Difference between revisions of "PHP"
(→Functions) |
(→Variables) |
||
(9 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | <b>P</b>HP <b>H</b>ypertext <b>P</b>reprocessor Language is a server side [[interpreted languages|interpreted language]] written in [[C]] that runs primarily on [[Linux]] environments. PHP scripts can be run directly or served as webpages. | + | <b>P</b>HP <b>H</b>ypertext <b>P</b>reprocessor Language is a server side [[interpreted languages|interpreted language]] written in [[C]] that runs primarily on [[Linux]] environments. PHP scripts can be run directly or served as webpages. |
=Development Environment= | =Development Environment= | ||
Line 8: | Line 8: | ||
*To check the syntax of a PHP file (lint): | *To check the syntax of a PHP file (lint): | ||
− | php -l /path/to/script.php | + | {{LinuxCMD|php -l /path/to/script.php}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --syntax-check /path/to/script.php</source>}} | ||
+ | |||
+ | * To check the syntax of all of the php files in the cwd (current working directory) : | ||
+ | |||
+ | {{LinuxCMD|find $(pwd) -name \*.php -exec php -l '{}' \;}} | ||
*To see the current version of PHP (CLI): | *To see the current version of PHP (CLI): | ||
− | php -v | + | {{LinuxCMD|php -v}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --version</source>}} | ||
*To execute PHP code via CLI (without PHP tags): | *To execute PHP code via CLI (without PHP tags): | ||
− | php -r 'PHP CODE HERE' | + | {{LinuxCMD|php -r 'PHP CODE HERE'}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --run 'PHP CODE HERE'</source>}} | ||
{{Notice|You do not need to enclose the code in PHP begin and end tags, but you must single quote the code, so strings must be double quoted inside of it.}} | {{Notice|You do not need to enclose the code in PHP begin and end tags, but you must single quote the code, so strings must be double quoted inside of it.}} | ||
Line 25: | Line 35: | ||
*To define variables while running a PHP script: | *To define variables while running a PHP script: | ||
− | php -d foo=bar /path/to/script.php | + | {{LinuxCMD|php -d foo=bar /path/to/script.php}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --define foo=bar /path/to/script.php</source>}} | ||
*To run a script silently: | *To run a script silently: | ||
− | php -q /path/to/silent_script.php | + | {{LinuxCMD|php -q /path/to/silent_script.php}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --no-header /path/to/silent_script.php</source>}} | ||
{{Info|This will suppress HTTP header output, so this is CGI only.}} | {{Info|This will suppress HTTP header output, so this is CGI only.}} | ||
Line 37: | Line 51: | ||
*To load a Zend extension for use with a script in CLI: | *To load a Zend extension for use with a script in CLI: | ||
− | php -z /path/to/zend/extension.so /path/to/script.php | + | {{LinuxCMD|php -z /path/to/zend/extension.so /path/to/script.php}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --zend-extension /path/to/zend/extension.so /path/to/script.php</source>}} | ||
*To see a list of modules that PHP CLI has loaded: | *To see a list of modules that PHP CLI has loaded: | ||
− | php -m | + | {{LinuxCMD|php -m}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --modules</source>}} | ||
*To benchmark execution times of a script N times: | *To benchmark execution times of a script N times: | ||
− | php -T | + | {{LinuxCMD|php -T TIMES /path/to/script.php}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --timing '''TIMES''' /path/to/script.php</source>}} | ||
*To generate extended information for debugging or profiling: | *To generate extended information for debugging or profiling: | ||
Line 56: | Line 76: | ||
*To hide sensitive arguments from external tools: | *To hide sensitive arguments from external tools: | ||
− | php -H -d mypassword=blah -d myuser=user /path/to/script.php | + | {{LinuxCMD|php -H -d mypassword=blah -d myuser=user /path/to/script.php}} |
− | + | ||
+ | * ''Short for:'' | ||
