Curly braces, semicolons, no signficant whitespace
Syntax inspired by perl
Dollar signs to start variable names, associative arrays
Extends HTML to add segments of PHP within an HTML file.
Philosphy of PHP
You are a responsible and intelligent programmer
You know what you want to do
Some flexibility in syntax is OK - style choices are OK
Lets make this as convienent as possible
Sometimes errors fail silently
History of PHP
PHP originally stood for “Personal Home Page”
It started out, in 1994, as a simple preprocessor of HTML files
built by Rasmus Lerdorf (born in Greenland, grew up in Denmark and Canada, graduated from U of Waterloo in 1993, now prominent member of Open Source movement)
original purpose was to log people who viewed his on-line resume
Since then, has been developed by a growing community of open source developers
Name now supposed to stand for “Hypertext Pre-Processor”
Advantages of PHP
Freely available
The PHP group provides complete source code free of charge
Similar syntax to C, Pearl
Works with many operating systems
Can be deployed on many web servers
Interacts with lots of databases
It is supported by many providers of webhosting
History – Released versions
PHP 3
The scripting core was rewritten by Zeev Suraski and Andi Gutmans
The name was changed to Hypertext preprocessor
It is able to work with MS Windows and Macintosh
PHP4
Added Zend engine
Introduced 'superglobals' ($_GET)
None of these versions is under development now
History of PHP
PHP began in 1995 when Rasmus Lerdorf developed a Perl/CGI script toolset he called the Personal Home Page or PHP
PHP 2 released 1997 (PHP now stands for Hypertex Processor). Lerdorf developed it further, using C instead
PHP3 released in 1998 (50,000 users)
PHP4 released in 2000 (3.6 million domains). Considered debut of functional language and including Perl parsing, with other major features
PHP5.0.0 released July 13, 2004 (113 libraries>1,000 functions with extensive object-oriented programming)
PHP5.0.5 released Sept. 6, 2005 for maintenance and bug fixes
PHP - What is it / does it do?
Static resources such as regular HTML are simply output to the client from the server
Dynamic resources such as PHP scripts are processed on the server prior to being output to the client
PHP has the capability of connecting to many database systems making the entire process transparent to the client
PHP Engine –
Run Script
Web Page Request
Load PHP File
PHP Results
HTML Response
Current version - PHP 5
The most recent extension (the 5.2.6) was published on May 1, 2008
Uses enhanced Zend II engine
It includes :
support for object-oriented programming,
the PHP Data Objects extension (simplifies accessing databases)
numerous performance enhancements
websites using PHP
More than 20 million Internet domains are hosted on servers with PHP installed
Significant examles
User-facing portion of Facebook
Wikipedia (MediaWiki)
Yahoo!
MyYearbook
What do You Need to work with PHP?
If your server supports PHP
You don’t need anything
Just create some .php files in your web directory
If your server does not support PHP, you must install PHP.
Download PHP
Download database (MySQL)
Download server (Apache)
WHY PHP – Sessions ?
Whenever you want to create a website that allows you to store and display information about a user, determine which user groups a person belongs to, utilize permissions on your website or you just want to do something cool on your site, PHP's Sessions are vital to each of these features.
Cookies are about 30% unreliable right now and it's getting worse every day. More and more web browsers are starting to come with security and privacy settings and people browsing the net these days are starting to frown upon Cookies because they store information on their local computer that they do not want stored there.
PHP has a great set of functions that can achieve the same results of Cookies and more without storing information on the user's computer. PHP Sessions store the information on the web server in a location that you chose in special files. These files are connected to the user's web browser via the server and a special ID called a "Session ID". This is nearly 99% flawless in operation and it is virtually invisible to the user.
