PHP Tutorial for the Absolute Beginner

PHP and MySQL

1. Table of contents
1. Table of contents 2. Introduction 2.1. Why would I want a database? 2.2. What do I need? 2.3. Testing for PHP and MySQL 2.4. Managing databases 3. Setting up the database 3.1. Databases security 3.2. Databases design 3.2.1. Fields 3.3. Create a contacts table 3.3.1. Create the table with PHP 4. Connect to the database 4.1. Select the database 5. Query the database 5.1. Insert data 5.1.1. Input form 5.2. Select data 5.2.1. Counting rows 5.2.2. Setting up the loop 5.2.3. Assigning data to variables 5.2.4. Listing rows 5.2.5. Formatting output 5.2.6. Error trapping 5.2.7. Select a single record 5.2.8. Filter data 5.2.9. Ordering data 5.3. Update data 5.3.1. Update page 5.3.2. Update database 5.4. Delete data 6. Final tips 6.1. Save time 6.2. Searching 7. Security

2. Introduction
For many people, the main reason for learning a scripting language like PHP is for the interaction with databases that it can offer. We will look at how to use PHP and MySQL database to store information on the web and include it into your website.

2.1. Why would I want a database?

It is actually surprising how useful a database can be when used with a website. There are a huge variety of things you can do when you interact the two, from displaying simple lists to running a complete website from a database. Reasons to use a database can be: Databases can store very large numbers of records efficiently. It is very easy and quick to find information. It is easy to add new data and to edit or delete old data. Data can be searched easily. Data can be sorted easily. Data can be taken into other applications. More than one person can access the same database at the same time - multi-access.

2.2. What do I need?

You need to fulfill three requirements in order to run PHP scripts which access a MySQL database: Have a webserver. This can either be on a computer of your own or on a web host. Have PHP installed. Have MySQL installed.

2.3. Testing for PHP and MySQL

There is a simple test for both PHP and MySQL. Create a file phpinfo.php and paste the following code into it:
<?php phpinfo(); ?>

converted by Web2PDFConvert.com

Open the file in our browser and scroll down through all this information. If you find a section about MySQL then you will know that MySQL is installed.

2.4. Managing databases

Although all the database administrative options can be done through PHP scripts, I strongly suggest installing phpMyAdmin on your server (most of web hosts already have it installed) It is an excellent and free set of scripts that will provide you with an administrative interface for your MySQL database(s). You can view, add, remove, edit, backup and troubleshooting your databases using it.

3. Setting up the database

Before you actually start building your database scripts, you must have a database to place information into and read it from. In this section we will create a database in MySQL and prepare it for our data. We will also start the creation of a contacts management database.

3.1. Databases security

The process of setting up a MySQL database varies from host to host, you will however end up with a database name, a username and a password. This information will be required to login into the database. If you have phpMyAdmin installed you can just go to it and login with your username and password.

3.2. Databases design

MySQL has a standard setup. It is made up of a database, which containes tables, and each table contains records or rows which are made up of fields. Before you can do anything with your database, you must create tables. A table is a section of the database for storing related information. In a table you will set up the different fields which will be used in that table.

3.2.1. Fields
MySQL supports a number of column types, which may be grouped into three categories: numeric types, date and time types, and string (character) types. This section first gives an overview of the types available: MySQL field types

Type TINYINT SMALLINT MEDIUMINT INT or INTEGER BIGINT

Use for A very small integer A small integer A medium-size integer A normal-size integer

Size The signed range is 128 to 127. The unsigned range is 0 to 255 The signed range is 32768 to 32767. The unsigned range is 0 to 65535 The signed range is 8388608 to 8388607. The unsigned range is 0 to 16777215 The signed range is 2147483648 to 2147483647. The unsigned range is 0 to 4294967295

A large integer

The signed range is 9223372036854775808 to 9223372036854775807. The unsigned range is 0 to 18446744073709551615 Ranges are 3.402823466E+38 to 1.175494351E-38, 0 and 1.175494351E-38 to 3.402823466E+38. If the number of Decimals is not set or <= 24 it is a single-precision floating point number

FLOAT

A small (singleprecision) floatingpoint number. Cannot be unsigned A normal-size (double-precision) floating-point number. Cannot be unsigned An unpacked floatingpoint number. Cannot be unsigned

