PHP - Echo

<?php
$myiString = "Hi!";
echo $myiString;
echo "<h5>I love  PHP!</h5>";
?>

Display:

Hi!

I love  PHP!

 A simple form example

1 <html>
 2 <head>
 3  <title>Building a Form</title>
 4 </head>
 5 <body>
 6  <form action="<?php echo($_SERVER['PHP_SELF']); ?>"
 7        method="get">
 8   <label>
 9         Search: <input type="text" name="search" />
 10    </label>
 11      <input type="submit" value="Go!" />
 12  </form>
 13 </body>
 14 </html>
 

Read More

PHP Configuration Directives

Although the focus of this book is application security, there are a few configuration directives with which any security-conscious developer should be familiar. The configuration of PHP can affect the behavior of the code you write as well as the techniques that you employ, and your responsibilities might extend slightly beyond the application on occasion.

The configuration of PHP is primarily dictated by a file called php.ini. This file contains many configuration directives, and each of these affects a very specific aspect of PHP. If this file is absent, or if a particular configuration directive is absent from the file, a default value is used.

If you do not know the location of your php.ini file, you can use phpinfo( ) to determine where PHP expects to find it:

<?php

    phpinfo();

    ?>

Read More

PHP Sessions

The session_start( ) function is used to create a new session. A session is unique to the interaction between a browser and a web database application. If you use your browser to access several sites at once, you'll have several unrelated sessions. Similarly, if several users access your application each has their own session. However, if you access an application using two browsers (or two browser windows) at the same time, in most cases the browsers will share the same session; this can lead to unpredictable behavior—that's the reason why many web sites warn against it.

The first time a user requests a script that calls session_start( ), PHP generates a new session ID and creates an empty file to store session variables. PHP also sends a cookie back to the browser that contains the session ID. However, because the cookie is sent as part of the HTTP headers in the response to the browser, you need to call session_start( ) before any other output is generated

The session identifier generated by PHP is a random string of 32 hexadecimal digits, such as fcc17f071bca9bf7f85ca281094390b4. When a new session is started, PHP creates a session file, using the session identifier, prefixed with sess_, for the filename. For example, the filename associated with our example session ID on a Unix system is /tmp/sess_fcc17f071bca9bf7f85ca281094390b4.

Using Session Variables

The session_start( ) function is also used to find an existing session. If a call is made to session_start( ), and a session has previously been started, PHP attempts to find the session file and initialize the session variables. PHP does this automatically by looking for the session cookie in the browser request whenever you call session_start( ). You don't need to do anything different when starting a new session or restoring an existing one. Even if the identified session file can't be found, session_start( ) simply creates a new session file.

A simple PHP script that uses a session

<?php

  require_once "HTML/Template/ITX.php";



  // This call either creates a new session or finds an existing one.

  session_start( );



  // Check if the value for "count" exists in the session store

  // If not, set a value for "count" and "start"

  if (!isset($_SESSION["count"]))

  {

    $_SESSION["count"] = 0;

    $_SESSION["start"] = time( );

  }



  // Increment the count

  $_SESSION["count"]++;



  $template = new HTML_Template_ITX("./templates");

  $template->loadTemplatefile("example.10-2.tpl", true, true);



  $template->setVariable("SESSION", session_id( ));

  $template->setVariable("COUNT", $_SESSION["count"]);

  $template->setVariable("START", $_SESSION["start"]);

  $duration = time( ) - $_SESSION["start"];

  $template->setVariable("DURATION", $duration);



  $template->parseCurrentBlock( );



  $template->show( );

?>

Read More

Length of a String

The length property of a string is determined with the strlen( ) function, which returns the number of eight-bit characters in the subject string:

integer strlen(string subject)

We used strlen( ) earlier in the chapter to compare string lengths. Consider another simple example that prints the length of a 16-character string:

print strlen("This is a String");  // prints 16

Read More

Creating Arrays

PHP provides the array( ) language construct that creates arrays. The following examples show how arrays of integers and strings can be constructed and assigned to variables for later use:

$numbers = array(5, 4, 3, 2, 1);

$words = array("Web", "Database", "Applications");



// Print the third element from the array of integers: 3

print $numbers[2];



// Print the first element from the array of strings: "Web"

print $words[0];

By creating arrays this way, PHP assigns integer keys, or indexes to each element. By default, the index for the first element in an array is 0—this may seem odd but think of the index as an offset from the starting position in an array. The values contained in an array can be retrieved and modified using the bracket [ ] syntax. You can also create an array by assigning elements to a new, unset variable. The following code fragment illustrates the bracket syntax with an array of strings:

$newArray[0] = "Potatoes";

$newArray[1] = "Carrots";

$newArray[2] = "Spinach";



// Replace the third element

$newArray[2] = "Tomatoes";

In this example, PHP automatically treats $newArray as an array without a call to array( ).