+ | {{code|text=<source lang="bash"> php --hide-args -d mypassword=blah -d myuser=user /path/to/script.php</source>}} | ||
== PEAR/PECL == | == PEAR/PECL == | ||
Line 89: | Line 111: | ||
{{code|text=<source lang="php"> | {{code|text=<source lang="php"> | ||
<?php | <?php | ||
− | $variable = " | + | $variable = "NetSec "; |
$variable1 = "Rules!"; | $variable1 = "Rules!"; | ||
echo "$variable $variable1"; | echo "$variable $variable1"; | ||
Line 96: | Line 118: | ||
This snippet of code will display the following: | This snippet of code will display the following: | ||
− | + | NetSec Rules! | |
== Operators == | == Operators == | ||
Line 145: | Line 167: | ||
In PHP, variables can be casted as an integer simply by assigning the variable a numeric value, such as: | In PHP, variables can be casted as an integer simply by assigning the variable a numeric value, such as: | ||
− | + | {{code|text=<source lang="php"><?php | |
+ | $var = 1; | ||
+ | ?></source>}} | ||
=== Strings === | === Strings === | ||
Line 151: | Line 175: | ||
String type will automatically be set if the variable has <nowiki>''</nowiki> or <nowiki>""</nowiki> surrounding the value. | String type will automatically be set if the variable has <nowiki>''</nowiki> or <nowiki>""</nowiki> surrounding the value. | ||
+ | {{code|text=<source lang="php"><?php | ||
$str = "string here"; | $str = "string here"; | ||
+ | ?></source>}} | ||
=== Arrays === | === Arrays === | ||
Line 157: | Line 183: | ||
Arrays are of the 'mixed' type, that is to say, you can adjoin elements of any type inside of an array, and even associative arrays if you wanted. Some examples are: | Arrays are of the 'mixed' type, that is to say, you can adjoin elements of any type inside of an array, and even associative arrays if you wanted. Some examples are: | ||
+ | {{code|text=<source lang="php"><?php | ||
$arrA = array(1, 2, 3); | $arrA = array(1, 2, 3); | ||
$arrB = array('1', '2', '3'); | $arrB = array('1', '2', '3'); | ||
$arrC = array(1, '2', 3, '4'); | $arrC = array(1, '2', 3, '4'); | ||
+ | ?></source>}} | ||
=== Associative Arrays === | === Associative Arrays === | ||
Line 165: | Line 193: | ||
Similar to other languages, PHP can hold key => value pairs inside of an array object, like so: | Similar to other languages, PHP can hold key => value pairs inside of an array object, like so: | ||
+ | {{code|text=<source lang="php"><?php | ||
$asArrA = array( | $asArrA = array( | ||
'a' => 1, | 'a' => 1, | ||
Line 171: | Line 200: | ||
'd' => $arrC | 'd' => $arrC | ||
); | ); | ||
+ | ?></source>}} | ||
Above is the more readable way to create an associate array. There is also direct assignment upon initialization like so: | Above is the more readable way to create an associate array. There is also direct assignment upon initialization like so: | ||
+ | {{code|text=<source lang="php"><?php | ||
$asArrB['a'] = $arrA; // [a] => array(1,2,3); | $asArrB['a'] = $arrA; // [a] => array(1,2,3); | ||
$asArrB['b'] = $arrB // [b] => array('1','2','3'); | $asArrB['b'] = $arrB // [b] => array('1','2','3'); | ||
$asArrB['c'] = $arrC; // [c] => array(1,'2',3,'4'); | $asArrB['c'] = $arrC; // [c] => array(1,'2',3,'4'); | ||
$asArrB['d'] = $asArrA; // [d] => ([a] => 1, [b] => '1', ...) | $asArrB['d'] = $asArrA; // [d] => ([a] => 1, [b] => '1', ...) | ||
+ | ?></source>}} | ||
=== Classes === | === Classes === | ||
Line 218: | Line 250: | ||
This is put between the instanciated variable and the method or property, like so: | This is put between the instanciated variable and the method or property, like so: | ||
+ | {{code|text=<source lang="php"><?php | ||
print $foo->mystr; | print $foo->mystr; | ||
$foo->PrintHello(); | $foo->PrintHello(); | ||
+ | ?></source>}} | ||
==== Scope Resolution Operator ==== | ==== Scope Resolution Operator ==== | ||
Line 241: | Line 275: | ||
?> | ?> | ||
</source>}} | </source>}} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==== Extending Classes ==== | ==== Extending Classes ==== | ||
Line 349: | Line 377: | ||
