So, bringing your code up to the 4.01 standard is a good start.

Our complete HTML 4.01 reference can help you with that.

In addition, you should start NOW to write your HTML code in lowercase letters, and NEVER skip closing tags (like </p>).
The Most Important Differences:
XHTML elements must be properly nested
XHTML elements must always be closed
XHTML elements must be in lowercase
XHTML documents must have one root element
XHTML Elements Must Be Properly Nested

In HTML, some elements can be improperly nested within each other, like this:<b><i>This text is bold and italic</b></i>

In XHTML, all elements must be properly nested within each other, like this:<b><i>This text is bold and italic</i></b>

Note: A common mistake with nested lists, is to forget that the inside list must be within <li> and </li> tags.

This is wrong:<ul>
<li>Coffee</li>
<li>Tea
<ul>
<li>Black tea</li>
<li>Green tea</li>
</ul>
<li>Milk</li>
</ul>

This is correct:<ul>
<li>Coffee</li>
<li>Tea
<ul>
<li>Black tea</li>
<li>Green tea</li>
</ul>
</li>
<li>Milk</li>
</ul>

Notice that we have inserted a </li> tag after the </ul> tag in the “correct” code example.
XHTML Elements Must Always Be Closed

Non-empty elements must have a closing tag.

This is wrong:<p>This is a paragraph
<p>This is another paragraph

This is correct:<p>This is a paragraph</p>
<p>This is another paragraph</p>

Empty Elements Must Also Be Closed

Empty elements must also be closed.

This is wrong:A break: <br>
A horizontal rule: <hr>
An image: <img src=”happy.gif” alt=”Happy face”>

This is correct:A break: <br />
A horizontal rule: <hr />
An image: <img src=”happy.gif” alt=”Happy face” />

XHTML Elements Must Be In Lower Case

Tag names and attributes must be in lower case.

This is wrong:<BODY>
<P>This is a paragraph</P>
</BODY>

This is correct:<body>
<p>This is a paragraph</p>
</body>

XHTML Documents Must Have One Root Element

All XHTML elements must be nested within the <html> root element. Child elements must be in pairs and correctly nested within their parent element.

The basic document structure is:<html>
<head> … </head>
<body> … </body>
</html>

PHP stands for Hypertext Preprocessor and ASP.net stand for Active Server Pages.

PHP was originally created by Rasmus Lerdorf in 1995 and has been in continuous development ever since. The main implementation of PHP is now produced by The PHP Group and serves as the de facto standard for PHP as there is no formal specification. PHP is free software released under the PHP License, which is incompatible with the GNU General Public License (GPL) because of restrictions on the use of the term PHP.

ASP.NET is a web application framework developed and marketed by Microsoft to allow programmers to build dynamic web sites, web applications and web services. It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft’s Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language.

PHP has evolved to include a command line interface capability and can also be used in standalone graphical applications.

PHP is a relatively simpler language to use than ASP.net. Initially, PHP was written in the C programming language to replace a set of scripts in Perl. That is the reason why coding in PHP remains simple even today. Many developers find themselves to be more at ease with the user-friendly nature of PHP when it comes to coding. However, critics also count this advantage of PHP as a disadvantage. Some of them maintain that the language of PHP has not been updated much, and hence it is still quite archaic and even, somewhat cumbersome for coding. ASP.net, which is a relatively new development, has a lot of options when it comes to languages. Here, you can use languages such as C#, J#, C++ and VB.net. Hence, when it comes to sheer choice, ASP.net has better to offer. But PHP is no less, since it can do its task quite well, even with its minimum language tools.

» PHP is has much better support for the database management system, MySQL. In fact, the very popular blogging platform, WordPress uses the formidable combination of PHP coding on MySQL for its content management system, which includes about hundreds of thousands of blog posts every single day. Another very popular and frequently updated service that uses the combination of PHP and MySQL is Wikipedia. ASP.net can also support MySQL, but PHP is unanimously hailed, by the masses and classes alike, for its great support for this database management system.

» People who use both PHP and ASP.net also maintain their opinion that PHP is better for embedded support with another database management system, viz. SQLite. SQLite is described as a relational database management system and since it is contained in a C programming library, PHP can provide better support to it.

» PHP has also a very good support for object oriented programming, on which whole scripting languages are being built nowadays. ASP.net also provides very capable support to OOP.

» When it comes to support, PHP wins over ASP.net. The main reason for this is that PHP is open source. Hence, the support can come freely from all over the world. In most cases, PHP fixes are made instantly. Being open source also ensures that there are very few snags in PHP. While, ASP.net could take a while to make fixes. That is because it is owned by Microsoft, and it is the development team of Microsoft that will need to respond to the support query. That could take more time than the worldwide open source support that PHP is able to get. Most PHP supports can be instantly found online by doing a simple search on the Internet. Some of the providers of support for PHP are Zend, NuSphere and ThinkPHP.

