Misc

Case sensitivity

  • Variables names are case sensitive
  • Function names are case insensitive
  • The easiest approach is to assume that everything is case sensitive

Memory management

  • PHP offers limited garbage collection (reference counting, rather than mark and sweep)
  • Won't catch circular refefernces

Random number

srand();                 // Seed the random number generator
$num = rand(min, max);   // Get an integer in the range [min .. max] (inclusive)

Including files

require 'myfile';
require_once 'myfile';

include 'myfile';
include_once 'myfile';

SQL Injection

// Escape user input and wrap it in single quotes, to guard against SQL injection attacks.
// Precondition: A MySQL DB connection must already be open.

function escape_sql_data($data) {
 // If the data has already been escaped
   if (get_magic_quotes_gpc()) {
       $data = stripslashes($data);
   }
   return "'" . mysql_real_escape_string($data) . "'";
}

Cross-site Scripting

// Filter HTML output to guard against Cross-Site Scripting (XSS) attacks.

function filter_html_output($data) {
    // If the data has already been escaped
    if (get_magic_quotes_gpc()) {
        $data = stripslashes($data);
    }
    $data = strip_tags($data);
    $data = htmlspecialchars($data, ENT_QUOTES);
    $data = strtr($data, array('(' => '(', ')' => ')'));
    return $data;
}

SSI

Including an HTML file from a PHP file
<?php virtual('inc.html'); ?>
<!--#include virtual="inc.html"-->

<!-- Requires the following setting in httpd.conf: AddOutputFilter INCLUDES .php -->
Including a PHP file from an HTML file
<!--#include virtual="inc.php"-->

Misc

  • PHP is recursively short for "PHP: Hypertext Preprocessor"
  • Licensed under the PHP License (FSF-approved; GPL-incompatible)
  • Namespaces are not supported
  • Modules / packages are not supported (logically grouping related sets of files)
  • PHP 5 has limited support for exceptions (no support prior to PHP 5)
  • Extensions are only only available if they've been compiled into PHP or dynamically loaded at runtime
  • dl(library-name.so)  : Loads a PHP extension at runtime
  • To find out what extensions can be compiled into PHP, in the PHP source code directory, type "./configure --help"
  • For XML support, may need to install the following packages:
  • libxml
  • libxml2
  • libxml2-devel
  • libxslt
  • libxslt-devel
PHP5:
--with-libxml-dir[=DIR]
      DOM, XML, SimpleXML
      DIR: libxml2 install directory
      /usr/lib/libxml2.so

--with-xsl[=DIR]
      Include new XSL support (requires libxslt >= 1.0.18)
      DIR: libxslt install directory
      /usr/lib/libxslt.so

Sample options:
    --with-libxml-dir=/usr/include/libxml2
    --with-xsl=/usr/include
  • /etc/php.ini   (configuration file)
  • /etc/httpd/conf.d/php.conf   (config file for Apache)
  • is_bool($var)
  • Error control operators
  • Execution operators
  • [ ]=  (array operator) (pushes an element onto the end of an array)
  • declare  (directives)
  • extract( )  (extracting variables from an array returned by a function)
  • isset( ), empty( )  (possibly related to passing arguments by reference)
  • function pointers (indirectly: call_user_func, call_user_method)
  • PEAR package (abstractions for web applications development)