PHP - Sessions
Sessions store their identifier in a cookie in the client’s browser
Every page that uses session data must be proceeded by the session_start() function
Session variables are then set and retrieved by accessing the global $_SESSION[]
Save it as session.php
<?php
session_start();
if (!$_SESSION["count"])
$_SESSION["count"] = 0;
if ($_GET["count"] == "yes")
$_SESSION["count"] = $_SESSION["count"] + 1;
echo "<h1>".$_SESSION["count"]."</h1>";
?>
<a href="session.php?count=yes">Click here to count</a>
Avoid Error PHP - Sessions
PHP Example: <?php
echo "Look at this nasty error below:<br />";
session_start();
?>
Error!
PHP Example: <?php
session_start();
echo "Look at this nasty error below:";
?>
Correct
Warning: Cannot send session cookie - headers already sent by (output started at session_header_error/session_error.php:2) in session_header_error/session_error.php on line 3
Warning: Cannot send session cache limiter - headers already sent (output started at session_header_error/session_error.php:2) in session_header_error/session_error.php on line 3
Destroy PHP - Sessions
Destroying a Session
why it is necessary to destroy a session when the session will get destroyed when the user closes their browser. Well, imagine that you had a session registered called "access_granted" and you were using that to determine if the user was logged into your site based upon a username and password. Anytime you have a login feature, to make the users feel better, you should have a logout feature as well. That's where this cool function called session_destroy() comes in handy. session_destroy() will completely demolish your session (no, the computer won't blow up or self destruct) but it just deletes the session files and clears any trace of that session.
NOTE: If you are using the $_SESSION superglobal array, you must clear the array values first, then run session_destroy.
Here's how we use session_destroy():
Destroy PHP - Sessions
<?php
// start the session
session_start();
header("Cache-control: private"); //IE 6 Fix
$_SESSION = array();
session_destroy();
echo "<strong>Step 5 - Destroy This Session </strong><br />";
if($_SESSION['name']){
echo "The session is still active";
} else {
echo "Ok, the session is no longer active! <br />";
echo "<a href=\"page1.php\"><< Go Back Step 1</a>";
}
?>
Basics of syntax
Scripting block starts with <?php and ends with ?>
Each code line in PHP must end with a (;)
Comments
// ,#comment
/*comment */
Writing of the plain text
Echo “text”
print “text”
Variables in PHP
Each variable starts with $ symbol
Variable name can contain only a-Z,0-9,_
It does not need to be declared before its setting.
new dayOfWeek($_GET[“day”],$_GET[“week”],$_GET[“ month”]);
print “You born on “.$instance->calculate().”\n”;
?>
Inheritance
Allow the creation of a hierarchy of classes
Class reuseMe {
function reuseMe(){...}
function doTask1(){...}
function doTask2(){...}
function doTask3(){...}
}
Class extends reuseMe {
function example(){
... // local initializations
// call super constructor
reuseMe::reuseMe();
}
function doTask4(){...}
function doTask5(){...}
function doTask6(){...}
}
Polymorphism
Class extends reuseMe {
function example(){
... // local initializations
// call super constructor
reuseMe::reuseMe();
}
function doTask4(){...}
function doTask5(){...}
function doTask6(){...}
function doTask3(){...}
}
class reuseMe {
function reuseMe(){...}
function doTask1(){...}
function doTask2(){...}
function doTask3(){...}
}
A member function can override superclass implementation. Allow each subclass to reimplement a common interfaces.
Multiple Inheritance not actually supported by PHP
class extends reuseMe1,reuseMe2 {...}
class reuseMe1 {
function reuseMe1(){...}
function doTask1(){...}
function doTask2(){...}
function doTask3(){...}
}
class reuseMe2 {
function reuseMe2(){...}
function doTask3(){...}
function doTask4(){...}
function doTask5(){...}
}
Variable types
Numerical
Integer – positive as well as negative, including 0
Float – real numbers, 14 digits accuracy
Logical
Boolean - True x False, not case sensitive
Alphabetical
String – set of characters
Working with variables
Settype($var, “integer”)
allows you to set variable according to your wish
Gettype()
write the type of variable
(.)
