PHP
PHP Hypertext Preprocessor Language is a server side interpreted language written in C that runs primarily on Linux environments. PHP scripts can be run directly or served as webpages.
This article needs immediate attention, and is in desperate need of content. |
Contents
Development Environment
PHP CLI
Xochipilli says |
---|
Many Linux distributions package the PHP CLI separately |
- php -l check syntax
- php -v version
- php -e oneliner
Pear/Pecl
Your first application
Variables and data types
PHP is a dynamically-typed language, consisting of integers, arrays, associative arrays, strings, and classes.
Boolean Logic
Ternary Conditionals
In PHP, if else statements typically look like this:
if( $a == $b ) { print "Equal!"; } else { print "Not Equal!"; } |
However, there is shorthand for this called a Ternary conditional. We can write the same if else statement like this:
($a == $b) ? print "Equal!" : print "Not Equal!"; |
Where the general form is:
(condition) ? if condition is true : if condition is false; |
Loops
PHP has four main types of loops.
for
This loop is good for performing a set of instructions a set number of times. For example:
for($i=0; $i<5; $i++) { print "i = " . $i . "\n"; } |
The above will print the value of i 5 times and the values will be:
i = 0 i = 1 i = 2 i = 3 i = 4
foreach
This is probably the most common loop in all of PHP. It makes going through the elements of an array really easy. For example:
$names = array("Jack", "Jill", "Mike", "Sally", "Steve"); foreach($names as $name) { print $name . "\n"; } |
The output of this code will be
Jack Jill Mike Sally Steve
Another really neat thing you could have done with this is the following:
$names = array("Jack", "Jill", "Mike", "Sally", "Steve"); foreach($names as $key => $name) { print "Entry #: " . $key . " Name = " . $name . "\n"; } |
The output will be:
Entry #: 0 Name = Jack Entry #: 1 Name = Jill Entry #: 2 Name = Mike Entry #: 3 Name = Sally Entry #: 4 Name = Steve
Notice that in this example we define a $key. This key tells us what index of the array we are on. This is especially powerful when you use associative arrays like this:
$names = array("Manager" => "Jack", "Sales" => "Jill", "Accounting" => "Mike", "HR" => "Sally", "CEO" => "Steve"); foreach($names as $key => $name) { print "Position: " . $key . " Name = " . $name . "\n"; } |
Position: Manager Name = Jack Position: Sales Name = Jill Position: Accounting Name = Mike Position: HR Name = Sally Position: CEO Name = Steve
while
The while loop is probably the most simple of them all. In it's most basic form:
while( true statement ) { ... } |
In this case, while "true statement" remains true, we will keep looping. For example:
$i = 5; while( $i < 10 ) { $i = $i + 1; // This could be shortened to $i++; But I'm being intentionally verbose. } |
The above code will continue to add 1 to $i until $i = 10, at which point the loop will stop. $i will retain it's value of 10.
Do-While
This loop is very similar to the while loop. Example:
$a = 0; do { print "Hello: " . $a . "\n"; $a = $a + 1; } while( $a < 5); |
The output of this will be:
Hello: 0 Hello: 1 Hello: 2 Hello: 3 Hello: 4
There is one major difference between the while and the do-while: The condition is evaluated AFTER the code is run. In a normal while loop, the condition
is evaluated BEFORE the code in the { } is run. So for example
With a normal while loop:
while( 1 == 0) { print "Hello!"; } |
In this case "Hello" never gets printed because "1 == 0" gets evaluated BEFORE the code within the braces gets executed.
However, this changes in the following do-while example:
do { print "Hello!"; } while( 1 == 0); |
The word "Hello" will get executed exactly once because the condition "1 == 0" gets executed AFTER the code between the braces is executed.
User Input
User-Defined Functions
Defining functions in PHP is accomplished using the function keyword, followed by the function name and comma delimited arguments, surrounded by parenthesis:
function myFunction(arg1, arg2) { ... } |
If the function is encapsulated in an object, you may specify the visibility of the function, public, protected or private.
class MyClass { public function myFunction(arg1, arg2) { ... } ... } |
Unlike some programming languages, like Perl or Python, PHP member functions implicitly extract their parent into the $this variable.
Security
code
Dangerous functions
- include()
- eval()
- mysql_query()
- pgsql_query()
- phpinfo()
- system()
Dangerous practices
- include()
- echo(), print(), sprintf()
- string sanitizing using non-recursive string replacement
- improper type handling
Best practices
- File inclusion
- Type Handling
$clean_int = (int)$dangerous_int; |
- XSS
- SQL Injection
Preventing SQL injection in PHP applications is relatively simple, so long as you are thorough. String input, surrounded by single quotes can be sanitized with mysql_real_escape_string(), which will escape dangerous characters such as single quotes (as well as \, so that you cannot escape the escapes!). Sanitizing integer input can be done simply by casting the input to integer.
php.ini
See Also : PHP Patching