An empty array can be created by assigning to a variable the return value of array( ). Values can then be added using the bracket syntax. PHP automatically assigns the next numeric index as the key (the largest integer key value plus one) when a key isn't supplied. The result of the following fragment is an array containing three items.

$shopping = array( );



$shopping[] = "Milk";

$shopping[] = "Coffee";

$shopping[] = "Sugar";

It's also easy to print individual element values themselves:

print $shopping[0];   // prints "Milk"

print $shopping[1];   // prints "Coffee"

print $shopping[2];   // prints "Sugar"

Read More

PHP Zip File Functions

• zip_close — Close a ZIP file archive
• zip_entry_close — Close a directory entry
• zip_entry_compressedsize — Retrieve the compressed size of a directory entry
• zip_entry_compressionmethod — Retrieve the compression method of a directory entry
• zip_entry_filesize — Retrieve the actual file size of a directory entry
• zip_entry_name — Retrieve the name of a directory entry
• zip_entry_open — Open a directory entry for reading
• zip_entry_read — Read from an open directory entry
• zip_open — Open a ZIP file archive
• zip_read — Read next entry in a ZIP file archive

Read More

PHP MySQL Functions

• mysql_field_len — Returns the length of the specified field
• mysql_field_name — Get the name of the specified field in a result
• mysql_field_seek — Set result pointer to a specified field offset
• mysql_field_table — Get name of the table the specified field is in
• mysql_field_type — Get the type of the specified field in a result
• mysql_free_result — Free result memory
• mysql_get_client_info — Get MySQL client info
• mysql_get_host_info — Get MySQL host info
• mysql_get_proto_info — Get MySQL protocol info
• mysql_get_server_info — Get MySQL server info
• mysql_info — Get information about the most recent query
• mysql_insert_id — Get the ID generated in the last query
• mysql_list_dbs — List databases available on a MySQL server
• mysql_list_fields — List MySQL table fields
• mysql_list_processes — List MySQL processes
• mysql_list_tables — List tables in a MySQL database
• mysql_num_fields — Get number of fields in result
• mysql_num_rows — Get number of rows in result
• mysql_pconnect — Open a persistent connection to a MySQL server
• mysql_ping — Ping a server connection or reconnect if there is no connection
• mysql_query — Send a MySQL query
• mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement
• mysql_result — Get result data
• mysql_select_db — Select a MySQL database
• mysql_set_charset — Sets the client character set
• mysql_stat — Get current system status
• mysql_tablename — Get table name of field
• mysql_thread_id — Return the current thread ID
• mysql_unbuffered_query — Send an SQL query to MySQL without fetching and buffering the result rows.
• mysql_affected_rows — Get number of affected rows in previous MySQL operation
• mysql_client_encoding — Returns the name of the character set
• mysql_close — Close MySQL connection
• mysql_connect — Open a connection to a MySQL Server
• mysql_create_db — Create a MySQL database
• mysql_data_seek — Move internal result pointer
• mysql_db_name — Retrieves database name from the call to mysql_list_dbs
• mysql_db_query — Selects a database and executes a query on it
• mysql_drop_db — Drop (delete) a MySQL database
• mysql_errno — Returns the numerical value of the error message from previous MySQL operation
• mysql_error — Returns the text of the error message from previous MySQL operation
• mysql_escape_string — Escapes a string for use in a mysql_query
• mysql_fetch_array — Fetch a result row as an associative array, a numeric array, or both
• mysql_fetch_assoc — Fetch a result row as an associative array
• mysql_fetch_field — Get column information from a result and return as an object
• mysql_fetch_lengths — Get the length of each output in a result
• mysql_fetch_object — Fetch a result row as an object
• mysql_fetch_row — Get a result row as an enumerated array
• mysql_field_flags — Get the flags associated with the specified field in a result