Connects 2 variables of string type
strlen()
finds the length of a string
Enabling PHP in HTTP servers
PHP is available on many servers today, in Windows and all types of Unix environments
It is supported by Apache, AOLServer, Roxen and others
Servers can be configured to enable PHP in different ways
We will assume that the httpd recognizes a file who name has the suffix .php as a PHP file
<h1>Hello from Dr. Chuck's HTML Page</h1>
<p>
<?php
echo "Hi there.\n";
$answer = 6 * 7;
echo "The answer is $answer, what ";
echo "was the question again?\n";
?>
</p>
<p>Yes another paragraph.</p>
<h1>Hello from Dr. Chuck's HTML Page</h1>
<p>
<?php
echo "Hi there.\n";
$answer = 6 * 7;
echo "The answer is $answer, what ";
echo "was the question again?\n";
?>
</p>
<p>Yes another paragraph.</p>
PHP From the Command Line
You can run PHP from the command line - the output simply comes out on the terminal
It does not have to be part of a request-response cycle
<?php
echo("Hello World!");
echo("\n");
?>
Key Words
http://php.net/manual/en/reserved.php
abstract and array() as break case catch class clone const continue declare default do else elseif end declare endfor endforeach endif endswitch endwhile extends final for foreach function global goto if implements interface instanceof namespace new or private protected public static switch $this throw try use var while xor
Variable Names
Start with a dollar sign ($) followed by a letter or underscore, followed by any number of letters, numbers, or underscores
Case matters
$abc = 12;
$total = 0;
$largest_so_far = 0;
abc = 12;
$2php = 0;
$bad-punc = 0;
Variable Name Weirdness
Things that look like variables but are missing a dollar sign can be confusing
$x = 2;
$y = x + 5;
print $y;
$x = 2;
y = $x + 5;
print $x;
5
Parse error
Expressions
Completely normal like other languages ( + - / * )
More agressive implicit type conversion
<?php
$x = "15" + 27;
echo($x);
echo("\n");
?>
42
Output
echo is a language construct - can be treated like a function with one parameter. Without parenthesis, it accepts multiple parameters.
print is a function - only one parameter but parenthesis are optional so it can look like a language construct
Can send limited amount of information (max. 100 characters)
<html>
<body>
Welcome <?php echo $_GET["name"]; ?> <br />
You are <?php echo $_GET["age"]; ?> years old
</body>
</html>
PHP Loops
> Often when you write code, you want the same block of code to run over and over again in a row. Instead of adding several almost equal lines in a script we can use loops to perform a task like this.
> In PHP, we have the following looping statements:
PHP Loops
> while - loops through a block of code while a specified condition is true
> do...while - loops through a block of code once, and then repeats the loop as long as a specified condition is true
> for - loops through a block of code a specified number of times
> foreach - loops through a block of code for each element in an array
PHP Loops - While
The while loop executes a block of code while a condition is true. The example below defines a loop that starts with
i=1. The loop will
continue to run as
long as i is less
than, or equal to 5.
i will increase by 1
each time the loop
runs:
PHP Loops - While
PHP Loops – Do ... While
The do...while statement will always execute the block of code once, it will then check the condition, and repeat the loop while the condition is true.
The next example defines a loop that starts with i=1. It will then increment i with 1, and write some output. Then the condition is checked, and the loop will continue to run as long as i is less than, or equal to 5:
PHP Loops – Do ... While
PHP Loops – Do ... While
PHP Loops - For
PHP Loops - For
Parameters:
> init: Mostly used to set a counter (but can be any code to be executed once at the beginning of the loop)
> condition: Evaluated for each loop iteration. If it evaluates to TRUE, the loop continues. If it evaluates to FALSE, the loop ends.
> increment: Mostly used to increment a counter (but can be any code to be executed at the end of the loop)
PHP Loops - For
The example below defines a loop that starts with i=1. The loop will continue to run as long as i is less than, or equal to 5. i will increase by 1 each time the loop runs:
PHP Loops - For
PHP Loops - Foreach
For every loop iteration, the value of the current array element is assigned to $value (and the array pointer is moved by one) - so on the next loop iteration, you'll be looking at the next array value.
