PHP Class Notes

Sometimes a textbook is too much, too many words, too much reading to find what you need. Sometimes online documentation isn't enough, too much detail, not enough perspective. These are class notes, filling the gap in between textbook and the documentation.

For hosting and ongoing improvements

Recommended Book

Affiliate Link

What is PHP?

• A server side scripting language created in 1994 by Ramus Lerdorf
• PHP codes can be embedded inside an html document allowing for dynamic web content
• As of April 2007, PHP had an install base of almost 21 million domains (see http://www.php.net/usage.php)
• PHP is open source and free
• Originally stood for Personal Home Page but was later changed to PHP Hypertext Processor

PHP's Strengths

• Easy to learn
• Syntax is based on C and Perl allowing easy familiarity for those who know those languages
• Object Oriented
• Starting with PHP5
• Allow for classes and objects, inheritance, interfaces, access modification, class and method abstraction, constructors and destructors, as well as many other useful OO features
• Portable
• Available for many different operating systems
• Code written for one system will work equally well on others
• Source Code
• Access to the open source code means that is a problem exists or an improvement could be made, you are free to do so.
• No worries about loss of support
• Performance
• Allows for great performance even on simple cheap servers (see http://www.zend.com for performance comparisons)
• Database integration
• Allows native connections to many different database systems including MySQL, PostgreSQL, mSQL, Oracle, dbm, FilePro, Hyperwave, Informix, Interbase, SyBase, and allow simulated database access to flat files through the built in SQlite interface
• Built in libraries
• Many built in functions makes many tasks simple to perform with just a few lines of code
• Support
• Zend technologies, who maintain the engine that runs PHP, sell support to fund PHP’s development.
• Cost - PHP is free. (get it from http://www.php.net)

How PHP works

• Allows for content of HTML pages to be dynamically built or altered on the server, after a page request from a client, before the page is actually sent to the client.

1. Client requests a php page from a web server
2. The web server, on receiving the request recognizes that the needed page is php based
3. The web server passes the request along with any additional request information to the php server
4. The php server locates the code for the requested page and executes the php statements located in that file and collects the output.
5. The output is then returned to the web server as a standard html page, which is then sent to the client.

Writing PHP with PHP tags

• PHP source code can be embedded inside HTML code or in a file by itself.
• Either way PHP code should always be enclosed in PHP tags
• The PHP code should never be seen by the client viewing a PHP page because the php server will always execute the PHP codes inside the PHP tags, collect the output along with any HTML code in the file, and then return the total output to the user.

<?PHP
  //PHP code goes here
?>

• These are the most common types of PHP tags and cannot be turned off by the system administrator. RECOMMENDED!!!

// PHP Short Tags
<?
  //PHP code goes here
?>

• A shorter style that is currently on by default but is often disabled by sysadmins because it can interfere with XML processing

// PHP Script Tags
<script language="php">
  //php codes go here
</script>

• A style like that used with JavaScript which can be more IDE friendly but is disabled by default

// PHP with ASP style tags
<%
  //php codes go here
%>

• ASP like style, disabled by default

PHP Statements

• PHP statements go between the PHP tags
• These statements are what tell the php engine what to do
• All php statement must end with a semicolon just like in C and java.

// Example PHP Document
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Welcome</title>
  </head>

  <body>
    <?php
      /*
        This dandy little script
        will welcome someone to php
      */

      //we are going to output something!!!
      echo "Welcome to PHP!!!";
      #All done outputting
    ?>
  </body>
</html>

• The echo statement simply outputs whatever follows the command.
• Can be used to output plain text or HTML

// Simple Output with PHP
echo "<strong>Welcome to PHP!!!</strong><br/>";

• Whitespace
• The php engine ignores whitespace so use as much as is needed to make the code readable
• Comments
• Several types
• Block comments /* */
• Single line comments // or #

Adding Dynamic Content

• Echo statements by themselves are not very interesting because they don’t at this point do anything that html couldn’t do by itself
• The whole point in a server side language like PHP is to be able to provide dynamic content

// Example of Dynamic Output
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Welcome</title>
  </head>
  <body>
    <?php
      echo "<strong>Welcome to PHP!!!</strong><br/>";
      echo "Today is " . date( 'l' ) . ", " . date( 'F' ) . " the " .date( 'dS, Y' ) . "<br/>";
      echo "The current time is " . date( 'g:i:s a' );
    ?>
  </body>
</html>

Calling Functions

• A function is a group of statements that perform some action.
• PHP has many built in functions that are available (find out about them on http://www.php.net)
• Programmers are also able to create their own functions which is something that we will look at doing later.
• Functions all have names and are followed by a set of parentheses
• Most functions must be given information to tell them how to work, this information is placed between the parentheses and are referred to as arguments or parameters.

• Date is a php function that can be called and returns information about the date and time according to arguments that are passed to it.

String Concatenation

• The period is used to concatenate strings together.
• When placed between two strings, whether variable or literal, the two strings will be joined.

Using Variables

• Variables are abstractions for memory locations where data can be stored.
• The values of variables can be easily changed.
• The programmer can create variables and there are variables that are supplied by the php system.
• Identifiers are the names that are given to variables
• They can be of any length
• They can consist of numbers, letters, and underscores.
• They CANNOT begin with a digit
• They are case sensitive
• Variables can have the same name as a function but it can be confusing so should be avoided.
• When referring to variables in your code the variables identifier must always be prefaced with a dollar sign
• User defined variables do not need to be declared in most cases before they are used. Instead they are created automatically when they are first referenced.

// PHP Document with Variables
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Welcome</title>
  </head>

  <body>
    <?php
      $first = "Hello";
      $second = ", ";
      $third = "World!";

      echo $first . $second . $third;
    ?>
  </body>
</html>

Assigning values to Variables

• Values are assigned to variables by using the assignment operator (=)
• Variables can be assigned literal values or values from other variables

// Variables Example
$first = "Hello";
$second = ", ";
$third = "World!";

$fourth = $first . $second . $third;

echo $fourth;

Variables vs. Literals

• Variables values can change while literal values never change.
• When dealing with strings the quotation marks used become important
• Single quotes (hard quotes) around a variables identifier will stop the value from the variable from being accessed and instead the variables identifier will be used as if it were a string.
• Double quotes (soft quotes) used around a variable name will still allow the variables value to be access in place of the variables actual name.

// Duoble vs. Single Quotes
$first = "Hello";
$second = ", ";
$third = "World!";

$fourth = $first . $second . $third;

//change to single to see what happens
echo "I would like to say $fourth";

Data Types

• PHP is a weakly types language meaning that a variables data type (the type of data that can be stored in it) is determined by the values that are assigned to it.
• Data Types:
• Integer – whole numbers
• Float (aka double) – real numbers
• String – groups of quote delimited characters
• Boolean – true and false
• Array – Multiple data items in array format
• Object – instances of classes
• NULL – For variable that have not be given a value or have been unset
• Resource – external resources like DB connections or file pointers

• There are numerous functions available for determining the data type of variables
• getType( )
• is_array( )
• is_double( ), is_float( ), is_real( )
• is_long( ), is_int( ), is_integer( )
• is_string( )
• is_object( )
• is_resource( )
• is_null( )
• is_scalar( ) – check for integer, Boolean, string, or float
• is_numeric( ) – check for number or numeric string
• is_callable( ) – checks for valid function name
• Each of these takes a variable as an argument and returns true or false
• There is also a settype( $var, ‘type’ ) function that can be used to set a specific type
• Type can also be manipulated through the use of casting

// Casting
$totalamount = (float)$totalqty;

• Type can also be changed by using reinterpretation functions
• intval( $var )
• floatval( $var )
• strval( $var )

// Examples of Different type of data

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Data Types</title>
  </head>

  <body>
    <?php
      $name = "Victrola Firecracker";
      $id = 123456789;
      $age = 99.9;

      echo "Name value: " . $name . "<br/>";
      echo "Name type: " . getType( $name ) . "<br/>";
      echo "<hr/>";
      echo "ID value: " . $id . "<br/>";
      echo "ID type: " . getType( $id ) . "<br/>";
      echo "Is ID an integer? " . is_int( $id ) . "<br/>";
      echo "<hr/>";
      echo "Age value: " . $age . "<br/>";
      echo "Age type: " . getType( $age ) . "<br/>";
      echo "Is age real? " . is_real( $age ) . "<br/>";
    ?>
  </body>
</html>

Variable Status

• isset( ) and empty( )

Constants

• Constants are variables whose value cannot be changed once it is set

define( ‘CONSTANT’, value );

• Constants do not use the $ prefix when they are being referred to.
• Constants can only store Boolean, integer, float, and string data (they are always scalar)

<?php
  define( 'TOTALPOINTS', 800 );
  echo TOTALPOINTS;
?>

Variable Variables

• These are special types of variables whose identifiers are variable as is the variables value.
• One variable is used as the identifier for another variables

<?php
  $id = "id123456789";

  //assign value
  $$id = "Victrola Firecracker";

  //see value
  echo $id123456789;
?>

Variable Scope

• At this point we know that all variables have an identifier, a data type, and a value.
• All variables also have a scope.
• The scope of a variable refers to the places in a script where a variables can be used.
• PHP has 6 scopes that you should be aware of:
• Built in superglobal variables – can be used from anywhere
• Constants – can be used inside and outside functions
• Global variables – declared inside a script but outside a function can be used anywhere in the script except inside the functions.
• Global variables declared specifically as global inside a function can be used anywhere in the script
• Variables declared as static inside functions can be used from anywhere but will retain there values from one execution of the function to the next
• Variables declared normally inside functions only exist inside that function and cease to exists when the function ends.

Passing Variables Between Pages

• Variable values can be passed from one page to another in PHP through HTTP’s normal GET and POST behaviors.
• This is most often used when passing values from forms to be processed by PHP but can be used in other ways.
• A value is passed from one page to another by appending a question mark followed by the variables name, an equal sign, and the variables value to the end of the URL for the page that the value is being passed to as a normal hyperlink.

// Example URL for Requesting a page
<a href="receiver.php?fname=victrola">Send name</a>

• The value can then be accessed from the receiving page three different ways depending on the PHP servers setup.
• Short Method
• $fname, if the server allows the name and value that are passed to the page will take the form of a normal PHP variable.
• It allows simple quick access to the variable and it’s value but can cause security problems so this is normally turned of (default)
• Medium Method
• An array of global variables that are always accessible called $_GET and $_POST are available that each passed variable will be assigned to.
• This is the preferred method used today.
• Long Method
• Another global array called either $HTTP_GET_VARS or $HTTP_POST_VARS can also be used.
• This method is acceptable but can also be turned off.

// receiver.php
echo $_GET[ 'fname' ];

• Multiple value can be sent by separating each name/value pair with an ampersand (&)

// updated url and receiver.php
<a href="receiver.php?fname=victrola&lname=firecracker">
  Send name
</a>

echo "First name received is " . $_GET[ 'fname' ] ."<br/>";
echo "Last name received is " . $_GET[ 'lname' ];

• The same thing can be accomplished while keeping the data dynamic (not hard coded) by supplying the user with a form to complete.
• The form should be standard (X)HTML with the action attribute set to the name of the receiving page and the method set to either GET or POST.
• GET will allow the sent data to be seen in the address bar (insecure)
• POST will hind the data in the message request header (more secure)
• The HTML form will automatically create the needed URL to send the data to the receiving page if GET is used.

// receiver.php
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title></title>
  </head>

  <body>
   <form action="receiver.php" method="GET">
    <table>
      <tr>
        <td>First Name</td>
        <td>
          <input type="text" name="fname"/>
        </td>
      </tr>
      <tr>
        <td>Last Name</td>
        <td>
          <input type="text" name="lname"/>
        </td>
      </tr>
      <tr>
        <td colspan="2">
          <input type="submit"/>
        </td>
      </tr>
    </table>
   </form>
  </body>
</html>

Operators

• Operators are symbols that can be used to manipulate values and variables by performing operations on them.
• The assignment operator (=) and the string concatenation operator (.) have already been mentioned and used.
• The values or variables that the operators work on are called operands
• All operators are either unary, binary, or ternary

Arithmetic operators

• All binary except subtraction which can also be unary

// The basic calculation
<?php
  // approximate speed of light in miles per second
  $lightspeed = 186000;
  $days = 1000; // specify number of days here

  $seconds = $days * 24 * 60 * 60; // convert to seconds

  // compute distance
  $distance = $lightspeed * $seconds;

  echo "In " . $days;
  echo " days light will travel about ";
  echo $distance . " miles.";
?>

• The same idea but with variable data from a user form

// get_input.php
<form action="lightcalc.php" method="post">
  Light travels at 186,000 miles per second in a vacuum. Enter a number of seconds in the field below to see how far light would travel in that amount of time.<br/><br/>

  <input type="text" name="seconds"/>
  <input type="submit" value="Calculate"/>
</form>

// lightcalc.php
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Light Calc</title>
    <?php
      $seconds = $_POST[ 'seconds' ];
      $lightspeed = 186000;
    ?>
  </head>

  <body>
    In

    <?php
       echo $seconds;
       echo ($seconds > 1 ? " seconds" : " second");
    ?>

    light would travel

    <?php
       $distance = $seconds * $lightspeed;
       echo $distance;
    ?>

    miles.
  </body>
</html>

String Operators

• The assignment and concatenation operators are the only ones used with strings.

Assignment Operators

• The equals sign is the standard assignment operator used most of the time but there are others

References

• The reference operator is used in conjunction with the assignment operator
• With a normal assignment a copy of one variables value is made in another variable

<?php
  $a = 9;
  $b = $a;
  $a = 10;
  echo "A: " . $a . "<br/>";
  echo "B: " . $b . "<br/>";
?>

• When a reference operator (&) is used along with the assignment operator a connection is made between the two variables so that they both refer to the same value stored in memory

<?php
  $first = 9;
  $second = &$first;
  $first = 10;
  echo "First: " . $first . "<br/>";
  echo "Second: " . $second . "<br/>";
  $second = 11;
  echo "First: " . $first . "<br/>";
  echo "Second: " . $second . "<br/>";
?>

• The link between referenced variables can be broken by using the unset( ) function

Pre and Post Increment and Decrement Operators

• Increment operator (++)
• Decrement operator (- -)

Equality Operator

• The Equality operator (==) is used to determine if two variables contain the same value.

Other Comparison Operators

• PHP supports a number of other equality and comparison operators besides that basic (==).

Logical Operators

• Logical operators are used to combine the results of other logical operations and comparisons

Other Operators

• Commas, -->, and the word new are also operators in PHP that will be covered later
• Ternary Operator
• Condition ? value if true : value if false;

<?php
  $number =24;
  echo ($number>50 ? "That's a big number" : "Not so Big");
?>

• Error suppression operator
• At sign (@) suppresses errors from the line where it is used.

$answer = @(9/0);

Execution Operator

• Back quotes (`)

<?php
  $output = `ls -l`;
  echo "<pre>" . $output . "</pre>";
?>

Precedence and Associativity

• Precedence is the order in which operators are executed when they are found in a single statement.
• Operators also have an associativity that determines which order operators of the same precedence will execute.
• Covered in a million books, look it up.