DOUBLE, DOUBLE PRECISION, REAL DECIMAL, NUMERIC

Ranges are -1.7976931348623157E+308 to -2.2250738585072014E-308, 0 and 2.2250738585072014E-308 to 1.7976931348623157E+308. If the number of Decimals is not set or 25 <= Decimals <= 53 stands for a doubleprecision floating point number

Behaves like a CHAR column: "unpacked" means the number is stored as a string, using one character for each digit of the value. The decimal point, and, for negative numbers, the '-' sign is not counted in Length. If Decimals is 0, values will have no decimal point or fractional part. The maximum range of DECIMAL values is the same as for DOUBLE , but the actual range for a given DECIMAL column may be constrained by the choice of Length and Decimals. If Decimals is left out it's set to 0. If Length is left out it's set to 10. Note that in MySQL 3.22 the Length includes the sign and the decimal point The supported range is 1000-01-01 to 9999-12-31. MySQL displays DATE values in YYYY-MM-DD format The supported range is 1000-01-01 00:00:00 to 9999-12-31 23:59:59. MySQL displays DATETIME values in YYYYMM-DD HH:MM:SS format The range is 1970-01-01 00:00:00 to sometime in the year 2037. MySQL displays TIMESTAMP values in YYYYMMDDHHMMSS , YYMMDDHHMMSS , YYYYMMDD or YYMMDD format, depending on whether M is 14 (or missing), 12, 8 or 6, but allows you to assign values to TIMESTAMP columns using either strings or numbers. A TIMESTAMP column is useful for recording the date and time of an INSERT or UPDATE operation because it is automatically set to the date and time of the most recent operation if you don't give it a value yourself

DATE DATETIME

A date A date and time combination A timestamp

TIMESTAMP

converted by Web2PDFConvert.com

TIME

A time

The range is -838:59:59 to 838:59:59. MySQL displays TIME values in HH:MM:SS format, but allows you to assign values to TIME columns using either strings or numbers The allowable values are 1901 to 2155, and 0000 in the 4 year format and 1970-2069 if you use the 2 digit format (70-69). MySQL displays YEAR values in YYYY format, but allows you to assign values to YEAR columns using either strings or numbers. (The YEAR type is new in MySQL 3.22) The range of Length is 1 to 255 characters. Trailing spaces are removed when the value is retrieved. CHAR values are sorted and compared in case-insensitive fashion according to the default character set unless the BINARY keyword is given

YEAR

A year in 2 or 4 digit formats (default is 4digit) A fixed-length string that is always rightpadded with spaces to the specified length when stored A variable-length string. Note: Trailing spaces are removed when the value is stored (this differs from the ANSI SQL specification)

CHAR

VARCHAR

The range of Length is 1 to 255 characters. VARCHAR values are sorted and compared in case-insensitive fashion unless the BINARY keyword is given

TINYBLOB, TINYTEXT BLOB, TEXT MEDIUMBLOB, MEDIUMTEXT LONGBLOB, LONGTEXT ENUM

An enumeration

A BLOB or TEXT column with a maximum length of 255 (2^8 - 1) characters

A BLOB or TEXT column with a maximum length of 65535 (2^16 - 1) characters A BLOB or TEXT column with a maximum length of 16777215 (2^24 - 1) characters

A BLOB or TEXT column with a maximum length of 4294967295 (2^32 - 1) characters

A string object that can have only one value, chosen from the list of values 'value1', 'value2', ..., or NULL . An ENUM can have a maximum of 65535 distinct values. A string object that can have zero or more values, each of which must be chosen from the list of values 'value1', 'value2', ... A SET can have a maximum of 64 members

SET

A set

3.3. Create a contacts table

The contacts table will contain all the contact information for the people you enter and the information will be able to be updated and viewed on the internet. The following fields will be used in the table: Contacts table Name id first last phone mobile fax email web

Type INT VARCHAR VARCHAR VARCHAR VARCHAR VARCHAR VARCHAR VARCHAR

Length 6 15 15 20 20 20 30 30

Description A unique identifier for each record The person's first name The person's last name The person's phone number The person's mobile number The person's fax number The person's e-mail address The person's web address

There is one thing you should be aware of in this database. The id field will also be set as PRIMARY , INDEX , UNIQUE and will be set to auto_increment (found under "extra" in phpMyAdmin). The reason for this is that this will be the field identifier (primary and index) and so must be unique. The auto_increment setting means that whenever you add a record, as long as you don't specify an id , it will be given the next number available.

