few examples.

If you haven't done so already while following the last section, we suggest that you test your setup now with a very simple PHP file. Save the PHP that you have seen in the last listing in the previous section into a file called info.php.

Now place this file in the directory where your Apache web server is looking for its contents files. Often, this is /usr/local/httpd/htdocs, and it may already contain the files that your distribution has installed for you during installation (at least if you have installed Apache from the installation media). If this doesn't work for you, you should look for the Apache configuration file httpd.conf. Often, this file is in the /etc/httpd/ directory, but if this is not the case on your system, you can search for it with

 locate httpd.conf

In this file, look for the line starting with DocumentRoot. You should find a directory listed here, and a subdirectory named htdocs should be under that directory; put the file info.php here. Now you can use any web browser to access the URL http://localhost/info.php. This will give you some information about the setup of your PHP module.

PHP comes with a number of built-in functions that manipulate and manage the data stored in MySQL (and other databases).

A relational database consists of a number of tables. If you have sufficient access rights, PHP can query and manipulate data in these tables. We can now write a few PHP scripts to use the database tables. We assume here that you have created the database test_database and the table comment_table, as well as the user olof as described earlier.

Use your favorite text editor and enter the following code, which creates a small HTML page that lets you add data to this table by means of an HTML form:

 <html> <?php if (isset($_REQUEST["comment"])) {     $conn = mysql_connect("localhost", "olof", "secret")      or die("Could not connect to MySQL as olof");     mysql_select_db("test_database", $conn)      or die("could not select the test_database");     if (get_magic_quotes_gpc(  )) {         $comment = stripslashes($_REQUEST["comment"]);     } else {         $comment = $_REQUEST["comment"];     }     $query = "INSERT INTO comment_table VALUES ('0', '"      . mysql_real_escape_string($comment) . "')";     mysql_query($query)      or die(mysql_error(  )); } ?> <form action="" method="POST">     <input type="text" name="comment" size="80"><br>     <input type="submit"> </form> </html>

When you work with a database, you must take precautions not to allow user input to manipulate your SQL queries. If you don't do this, a malicious user could simply hijack your database. You can make yourself safe by transforming the input data before using it to construct SQL queries. Normally, it is enough to put user input through the mysql_real_escape_string() function. In some situations, you may need to apply the stripslashes() function first. This is because of the special PHP feature called magic_quotes_gpc, which was meant to make all input data safe for the database automatically. Although the idea was noble, the feature does not provide sufficient protection and creates other problems for programmers. We recommend you turn this feature off in your configuration. Otherwise, you first need to detect whether it is enabled, and neutralize its effects if you discover that it is.

You can execute this script by saving it as a file with the extension .php, copying it into the document directory of your web server, and accessing the script with your web browser. For example, if you have saved it as edit.php, you could access the URL http://localhost/edit.php to execute this script. The web server knows that it needs to run everything between <?php and ?> through the PHP module. Thus, the PHP code can be directly embedded into an HTML page.

Now that we can enter comments into our database, we also want to review them. Thus, next up is a script to read from the database:

 <html> <?php $conn = mysql_connect("localhost", "olof", "secret")  or die("Could not connect to MySQL as olof"); mysql_select_db("test_database", $conn)  or die("could not select the test_database"); $query = "SELECT * FROM comment_table"; $result = mysql_query($query)  or die(mysql_error(  )); $numbers_cols = mysql_num_fields($result); print "<b>query: $query</b>"; print "<table border=1>\n"; print "<tr>"; print "<td>ID</td>"; print "<td>Comment</td>"; print "</tr>"; while (list($id, $comment) = mysql_fetch_array($result)) {     print "<tr>";     print "<td>" . htmlspecialchars($id, ENT_QUOTES) . "</td>";     print "<td>" . htmlspecialchars($comment, ENT_QUOTES) . "</td>";     print "</tr>"; } print "</table>"; ?> </html>

As you can see, we are using the HTML tags for laying out tables in order to display the contents of the database, which is a very natural and obvious thing to do. Also note that we did not print the data from the database directly to the HTML page. This would have allowed a potential adversary to hijack the page by using improper input. Instead, we used the htmlspecialchars( ) function to make the data HTML safe.

It was our intention to keep these examples as simple as possible so as not to overload you with too much information. If you want to dive deeper into the wonderful world of LAMP, we recommend that you read a good book such as Web Database Applications with PHP & MySQL (O'Reilly) or MySQL/PHP Database Applications (John Wiley & Sons).



Running Linux
Running Linux
ISBN: 0596007604
EAN: 2147483647
Year: 2004
Pages: 220

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net