» PHP can use the command line to perform many everyday activities. Some of the things that the PHP command line is useful for is for manipulating across many files and for putting files into multiple directories at once. These are just some of the important features that PHP’s command line is used for.

» PHP is an open source programming language, which means it is free for anyone to use. Programmers can develop PHP applications virtually at no cost, because PHP is free to use. ASP.net is not free too, but its extensions are available for free on Windows platforms, upwards of 98. Hence, ASP.net is available to Windows users when they buy it. That puts a bit of restriction in its use.

» ASP.net is compiled into memory in binary code. So, when ASP.net is used for coding, it is evident that it takes much longer time to process since the codes need to be retrieved from memory. However, PHP is not compiled into memory like ASP.net is. It is interpreted at runtime. That is the reason why PHP coding leads to better speed and even efficiency. However, it must be said that both PHP and ASP.net can run at supreme speeds and efficiency when they are coded expertly.

» Talking about hosting charges, both PHP and ASP.net are quite cheap to host. If you do a good deal of shopping online, you will also be able to find hosting for as little as $4. While there are several pricier hosting services out there, their charges are higher for both PHP and ASP.net. Hence, it can be said that both PHP and ASP.net are at par with each other on the hosting charges.

» Since PHP is older, there are many people who claim that it is much more secure than ASP.net where coding is concerned. ASP.net is much new, and the security options may not be fully in place yet. However, many programmers will pooh-pooh at this point, because they maintain that security in coding does not depend on the language that is used, but in the way that the coding is done by the coder. Even so, there is a lot of talk on the Internet about PHP coded sites being more difficult to hack into than those done with ASP.net.

Hence, there is a lot to debate on about the worthiness of PHP over ASP.net or vice-versa. There is probably no end to it, and there never shall be. The problem mainly is that both of them are good in their own place, but people who have been staunchly using PHP for several years now – some of them for more than a decade – would certainly not like to go in for the new ASP.net. The price to be paid is quite high, i.e. learning a whole new syntax and getting used to it. That is more the reason why PHP is still so popular.

PHP-GTK is an extension for the PHP programming language that implements language bindings for GTK+. It provides an object-oriented interface to GTK+ classes and functions and greatly simplifies writing client-side cross-platform GUI applications.

Rumours of PHP-GTK’s death have been greatly exaggerated! The project is very much still alive, but we’re waiting for PHP 5.3 to come out, and also some work needs to be done on the Cairo extension before a new release can be made. This should be completed soon. This release will come with support for GTK+ 2.14 and 2.16, Cairo, and PHP 5.3.

The next release will also include official installers for Windows and Mac OSX, and an installer script (thank you bob) for Linux.

PHP-GTK was originally conceived by Andrei Zmievski, who is also actively involved in the development of PHP and the Zend Engine. The idea was received well by the PHP community, and more people started to get involved with the project. James Moore and Steph Fox were among the first to join in, contributing a great deal to PHP-GTK through their documentation efforts, and Frank Kromann – also from the PHP development team – supplied Windows binaries for the project.

Is the same as:

This method also works for subtraction:

You can also apply a similar method for concocting strings. So instead of:

Use this shorthand method of adding another string of text onto the end of the first string:

Single Quotes versus Double Quotes

Any time you put something in “double” quotes, you are asking PHP to check that content for a variable. So even though the following lines do not contain variables within the double quotes, PHP will still waste precious computing time scanning them anyway.

Those same three lines of code could be executed much faster if ‘single’ quotes were used in place of “double” quotes.

Now that may not seem like much, but having PHP check for variables where it doesn’t need to over the course of a larger script, can certainly impede run-time. Just to clarify my point, PHP will not read a variable if it is within ‘single’ quotes.

What is the the super-secret of keeping those scripts speeding along the rusty pipes of your server? Avoid double quotes at all costs. Even if you are working with a variable and think you need double quotes, it is more efficient for PHP to execute this:

As opposed to this bit of molasses-like code:

One control structure to rule them all, One constant to find them, One set of conditional brackets to bring them all and in the darkness bind them

Not anymore! If you have a single expression following a control structure, you do not need to waste your time with brackets { }.

Is the same as:

This can be applied to any control structure statement. For example:

The fewer brackets you have cluttering up your code, the easier it may be to read.

They true did false, they were the trueiest bunch of falses that ever trued

If all you are trying to test for is a boolean (true/false) of a variable or function then instead of laying down a bunch of code like this:

You can omit == and != with:

This same format can apply to functions and multiple conditions. For example:

The following is the same exact statement (except with less code):

In and out of PHP before they even knew what hit ‘em

When embedding PHP within HTML, you can close your PHP tag whenever you want to output HTML. This enables speedier processing of your PHP. For instance:

Hopefully that last one didn’t confuse you as much it confused me, the example is a bit extreme. However look over it a few times and you will understand exactly what is going on.

