PHP Server-Side Scripting Guide
PHP Server-Side Scripting Guide
The scripting language needs to be enabled on the client computer. Sometimes if a user is conscious of security risks
they may switch the scripting facility off. When this is the case a
message usually pops up to alert the user when script is attempting to run.
Includes :-
o JavaScript, Action Script (used to create animated interactive web applications for Adobe Flash
Player using Adobe Flash Pro), VBScript (NOTE: VBScript can also be used as Server-side so
that processing is done on the server.), Css, html etc
1.2. Introduction to Server Side Script
Server-side scripting language, which means that the scripts are, executed on the server, the computer
where the Web site is located.
Server-side scripting is a web server technology in which a user's request is fulfilled by running a script
directly on the web server to generate dynamic web pages. It is usually used to provide interactive web
sites that interface to databases or other data stores. This is different from client-side scripting where scripts
are run by the viewing web browser.
The primary advantage to server-side scripting is the ability to highly customize the response based on the
user's requirements, access rights, or queries into data stores. From security point of view, server-side
scripts are never visible to the browser as these scripts are executes on the server and emit HTML
corresponding to user's input to the page.
In contrast, server-side scripts, written in languages such as PHP, ASP.NET, Java, ColdFusion, Perl, Ruby,
Go, Python, and server-side JavaScript, are executed by the web server when the user requests a document.
They produce output in a format understandable by web browsers (usually HTML), which is then sent to the
user's computer. The user cannot see the script's source code (unless the author publishes the code
separately), and may not even be aware that a script was executed. Documents produced by server-side
scripts may, in turn, contain client-side scripts.
Server-side Web scripting is mostly about connecting Web sites to back end servers, such as databases.
This enables two-way communication:
Client to server: Customer-entered information as request.
Server to client: Web pages can be assembled from back end-server to give output.
1
Server-side scripting is about "programming" the behavior of the server while client-side scripting is about
"programming" the behavior of the browser. Normally, when a browser requests an HTML file, the server
returns the file. However, if the file contains a server-side script, the script is executed on the server before
the file is returned to the browser as plain HTML.
A server script can do:-
Dynamically edit, change or add any content to a Web page
Respond to user queries or data submitted from HTML forms
Access any data or databases and return the result to a browser
Customize a Web page to make it more useful for individual users
Provide security since server code cannot be viewed from a browser
In server side script, since the scripts are executed on the server, the browser that displays the file does not need
to support scripting at all. The followings are server-side scripts:
PHP (*.php)
Active Server Pages (ASP)
ANSI C scripts
Java via JavaServer Pages (*.jsp)
JavaScript using Server-side JavaScript (*.ssjs)
Lasso (*.lasso) etc
The main focus here is PHP, which is a server-side scripting language, which can be embedded in HTML
or used as a standalone binary, and could be run with open source software like WAMP server.
PHP can dynamically create the HTML code that generates the Web page.
Web page visitors see the output from scripts, but not the scripts themselves.
1.3. PHP Basic Syntax
PHP stands for PHP: Hypertext Preprocessor. It is a server-side scripting language, which can be embedded in
HTML. Over the past few years, PHP and server-side Java have gained momentum, while ASP has lost mindshare.
PHP is a server-side scripting language, which means that the scripts are executed on the server, the computer where
the Web site is located. This is different than JavaScript, another popular language for dynamic Web sites. JavaScript
is executed by the browser, on the user‟s computer. Thus, JavaScript is a client-side language.
Because PHP scripts execute on the server, PHP can dynamically create the HTML code that generates the Web
page, which allows individual users to see customized Web pages. Web page visitors see the output from scripts, but
not the scripts themselves.
PHP is particularly strong in its ability to interact with databases. PHP handles connecting to the database and
communicating with it, so we don‟t need to know the technical details for connecting to a database or for exchanging
messages with it, it is enough telling PHP the name of the database and where it is, and PHP handles the details. It
connects to the database, passes our instructions to the database, and returns the database response to us.