PHP Loops - Foreach
The following example demonstrates a loop that will print the values of the given array:
PHP Loops - Foreach
Winner of the most impressive slide award
PHP Functions
> We will now explore how to create your own functions.
> To keep the script from being executed when the page loads, you can put it into a function.
> A function will be executed by a call to the function.
> You may call a function from anywhere within a page.
PHP Functions
A function will be executed by a call to the function.
> Give the function a name that reflects what the function does
> The function name can start with a letter or underscore (not a number)
Functions
Functions MUST be defined before then can be called
Function headers are of the format
Note that no return type is specified
Unlike variables, function names are not case sensitive (foo(…) == Foo(…) == FoO(…))
function functionName($arg_1, $arg_2, …, $arg_n)
PHP Functions
A simple function that writes a name when it is called:
PHP Functions - Parameters
Adding parameters...
> To add more functionality to a function, we can add parameters. A parameter is just like a variable.
> Parameters are specified after the function name, inside the parentheses.
PHP Functions - Parameters
PHP Functions - Parameters
PHP Functions - Parameters
This example adds different punctuation.
PHP Functions - Parameters
Functions example
<?php
// This is a function
function foo($arg_1, $arg_2)
{
$arg_2 = $arg_1 * $arg_2;
return $arg_2;
}
$result_1 = foo(12, 3); // Store the function
echo $result_1; // Outputs 36
echo foo(12, 3); // Outputs 36
?>
PHP Forms - $_GET Function
> The built-in $_GET function is used to collect values from a form sent with method="get".
> Information sent from a form with the GET method is visible to everyone (it will be displayed in the browser's address bar) and has limits on the amount of information to send (max. 100 characters).
PHP Forms - $_GET Function
Notice how the URL carries the information after the file name.
PHP Forms - $_GET Function
The "welcome.php" file can now use the $_GET function to collect form data (the names of the form fields will automatically be the keys in the $_GET array)
PHP Forms - $_GET Function
> When using method="get" in HTML forms, all variable names and values are displayed in the URL.
> This method should not be used when sending passwords or other sensitive information!
> However, because the variables are displayed in the URL, it is possible to bookmark the page. This can be useful in some cases.
> The get method is not suitable for large variable values; the value cannot exceed 100 chars.
PHP Forms - $_POST Function
> The built-in $_POST function is used to collect values from a form sent with method="post".
> Information sent from a form with the POST method is invisible to others and has no limits on the amount of information to send.
> Note: However, there is an 8 Mb max size for the POST method, by default (can be changed by setting the post_max_size in the php.ini file).
PHP Forms - $_POST Function
And here is what the code of action.php might look like:
PHP Forms - $_POST Function
Apart from htmlspecialchars() and (int), it should be obvious what this does. htmlspecialchars() makes sure any characters that are special in html are properly encoded so people can't inject HTML tags or Javascript into your page.
For the age field, since we know it is a number, we can just convert it to an integer which will automatically get rid of any stray characters. The $_POST['name'] and $_POST['age'] variables are automatically set for you by PHP.
PHP Forms - $_POST Function
When to use method="post"?
> Information sent from a form with the POST method is invisible to others and has no limits on the amount of information to send.
> However, because the variables are not displayed in the URL, it is not possible to bookmark the page.
A constant is an identifier (name) for a simple value. A constant is case-sensitive by
default. By convention, constant identifiers are always uppercase.
<?php
// Valid constant names
define("FOO", "something");
define("FOO2", "something else");
define("FOO_BAR", "something more");
// Invalid constant names (they shouldn’t start
// with a number!)
define("2FOO", "something");
// This is valid, but should be avoided:
// PHP may one day provide a “magical” constant
// that will break your script
define("__FOO__", "something");
?>
You can access constants anywhere in your script without regard to scope.
Escaping the Character
If the string has a set of double quotation marks that must remain visible, use the \ [backslash] before the quotation marks to ignore and display them.
<?php
$heading=“\”Computer Science\””;
Print $heading;
?>
“Computer Science”
Scalars
All variables in PHP start with a $ sign symbol. A variable's type is determined by the
context in which that variable is used (i.e. there is no strong-typing in PHP).