A few more for the road…

1. Don’t use spaces to format your code, use tabs. Every space takes up 1 byte, every tab takes up 1 byte too. So if you are using 4 spaces to make 1 tab, you will have added unnecessary bulk (and CPU time) to your code.
2. Learn Regular Expressions, which are beyond the scope of this article. However once mastered, you will transform into an unstoppable coder of such power that even your own expertise of regular expressions cannot calculate your might.
3. If you are dealing with external variables through get/post. Always use $_POST['variable'] or $_GET['variable']. Assuming $variable can open a huge security hole into your script. With the upgrade to PHP5, register_globals is turned off, by default – so scripts will be forced to use the above method.Here is a code snippet to quickly gather $_GET and $_POST variables:
   // $_POST['form_name'] = 'Anus Mcgee';foreach ($_POST as $key => $value)
   $$key = $value;

   // Now $form_name = ‘Anus Mcgee’;

Session security is a sophisticated topic, and it’s no surprise that sessions are a frequent target of attack. Most session attacks involve impersonation, where the attacker attempts to gain access to another user’s session by posing as that user.

The most crucial piece of information for an attacker is the session identifier, because this is required for any impersonation attack. There are three common methods used to obtain a valid session identifier:

• Prediction
• Capture
• Fixation

Prediction refers to guessing a valid session identifier. With PHP’s native session mechanism, the session identifier is extremely random, and this is unlikely to be the weakest point in your implementation.

Capturing a valid session identifier is the most common type of session attack, and there are numerous approaches. Because session identifiers are typically propagated in cookies or as GET variables, the different approaches focus on attacking these methods of transfer. While there have been a few browser vulnerabilities regarding cookies, these have mostly been Internet Explorer, and cookies are slightly less exposed than GET variables. Thus, for those users who enable cookies, you can provide them with a more secure mechanism by using a cookie to propagate the session identifier.

Fixation is the simplest method of obtaining a valid session identifier. While it’s not very difficult to defend against, if your session mechanism consists of nothing more than session_start(), you are vulnerable.

In order to demonstrate session fixation, I will use the following script, session.php:

<?php

session_start();

if (!isset($_SESSION['visits']))
{
$_SESSION['visits'] = 1;
}
else
{
$_SESSION['visits']++;
}

echo $_SESSION['visits'];

?>

Upon first visiting the page, you should see 1 output to the screen. On each subsequent visit, this should increment to reflect how many times you have visited the page.

To demonstrate session fixation, first make sure that you do not have an existing session identifier (perhaps delete your cookies), then visit this page with ?PHPSESSID=1234 appended to the URL. Next, with a completely different browser (or even a completely different computer), visit the same URL again with ?PHPSESSID=1234 appended. You will notice that you do not see 1 output on your first visit, but rather it continues the session you previously initiated.

Why can this be problematic? Most session fixation attacks simply use a link or a protocol-level redirect to send a user to a remote site with a session identifier appended to the URL. The user likely won’t notice, since the site will behave exactly the same. Because the attacker chose the session identifier, it is already known, and this can be used to launch impersonation attacks such as session hijacking.

A simplistic attack such as this is quite easy to prevent. If there isn’t an active session associated with a session identifier that the user is presenting, then regenerate it just to be sure:

<?php

session_start();

if (!isset($_SESSION['initiated']))
{
session_regenerate_id();
$_SESSION['initiated'] = true;
}

?>

The problem with such a simplistic defense is that an attacker can simply initialize a session for a particular session identifier, and then use that identifier to launch the attack.

To protect against this type of attack, first consider that session hijacking is only really useful after the user has logged in or otherwise obtained a heightened level of privilege. So, if we modify the approach to regenerate the session identifier whenever there is any change in privilege level (for example, after verifying a username and password), we will have practically eliminated the risk of a successful session fixation attack.

Session Hijacking

Arguably the most common session attack, session hijacking refers to all attacks that attempt to gain access to another user’s session.

As with session fixation, if your session mechanism only consists of session_start(), you are vulnerable, although the exploit isn’t as simple.

Rather than focusing on how to keep the session identifier from being captured, I am going to focus on how to make such a capture less problematic. The goal is to complicate impersonation, since every complication increases security. To do this, we will examine the steps necessary to successfully hijack a session. In each scenario, we will assume that the session identifier has been compromised.

With the most simplistic session mechanism, a valid session identifier is all that is needed to successfully hijack a session. In order to improve this, we need to see if there is anything extra in an HTTP request that we can use for extra identification.