Implementing Control Structures

Making Decisions with Conditionals (Selection structures)

• If Statements
• Allows a program to make a decision
• Based on Boolean value of a test/condition
• Code Blocks
• Else Statements

Do you agree to the terms of the license?
<form action="ifstatement2.php" method="POST">
  <input type="radio" name="agree" value="yes">
    YES
  </input>
  <input type="radio" name="agree" value="no">
    NO
  </input>
  <br/>
  <input type="submit" value="submit"/>
</form>

<?php
  if( $_POST[ 'agree' ] == 'yes' ) {
    echo "Thank you for agreeing";
  } else {
    echo "Sorry you wouldn't agree, maybe you should try another site.";
  }
?>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Change Colors</title>

    <?php
      $bgcolor = $_POST[ 'color' ];
      $fgcolor = "black";

      if( empty( $bgcolor ) ) {
        $bgcolor = "white";
      }

      if( $bgcolor == "black" || $bgcolor == "blue"
                      || $bgcolor == "green" ) {
       $fgcolor = "white";
      }
    ?>

    <style type="text/css">
      body {
       background-color: <?php echo $bgcolor; ?>;
       color: <?php echo $fgcolor; ?>;
      }
    </style>
  </head>

  <body>
    <form action="switchstatements.php" method="POST">
     Please choose a color:<br/>
      <select name="color">
        <option value="red"
          <?php if( $bgcolor == "red" )
                  echo 'selected="true"';
          ?>
        >Red</option>
        <option value="orange"
          <?php if( $bgcolor == "orange" )
                  echo 'selected="true"';
          ?>
        >Orange</option>
      <!-- do yellow, blue, green, purple, black also -->
      </select>
      <input type="submit" name="Change Color"/>
    </form>
  </body>
</html>

• ElseIf Statements
• Switch Statements

switch( $variable ) {
  case ‘a’:
    //do something;
    break;
case ‘b’ :
  //do something;
  break;
  default :
    //do something;
  }

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Select Shipping Method</title>
  </head>

  <body>
    <form action="SwitchExample1.php" method="POST">
      <?php
        $type = "";
        $cost = 0.00;

        if( $_POST[ 'shippingType' ] == "" ) {
          echo "Please Select a Shipping Method";
        } else {
          switch( $_POST[ 'shippingType' ] ) {
            case 'G':
              $type = "Get it when you get it";
              $cost = 1.23;
              break;
            case 'O':
              $type = "One Day Air";
              $cost = 12.34;
              break;
            case 'H':
              $type = "Half Day Air";
              $cost = 23.45;
              break;
            case 'I':
              $type = "Instantaneous";
              $cost = 34.56;
              break;
            default:
              echo "Don't know how you did it but that's
                  not an option";
              break;
          }
        }

        echo "You selected: " . $type . "<br/>";
        echo "The cost will be: $" . $cost . "<br/>";
      ?>
      <br/>
      <select name="shippingType">
        <option value="G">
          Get it when you get it - $1.23
        </option>
        <option value="O">
          One Day Air - $12.34
        </option>
        <option value="H">
          Half Day Air - $23.45
        </option>
        <option value="I">
          Instantaneous - $34.56
        </option>
      </select>
      <br/>
      <input type="submit" value="Select"/>
    </form>
  </body>
</html>

Repeating Actions through Iteration (Repetition Structures)

• While Loops
• Simplest type of loop
• Relies on a Boolean condition
• Executes block following while statement as long as the condition is true
• Usually used for indeterminate loops

while( condition ) {
  //loop body
  }

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>While Loops</title>
  </head>

  <body>
    <?php
      $count = 0;

      while( $count < 50 ) {
        echo $count . " ";
        $count++;
      }
    ?>
  </body>
</html>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>While Loops</title>

    <style type="text/css">
      body {
        font-family: courier;
      }
    </style>

  </head>
  <body>
    <?php
      $row = 0;
      $column = 0;

      echo "&nbsp;&nbsp;&nbsp;&nbsp;";
      while( $row <= 10 ) {
        if( $row < 10 )
          echo $row . "&nbsp;&nbsp;";
        else
          echo $row , "&nbsp;";
        $row++;
      }

      echo "<br/>";
      echo "&nbsp;&nbsp;&nbsp;&nbsp;";
      $row = 0;

      while( $row <= 10 ) {
        echo "---";
        $row++;
      }

      $row = 0;
      echo "<br/>";

      while( $row <= 10 ) {
        if( $row < 10 )
          echo $row . "&nbsp;|&nbsp;";
        else
          echo $row . "|&nbsp;";

        while( $column <= 10 ) {
          $answer = $row * $column;

          $padding = "";

          if( $answer < 10 ) {
            $padding .= "&nbsp;";
          }

          if( $answer < 100 ) {
            $padding .= "&nbsp;";
          }

          echo $answer . $padding;
          $column++;
        }
        echo "<br/>";
        $row++;
        $column = 0;
      }
    ?>
  </body>
</html>

• For Loops
• Better for determinate loops

for( experssion1 ; condition ; experssion2 ) {
  //loop body
    }

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>For Loops</title>

    <style type="text/css">
      body {
        font-family: courier;
      }
    </style>

  </head>
  <body>
    <?php

      echo "&nbsp;&nbsp;&nbsp;&nbsp;";
      for( $row = 0 ; $row <= 10 ; $row++ ) {
        if( $row < 10 )
          echo $row . "&nbsp;&nbsp;";
        else
          echo $row , "&nbsp;";
      }

      echo "<br/>";
      echo "&nbsp;&nbsp;&nbsp;&nbsp;";

      for( $row = 0 ; $row <= 10 ; $row ++ ) {
        echo "---";
      }

      echo "<br/>";

      for( $row = 0 ; $row <= 10 ; $row++ ) {
        if( $row < 10 )
          echo $row . "&nbsp;|&nbsp;";
        else
          echo $row . "|&nbsp;";

        for( $column = 0 ; $column <= 10 ; $column++ ) {
          $answer = $row * $column;

          $padding = "";

          if( $answer < 10 ) {
            $padding .= "&nbsp;";
          }

          if( $answer < 100 ) {
            $padding .= "&nbsp;";
          }

          echo $answer . $padding;
        }
        echo "<br/>";
      }
    ?>
  </body>
</html>

• Do While Loops
• Same as the while loop except that the condition is tested after an iteration instead of before.
• The body of a do wile loop will always execute at least once

do {
  //loop body
} while( condition );

Breaking out of a Control Structure or Script

• The break statement can be used to stop the iteration of a loop
• Execution continues on the next line after the end of the current loop
• The continue statement can be used to stop only the current iteration of a loop
• Execution continues back at the top of the current loop
• The exit statement can be used to terminate an entire script
• Execution does not continue

Alternative Control Structure Syntax

• All of the control structures in PHP allow for the use of an alternative syntax
• Does not need to be used but is an option
• Consists of replacing the opening curly brace of the control structures body with a colon and replacing the ending curly brace with the keyword endif, endwhile, endfor, or endswitch.
• There is not alternative syntax for the do while loop

Saving and Retrieving Data

• Being a server side scripting language PHP has the advantage of have access to the servers file system where data can be stored and retrieved by PHP scripts.
• This is not always a good option, especially when large amounts of data need to be used.
• In these cases databases will be better and easier to use.

Saving Data for Later

• Data can be stored from a PHP script in flat files or in databases.
• Flat files are simple text files that avoid the overhead of a database but are much more difficult and inefficient to work with.
• Writing data to a flat file requires 3 steps:
• Open the file. If it doesn’t exist you will need to create it.
• Write data to the file
• Close the file
• Reading data from a file is almost the same
• Open the file and handle the situation where the file doesn’t exist
• Read from the file
• Close the file
• Opening a file
• Use the fopen( ) function
• The fopen( ) function requires the path and name of the file to be opened and a mode to work in.

$fp = fopen( "path/file.ext", ‘mode’ );

• Require a specific mode to open in
• Allowed modes are:

• A third parameter can also be used with the fopen( ) function called include_path which must be Boolean
• This option tells PHP to search the include_path (specified in the php.ini file) for the file that is being opened.
• With this option it is not necessary to specify a path to the file.
• A fourth option allows for files to be opened using http or ftp
• A file pointer ($fp) will be return from the fopen( ) function if it is able to open the requested file in the requested mode.
• This file pointer will be using from that point forward to access the file.
• If the file cannot be opened $fp will be set to a value of false which can then be tested for.

@$fp = fopen( "path/filename.ext", ‘ab’ );
if( !$fp ) {
  echo "Something went wrong";
  exit;
}

Opening files through HTTP or FTP

• This ability is controlled through the allow_url_fopen parameter in the php.ini file.

Writing to a file

• There are two function available for writing to a file
• fwrite( ) and fputs
• fputs( ) is an alias for fwrite( )

fwrite( $fp, $outputvariable );

• A third parameter for fwrite( ) is also available that allows you to specify the length (amount) of data to write out.
• You can obtain the length of a string by using the strlen( ) function.

fwrite( resource handle, string string, [, length] )

Closing a file

• To close a file you use the fclose( ) function

fclose( $fp );

• This function returns true if the file was closed successfully and false otherwise

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Sign the Guest Book</title>
  </head>

  <body>
    <h2>Sign the Guest Book</h2>
    <form action="guestBookWrite.php" method="POST">
      <table>
        <tr>
          <td>Your Name:</td>
          <td>
            <input type="text" name="name"/>
          </td>
        </tr>
        <tr>
          <td>Your Email address:</td>
          <td>
            <input type="text" name="email"/>
          </td>
        </tr>
        <tr>
          <td colspan="2">
            Message:<br/>
            <textarea name="message" rows="10" cols="40">
            </textarea>
          </td>
        </tr>
      </table>
      <input type="submit" value="Sign the Guest Book"/>
    </form>
  </body>
</html>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Signed????</title>
  </head>

  <body>
    <?php
      $name = $_POST[ 'name' ];
      $email = $_POST[ 'email' ];
      $message = $_POST[ 'message' ];

      if( empty( $name ) || empty( $email )|| empty( $message ) ) {
        echo 'You did not complete the form.<br/>
            Please <a href="guestBookSign.php">
            try again</a></body></html>';
        exit;
      }

      $fp = fopen( "guestBook.txt", 'ab' );
      if( !$fp ) {
        echo "The guest book file could not be
              opened.</body></html>";
        exit;
      }

      $fileoutput = date( 'H:i m-d-Y' )
                  . "\t" . $name
                  . "\t" . $email
                  . "\t" . $message . "\n";

      fwrite( $fp, $fileoutput );

      echo 'The guestbook has been signed.<br/>
            <a href="">View the Guest Book</a>';

      fclose( $fp );
    ?>
  </body>
</html>

Reading from a file

• To read from a file it must be opened with fopen( ) first
• The feof( ) function can then be used to determine when the end of the file has been reached.
• Returns true when the file pointer has reached the end of the file
• Each part of the input file can then be read with the fgets( ), fgetss( ), or fgetcsv( ) functions.

fgets( resource fp, int length );

• Reads one line at a time from the file delimited by a new line character (\n)
• $fp is the handle to the file to be read from
• 999 means that 998 bytes will be read maximum before it stops reading (1 byte for EOF)

fgetss( resource fp, int length, string [allowable_tags] );

• Automatically strips out any php or html tags that are not specifically allowed

fgetcsv( resource fp, int length, [, string delimter [,
                      string enclosure] ] )

• Breaks up input lines based on the supplied delimiter
• Results are returned in an array

<?php
  @ $fp = fopen( "guestbook.txt", "r" );
    if( !$fp ) {
      echo "The guestbook file could not be
        opened.</body></html>";
      exit;
    }

?>

<table>
  <!--
    Simple read that puts entire
    line into a single row and cell
  -->
  <?php
    $line = fgets( $fp, 999 );

    while( !feof( $fp ) ) {
      echo "<tr><td>$line</td></tr>";
      $line = fgets( $fp, 999 );
    }

    fclose( $fp );
  ?>
</table>

Reading the Whole File

• The readfile( ), fpasstatementru( ), and file( ) functions can be used to read a files entire contents at once.

int readfile( string filename, [int include_use_path [, resource context ] ] )

• The readfile( ) function opens the file, echos the contents to standard output (the browser), and then closes the file. It returns the number of bytes read from the file.

boolean fpasstatementru( resource fp )

• Dumps files contents from the file pointer position to the end to standard output.

int file( string filename )

• Same as readfile but instead of echoing content to standard out it turns the content into an array.

Reading Single Characters

char fgetc( resource fp )

• Reads a single character at a time from the specified file.
• Will return the EOF character while the other read functions do not.

<?php
  @ $fp = fopen( "guestbook.txt", "r" );
  if( !$fp ) {
    echo "The guestbook file could not be opened.</body></html>";
    exit;
  }
?>

<table>
  <tr>
    <th id="dateColumn">Date</th>
    <th>Name</th>
    <th>Email</th>
    <th>Comment</th>
  </tr>

<?php
  $field = "";
  $char = fgetc( $fp );

  echo "<tr>";

  while( !feof( $fp ) ) {
    if( $char == "\t" ) {
      echo "<td>$field</td>";
      $field = "";
    } elseif( $char == "\n" ) {
      echo "<td>$field</td>";
      $field = "";
      echo "</tr>\n<tr>";
    } else {
      $field .= $char;
    }

    $char = fgetc( $fp );
  }
?>

</table>
<a href="guestBookSign.php">Sign the Book Again</a>

Reading an Arbitrary Length

string fread( resource fp, int length )

• fread reads a specific number of bytes from the file pointer or to the end, whichever comes first.

Other Useful File Functions

boolean file_exists( string filename )

• Check if a file exists or not

int filesize( string filename)

• Returns the size of a given file in bytes

string n12br( string input )

• Converts newlines (\n) to html breaks (<br/>)

boolean unlink( string filename )

• Deletes a file

rewind( resource fp )

• Resets file position pointer to the beginning of a file

int fseek( resource fp, int offset [, int whence] )

• Set the file position pointer to a specific point within the file
• Whence is the point the move starts from
• SEEK_SET
• The beginning of the file
• SEEK_CUR
• The current position
• SEEK_END
• The end of the file

int ftell( resource fp )

• Returns the number of bytes from the beginning of the file to where the file pointer currently is located.

Locking Files

• A common situation in a web app would be where two or more people are accessing a file at the same time.
• To avoid corruption of the file the file should be locked
• Locks need to be established after the file is open but before any data has been read or written to the file.

boolean flock( resource fp, int operation [, int
                        &wouldblock ] )

• fp is the file that the lock is being established with and operation is the type of lock that is being established.

Problems with Flat Files

• Slow – most types of processing would require the reading of the entire file, taking much time, like searching or sorting, and the problem grows worse as the file grows larger.
• Dealing with file locks and concurrent access is tricky and error prone
• Inserting, deleting, and updating data in the flat file is complicated as some type of file structure must be invented and maintained like with fixed length records.
• Security is difficult. Permissions can be used to determine who can access the file but enforcing security inside a single file is very troublesome.

Using Arrays

• Single value variables like we those we have used before are called scalar variables
• An array is not scalar, it can hold multiple values
• Any array can have many elements, each element can hold a single value
• Element values can be anything, including other arrays
• PHP supports both numeric and associative indexes for arrays

What is an Array?

• A collection or set of scalar values
• Allows the entire set to be worked with at once
• Arrays will be created the first time they are accessed like any other variable
• Arrays in PHP are dynamic so that new values can be added to the array whenever needed.

Numerically Indexed Arrays

• In a numerically indexed array all of the elements of the array are accessed by an index number
• The index numbers always start with zero for the first element and then continue so that the last element of the array has an index one less than the total length of the array

Initializing Numerically Indexed Arrays

$names = array( ‘Jack’, ‘John’, ‘Fry’ );
      
or
$names = ['Jack','John','Fry'];

• array( ) is a language construct, not a function, like echo
• Arrays are not always initialized this way, sometimes they receive their values from another array

$people = $names;

• Arrays can also be initialized to a range of values with several built in functions

$numbers = range( 1,100 );

$letters = range( ‘a’, ‘z’ );

Accessing Array Contents

• Contents of an array (numerically indexed) are accessed by using the name of the array and the element number where the desired value is located.

echo $letters[ 20 ];

• The values stored in the array can also be changed using the same technique.

$names[ 2 ] = "Amy";

Using Loops to Access Arrays

• Loops and arrays go together like bread and butter.

for( $x = 0 ; $x < 3 ; $x++ ) {
  echo $names[ $x ] . "<br/>";
    }

• There is even a special type of for loop that is meant specifically for accessing arrays

foreach( $names as $current ) {
  echo $current . "<br/>";
}

Associative Arrays

• Associative arrays allow for string values to be used in place of the numeric index number
• This can sometimes lead to more readable code and more understandable operations of the script.
• Resemble maps in other languages

Initializing the Array

$namesAndIDs = array( "John" => 102345, "Jack" => 102456,
                        "Amy"=> 102567 );

• The => is used to create this type of array
• The string value on the left is the index key and the value on the right is the value assigned to that key.

Accessing the Array Elements

• The values stored in the array are still accessed through the arrays name
• In place of the index number the "key" is used instead

echo "John’s ID: " . $namesAndIDs[ "John" ];

$namesAndIDs[ "Amy" ] = 103210;

Using Loops

• Loops are still often using with associative arrays
• Since the index number of each element isn’t just a number a simple counter controlled loop will not work anymore
• Instead we use foreach loops and the special function each( ) and list( ).

foreach( $namesAndIDs as $key => $value ) {
  echo $key . " has a value of " . $value . "<br/>";
    }

• The foreach loop will automatically assign the key value for each element of the array from the beginning to the end of the the array to the $key variable
• If will also then assign the value of each element to the $value variable

while( $element = each( $namesAndIDs ) ) {
echo $element[ "key" ]; //could also be 0
echo " has a value of ";
  echo $element[ "value" ]; //could also be 1
  echo "<br/>";
    }

• The each( ) function returns an array where the 0th element is the key value for the array (can also be referred to as "key") and the 1st element is the value for that key (can also be called "value").
• The each( ) function keeps track of which array elements have been read so the reset( ) function must be used to return (reset) back to the beginning of the array.

while( list( $name, $id ) = each( $namesAndIDs ) ) {
  echo $name . " has a value of " . $id . "<br/>";
    }

• The list( ) function will take an array that it is passed and will split into separate scalar variable with supplied names.

    <title>Simple Array Example</title>

    <?php
      $loginInfo = array( "John" => "pw",
                    "Jack" => "passwd",
                    "Amy" => "password" );

      $loginFailure = false;
    ?>

  <body>
    <?php
      if( ! empty( $_POST[ 'username' ] )
        && ! empty( $_POST[ 'password' ] ) ) {
        while( list( $uname, $pw ) = each( $loginInfo ) ) {
          if( $uname == $_POST[ 'username' ]
            && $pw == $_POST[ 'password' ] ) {
            echo "<h1>You are logged in</h1></body></html>";
            exit;
          } else {
            $loginFailure = true;
          }
        }
      }

      if( $loginFailure ) {
        echo "Your username and password are no good.";
      }
    ?>

    <h1>Please login...</h1>
    <form action="SimpleArrayExample.php" method="POST">
      <table>
        <tr>
          <td>Username:</td>
          <td>
            <input type="text" name="username"/>
          </td>
        </tr>
        <tr>
          <td>Password:</td>
          <td>
            <input type="password" name="password"/>
          </td>
        </tr>
      </table>
      <input type="submit" value="Login"/>
    </form>
  </body>
</html>

Array Operators

• Some of the standard operators that we have used hold different meaning when used with arrays

Multidimensional Arrays

• Arrays can hold other arrays as their elements creating something like a table or matrix

$people = array (
                  array( "102345", "Jack", "Johnson" ),
                  array( "102456", "John", "Jackson" ),
                  array( "102567", "Amy", "Wong" )
               );

    
for( $row = 0 ; $row < 3 ; $row++ ) {
for( $column = 0 ; $column < 3 ; $column++ ) {
  echo $people[ $row ] [ $column ];
  }
  echo "<br/>";
  }

• Arrays are not limited to 2 dimensions, you can create as many as you can keep track of.

Sorting Arrays

• PHP provides a variety of functions that can be used to sort array in different ways.