In PHP, if else statements typically look like this: | In PHP, if else statements typically look like this: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
if( $a == $b ) { | if( $a == $b ) { | ||
print "Equal!"; | print "Equal!"; | ||
Line 356: | Line 384: | ||
print "Not Equal!"; | print "Not Equal!"; | ||
} | } | ||
− | </source> | + | </source>}} |
However, there is shorthand for this called a Ternary conditional. We can write the same | However, there is shorthand for this called a Ternary conditional. We can write the same | ||
if else statement like this: | if else statement like this: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
($a == $b) ? print "Equal!" : print "Not Equal!"; | ($a == $b) ? print "Equal!" : print "Not Equal!"; | ||
− | </source> | + | </source>}} |
Where the general form is: | Where the general form is: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
(condition) ? if condition is true : if condition is false; | (condition) ? if condition is true : if condition is false; | ||
− | </source> | + | </source>}} |
== Loops == | == Loops == | ||
Line 379: | Line 407: | ||
This loop is good for performing a set of instructions a set number of times. For example: | This loop is good for performing a set of instructions a set number of times. For example: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
for($i=0; $i<5; $i++) { | for($i=0; $i<5; $i++) { | ||
print "i = " . $i . "\n"; | print "i = " . $i . "\n"; | ||
} | } | ||
− | </source> | + | </source>}} |
The above will print the value of i 5 times and the values will be: | The above will print the value of i 5 times and the values will be: | ||
Line 398: | Line 426: | ||
For example: | For example: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
$names = array("Jack", "Jill", "Mike", "Sally", "Steve"); | $names = array("Jack", "Jill", "Mike", "Sally", "Steve"); | ||
Line 405: | Line 433: | ||
} | } | ||
− | </source> | + | </source>}} |
The output of this code will be | The output of this code will be | ||
Line 417: | Line 445: | ||
Another really neat thing you could have done with this is the following: | Another really neat thing you could have done with this is the following: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
$names = array("Jack", "Jill", "Mike", "Sally", "Steve"); | $names = array("Jack", "Jill", "Mike", "Sally", "Steve"); | ||
Line 424: | Line 452: | ||
} | } | ||
− | </source> | + | </source>}} |
The output will be: | The output will be: | ||
Line 436: | Line 464: | ||
Notice that in this example we define a $key. This key tells us what index of the array we are on. This is especially powerful when you use associative arrays like this: | Notice that in this example we define a $key. This key tells us what index of the array we are on. This is especially powerful when you use associative arrays like this: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
$names = array("Manager" => "Jack", "Sales" => "Jill", "Accounting" => "Mike", "HR" => "Sally", "CEO" => "Steve"); | $names = array("Manager" => "Jack", "Sales" => "Jill", "Accounting" => "Mike", "HR" => "Sally", "CEO" => "Steve"); | ||
Line 442: | Line 470: | ||
print "Position: " . $key . " Name = " . $name . "\n"; | print "Position: " . $key . " Name = " . $name . "\n"; | ||
} | } | ||
− | </source> | + | </source>}} |
Position: Manager Name = Jack | Position: Manager Name = Jack | ||
Line 454: | Line 482: | ||
The while loop is probably the most simple of them all. In it's most basic form: | The while loop is probably the most simple of them all. In it's most basic form: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
<?php | <?php | ||
while( true statement ) { | while( true statement ) { | ||
Line 460: | Line 488: | ||
} | } | ||
?> | ?> | ||
− | </source> | + | </source>}} |
In this case, while "true statement" remains true, we will keep looping. For example: | In this case, while "true statement" remains true, we will keep looping. For example: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
