php

references

• • Severance, C. (2012). Inventing PHP: Rasmus Lerdorf. Computer, 45(11), 0006-7.

notes

• Just a quick intro to php, so we can do some mysql.

• server side scripting in general

  • How it works

    • Server side languages in the web context look like chunks of scripting code inside the html, e.g.

      • <?php echo date('l, F jS Y.'); ?>

    • This code is run by the server, and the result takes the place of the code in the html, e.g.

      • Sunday, April 1st 2012.

    • This all happens before the client ever sees the html

  • Why do this

    • Avoids browser compatibility issues

    • Gives access to server resources

    • Reduces execution burden on client

• a coder's introduction to php

  • general

    • If your html contains php, use the php suffix rather than html suffix

    • All variable names begin with dollar sign

    • Loosely typed, so variable value types can change

    • Comments after // or between /* */

    • To insert a variable value inside a string, use double quotes

    • problems with security!

    • you can separate php from html with the include command

  • passing values to a script

    • url parameters

      • You can pass parameters to the php using url parameters, e.g.:

      • <a href="test.php?name=Ben">

      • get the parameter values using $_GET['name'];

        • $_GET is a standard array defined for every php script

      • security, round 1

        • with these parameters, anyone can inject client side code into your page!

        • all they have to do is pass some js, and your client will execute it

        • to avoid this, treat the parameter value as text, not code by using htmlspecialchars

          • this converts characters like < and > into strings like &lt and &gt

          • this avoids any execution of passed html code

    • form results

      • To access these, use the special array $_POST

    • both

      • To access from either source, use $_REQUEST