|
Using PHP
This section gathers many common errors that you may face
while writing PHP scripts.
-
I cannot remember the parameter order of PHP functions, are they random?
-
PHP is a glue that brings together hundreds of external libraries, so sometimes
this gets messy. However, a simple rule of thumb is as follows:
Array function parameters are ordered
as "needle, haystack" whereas
String functions are the opposite,
so "haystack, needle".
-
I would like to write a generic PHP script that can handle data coming
from any form. How do I know which POST method variables are available?
-
PHP offers many
predefined variables, like the superglobal
$_POST. You may loop through $_POST
as it's an associate array of all POSTed values. For example, let's
simply loop through it with foreach,
check for empty values,
and print them out.
<?php $empty = $post = array(); foreach ($_POST as $varname => $varvalue) { if (empty($varvalue)) { $empty[$varname] = $varvalue; } else { $post[$varname] = $varvalue; } }
print "<pre>"; if (empty($empty)) { print "None of the POSTed values are empty, posted:\n"; var_dump($post); } else { print "We have " . count($empty) . " empty values\n"; print "Posted:\n"; var_dump($post); print "Empty:\n"; var_dump($empty); exit; } ?>
Note: Superglobals: availability note
Superglobal arrays such as $_GET,
$_POST, and $_SERVER, etc. are available
as of PHP 4.1.0. For more information, read the manual section on
superglobals
-
I need to convert all single-quotes (') to a backslash
followed by a single-quote (\'). How can I do this with a
regular expression? I'd also like to convert " to \" and
\ to \\.
-
Assuming this is for a database, use the escaping mechanism that
comes with the database. For example, use
mysql_real_escape_string with MySQL and
pg_escape_string with PostgreSQL. There is
also the generic addslashes and
stripslashes functions, that are more
common with older PHP code.
Note: directive note: magic_quotes_gpc
The magic_quotes_gpc
directive defaults to on. It essentially runs
addslashes on all GET, POST, and COOKIE data.
stripslashes may be used to remove them.
-
All my " turn into \" and my ' turn into \', how do I get rid of all
these unwanted backslashes? How and why did they get there?
-
Most likely the backslashes magically exist because the PHP directive
magic_quotes_gpc is on.
This is an old feature of PHP, and should be disabled and not relied
upon. Also, the PHP function stripslashes may be
used to strip the backslashes from the string.
Note: directive note: magic_quotes_gpc
The magic_quotes_gpc
directive defaults to on. It essentially runs
addslashes on all GET, POST, and COOKIE data.
stripslashes may be used to remove them.
-
How does the PHP directive register_globals affect me?
-
WarningThis feature has been
DEPRECATED as of PHP 5.3.0 and REMOVED
as of PHP 5.4.0.
First, an explanation about what this ini setting does. Let's say the
following URL is used:
http://example.com/foo.php?animal=cat
and in foo.php we might have the following
PHP code:
<?php // Using $_GET here is preferred echo $_GET['animal'];
// For $animal to exist, register_globals must be on // DO NOT DO THIS echo $animal;
// This applies to all variables, so $_SERVER too echo $_SERVER['PHP_SELF'];
// Again, for $PHP_SELF to exist, register_globals must be on // DO NOT DO THIS echo $PHP_SELF; ?>
The code above demonstrates how register_globals creates a lot of
variables. For years this type of coding has been frowned upon, and for
years it's been disabled by default. So although most web hosts disable
register_globals, there are still outdated articles, tutorials, and books
that require it to be on. Plan accordingly.
See also the following resources for additional information:
Note:
In the example above, we used an URL that contained
a QUERY_STRING. Passing information like this is done through a GET HTTP
Request, so this is why the superglobal $_GET was used.
-
When I do the following, the output is printed in
the wrong order:
<?php function myfunc($argument) { echo $argument + 10; } $variable = 10; echo "myfunc($variable) = " . myfunc($variable); ?>
what's going on?
-
To be able to use the results of your function in an expression (such
as concatenating it with other strings in the example above), you need
to return the value,
not echo it.
-
Hey, what happened to my newlines?
<pre> <?php echo "This should be the first line."; ?> <?php echo "This should show up after the new line above."; ?> </pre>
-
In PHP, the ending for a block of code is either "?>" or
"?>\n" (where \n means a newline). So in the example above,
the echoed sentences will be on one line, because PHP omits
the newlines after the block ending. This means that you need to
insert an extra newline after each block of PHP code to make
it print out one newline.
Why does PHP do this? Because when formatting normal HTML, this
usually makes your life easier because you don't want that newline,
but you'd have to create extremely long lines or otherwise make the
raw page source unreadable to achieve that effect.
-
I get the message 'Warning: Cannot send session cookie - headers already
sent...' or 'Cannot add header information - headers already sent...'.