<?php | <?php | ||
$i = 5; | $i = 5; | ||
Line 471: | Line 499: | ||
} | } | ||
?> | ?> | ||
− | </source> | + | </source>}} |
The above code will continue to add 1 to $i until $i = 10, at which point the loop will stop. $i will retain it's value of 10. | The above code will continue to add 1 to $i until $i = 10, at which point the loop will stop. $i will retain it's value of 10. | ||
Line 477: | Line 505: | ||
Alternatively, there is another syntax for while: | Alternatively, there is another syntax for while: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
<?php | <?php | ||
while(expr): | while(expr): | ||
Line 483: | Line 511: | ||
endwhile; | endwhile; | ||
?> | ?> | ||
− | </source> | + | </source>}} |
Within the loop, there are of course ways of skipping and breaking out of the loop completely, they are: | Within the loop, there are of course ways of skipping and breaking out of the loop completely, they are: | ||
Line 499: | Line 527: | ||
This loop is very similar to the while loop. Example: | This loop is very similar to the while loop. Example: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
$a = 0; | $a = 0; | ||
do { | do { | ||
Line 505: | Line 533: | ||
$a = $a + 1; | $a = $a + 1; | ||
} while( $a < 5); | } while( $a < 5); | ||
− | </source> | + | </source>}} |
The output of this will be: | The output of this will be: | ||
Line 520: | Line 548: | ||
With a normal while loop: | With a normal while loop: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
while( 1 == 0) { | while( 1 == 0) { | ||
print "Hello!"; | print "Hello!"; | ||
} | } | ||
− | </source> | + | </source>}} |
In this case "Hello" never gets printed because "1 == 0" gets evaluated BEFORE the code within the braces gets executed. | In this case "Hello" never gets printed because "1 == 0" gets evaluated BEFORE the code within the braces gets executed. | ||
Line 530: | Line 558: | ||
However, this changes in the following do-while example: | However, this changes in the following do-while example: | ||
− | <source lang="php"> | + | {{code|text=<source lang="php"> |
do { | do { | ||
print "Hello!"; | print "Hello!"; | ||
} while( 1 == 0); | } while( 1 == 0); | ||
− | </source> | + | </source>}} |
The word "Hello" will get executed exactly once because the condition "1 == 0" gets executed AFTER the code between the braces is executed. | The word "Hello" will get executed exactly once because the condition "1 == 0" gets executed AFTER the code between the braces is executed. | ||
Line 576: | Line 604: | ||
===php.ini=== | ===php.ini=== | ||
+ | |||
+ | = PHP-FPM = | ||
+ | |||
+ | PHP-FPM has been around since 2009, but is now in mainline PHP since 5.4.0RC2. PHP-FPM is also known as FastCGI Process Manager, and does an excellent job at serving PHP powered content much more rapidly than mpm_worker/mpm_prefork on Apache. The configuration for PHP-FPM is somewhat complex, but is really easy once you get used to it and finish customizing everything. Take the following pool configuration for example: | ||
+ | |||
+ | <syntaxhighlight lang="ini"> | ||
+ | [wordpress] | ||
+ | user = wordpress | ||
+ | group = www-data | ||
+ | listen = /var/run/php5-fpm/app.sock | ||
+ | listen.owner = wordpress | ||
+ | listen.group = www-data | ||
+ | listen.mode = 0666 | ||
+ | chdir = /home/wordpress/web | ||
+ | pm = dynamic | ||
+ | pm.max_children = 50 | ||
+ | pm.start_servers = 10 | ||
+ | pm.min_spare_servers = 5 | ||
+ | pm.max_spare_servers = 15 | ||
+ | pm.max_requests = 1000 | ||
+ | php_admin_value[memory_limit] = 96M | ||
+ | php_admin_value[session.save_path] = tcp://127.0.0.1:11211 | ||
+ | php_admin_value[open_basedir] = /home/wordpress/web | ||
+ | php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,posix_mkfifo,pg_lo_import,dbmopen,dbase_open,popen,chgrp,chown,chmod,symlink | ||
+ | php_admin_value[disable_classes] = pBot | ||
+ | php_admin_value[post_max_size] = 100M | ||
+ | php_admin_value[upload_max_filesize] = 100M | ||
