references
Severance, C. (2012). Inventing PHP: Rasmus Lerdorf. Computer, 45(11), 0006-7.
notes
Just a quick intro to php, so we can do some mysql.
server side scripting in general
How it works
Server side languages in the web context look like chunks of scripting code inside the html, e.g.
<?php echo date('l, F jS Y.'); ?>
This code is run by the server, and the result takes the place of the code in the html, e.g.
Sunday, April 1st 2012.
This all happens before the client ever sees the html
Why do this
Avoids browser compatibility issues
Gives access to server resources
Reduces execution burden on client
a coder's introduction to php
general
If your html contains php, use the php suffix rather than html suffix
All variable names begin with dollar sign
Loosely typed, so variable value types can change
Comments after // or between /* */
To insert a variable value inside a string, use double quotes
problems with security!
you can separate php from html with the include command
passing values to a script
url parameters
You can pass parameters to the php using url parameters, e.g.:
<a href="test.php?name=Ben">
get the parameter values using $_GET['name'];
$_GET is a standard array defined for every php script
security, round 1
with these parameters, anyone can inject client side code into your page!
all they have to do is pass some js, and your client will execute it
to avoid this, treat the parameter value as text, not code by using htmlspecialchars
this converts characters like < and > into strings like < and >
this avoids any execution of passed html code
form results
To access these, use the special array $_POST
both
To access from either source, use $_REQUEST