Major databases currently supported by PHP include the following:
dBASE MySQL
Informix Oracle
Ingres PostgreSQL ETC
Microsoft SQL Server Sybase
mSQL
2
Hence, PHP scripts in the Web site can store data in and retrieve data from any supported
database. PHP also can interact with supported databases outside a Web environment. Database
use is one of PHP‟s best features.
Use of PHP:
PHP performs system functions, i.e. from files on a system it can create, open, read, write,
and close them.
PHP can handle forms, i.e. gather data from files, save data to a file, thru email you can send
data, return data to the user.
Using php, it is possible to add, delete, and modify elements within our database.
It helps to assign sessions and cookies for privacy.
Using PHP, we can restrict users to access some pages of the website.
It can encrypt data and so mores
The syntax of PHP is: - There are four ways to write php syntaxes:-
i. Canonical PHP tags:
The most universally effective PHP tag style is:
<?php. statements written here..?>
This is the common one
ii. Short-open (SGML-style) tags: Short or short-open tags look like this: <?. Statements
written here..?>
Short tags are, as one might expect, the shortest option
We must do one of two things to enable PHP to recognize the tags:
Choose the --enable-short-tags configuration option when building PHP.
Set the short_open_tag setting in php.ini file to on. This option must be disabled to
parse XML with PHP because the same syntax is used for XML tags.
iii.ASP-style tags:ASP-style tags mimic the tags used by Active Server Pages to delineate
code blocks. ASP-style tags look like this: <%.. .%>
To use ASP-style tags, we should set the configuration option in your php.ini file.
iv. HTML script tags: HTML script tags look like this:
<script language="PHP">... </script>
To work with server script, for example with PHP, we need to install a web server, programming
itself, and database server. For PHP, we instol PHP as a programming. There are many web
servers to choose for PHP uses; the most commonly used web server is called Apache which we
can download from the internet freely. Similarly, for database, there are many options to use; the
most popular database server for web pages is MySQL which again can be downloaded freely
from internet. PHP is also available freely on the internet.
In order to develop and run PHP Web pages three vital components need to be installed on
computer system.
Web Server - PHP will work with virtually all Web Server software, including
Microsoft's Internet Information Server (IIS) but then most often used is freely availble
Apache Server.
3
Database - PHP will work with virtually all database software, including Oracle and
Sybase but most commonly used is freely available MySQL database.
PHP Parser - In order to process PHP script instructions a parser must be installed to
generate HTML output that can be sent to the Web Browser.
We can download each of the above three software independently and integrate them by
configuring Apache and PHP to get them work together. However, this is difficult most of the
times for inexperienced web developers. To solve this, software producers integrate the three
software and offer them as bundle. Some such bundle that contains Apache, PHP, and MySQL
are Wamp and Vertrigo servers. They are free software that can be downloaded from internet
and install on our computer. Once we install one of these servers, we have all the necessary
things to write server side scripting with PHP.
For the apache code to execute properly, it should be saved in web directory. The web directory depends
on what web server is used. For example, for vertrigo web server, our web directory can be install in
“C:\Program Files\VertrigoServ\www”. Hence, we should save PHP files in this folder, www.
For WAMP server, we save the php code in C:\WAMP\www\your file here.
4
The general format of the echo statement is as follows: echo outputitem1,outputitem2,outputitem3, . . .;
echo (output);
The parameterized version of echo does not accept multiple arguments.
The general format of the print statement is as follows:
print output;
print(output);
Multi-lines printing: use END from beginning to end of use “ ” after print and before
semicolon. Here are the examples to print multiple lines in a single print statement:
<?
# First Example
5
print <<<END
This uses the "here document" syntax to output
multiple lines with $variable interpolation. Note
that the here document terminator must appear on a
line with just a semicolon no extra whitespace!
END;
# Second Example
print "This spans
multiple lines. The newlines will be
output as well";
?>
1.4. Variables and Constants
a. PHP Variables
A variable is a special container that can be defined to hold a value such as number, string,
object, array, or a Boolean. The main way to store information in the middle of a PHP program is
by using a variable. Here are the most important things to know about variables in PHP.