+ | php_admin_value[user_agent] = "WordPress (http://www.my-website.com)" | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | This will do a few things: | ||
+ | |||
+ | *Sets the UNIX socket (to be used with [[NGINX#Upstream_.28proxy.2Fload_balancer.29|NGINX]]'s upstream directive via '''unix:/var/run/php5-fpm/app.sock''') | ||
+ | *Sets the UID/GID of the socket to be of the user, and group to www-data so NGINX can read it | ||
+ | *Changes directory to '''/home/wordpress/web''' before execution, so everything is relative to that path. | ||
+ | *Sets the Process Management model to Dynamic, which will tune the number of servers and workers based on usage | ||
+ | *Sets session management to use Memcached over TCP (requires socket support) | ||
+ | |||
+ | {{Info|You can use TCP sockets to listen on instead of UNIX sockets, but that comes with it's own overhead, and you have to configure your firewall if it's not listening on localhost. You have been advised.}} | ||
+ | |||
[[Category:Programming Languages]] | [[Category:Programming Languages]] | ||
Latest revision as of 05:00, 29 May 2015
PHP Hypertext Preprocessor Language is a server side interpreted language written in C that runs primarily on Linux environments. PHP scripts can be run directly or served as webpages.
Contents
Development Environment
PHP CLI
Xochipilli says |
---|
Many Linux distributions package the PHP CLI separately |
- To check the syntax of a PHP file (lint):
Terminal |
localhost:~ $ php -l /path/to/script.php |
- Short for:
php --syntax-check /path/to/script.php |
- To check the syntax of all of the php files in the cwd (current working directory) :
Terminal |
localhost:~ $ find $(pwd) -name \*.php -exec php -l '{}' \; |
- To see the current version of PHP (CLI):
Terminal |
localhost:~ $ php -v |
- Short for:
php --version
|
- To execute PHP code via CLI (without PHP tags):
Terminal |
localhost:~ $ php -r 'PHP CODE HERE' |
- Short for:
php --run 'PHP CODE HERE' |
- To define variables while running a PHP script:
Terminal |
localhost:~ $ {{{1}}} |
- Short for:
php --define foo=bar /path/to/script.php |
- To run a script silently:
Terminal |
localhost:~ $ php -q /path/to/silent_script.php |
- Short for:
php --no-header /path/to/silent_script.php |
This will suppress HTTP header output, so this is CGI only. |
- To load a Zend extension for use with a script in CLI:
Terminal |
localhost:~ $ php -z /path/to/zend/extension.so /path/to/script.php |
- Short for:
php --zend-extension /path/to/zend/extension.so /path/to/script.php |
- To see a list of modules that PHP CLI has loaded:
Terminal |
localhost:~ $ php -m |
- Short for:
php --modules
|
- To benchmark execution times of a script N times:
Terminal |
localhost:~ $ php -T TIMES /path/to/script.php |
- Short for:
php --timing '''TIMES''' /path/to/script.php |
- To generate extended information for debugging or profiling:
php -e /path/to/script.php
- To hide sensitive arguments from external tools:
Terminal |
localhost:~ $ {{{1}}} |
- Short for:
php --hide-args -d mypassword=blah -d myuser=user /path/to/script.php |
PEAR/PECL
PEAR and PECL are repositories for re-usable PHP libraries and code for common tasks. Below are links to lists of packages that are available for use:
Development PHP.INI
For use in development environments, you will want to rid your code of any and all errors which might disclose information about your setup. To assist you in doing this, there are a few variables in PHP.INI that might be helpful:
error_reporting=8192 display_errors=On display_startup_errors=On log_errors=On error_log=error_log report_memleaks=On expose_php=On asp_tags=Off
PHP Basics
Variables
A variable is how you store a value such as a string or integer. An example where a variable would be used is if you wanted to handle a string multiple times throughout your application. Here is an example of a variable and how it can be used:
<?php $variable = "NetSec "; $variable1 = "Rules!"; echo "$variable $variable1"; ?> |
This snippet of code will display the following:
NetSec Rules!