Note
It is unwise to rely on anything at the TCP/IP level, such as IP address, because these are lower level protocols that are not intended to accommodate activities taking place at the HTTP level. A single user can potentially have a different IP address for each request, and multiple users can potentially have the same IP address.

Recall a typical HTTP request:

GET / HTTP/1.1
Host: example.org
User-Agent: Mozilla/5.0 Gecko
Accept: text/xml, image/png, image/jpeg, image/gif, */*
Cookie: PHPSESSID=1234

Only the Host header is required by HTTP/1.1, so it seems unwise to rely on anything else. However, consistency is really all we need, because we’re only interested in complicating impersonation without adversely affecting legitimate users.

Imagine that the previous request is followed by a request with a different User-Agent:

GET / HTTP/1.1
Host: example.org
User-Agent: Mozilla Compatible (MSIE)
Accept: text/xml, image/png, image/jpeg, image/gif, */*
Cookie: PHPSESSID=1234

Although the same cookie is presented, should it be assumed that this is the same user? It seems highly unlikely that a browser would change the User-Agent header between requests, right? Let’s modify the session mechanism to perform an extra check:

<?php

session_start();

if (isset($_SESSION['HTTP_USER_AGENT']))
{
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
{
/* Prompt for password */
exit;
}
}
else
{
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
}

?>

Now an attacker must not only present a valid session identifier, but also the correct User-Agent header that is associated with the session. This complicates things slightly, and it is therefore a bit more secure.

Can we improve this? Consider that the most common method used to obtain cookie values is by exploiting a vulnerable browser such as Internet Explorer. These exploits involve the victim visiting the attacker’s site, so the attacker will be able to obtain the correct User-Agent header. Something additional is necessary to protect against this situation.

Imagine if we required the user to pass the MD5 of the User-Agent in each request. An attacker could no longer just recreate the headers that the victim’s requests contain, but it would also be necessary to pass this extra bit of information. While guessing the construction of this particular token isn’t too difficult, we can complicate such guesswork by simply adding an extra bit of randomness to the way we construct the token:

<?php

$string = $_SERVER['HTTP_USER_AGENT'];
$string .= ‘SHIFLETT’;

/* Add any other data that is consistent */

$fingerprint = md5($string);

?>

Keeping in mind that we’re passing the session identifier in a cookie, and this already requires that an attack be used to compromise this cookie (and likely all HTTP headers as well), we should pass this fingerprint as a URL variable. This must be in all URLs as if it were the session identifier, because both should be required in order for a session to be automatically continued (in addition to all checks passing).

In order to make sure that legitimate users aren’t treated like criminals, simply prompt for a password if a check fails. If there is an error in your mechanism that incorrectly suspects a user of an impersonation attack, prompting for a password before continuing is the least offensive way to handle the situation. In fact, your users may appreciate the extra bit of protection perceived from such a query.

There are many different methods you can use to complicate impersonation and protect your applications from session hijacking. Hopefully you will at least do something in addition to session_start() as well as be able to come up with a few ideas of your own. Just remember to make things difficult for the bad guys and easy for the good guys.

Note
Some experts claim that the User-Agent header is not consistent enough to be used in the way described. The argument is that an HTTP proxy in a cluster can modify the User-Agent header inconsistently with other proxies in the same cluster. While I have never observed this myself (and feel comfortable relying on the consistency of User-Agent), it is something you may want to consider.

The Accept header has been known to change from request to request in Internet Explorer (depending on whether the user refreshes the browser), so this should not be relied upon for consistency.

PHP Session Variables

When you are working with an application, you open it, do some changes and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are and what you do because the HTTP address doesn’t maintain state.

A PHP session solves this problem by allowing you to store user information on the server for later use (i.e. username, shopping items, etc). However, session information is temporary and will be deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.

Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL.

Starting a PHP Session

Before you can store user information in your PHP session, you must first start up the session.

Note: The session_start() function must appear BEFORE the <html> tag:

The code above will register the user’s session with the server, allow you to start saving user information, and assign a UID for that user’s session.

Storing a Session Variable

The correct way to store and retrieve session variables is to use the PHP $_SESSION variable:

Output:

In the example below, we create a simple page-views counter. The isset() function checks if the “views” variable has already been set. If “views” has been set, we can increment our counter. If “views” doesn’t exist, we create a “views” variable, and set it to 1:

Destroying a Session

If you wish to delete some session data, you can use the unset() or the session_destroy() function.

The unset() function is used to free the specified session variable:

You can also completely destroy the session by calling the session_destroy() function:

Note: session_destroy() will reset your session and you will lose all your stored session data.

Cookies

What is a Cookie?

A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user’s computer. Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.