-
The functions header, setcookie,
and the session
functions need to add headers to the output stream but headers
can only be sent before all other content. There can be no output
before using these functions, output such as HTML. The function
headers_sent will check if your script has already
sent headers and see also the Output Control
functions.
-
I need to access information in the request header directly.
How can I do this?
-
The getallheaders function will do this if
you are running PHP as an Apache module. So, the following bit
of code will show you all the request headers:
<?php $headers = getallheaders(); foreach ($headers as $name => $content) { echo "headers[$name] = $content<br />\n"; } ?>
See also
apache_lookup_uri,
apache_response_headers, and
fsockopen
-
When I try to use authentication with IIS I get 'No Input file specified'.
-
The security model of IIS is at fault here. This is a problem
common to all CGI programs running under IIS. A workaround is
to create a plain HTML file (not parsed by PHP) as the entry page
into an authenticated directory. Then use a META tag to redirect
to the PHP page, or have a link to the PHP page. PHP will
then recognize the authentication correctly. With the ISAPI
module, this is not a problem. This should not affect other
NT web servers. For more information, see:
» http://support.microsoft.com/kb/q160422/ and the manual
section on HTTP Authentication
.
-
Windows: I can't access files shared on another computer using IIS
-
You have to change the Go to Internet Information
Services. Locate your PHP file and go to its properties.
Go to the File Security tab, Edit -<
Anonymous access and authentication control.
You can fix the problem either by unticking Anonymous
Access and leaving Integrated Window
Authentication ticked, or, by ticking Anonymous
Access and editing the user as he may not have the access
right.
-
How am I supposed to mix XML and PHP? It complains
about my <?xml tags!
-
In order to embed <?xml straight into your PHP code, you'll have to turn off
short tags by having the PHP directive
short_open_tags set to
0. You cannot set this directive with
ini_set. Regardless of
short_open_tags being on or
off, you can do something like: <?php echo '<?xml'; ?>.
The default for this directive is On.
-
Where can I find a complete list of variables are available to me
in PHP?
-
Read the manual page on
predefined variables as it includes a partial list of predefined
variables available to your script. A complete list of available
variables (and much more information) can be seen by calling the
phpinfo function. Be sure to read the manual
section on variables from
outside of PHP as it describes common scenarios for
external variables, like from a HTML form, a Cookie, and the URL.
Note: register_globals: important
note
As of PHP 4.2.0, the default value for the PHP directive
register_globals is
off. The PHP community discourages developers from relying on this directive, and encourages the use
of other means, such as the superglobals.
-
How can I generate PDF files without using the non-free and
commercial libraries like
PDFLib? I'd like something that's
free and doesn't require external PDF libraries.
-
There are a few alternatives written in PHP such as
» FPDF and
» TCPDF.
There is also the Haru extension
that uses the free libHaru external library.
-
I'm trying to access one of the standard CGI
variables (such as $DOCUMENT_ROOT or
$HTTP_REFERER) in a user-defined
function, and it can't seem to find it. What's wrong?
-
It's important to realize that the PHP directive register_globals also affects
server and environment variables. When register_globals = off (the
default is off since PHP 4.2.0), $DOCUMENT_ROOT
will not exist. Instead, use $_SERVER['DOCUMENT_ROOT']
. If register_globals = on then the variables
$DOCUMENT_ROOT and
$GLOBALS['DOCUMENT_ROOT'] will also exist.
If you're sure register_globals = on and wonder why
$DOCUMENT_ROOT isn't available inside functions,
it's because these are like any other variables and would
require global $DOCUMENT_ROOT inside the
function. See also the manual page on
variable scope. It's
preferred to code with register_globals = off.
Note: Superglobals: availability note
Superglobal arrays such as $_GET,
$_POST, and $_SERVER, etc. are available
as of PHP 4.1.0. For more information, read the manual section on
superglobals
-
A few PHP directives may also take on shorthand byte values, as opposed
to only integer byte values. What are all the available
shorthand byte options? And can I use these outside of php.ini?
-
The available options are K (for Kilobytes), M (for Megabytes) and G (for
Gigabytes; available since PHP 5.1.0), these are case insensitive.
Anything else assumes bytes.
1M equals one Megabyte or 1048576
bytes. 1K equals one Kilobyte or
1024 bytes. You may not use these shorthand
notations outside of php.ini, instead use an integer
value of bytes. See the ini_get documentation for
an example on how to convert these values.
Note:
kilobyte versus kibibyte
The PHP notation describes one kilobyte as equalling 1024 bytes, whereas
the IEC standard considers this to be a kibibyte instead.
Summary: k and K = 1024 bytes.
-
Windows: I keep getting connection timeouts when using localhost,
whereas "127.0.0.1" works?
-
Prior to PHP 5.3.4, there was a bug in the network resolving code inside PHP that
caused localhost in all stream related situations to fail if IPv6
was enabled. To work around this issue you can either use "127.0.0.1"
or disable IPv6 resolving in the hosts file.
|