Operators
Operators are used to compare variables, mathematics, and more. For example, you can set a variable equal to another variable using the '=' operator.
- List of operators:
+ - Addition - - Subtraction * - Multiplication / - Division % - Modulus
<?php $add = 1 + 1; $subtract = 5 - 2; $multiply = 6 * 5; $divide = 14/7; $modulus = 5 % 2; echo "1 + 1 = $add"; echo "5 - 2 = $subtract"; echo "6 * 5 = $multiply"; echo "14 / 7 = $divide"; echo "5 % 2 = $modulus"; ?> |
Comparison operators are used to evaluate true or false when comparing variables and/or values
- List of comparison operators:
== - Equal To != - Not Equal To < - Less than > - Greater than <= - Less Than or Equal To >= - Greater Than or Equal To
Data Types
PHP is a dynamically-typed language, consisting of integers, arrays, associative arrays, strings, and classes.
Integers
In PHP, variables can be casted as an integer simply by assigning the variable a numeric value, such as:
<?php $var = 1; ?> |
Strings
String type will automatically be set if the variable has '' or "" surrounding the value.
<?php $str = "string here"; ?> |
Arrays
Arrays are of the 'mixed' type, that is to say, you can adjoin elements of any type inside of an array, and even associative arrays if you wanted. Some examples are:
<?php $arrA = array(1, 2, 3); $arrB = array('1', '2', '3'); $arrC = array(1, '2', 3, '4'); ?> |
Associative Arrays
Similar to other languages, PHP can hold key => value pairs inside of an array object, like so:
<?php $asArrA = array( 'a' => 1, 'b' => '1', 'c' => array(1,2,3), 'd' => $arrC ); ?> |
Above is the more readable way to create an associate array. There is also direct assignment upon initialization like so:
<?php $asArrB['a'] = $arrA; // [a] => array(1,2,3); $asArrB['b'] = $arrB // [b] => array('1','2','3'); $asArrB['c'] = $arrC; // [c] => array(1,'2',3,'4'); $asArrB['d'] = $asArrA; // [d] => ([a] => 1, [b] => '1', ...) ?> |
Classes
Classes are a way of defining custom datatypes and function libraries for PHP code. Most of PEAR and PECL is designed this way so as to import functions using OOP or Object-Oriented Programming.
Here's an example of a class:
<?php class MyClass { public $version = 1.0; public $mystr = 'hello world'; public function PrintHello() { print $this->mystr . "\n"; } } ?> |
So, to actually use this class, it has to exist prior to instanciation of an object with that classes name. Usually, a programmer might save the file with the class definition as: ./classes/class.MyClass.php but there are several heirarchies in which to guide your filename decisions. This is beyond the scope of this article, so the structure will be left as an excercise to the reader.
Some example inclusion and usage:
<?php require_once 'classes/class.MyClass.php'; $foo = new MyClass; $foo->PrintHello(); ?> |
Arrow Operator
When accessing the methods (functions) and properties (class variables) of a class, you will be using the Arrow Operator ->
This is put between the instanciated variable and the method or property, like so:
<?php print $foo->mystr; $foo->PrintHello(); ?> |
Scope Resolution Operator
This operator will let you access methods and constants defined inside of a class, or from inside of a class.
<?php class MyClass2 { const MY_STRING = 'hello world'; } ?> |
From here, as long as the class is loaded, the properties of MyClass2 are available outside of the class via the Scope Resolution Operator, as shown below:
<?php require_once './classes/class.MyClass2.php'; echo MyClass2::MY_STRING; ?> |
Extending Classes
In many cases, there may be a need to extend the functionality of a generic or Base class, with functions from a new class. To facilitate this, you can use the extends class keyword. Here a Base class is defined:
<?php class Base { public $strA = 'hello world'; public $strB = 'peekaboo'; } ?> |
There we have our Base class, which holds two public strings, so let's create an extension of that class to print them using the extends keyword:
<?php class Printer extends Base { public function PrintBase() { print parent::strA; print parent::strB; } public function PrinterPrintBase() { print $this->strA; print $this->strB; } } ?> |
Now, instead of just instanciating the Base class, you can instanciate the Printer class instead, which will inherit the values and functions of the Base class, with the added variables and functions of the Printer class.
