php basics 2 ics213, 1 / 2011 dr. seung hwan kang 1
TRANSCRIPT
PHP Basics 2
ICS213, 1 / 2011
Dr. Seung Hwan Kang
1
2
•PhpDoc
•Functions•User-defined functions• Function arguments• Returning values• Built-in functions
•Dealing with HTML Forms
•Data Validation
•Filesystem Functions
•Uploading files
2
Outline
3
PhpDoc•G
ood documentation is essential to any software project.
•NetBeans 7 supports phpDocumentor that is designed to generate separate sets of documentation from the same source!
•http://manual.phpdoc.org/HTMLSmartyConverter/HandS/phpDocumentor/tutorial_phpDocumentor.howto.pkg.html
3
4
PhpDoc Installation on Windows 7p
hpDocumentor (known as PhpDoc) can be used to create professional documentation from PHP source code.
1. Install jdk-6u26-windows-i586.exe
2. Install netbeans-7.0-ml-php-windows.exe
3. Install xampp-win32-1.7.4-VC6-installer.exe
5
PhpDoc (cont’d)4.
Unzip PhpDocumentor-1.4.3.zip to C:\xampp5.
Edit C:\xampp\PhpDocumentor\phpdoc.bat on lines 17-18
SET phpCli=C:\xampp\php\php.exe
cd C:\xampp\PhpDocumentor
6. Edit C:\xampp\php\php.ini on line 1001
date.timezone = Asia/Bangkok
6
PhpDoc (cont’d)7
. Go to NetBeans > Tools > Options > PHP 8
. Set PHP 5 Interpreter to C:\xampp\php\php.exe
7
PhpDoc (cont’d)9
. Set PhpDoc script to C:\xampp\PhpDocumentor\phpdoc.bat -o HTML:frames:default
8
PhpDoc (cont’d)1
0. Important! You need to change the Path manually at least once when you create a PhpDoc target directory.
Go to Project Properties and look for PhpDoc. In Target Directory, the path to a directory should be a slash (/) rather than a backslash (\).
Use phpdoc as your PhpDoc target directory
9
PhpDoc (cont’d)1
1. Run Generate PhpDoc.
10
PhpDoc (cont’d)•1
2. PhpDoc is generated
11
PhpDoc (cont’d)/* Here are the tags: * @abstract * @access public or private * @author author name <author@email> * @copyright name date * @deprecated description * @deprec alias for deprecated * @example /path/to/example * @exception Javadoc-compatible, use as needed
11
12
PhpDoc (cont’d) * @global type $globalvarname or * @global type description of global variable usage in a function* @ignore * @internal private information for advanced developers only * @param type [$varname] description * @return type description * @link URL * @name procpagealias or * @name $globalvaralias
12
13
PhpDoc (cont’d)* @magic phpdoc.de compatibility * @package package name * @see name of another element that can be documented, produces a link to it in the documentation * @since a version or a date* @static * @staticvar type description of static variable usage in a function * @subpackage sub package name, groupings inside of a project * @throws Javadoc-compatible, use as needed
13
14
PhpDoc (cont’d)* @todo phpdoc.de compatibility * @var type a data type for a class variable * @version version */
14
15
PhpDoc (cont’d)<?php/* *
@author Ken *
@version 1.0 *
example of a user defined square function * * @param
int $num *
@returns int */function
square($num) {
return $num * $num;}
echo square(4);
?>phpdoc_1.php
16
<?php
phpinfo();
?>
16
Function
17
User Defined Function<?php
/*
* example of a user defined square function
*
* @param int $num
* @returns int
*/
function square($num) {
return $num * $num;
}
echo square(4);
?>
17
18
•Information may be passed to functions via the argument list, which is a comma-delimited (,) list of expressions.
18
Function Arguments
19
Function Arguments (cont’d)<?php
// Example Use of return()
function square($num){
return $num * $num;
}echo
square(4); // 16
?>
19
2020
<?php
/* Example Use of default parameters in functions */
function makecoffee($type = "cappuccino"){
return "Making a cup of $type.\n";
}
echo makecoffee();
echo makecoffee(null);
echo makecoffee("espresso");
?>
Function Arguments (cont’d)
2121
Function Arguments (cont’d)<?php
// Passing function parameters by reference
function add_some_extra(&$string){
$string .= "and something extra.";
}
$str = "This is a string, ";
add_some_extra($str);
echo $str;
?>
2222
<?php
/* Example Returning an array to get multiple values */
function small_numbers(){
return array (0, 1, 2);
}
print_r(list ($zero, $one, $two) = small_numbers());
?>
Returning Values – by an array
2323
Returning Value – by a reference<?
php//
Returning a reference from a functionfun
ction &square($number) {
return $number * $number;}
echo $val =& square(12);
?>
2424
•Date
•Time
•Filesystem
•$_GET
•$_POST
•Header
•Exit
Built-in Functions
2525
<?php
$d = date('l jS \of F Y h:i:s A');
echo $d;
?>
Date Function
date.php
2626
<?php
$t = time();
echo $t;
?>
Time Function
date.php
2727
•crypt — One-way string hashing
•explode — Split a string by string
•strlen — Get string length
•strtolower — Make a string lowercase
•strtoupper — Make a string uppercase
•trim — Strip whitespace (or other characters) from the beginning and end of a string
•wordwrap — Wraps a string to a given number of characters
String Functions
2828
•One of the most powerful features of PHP is the way it handles HTML forms. The basic concept that is important to understand is that any form element will automatically be available to your PHP scripts.
