Defining Functions

There are already many functions built into PHP. However, you can define your own and organize your code into functions. To define your own functions, start out with the function statement:

function some_function([arguments]) { code to execute }

The brackets ([ ]) mean optional. The code could also be written with optional_arguments in place of [arguments]. The function keyword is followed by the name of the function. Function names abide by the same rules as other named objects such as variables in PHP. A pair of parentheses must come next. If your function has parameters, they're specified within the parentheses. Finally, the code to execute is listed between curly brackets, as seen in the code above.

You can define functions anywhere in your code and call them from virtually anywhere. Scope rules apply. The scope of a variable is the context within which it's defined. For the most part, all PHP variables have only a single scope. A single scope spans included and required files as well. The function is defined on the same page or included in an include file. Functions can have parameters and return values that allow you to reuse code.

To create your own function that simply displays a different hello message, you would write:

<?php
function hi()
{
  echo ("Hello from function-land!");
}
//Call the function
hi();
?>

which displays:

Hello from function-land!

Read More

PHP - Echo

<?php
$myiString = "Hi!";
echo $myiString;
echo "<h5>I love  PHP!</h5>";
?>

Display:

Hi!

I love  PHP!

 A simple form example

1 <html>
 2 <head>
 3  <title>Building a Form</title>
 4 </head>
 5 <body>
 6  <form action="<?php echo($_SERVER['PHP_SELF']); ?>"
 7        method="get">
 8   <label>
 9         Search: <input type="text" name="search" />
 10    </label>
 11      <input type="submit" value="Go!" />
 12  </form>
 13 </body>
 14 </html>
 

Read More

PHP Configuration Directives

Although the focus of this book is application security, there are a few configuration directives with which any security-conscious developer should be familiar. The configuration of PHP can affect the behavior of the code you write as well as the techniques that you employ, and your responsibilities might extend slightly beyond the application on occasion.

The configuration of PHP is primarily dictated by a file called php.ini. This file contains many configuration directives, and each of these affects a very specific aspect of PHP. If this file is absent, or if a particular configuration directive is absent from the file, a default value is used.

If you do not know the location of your php.ini file, you can use phpinfo( ) to determine where PHP expects to find it:

<?php

    phpinfo();

    ?>

Read More

PHP Sessions

The session_start( ) function is used to create a new session. A session is unique to the interaction between a browser and a web database application. If you use your browser to access several sites at once, you'll have several unrelated sessions. Similarly, if several users access your application each has their own session. However, if you access an application using two browsers (or two browser windows) at the same time, in most cases the browsers will share the same session; this can lead to unpredictable behavior—that's the reason why many web sites warn against it.

The first time a user requests a script that calls session_start( ), PHP generates a new session ID and creates an empty file to store session variables. PHP also sends a cookie back to the browser that contains the session ID. However, because the cookie is sent as part of the HTTP headers in the response to the browser, you need to call session_start( ) before any other output is generated

The session identifier generated by PHP is a random string of 32 hexadecimal digits, such as fcc17f071bca9bf7f85ca281094390b4. When a new session is started, PHP creates a session file, using the session identifier, prefixed with sess_, for the filename. For example, the filename associated with our example session ID on a Unix system is /tmp/sess_fcc17f071bca9bf7f85ca281094390b4.

Using Session Variables

The session_start( ) function is also used to find an existing session. If a call is made to session_start( ), and a session has previously been started, PHP attempts to find the session file and initialize the session variables. PHP does this automatically by looking for the session cookie in the browser request whenever you call session_start( ). You don't need to do anything different when starting a new session or restoring an existing one. Even if the identified session file can't be found, session_start( ) simply creates a new session file.

A simple PHP script that uses a session

<?php

  require_once "HTML/Template/ITX.php";



  // This call either creates a new session or finds an existing one.

  session_start( );



  // Check if the value for "count" exists in the session store

  // If not, set a value for "count" and "start"

  if (!isset($_SESSION["count"]))

  {

    $_SESSION["count"] = 0;

    $_SESSION["start"] = time( );

  }



  // Increment the count

  $_SESSION["count"]++;



  $template = new HTML_Template_ITX("./templates");

  $template->loadTemplatefile("example.10-2.tpl", true, true);



  $template->setVariable("SESSION", session_id( ));

  $template->setVariable("COUNT", $_SESSION["count"]);

  $template->setVariable("START", $_SESSION["start"]);

  $duration = time( ) - $_SESSION["start"];

  $template->setVariable("DURATION", $duration);



  $template->parseCurrentBlock( );



  $template->show( );

?>

Read More

Length of a String

The length property of a string is determined with the strlen( ) function, which returns the number of eight-bit characters in the subject string:

integer strlen(string subject)

We used strlen( ) earlier in the chapter to compare string lengths. Consider another simple example that prints the length of a 16-character string:

print strlen("This is a String");  // prints 16

Read More

Creating Arrays

PHP provides the array( ) language construct that creates arrays. The following examples show how arrays of integers and strings can be constructed and assigned to variables for later use:

$numbers = array(5, 4, 3, 2, 1);

$words = array("Web", "Database", "Applications");



// Print the third element from the array of integers: 3

print $numbers[2];



// Print the first element from the array of strings: "Web"

print $words[0];

By creating arrays this way, PHP assigns integer keys, or indexes to each element. By default, the index for the first element in an array is 0—this may seem odd but think of the index as an offset from the starting position in an array. The values contained in an array can be retrieved and modified using the bracket [ ] syntax. You can also create an array by assigning elements to a new, unset variable. The following code fragment illustrates the bracket syntax with an array of strings:

$newArray[0] = "Potatoes";

$newArray[1] = "Carrots";

$newArray[2] = "Spinach";



// Replace the third element

$newArray[2] = "Tomatoes";

In this example, PHP automatically treats $newArray as an array without a call to array( ).

An empty array can be created by assigning to a variable the return value of array( ). Values can then be added using the bracket syntax. PHP automatically assigns the next numeric index as the key (the largest integer key value plus one) when a key isn't supplied. The result of the following fragment is an array containing three items.

$shopping = array( );



$shopping[] = "Milk";

$shopping[] = "Coffee";

$shopping[] = "Sugar";

It's also easy to print individual element values themselves:

print $shopping[0];   // prints "Milk"

print $shopping[1];   // prints "Coffee"

print $shopping[2];   // prints "Sugar"

Read More