<?php require_once './classes/class.Base.php'; require_once './classes/class.Printer.php'; $foo = new Printer; $foo->PrintBase(); // This will output 'hello world' and 'peekaboo' from the Base class. $foo->PrinterPrintBase(); // Because $strA and $strB were inherited from the Base class, you can now reference them using the Arrow Operator. ?> |
The special name parent:: refers to the class from which your instanciated class was derived. Parent should be used in the case that your inheritance tree changes, so you will not have to go replace all references to a singular class name.
Functions
Defining functions in PHP is accomplished using the function keyword, followed by the function name and comma delimited arguments, surrounded by parenthesis:
<?php function myFunction($arg1, $arg2) { // your function code here } ?> |
You may also wish to have default values for variables if none are passed for the particular argument:
<?php function myFunction($arg1, $arg2 = '') { // your function code here // if myFunction() is called with only one argument passed, $arg2 will automatically be set to '' // if myFunction() is called with two arguments, $arg2 will inherit the value of the 2nd argument passed } ?> |
If the function is encapsulated in an object, you may specify the visibility of the function, public, protected or private.
<?php class MyClass { public function myFunction($arg1, $arg2) { // myFunction code here } } ?> |
The above class will enable the use of such code as:
<?php $foo = new MyClass; $foo->myFunction('bar'); $foo->myFunction('bar', 'baz'); ?> |
Unlike some programming languages, like Perl or Python, PHP member functions implicitly extract their parent into the $this variable.
Boolean Logic
Ternary Conditionals
In PHP, if else statements typically look like this:
if( $a == $b ) { print "Equal!"; } else { print "Not Equal!"; } |
However, there is shorthand for this called a Ternary conditional. We can write the same if else statement like this:
($a == $b) ? print "Equal!" : print "Not Equal!"; |
Where the general form is:
(condition) ? if condition is true : if condition is false; |
Loops
PHP has four main types of loops.
for
This loop is good for performing a set of instructions a set number of times. For example:
for($i=0; $i<5; $i++) { print "i = " . $i . "\n"; } |
The above will print the value of i 5 times and the values will be:
i = 0 i = 1 i = 2 i = 3 i = 4
foreach
This is probably the most common loop in all of PHP. It makes going through the elements of an array really easy. For example:
$names = array("Jack", "Jill", "Mike", "Sally", "Steve"); foreach($names as $name) { print $name . "\n"; } |
The output of this code will be
Jack Jill Mike Sally Steve
Another really neat thing you could have done with this is the following:
$names = array("Jack", "Jill", "Mike", "Sally", "Steve"); foreach($names as $key => $name) { print "Entry #: " . $key . " Name = " . $name . "\n"; } |
The output will be:
Entry #: 0 Name = Jack Entry #: 1 Name = Jill Entry #: 2 Name = Mike Entry #: 3 Name = Sally Entry #: 4 Name = Steve
Notice that in this example we define a $key. This key tells us what index of the array we are on. This is especially powerful when you use associative arrays like this:
$names = array("Manager" => "Jack", "Sales" => "Jill", "Accounting" => "Mike", "HR" => "Sally", "CEO" => "Steve"); foreach($names as $key => $name) { print "Position: " . $key . " Name = " . $name . "\n"; } |
Position: Manager Name = Jack Position: Sales Name = Jill Position: Accounting Name = Mike Position: HR Name = Sally Position: CEO Name = Steve
while
The while loop is probably the most simple of them all. In it's most basic form:
<?php while( true statement ) { // do something } ?> |
In this case, while "true statement" remains true, we will keep looping. For example:
<?php $i = 5; while( $i < 10 ) { $i = $i + 1; // This could be shortened to $i++; But I'm being intentionally verbose. } ?> |
The above code will continue to add 1 to $i until $i = 10, at which point the loop will stop. $i will retain it's value of 10.