• Using sort( )
• Sorts an array into ascending alphabetical or numerical order
• It is case sensitive
• A second parameter can also be included to specify a sort type
• SORT_REGULAR (default)
• SORT_STRING (treat everything like it was a string)
• SORT_NUMERIC (treat everything like a number)

• Using asort( ) and ksort( )
• Associative arrays can develop mismatches between keys and values with regular sorts
• assort( ) function sorts an associative array by values and keeps the keys matching
• ksort( ) sorts by keys

• Sorting in Reverse
• sort( ), assort( ), and ksort( ) have matching reverse functions called rsort( ), arsort( ), and krsort( ).

Reordering Arrays

• The shuffle( ) function randomly reorders an arrays elements
• Some older versions of shuffle had problems, test before you deploy
• The array_reverse( ) function creates an array with the same elements as the one it was given but in the opposite order.

Loading Arrays from Files

• There are several function in PHP that use arrays as a convenient way to be able to retrieve values from delimited files.
• The fgetcsv( ) function parses data being read from a file into an array which is then returned.

<table>
<tr>
  <th id="dateColumn">Date</th>
    <th>Name</th>
    <th>Email</th>
    <th>Comment</th>
  </tr>

  <?php
    $info = fgetcsv( $fp, 999, "\t" );

    while( ! feof( $fp ) ) {
      echo "<tr>";
      for( $x = 0 ; $x < 4 ; $x++ ) {
        echo "<td>" . $info[ $x ] . "</td>";
      }
      echo "</tr>\n";
      $info = fgetcsv( $fp, 999, "\t" );
    }

    fclose( $fp );
  ?>
</table>

• The file( ) function could also be used as it loads the entire contents of the file into an array where each line in the file becomes an element.
• The explode( ) function can then also be used which could take each element of the array return from file( ) and split it further into another array based on a delimiter.

//The file function opens, reads, and then closes the file
$posts = file( "guestbook.txt" );

      
for( $x = 0 ; $x < count( $posts ) ; $x++ ) {
  $line = explode( "\t", $posts[ $x ] );
  echo "<tr>";
  for( $field = 0 ; $field < count( $line ) ; $field++ ) {
    echo "<td>" . $line[ $field ] . "</td>";
  }
  echo "</tr>\n";
}

Performing Other Array Manipulations

• There are a good number of other functions that also can be used when working with arrays.

int array_push ( array &array, mixed value [, mixed ...] )
mixed array_pop ( array &array )

Functions for navigating arrays

• These functions work with the pointer that keeps track of where in an array you are currently reading from

array each ( array &array )

• Returns current element and the advances pointer to the next element

mixed current ( array &array )

• Return the current element

mixed reset ( array &array )

• Returns the pointer to the beginning of the array

mixed end ( array &array )

• Sets the pointer to the last element of the array

mixed next ( array &array )

• Advances the pointer and then returns the pointed to element

mixed pos ( array &array )

• Same as current, returns the current element

mixed prev ( array &array )

• Moves the pointer back one element and then returns it

Counting Elements in an Array

int count ( mixed var [, int mode] )
      
int sizeof ( mixed var [, int mode] )

• Count and sizeof do the same thing, count the number of elements in the supplied array

array array_count_values ( array input )

• Counts how many times each unique value occurs in the passed array
• Returns an associative array containing a frequency table
• Contains all of the unique values from the array as keys and the value for each key is the number of occurrences

Converting Arrays to Scalar Values

int extract(array var_array [, int extract_type [, string prefix]])

• Works on associative arrays
• Turns each key in the array into a scalar variable with the corresponding value from the array
• The optional extract type parameter allows for control over possible variable name collisions.
• EXTR_OVERWRITE
• Overwrites existing variable
• EXTR_SKIP
• Skips conflicting element
• EXTR_PREFIX_SAME
• Adds the supplied prefix to the new conflicting variable’s name
• EXTR_PREFIX_ALL
• Adds prefix to all new variable names
• EXTR_PREFIX_INVALID
• Prefixes new variables names If the name would otherwise be invalid (numeric keys)
• EXTR_IF_EXISTS
• Only extracts variables if they already exist
• EXTR_PREFIX_IF_EXISTS
• Creates a prefixed version of the new variable only if the non-prefixed version already exists
• EXTR_REFS
• Extracts variables as references

<body>
  <?php
    echo "Parameters passed to POST: " . count( $_POST ) .
                            "<br/><br/>";
    $fname = "";
    $lname = "";

    extract( $_POST, EXTR_IF_EXISTS );

    echo $lname . ", " , $fname . "<br/><br/>";
  ?>

  <form action="ExtractExample.php" method="POST">
    first name: <input type="text" name="fname"/><br/>
    last name: <input type="text" name="lname"/><br/>
    <input type="submit"/>
  </form>
</body>

String Manipulation and Regular Expressions

Formatting Strings

• PHP contains many functions and tools that allow strings to be manipulated and formatted.
• Reasons:
• Clean up user entered data
• Format strings for presentation
• …
• Trimming Strings
• chop( ), rtrim( ), ltrim( ), and trim( )
• All four of these functions are used to remove white space from strings.
• They all take a string as parameters and return the modified strings.
• They typically remove newlines, carriage returns, vertical and horizontal tabs, and spaces.
• chop( ) and rtrim( )
• Same function, different names
• Remove whitespace only from the end of a string
• ltrim( )
• Removes white space from the start of a string
• trim( )
• Removes leading and trailing white space from a string

$s1 = "       this has leading whitespace";

$s1 = chop( $s1 );

echo "after chop: '" . $s1 . "'" . "<br/>";

$s1 = rtrim( $s1 );

echo "after rtrim: '" . $s1 . "'" . "<br/>";

$s1 = ltrim( $s1 );

echo "after ltrim: '" . $s1 . "'" . "<br/>";

$s2 = "This has trailing whitespace       ";

$s2 = chop( $s2 );

echo "after chop: '" . $s2 . "'" . "<br/>";

Formatting Strings for Presentation

• Functions used to reformat string in different ways
• nl2br( ), print( ), printf( ), sprintf( )
• The nl2br( ) function takes a string and replaces all of the newline characters (\n) with XHTML breaks (<br/>).

$longLine = "Is this a dagger I see before me\n handle toward my
          hand?\nCome, let me clutch thee!";

$formattedLine = nl2br( $longLine );

echo $longLine;
echo "<hr/>";
echo $formattedLine;

• The print( ) function does the same thing as echo except that it returns a Boolean value denoting success.
• The printf( ) function allows a string to be formatted and then sends it to the browser

void printf( string format [, mixed args…] )

• The sprintf( ) function allows formatting but then simply returns the string

string printf( string format [, mixed args…] )

• The printf( ) function makes use of conversion specifications like %s that will represent a variable values placement in a string.
• The conversion specifications always take this form:

%[ ‘padding_character ] [ - ] [ width ] [ .precision ] type

• And have these options:

$num = 123.456789;

echo "the number is $num<br/>";
      
printf( "the number is %s <br/>", $num );
$output = sprintf( "the number is %s <br/>", $num );
echo $output;

$othernum = 789.432;

      
printf( "two numbers are %s and %s<br/>", $num, $othernum );

      
printf( "the number with 2 decimal places is %.2f <br/>", $num );
      
printf( "the number in hex %x <br/>", $num );
      
printf( "the number in octal %o<br/>", $num );
      
printf( "the number in binary %b <br/>", $num );

Changing Case

• PHP has functions that change the case of a string

Joining and Splitting String

• explode( ), implode( ), and join( )
• explode( )

array explode( string seperator, string input [ , int limit ] )

• Splits a string based on a delimiter and returns the parts as an array

• implode( ) and join( )
• Same function, different names
• Takes an array of strings and joins them together into a single string with a delimiter between them

<?php
  $tlds = array( "com", "org", "edu", "gov", "mil", "net" );
?>
<body>
  <?php
    if( isset( $_POST[ 'email' ] ) ) {
      $email = $_POST[ 'email' ];

      $parts = explode( "@", $email );

      if( count( $parts ) != 2 ) {
        echo "The email address contain to me @ signs<br/>";
      }

      echo "Email name: " . $parts[ 0 ] . "<br/>";
      echo "Full Domain name: " . $parts[ 1 ] . "<br/>";

      $domainParts = explode( ".", $parts[ 1 ] );

      $match = false;
      foreach( $tlds as $tld ) {
        if( $domainParts[ 1 ] == $tld ) {
          $match = true;
        }
      }

      if( ! $match ) {
        echo "The TLD for your domain appears invalid.<br/>";
      }

      echo "Domain Identifier: " . $domainParts[ 0 ] . "<br/>";
      echo "TLD: " . $domainParts[ 1 ] . "<br/>";

      $newEmail = implode( "@", $parts );

      echo "The reconstituted email address is: " . $newEmail .
                              "<br/>";
    }
  ?>

  <form action="splittingAndJoining.php" method="POST">
    Email Address: <input type="text" name="email"/>
    <input type="submit" value="Check Email"/>
  </form>
</body>

String Tokenizing

• Similar to the explode function, the strtok( ) function is used to split strings.
• strtok( ) always returns one word at a time based on a seperator.

string strtok( string input, string seperator )

• The separator can be a single character or a string of characters but the input string will be separated on each of the separator character individually.

$email = "victrola@firecracker.org";

$token = strtok( $email, "@." );

echo $token . "<br/>";

    
while( $token != '' ) {
  $token = strtok( "@." );
  echo $token . "<br/>";
  }

Substrings

• The substr( ) function is used to extract a substring from a longer string.

String substr( string string, int start [ , length ] )

• substr( ) returns a copy of the substring from the original string.
• Called with a negative start (only) will start copying that many characters back from the end of the string to the end of the string.

Comparing Strings

• Functions available for comparing string can either compare entire strings or parts of string

• Entire String Compares
• strcmp( ), strcasecmp( ), and strnatcmp( ).
• strcmp( )

int strcmp( string str1, string str2 )

• Takes 2 strings as parameters which are then compared
• 0 is returned if they are equal
• > 0 is returned if str1 comes after str2
• < 0 is returned is str2 comes after str1
• strcmp is case sensitive

• strcasecmp( )
• Identical to strcmp except that it is not case sensitive
• strnatcmp( ) and strnatcasecmp( )
• Compares string using natural ordering

$s1 = "4";
$s2 = "100";

$return = strcmp( $s1, $s2 );

echo "4 comes after 100: ";
if( $return > 0 ) {
echo "true<br/>";
} else {
  echo "false<br/>";
}

$return = strnatcmp( $s1, $s2 );

echo "4 comes after 100: ";
if( $return > 0 ) {
echo "true<br/>";
} else {
  echo "false<br/>";
}

String Lengths

• The strlen( ) function returns the number of characters in a string that is passed to it.

Matching and Replacing Substring

• Finding Strings in Strings
• strstr( ), strchr( ), strrchr( ), and stristr( )
• strstr( ) and strchr( )
• Same function

string strstr( string haystack, string needle )

• Find a string or character match in a longer string
• strrchr( )
• Same but returns the haystack from the last needle found
• stristr( )
• Non-case sensitive version of strstr( )

Finding the Position of a Substring

• strpos( ) and strrpos( )
• Similar to strstr( ) but return the position of the needle instead of the needle itself.
• Returns false if no needle found (test for with === or by 0)

int strpos( string haystack, string needle, int [, offset ] )

Replacing Substrings

• str_replace( )

mixed str_replace( mixed needle, mixed new_needle, mixed haystack
                            [, &count ] )

$badwords = array( "microsoft", "windows", "office" );
$message = str_replace( $badwords, '@#$%&*', $message );

• Replaces all occurrences of needle in haystack with new_needle
• Can take an array as almost any part
• substr_replace( )
• Replaces a particular substring based on its position

string substr_replace( string string, string replacement,
                  int start, int [length] )

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
  <head>
    <title>Signed????</title>
  </head>

  <body>
    <?php
      $name = $_POST[ 'name' ];
      $email = $_POST[ 'email' ];
      $message = $_POST[ 'message' ];

      if( empty($name) || empty($email) || empty($message) ) {
        echo 'You did not complete the form.<br/>Please
            <a href="guestBookSign.php">try again</a>
                  </body></html>';
        exit;
      }

      $fp = fopen( "guestBook.txt", 'ab' );
      if( !$fp ) {
    echo "The guest book file could not be
          opened.</body></html>";
        exit;
      }

      $message = nl2br( trim($message) );

      $message = str_replace( "\n", "", $message );

      $fileoutput = date( 'H:i m-d-Y' )
                . "\t"
                . $name
                . "\t"
                . $email
                . "\t"
                . $message
                . "\n";

      fwrite( $fp, $fileoutput );

      echo 'The guestbook has been signed.<br/>
        <a href="guestBookView2.php">View the Guest Book</a>';

      fclose( $fp );
    ?>
  </body>
</html>

Regular Expressions

• PHP supports POSIX and PERL regular expressions
• POSIX is built in, PERL needs to be added

The Basics

• Regular expressions allow for string patterns to be built using wildcards

• Character Sets and Classes
• The period (.) will match any single character except a newline
• The square braces ([ ] ) can be used to create character classes
• Character classes always stand in for a single character and can contain individual characters or ranges

[ cbh ]at

• Would match cat, bat, hat

[ a-zA-Z ]at

• Would match any pattern starting with a upper or lower case letter and ending with ‘at’.
• The circumflex can also be used to negate a character class

[ ^cbh ]at

• Would match any pattern with any character before at except ‘c’,’b’, and ‘h’.

• PHP also includes predefined character classes

• Repetition
• The plus sign (+) can be used after a characters to indicate that that character can repeat one or more times
• The asterisk (*) can be used to indicate zero or more repetitions of a character

• Subexpressions
• Expressions can be split by using parenthesis

• Counted Subexpressions
• Curly braces can be used to specify the number of times a subexpression can repeat

(vary ){3}

• Three vary’s with spaces between then

(very ){2,4}

• 2-4 very’s

(very ){2, }

• At least 2 very’s

• Anchoring to the Beginning or End of a String
• A circumflex (^) used at the beginning of a regular expressions indicates that the next character must occur at the beginning of the line
• A dollar sign ($) at the end indicates that the previous character must occur at the end of the line

• Branching
• You can match a single piece from a selection (like or) using a pipe

(end|net|gov)

• Matches one of the three

• Matching Literal Special Characters
• The backslash character can be used to quote out other special characters that you are searching for
• These regexp should always be in single quotes otherwise things get really complicated
• If regexp are given in double quotes then they will be evaluated twice, once by the PHP interpreter and then again by the regexp interpreter
• In this case you would need 3 backslashes in front of special characters

• Finding Substrings with Regular Expressions
• preg_match()

int preg_match( string pattern, string search, array [matches ] )

• Searches search string for pattern which is a POSIX style regular expression
• Matches that are found will be stores in the array matches, one subexpression per array element
• Returns the number of times a match was found
• Patter needs to include the slashes inside the string quotes
• "/patten/"

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Get Links</title>
  </head>

  <body>
    <?php
      if( ! empty( $_POST[ 'url' ] ) ) {
        if( ! eregi( '<a href="http://livepage.apple.com/">http://www\.[a-z0-9_\-\.]+\.[a-zA-Z]+</a>', $_POST[ 'url' ], $good ) ) {
          echo "That does not appear to be a valid URL.<br/>";
        }

        echo "<h1>Links for URL " . $_POST[ 'url' ] . "</h1>";

        @ $fp = fopen( $_POST[ 'url' ], r );
        if( !$fp ) {
          echo "That url could not be opened.</body></html>";
          exit;
        }

        $line = fgets( $fp );

        while( ! feof( $fp ) ) {
          //eregi( '<a href="http://livepage.apple.com/">http://www\.[a-z0-9_\-\.]+\.[a-zA-Z]+</a>', $line, $matches );
          eregi( '<a href="http://livepage.apple.com/">http://www\.([a-z0-9_\-</a>\.]+)\.(com|net|org|info)', $line, $matches );

          if( !empty( $matches[ 0 ] ) ) {
            echo $matches[ 0 ] . "<br/>";
          }

          $matches = array( );
          $line = fgets( $fp );
        }

        fclose( $fp );
      }
    ?>

    <form action="getLinks.php" method="POST">
      URL to Search for Links:
      <input type="text" name="url"/>
      <br/>
      <input type="submit" value="Search"/>
    </form>
  </body>
</html>

• Replacing Substrings with Regular Expressions

string preg_replace( string pattern, string replacement, string search )

$email = preg_replace( '@', ' at ', $email );
$email = preg_replace( '\.', ' dot ', $email );

• Replaces matched of pattern with replacement

• Splitting Strings with Regular Expressions
• preg_split( )

array preg_split( string pattern, string search [, int max] )

• Takes a regular expressions like a delimiter which is then used to split the string into parts which are then stored in an array

Functions and Reusing Code

Reusing code

• Is a good thing
• Reduces costs
• Code can be reused so it doesn’t need to be rewritten and re tested
• Increases reliability
• Because reused code has already been tested and debugged it can be assumed to work correctly in the new project
• Improves consistency
• Doing the same thing in the same way in multiple projects makes then easier to understand and use

Using require( ) and include( )

• Both allow external files to be included/imported into other code.
• Allows for code in those external files to be shared between multiple files and projects

• require( string filename )
• Require does not care about the filename extension so anything can be used but .inc or .php are most commonly used
• .php may be the best option because if the user finds a way to call the file directly, a file with a php extension will be processed by the PHP server and the contents not shown in clear text, a file with an .inc extension would be shown in clear text so it would be important to store it outside the directory tree.
• The php tags still need to be used in these external files if you want the php to be processed.

Using require( ) for Website Templates

• The require( ) function is often used to templatize website layouts.
• It allows for common parts of a page to be stored separately and then imported into each actual web page that needs them.
• This allows for site wide layout changes to be made in a single place.