3.3.1. Create the table with PHP

Create a table in PHP is slightly more difficult than with phpMyAdmin. The SQL takes the following format:
CREATE TABLE tablename ( field1name type(length) extra info,

converted by Web2PDFConvert.com

field2name type(length) extra info )

The following code can be used to create our contacts table with PHP:
<?php $user = "username"; $passw ord = "passw ord"; $database = "database_name"; mysql_connect("localhost", $user, $passw ord); @mysql_select_db($database) or die("Unable to select database!"); $query = "CREATE TABLE contacts ( id int(6) NOT NULL auto_increment, first varchar(15) NOT NULL, last varchar(15) NOT NULL, phone varchar(20) NOT NULL, mobile varchar(20) NOT NULL, fax varchar(20) NOT NULL, email varchar(30) NOT NULL, w eb varchar(30) NOT NULL, PRIMARY KEY (id), UNIQUE id (id), KEY id_2 (id) )"; mysql_query($query); mysql_close(); ?>

4. Connect to the database

The first thing you must do before you can do any work at all is to connect to the MySQL database server. This is an extremely important step as, if you are not connected, your commands to the database will fail. You should always store the fields username, password and database name in variables, if you change any of them at a later date you only have to change one line of code.
$user = "username"; $passw ord = "passw ord"; $database = "database_name";

At this point you may be wondering if it is a security risk, keeping your password in the file. Don't worry, PHP source code is processed by the server before being sent to the browser so it is impossible for the user to see the script's source. The next command starts a database server connection:
mysql_connect("localhost", $user, $passw ord);

This line tells PHP to connect to the MySQL database server at "localhost" ( localhost means the database server runs on the same server the web site is running). Unless your web host tells you otherwise you should always use localhost . When done, close the connection:
mysql_close();

This is a very important command as it closes the connection to the database server. The server will keep the connection open if you do not include this command. Too many open MySQL connections can cause problems for a web host. It is good practice to always include this line once you have issued all your commands to the database.

4.1. Select the database

After you have connected to the database server you must then select the database you wish to use. This must be a database to which your username has access.
@mysql_select_db($database) or die("Unable to select database!");

This command tells PHP to select the database stored in the variable $database (which you set earlier). If it cannot connect it will stop executing the script and will output the error Unable to select database!.

5. Query the database

Now that you have connected to the server and selected the database you want to work with, you are ready to query your database.
converted by Web2PDFConvert.com

mysql_query($query);

5.1. Insert data

We will now insert a new record to our database:
$query = "INSERT INTO contacts (id, first, last, phone, mobile, fax, email, w eb) VALUES ('', 'John', 'Smith', '(351) 239100100', '(351) 239100101', '(351) 239100102', '[email protected]', 'http://w w w .samaxes.com')";

This may look a little confusing at first so lets look at it in more detail.
INSERT INTO contacts (id, first, last, phone, mobile, fax, email, w eb) VALUES ('', 'John', 'Smith', '(351) 239100100', '(351) 239100101', '(351) 239100102', '[email protected]', 'http://w w w .samaxes.com')

This SQL statement is quite easy to understand. It tells to insert the data:
('', 'John', 'Smith', '(351) 239100100', '(351) 239100101', '(351) 239100102', '[email protected]', 'http://w w w .samaxes.com')

into the fields:

(id, first, last, phone, fax, mobile, email, w eb)

of the table contacts . You may have noticed that you are not inserting any value into the first field ( id ) in the database. This field is going to act as an index. No two records in the database will have the same identifier.

5.1.1. Input form

Inserting data using HTML pages is almost identical to inserting it using a PHP script. The benefit though, is that you do not need to change the script for each piece of data you want to insert and you can also allow your users to input their own data. The following code will show an HTML page with text boxes to enter the appropriate details:
<form action="insert.php" method="post"> <p>First Name: <input type="text" name="first"/></p> <p>Last Name: <input type="text" name="last"/></p> <p>Phone: <input type="text" name="phone"/></p> <p>Mobile: <input type="text" name="mobile"/></p> <p>Fax: <input type="text" name="fax"/></p> <p>E-mail: <input type="text" name="email"/></p> <p>Web: <input type="text" name="w eb"/></p> <p><input type="Submit"/></p> </form>