All variables in PHP are denoted with a leading dollar sign ($).
The value of a variable is the value of its most recent assignment.
Variables are assigned with the = operator, with the variable on the left-hand side and the
expression to be evaluated on the right.
Variables can, but do not need, to be declared before assignment.
Variables in PHP do not have intrinsic types - a variable does not know in advance
whether it will be used to store a number or a string of characters.
Variables used before they are assigned have default values.
PHP does a good job of automatically converting types from one to another when
necessary.
For example:-
o $temperature = -5;
o $name = “Clark Kent”;
As shown above, Numbers are not enclosed in quotes when they are assigned to variable.
However, strings should be enclosed in either single or double quotes (“ or „). The quotes tell
PHP that the characters are a string, handled by PHP as a unit. Without the quotes, PHP doesn‟t
know the characters are a string and won‟t handle them correctly.
PHP has a total of eight data types which we use to construct our variables:
1. Integers: are whole numbers, without a decimal point, like 4195.
2. Doubles: are floating-point numbers, like 3.14159 or 49.1.
3. Booleans: have only two possible values either true or false.
4. NULL: is a special type that only has one value: NULL. simply assign it like this:
$my_var = NULL; The special constant NULL is capitalized by convention, but
actually it is case insensitive. A variable that has been assigned NULL has the following
properties:
It evaluates to FALSE in a Boolean context.
It returns FALSE when tested with IsSet() function.
6
5. Strings: are sequences of characters, like 'PHP supports string operations.'
6. Arrays: are named and indexed collections of other values.
7. Objects: are instances of programmer-defined classes, which can package up both other
kinds of values and functions that are specific to the class.
8. Resources: are special variables that hold references to resources external to PHP (such
as database connections).
The first five are simple types, and the next two (arrays and objects) are compound - the
compound types can package up other arbitrary values of arbitrary type, whereas the simple
types cannot.
Strings:
They are sequences of characters, like "PHP supports string operations". Following are valid
examples of string
$string_1 = "This is a string in double quotes";
$string_0 = ""; // a string with zero characters
Singly quoted strings are treated almost literally, whereas doubly quoted strings replace variables
with their values as well as specially interpreting certain character sequences.
<?
$variable = "name";
$literally = 'My $variable will not print!\\n';
print($literally);
$literally = "My $variable will print!\\n";
print($literally);
?>
Find output to the above code.
There are no artificial limits on string length - within the bounds of available memory, we ought
to be able to make arbitrarily long strings. Strings that are delimited by double quotes (as in
"this") are preprocessed in both the following two ways by PHP:
Certain character sequences beginning with backslash (\) are replaced with special
characters
Variable names (starting with $) are replaced with string representations of their values.
The escape-sequence replacements are:
\n is replaced by the newline character
\r is replaced by the carriage-return character
\t is replaced by the tab character
\$ is replaced by the dollar sign itself ($)
\" is replaced by a single double-quote (")
\\ is replaced by a single backslash (\)
PHP provides a large number of predefined variables to all scripts. The variables represent everything
from external variables to built-in environment variables, last error messages to last retrieved headers.
Superglobals — Superglobals are built-in variables that are always available in all
scopes
$GLOBALS — References all variables available in global scope
$_SERVER — Server and execution environment information
$_GET — HTTP GET variables
7
$_POST — HTTP POST variables
$_FILES — HTTP File Upload variables
$_REQUEST — HTTP Request variables, and can replace $_POST, $_GET and
$_COOKIE variables
$_SESSION — Session variables
$_COOKIE — HTTP Cookies
$php_errormsg — The previous error message
$HTTP_RAW_POST_DATA — Raw POST data
$http_response_header — HTTP response headers
$argc — The number of arguments passed to script
$argv — Array of arguments passed to script
Many of these variables, however, cannot be fully documented as they are dependent upon which server
are running, the version and setup of the server, and other factors.