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>The Sample Company</title>

    <style type="text/css">
      body {
        font-family: arial;
        margin: 0px;
      }

      #banner {
        background-color: #fc0;
        height: 60px;
        border-bottom: 1px solid black;
      }

      #banner img {
        margin: 5px;
      }

      #banner #nav {
        float: right;
        width: 300px;
      }

      #banner #nav ul {
        padding: 0px;
        margin: 5px;
        list-style: none;
      }

      #banner #nav ul li {
        float: right;
        width: 88px;
        border: 1px solid black;
        margin: -1px 0px 0px -1px;
        text-align: center;
      }

      #banner #nav ul li a {
        display: block;
        text-decoration: none;
        color: white;
        padding: 3px;
      }

      #banner #nav ul li a:hover {
        background-color: #ff9;
        color: black;
      }

      #footer {
        background-color: #fc0;
        padding: 5px;
        border-top: 1px solid black;
        border-bottom: 3px solid black;
        font-size: .5em;
      }

      #content {
        margin: 10px;
      }
    </style>

  </head>

  <body>
    <div id="banner">
      <img alt="The Sample Company" src="images/banner.gif"/>
      <div id="nav">
        <ul>
          <li><a href="#">Home</a></li>
          <li><a href="#">Contact</a></li>
          <li><a href="#">Downloads</a></li>
          <li><a href="#">Products</a></li>
          <li><a href="#">About</a></li>
          <li><a href="#">Legal</a></li>
        </ul>
      </div>
    </div>
    <div id="content">
    Pages Content
    </div>
    <div id="footer">
      &copy; Copyright 2005 The Sample Company
    </div>
  </body>
</html>

• Becomes

<?php require( 'includes/header.inc' ); ?>

      
This is the home page

<?php require( 'includes/footer.inc' ); ?>

• PHP codes can be included in the .inc pages but still require the php tags

</div>

    <div id="footer">
      &copy; Copyright
        <?php echo date( 'Y' ); ?> The Sample Company
      <span id="date"><?php echo date( 'l, F jS Y' ); ?></span>
    </div>
  </body>
</html>

The include( ) Construct

• Include and require are identical except that when they fail the require construct give a fatal error while include just gives a warning.

Using require_once( ) and include_once( )

• Same as the originals except that they ensure that things are only imported one time
• This becomes important when libraries of functions are being imported that may themselves import other libraries.

Using auto_prepend_file( ) and auto_append_file( )

• These are two settings that are setup for a server (in the php.ini file) that will automatically import headers and footers for every file served.
• If the settings are in php.ini they are put into every page, if the setting are in a .htaccess file (using apache) they can be set for each directory.

php_value auto_prepend_file "includes/header.inc"
      
php_value auto_append_file "includes/footer.inc"

Using Functions in PHP

• A function is a self-contained block of code that performed a well defined task, can be passed values and can return values through a defined interface.
• Functions in php are NOT case sensitive
• Built in functions are available to all scripts but user defined functions are only available to scripts that include them.

Function Structure

• All functions begin with the keyword function, followed by the functions name, and a set of parentheses.
• Function names should be short but descriptive
• Functions cannot have the same name as other functions (no function overloading in PHP)
• Can contain only letters, numbers, and underscores
• Cannot begin with a digit
• The function declaration is then followed by a set of curly braces that contain the statements and expressions that will execute when the function is called.
• Functions can include any legal statement in PHP or HTML.

<?php
    
function say_hello( ) {
  echo "Hello";
  }
?>

• or

<?php function say_hello( ) { ?>
  Hello
<?php } ?>

• The function will be called by using its name with the parentheses after it.

Using Parameters and Returning Values

• Most function require input to be able to do their work
• Input is given to functions by passing values to the function as parameters.
• Function also often need to give back output, called returning a value
• The keyword return by itself causes a function to stop executing at that point and for control of the program to return to where is left when calling the function.
• If a value is supplied after the keyword return, that value will be given back to the statement that called the function and must be received or ignored.

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Functions Test</title>

    <?php
      function validate( $name ) {
        if( isset( $_POST[ $name ] ) ) {
          $data = trim( $_POST[ $name ] );

          if( eregi( '^[a-z]+$', $data ) ) {
            return true;
          } else {
            return false;
          }
        }
      }
    ?>

  </head>

  <body>
    <?php
      $fnamevalid = validate( 'fname' );

      if( ! $fnamevalid ) {
        echo "The name is not correct<br/>";
      }
    ?>
    <h1>Please Complete the Form</h1>
    <form action="TestFunctions.php" method="post">
      <table>
        <tr>
          <td>First Name:</td>
          <td>
            <input type="text" name="fname"/>
          </td>
        </tr>
      </table>
      <input type="submit" value="Done"/>
    </form>
  </body>
</html>

• Functions can be passed multiple parameters

<?php
  function validate( $type, $name ) {
    if( isset( $_POST[ $name ] ) ) {
      $data = trim( $_POST[ $name ] );

      if( $type == 'name' ) {
        if( eregi( '^[a-z]+$', $data ) ) {
          return true;
        } else {
          return false;
        }
      } else if( $type == 'phone' ) {
        if( eregi( '^[0-9]{3}\-[0-9]{3}\-[0-9]{4}$', $data ) ) {
          return true;
        } else {
          return false;
        }
      }
    }
  }
?>

<?php
  $fnamevalid = validate( 'name', 'fname' );
  $lnamevalid = validate( 'name', 'lname' );
  $phonevalid = validate( 'phone', 'phone' );

  if( ! $fnamevalid ) {
    echo "The first name is not correct<br/>";
  }

  if( ! $lnamevalid ) {
    echo "The last name is not correct<br/>";
  }

  if( ! $phonevalid ) {
    echo "The phone number is not correct ( try 999-999-9999 )<br/>";
  }
?>

• User defined function can not only include multiple parameters but can also make those parameters options by supplying default values.
• Remember that you cannot leave out a required parameter and then include a latter one.

<?php
  function validate( $type, $name, $displayerrors = false ) {
    if( isset( $_POST[ $name ] ) ) {
      $data = trim( $_POST[ $name ] );

      if( $type == "name" ) {
        $regex = ‘^[a-z]+$’;
      } else if( $type == "phonenumber" ) {
        $regex = ‘^[0-9]{3}\-[0-9]{3}\-[0-9]{4}$’;
      }

      if( eregi( $regex, $data ) ) {
        return true;
      } else {
        if( $displayerrors )
          echo ‘"’ . $data . ‘"’ . " is not a valid " . $type .
                              "<br/>";
        return false;
      }
    }
  }
?>

<?php
  $fnamevalid = validate( ‘name’, ‘fname’, true );
  $lnamevalid = validate( ‘name’, ‘lname’, true );
  $phonevalid = validate( ‘phonenumber’, ‘phone’, true );
?>

• It is also possible to pass a function a variable number of arguments
• When this is done the parentheses after the function name are left blank in the function definition.
• The functions func_num_args( ), func_get_arg( ), and func_get_args( ) can be used to work with the variable arguments.
• func_num_args( )
• Returns the number of arguments passed
• func_get_args( )
• Returns all passed arguments as an array
• func_get_arg( int index )
• Is passed the index number of the argument you want which is then returned.

Dealing with Scope

• Variable scope defines where a declared variable can be accessed in a program.

• Function scope and local variables
• Variables declared inside a function are in scope from the point where they are declared in a function until the end of that function
• Global scope and global variables
• Variables declared outside a function are in scope from the point where they are declared until the end of the file, EXCEPT inside functions
• Super global variables are available inside and outside functions. (those variables defined by the server like $_POST)
• Using require( ) and include( ) does not effect scope.
• Using the global keyword allows variables declared inside functions to take on global scope.
• Any variable can be deleted using the unset( ) function

Passing by Reference Versus Passing by Value

• Parameters are passed by value by default when sent to functions (a copy is passed)
• You can specify something is to be passed by reference by placing an ampersand (&) before the variables name in the function declaration
• No change to the function call is required.

Object Oriented Programming

OOP Concepts

• OOP is a form of programming that involves creating objects from classes that hold data and behaviors associated with that data in individual program modules.
• OOP is primarily used because it helps make programs more maintainable, easier to break into pieces for working on in groups, and it makes the code written more reusable.
• 3 Basic Principles in OOP
• Encapsulation
• Encapsulation means that values (variables) inside an object cannot be accessed directly but must instead be accessed through a behavior (function) provided by the object (called the interface)
• This ensures that multiple objects within a program will not accidentally change values of each other that could cause errors and that it will be much more difficult for an invalid value to be accepted into the objects of the program.
• Inheritance
• Inheritance is the ability for a new class to be created based on a class that already exists.
• This allows new classes to be developed more quickly and error free.
• Classes that already exist are usually referred to as parent or super classes.
• New classes that are created using inheritance as then referred to as child, derived, or sub classes.
• Polymorphism
• Polymorphism is the behavior that is exhibited by siblings in inheritance where they are both capable of performing the same action but in different ways.

Creating Classes, Attributes, and Operations

• In PHP classes (which objects will be created from) are declared using the keyword class followed by the name of the new Class being created.
• Attributes to be stored about objects of the class are declared as variables inside the class body with the keyword var in front of them.
• Operations that the objects of a class will be capable of will be written as functions inside the class body.

class Box {
  var $width;
var $height;

function draw( ) {
    echo $box;
  }
      }

• Constructors
• Constructors are special functions that are called automatically when a new object of a class is created.
• Constructors in PHP must be called __construct (and can be overloaded???).
• Double underscore

function __construct( $w = 100, $h = 100 ) { }

• Destructors
• Destructors are the opposite of constructors in that they are called automatically when an object is destroyed.
• Objects are destroyed when all their attributes have been unset or have passed out of scope.
• Destructor functions must always be called __destruct( )

Instantiating Classes (creating objects)

• The ‘new’ keyword is used when you want to create an object from a class that has been defined.

$b1 = new Box( );
$b2 = new Box( 200, 300 );

Accessing Class Attributes and Methods

• Access to class attributes and methods is handled through pointers by using the arrow operator
• (->)
• To access a class members from within a class use the ‘this’ keyword
• To access a class members from outside a class use the objects name for which you want to access the attribute value.

function __construct( $w = 100, $h = 100 ) {
$this->width = $w;
  $this->height = $h;
    }

function draw( ) {
$box = '<div style="border: 1px solid black; width: ' . $this->width . 'px; height: ' . $this->height . 'px;">&nbsp;</div>';
  echo $box;
    }

$b1->width = 200;
$b1->height = 200;
$b1->draw( );
$b2->draw( );

• Access to data member inside a class is determined by the attributes access modifier.
• Data members can be declared as being public, private, or protected.
• Public data member can be accessed from anywhere
• Public is the default
• Private data member can only be access from within a class
• Protected data members can be accessed from inside a class or from within a child class.
• When data members are present it is a good idea to make them private and to also provide special methods for setting and getting values from those data members
• This helps ensure that invalid values will not be able to be assigned to data members, which could potentially cause an object to not function properly.

public function setwidth( $value ) {
if( is_integer( $value ) ) {
  $this->width = $value;
  }
      }

    
public function setheight( $value ) {
if( is_integer( $value ) ) {
    $this->height = $value;
  }
          }

• New data members can be added to a class at run time simply by adding a value

$b1->color = "red";
echo $b1->color;

• Access to the undeclared data members can be enhanced by implementing __set and __get functions in the class.
• These functions will automatically be called whenever a value is assigned or accessed to a data member name that has not been declared.
• This could potentially allow a class to be created that does not have any declared data members or stored the value for the data members in a way other than scalar variables for each data member.

<?php
  class Box2 {
    public $attribs = array( );
    public function __construct( $w = 100, $h = 100 ) {
      $this->attribs[ 'width' ] = $w . "px";
      $this->attribs[ 'height' ] = $h . "px";
    }

    public function __set( $name, $value ) {
      switch( $name ) {
        case 'width':
        case 'height':
          if( is_integer( $value ) ) {
            $this->attribs[ $name ] = $value . "px";
          }
          break;
        default:
          $this->attribs[ $name ] = $value;
      }
    }

    public function __get( $name ) {
      return $this->attribs[ $name ];
    }

    public function draw( ) {
      $box = '<div style="';
      while( $element = each( $this->attribs ) )
      {
        $element[ 0 ] = eregi_replace( '_', '-', $element[ 0 ] );
        $box .= $element[ 0 ] . ": " . $element[ 1 ] . "; ";
      }
      $box .= '">&nbsp;</div>';
      echo $box;
    }
  }
?>
$b3 = new Box2( 200, 400 );
$b3->width = "bob";
$b3->draw( );

Implementing Inheritance

• The ‘extends’ keyword can be used in PHP to cause one class to inherit from another class.
• In PHP anything declared as public or protected in the parent class will be inherited into the new child class.
• Anything declared as private will not be inherited.

<?php
  require_once( 'Box2.php' );

  class FilledBox extends Box2 {
    protected $bgcolor;

    function __construct( $w = 100, $h = 100, $bgc = "black" ) {
      parent::__construct( $w, $h );
      $this->bgcolor = $bgc;
    }

    public function draw( ) {
      $box = '<div style="background-color: ' . $this->bgcolor .
            '; border: 1px solid ' . $this->bgcolor . '; width:
            ' . $this->attribs[ 'width' ] . 'px; height: ' .
            $this->attribs[ 'height' ] . 'px;">&nbsp;</div>';
      echo $box;
    }
  }
?>

• Overriding
• Attributes and methods of a parent class can be overridden by re-declaring them in the child class and providing a different implementation or value.
• The values or methods of the parent class can still be accessed by prefacing the overridden value or method with parent::
• The final keyword can be used to prevent inheritance from a class or prevent a child class from overriding a method of a parent class.

• Interfaces
• PHP does not support multiple inheritance but does support interfaces like Java.
• An interface is a special type of class that only contains methods with no body’s (abstract methods) and constants.
• Interfaces can then be "inherited from" by using the keyword implements in the child class.
• Any abstract methods in the interface must then be implemented by the child class.

<?php
  interface Displayable {
    function display( );
  }
?>

        
require_once( "displayable.php" );

        
class FilledBox extends Box2 implements Displayable { …

        
public function display( ) {
$this->draw( );
        }
            
…

• Per-Class Constants
• Constants declared inside classes with the const keyword can be accessed from outside the class by using the :: operator

class Math {
  Const PI = 3.14159;
    }
echo Math::PI;

• Static Methods
• Utility classes can be built that do not need to be instantiated to access their methods if the methods are declared as being static.
• Static methods cannot use the keyword this.

• Checking Class Type and Type Hinting
• The instanceof operator allows for the checking of an object to see if it is an instance of a specific class.
• Returns true or false and takes an object as its left value and a class name as its right value.
• When passing objects to methods of other objects a data type for the passed object can be specified, as apposed to PHP’s normal workings where no datatype is specified.
• A fatal error will be produced if the type of the passed object does not match the type hint.

• Cloning Object
• PHP includes a clone construct that can be used for duplicating objects

$b2 = clone $b1

• A __clone( ) method can also be created for specific classes to customize the clone behavior.

• Abstract Classes and Methods
• The abstract keyword can be used for creating abstract classes and methods.
• Abstract classes cannot be inherited from.
• Abstract methods must be implements in inheriting classes.

• Overloading Methods with __call( )
• Method overloading in PHP doesn’t tend to be very useful or used very often because PHP is weakly typed and flexible in the number and types of arguments that are passed to its functions.
• If you do want to overload a function you must use the __call( ) special function to do it
• This function takes a function name as its first argument and an array of parameters for the function as the second argument.

public function __call( $method, $args ) {
if( count( $args ) == 2 )
  call2argmethod( );
  else if( count( $args ) == 3 )
    call3argmethod( );
    }

• Using __autoload( )
• A standalone function declared outside a class definition.
• Automatically called when you instantiate a class that has not been declared.

function __autoload( $classname ) {
  require_once( "../includes/" . $classname . ".php" );
    }

• Implementing Iterators and Iteration
• Objects in PHP can be walked with the foreach( ) loop
• The foreach( ) loop will be able to extract the values of public data members stored inside the specified object.

