Difference between revisions of "PHP"
Line 12: | Line 12: | ||
=Your first application= | =Your first application= | ||
=Variables and data types= | =Variables and data types= | ||
+ | [[PHP]] is a dynamically typed language. | ||
=Boolean Logic= | =Boolean Logic= | ||
− | |||
==Ternary Conditionals== | ==Ternary Conditionals== | ||
+ | =Loops= | ||
=User Input= | =User Input= | ||
=User-Defined Functions= | =User-Defined Functions= |
Revision as of 01:19, 16 May 2012
PHP is one of many interpreted languages written in C.
Contents
Development Environment
PHP CLI
Xochipilli says |
---|
Many Linux distributions package the PHP CLI separately |
- php -l check syntax
- php -v version
- php -e oneliner
Pear/Pecl
Your first application
Variables and data types
PHP is a dynamically typed language.
Boolean Logic
Ternary Conditionals
Loops
User Input
User-Defined Functions
Defining functions in PHP is accomplished using the function keyword, followed by the function name and comma delimited arguments, surrounded by parenthesis:
function myFunction(arg1, arg2) { ... } |
If the function is encapsulated in an object, you may specify the visibility of the function, public, protected or private.
class MyClass { public function myFunction(arg1, arg2) { ... } ... } |
Unlike languages, such as Perl or Python, PHP member functions implicitly extract their parent into the $this variable.
Security
- Type Handling
- XSS
- SQL Injection
Preventing SQL injection in PHP applications is relatively simple, so long as you are thorough. String input, surrounded by single quotes can be sanitized with mysql_real_escape_string(), which will escape dangerous characters such as single quotes (as well as \, so that you cannot escape the escapes!). Sanitizing integer input can be done simply by casting the input to int, like so:
$clean_int = (int)$dangerous_int; |