Removing Variables
We can uncreated the variable by using this statement: unset(VariableName);
After this statement, the variable $age no longer exists. If we try to echo it, you get an “undefined
variable” notice. It is possible to unset more than one variable at once, as follows: unset($age,
$name, $address);
Variable Scope:
Scope can be defined as the range of availability a variable has to the program in which it is
declared. PHP variables can be one of four scope types:
Local variables:- The variable is only accessible from within the function (or method)
that created it A variable declared in a function is considered local; that is, it can be
referenced solely in that function. Any assignment outside of that function will be
considered to be an entirely different variable from the one contained in the function:
<?PHP
$x = 4;
function assignx () {
$x = 0;
print "\$x inside function is $x.
";
}
assignx();
print "\$x outside of function is $x.
";?>
The output will be:-
$x inside function is 0.
$x outside of function is 4.
Global variables:- The variable is accessible from anywhere in the script. Global
variable can be accessed in any part of the program. However, in order to be modified, a
global variable must be explicitly declared to be global in the function in which it is to be
modified. This is accomplished, conveniently enough, by placing the keyword GLOBAL
in front of the variable that should be recognized as global. Placing this keyword in front
of an already existing variable tells PHP to use the variable having that name. Consider
an example:
<?PHP
$somevar = 15;
8
function addit() {
GLOBAL $somevar;
$somevar++ ;
print "Somevar is $somevar";
}
addit();
?>
The output will be:- Somevar is 16
Static variables:- this type of variables be either a global or local variable. Both are
created by preceding the variable declaration with the keyword static. In contrast to the
variables declared as function parameters, which are destroyed on the function's exit, a
static variable will not lose its value when the function exits and will still hold that value
should the function be called again.
<?PHP
function keep_track() {
STATIC $count = 0;
$count++;
print $count;
print "
";}
keep_track();
keep_track();
keep_track();
?>
This will produce following result. 1
2
3
Variable Naming:
Rules for naming a variable is:
o Variable names must begin with a letter or underscore character.
o A variable name can consist of numbers, letters, underscores but you cannot use
characters like + , - , % , ( , ) . & , etc
o There is no size limit for variables.
b. PHP Constants
A constant is a name or an identifier for a simple value. A constant value cannot change during
the execution of the script. By default a constant is case-sensitive. By convention, constant
identifiers are always uppercase. A constant name starts with a letter or underscore, followed by
any number of letters, numbers, or underscores. If we have defined a constant, it can never be
changed or undefined.
To define a constant we have to use define() function and to retrieve the value of a constant.
Unlike with variables, you do not need to have a constant with a $. We can also use the function
constant() to read a constant's value if we wish to obtain the constant's name dynamically.
constant () function is used to return the value of the constant. This is useful when we want to
retrieve value of a constant, but we do not know its name, i.e. It is stored in a variable or returned
by a function.
constant () example:
<?php
9
define("MINSIZE", 50);
echo MINSIZE;
echo”<br/>”;
echo constant("MINSIZE"); // same thing as the previous line
?>
Only scalar data (boolean, integer, float and string) can be contained in constants. PHP provides
a large number of predefined constants to any script which it runs. There are five magical
constants that change depending on where they are used. For example, the value of __LINE__
depends on the line that it's used on in script.
The name of a constant follows the same rules as any label in PHP. A valid constant name starts
with a letter or underscore, followed by any number of letters, numbers, or underscores. As a
regular expression, it would be expressed thusly: [a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*
1.5. PHP Operators (Reading Assignment)
Logical Operators
The logical operators are used to combine the results of logical conditions. For example, we might be
interested in a case where the value of a variable is between 0 and 100. We would need to test the
conditions $a >= 0 and $a <= 100, using the AND operator, as follows
$a >= 0 && $a <=100
Operator Description
10
If $y%$x>3?”$y value is more than 3 folds of $x”:”$y is not large enough”;
?>
1.6. Manipulate Strings
PHP has many functions to work with strings. The most commonly used functions for searching and
modifying strings are those that use regular expressions to describe the string. The followings are string
manipulation operations:-
i. String concatenation operation: - To concatenate two string variables together, use the
dot (.) operator like echo $string1 . " " . $string2;
ii. Substr()-uses to copy strings.