The following script will get the information from the request parameters, connect to the database server and insert the data into the contacts table:
<?php $user = "username"; $passw ord = "passw ord"; $database = "database_name"; $first = $_POST["first"]; $last = $_POST["last"]; $phone = $_POST["phone"]; $mobile = $_POST["mobile"]; $fax = $_POST["fax"]; $email = $_POST["email"]; $w eb = $_POST["w eb"]; mysql_connect("localhost", $user, $passw ord); @mysql_select_db($database) or die("Unable to select database!"); $query = "INSERT INTO contacts (id, first, last, phone, mobile, fax, email, w eb) VALUES ('', '$first', '$last', '$phone', '$mobile', '$fax', '$email', '$w eb')"; mysql_query($query); mysql_close(); ?>

converted by Web2PDFConvert.com

This script should then be saved as insert.php so that it can be called by the HTML form.

5.2. Select data

Now that you should have at least one record, you will be wanting to know how you can output this data using PHP. The first command you will need to use is a MySQL query made up like this:
SELECT * FROM contacts

This is a basic MySQL command which will tell the script to select all the records in the contacts table. Because there will be output from this command it must be executed with the results being assigned to a variable:
$query = "SELECT * FROM contacts"; $result = mysql_query($query);

In this case the whole content of the contacts table is now contained in a special array with the name $result .

5.2.1. Counting rows

Before you can go through the data in your $result variable, you must know how many database rows there are:
$num = mysql_numrow s($result);

This will set the value of $num to the number of rows stored in $result (the output you got from the database). This can then be used in a loop to get all the data and output it on the screen.

5.2.2. Setting up the loop

You must now set up a loop to take each row of the result and print the data held there. By using $num , which you created above, you can loop through all the rows quite easily.
$i = 0; w hile ($i < $num) { // your code... $i++; }

5.2.3. Assigning data to variables

The final part of this output script is to assign each piece of data to its own variable:
$variable = mysql_result($result, $i, "field_name");

We will not need to get the id field (although we can) because we have no use for it in the current output page.

5.2.4. Listing rows

We can now write a full script to output the data. In this script the data is not formatted.
<?php $user = "username"; $passw ord = "passw ord"; $database = "database_name"; mysql_connect("localhost", $user, $passw ord); @mysql_select_db($database) or die("Unable to select database!"); $query = "SELECT * FROM contacts"; $result = mysql_query($query); $num = mysql_numrow s($result); mysql_close(); echo "<h1>Contacts list:</h1>"; $i = 0; w hile ($i < $num) { $first = mysql_result($result, $i, "first"); $last = mysql_result($result, $i, "last"); $phone = mysql_result($result, $i, "phone"); $mobile = mysql_result($result, $i, "mobile"); $fax = mysql_result($result, $i, "fax"); $email = mysql_result($result, $i, "email");

converted by Web2PDFConvert.com

$w eb = mysql_result($result, $i, "w eb"); echo "<p>$first $last</p><p>Phone: $phone</p><p>Mobile: $mobile</p><p>Fax: $fax</p> <p>E-mail: $email</p><p>Web: $w eb</p><hr/>"; $i++; } ?>

5.2.5. Formatting output

In the previous section we output a list of all the people stored in the database. This just gave us a very basic output, though and is not particularly useful for a working website. Instead, it would be better if we could format it into an HTML table. Doing this formatting is not particularly complicated. All you need to do is use PHP to output HTML and include your variables in the correct spaces. The easiest way to do this is by closing your PHP tag and entering the HTML normally. When you reach a variable position, include it in your code as follows:
<?php echo $variablename; ?>

You can also use the PHP loop to repeat the appropriate code and include it as part of a larger table. For example, using part of the code from the previous section which looped to output the database you can format it to be displayed in one large table:
<table> <thead> <tr> <th>Name</th> <th>Phone</th> <th>Mobile</th> <th>Fax</th> <th>E-mail</th> <th>Website</th> </tr> </thead> <tbody> <?php $i=0; w hile ($i < $num) { $first = mysql_result($result, $i, "first"); $last = mysql_result($result, $i, "last"); $phone = mysql_result($result, $i, "phone"); $mobile = mysql_result($result, $i, "mobile"); $fax = mysql_result($result, $i, "fax"); $email = mysql_result($result, $i, "email"); $w eb = mysql_result($result, $i, "w eb"); ?> <tr> <td><?php echo $first . " " . $last; ?></td> <td><?php echo $phone; ?></td> <td><?php echo $mobile; ?></td> <td><?php echo $fax; ?></td> <td><a href="mailto:<?php echo $email; ?>"><?php echo $email; ?></a></td> <td><a href="<?php echo $w eb; ?>"><?php echo $w eb; ?></a></td> </tr> <?php $i++; } ?> </tbody> </table>;

This code will print the table headers and add an extra table row for each record in the database.