<html><head></head>
<!-- scalars.php -->
<body> <p>
<?php
$foo = true; if ($foo) echo "It is TRUE! <br /> \n";
$txt='1234'; echo "$txt <br /> \n";
$a = 1234; echo "$a <br /> \n";
$a = -123;
echo "$a <br /> \n";
$a = 1.234;
echo "$a <br /> \n";
$a = 1.2e3;
echo "$a <br /> \n";
$a = 7E-10;
echo "$a <br /> \n";
echo 'Arnold once said: "I\'ll be back"', "<br /> \n";
$beer = 'Heineken';
echo "$beer's taste is great <br /> \n";
$str = <<<EOD
Example of string
spanning multiple lines
using “heredoc” syntax.
EOD;
echo $str;
?>
</p>
</body>
</html>
Four scalar types:
boolean
true or false
integer,
float,
floating point numbers
string
single quoted
double quoted
PHP Control Structures
Control Structures: Are the structures within a language that allow us to control the flow of execution through a program or script.
Grouped into conditional (branching) structures (e.g. if/else) and repetition structures (e.g. while loops).
Example if/else if/else statement:
if ($foo == 0) {
echo ‘The variable foo is equal to 0’;
}
else if (($foo > 0) && ($foo <= 5)) {
echo ‘The variable foo is between 1 and 5’;
}
else {
echo ‘The variable foo is equal to ‘.$foo;
}
If ... Else...
If (condition)
{
Statements;
}
Else
{
Statement;
}
<?php
If($user==“John”)
{
Print “Hello John.”;
}
Else
{
Print “You are not John.”;
}
?>
No THEN in PHP
While Loops
While (condition)
{
Statements;
}
<?php
$count=0;
While($count<3)
{
Print “hello PHP. ”;
$count += 1;
// $count = $count + 1;
// or
// $count++;
?>
hello PHP. hello PHP. hello PHP.
Date Display
$datedisplay=date(“yyyy/m/d”);
Print $datedisplay;
# If the date is April 1st, 2009
# It would display as 2009/4/1
2009/4/1
$datedisplay=date(“l, F m, Y”);
Print $datedisplay;
# If the date is April 1st, 2009
# Wednesday, April 1, 2009
Wednesday, April 1, 2009
Month, Day & Date Format Symbols
M
Jan
F
January
m
01
n
1
Day of Month
d
01
Day of Month
J
1
Day of Week
l
Monday
Day of Week
D
Mon
Include Files
Include “opendb.php”;
Include “closedb.php”;
This inserts files; the code in files will be inserted into current code. This will provide useful and protective means once you connect to a database, as well as for other repeated functions.
echo "User's IP address: " . $_SERVER["REMOTE_ADDR"];
?>
<?php
echo "<br/><br/><br/>";
echo "<h2>All information</h2>";
foreach ($_SERVER as $key => $value)
{
echo $key . " = " . $value . "<br/>";
}
?>
</body>
</html>
The $_SERVER is a super global variable, i.e. it's available in all scopes of a PHP script.
$_SERVER info on php.net
File Open
The fopen("file_name","mode") function is used to open files in PHP.
<?php
$fh=fopen("welcome.txt","r");
?>
r Read only. r+ Read/Write.
w Write only. w+ Read/Write.
a Append. a+ Read/Append.
x Create and open for write only. x+ Create and open for read/write.
If the fopen() function is unable to open the specified file, it returns 0 (false).
<?php
if
( !($fh=fopen("welcome.txt","r")) )
exit("Unable to open file!");
?>
For w, and a, if no file exists, it tries to create it (use with caution, i.e. check that this is the case, otherwise you’ll overwrite an existing file).
For x if a file exists, this function fails (and returns 0).