•basic_form.html
•action.php
HTML Forms
2929
•Text Boxes
•Text Areas
•Checkboxes
•Radio Buttons
•Hidden Fields
•Select
•The submit button
HTML Forms (cont’d)
3030
<!DOCTYPE HTML>
<html> <head>
<title></title> <meta
http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <form
action="action.php" method="post">
<p>Your name: <input type="text" name="name" /></p>
<p>Your age: <input type="text" name="age" /></p>
<p><input type="submit" value=“OK”/></p>
</form> </body></html>When the user fills in this form and hits
the submit button, the action.php page is called.
basic_form.html
3131
Hi <?php echo $_POST['name']; ?>.
You are <?php echo (int) $_POST['age']; ?> years old.
Above we just introduced the $_POST superglobal which contains all POST data. That is, the $_POST['name'] and $_POST['age'] variables are automatically set for you by PHP.
Notice the method of our form is POST. If we used the method GET then our form information would live in the $_GET superglobal instead.
action.php
3232
•Information sent from a form with the POST method is invisible in the browser's address bar, and has no limits on the amount of information to send.
$_POST method
3333
•Information sent from a form with the GET method is visible in the browser's address bar, and has limits up to 100 characters.
•The $_GET should not be used when sending passwords or other sensitive information!
$_GET method
3434
<?php
…
// list.php
<a href="display.php?id=10">10</a>
…
?>
<?php
// display.php
echo $_GET['id']; // 10
?>
$_GET for passing information
3535
•Very Important!
•Without it, your site can be hacked!
•PHP makes it easier
•Do both client side and server side validations• Client side validation is not secure because some browser like Firefox and Opera can disable JavaScript • Server side validation cannot be disabled by a user
Data Validation
3636
•Age, should be less than 100, and numeric. Otherwise, you should reject anything else
if(strlen($_POST['age']) > 3) {
// error message }i
f(!is_int($_POST['age'])) { /
/ error message }i
f(($_POST['age'] > 100) || ($_POST['age'] < 18)) { /
/ error message }
Data Validation - Server-side
3737
header(string,replace,http_response_code)
<?php
// in action.php
if ($is_hacked > 250) {
/* returns a REDIRECT (302) status code to the browser */
header("location: error.php");
exit();
}?>
Header Function
3838
•Using other built-in functions, these files covers more examples of •HTML forms• data validation• Anti-Hacking tips
adv_form.html & action_2.php
3939
•One of the major uses of a server side scripting language is to provide a way of sending e-mail from the server and, in particular, to take form input and output it to an e-mail address. In this part, I will show you how to send e-mail messages using PHP.
•Syntax
bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )
4040
To send an email
<?php
$to = '[email protected]';
$subject = 'the subject';
$message = 'hello';
$headers = 'From:
[email protected]' . "\r\n" .
'Reply-To: [email protected]' . "\r\n" . 'X-
Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
?>
Mail (cont’d)
4141
•file_get_contents - Reads entire file into a string
•file_put_contents - Write a string to a file
<?php
// simple page hit counter
$hits = file_get_contents('hits.txt');
echo $hits += 1;
file_put_contents('hits.txt', $hits);
?>
Filesystem Functions
42
•Allow users to upload files from a form
•Allow users to upload both text and binary files
•With PHP's file manipulation functions ($_FILES), you have full control over what is to be done with the file once it has been uploaded.
42
action_3.php
file_form.html
File Upload
43
File Upload (cont’d)<!DOCTYPE HTML><html> <head>
<title></title> <meta
http-equiv="Content-Type"
content="text/html; charset=UTF-8"> </head> <body> <!--
The data encoding type, enctype --> <form
enctype="multipart/form-data"
action="action_4.php" method="POST"> <!--
$_FILES array --> Send
this file: <input name="userfile" type="file" /> <input
type="submit" value="Send File" /> </form>
</body></html>
43file_form.html
44
File Upload (cont’d)•T
he contents of $_FILES from the example form is as follows. Note that this assumes the use of the file upload name userfile.
$_FILES['userfile']['name'] • The original name of the file on the client machine.
$_FILES['userfile']['type'] • The mime type of the file, if the browser provided this information. An
example would be "image/gif".$_F
ILES['userfile']['size'] • The size, in bytes, of the uploaded file.
•$_FILES['userfile']['tmp_name'] • The temporary filename of the file in which the uploaded file was stored on
the server. •$
_FILES['userfile']['error'] • The error code associated with this file upload.
44
45
File Upload (cont’d)<?php//
action_3.php
$uploaddir = './uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';if
(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File
is valid, and was successfully uploaded.\n";} else { echo
"Possible file upload attack!\n";}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
45action_3.php
46
File Upload (cont’d)•R
estrictions on Upload<?phpif
((($_FILES["userfile"]["type"] == "image/gif") ||
($_FILES["userfile"]["type"] == "image/jpg") ||
($_FILES["userfile"]["type"] == "image/jpeg") ||
($_FILES["userfile"]["type"] == "image/png")) &&
($_FILES["userfile"]["size"] < 512000)){ // < 500 KB
// upload a file
upload_file();} else { echo "Invalid
file or too big file! <br />"; echo "Here is
some more debugging info: <br />";
print_r($_FILES);}
… // upload_file()?>
46
action_4.php
The user may only upload .gif or .jpeg or .png files.
The file size must be under 0.5 MB:
47
File Upload (cont’d)•W
hat If the file already exits?
<?php
…
if (file_exists("./uploads/" . $_FILES["userfile"]["name"])){ echo $_FILES["file"]["name"] . " already exists. ";
}
else {
// upload a file
upload_file();
}
?>
47
48
References•G
regory Beaver (2009) phpDocumentor Guide to Creating Fantastic Documentation http://manual.phpdoc.org/HTMLSmartyConverter/HandS/phpDocumentor/tutorial_phpDocumentor.pkg.html Accessed: 25/04/2011.