Alternatively, there is another syntax for while:
<?php while(expr): // do something endwhile; ?> |
Within the loop, there are of course ways of skipping and breaking out of the loop completely, they are:
break;
Which will break out of the while() loop completely.
continue;
Which will skip to the end of the current iteration and run through to the next iteration.
do-while
This loop is very similar to the while loop. Example:
$a = 0; do { print "Hello: " . $a . "\n"; $a = $a + 1; } while( $a < 5); |
The output of this will be:
Hello: 0 Hello: 1 Hello: 2 Hello: 3 Hello: 4
There is one major difference between the while and the do-while: The condition is evaluated AFTER the code is run. In a normal while loop, the condition is evaluated BEFORE the code in the { } is run. So for example
With a normal while loop:
while( 1 == 0) { print "Hello!"; } |
In this case "Hello" never gets printed because "1 == 0" gets evaluated BEFORE the code within the braces gets executed.
However, this changes in the following do-while example:
do { print "Hello!"; } while( 1 == 0); |
The word "Hello" will get executed exactly once because the condition "1 == 0" gets executed AFTER the code between the braces is executed.
User Input
Security
code
Dangerous functions
- include()
- eval()
- mysql_query()
- pgsql_query()
- phpinfo()
- system()
Dangerous practices
- include()
- echo(), print(), sprintf()
- string sanitizing using non-recursive string replacement
- improper type handling
Best practices
The Golden Rule: Treat all user input as if it's malicious. Anything that gets transferred from the browser to the server (session variable especially) is a new vector for attacking your web app.
- File inclusion
- Type Handling
$clean_int = (int)$dangerous_int; |
- XSS
- SQL Injection
Preventing SQL injection in PHP applications is relatively simple, so long as you are thorough. String input, surrounded by single quotes can be sanitized with mysql_real_escape_string(), which will escape dangerous characters such as single quotes (as well as \, so that you cannot escape the escapes!). Sanitizing integer input can be done simply by casting the input to integer.
php.ini
PHP-FPM
PHP-FPM has been around since 2009, but is now in mainline PHP since 5.4.0RC2. PHP-FPM is also known as FastCGI Process Manager, and does an excellent job at serving PHP powered content much more rapidly than mpm_worker/mpm_prefork on Apache. The configuration for PHP-FPM is somewhat complex, but is really easy once you get used to it and finish customizing everything. Take the following pool configuration for example:
<syntaxhighlight lang="ini">
[wordpress] user = wordpress group = www-data listen = /var/run/php5-fpm/app.sock listen.owner = wordpress listen.group = www-data listen.mode = 0666 chdir = /home/wordpress/web pm = dynamic pm.max_children = 50 pm.start_servers = 10 pm.min_spare_servers = 5 pm.max_spare_servers = 15 pm.max_requests = 1000 php_admin_value[memory_limit] = 96M php_admin_value[session.save_path] = tcp://127.0.0.1:11211 php_admin_value[open_basedir] = /home/wordpress/web php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,posix_mkfifo,pg_lo_import,dbmopen,dbase_open,popen,chgrp,chown,chmod,symlink php_admin_value[disable_classes] = pBot php_admin_value[post_max_size] = 100M php_admin_value[upload_max_filesize] = 100M php_admin_value[user_agent] = "WordPress (http://www.my-website.com)"
</syntaxhighlight>
This will do a few things:
- Sets the UNIX socket (to be used with NGINX's upstream directive via unix:/var/run/php5-fpm/app.sock)
- Sets the UID/GID of the socket to be of the user, and group to www-data so NGINX can read it
- Changes directory to /home/wordpress/web before execution, so everything is relative to that path.
- Sets the Process Management model to Dynamic, which will tune the number of servers and workers based on usage
- Sets session management to use Memcached over TCP (requires socket support)
You can use TCP sockets to listen on instead of UNIX sockets, but that comes with it's own overhead, and you have to configure your firewall if it's not listening on localhost. You have been advised. |
See Also : PHP Patching