Sunday, July 29, 2007

Installing 'XAMPP' for Working with PHP

(This is a guest author article.)

I don't want to get any further into PHP without being prepared for it. As I wrote in An Introduction to PHP, I recommend using XAMPP for Windows to set up a server on a PC running Windows. I would be a hypocrite for saying that if I wasn't using it myself. I held off on writing this article until I could take the time to install it on my own PC (my laptop).

Before I could install XAMPP, which includes practically everything I need to run a web server, I had to remove the old software. I had older versions of PHP, MySQL, Mercury Mail and a different web server that I no longer used. After I finished uninstalling all the old junk, I installed XAMPP. XAMPP installed Apache HTTPD 2, MySQL 5, PHP 5 + 4 + PEAR + Switch, MiniPerl 5, Openssl 0.9, PHPMyAdmin 2, XAMPP Control Panel 2.5, Webalizer 2, Mercury Mail Transport System v4, FileZilla FTP Server 0.9, SQLite 2, ADODB 4, Zend Optimizer 3, XAMPP Security, and Ming. That's a lot of software, but you have to download add-ons to install Perl 5 and Tomcat 6. I don't need them right now, so I didn't bother.

Even using "localhost" or "127.0.0.1" as your local server address, setting up security is a good idea. Before I proceeded I put http://localhost/security in my address bar and viewed the security settings. The XAMPP pages were not secure, the MySQL server was not secure and phpMyAdmin was not secure. I clicked the link about halfway down the page, ending in "xamppsecurity.php" and set the passwords for both the MySQL server and the XAMPP pages. I had to navigate to c:\xampp\phpmyadmin and edit the "conf.inc.php" file to include the same password I set for the MySQL database. XAMPP has a pretty good front end but it can't do everything automatically. Hence the need to manually edit the phpMyAdmin configuration file.

Why do I think security is important on your local machine? Unless your PC is disconnected from the Internet from now on, any servers running are open to attack. Why make it easier for attackers by leaving the security holes open? Firewalls, any of them, can have flaws that allow penetration. Securing your servers is an extra step in case you're allowing your server to be seen on the Internet or if your firewall has been compromised.

Once the servers are set up, you can create web pages and experiment with PHP and database interaction. Since I'm in the process of writing an article about using XAMPP to set up a WordPress "sandbox" over at Untwisted Vortex, I'll be installing a local copy of my web site on my machine. I already have a duplicate of the all the files. I also have multiple backup copies of the database. My next step is to export the database to an XML file and then import it to my sandbox server. XAMPP made the appropriate changes to the "php.ini" file so that I can upload a file up to 32 megabytes in size. The default for PHP is 2 megabytes and it isn't big enough for my database import. I know that because I tried it when I changed web hosts. I ended up restoring a backup copy and it wasn't very easy to do.

(Edit: WordPress doesn't support large files for export to import of WordPress to WordPress yet. I don't need the data for testing, so I'll skip that step and just set up a new database on the PC.)

The next article I write on PHP will concentrate on some "gotchas" of the "php.ini" file. Script writers who publish their scripts at various repositories make a lot of mistakes with it (and make a lot of assumptions) and consequently their scripts have code that isn't correct for all situations. In the meantime, you can set up a web server that supports PHP on your PC if you want to follow along. Don't worry; you can remove all that software later if you don't want to mess with it.