How to Create a Cookie?

The setcookie() function is used to set a cookie.

Note: The setcookie() function must appear BEFORE the <html> tag.

Syntax

Example 1

In the example below, we will create a cookie named “user” and assign the value “Alex Porter” to it. We also specify that the cookie should expire after one hour:

Note: The value of the cookie is automatically URLencoded when sending the cookie, and automatically decoded when received (to prevent URLencoding, use setrawcookie() instead).

Example 2

You can also set the expiration time of the cookie in another way. It may be easier than using seconds.

In the example above the expiration time is set to a month (60 sec * 60 min * 24 hours * 30 days).

How to Retrieve a Cookie Value?

The PHP $_COOKIE variable is used to retrieve a cookie value.

In the example below, we retrieve the value of the cookie named “user” and display it on a page:

In the following example we use the isset() function to find out if a cookie has been set:

How to Delete a Cookie?

When deleting a cookie you should assure that the expiration date is in the past.

Delete example:

What if a Browser Does NOT Support Cookies?

If your application deals with browsers that do not support cookies, you will have to use other methods to pass information from one page to another in your application. One method is to pass the data through forms (forms and user input are described earlier in this tutorial).

The form below passes the user input to “welcome.php” when the user clicks on the “Submit” button:

Retrieve the values in the “welcome.php” file like this:

<html>
<body>

Welcome <?php echo $_POST["name"]; ?>.<br />
You are <?php echo $_POST["age"]; ?> years old.

</body>
</html>

To start off we will install Apache.

1. Open up the Terminal (Applications > Accessories > Terminal).

2. Copy/Paste the following line of code into Terminal and then press enter:

sudo apt-get install apache2

3. The Terminal will then ask you for you’re password, type it and then press enter.

Testing Apache

To make sure everything installed correctly we will now test Apache to ensure it is working properly.

1. Open up any web browser and then enter the following into the web address:

http://localhost/

You should see a folder entitled apache2-default/. Open it and you will see a message saying “It works!” , congrats to you!

Install PHP

In this part we will install PHP 5.

Step 1. Again open up the Terminal (Applications > Accessories > Terminal).

Step 2. Copy/Paste the following line into Terminal and press enter:

sudo apt-get install php5 libapache2-mod-php5

Step 3. In order for PHP to work and be compatible with Apache we must restart it. Type the following code in Terminal to do this:

sudo /etc/init.d/apache2 restart

Test PHP

To ensure there are no issues with PHP let’s give it a quick test run.

Step 1. In the terminal copy/paste the following line:

sudo gedit /var/www/testphp.php

This will open up a file called phptest.php.

Step 2. Copy/Paste this line into the phptest file:

<?php phpinfo(); ?>

Step 3. Save and close the file.

Step 4. Now open you’re web browser and type the following into the web address:

http://localhost/testphp.php

Install MySQL

To finish this guide up we will install MySQL. (Note – Out of Apache and PHP, MySQL is the most difficult to set up. I will provide some great resources for anyone having trouble at the end of this guide.)

Step 1. Once again open up the amazing Terminal and then copy/paste this line:

sudo apt-get install mysql-server

Step 2 (optional). In order for other computers on your network to view the server you have created, you must first edit the “Bind Address”. Begin by opening up Terminal to edit the my.cnf file.

gksudo gedit /etc/mysql/my.cnf

Change the line

bind-address = 127.0.0.1

And change the 127.0.0.1 to your IP address.

Step 3. This is where things may start to get tricky. Begin by typing the following into Terminal:

mysql -u root

Following that copy/paste this line:

mysql> SET PASSWORD FOR ‘root’@'localhost’ = PASSWORD(‘yourpassword’);

(Make sure to change yourpassword to a password of your choice.)

Step 4. We are now going to install a program called phpMyAdmin which is an easy tool to edit your databases. Copy/paste the following line into Terminal:

sudo apt-get install libapache2-mod-auth-mysql php5-mysql phpmyadmin

After that is installed our next task is to get PHP to work with MySQL. To do this we will need to open a file entitledphp.ini. To open it type the following:

gksudo gedit /etc/php5/apache2/php.ini

Now we are going to have to uncomment the following line by taking out the semicolon (;).

Change this line:

;extension=mysql.so

To look like this:

extension=mysql.so

Now just restart Apache and you are all set!

sudo /etc/init.d/apache2 restart

to use

notepad++

as your text editor

because there is

a chance of

conflict between

fancy symbols

and

standard symbols…

To download notepad ++,  click here

This tutorial will show you step-by-step how to install:

• Apache 2
• PHP 5
• MySQL 5
• phpMyAdmin

The Apache Server combined with the power of PHP, MySQL, and phpMyAdmin, creates one of the best possible development environments for a web programmer. Getting everything properly configured can take 20-30 minutes, so make sure you have enough time set aside before beginning the installation.