Syntax is :- variable = substr(string, start [, length ]);
The start argument is the position in string at which to begin copying, with 0 meaning
the start of the string. The length argument is the number of characters to copy (the
default is to copy until the end of the string).
For example:
$name = "Fred Flintstone";
$fluff = substr($name, 6, 4); // $fluff is "lint" i.e copy strings from 6 th about 4 chars
consicativelly
$sound = substr($name, 11); // $sound is "tone" i.e copy from 11th character on wards and
assign to the variable $sound
iii. substr_count():- uses to count how many times a smaller string occurs in a larger one.
written as $number = substr_count(big_string, small_string);
The output is always integer.
For example:
$sketch = <<< End_of_Sketch
Well, there's egg and bacon; egg sausage and bacon; egg and spam;
egg bacon and spam; egg bacon sausage and spam; spam bacon sausage
and spam; spam egg spam spam bacon and spam; spam sausage spam spam
bacon spam tomato and spam;
End_of_Sketch;
$count = substr_count($sketch, "spam");
print("The word spam occurs $count times.");
The word spam occurs 14 times.
iv. The substr_replace ( )
This function permits many kinds of string modifications:
Has syntax of $string = substr_replace(original string, new string, start [, length ]); where
start shows starting from where we need replace by new string/ start is the index of the
first character that we need to replace. The length parameter uses to indicate how many
characters we need to replace from original characters.
The function replaces the part of original indicated by the start (0 means the start of the string) and
length values with the string new. If no fourth argument is given, substr_replace( ) removes the text
from start to the end of the string.
For instance:
$greeting = "good morning citizen";
$farewell = substr_replace($greeting, "bye", 5, 7);
// $farewell is "good bye citizen"
Use a length value of 0 to insert without deleting the original strings:
11
$farewell = substr_replace($farewell, "kind ", 9, 0);
// $farewell is "good bye kind citizen"
Use a replacement of "" to delete without inserting:
$farewell = substr_replace($farewell, "", 8);
// $farewell is "good bye"
Here's how can insert at the beginning of the string without deleting from orginal
character:
Let $farewell= "good bye"
$well = substr_replace($farewell, "now it's time to say ", 0, 0);
//$well is "now it's time to say good bye"'
A negative value for start indicates the number of characters from the end of the string
from which to start the replacement:
$farewell = substr_replace($farewell, "riddance", -3);
// $farewell is "now it's time to say good riddance"
A negative length indicates the number of characters from the end of the string at which
to stop deleting:
$farewell = substr_replace($farewell, "", -8, -5);
// $farewell is "now it's time to say good dance"
v. The strrev( ) function:- takes a string and returns a reversed copy of it. Has a
syntax:-
$string = strrev(string);
For example:
echo strrev("There is no cabal");
labac on si erehT
vi. The str_repeat( ) function:- takes a string and a count and returns a new string
consisting of the argument string repeated count times.
o Written as $repeated = str_repeat(string, count);
For example, to build a crude horizontal rule:
echo str_repeat('-', 40); this will displays 40 dashes.
vii. The str_pad( ) function:- pads one string with another i.e left blank space.
Optionally, we can say what string to pad with, and whether to pad on the left, right, or
both:
$padded = str_pad(to_pad, length [, with [, pad_type ]]);
The default is to pad on the right with spaces:
$string = str_pad('Fred Flintstone', 30);
echo "$string:35:Wilma";
Fred Flintstone :35:Wilma
The optional third argument is the string to pad with:
$string = str_pad('Fred Flintstone', 30, '. ');
echo "{$string}35";
Fred Flintstone. . . . . . . .35
The optional fourth argument can be either STR_PAD_RIGHT (the default), STR_PAD_LEFT, or
STR_PAD_BOTH (to center). For example:
echo '[' . str_pad('Fred Flintstone', 30, ' ', STR_PAD_LEFT) . "]\n";
echo '[' . str_pad('Fred Flintstone', 30, ' ', STR_PAD_BOTH) . "]\n";
[ Fred Flintstone]
[ Fred Flintstone ]
12
viii. strpos() function:- used to search for a string or character within a string. If a match is
found in the string, this function will return the position of the first match. If no match is
found, it will return FALSE.