Read More

PHP Date / Time Functions

• checkdate — Validate a Gregorian date
• date_add — Alias of DateTime::add
• date_create_from_format — Alias of DateTime::createFromFormat
• date_create — Alias of DateTime::__construct
• date_date_set — Alias of DateTime::setDate
• date_default_timezone_get — Gets the default timezone used by all date/time functions in a script
• date_default_timezone_set — Sets the default timezone used by all date/time functions in a script
• date_diff — Alias of DateTime::diff
• date_format — Alias of DateTime::format
• date_get_last_errors — Alias of DateTime::getLastErrors
• date_interval_create_from_date_string — Alias of DateInterval::createFromDateString
• date_interval_format — Alias of DateInterval::format
• date_isodate_set — Alias of DateTime::setISODate
• date_modify — Alias of DateTime::modify
• date_offset_get — Alias of DateTime::getOffset
• date_parse_from_format — Get info about given date formatted according to the specified format
• date_parse — Returns associative array with detailed info about given date
• date_sub — Alias of DateTime::sub
• date_sun_info — Returns an array with information about sunset/sunrise and twilight begin/end
• date_sunrise — Returns time of sunrise for a given day and location
• date_sunset — Returns time of sunset for a given day and location
• date_time_set — Alias of DateTime::setTime
• date_timestamp_get — Alias of DateTime::getTimestamp
• date_timestamp_set — Alias of DateTime::setTimestamp
• date_timezone_get — Alias of DateTime::getTimezone
• date_timezone_set — Alias of DateTime::setTimezone
• date — Format a local time/date
• getdate — Get date/time information
• gettimeofday — Get current time
• gmdate — Format a GMT/UTC date/time
• gmmktime — Get Unix timestamp for a GMT date
• gmstrftime — Format a GMT/UTC time/date according to locale settings
• idate — Format a local time/date as integer
• localtime — Get the local time
• microtime — Return current Unix timestamp with microseconds
• mktime — Get Unix timestamp for a date
• strftime — Format a local time/date according to locale settings
• strptime — Parse a time/date generated with strftime
• strtotime — Parse about any English textual datetime description into a Unix timestamp
• time — Return current Unix timestamp
• timezone_abbreviations_list — Alias of DateTimeZone::listAbbreviations
• timezone_identifiers_list — Alias of DateTimeZone::listIdentifiers
• timezone_location_get — Alias of DateTimeZone::getLocation
• timezone_name_from_abbr — Returns the timezone name from abbreviation
• timezone_name_get — Alias of DateTimeZone::getName
• timezone_offset_get — Alias of DateTimeZone::getOffset
• timezone_open — Alias of DateTimeZone::__construct
• timezone_transitions_get — Alias of DateTimeZone::getTransitions
• timezone_version_get — Gets the version of the timezonedb

Read More

PHP HTTP Functions

• ob_deflatehandler — Deflate output handler
• ob_etaghandler — ETag output handler
• ob_inflatehandler — Inflate output handler
• http_parse_cookie — Parse HTTP cookie
• http_parse_headers — Parse HTTP headers
• http_parse_message — Parse HTTP messages
• http_parse_params — Parse parameter list
• http_persistent_handles_clean — Clean up persistent handles
• http_persistent_handles_count — Stat persistent handles
• http_persistent_handles_ident — Get/set ident of persistent handles
• http_get — Perform GET request
• http_head — Perform HEAD request
• http_post_data — Perform POST request with pre-encoded data
• http_post_fields — Perform POST request with data to be encoded
• http_put_data — Perform PUT request with data
• http_put_file — Perform PUT request with file
• http_put_stream — Perform PUT request with stream
• http_request_body_encode — Encode request body
• http_request_method_exists — Check whether request method exists
• http_request_method_name — Get request method name
• http_request_method_register — Register request method
• http_request_method_unregister — Unregister request method
• http_request — Perform custom request
• http_redirect — Issue HTTP redirect
• http_send_content_disposition — Send Content-Disposition
• http_send_content_type — Send Content-Type
• http_send_data — Send arbitrary data
• http_send_file — Send file
• http_send_last_modified — Send Last-Modified
• http_send_status — Send HTTP response status
• http_send_stream — Send stream
• http_throttle — HTTP throttling
• http_build_str — Build query string
• http_build_url — Build a URL
• http_cache_etag — Caching by ETag
• http_cache_last_modified — Caching by last modification
• http_chunked_decode — Decode chunked-encoded data
• http_deflate — Deflate data
• http_inflate — Inflate data
• http_build_cookie — Build cookie string
• http_date — Compose HTTP RFC compliant date
• http_get_request_body_stream — Get request body as stream
• http_get_request_body — Get request body as string
• http_get_request_headers — Get request headers as array
• http_match_etag — Match ETag
• http_match_modified — Match last modification
• http_match_request_header — Match any header
• http_support — Check built-in HTTP support
• http_negotiate_charset — Negotiate client's preferred character set
• http_negotiate_content_type — Negotiate client's preferred content type
• http_negotiate_language — Negotiate client's preferred language