File Workings
fclose() closes a file.
feof() determines if the end is true.
fgetc() reads a single character
<?php
$myFile = "welcome.txt";
if (!($fh=fopen($myFile,'r')))
exit("Unable to open file.");
while (!feof($fh))
{
$x=fgetc($fh);
echo $x;
}
fclose($fh);
?>
<?php
$myFile = "welcome.txt";
$fh = fopen($myFile, 'r');
$theData = fgets($fh);
fclose($fh);
echo $theData;
?>
fgets() reads a line of data
fwrite(), fputs () writes a string with and without \n
<?php
$myFile = "testFile.txt";
$fh = fopen($myFile, 'a') or die("can't open file");
$stringData = "New Stuff 1\n";
fwrite($fh, $stringData);
$stringData = "New Stuff 2\n";
fwrite($fh, $stringData);
fclose($fh);
?>
file() reads entire file into an array
<?php
$lines = file('welcome.txt');
foreach ($lines as $l_num => $line)
{
echo "Line #{$l_num}:“ .$line.”<br/>”;
}
?>
Form Handling
Any form element is automatically available via one of the built-in PHP variables (provided that element has a “name” defined with it).
<html>
<-- form.html -->
<body>
<form action="welcome.php" method="POST">
Enter your name: <input type="text" name="name" /> <br/>
Enter your age: <input type="text" name="age" /> <br/>
Normally, when a browser sends HTML form data in the message body of a POST request, the value in the CONTENT-TYPE header is:
Normally, when a browser sends HTML form data in the message body of a POST request, the value in the CONTENT-TYPE header is:
application/x-www-form-urlencoded
The new attribute, enctype, in the FORM tag tells the browser that it should send the following value in the CONTENT-TYPE header:
multipart/form-data
Controlling Headers/Status lines with PHP
Sending Headers in PHP
You have seen that, if you use the CGI protocol, you can have complete control over the status line and headers that are sent in a HTTP response – to do so, you must use nph files
PHP does not seem to provide the same level of control
For example, it seems to prevent one sending status lines involving status codes that you have invented yourself – even though HTTP allows this
Nevertheless, PHP does enable you to have some control over status lines and response headers
Sending Headers in PHP (contd.)
PHP provides a built-in function, header(), which can be used to set HTTP header lines in a response message
The function name is mis-leading – it can also, within limits, be used to control the HTTP status line
Format:
header ( some-string [, some-boolean]);
Example calls:
header('WWW-Authenticate: Negotiate');
header('WWW-Authenticate: NTLM‘,false);
By default, a second header of the same type will replace an earlier one of the same type
If false is sent as the optional boolean parameter, the header will not replace an earlier one of the same type
Sending Headers in PHP (contd.)
PHP treats two type of call to header() in a special way
If you use header() to send a Location: header, PHP will auatomatgically change the code in the status line of the response to be 302 (REDIRECT)
The second special case is any header that starts with the string, "HTTP/" (case is not significant)
this will be used, within the limits of predefined standard values, to control the status line
header("HTTP/1.0 404 Not Found");
Introduced php handling of multiple selections in forms
Introduced php handling of multiple selections in forms
User-authentication in PHP
The header() function can be used to send headers requiring authentication
This will cause a browser to pop up a username/password/realm dialog window and
When the values have been provided, send a new request back to the same page containing the appropriate information
This time, some special PHP variables will be set:
$PHP_AUTH_USER,
$PHP_AUTH_PW and
$PHP_AUTH_TYPE
User-authentication in PHP (contd.)
The code below captures the user’s name and password
An improved version would check this against the contents of some file
The PHP_AUTH variables will not be set if external authentication is enabled for that particular page.
This is to prevent a script which reveals the password for a page that was protected through a traditional external mechanism, such as the .htpasswd mechanism
In this case, the $REMOTE_USER variable can be used to identify the externally-authenticated user.
Handling Cookies in PHP
PHP provides a function called setcookie() which can be used to send cookies to a browser
Since cookies are sent in HTTP headers, this function must be called before any ordinary content (such as HTML) is sent
Cookies sent from a broswer to a client will be converted into automatically created variables – just like those that are created to present data which come in GET and POST requests
Image Handling
As well as generating dynamic HTML, PHP can generate and manipulate images