5.2.6. Error trapping

By outputting all the information from the database, it is quite unlikely that there will be no data, but if you allow updating and deleting records, it is certainly a possibility. You can make a simple error trap using an if statement:
if ($num == 0) { echo "The database contains no contacts yet"; } else {

converted by Web2PDFConvert.com

// loop... }

You can expand on this more by making it more user friendly (for example by providing a link to the "Add data" page if no contacts exist).

5.2.7. Select a single record

If you remember back to creating the database for the contacts at the beginning of this tutorial, you will remember that we included a numerical field called id . This field was set as auto_increment as well as being the primary field. I have already explained how this field is unique for every single record in the database, but I will now take this a stage further by explaining how this can be used to select an individual record from a database. By using the unique id field we can select any record from our database using:
SELECT * FROM contacts W HERE id = $id

Where $id is a variable holding a number of a record. This may seem to be a little worthless as it is, but you can use this very effectively in a number of different ways. For example, if you want to have a dynamically generated site run through a database and a single PHP script, you could write the script to include the database data into the design. Then, using the id field, you could select each individual page and put it into the output. You can even use the page's URL to specify the record you want: http://www.example.com/news/items.php?item=7393. And then have the PHP script look up the record with the id corresponding to the item parameter which in this case would be 7393 .

5.2.8. Filter data

As well as showing the whole database, PHP can be used to select individual records, or records which match certain criteria. To do this you must use a variation of the SELECT query. Select only the contacts who have the first name "John":
SELECT * FROM contacts W HERE first = 'john'

As with other MySQL queries, it is almost like plain english. In the same way, you can select records based on any field in the database. You can also use variables to give the database criteria. For example, if you had a search form you could get the last name people want to search for and store it in a variable called $searchlast . Then you could execute the following piece of code:
$query = "SELECT * FROM contacts W HERE last = '$searchlast'"; $result = mysql_query($query);

5.2.9. Ordering data

Not only can you output data based on the contents of a field, but you can also order the output based on a field. By default, the output from your queries will be in order of the id field. You can sort it on any field, though. For example, a useful sort would be to place all the users in alphabetical order based on their last name. For those not familiar with standard databases, this would be in ascending order as it goes from A to Z (ascending order is also for 1 to 10 and descending order provides Z to A or 10 to 1). To do this you would use the following query:
SELECT * FROM contacts ORDER BY last ASC

You could also replace ASC by DESC to order the data in descending order.

5.3. Update data

The first part of the update script uses the single record selection from the previous section but adds a little HTML to it to make it more useful.

5.3.1. Update page

First of all, we connect to the database and select the appropriate record.
<?php $id = $_GET["id"]; $user = "username"; $passw ord = "passw ord"; $database = "database_name"; mysql_connect("localhost", $user, $passw ord); @mysql_select_db($database) or die("Unable to select database!"); $query = "SELECT * FROM contacts W HERE id = $id"; $result = mysql_query($query); $num = mysql_numrow s($result); mysql_close(); $i = 0; w hile ($i < $num) {

converted by Web2PDFConvert.com

$first = mysql_result($result, $i, "first"); $last = mysql_result($result, $i, "last"); $phone = mysql_result($result, $i, "phone"); $mobile = mysql_result($result, $i, "mobile"); $fax = mysql_result($result, $i, "fax"); $email = mysql_result($result, $i, "email"); $w eb = mysql_result($result, $i, "w eb"); // Space for code ++$i; } ?>