$b1 = new Box( 200, 300 );
$b1->setwidth( 500 );
$b1->color = "red";
echo $b1->color;
$b1->draw( );

      
foreach( $b1 as $attrib ) {
  echo $attrib . "<br/>";
    }

• The foreach( ) loop will not work with private data members or data members that are not scalar.
• If you need more flexibility with the foreach loop you can define the class as implementing IteratorAggregate and you can create an ObjectIterator that implements the Iterator interface.
• Custom iterators require methods for:
• rewind( ) – return to the beginning of the data
• valid( ) – tells if more data still exists
• key( ) – value of data pointer
• value( ) – value pointed to for current data pointer
• next( ) – move data pointer to next element

<?php
  require_once( 'ObjectIterator.php' );

  //class Box2 implements IteratorAggregate interface
  class Box2 implements IteratorAggregate {
    public $attribs = array( );

    public function __construct( $w = 100, $h = 100 ) {
      $this->attribs[ 'width' ] = $w . "px";
      $this->attribs[ 'height' ] = $h . "px";
    }

    public function __set( $name, $value ) {
      switch( $name ) {
        case 'width':
        case 'height':
          if( is_integer( $value ) ) {
            $this->attribs[ $name ] = $value . "px";
          }
          break;
        default:
          $this->attribs[ $name ] = $value;
      }
    }

    public function __get( $name ) {
      return $this->attribs[ $name ];
    }

    public function draw( ) {
      $box = '<div style="';
      while( $element = each( $this->attribs ) )
      {
        $element[ 0 ] = eregi_replace( '_', '-', $element[ 0 ] );
        $box .= $element[ 0 ] . ": " . $element[ 1 ] . "; ";
      }
      $box .= '">&nbsp;</div>';
      echo $box;
    }

    //class is able to return a custom iterator object
    public function getIterator( ) {
      return new ObjectIterator( $this );
    }
  }
?>

<!—the iterator object for Box2 -->
<?php
  class ObjectIterator implements Iterator {
    private $obj;
    private $count;
    private $currrentIndex;

    function __construct( $obj ) {
      $this->obj = $obj;
      $this->count = count( $this->obj->attribs );
    }

    function rewind( ) {
      $this->currentIndex = 0;
      reset( $this->obj->attribs );
    }

    function valid( ) {
      return $this->currentIndex < $this->count;
    }

    function key( ) {
      return key( $this->obj->attribs );
    }

    function current( ) {
      return $this->obj->attribs[ $this->key( ) ];
    }

    function next( ) {
      $this->currentIndex++;
      next( $this->obj->attribs );
    }
  }
?>

//Box2 being iterated with a custom iterator
$i = $b3->getIterator( );
                                    
for( $i->rewind( ) ; $i->valid( ) ; $i->next( ) ) {
$key = $i->key( );
$value = $i->current( );
  echo "$key => $value<br/>";
                                    }

• Converting Classes to Strings
• Another special function available is the __toString function.

private function buildCode( ) {
  $box = '<div style="';
  while( $element = each( $this->attribs ) )
  {
    $element[ 0 ] = eregi_replace( '_', '-', $element[ 0 ] );
    $box .= $element[ 0 ] . ": " . $element[ 1 ] . "; ";
}
$box .= '">&nbsp;</div>';

  return $box;
    }

        
public function draw( ) {
  echo $this->buildCode( );
        }

            
public function __toString( ) {
  return $this->buildCode( );
}

Taking it to the Next Level

• Instead of encoding pages as HTML with a little php thrown in we could encode entire pages as PHP objects with a little HTML thrown in.

<?php
  //
  // Code for a standard page on the Sample Company's website
  //

  class TSCPage {
    private $content;
    private $filename;
    private $path;
    private $title;
    private $links = array( );

    public function __construct( ) {
      $this->filename = basename( $_SERVER["PHP_SELF"] );
      $this->path = dirname( $_SERVER["PHP_SELF"] );
      $this->title = $this->filename;
    }

    public function setContent( $c ) {
      $this->content = $c;
    }

    public function addContent( $nc ) {
      $this->content .= $nc;
    }

    public function setTitle( $t ) {
      $this->title = $t;
    }

    public function addLink( $title, $href ) {
      $this->links[ $title ] = $href;
    }

    public function displayLinks( ) {
      foreach( $this->links as $title => $href ) {
        if( basename( $href ) == $this->filename ) {
          echo "<li><a id=\"current\">$title</a></li>";
        } else {
          echo "<li><a href=\"$href\">$title</a></li>";
        }

      }
    }

    public function display( ) {
      ?>

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
        <head>
          <title>
            The Sample Company –
              <?php echo $this->title ?>
          </title>

          <link type="text/css" rel="stylesheet" href="../stylesheets/errors.css"/>
          <link type="text/css" rel="stylesheet" href="../stylesheets/tables.css"/>
          <link type="text/css" rel="stylesheet" href="../stylesheets/general.css"/>
          <link type="text/css" rel="stylesheet" href="../stylesheets/FloatingBoxes.css"/>
          <?php
            if( isset( $pagetype ) && $pagetype == "admin" ) {
              echo '<link type="text/css" rel="stylesheet"
                  href="../stylesheets/admincolors.css"/>';
            } else {
              echo '<link type="text/css" rel="stylesheet"
                  href="../stylesheets/sitecolors.css"/>';
            }
          ?>

        </head>

        <body>
          <div id="banner">
            <img alt="The Sample Company"
                src="../images/TSCLogo.gif"/>
            <h1>The Sample Company</h1>
            <div id="nav">
              <ul>
                <?php $this->displayLinks( ); ?>
              </ul>
            </div>
          </div>

          <div id="content">

      <?php

      echo $this->content;

      ?>

          </div>

          <div id="footer">
            &copy; Copyright
            <?php echo date( 'Y' ); ?> The Sample Company
            <span id="date">
              <?php echo date( 'l, F jS Y' ); ?>
            </span>
          </div>
        </body>
      </html>

      <?php
    }
  }
?>

<?php
  function __autoload( $classname ) {
    require_once( "../includes/" . $classname . ".php" );
  }

  $home = new TSCPage( );

  $home->setTitle( "Home" );

  $home->addLink( "Home", "index.php" );
  $home->addLink( "Contact", "contact.php" );
  $home->addLink( "Guest Book", "guestbookview.php" );
  $home->addLink( "Products", "products.php" );
  $home->addLink( "About", "about.php" );
  $home->addLink( "FAQ's", "faqs.php" );

  $home->setContent( "

  <h1>Welcome to the Homepage of The Sample Company</h1>
  <p>
    Lorem ipsum …
  </p>
  <p>
    Donec erat. Nunc …
  </p>
  <p>
    Morbi in justo. In …
  </p>
  <p>
    Donec erat. Nunc …
  </p>

  ");
  $home->addContent( "This is the content" );
  $home->addContent( "<br/>This is new content" );

  $home->display( );
?>

Exception Handling

Concepts

• New to PHP5
• Provides a way to handle errors in an extensible, maintainable, object oriented way.
• Code is executed inside a try {} block.
• If something goes wrong in the try block you can throw an exception.
• PHP exceptions must be thrown manually.

throw new Exception( ‘message’, code );

• throw is a language construct that triggers the exception handling mechanism.
• The Exception classes constructor can receive two optional parameters parameters:
• An error message
• An error code
• Each try block can be followed by one or more catch block.
• Each catch block expects to catch/handle a particular type of exception.
• The exception that is caught by the catch is the same object that was thrown in the try block.
• The object that is caught is usually an exception object or a user defined subclass of exception although it can actually be anything.
• Exceptions can be re-thrown from the catch blocks if necessary.

<?php
  //assume these values come from a form
  $x = 9;
  $y = 0;

  try {
    if( $y != 0 ) {
      echo $x / $y;
    } else {
      throw new Exception( 'Cannot divide by Zero', 999 );
    }
  } catch( Exception $e ) {
    echo "<h2>An error occured</h2>";
    echo "The error was on line " . $e->getLine( )
        . " in the file called " . $e->getFile( ) . "<br/>";
    echo "The error is: " . $e->getMessage( )
        . " (" . $e->getCode( ) . ")<br/>";
  }
    ?>

The Exception Class

• Methods:
• getCode( ) – returns code passed to the constructor
• getMessage( ) – returns message passed to the constructor
• getFile( ) – returns the full path to the file where the exception occurred
• getLine( ) – returns the line number where the exception was thrown
• getTrace( ) – returns an array containing the backtrace too where the exception was thrown
• getTraceAsString( ) – Returns same info as getTrace except as a string
• __toString( ) – So that an exception object can be easily echoed

<?php
  $x = 9;
  $y = 0;

  try {
    divide( $x, $y );
  } catch( Exception $e ) {
    echo "An error occured<br/>";
    echo "<em>" . $e->getTraceAsString( ) . "</em>";
  }

  function divide( $n, $d ) {
    if( $d == 0 ) {
      throw new Exception( 'Cannot divide by zero', 999 );
    } else {
      echo $n / $d;
    }
  }
?>

User Defined Exceptions

• User defined exceptions are created by extending the exception class.
• Most of the functions in the basic Exception class are final so they cannot be overridden (with the exception of the __toString method)

<?php
  class ArithmeticException extends Exception {
    function __toString( ) {
      $output = "<h2>Arithmetic Exception</h2>";
      $output .= "<strong>" . $this->getMessage( )
            . "</strong> was the problem found on line <strong>"
            . $this->getLine( ) . "</strong>";
      $output .= " of the file, <strong>"
            . $this->getFile( ) . "</strong><br/><br/>";
      $output .= '<div style="border-bottom: 1px solid
                black">Back Trace</div>';
      $output .= "<em>" . $this->getTraceAsString( ) . "</em>";

      return $output;
    }
  }
?>

<?php
  $x = 3;
  $y = 10;

  try {
    divide( $x, $y );
  } catch( ArithmeticException $ae ) {
    echo $ae;
  } catch( Exception $e ) {
    echo "An error occured - " . $e->getMessage( ) . "<br/>";
    echo "<em>" . $e->getTraceAsString( ) . "</em>";
  }

  function divide( $n, $d ) {
    if( $d == 0 ) {
     throw new ArithmeticException('Cannot divide by zero',999 );
    } else if( $n == 9 ) {
      throw new Exception( "I don't like the number nine", 8 );
    } else {
      echo $n / $d;
    }
  }
?>

Relational Databases and SQL

Organizing Data in Databases

• Every company has data that needs to be store on a way that is safe, secure, and easy to access.
• The most common choice is a database
• Databases:
• Provide fast access to needed data randomly
• Easily queried to extract data that fits certain criteria
• Have built in mechanisms to handle concurrent access
• Have built in security
• Many types of databases (data models)
• Hierarchical
• Network
• Relational
• Object Oriented
• Object Relational
• For our purposes we will only be working with relational data models, as they are the most common.
• Every type of database boils down to a file or collection of files that are the database itself.
• The actual database stores the data in a structured manner that makes it easy to access and manipulate.
• CRUD
• Create
• Read
• Update
• Delete
• Generally, the things that a database stores information about are called entities.
• Entities are then described by specifying their attributes
• Attributes describe specific entities
• Attributes are made up of characters and numbers
• Example – Student entity would have the following attributes:
• Student ID number
• First Name
• Last Name
• Middle Initial
• Phone Number
• Address
• Etc.
• The relationship between entities, attributes, and the database itself can be shown with the data hierarchy.

Characters --> fields --> records --> tables --> database

• Fields correspond to attributes and are made up of characters
• Records correspond to entities and are made up or fields and are sometimes called tuples.
• Tables are entity types and include a collection of the same types of entities (records), sometimes called relations
• A database is then made up of the all the tables and organization or part of an organization needs.

Defining Field Data Types and Table Structures

• Every field in a database must have a declared data type.
• This specifies what type of data that field can hold.
• The data types that can be used are often dependent on the specific database product you are using but some types are fairly common.
• Varchar – variable character data
• Number – numeric data
• Autonumber
• Data/Time
• Boolean
• The process of creating a table in a database is one where you must decide what fields are needed to describe an entity, what those fields should be called, and what data type to use for each field.
• Table/Database design is not something that should be taken lightly, a bad design can cost hours of extra work and increase the risk of bad data being retrieved from the database
• Take a class!

Keys

• Every entity should have at least one field that will be unique to it (Called a candidate key)
• These candidate keys can potentially by used to uniquely identify a record in a table.
• The candidate key that the database designer chooses to use to identify records becomes known as the primary key for that table.
• EVERY TABLE SHOULD HAVE ONE!

Relationships

• Relationships can be formed between the data records in separate tables by referencing these primary keys.
• In a relational database a relationship between tables is recorded by copying the primary key from one table to another table.
• The copy of the primary key in another table becomes known as a foreign key and is used as a reference back to the appropriate record in the keys home table.
• Three types of relationships are possible in a relational database.
• One – to – one
• A 1 to 1 relationship exists when one record is related to one other record and back again.
• This is the simplest type of relationship and can be recorded by taking the primary key from either table and copying to the other table as a foreign key.
• If a user can have one shopping cart the you have a one to one relationship

• One – to – Many
• The most common type of relationship
• Exists when one record in a table is related to many records in another table.
• Recorded by copying the key from the one end of the relationship to the many ends of the relationship
• If a shipping cart can have many items in it then you have a many to many relationship is the items are unique

• Many – to – Many
• Cannot be recorded in a relational database so really don’t exist.
• Can always be broken down into two one to many relationships with a 3rd table added into the middle.
• If the items in a shopping cart are not unique you will have a many to many relationship

• School Database

  Classes
    Class ID
    Description
  Students
    Student ID
    First name
    Last name
    Middle initial
    Phone number
    Address
  Instructors
    Instructor ID
    First name
    Last name
    Middle initial
    Office Phone
    Home Phone
    Home Address
    Department

• Online Bookstore Database

  Books
    ISBN
    Title
    Author(s)
    Subject/Category
    Price
  Customers
    Customer ID (login name)
    Password
    Address
    City
    State
    Zip
    Phone
  Employees
    Employee ID (login name)
    Password
    Security Level
  Orders
    orderNumber
    date
    customerID
  OrderItems
    orderNumber
    ISBN

Database Management Systems and SQL

• Databases are just files like word files or any other formatted data
• The software that is used to work with these files is called a Database Management System (DBMS)
• There are many different DBMS’s that can used like:
• Access
• DB2
• Oracle
• PostgresSQL
• MySQL
• Each DBMS provides a way to create and manipulate databases and their parts, backup and restore databases, and apply security to the databases.
• Many DBMS’s today are graphical to make them easier to use
• To allow more universal access to databases, all DBMS’s also allow a special database language to be used to perform all of the same tasks called Structured Query Language (SQL)
• SQL is a formal programming language that is a subject unto itself and can be complicated to learn
• We need to know SQL because SQL is what other languages use, like PHP, to access and work with databases.

Creating Tables with SQL

• To create a table with SQL you must use the CREATE TABLE command.

CREATE TABLE tablename (
  Fieldname1 datatype1 [(size1)] [PRIMARY KEY ],
  Fieldname2 datatype2 [(size2)] [PRIMARY KEY ],
  …
      
);

      
CREATE TABLE books (
  ISBN varchar(15) PRIMARY KEY,
  Title varchar( 100 ) NOT NULL,
  Author varchar( 50 ) NOT NULL,
  Category varchar( 30 ),
  Price float
      
);

      
CREATE TABLE customers (
  customerID varchar( 30 ) NOT NULL,
  password varchar( 30 ) NOT NULL,
  firstName varchar( 15 ) NOT NULL,
  lastName varchar( 15 ) NOT NULL,
  address varchar( 30 ),
  city varchar( 15 ),
  state char( 2 ),
  zip varchar( 10 ),
  phone varchar( 10 ),
  PRIMARY KEY (customerID)
      
);

      
CREATE TABLE employees (
  employeeID varchar( 30 ) NOT NULL,
  password varchar( 30 ) NOT NULL,
  firstName varchar( 15 ) NOT NULL,
  lastName varchar( 15 ) NOT NULL,
  securityLevel int( 1 ) NOT NULL,
  PRIMARY KEY (employeeID)
      
);

      
CREATE TABLE orders (
  orderNumber int( 11 ) AUTO_INCREMENT NOT NULL PRIMARY            
      
                                                       KEY,
  customerID varchar( 30 ) NOT NULL,
  date date NOT NULL,
  FOREIGN KEY (customerID) REFERENCES
      
                                      customers(customerID)
      
);

      
CREATE TABLE orderItems (
  ISBN varchar( 15 ) NOT NULL,
  orderNumber int( 11 ) NOT NULL,
  PRIMARY KEY (ISBN,orderNumber),
  FOREIGN KEY (ISBN) REFERENCES books(ISBN),
  FOREIGN KEY (orderNumber) REFERENCES orders(orderNumber)
);

Inserting Data with SQL

• To insert data (entities) into a table you will use the INSERT INTO command.

INSERT INTO tablename
      
(fieldname1,fieldname2…) VALUES (value1,value2);

      
INSERT INTO customers (customerID,password,firstName,lastName,
                  address,city,state,zip,phone)
      
VALUES 
      
('victrolafirecracker','test','Victrola','Firecracker','909 S Boston Ave','Tulsa','OK','74119','9185957060');

      
INSERT INTO customers (customerID,password,firstName,lastName) 
      
VALUES ('jjackson','johnjohn','John','Jackson');

      
INSERT INTO customers (customerID,password,firstName,lastName) 
      
VALUES ('jjohnson','jackjack','Jack','Johnson');

      
INSERT INTO employees (employeeID,password,firstName,lastName,securityLevel) VALUES ('victrola','test','Victrola','Firecracker','9');

      
INSERT INTO employees (employeeID,password,firstName,lastName,securityLevel) VALUES ('bob','password','Bob','Bobson','0');

      
INSERT INTO books (ISBN,Title,Author,Category,Price)
      
 VALUES ('0619034424','Web Warrior Series - ColdFusion','Kaparthi','Programming','30.00');

      
INSERT INTO books (ISBN,Title,Author,Category,Price)
      
 VALUES ('0321125169','ColdFusion - Web Application Construction Kit','Forta and Weiss','Programming','50.00');

      
INSERT INTO books (ISBN,Title,Author,Category,Price) VALUES ('0553377876','Half Asleep in Frog Pajamas
      
','Tom Robbins','Fiction','10.46');

      
INSERT INTO books (ISBN,Title,Author,Category,Price) VALUES ('034530988X','Friday','Robert Heinleid','Science Fiction','6.29');

      
INSERT INTO orders (customerID,date) VALUES ('jjackson','2005-02-14');

      
INSERT INTO orderItems (ISBN,orderNumber) VALUES ('0321125169','1');

INSERT INTO orderItems (ISBN,orderNumber) VALUES ('0553377876','1');

Updating Data with SQL

• To update data with SQL you use the UPDATE command

UPDATE tablename
  SET fieldname1 = value1, fieldname2 = value2 …
  [WHERE condition]

      
UPDATE customers 
      
SET phone = '9185550001' 
      
WHERE customerID = 'jjackson';

      
UPDATE customers 
      
SET city = 'New York' 
      
WHERE customerID = 'jjackson' 
   OR customerID = 'jjohnson';

Deleting Data with SQL

• To delete record use the DELETE command

DELETE FROM tablename
  [WHERE condition]

DELETE FROM employees WHERE employeeID = "bob";

Extracting Data with SQL

• To extract data use the SELECT command

SELECT fieldname1, fieldname2, … FROM tablename;

• Specific field names can be used to get specific data
• All fields can be retrieved using the asterisk (*).