Written as strops(orginal string, new string)
Example: the following code used to show from where the word “world” started.
<?php
echo strpos("Hello world!","world");
?>
The output will be 6. As seen the position of the string "world" in our string is position 6. The
reason that it is 6, and not 7, is that the first position in the string is 0, and not 1.
Example:-
$long = "Today is the day we go on holiday to Florida";
$to_find = "day";
$pos = strpos(strrev ($long), strrev($to_find));
if ($pos === false) {
echo("Not found");
} else {
// $pos is offset into reversed strings
// Convert to offset into regular strings
$pos = strlen($long) - $pos - strlen($to_find);;
echo("Last occurrence starts at position $pos");
}
Last occurrence starts at position 30
ix. Decomposing a String
PHP provides several functions to let you break a string into smaller components. In increasing
order of complexity, they are explode( ) and strtok( ).
Data often arrives as strings, which must be broken down into an array of values. For instance,
we might want to separate out the comma-separated fields from a string such as "Fred,25,Wilma".
In these situations, use the explode ( ) function like $array = explode(separator, string [, limit]);
The first argument, separator, is a string containing the field separator. The second argument,
string, is the string to split. The optional third argument, limit, is the maximum number of values
to return in the array. If the limit is reached, the last element of the array contains the remainder
of the string:
$input = 'Fred,25,Wilma';
$fields = explode(',', $input);
// $fields is array('Fred', '25', 'Wilma')
$fields = explode(',', $input, 2);
// $fields is array('Fred', '25,Wilma')
The implode( ) function does the exact opposite of explode( ):- it creates a large string from an array
of smaller strings: $string = implode(separator, array);
The first argument, separator, is the string to put between the elements of the second argument,
array. To reconstruct the simple comma-separated value string, simply say:
$fields = array('Fred', '25', 'Wilma');
$string = implode(',', $fields); // $string is 'Fred,25,Wilma'
Example on Explode:
<?php
// define string
13
$str = 'tinker,tailor,soldier,spy';
// convert string to array
// output: ('tinker', 'tailor', 'soldier, 'spy')
$arr = explode(',', $str);
print_r($arr);
?>
N.B:- The join( ) function is an alias for implode( ).
The strtok( ) function lets to iterate through a string, getting a new chunk (token) each time. They
have two arguments: the string to iterate over and the token separator like $first_chunk =
strtok(string, separator). To retrieve the rest of the tokens, repeatedly call strtok( ) with only the
separator:
$next_chunk = strtok(separator);
For instance, consider this invocation:
$string = "Fred,Flintstone,35,Wilma";
$token = strtok($string, ",");
while ($token !== false) {
echo("$token<br>");
$token = strtok(",");
}
The strtok( ) function returns false when thereare no more tokens to be returned. Call strtok( ) with
two arguments to reinitialize the iterator. This restarts the tokenizer from the start of the string.
x. String-Searching Functions
Several functions find a string or character within a larger string. They come in three families:
strpos( ) and strrpos( ), which return a position; strstr( ) and strchr( ), which return the string they
find; and strspn( ) and strcspn( ), which return how much of the start of the string matches a mask.
The strstr( ) function finds the first occurrence of a small string in a larger string and returns from
that small string on. For instance:
$record = "Fred,Flintstone,35,Wilma";
$rest = strstr($record, ","); // $rest is ",Flintstone,35,Wilma"
As with strrpos( ), strrchr( ) searches backward in the string, but only for a character, not for an entire string.
xi. Using the strlen() function
The strlen() function is used to find the length of a string.
For example:- To find the length of "Hello world!", we can write as follows
<?php
echo strlen("Hello world!"); // 12
?>
14