PHP5 By Amit R. Kurmi Roll No 3429 Seminar guide : H.A.HINGOLIWALA Internal Examiner : M.V.GAIKWAD
1. History of PHP and Introduction to PHP5
PHP is a computer scripting language originally designed for producing dynamic web pages. The name PHP is a recursive acronym for PHP: Hypertext Preprocessor. The main implementation is produced by The PHP Group and released under the PHP License. It is considered to be free software by the Free Software Foundation. PHP 5 included new features such as: Improved support for object-oriented programming The PHP Data Objects extension, which defines a lightweight and consistent interface for accessing databases Performance enhancements Better support for MySQL and MSSQL Embedded support for SQLite Integrated SOAP support Data iterators Error handling via exceptions
2.Usage
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. It can also be used for command-line scripting and client-side GUI applications. 2.1 Server-side scripting
Originally designed to create dynamic web pages, PHP5's principal focus is server-side scripting. PHP5 model can be compared to other server-side scripting languages such as Microsoft's ASP.NET system, Sun Microsystems' JavaServer Pages, and mod perl as they all provide dynamic content to the client from a web server. As of April 2007, over 20 million Internet domains were hosted on servers with PHP installed.
2.2 Command-line scripting PHP5 also provides a command line interface SAPI for developing shell and desktop applications, daemons, log parsing .
2.3 Client-side GUI applications PHP5 provides bindings to GUI libraries such as GTK+ (with PHP-GTK), Qt with PHP-Qt and text mode libraries like ncurses in order to facilitate development of a broader range of cross-platform GUI applications.
3. Syntax The usual Hello World code example for PHP5 is: PHP only parses code within its delimiters. Delimiters supported by php5 are, (open and close delimiters )
<script language="php"> (style delimiters ) ( or = and ?>) (Short tags ) (<% or <%= and %>) (ASP style tags )
3.1 Data types There are eight data types in PHP: Integer Double Boolean String Object Array Null Resource
3.2 Functions PHP has hundreds of base functions and several thousand from extensions. User-defined functions can be created at any time and without being prototyped. Example: 3.3 Objects In previous versions of PHP, objects were handled like primitive types. The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In php5, objects are referenced by handle, and not by value.
4. Resources
4.1 Libraries PHP includes a large number of free and open source libraries with the core build. 4.2 Extensions
PHP allows developers to write extensions in C to add functionality to the PHP language. These can then be compiled into PHP or loaded dynamically at runtime.
4.3 Debuggers and profilers
Debuggers and profilers allow developers to analyze running PHP code for potential and noted software bugs and bottlenecks. Examples of such software for PHP include APD and Xdebug.
4.4 Templating engines Templating engines provide macros that allow PHP applications to uniformly identify common variables. One popular templating engine is Smarty. 4.5 PEAR The PHP Extension and Application Repository (PEAR) project aims to provide reusable libraries and components for PHP development. PEAR projects are usually written in PHP code using the Object-oriented programming paradigm.
5 . PHP 5 OO Language 5.1 Declaring A Class class MyClass { ... // List of methods ... ... // List of properties ... } 5.2 THE new KEYWORD AND CONSTRUCTORS
Instances of classes are created using the new keyword. Duringng the new call , a new object is allocated with its own copies of the properties defined in the class you requested, and then the constructor of the object is called .
5.3 DESTRUCTORS They are called when the object is being destroyed There are two situations where your destructor might be called: during your script’s execution when all references to an object are destroyed, or when the end of the script is reached . 5.4 CLASS CONSTANTS You can now define constants inside classes. Class constants are always case-sensitive.
5.6 CLONING OBJECTS Used to create a copy of the object. This builtin operator automatically creates a new instance of the object with its own copy of the properties. 5.7 parent:: AND self:: PHP supports two reserved class names self:: refers to the current class and it is usually used to access static members, methods, and constants. parent:: refers to the parent class and it is most often used when wanting to call the parent constructor or methods. 5.8 INTERFACES PHP chose interfaces as an alternative to multiple inheritance. class A implements B, C, ... { ... }
5.9 INHERITANCE OF INTERFACES Interfaces may inherit from other interfaces.
interface I1 extends I2, I3, ... { ... }
5.10 final METHODS-These methods can’t be overridden. 5.11 final CLASSES- It disallows inheriting from this class. 5.12 autoload() When writing object-oriented code, it is often customary to put each class in its own source file. The downside is that you often have to include tons and tons of source files, which can be a pain __autoload() solves this problem by not requiring you to include classes you are about to use.
6.How to Write a Web Application with PHP
6.1 Introduction PHP makes web applications dynamic, enabling users to interact with the site. The web application collects information from the user by means of HTML forms and processes it. 6.2 Embedding Into HTML PHP doesn’t have to be embedded in an HTML file you can create a PHP file that includes no HTML. PHP was developed primarily for web use, to be embedded in HTML files as a templating language. When PHP code is included in a file, the file is given the PHP extension usually .php, but a different extensions, such as .phtml or .php5 can be used.
6.4 TECHNIQUES TO MAKE SCRIPTS “SAFE”
There is only one solution to keeping your scripts running safe: Do not trust users.
6.4.1 Input Validation The term simply means that you need to check all input that comes from the user, whether the data comes from cookies, GET, or POST data. First, turn off register_globals in php.ini and set the error_level to the highest possible value (E_ALL | E_STRICT). The register_globals setting stops the registration of request data (Cookie, Session, GET, and POST variables) as globalvariables in your script; the high error_level setting will enable notices for uninitialized variables.
6.4.2 HMAC Verification If you need to prevent bad guys from tampering with variables passed in the URL, use HMAC (Keyed-Hashing for Message Authentication). The HMAC method is proven to be stronger cryptographically . The HMAC algorithm uses a secret key in a twostep hashing of plain text .
6.5 COOKIES One simple way to maintain data between the different pages in a web application is with cookies. Cookies are sent by PHP through the web server with the setcookie() function and are stored in the browser. 6.6 SESSIONS A PHP session allows an application to store information for the current “session”. PHP creates a session ID that is an MD5 hash of the remote IP address, the current time, and some extra randomness represented in a hexadecimal string. This session ID can be passed in a cookie or added to all URLs to navigate your application.
6.7 ARCHITECTURE
6.7.1 One Script Serves All One script serves all stands for the idea that one script, usually index.php, handles all the requests for all different pages. 6.7.2 One Script per Function Each function is stored in a different script and accessed through its URL 6.7.3 Separating Logic from Layout You always need to strive to separate your logic from the layout of your pages. There are a few ways to do this—for example, with a templating engine or you can also use your own templating method .
7.Future development
Namespace support will be added. Native Unicode support will be added. The magic_quotes option will be removed. The HTTP_*_VARS global variables will be removed. The register_globals option will be removed. The safe_mode option will be removed. Late static binding will be added.