• What are the first and last names of all of our customers?

SELECT firstName, lastName FROM customers;

• What are the titles, prices, and categories of all of our books?

SELECT Title, Price, Category from books;

• Who are all of our employees?

SELECT * FROM employees;

• Specific records can be extracted by adding a WHERE clause to the select

• What are the names and phone numbers of the customers in New York?

SELECT lastName, phone
      
FROM customers 
      
WHERE city = 'New York';

• What are the titles and prices of books that cost more than $10?

SELECT title, price FROM books WHERE price > 10.00;

• What is the password for employee victrola?

SELECT password FROM employees WHERE employeeID = 'victrola';

• The keyword BETWEEN can also be used to choose what to extract

• What books are in the price range of $10 to $40?

SELECT * FROM books WHERE price BETWEEN 10.00 AND 40.00;

• The IN and NOT IN clauses can be used to match values for extraction from a list.

• Which customers are in Tulsa or New York?

SELECT * FROM customers WHERE city IN ('Tulsa','New York');

• The LIKE clause can be used for find values that are like other values

• What book titles do we have that are similar to "half"?

SELECT * FROM books WHERE title LIKE '%half%';

• Select statements can also be used to sort data by using the ORDER BY clause

• What are all of our books in order of price?

SELECT * FROM books ORDER BY price;

• What are all of our books in order by price?

SELECT * FROM books ORDER BY price DESC;

• Who are our customers in order?

SELECT * FROM customers ORDER BY lastname, firstname;

• Data can be selected from multiple tables with the select statement

• What books titles were purchased by victrolafirecracker?

SELECT title FROM books WHERE ISBN IN (
      
SELECT ISBN FROM orderItems WHERE orderNumber IN (
      
SELECT orderNumber FROM orders WHERE customerID = 'victrolafirecracker'))

• Distinct data can be retrieved by using the DISTINCT key work

• What cities are our customers in?

SELECT DISTINCT city FROM customers;

• Data can be summarized by using SQL functions

• How many customers do we have in the database?

SELECT count(*) AS totalCustomers FROM customers;

• What is the total price of books in the database?

SELECT sum( price ) AS totalBookPriceInStock FROM books;

• What is the total price of books bought by jjackson?

SELECT sum( price ) FROM books WHERE ISBN IN (
      
SELECT ISBN FROM orderItems WHERE orderNumber IN (
      
SELECT orderNumber FROM Orders WHERE customerID = 'jjackson'))

• Other functions include AVG, MAX, MIN
• Summary functions can also be used along with sorting to get counts for specific values;

• How many customers are in New York?

SELECT count(*) FROM customers WHERE city = "New York" GROUP BY city;

Accessing MySQL from a PHP Web Page

How web database architecture works

1. A client request a php page from a server
2. The web server receives the request
3. The web server sees that it is a PHP page so passes the page to the PHP server
4. The PHP server parses and executes the php statements in the page
5. When the php server sees a command to connect to a database server so it does
6. The php server sees a statement that tells it to issue an sql statement against a database
7. The database server returns the results of the sql statement
8. The php pages codes then tell the php server how to work with the returned data from the query
9. The results are formatted and returned to the user as the pages output.

Querying a Database from the Web

• Always involves certain steps
• Check and filter data from user (if necessary)
• Setup connection to the appropriate database
• Query the database
• Retrieve the results
• Present the results back to the user

Checking and Filtering results from the user

• Important because we don’t want bad data to get into the database
• Unexpected values in SQL queries can cause unexpected errors
• Use the trim( ) function to get rid of extra whitespace
• Also handle any special characters that the user may have entered
• Use the get_magic_quotes_gpc( ) function to determine if the server is going to quote the special characters automatically.
• If the server isn’t doing it itself the use the addslashes( ) function to quote special characters
• You then need to use the stripslashes( ) function when the data is taken back out of the db (even if the server did it automatically).
• You may also want to use the htmlspecialcharacters( ) function to transform any html type codes (<,>,&) that may be present to avoid display problems.

Setting up the connection to the database

create table categorys (
  idintnot null auto_increment,
  namevarchar( 50 ) not null,
  PRIMARY KEY (id)
      
)

insert into categorys (name) values ('food');

insert into categorys (name) values ('carpet');

• PHP4 and 5 include a new library that is used for connection to databases called mysqli (I for improved).
• Mysqli allows for databases to be worked with in either an object oriented way or a procedural way.

//object oriented approach
$db = new mysqli( ‘hostname’, ‘username’, ‘password’, ‘databasename’ );

• $db is an object in this case that methods can be called for to access and work with the database.

//procedural approach
$db = mysqli_connect( ‘hostname’, ‘username’, ‘password’, ‘databasename’ );

• In this case, $db is a php resource that can then be passed to other procedural type functions to work with the database.

• Like when we were opening and working with files, you usually will suppress any error messages that result from the attempt to connect to the database but will then check to make sure the connection was established.

//both techniques
if( mysqli_connect_errno( ) ) {
  echo "Could not connect to the DB";
  exit;
}

• The mysqli_connect_errno( ) function returns an error number or zero for success.

Choosing a Database to Use

• The database that will be used was specified when we connected to the database with the last parameter to the mysqli_connect( ) function.
• You can change the database that will be used without creating a new resource or object.

//object oriented
$db->select_db( ‘dbname’ );

//procedural
mysqli_select_db( $db, ‘dbname’ );

Querying the Database

• To execute an sql statement on the database you use either the mysqli_query( ) function or the query( ) method.

//object oriented
$result = $db->query( $query );

//procedural
$result = mysqli_query( $db, $query );

• The object oriented query method returns a result object and the procedural mysqli_query function returns a result resource.
• Both return false if there is an error.

Working with the Query Results

• The result object or resource that was returned from the query needs to be extracted in some way to access the rows that it contains.
• The number of rows in the result object or resource can be examined by using:

//OO
$num_of_rows = $result->num_rows;

//procedural
$num_of_rows = mysqli_num_rows( $result );

• There are many other php functions that can also be used with the returned results.

//OO
$row = $result->fetch_assoc( );

//procedural
$row = mysqli_fetch_assoc( $result );

• Both of these techniques will return the next row (starting from the beginning or the last accessed) as an associative array where the column (attribute) name is the key and the value for that attribute (column) is the value.

//OO
$row = $result->fetch_row( );

//procedural
$row = mysqli_fetch_row( $result );

• Both of these return an indexed array
• The fetch_array( ) function or method allows for either associative arrays to be returned or enumerated (indexed) array or both depending on an argument.

//OO
$row = $result->fetch_array( MYSQLI_NUM );

//procedural
$row = mysqli_fetch_array( $result, MYSQLI_ASSOC );

//OO again
$row = $result->fetch_array( MYSQLI_BOTH );

• Rows from a result set can also be returned as objects

//OO
$row = $result->fetch_object( );

//procedural
$row = mysqli_fetch_object( $result );

echo $row->name;
echo $row->id;

Disconnecting

• It is not usually necessary to disconnect from the database because it will be done automatically when the page (script) ends.
• If you want to disconnect manually for some reason you must first release any result sets:

$result->free( ); //OO

      
mysqli_free_result( $result ); //procedural

• And then close the connection to the database

$db->close( ); //OO

      
mysqli_close( $db ); //procedural

create table categorys (
  idintnot null auto_increment,
  namevarchar( 50 ) not null,
  PRIMARY KEY (id)
      
)

      
create table samples (
  idintnot null auto_increment,
  descriptiontextnot null,
  pricefloat not null,
  categoryintnot null,
  PRIMARY KEY (id),
  FOREIGN KEY (category) REFERENCES categorys(id)
      
)

      
insert into categorys (name) values ('food');
      
insert into categorys (name) values ('drug');

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>View Categories</title>
  </head>

  <body>
    <h1>View - Categories</h1>
    <?php
      $db = new mysqli( 'localhost', 'mysql', '', 'phpexamples');
      //$db = mysqli_connect('localhost','mysql','',
                            'phpexamples');

      if( mysqli_connect_errno( ) ) {
        echo "The database could not be contacted";
        exit;
      }

      $query = "select * from categorys order by name";

      $result = $db->query( $query );
      //$result = mysqli_query( $db, $query );

      echo $result->num_rows . " categories found.";
      //echo mysqli_num_rows( $result ) . " categories found";

      if( $result->num_rows == 0 ) {
      //if( mysqli_num_rows( $result ) == 0 ) {
        echo "No Categories Found.";
      } else {
        echo '<table border="1" cellspacing="0"
                        cellpadding="5">';
        echo '<tr><th></th><th>Name</th></tr>';
        for( $x = 0 ; $x < $result->num_rows ; $x++ ) {
        //for($x = 0 ; $x < mysqli_num_rows( $result ) ; $x++ ) {
          $row = $result->fetch_assoc( );
          //$row = mysqli_fetch_assoc( $result );
          echo '<tr>';
          echo '<td>' . $row[ 'id' ] . '</td>';
          echo '<td>' . $row[ 'name' ] . '</td>';
          echo '</tr>';
        }
        echo '</table>';
      }
    ?>
  </body>
</html>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Add Categories</title>
  </head>

  <body>
    <h1>Add - Categories</h1>

    <?php
      if( isset( $_POST[ 'newcat' ] ) ) {
        if( $_POST[ 'newcat' ] != "" ) {
          $newcat = htmlspecialchars(trim($_POST[ 'newcat' ]));

          $db = new mysqli('localhost','mysql',
                    '','phpexamples');

          //check values for duplicates
          $query = "select name from categorys where name='" .
                            $newcat . "'";

          $result = $db->query( $query );

          if( $result->num_rows > 0 ) {
            echo "That category already exists";
          } else {
            $query = "INSERT INTO categorys (name) VALUES ('" .
                            $newcat . "')";
            $result = $db->query( $query );

            echo "Affected Rows: " . $db->affected_rows .
                              "<br/>";
            if( $db->affected_rows > 0 ) {
              echo "New Category Added<br/>";
              echo '<a href="ViewCategories.php">Go see
                              it</a>';
              exit;
            } else {
              echo "No Changes were made!?!<br/>";
            }
          }
        } else {
          echo "You must supply a new category name";
        }
      }
    ?>

    <form action="addcategories.php" method="post">
      <table>
        <input type="text" name="newcat"/>
        <input type="submit" value="Add Category"/>
      </table>
    </form>
  </body>
</html>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Remove Categories</title>
  </head>

  <body>
    <h1>Remove - Categories</h1>

    <?php
      @ $db = new mysqli('localhost','mysql','','phpexamples');

      if( mysqli_connect_errno( ) ) {
        echo "Could not connect to the database.";
        exit;
      }

      if( isset( $_POST[ 'remove' ] ) ) {
        echo "there are categories to be removed.<br/>";

        $removals = $_POST[ 'remove' ];

        foreach( $removals as $cur ) {
          echo "removing " . $cur . "<br/>";
          $query = "delete from categorys where id='" . $cur .
                                "'";
          $db->query( $query );
        }
      }

      $query = 'select * from categorys order by name';

      $results = $db->query( $query );

      if( $results->num_rows > 0 ) {

      } else {
        echo "The table appears to be empty.";
        exit;
      }
    ?>

    <form action="RemoveCategories.php" method="post">
      <table border="1" cellspacing="0" cellpadding="5">
        <tr><th>Name</th><th>X</th></tr>
        <?php
          for( $x = 0 ; $x < $results->num_rows ; $x++ ) {
            $row = $results->fetch_object( );
            echo '<tr>';
            echo '<td>' . $row->name . '</td>';
            echo '<td><input type="checkbox" value="' . $row->id
                    . '" name="remove[ ]"/></td>';
            echo '</tr>';
          }
        ?>
      </table>
      <input type="submit" value="Remove Selected Categories"/>
    </form>
  </body>
</html>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Edit Categories</title>
  </head>

  <body>
    <h1>Edit Categories</h1>
    Choose a category to edit:
    <table>
      <?php
        @ $db = new mysqli('localhost','mysql','','phpexamples');

        if( mysqli_connect_errno( ) ) {
          echo "Could not connect to the database.";
          exit;
        }

        if( isset( $_GET[ 'id' ] ) ) {
          $query = "select * from categorys where id='"
                        . $_GET[ 'id' ] . "'";
          $result = $db->query( $query );
          $cat = $result->fetch_object( );
          ?>
            <form action="EditCategories.php" method="post">
              <br/><input type="text" name="newcat"
                  value="<?php echo $cat->name; ?>"/><br/>
              <input type="hidden" name="id" value="
                        <?php echo $cat->id; ?>"/>
              <input type="submit" value="Submit Change"/>
            </form>
          <?php
          exit;
        }

        if( isset( $_POST[ 'newcat' ] ) ) {
          if( $_POST[ 'newcat' ] != "" ) {
            $newcat = htmlspecialchars(trim($_POST['newcat']));

            $query = "update categorys set name='" . $newcat
                  . "' where id='" . $_POST[ 'id' ] . "'";
            $db->query( $query );
          } else {
            echo "The category must have a name";
            exit;
          }
        }

        $query = "select * from categorys order by name";
        $result = $db->query( $query );

        for( $x = 0 ; $x < $result->num_rows ; $x++ ) {
          $row = $result->fetch_assoc( );
          echo '<tr>';
          echo '<td><a href="EditCategories.php?id='
          . $row[ 'id' ] . '">' . $row[ 'name' ] . '</a></td>';
          echo '</tr>';
        }
      ?>
    </table>
  </body>
</html>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Search Categories</title>
  </head>

  <body>

    <?php
      @ $db = new mysqli('localhost','mysql','','phpexamples');

      if( mysqli_connect_errno( ) ) {
        echo "The database could not be opened.";
        exit;
      }
    ?>

    <h1>Search Categories</h1>

    <form action="SearchCategories.php" method="post">
      Search for Category:
      <input type="text" name="searchterm"/>
      <input type="submit" value="Search"/>
    </form>

    <?php
      if( isset( $_POST[ 'searchterm' ] ) ) {
        if( $_POST[ 'searchterm' ] != "" ) {
          $term = htmlspecialchars(trim($_POST['searchterm']));


          $query = "select * from categorys where name like '%"
                          . $term . "%'";
          $results = $db->query( $query );

          if( $results->num_rows > 0 ) {
            echo '<ol>';
            for( $x = 0 ; $x < $results->num_rows ; $x++ ) {
              $row = $results->fetch_object( );
              echo '<li>' . $row->name . '</li>';
            }
            echo '</ol>';
          } else {
            echo "No matches were found";
          }

        } else {
          echo "You must supply a category to search for.";
        }
      }
    ?>
  </body>
</html>

Interacting with the Server's Filesystem

Uploading Files

• PHP supports http uploads using the HTML input tag with type set to file.
• File uploads really only work with the POST method of forms, GET will not work
• HTML requirement for uploading files
• The form tag must have its enctype attribute set to "multipart/form-data"
• A hidden field that specifies the maximum upload size
• This field must be named "MAX_FILE_SIZE" and a value specifying the size in bytes.
• An input field of type "file" and a name

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Upload a file</title>
  </head>

  <body>
    <h2>Upload a File</h2>
    <form enctype="multipart/form-data" method="post"
         action="FileUploadReceive.php">
      <input type="hidden" name="MAX_FILE_SIZE" value="2000000"/>
      <input type="file" name="uploadedfile"/><br/>
      <input type="submit" value="Upload File Now"/>
    </form>
  </body>
</html>

Using PHP to Deal with Uploaded Files

• When the file is uploaded from the form it is held in a temporary location until told what to do with it.
• Web servers tmp directory
• If you do not move, rename, or copy the file it will be deleted when the called script ends (whatever is called by the forms action attribute)
• The data needed to handle the uploaded file is stored in the superglobal $_FILES array
• The key for the $_FILES array will be the same as the name attribute from the file tag on the upload form
• The element of this array with the name is another associative array with it’s own elements that store information about the uploaded file
• $_FILES[ ‘uploadname’ ][ ‘tmp_name’ ]
• The place and name of the files stored temporarily on the server
• $_FILES[ ‘uploadname’ ][ ‘name’ ]
• The name of the file as it was on the clients computer
• $_FILES[ ‘uploadname’ ][ ‘size’ ]
• The size of the uploaded file in bytes
• $_FILES[ ‘uploadname’ ][ ‘type’ ]
• the MIME type of the file, text/plain, image/gif, …
• $_FILES[ ‘uploadname’ ][ ‘error’ ]
• Error codes associated with the file upload

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>File Upload Received</title>
  </head>

  <body>
    <h2>File Information</h2>
    <?php
      echo "File name on server: "
          . $_FILES[ 'uploadfile' ][ 'tmp_name' ] . "<br/>";
      echo "Original filename: "
          . $_FILES[ 'uploadfile' ][ 'name' ] . "<br/>";
      echo "Size of file: "
          . $_FILES[ 'uploadfile' ][ 'size' ] . " bytes<br/>";
      echo "File type: "
          . $_FILES[ 'uploadfile' ][ 'type' ] . "<br/>";
      echo "Errors: "
          . $_FILES[ 'uploadfile' ][ 'error' ] . "<br/>";
      if( $_FILES[ 'uploadfile' ][ 'error' ] > 0 ) {
        echo "Error explanation: <br/>";
        switch( $_FILES[ 'uploadfile' ][ 'error' ] ) {
          case 1:
            echo "File exceeds upload_max_filesize
                          (from PHP.INI)";
            break;
          case 2:
            echo "File exceeds max_file_size
                        (from upload form)";
            break;
          case 3:
            echo "File upload not complete";
            break;
          case 4:
            echo "No file uploaded";
            break;
        }
        exit;
      }

      $destination = "./" . $_FILES[ 'uploadfile' ][ 'name' ];

      if( is_uploaded_file( $_FILES[ 'uploadfile' ][ 'tmp_name' ] ) ) {
        if( ! move_uploaded_file(
            $_FILES[ 'uploadfile' ][ 'tmp_name' ],
            $destination ) ) {
          echo "Could not move the file to the destination directory";
          exit;
        }
      } else {
        echo "Possible file upload attack with filename "
            . $_FILES[ 'uploadfile' ][ 'tmp_name' ]
            . "(" . $_FILES[ ‘uploadfile’ ][ ‘name’ ] . ")";
      }

      echo "<h2>File upload completed successfully</h2>";

    ?>
  </body>
</html>

• The is_uploaded_file( ) function returns true if the specified file was uploaded via http post.
• This helps ensure that the client hasn’t somehow tricked the script into working with a native server file.
• The move_uploaded_file( ) function moves only files specified that were uploaded with http post to a destination directory
• If it succeeds it return true.