Read More

PHP Array Functions

• array_change_key_case — Changes all keys in an array
• array_chunk — Split an array into chunks
• array_combine — Creates an array by using one array for keys and another for its values
• array_count_values — Counts all the values of an array
• array_diff_assoc — Computes the difference of arrays with additional index check
• array_diff_key — Computes the difference of arrays using keys for comparison
• array_diff_uassoc — Computes the difference of arrays with additional index check which is performed by a user supplied callback function
• array_diff_ukey — Computes the difference of arrays using a callback function on the keys for comparison
• array_diff — Computes the difference of arrays
• array_fill_keys — Fill an array with values, specifying keys
• array_fill — Fill an array with values
• array_filter — Filters elements of an array using a callback function
• array_flip — Exchanges all keys with their associated values in an array
• array_intersect_assoc — Computes the intersection of arrays with additional index check
• array_intersect_key — Computes the intersection of arrays using keys for comparison
• array_intersect_uassoc — Computes the intersection of arrays with additional index check, compares indexes by a callback function
• array_intersect_ukey — Computes the intersection of arrays using a callback function on the keys for comparison
• array_intersect — Computes the intersection of arrays
• array_key_exists — Checks if the given key or index exists in the array
• array_keys — Return all the keys or a subset of the keys of an array
• array_map — Applies the callback to the elements of the given arrays
• array_merge_recursive — Merge two or more arrays recursively
• array_merge — Merge one or more arrays
• array_multisort — Sort multiple or multi-dimensional arrays
• array_pad — Pad array to the specified length with a value
• array_pop — Pop the element off the end of array
• array_product — Calculate the product of values in an array
• array_push — Push one or more elements onto the end of array
• array_rand — Pick one or more random entries out of an array
• array_reduce — Iteratively reduce the array to a single value using a callback function
• array_replace_recursive — Replaces elements from passed arrays into the first array recursively
• array_replace — Replaces elements from passed arrays into the first array
• array_reverse — Return an array with elements in reverse order
• array_search — Searches the array for a given value and returns the corresponding key if successful
• array_shift — Shift an element off the beginning of array
• array_slice — Extract a slice of the array
• array_splice — Remove a portion of the array and replace it with something else
• array_sum — Calculate the sum of values in an array
• array_udiff_assoc — Computes the difference of arrays with additional index check, compares data by a callback function
• array_udiff_uassoc — Computes the difference of arrays with additional index check, compares data and indexes by a callback function
• array_udiff — Computes the difference of arrays by using a callback function for data comparison
• array_uintersect_assoc — Computes the intersection of arrays with additional index check, compares data by a callback function
• array_uintersect_uassoc — Computes the intersection of arrays with additional index check, compares data and indexes by a callback functions
• array_uintersect — Computes the intersection of arrays, compares data by a callback function
• array_unique — Removes duplicate values from an array
• array_unshift — Prepend one or more elements to the beginning of an array
• array_values — Return all the values of an array
• array_walk_recursive — Apply a user function recursively to every member of an array
• array_walk — Apply a user function to every member of an array
• array — Create an array
• arsort — Sort an array in reverse order and maintain index association
• asort — Sort an array and maintain index association
• compact — Create array containing variables and their values
• count — Count all elements in an array, or something in an object
• current — Return the current element in an array
• each — Return the current key and value pair from an array and advance the array cursor
• end — Set the internal pointer of an array to its last element
• extract — Import variables into the current symbol table from an array
• in_array — Checks if a value exists in an array
• key — Fetch a key from an array
• krsort — Sort an array by key in reverse order
• ksort — Sort an array by key
• list — Assign variables as if they were an array
• natcasesort — Sort an array using a case insensitive "natural order" algorithm
• natsort — Sort an array using a "natural order" algorithm
• next — Advance the internal array pointer of an array
• pos — Alias of current
• prev — Rewind the internal array pointer
• range — Create an array containing a range of elements
• reset — Set the internal pointer of an array to its first element
• rsort — Sort an array in reverse order
• shuffle — Shuffle an array
• sizeof — Alias of count
• sort — Sort an array
• uasort — Sort an array with a user-defined comparison function and maintain index association
• uksort — Sort an array by keys using a user-defined comparison function
• usort — Sort an array by values using a user-defined comparison function

Read More