Thursday, October 30, 2008

PHP Notes


a multiline string can be assigned as follows:
$a_string = <<< TEST
~~~~~~~~~~~
~~~~~~~~~~~
~~~~~~~~~~~
TEST;
echo $a_string;


PHP tags are embedded within:
<?php
?>


period('.') is concatenation operator for strings:
echo "this concatenates a variable value".$my_var."and some more text";

can use the usual combination of assignment & arithmetic operators.
'.=' is a new one. $a.="hello"; equals $a = $a."hello";

Pre && Post-fix operators exist, unlike javascript where only postfix is allowed


various comment styles are supported: <!-- --> AND /* */ AND // AND #

include command: <?php include("menu.php"); ?>
require command: <?php require("menu.php"); ?> returns a FATAL error if include file isn't found

➔ language features
if-elseif-else AND switch-case-default constructs are supported

PHP creates an associative array when an html form is used with method="POST". The indices to be used correspond to each name attribute defined in the html form. _POST is the array name for "POST", while _GET is array name for method="GET". However method=GET displays the var values appended to the URL. They will appear visible using this form:
"?item=##&quantity=##" the question mark signals to the browser that variables follow.

PHP arrays are actually maps, with each key being mapped to a value. To loop thru an associative array, use the foreach loop:
foreach ($arrayname as $key => $value) { ~~~~~ }
Yes, 'as' and '=>' are needed as specified.


mysql_real_escape_string(), function to help prevent SQL Injection attacks.

magic quotes assisted in earlier releases in these attacks. this is how to test&deal with them:

// Remove those slashes
if(get_magic_quotes_gpc())
echo stripslashes($_POST['question']);
else
echo $_POST['question'];


use htmlentities function for similar protection when allowing a user to enter text:
The htmlentities function takes a string and returns the same string with HTML converted into HTML entities. For example, the string "<script>" would be converted to "<script>".

$userInput = "I am going to hax0r your site, hahaha!
<script type='text/javascript'>
window.location = 'http://www.example.com/'
</script>'";

$userInputEntities = htmlentities($userInput);
echo $userInputEntities;
Posted by at

1 comment:

jslo said...

Hey Maurice! I took notes while you were out - you can find them in two installments (PHP is in the title) on my blog. I recorded the class as well, but the file ended up being 51mb - looking through the notes and Amos' class6 files will be far more helpful.

October 31, 2008 at 9:14 PM

Post a Comment

Subscribe to: Post Comments (Atom)