Security Concerns with Uploading Files

• Best not to allow file uploaded from untrusted parties
• If uploads are allowed avoid echoing back content or doing anything else that could reveal the content of the file
• Rename files that the user has uploaded to something safe (no foreign characters or matching filenames)

Using Directory Functions

• PHP provides a variety of functions for working with files and directories on the server.
• Getting directory information
• The is_dir( ) function tells if a directory exists or not.
• The dirname( ) function is passed a path/filename and returns just the path part.
• The basename( ) function is passed a path/filename and returns just the filename part.
• The disk_free_space( ) function returns the amount of space available on the storage device.
• Creating a removing directories can be accomplished with the mkdir( ) and rmdir( ) functions.
• On unix systems the directory permissions can be set with the umask( ) function.
• The rmdir( ) function will only remove empty directories
• Reading from directories
• The opendir( ) function is like the fopen( ) function, it opens a directory for reading and returns a handle to that directory
• The readdir( ) function returns each successive file name in a directory handle that is passed to it and returns false when there is nothing left
• The closedir( ) function is passed a directory handle and closes that directory
• The rewinddir( ) function resets the directory handle it is passed to start reading through the file listings again

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>File Upload Received</title>
  </head>

  <body>
    <?php
      echo '<h2>File Information</h2>';

      echo "File name on server: "
          . $_FILES[ 'uploadfile' ][ 'tmp_name' ] . "<br/>";
      echo "Original filename: "
          . $_FILES[ 'uploadfile' ][ 'name' ] . "<br/>";
      echo "Size of file: "
          . $_FILES[ 'uploadfile' ][ 'size' ] . " bytes<br/>";
      echo "File type: "
          . $_FILES[ 'uploadfile' ][ 'type' ] . "<br/>";
      echo "Errors: "
          . $_FILES[ 'uploadfile' ][ 'error' ] . "<br/>";
      if( $_FILES[ 'uploadfile' ][ 'error' ] > 0 ) {
        echo "Error explanation: <br/>";
        switch( $_FILES[ 'uploadfile' ][ 'error' ] ) {
          case 1:
            echo "File exceeds upload_max_filesize
                        (from PHP.INI)";
            break;
          case 2:
            echo "File exceeds max_file_size
                        (from upload form.html)";
            break;
          case 3:
            echo "File upload not complete";
            break;
          case 4:
            echo "No file uploaded";
            break;
        }
        exit;
      }

      if( ! is_dir( './uploads' ) ) {
        mkdir( 'uploads', 0777 );
      }

      $destination = "./uploads/"
                  . $_FILES[ 'uploadfile' ][ 'name' ];

      if( is_uploaded_file(
          $_FILES[ 'uploadfile' ][ 'tmp_name' ] ) ) {
        if( ! move_uploaded_file(
            $_FILES[ 'uploadfile' ][ 'tmp_name' ],
            $destination ) ) {
          echo "Could not move the file to the destination
                            directory";
          exit;
        }
      } else {
        echo "Possible file upload attack with filename "
            . $_FILES[ 'uploadfile' ][ 'tmp_name' ]
            . "(" . $_FILES[ 'uploadfile' ][ 'name' ] . ")";
      }
      echo "<h2>File upload completed successfully</h2>";

      if( $dir = opendir( 'uploads' ) ) {
        echo "Uploaded files:<br/>";
        while( $file = readdir( $dir ) ) {
          if( $file != "." && $file != ".." ) {
            echo $file . "<br/>";
          }
        }

        closedir( $dir );
      }
    ?>
  </body>
</html>

Getting Information about specific files

• fileatime( )
• filemtime( )
• fileowner( )
• filegroup( )
• fileperms( )
• filetype( )
• filesize( )
• is_executable( )
• is_file( )
• is_link( )
• is_readable( )
• is_writable( )
• All of these functions can be used to gather information about files.
• touch( )
• unlink( )
• copy( )
• rename( )
• also used for moving files

Program Execution Functions

• There are four different technique for executing commands on the server
• exec( )

string exec(string command [, array &results [, int &returncode]])

• The exec( ) function will return the output from the executed command to the client if only the command is passed.
• If a second variable is passed it will be used as an array to store as strings each line of output from the command.
• The third parameter can be passed and will have the exit code from the command stored in it.

• passtatementru( )

void passtatementru( string command [, int returncode] )

• The passtatementru( ) function always returns the output from the command to the client.
• The second parameter is for a return code if desired.

• system( )

string system( string command [, int &returncode] )

• Same as passtatementru( ) except that is attempts to flush output after every line (passtatementru does not)

• backquotes
• Placing back quotes (backticks) around a valid command will cause the command to execute and the output to be returned as a string.

Interacting with the Servers Environment

• getenv( )
• Allows environmental variables from the server to he read (same info as comes from phpinfo( ) function).
• putenv( )
• Allows environmental variables to be set.

Network and Protocol Functions

Examining Available Protocols

• Protocols are the rules that must be followed for communication to succeed.
• The internet makes use of many protocols including HTTP, POP, SMTP, and FTP

Sending and Reading Email

• PHP includes a mail( ) function that can be used for sending emails using the SMTP protocol
• For the mail( ) function to operate the server and the PHP installation must be properly configured (see php.net)
• Other 3rd party packages are also available for sending (and receiving) email.
• The PHPMailer package is one of my favorite (http://phpmailer.sourceforge.net/)

// Email form
<?php echo '<?xml version="1.0" encoding="UTF-8"?>' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
  <head>
    <title>Email Me</title>
  </head>

  <body>
    <h1>Email Me</h1>

    <form enctype="multipart/form-data"
         action="receiveEmail.php" method="POST">
      <!-- to: -->
      to: Victrola Firecracker&lt;victrola@firecracker.org&gt;
      <br/>

      <!--from name -->
      your name: <input type="text" name="name"/>
      <br/>

      <!-- from address -->
      your address: <input type="text" name="address"/>
      <br/>

      <!-- subject: -->
      subject: <input type="text" name="subject"/>
      <br/>

      <!-- body: -->
      body:<br/>
      <textarea name="body"></textarea>

      <!-- MAX_FILE_SIZE is about 5MB -->
      <input type="hidden" name="MAX_FILE_SIZE"
            value="5000000" />
      <br/>

      <!-- file select control -->
      Send this file: <input name="userfile" type="file" /><br/>
      <input type="submit" value="Send File" />
    </form
  </body>
</html>

// Receive email action script
<?php
$DEBUG = true;

//what type of email is this? submitted homework or a regular email
$emailType = "";

if( $_POST[ 'name' ] != "" && $_POST[ 'address' ] != "" && $_POST[ 'subject' ] != "" && $_POST[ 'body' ] != "" ) {
  $emailType = "regular";
} else if( $_POST[ 'name' ] != "" && $_POST[ 'address' ] != "" ) {
$emailType = "homework";
} else {
  echo "There are required fields missing<br/>";
  exit;
        }

if( DEBUG ) echo "Email type is " . $emailType . "<br/>";

//receive the uploaded attachment
$uploaddir = './tmp/';

$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

            
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { 
  echo "File is valid, and was successfully uploaded.<br/>";
} else {
  $errorNo = $_FILES['userfile']['error'];
  if( $errorNo == 0 ) {
    echo "Wait a second. This isn't an error.
         nevermind. wait. yes it is. look above.<br/>";
  } else if( $errorNo == 1 ) {
    echo "Your file exceeds the maximum upload limit (It's to big)
         set by the server.<br/>";
  } else if( $errorNo == 2 ) {
    echo "Your file exceeds the maximum upload limit (It's to
         big).<br/>";
  } else if( $errorNo == 3 ) {
    echo "It appears the upload was interrupted. Please try
        again.<br/>";
  } else if( $errorNo == 4 ) {
    echo "No attachment detected.<br/>";
  } else if( $errorNo == 5 ) {
    echo "Missing temporary folder. Please report this to the
         webmaster.<br/>";
  } else if( $errorNo == 6 ) {

  }

  //no point in submitting a homework email with no homework
//attached.
if( $emailType == "homework" ) {
  exit;
  }
                          }

//prep the email
                              
require("class.phpmailer.php");

$mail = new PHPMailer();

$mail->From     = $_POST['address'];
$mail->FromName = $_POST['name'];
$mail->Host     = "mail.thesingers.info";
$mail->Mailer  = "smtp";

$subject = "";
$body = "";
$text_body = "";

//Build the email

//email subject
if( $emailType == "homework" ) {
$subject = "Homework from " . $_POST['name'];
} else {
  $subject = $_POST[ 'subject' ];
                              }

//email body
if( $emailType == "homework" ) {
  $body = "<p>A homework assignment has been submitted by
          <strong>" . $_POST['name'] . "</strong></p>";

  // Plain text body (for mail clients that cannot read HTML)
  $text_body = "A homework assignment has been submitted by " .
$_POST['name'] . "\n\n";
} else {
$body = $_POST[ 'body' ];
  $text_body = $body;
                                  }

$mail->Subject = $subject;
$mail->Body    = $body;
$mail->AltBody = $text_body;
$mail->AddAddress("victrola@firecracker.org", "Victrola Firecracker");
$mail->AddAttachment($uploadfile);

if( !$mail->Send() ) {
  echo "There has been a mail error sending to
       victrola@firecracker.org<br/>";
  echo "Go back and make sure the email address you specified is
     valid.";
//echo "Mailer Error: " . $mail->ErrorInfo;
} else {
  echo "Email sent!";
                                      }

// Clear all addresses and attachments for next loop
$mail->ClearAddresses();
$mail->ClearAttachments();
    
unlink( $uploadfile ); //delete file from tmp folder
?>

Using Other Websites

• Screen Scraping using HTTP
• Ethical implications to doing it.
• Does the person who’s being scraped approve?
• Also can be very difficult, especially if the scraped site changes its formatting.
• I prefer to use XML sources when available

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>Tulsa Temperature</title>
  </head>

  <body>
  <h1>Current Tulsa Temperature</h1>
    <?php
      $url = "http://www.weather.gov/data/current_obs/KRVS.xml";
      if( ! ($content = file_get_contents( $url ))) {
        echo "Could not open url";
        exit;
      }

      $temppattern = '<temp_f>.*</temp_f>';
      if( eregi( $temppattern, $content, $temp_f ) ) {
        echo strip_tags($temp_f[ 0 ]) . "&deg; F";
      } else {
        echo "No Current Temp Available";
      }

      $chillpattern = '<windchill_f>.*</windchill_f>';
        if( eregi( $chillpattern, $content, $chill_f ) ) {
        echo " but it feels like " . strip_tags($chill_f[ 0 ]) . "&deg; F";
      } else {
        echo "No Windchill Info Available";
      }
    ?>
  </body>
</html>

Using Network Lookup Functions

• IP addresses can be resolved from domain names by using the gethostbyname( ) function.

string gethostbyname ( string hostname )

• The hostname can be found from an IP address by using the gethostbyaddr( ) function

string gethostbyaddr ( string ip_address )

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>untitled</title>
  </head>
  <body>
    <?php
      $host = "threesuns.org";

      $ip = gethostbyname( $host );
      echo "The IP address for " . $host . " is " . $ip;

      $actualhost = gethostbyaddr( $ip );
      echo "<br/>The actual host name for that address is " . $actualhost;
    ?>
  </body>
</html>

• You can determine the correctness of an email address by checking DNS for an MX record for the address’s host.

bool dns_get_mx (string hostname, array &mxhosts [, array &weight])

• This function will find an MX record for the host if it exists, this might not be the host to which the email will be delivered, it is just a machine that knows how to route the email.
• This function does not work on Windows versions of PHP

int checkdnsrr ( string host [, string type] )

• This function returns a true or false as to if the host address could be found in DNS.

Using FTP

• FTP allows for files to be transferred between hosts on the internet.
• fopen( ) and other file related functions already covered work with FTP
• There are also other FTP specific functions included in PHP

resource ftp_connect ( string host [, int port [, int timeout]] )

bool ftp_close ( resource ftp_stream )

bool ftp_login ( resource ftp_stream, string username, string password )

bool ftp_cdup ( resource ftp_stream )

bool ftp_chdir ( resource ftp_stream, string directory )

array ftp_nlist ( resource ftp_stream, string directory )

bool ftp_get ( resource ftp_stream, string local_file, string remote_file, int mode [, int resumepos] )

bool ftp_put ( resource ftp_stream, string remote_file, string local_file, int mode [, int startpos] )

int ftp_size ( resource ftp_stream, string remote_file )

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>FTP</title>
  </head>

  <body>
  <?php
    $host = "ftp.mozilla.org";
    $path = "/pub/mozilla.org/firefox/releases/1.5/win32/en-US/";
    $user = "anonymous";
    $password = "victrola@firecracker.org";

    echo "<h2>FTP'd to " . $host . "</h2>";

    $conn = ftp_connect( $host );
    if( ! $conn ) {
      echo "Could not connect to " . $host;
      exit;
    } else {
      echo "Connected to " . $host . "<br/>";
    }

    $loggedin = ftp_login( $conn, $user, $password );
    if( ! $loggedin ) {
      echo "Could not login to " . $host;
      exit;
    } else {
      echo "Logged into " . $host . "<br/>";
    }

      $mode = ftp_pasv( $conn, true );

      if( isset( $_GET[ 'getfile' ] ) ) {
        echo "Getting file " . $_GET[ 'getfile' ] . "<br/>";
        ftp_get( $conn, basename( $_GET[ 'getfile' ] ), $_GET[ 'getfile' ], $mode );
        echo '<a href="' . basename( $_GET[ 'getfile' ] ) . '">File retrieved</a><br/>';
      } else {
        $files = ftp_nlist( $conn, $path );

        set_time_limit( 120 );
            

        foreach( $files as $file ) {
          echo '<a href="' . $_SERVER['PHP_SELF'] . '?getfile=' . $file . '">' . $file . '</a>' . "<br/>";
        }
      }
    ftp_quit( $conn );
    echo "Logged out and connection closed.<br/>"
  ?>
  </body>
</html>

Generating Images

• Most PHP installations include the GD2 library that can be used for generating and manipulating images.
• Other external libraries can also be added to PHP to enhance these abilities.
• ImageMagik

Image Formats

• GD2 supports JPEG, PNG, WBMP, and GIF (limited) image formats
• JPEG
• Actual image type name is JFIF
• Best used with photographs because they store image information as gradations of colors.
• Uses lossy compression which creates smaller images but also looses some quality
• PNG
• Portable network graphics
• Replacement for GIF image format
• Uses lossless compression
• Best used for images of text, lines, and blocks of color
• WBMP
• Wireless bitmap, designed specifically for wireless devices, it is not used very often
• GIF
• Graphics Interchange Format
• Lossless compression gives good file sizes when used for same types of images as PNG
• Patent problems have made the use of GIF images tricky so some versions of GD2 do not support it

Creating Images

• Four basic steps
• Create the canvas on which to work
• Draw shapes and put text onto the canvas
• Output the final graphic
• Clean up the resources

• Three ways to use the graphics
• Directly from the file generating the image
• By calling the generating file from an IMG tag
• Outputting the image to a file to then be used

<?php
  header("Content-type: image/png");

  $width = 120;
  $height = 25;

  // Create image and define colors
  $image = imagecreatetruecolor( $width, $height );

  //the first color allocated is the background???
  $white = imagecolorallocate( $image, 255,255,255 );
  $green = imagecolorallocate( $image, 0,150,0 );

  imagefill( $image, 0, 0, $green );

  imagestring( $image, 5, 3, 5, "Hello, World!", $white );

  imagepng( $image );
  imagedestroy( $image );
?>

• or

<img src="HelloWorld.php" alt="HelloWorld"/>

• or

imagepng( $image, "newimage.png" );

Creating a Canvas

• Creating a canvas can be done by using the imagecreatetruecolor( ) function or just the imagecreate( ) function.
• Both take a width and a height as parameters.
• These functions will then return an image resource / handle that will be used for manipulating that image
• Image canvases can also be created from pre existing images by using the imagecreatfrompng( ), imagecreatefromjpg( ), or imagecreatefromgif( ) functions.
• Each of these functions takes a filename as a parameter and returns an image resource to be manipulated.