Don’t be intimidated by the length of this page. I’ll walk you step-by-step through each part of the installaton. All you need is a basic understanding of HTML and computers, and if any part of the installation isn’t clear to you, just send me an email.

Start the Installation:

• Installing Apache
• Installing PHP
• Installing MySQL
• Configuring PHP to work with MySQL
• Installing phpMyAdmin

Installing Apache:

1. Go to www.apache.org and download “Win32 Binary (MSI Installer): apache_2.2.4-win32-x86-no_ssl.msi” to your desktop.Note: Make sure that you download Apache version 2.2.4 (Win32 Binary MSI Installer)! The rest of the tutorial is written using this version.
2. Double click “apache_2.2.4-win32-x86-no_ssl.msi”, and if prompted, click “run”.
3. An installation wizard will appear:Click “Next”.
4. The next page contains the terms of agreement. Select “I accept”, and click “Next”.
5. Read about the Apache Server, and click “Next”
6. The next screen will ask you for specific server information. Enter the values seen below:Click “Next”.
7. On the next screen, select “Typical Installation” and click “Next”.
8. Click “Next”.
9. Click “Install”.
10. Open up Internet Explorer and type in “http://localhost”. If you see a page that says “It works!” then the Apache server has been installed successfully.

A few notes on your Apache Server Configuration:

• Apache is installed by default in your “C:\Program Files\Apache Software Foundation\Apache2.2″ directory.
• Inside that directory there is a folder called “htdocs” (the equivilant of your \www\ or \public_html\ directory). You can develop your applications inside this folder and access them by going to http://localhost/your_file_name.php
• The Apache Configuration settings are defined in a file named “httpd.conf” located in the “conf” directory. Do not attempt to change these settings unless you know what you’re doing. An error in this file will result in the Apache Server not functioning correctly!

By default Apache’s document root is set to htdocs directory. The document root is where you must put all your PHP or HTML files so it will be process by Apache ( and can be seen through a web browser ). Of course you can change it to point to any directory you want. The configuration file for Apache is stored in C:\Program Files\Apache Group\Apache2\conf\httpd.conf ( assuming you installed Apache in C:\Program Files\Apache Group ) . It’s just a plain text file so you can use Notepad to edit it.

For example, if you want to put all your PHP or HTML files in C:\www just find this line in the httpd.conf :

DocumentRoot “C:/Program Files/Apache Group/Apache2/htdocs”

and change it to :

DocumentRoot “C:/www”

After making changes to the configuration file you have to restart Apache ( Start > Programs > Apache HTTP Server 2.0.50 > Control Apache Server > Restart ) to see the effect.

Another configuration you may want to change is the directory index. This is the file that Apache will show when you request a directory. As an example if you type http://www.php-mysql-tutorial.com/ without specifying any file the index.php file will be automatically shown.

Suppose you want apache to use index.html, index.php or main.php as the directory index you can modify the DirectoryIndex value like this :

DirectoryIndex index.html index.php main.php

Now whenever you request a directory such as http://localhost/ Apache will try to find the index.html file or if it’s not found Apache will use index.php. In case index.php is also not found then main.php will be used.

Installing PHP:

Next we will be installing PHP version 5. Follow the steps carefully.

1. Go to www.php.net and download the “PHP 5.2.0 zip package” to your desktop. (Be patient while it downloads, the ZIP file is over 9MB!)Note: Make sure that you download the PHP 5.2.0 zip package! The rest of the tutorial is written using this version.
2. Create a new folder called “php” in your C Drive. Copy the “php-5.2.0-Win32.zip” file to there (“C:\php”) and extract it using WinZIP or a similiar program.
3. Your “C:\php” directory should now look like:
4. Next copy the “php.ini-dist” file from “C:/php/” to “C:/WINDOWS” and rename it to “php.ini”. This is your PHP configuration file. We’ll come back to this later.
5. Now it’s time to tell Apache that PHP exists. Open up your Apache configuration file (“C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf”) in notepad and add these four lines to the bottom of the “LoadModule” section:
   LoadModule php5_module “c:/php/php5apache2_2.dll”
   AddHandler application/x-httpd-php .php
   # configure the path to php.ini
   PHPIniDir “c:/windows”
6. ( I recommend you to manually type these in the file because the double quotes here is fancy double quotes which will result in an error if you copy paste these lines…) or use notepad++ as your text editor…
   
7. In your “htdocs” directory, create a file called “info.php”. Open it in notepad and add this line of code to it:
   <?php phpinfo(); ?>
8. Restart your Apache Server for the changes to take effect: Start > All Programs > Apache HTTP Server 4.2.4 > Control Apache Server > Restart
9. Open up Internet Explorer and type in: http://localhost/info.php. If your browser takes you to a page that looks like this, then PHP has been installed successfully!

