21. PHP – Variables
PHP 101 21
Does not need type of variable!
<?php
$testIntVar = 5;
$testTexttVar = “a”;
$testBooleanVar= true;
$testArrayVar= array();
?>
22. PHP – Constants
PHP 101 22
const $pi = 3.14;
echo $pi;
define(‘PI’, 3.14);
echo PI;
#define PI 3.14;
printf(PI);
const float pi = 3.14;
printf(pi);
PHP C
28. PHP – Control Structures
PHP 101 28
<?php
$a = 5;
$b = 4;
if($a >= $b) {
echo “$a is big or equal”;
} else {
echo “$b is bigger”;
}
void main() {
int a = 5;
int b = 4;
if( a >= b) {
printf (“%d big or equal”, a);
} else {
printf (“%d bigger”, b);
}
}
PHP C
29. PHP – Control Structures
PHP 101 29
<?php
$dayIndex = 5;
switch ($dayIndex) {
case 1 : echo “Monday”;
break;
case 2 : echo “Tuesday”;
break;
……
case 5 : echo “Friday”;
break;
}
void main() {
int dayIndex = 1;
switch (dayIndex) {
case 1 : printf("Monday");
break;
case 2 : printf("Tuesday");
break;
…..
}
}
PHP C
30. PHP – Loops
PHP 101 30
<?php
for( $i = 0; $i <= 10; $i++) {
echo $i;
}
void main() {
int i = 0;
for( i = 0; i <= 10; i++) {
printf(“%d”, i);
}
}
PHP C
for loop
31. PHP – Loops
PHP 101 31
<?php
$i = 0;
while($i <= 10) {
echo $i;
$i++;
}
void main() {
int i = 0;
while(i <= 10) {
printf(“%d”, i);
i++;
}
}
PHP C
while loop
32. PHP – Loops
PHP 101 32
<?php
$i = 0;
do {
echo $i;
$i++;
} while ($i <= 10);
void main() {
int i = 0;
do {
printf(“%d”, i);
i++;
} while (i <= 10);
}
PHP C
do while loop
42. PHP – Functions
PHP 101 42
<?php
bool in_array(mixed needle, array haystack);
$array = array( ‘lab1’, ‘lab2’, ‘lab3’, ‘lab4’);
// prints false
var_dump(in_array(‘lab5’, $array));
// prints true
var_dump(in_array(‘lab3’, $array));
Most used control functions
43. LAB #2 Dynamic Page Example with PHP Fundamentals
PHP 101 43
44. PHP – Predefined Variables
HTTP GET variables
<?php $pageNumber = $_GET[‘pageNumber’]; ?>
HTTP POST variables
<?php $password= $_POST[‘password’]; ?>
HTTP Request variables
An associative array that by default contains the
contents of $_GET, $_POST and $_COOKIE.
$_GET
$_POST
$_REQUEST
PHP 101 44
45. PHP – Predefined Variables
Session variables
<?php $paymentInfo = $_SESSION[‘paymentInfo ’]; ?>
HTTP Cookies
<?php $userName = $_COOKIE[‘userName’]; ?>
$_SESSION
$_COOKIE
PHP 101 45
Server and execution environment information
<?php $server = $_SERVER['SERVER_NAME'] ?>
$_SERVER
46. PHP – Sessions & Cookies
“HTTP is stateless - that is, any data you have stored is forgotten about
when the page has been sent to the client and the connection is
closed. “
PHP 101 46
QUESTION / Why we need sessions & cookies?
ANSWER / SOLUTION
Cookies… have a bad famous, but a client-side solution
Sessions… a server-side solution
47. PHP – Sessions & Cookies
“Do you want your data to work when you visitor comes back the
next day? “
PHP 101 47
QUESTION / Which to use and when?
ANSWER / SOLUTION
“If so, then your only choice is cookies.“
“If you do not need semi-permanent data, then sessions are generally
preferred, as they are a little easier to use, do not require their data to be
sent in entirety with each page, and are also cleaned up as soon as your
visitor closes their web browser. “
48. PHP – Sessions & Cookies
PHP 101 48
Sessions – Starting a session, setting session variables
<?php
// Start the session
session_start();
// Set session variables
$_SESSION["favcolor"] = "green";
$_SESSION["favanimal"] = "cat";
echo "Session variables are set.”;
49. PHP – Sessions & Cookies
PHP 101 49
Sessions – Removing session variables, destroying session
<?php
// Start the session
session_start();
// remove all session variables
session_unset();
// destroy the session
session_destroy();
50. PHP – Sessions & Cookies
PHP 101 50
<?php
$cookie_name = "user";
$cookie_value = "John Doe";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30),
"/"); // 86400 = 1 day
Cookies – Setting a cookie
51. PHP – Sessions & Cookies
PHP 101 51
<?php
if(!isset($_COOKIE[$cookie_name])) {
echo "Cookie named '" . $cookie_name . "' is not set!";
} else {
echo "Cookie '" . $cookie_name . "' is set!<br>";
echo "Value is: " . $_COOKIE[$cookie_name];
}
Cookies – Checking cookie variables
52. PHP – Sessions & Cookies
PHP 101 52
<?php
// set the expiration date to one hour ago
setcookie("user", "", time() - 3600);
Cookies – Deleting a cookie
55. PHP – How to avoid xss with PHP?
PHP 101 55
Data Validation
<?php
// validate a US phone number
if (preg_match('/^((1-)?d{3}-)d{3}-d{4}$/', $phone)) {
echo $phone . " is valid format.";
}
56. PHP – How to avoid xss with PHP?
PHP 101 56
Data Sanitization
<?php
// sanitize HTML from the comment
$comment = strip_tags($_POST["comment"]);
57. PHP – How to avoid xss with PHP?
PHP 101 57
Output Escaping
<?php
// escape output sent to the browser
echo "You searched for: " .
htmlspecialchars($_GET["query"]);
60. PHP + MYSQL
PHP 101 60
Running Query
<?php
$sampleQuery = “DELETE FROM comment LIMIT 1”;
$query= mysql_query($sampleQuery);
Querying is not enough if you need to fetch result set!
61. PHP + MYSQL
PHP 101 61
Fetching Result
<?php
$sampleQuery = “SELECT * FROM comment”;
$query= mysql_query($sampleQuery);
$results = array();
while($row = mysql_fetch_assoc($query)) {
$results[] = $row;
}
62. PHP + MYSQL
PHP 101 62
Closing MySQL connection
<?php
mysql_close();
63. PHP + MYSQL
PHP 101 63
Other useful MySQL specific functions
<?php
mysql_error();
mysql_errno();
mysql_info();
mysql_num_rows();
mysql_escape_string();
64. SQL INJECTION!
PHP 101 64
It’s possible to inject by http parameters
<?php
$id = $_GET[‘id’];
$query = “SELECT * FROM comment WHERE COMMENT_ID = $id;
65. SQL INJECTION!
PHP 101 65
It’s ok if $id is integer. But!
<?php
// assume that $id = “1 OR 1=1”;
$id = $_GET[‘id’];
$query = “SELECT * FROM comment WHERE COMMENT_ID = $id;
66. SQL INJECTION!
PHP 101 66
Here is a nice solution:
<?php
// assume that $id = “1 OR 1=1”;
$id = intval($_GET[‘id’]);
$query = “SELECT * FROM comment WHERE COMMENT_ID = $id;