It’s a big step from prociency at PHP programming to being capable of developing commercial applications. As Fred
Brooks estimated in his classic book, e Mythical Man Month (Addison-Wesley, 1995), “a programming product costs
at least three times as much as a debugged program with the same function.”
My goal in writing this book is to help you take that big step.
What do you have to know beyond PHP programming? Well, there’s project organization (including stang
and scheduling), keeping the customer satised, identifying requirements (being agile but not sloppy), choosing the
development and production platforms, designing the database, structuring the application to handle forms and
buttons, dealing with security and error handling, and converting data from the old system to the new. at’s also the
top-level list of topics in this book.
Pick up any of the many PHP/MySQL books in any large bookstore and you’ll nd chapters on installing PHP,
variables, statements, functions, string processing, arrays, objects, le handling, debugging, and, probably, a toy
e-commerce site. Not this book! I assume you already know all that stu, or can nd it somewhere if you don’t.
Instead, I tried to cover essential topics that I’ve never seen in any book, such as choosing between shared hosting
and a virtual machine in the cloud, updating a live application, translating MySQL constraint errors to something the
user can understand, protecting passwords the right way (hashed, salted, and stretched), implementing two-factor
authentication, making your web site invulnerable to attack (via SQL injection, cross-site scripting, cross-site request
forgery, or clickjacking), implementing validation with database triggers, developing reports as CSV les or PDFs,
converting data with variant name spellings, avoiding legal disputes, and lots more that PHP/MySQL programmers
struggle with every day as they develop industrial-strength applications.
Beyond the technical details, I’ve tried to pass on what I’ve learned over the four decades I’ve spent developing
commercial software. One of my favorite quotations (the source is unknown) is, “Good judgment comes from
experience and experience comes from bad judgment.” I’m sure I’ve exhibited more bad judgment than you ever
will. I’ve had more bugs in my software, more wrong platform selections, more architectural dead ends, more
user-interface catastrophes, and more customer-support ascoes than anybody, but I like to think that’s because I’ve
been at it longer than anybody. (After all, Babe Ruth struck out 1,330 times, a number no ordinary baseball player will
ever come close to.) So my judgment is now pretty good, and you get the benet. You can look forward to making your
own original, creative mistakes—no need to repeat mine. I hope you’ll hit a lot of home runs, too, as I have. (Figuratively.)
I’ve also tried to just give the plain answer when I know it, and the reasons why it’s the answer, instead of listing
the pros and cons and telling you to make the best choice for your situation. at saves you time. Use PDO for your
PHP-MySQL interface, FPDF for your PDF library, MySQL Workbench for your database design tool, jQuery for your
way, of course, but there are hundreds of design choices you have to make in the course of developing an application
and you can’t aord to make each one into a research project. Wouldn’t it be a relief to just be told the best way to go?
ere are code examples throughout the book, all of which you can download from www.apress.com. e
principal techniques are embodied in PHP classes—Access, DbAccess, Form, Page, Report, and Security—that
are robust enough to incorporate directly into your own applications. I present the code in small, somewhat
disconnected, chunks, but you can keep from getting lost by downloading the source and following along in it as you
read through the technical explanations of why and how I did things the way I did.