Modifying your PHP Configuration File:

• Your PHP configuration (php.ini) file is located in “C:/WINDOWS/php.ini”. You can modify it with notepad or a similiar text editor.
• Open it up and find the line that says:
  extension_dir = “./”

  and change it to

  extension_dir = “C:\php\ext”
• Find the line that says:
  ;session.save_path = “/tmp”

  and change it to

  session.save_path = “C:\WINDOWS\temp”

Installing MYSQL:

Next we will be installing MySQL version 5. Follow the steps carefully.

1. Go to www.mysql.com and download the “Windows (x86) ZIP/Setup.EXE (version 5.0.27)” to your desktop. (To do this you’ll need to register an account with MySQL.)
2. Once “mysql-5.0.27-win32.zip” has finished downloading, you can extract it using WinZIP or a similiar program.
3. Once extracted, double click on the “Setup.exe” file. An installation wizard will appear.Click “Next”.
4. Select “Typical” Installation and click “Next”.
5. Click “Install”. (Be patient, this can take up to several minutes).
6. The next screen will ask you to “Sign Up”. Select “Skip Sign-Up” for now.
7. The next screen will tell you that the installation wizard is complete. Make sure that the “Configure the MySQL Server now” field is checked before clicking “Finish”.
8. The MySQL Server Instance Configuration Wizard should appear. Click “Next”.
9. Select “Detailed Configuration” and click “Next”.
10. Select “Developer Machine” and click “Next”.
11. Select “Multifunctional Database” and click “Next”.
12. Click “Next”.
13. Select “Decision Support (DSS)/OLAP” and click “Next”.
14. Select “Multifunctional Database” and click “Next”.
15. Make sure “Enable TCP/IP Networking” is checked, the Port Number is set to “3306″, and “Enable Strict Mode” is checked. Click “Next”.
16. Select “Standard Character Set” and click “Next”.
17. Check “Install As Windows Service”, set the Service Name to “MySQL”, and check “Launch the MySQL Server automatically”. Make sure that the “Include Bin Directory in Windows Path” is NOT checked. Click “Next”.
18. On the next screen, check the box that says “Modify Security Settings”. Enter a password for the default “root” account, and confirm the password in the box below. Do NOT check the boxes “Enable root access from remote machines” or “Create An Anonymous Account”. Click “Next”.
19. Click “Execute”. (This may take a few minutes. Be patient).
20. Click “Finish”.
21. To test if MySQL was installed correct, go to: Start > All Programs > MySQL > MySQL Server 5.0 > MySQL Command Line Client. The MySQL Command Line Client will appear:
22. It will ask you for a password. Enter the password you created in step 18. (If you enter an incorrect password MySQL will automatically close the command line)
23. Next, type in the commands shown below: (shown in blue)If you don’t get any errors, and it returns the information shown above, then MySQL has been successfully installed! Next we will need to configure PHP to work with MySQL.

Configuring PHP to work with MySQL:

Now that both PHP and MySQL are installed, we have to configure them to work together.

1. Open up your php.ini file (C:/WINDOWS/php.ini) and find the line:
   ;extension=php_mysql.dll

   To enable the MySQL extension, delete the semi-colon at the beginning of that line.

2. Next we must add the PHP directory to the Windows PATH. To do this, click: Start > My Computer > Properties > Advanced > Environment Variables. Under the second list (System Variables), there will be a variable called “Path”. Select it and click “Edit”. Add “;C:\php” to the very end of the string and click “OK”.
3. Restart your computer for the changes to take effect.
4. Create a new file in your “htdocs” directory called “mysql_test.php”.
5. Copy the following code into “mysql_test.php” and click save. (Make sure to replace the MYSQL_PASS constant with the MySQL Password you specified during the MySQL installation).
   <?php# Define MySQL Settings
   define(“MYSQL_HOST”, “localhost”);
   define(“MYSQL_USER”, “root”);
   define(“MYSQL_PASS”, “password”);
   define(“MYSQL_DB”, “test”);

   $conn = mysql_connect(“”.MYSQL_HOST.”", “”.MYSQL_USER.”", “”.MYSQL_PASS.”") or die(mysql_error());
   mysql_select_db(“”.MYSQL_DB.”",$conn) or die(mysql_error());

   $sql = “SELECT * FROM test”;
   $res = mysql_query($sql);

   while ($field = mysql_fetch_array($res))
   {
   $id = $field['id'];
   $name = $field['name'];

   echo ‘ID: ‘ . $field['id'] . ‘<br />’;
   echo ‘Name: ‘ . $field['name'] . ‘<br /><br />’;
   }

   ?>

6. Open up Internet Explorer and type in “http://localhost/mysql_test.php”. If the “mysql_test.php” page returns something similiar to:
   ID: 1
   Name: John

   Then PHP & MySQL have been successfully configured to work together. Congratulations! The next and final step is to install phpMyAdmin.