Where "Space for code" comment will be replaced by the code for the update form. This is, in fact, just plain HTML formatting the output:
<form action="update.php" method="post"> <p><input type="hidden" name="id" value="<?php echo $id; ?>"/></p> <p>First Name: <input type="text" name="first" value="<?php echo $first; ?>"/></p> <p>Last Name: <input type="text" name="last" value="<?php echo $last; ?>"/></p> <p>Phone Number: <input type="text" name="phone" value="<?php echo $phone; ?>"/></p> <p>Mobile Number: <input type="text" name="mobile" value="<?php echo $mobile; ?>"/></p> <p>Fax Number: <input type="text" name="fax" value="<?php echo $fax; ?>"/></p> <p>E-mail Address: <input type="text" name="email" value="<?php echo $email; ?>"/></p> <p>Web Address: <input type="text" name="w eb" value="<?php echo $w eb; ?>"/></p> <p><input type="Submit" value="Update"/></p> </form>

As you can see, this code will output a standard form, but instead of having blank text boxes like on the form for inserting a new record, this one already has the current information from the database inserted into it. This makes it much more effective for an update script.

5.3.2. Update database

The next stage of this script is to actually update the database. This is a simple operation and just involves a new query for the database:
$query = "UPDATE contacts SET first = '$first', last = '$last', phone = '$phone', mobile = '$mobile', fax = '$fax', email = '$email', w eb = '$w eb' W HERE id = " . $id;

This query tells the database to update the contacts table where the id is the same as the value stored in $id . This query could then be integrated into a simple script:
$id = $_POST["id"]; $first = $_POST["first"]; $last = $_POST["last"]; $phone = $_POST["phone"]; $mobile = $_POST["mobile"]; $fax = $_POST["fax"]; $email = $_POST["email"]; $w eb = $_POST["w eb"]; $user = "username"; $passw ord = "passw ord"; $database = "database_name"; mysql_connect("localhost", $user, $passw ord); @mysql_select_db($database) or die("Unable to select database!"); $query = "UPDATE contacts SET first = '$first', last = '$last', phone = '$phone', mobile = '$mobile', fax = '$fax', email = '$email', w eb = '$w eb' W HERE id = " . $id; mysql_query($query); echo "Record updated!"; mysql_close();

This code would update the database and give the user a confirmation message.

5.4. Delete data

The final part of the contacts database that needs to be created is a page to delete records. As with the update page, this should have a record id sent to it in the URL: delete.php?id=9. The code to do this is the same as to update the database, except with a slightly different MySQL query. Instead of the UPDATE query you should use:

converted by Web2PDFConvert.com

DELETE FROM contacts W HERE id = $id

This query can be used with the connection and confirmation message of the code above.

6. Final tips
Save time and optimize your search.

6.1. Save time

When creating complex scripts using databases you will find that the most common thing you are doing is connecting to a database. Because of this, you can actually save time by creating either a username/password file or a connection file. For example for a username/password file you would create a file called dbinfo.inc.php and put the following code on it:
<?php $username = "database_username"; $passw ord = "database_passw ord"; $database = "database_name"; ?>

Replacing the appropriate sections. Then in your .php files use the following code at the beginning:
include("dbinfo.inc.php"); // or include("/full/path/to/file/dbinfo.inc.php");

Then, you can use the variables $username , $passw ord and $database throughout your scripts without having to define them every time. Also, if you ever change this information, for example if you move to another web host, there is only one file to change.

6.2. Searching
A limited form of searching can also be performed on your database using a built in MySQL function. The LIKE keyword:
SELECT * FROM tablename W HERE fieldname LIKE '%$value%'

To explain further, LIKE tells the database to perform its "searching" feature. The % signs mean that any other data could appear in their place and $value would hold your search string. For instance, LIKE '%piano%' would output any rows with the word piano in the specified field. Similarly, you can leave out one of the % signs so that you can specify the position of the string:
SELECT * FROM tablename W HERE fieldname LIKE 'piano%'

will only output rows where the specified field begins with the piano word. So a record with the string "The piano is next to the table" will not show up.

7. Security
At this point it should be noted that you must be very careful in using the technique given above. Without correct security measures, it would be very easy for someone to access data on your server, or even make changes to the database. This can occur if the user sets the variable to a value which edits the SQL string being generated in such a way that it can be used for their own purposes. I won't go into full details here, but there are many websites which give full details (search for "sql injection attack"). This security hole is easy to plug with a bit of work. Always check input data for invalid characters and use PHP's built in functions to remove control characters, HTML code, etc. Again, there are many websites which go into this in depth.

Top This PHP Tutorial was created by Samuel Santos @samaxes

converted by Web2PDFConvert.com