Drawing on a Canvas

• The GD2 library includes many functions for working with a canvas.
• Before anything else is done it is usually a good idea to setup the colors that will be needed.

int imagecolorallocate(resource image, int red,int green,int blue)

• Each canvas has a color palette that can be added to by using the imagecolorallocate( ) function.
• This function is passed the resource handle for the image that is being added to and the RGB values for the color that is desired.
• This function then returns an identifier for that color to be used whenever that color is needed.
• Canvases can be painted a solid color by using the imagefill( ) function

bool imagefill ( resource image, int x, int y, int color )

• This function fills a canvas from a starting position to the canvases edges with a specified color
• Lines can be drawn on a canvas using the imageline( ) function

bool imageline(resource image, int x1, int y1, int x2, int y2, int color)

• The imageline( ) function will draw a line from a specified starting point to the specified ending point in a selected color.
• Many other functions are also available for drawing basic shapes

bool imagerectangle ( resource image, int x1, int y1, int x2, int y2, int col )

bool imageellipse ( resource image, int cx, int cy, int w, int h, int color )

bool imagepolygon ( resource image, array points, int num_points, int color )

bool imagefilledrectangle ( resource image, int x1, int y1, int x2, int y2, int color )

bool imagefilledellipse ( resource image, int cx, int cy, int w, int h, int color )

bool imagefilledpolygon ( resource image, array points, int num_points, int color )

<?php
  header("Content-type: image/png");
  $width=200;
  $height=50;

  // Create image and define colors
  $image = imagecreatetruecolor( $width, $height );

  $background = imagecolorallocate( $image, 255, 255, 255 );
  imagefill( $image, 0, 0, $background );

  $color = imagecolorallocate( $image, 100, 100, 255 );

  ImageRectangleWithRoundedCorners( $image, 0, 0, $width, $height, 15, $color );

  imagepng( $image );
  imagedestroy( $image );

  function ImageRectangleWithRoundedCorners( &$im, $x1, $y1, $x2,
                        $y2, $radius, $color ) {
    // draw rectangle without corners
    imagefilledrectangle( $im, $x1+$radius, $y1, $x2-$radius, $y2, $color );
    imagefilledrectangle( $im, $x1, $y1+$radius, $x2, $y2-$radius, $color );
    // draw circled corners
    imagefilledellipse( $im, $x1+$radius, $y1+$radius, $radius*2, $radius*2, $color );
    imagefilledellipse( $im, $x2-$radius, $y1+$radius, $radius*2, $radius*2, $color );
    imagefilledellipse( $im, $x1+$radius, $y2-$radius, $radius*2, $radius*2, $color );
    imagefilledellipse( $im, $x2-$radius, $y2-$radius, $radius*2, $radius*2, $color );
  }
?>

Using Text and Font on Images

• Drawing text on an image can be accomplished several ways
• The imagestring( ) function can be used to draw very simple text in one of five built in non-aliased fonts (all look like courier).

bool imagestring ( resource image, int font, int x, int y, string s, int col )

• Text produced from this function is not very attractive
• The imagettftext( ) function can also be used

array imagettftext ( resource image, float size, float angle, int x, int y, int color, string fontfile, string text )

• Text produced from this function can be much nicer looking because true type fonts can be used.
• The imagettfbbox( ) function can be used to get information about the font’s bounding box.

putenv( 'GDFONTPATH=/Users/victrola/Library/Fonts' );

• To be able to load ttf fonts your can either:
• Set the GDFONTPATH variable to point to where the fonts are installed or
• Copy the font file to the folder holding the php script
• At that point the font can be specified by name

array imagettfbbox ( float size, float angle, string fontfile, string text )

• This function returns an array whose values correspond to the corner positions of an imaginary box surrounding the specified text written in the specified font.

//////////////////////////////////////////////////////////////////
// Put center-rotated ttf-text into image
// Same signature as imagettftext();
//////////////////////////////////////////////////////////////////
function imagettftext_cr(&$im, $size, $angle, $x, $y, $color, $fontfile, $text) {
  // retrieve boundingbox
  $bbox = imagettfbbox($size, $angle, $fontfile, $text);

  // calculate deviation
  // deviation left-right
  $dx = ($bbox[2]-$bbox[0])/2.0 - ($bbox[2]-$bbox[4])/2.0;
  // deviation top-bottom
  $dy = ($bbox[3]-$bbox[1])/2.0 + ($bbox[7]-$bbox[1])/2.0;

  // new pivotpoint
  $px = $x-$dx;
  $py = $y-$dy;

  return imagettftext($im, $size, $angle, $px, $py, $color, $fontfile, $text);
}

Session Management and Cookies

What is a session?

• HTTP is a stateless protocol
• If a user requests one page and then another both requests are seen as being unrelated to any others.
• The server does not know that both requests came from the same user.
• Session management provides a way for the server to track a user during a single session
• This allows user to login to a site and then be tracked as they move from page to page on the site.
• A users authorization level and person preferences can also be stored in this way so that they follow the user whenever they are logged into a site.
• The superglobal variable $_SESSION is used for this purpose.

Basic Session Functionality

• To track a single user, PHP generates a cryptographically random number that is used identify that user.
• This session id can follow the user as they move about a site by either storing the value in a cookie or by rewriting the users URL.
• Once this session id is established it can be used to associate a particular set of session variables stored in $_SESSION with a particular user.
• These variables are stored on the server and only the session id is visible from the clients’ computer.
• The session variables are stored by the server in a flat file although a database can also be configured and used.

What is a Cookie?

• A cookie is a small chunk of data that is maintained by the clients’ browser.
• It is up to the browser to decide exactly how this data is stores although small text files are traditional.
• All cookies are made up of name/value pairs where the name identifies a cookie and allows for the associated value to be retrieved.
• Cookies also store information about the domain and path from where they were initially set.
• Cookies are returned to the server as part of the header information anytime the user visits a page associated with a particular cookie.
• Cookies can also be set with an expiration data, a path from which they are accessible, a domain that they are associated with, and whether the cookie is secure or not.

Setting Cookies from PHP

• Cookies can be created manually from PHP by using the setcookie( ) function.

bool setcookie( string name [, string value [, int expires [, string path [, strring domain [, int secure]]]]] )

• Cookies can then be accessed after they are set by using the $_COOKIE superglobal array.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
  <head>
    <title>Cookie Test</title>
  </head>
  <body>
    <?php
      if( isset( $_POST[ 'newcookiename' ] ) ) {
        $name = $_POST[ 'newcookiename' ];
        $value = $_POST[ 'newcookievalue' ];

        if( setcookie( $name, $value ) ) {
          header( 'location:' . $_SERVER[ 'PHP_SELF' ] );
        }
      }
    ?>

    <h1>Cookie Test</h1>
    <form action="<?php echo $_SERVER[ 'PHP_SELF' ] ?>"
         method="post">
      New Cookies Name:
      <input type="text" name="newcookiename"/><br/>
      New Cookies Value:
      <input type="text" name="newcookievalue"/><br/>
      <input type="submit" value="Create new cookie"/>
    </form>

    <?php
      echo count( $_COOKIE ) . " cookies<br/><br/>";
      foreach( $_COOKIE as $name => $value ) {
        echo $name . " = " . $value . "<br/>";
      }
    ?>

  </body>
</html>

• Cookies can be deleted by setting an expiration date in the past.
• The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch. In other words, you'll most likely set this with the time() function plus the number of seconds before you want it to expire.

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Cookie Test</title>
  </head>

  <body>

    <?php
      //add new cookies
      if( isset( $_POST[ 'newcookiename' ] ) ) {
        $name = $_POST[ 'newcookiename' ];
        $value = $_POST[ 'newcookievalue' ];

        $expires = time( ) + 60; //expires in 1 minute

        if( setcookie( $name, $value, $expires ) ) {
          header( 'location:' . $_SERVER[ 'PHP_SELF' ] );
        }
      }
    ?>

    <?php
      //delete old cookies
      if( isset( $_GET[ 'cname' ] ) ) {
        $name = $_GET[ 'cname' ];

        $expires = time( ) - 1; //expires in 1 minute

        if( setcookie( $name, "", $expires ) ) {
          header( 'location:' . $_SERVER[ 'PHP_SELF' ] );
        }
      }
    ?>

    <h1>Cookie Test</h1>
    <form action="<?php echo $_SERVER[ 'PHP_SELF' ] ?>"
         method="post">
      New Cookies Name:
      <input type="text" name="newcookiename"/><br/>
      New Cookies Value:
      <input type="text" name="newcookievalue"/><br/>
      <input type="submit" value="Create new cookie"/>
    </form>

    <?php
      echo count( $_COOKIE ) . " cookies<br/><br/>";
      foreach( $_COOKIE as $name => $value ) {
        echo $name . " = " . $value
            . " <a href=\"" . $_SERVER[ 'PHP_SELF' ]
            . "?cname=" . $name . "\">Delete this
                        cookie</a><br/>";
      }
    ?>

  </body>
</html>

Using Cookies with Sessions

• Cookies have some problems:
• Users may turn them off
• Some browsers might not accept them at all
• These problems can be overcome by not relying entirely on cookies to manage sessions.
• URL rewriting can also be used to accomplish the same thing but working with both cookies and URL rewriting can be tedious and error prone.
• PHP’s built in session handling ability can use either cookies or URL rewriting without the programming having to know specifically how it is being done.
• The level of abstraction makes handling sessions far simpler.

Implementing Simple Sessions

• Working with sessions in PHP is a four step process:
• Starting the session
• Registering session variables
• Using Session variables
• Unsetting session variables and destroying the session
• All of these steps might now always be performed and all of them almost certainly will not happen on the same page.

Starting a Session

• Before you can use the $_SESSION array to track users and the values associated with them you must start a session.

session_start( );

• Calling the session_start( ) function instructs php to start a session for the current user.
• PHP will respond to this command by first checking to see if the user has a session id already set in a cookie or in the current URL.
• If there is a session id already then PHP makes the $_SESSION array associated with that id available to the current page.
• If there is not session id found then a new one is generated and a $_SESSION array is created to go with it and store it’s session variables.
• This function will need to be called at the beginning of every page that will be session aware.
• It should be the very first thing called because cookies may be used.

Registering Session Variables

• Once a session has begun, the $_SESSION array is available for storing values to accompany this session (user).
• The $_SESSION array is an associative array like $_POST or $_GET so new name/value are easy to add.

$_SESSION[ ‘bgcolor’ ] = "black";

Using Session Variables

• Starting a session with session_start( ) brings the appropriate $_SESSION array into scope so that the values in it can be accessed.
• If objects are used as values in the $_SESSION array then the class must be made available before starting the session so that PHP will have the class definition to reconstruct the objects before they are loaded.

echo $_SESSION[ ‘bgcolor’ ];

Unsetting Session Variables and Destroying a Session

• Session variables can be unset by using the unset( ) function.

unset( $_SESSION[ ‘bgcolor’ ] );

• All session information can be unset at once by reinitialized the $_SESSION array.

$_SESSION = array( );

• After this is done the session can be formally ended by calling the session_destroy( ) function.

session_destroy( );

• This will remove the current session id cookie or URL parameter.

<?php
  session_start( );
?>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Page 1</title>
  </head>

  <?php
    if( isset( $_POST[ 'bgcolor' ] ) ) {
      $_SESSION[ 'bgcolor' ] = $_POST[ 'bgcolor' ];
    }
  ?>

  <style type="text/css">
    body {
      background-color:
      <?php
        if( ! empty( $_SESSION[ 'bgcolor' ] ) ) {
          echo $_SESSION[ 'bgcolor' ];
        } else {
          echo "white";
        }
      ?>
      ;
    }
  </style>

  <body>
    <h1>Page 1</h1>
    <div id="nav">
      <ul>
        <li><a href="page1.php">Page 1</a></li>
        <li><a href="page2.php">Page 2</a></li>
        <li><a href="page3.php">Page 3</a></li>
      </ul>
    </div>
    <form action="<?php echo $_SERVER[ 'PHP_SELF' ] ?>"
         method="post">
      Choose a background color:
      <select name="bgcolor">
        <option>White</option>
        <option>Red</option>
        <option>Yellow</option>
        <option>Green</option>
      </select>
      <br/>
      <input type="submit" value="Change Color"/>
    </form>
  </body>
</html>

<?php
  session_start( );
?>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Page 2</title>

    <style type="text/css">
    body {
      background-color:
      <?php
        if( ! empty( $_SESSION[ 'bgcolor' ] ) ) {
          echo $_SESSION[ 'bgcolor' ];
        } else {
          echo "white";
        }
      ?>
      ;
    }
  </style>

  </head>

  <body>
    //include title and nav div here
  </body>
</html>

<?php
  session_start( );
?>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Page 3</title>

    <?php
      if( isset( $_GET[ 'reset' ] ) ) {
        $_SESSION = array( );
        session_destroy( );
      }
    ?>

  <style type="text/css">
    body {
      background-color:
      <?php
        if( ! empty( $_SESSION[ 'bgcolor' ] ) ) {
          echo $_SESSION[ 'bgcolor' ];
        } else {
          echo "white";
        }
      ?>
      ; /* ending ; for css attribute */
    }
  </style>

  </head>

  <body>
    //include title and nav div here

    <a href="<?php echo $_SERVER[ 'PHP_SELF' ] ?>?reset=true">
      Reset Session
    </a>
  </body>
</html>

PDO Based Database Access

PDO = PHP Data Objects

Why use PDO instead of mysqli?

• Prepared statements! - better, safer, more OO!
• One consistant interface across database systems

Database Support

Currenlty Available Drivers:

//Find out which drivers you have with:
print_r(PDO::getAvailableDrivers( ));

How to Connect to the DB Server:

//common connections
try {
  //MS SQL Server
  $db = new PDO("mssql:host=$host;dbname=$dbname, $user, $pass");

  //MySQL
  $db = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);

  //SQLite
  $db = new PDO("sqlite:my/database/path");
} catch(PDOException $e) {
  echo $e->getMessage();
}

//close the connection
$db = null;

Exceptions and PDO

Always wrap your PDO operations in a try/catch. Exceptions are how PDO handles all of it's errors.

$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT );
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

Default is to not throw exceptions but this isn't very useful, or not as useful as it could be

PDO::ERRMODE_SILENT

Give PHP warning, program keeps executnig so you miss it if you're not looking

PDO::ERRMODE_WARNING

The best mode. Errors throw exceptions that aren't easily missed and are very descriptive

PDO::ERRMODE_EXCEPTION

try {
$db = new PDO("mysql:host=$host; dbname=$dbname", $user, $pass);
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$db->prepare('DELECT title FROM songs'); //<-- OOPS!
} catch(PDOException $e) {
  echo "A PDO Exception has Occurred";
}

Inserting and Updating

$statement = $db->prepare("INSERT INTO songs ( title ) values ( 'Mermaid Smiled' )");
$statement->execute();

Prepared Statements

Using prepared statements will help protect you from SQL injection.

Prepared statements by including a placeholder in the SQL code.

//BAD!
$statement = $db->prepare("INSERT INTO songs (title, duration, tracknumber) values ($title, $duration, $tracknumber)");

Unnamed Placeholders

//unnamed placeholders, gets confusing when there are many of them
$statement = $db->prepare("INSERT INTO songs (title, duration, tracknumber) values (?, ?, ?)");

//assign variables to each place holder, indexed 1-3
$statement->bindParam(1, $title);
$statement->bindParam(2, $duration);
$statement->bindParam(3, $tracknumber);

//insert one row
$title = "Mermaid Smiled"
$duration = "3:20";
$tracknumber = 3;
$statement->execute();

//insert another row with different values
$title = "That Wave"
$duration = "2:50";
$tracknumber = 9;
$statement->execute();

//another way that doesn't require the binding step
$data = array('Mermaid Smiled', '3:20', 3);
$statement = $db->prepare("INSERT INTO songs (title, duration, tracknumber) values (?, ?, ?)");
$statement->execute($data);

Named Placeholders

//named placeholders
$statement = $db->prepare("INSERT INTO songs (title, duration, tracknumber) value (:title, :duration, :tracknumber)");

//placeholders can start with a colon but don't have to
$statement->bindParam(':title', $title);

//the data we want to insert
$data = array( 'title' => 'Mermaid Smiled', 'duration' => '3:20', 'tracknumber' => 3 );

//the array shortcut
$statement = $db->prepare("INSERT INTO songs (title, druation, tracknumber) value (:title, :duration, :tracknumber)");
$statement->execute($data);

Inserting Objects

Objects can be inserted into the database if their property names match the field names

class song {
  public $title;
  public $duration;
  public $tracknumber;
    function __construct($t,$d,$t) {
      $this->title = $t;
      $this->duration = $d;
      $this->tracknumber = $t;
    }
    // ...
  }
$mermaid = new song('Mermaid Smiled','3:20',3);

$statement = $db->prepare("INSERT INTO songs (title, duration, tracknumber) value (:title, :duration, :tracknumber)");
$statement->execute((array)$mermaid);

Selecting Data

fetch() gets data from the database. Needs to know in what format to return it:

//set it like this
$statement->setFetchMode(PDO::FETCH_ASSOC);

//FETCH_ASSOC
$statement = $db->query('SELECT title, duration, tracknumber from songs'); //shortcut to fetch when there are no options
$statement->setFetchMode(PDO::FETCH_ASSOC);
while($row = $statement->fetch()) {
  echo $row['title'] . "\n";
  echo $row['duration'] . "\n";
  echo $row['tracknumber'] . "\n";
}

//FETCH_OBJ
$statement = $db->query('SELECT title, duration, tracknumber from songs');
$statement->setFetchMode(PDO::FETCH_OBJ);
while($row = $statement->fetch()) {
  echo $row->title . "\n";
  echo $row->duration . "\n";
  echo $row->tracknumber . "\n";
}

Other Methods

$db->lastInsertId()

returns the last inserted row by that connection

exec()

Used for queries that only return the affected row. Like when you delete

$db->exec('DELETE FROM songs WHERE 1');

Quotes strings so they are safe to use in queries, shouldn't be needed if you're using prepared statements.

$new_string = $db->quote($old_string);

rowCount()

Returns the number of rows affected by an operation

$rows_affected = $statement->rowCount();