PHP

Server-side code.

Normally in public_html
Normally named like: file.php

File contains normal HTML, and PHP code mixed in, delimited as follows:

<html>
<body>

html code

<?php 
php code 
?>

more html code

• PHP gets interpreted on server side before resulting HTML stream is returned to client.
  Whatever the PHP writes to standard output (stdout) appears in the browser.

• Client can't see PHP code: Unlike with Javascript, client can't see the code that generated the HTML.

• PHP used for interaction with databases/files on server.

---

Basics

• print
• echo
• single quote and double quote strings
• comments

• Language Reference
  • Basic syntax
  • Control Structures

• Variables begin with $

   $x = 3; 

• Can output variables inside double quotes string:

   print "x is $x"; 

---

Environment

• Predefined Variables
  • $_SERVER

• Server-side environment variables

• To see local configuration of PHP
  • phpinfo();

---

Example PHP pages

1. PHP demo

2. Return a single environment variable:
   • REMOTE_ADDR
   • HTTP_X_FORWARDED_FOR

---

Debugging

• Debugging can be difficult.
• The issue:
  • If PHP writes error messages to stdout (to web page), hackers can use this to experiment, and test for server-side vulnerabilities.
  • So servers often turn off PHP error output.

• Over-ride server defaults: Turn on error output for your own PHP. Include these lines:

  ini_set ( 'display_errors', true );
  ini_set ( 'display_startup_errors', true );
  error_reporting ( E_ALL );  
  

  and then error messages are displayed.
• Comment/uncomment this block.
  Exercise:
  Put this error in a PHP file:
  

   nonExistentFunction(); 

  View it with and without those 3 lines above inserted.

Dump variables

• You can dump variables to stdout:

  print "x is $x";
  

• To display full structure of a complex object:

  var_dump($x);
  print_r($x);  
  

---

Multi-line string

A multi-line string can be useful. Assign a chunk of HTML to a string, and maybe re-use it in different places.

Strings in PHP shows ways of doing a multi-line string:

1. Let quote run over:

    
   $var = "  
   text
   text "; 
   

   Advantages: Simple syntax.
   Disadvantages: All double quotes in the text must be changed to single quotes or else "escaped". Can't just dump HTML in here.

   
   

2. Use a heredoc:

    
   $var = <<<MULTILINE_DELIMITER
   text
   text 
   MULTILINE_DELIMITER;
   

   Advantages: Can have single and double quotes in the text unchanged. Can just dump HTML in here.
   Disadvantages: Complex syntax.

---

Reference

• PHP
  • Sample PHP code

• php.net manual
  • List of functions
  • Language Reference
    • Functions
    • Classes and Objects

Tutorials

• PHP Tutorial at w3schools.com
• PHP Tutorial at tutorialspoint.com

Search php.net: with Google.

ancientbrain.com      w2mind.org      humphrysfamilytree.com

On the Internet since 1987.      New 250 G VPS server.

Note: Links on this site to user-generated content like Wikipedia are highlighted in red as possibly unreliable. My view is that such links are highly useful but flawed.