Installing phpMyAdmin:

Now that both Apache, PHP and MySQL are installed, we can install phpMyAdmin, a tool that allows you to easily manage your MySQL databases.

1. Go to www.phpMyAdmin.net and download “english.zip” under the phpMyAdmin 2.9.2 section to your desktop (I assume that since you are reading this article that you understand English).
2. Create a new folder called “phpmyadmin” in your “htdocs” directory. Extract the contents of the “phpMyAdmin-2.9.2-english.zip” ZIP file here. Your C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\phpmyadmin” directory should now look like:
3. Create a new file in the “phpMyAdmin” directory (above) called “config.inc.php”. Place this code inside it and be sure to replace “YOUR_PASSWORD_HERE” (in both places below) with your MySQL Password:
   <?php/* $Id: config.sample.inc.php 9675 2006-11-03 09:06:06Z nijel $ */
   // vim: expandtab sw=4 ts=4 sts=4:/**
   * phpMyAdmin sample configuration, you can use it as base for
   * manual configuration. For easier setup you can use scripts/setup.php
   *
   * All directives are explained in Documentation.html and on phpMyAdmin
   * wiki <http://wiki.cihar.com>.
   */

   /*
   * This is needed for cookie based authentication to encrypt password in
   * cookie
   */
   $cfg['blowfish_secret'] = ”; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

   /*
   * Servers configuration
   */
   $i = 0;

   /*
   * First server
   */
   $i++;

   $cfg['Servers'][$i]['user'] = ‘root’;
   $cfg['Servers'][$i]['password'] = ‘YOUR_PASSWORD_HERE’; // Your MySQL Password

   /* Authentication type */
   $cfg['Servers'][$i]['auth_type'] = ‘config’;
   /* Server parameters */
   $cfg['Servers'][$i]['host'] = ‘localhost’;
   $cfg['Servers'][$i]['connect_type'] = ‘tcp’;
   $cfg['Servers'][$i]['compress'] = false;
   /* Select mysqli if your server has it */
   $cfg['Servers'][$i]['extension'] = ‘mysql’;
   /* User for advanced features */
   $cfg['Servers'][$i]['controluser'] = ‘root’;
   $cfg['Servers'][$i]['controlpass'] = ‘YOUR_PASSWORD_HERE’; // Your MySQL Password
   /* Advanced phpMyAdmin features */
   $cfg['Servers'][$i]['pmadb'] = ‘phpmyadmin’;
   $cfg['Servers'][$i]['bookmarktable'] = ‘pma_bookmark’;
   $cfg['Servers'][$i]['relation'] = ‘pma_relation’;
   $cfg['Servers'][$i]['table_info'] = ‘pma_table_info’;
   $cfg['Servers'][$i]['table_coords'] = ‘pma_table_coords’;
   $cfg['Servers'][$i]['pdf_pages'] = ‘pma_pdf_pages’;
   $cfg['Servers'][$i]['column_info'] = ‘pma_column_info’;
   $cfg['Servers'][$i]['history'] = ‘pma_history’;

   /*
   * End of servers configuration
   */

   /*
   * Directories for saving/loading files from server
   */
   $cfg['UploadDir'] = ”;
   $cfg['SaveDir'] = ”;

   ?>

4. ( I recommend you to manually type these in the file because the double quotes, single quotes, semi colon etc here are fancy which will result in an error if you copy paste these lines…) or use notepad++ as your text editor…
5. phpMyAdmin has now been successfully installed! To use it, open up Internet Explorer and type in “http://localhost/phpmyadmin”. This will bring you to the main phpMyAdmin page. If you have any questions, refer to the phpMyAdmin website or the “Documentation.html” file in the /phpMyAdmin/ directory.
   
6. Enjoy using Apache, PHP, MySQL, and phpMyAdmin!

What distinguishes PHP from something like client-side JavaScript is that the code is executed on the server, generating HTML which is then sent to the client. The client would receive the results of running that script, but would not know what the underlying code was. You can even configure your web server to process all your HTML files with PHP, and then there’s really no way that users can tell what you have up your sleeve.

The best things in using PHP are that it is extremely simple for a newcomer, but offers many advanced features for a professional programmer.

A simple PHP program to print “Hi, I'm a PHP script!"

<html>
<head>
<title>Example</title>
</head>
<body>

<?php
echo “Hi, I’m a PHP script!”;
?>

</body>
</html>