PHP : A Beginner's Guide {McGraw Hill Professional} (A Guide) Vikram Vaswani Mc Graw

User Manual:

Open the PDF directly: View PDF .
Page Count: 478

Download
Open PDF In Browser	View PDF

PHP

A Beginner’s Guide

About the Author

Vikram Vaswani is the founder and CEO of
Melonfire (www.melonfire.com/), a consultancy
firm with special expertise in open-source tools and
technologies. He is a passionate proponent of the
open-source movement and frequently contributes
articles and tutorials on open-source technologies—
including Perl, Python, PHP, MySQL, and
Linux—to the community at large. His previous
books include MySQL: The Complete Reference
(www.mysql-tcr.com/), How to Do Everything with
PHP and MySQL (www.everythingphpmysql.com/), and PHP Programming
Solutions (www.php-programming-solutions.com/).
Vikram has over ten years of experience working with PHP and MySQL
as an application developer. He is the author of Zend Technologies’ PHP 101
series for PHP beginners, and he has extensive experience deploying PHP in
a variety of different environments (including corporate intranets, high-traffic
Internet Web sites, and mission-critical thin client applications).
A Felix Scholar at the University of Oxford, England, Vikram combines
his interest in Web application development with various other activities.
When not dreaming up plans for world domination, he amuses himself by
reading crime fiction, watching old movies, playing squash, blogging, and
keeping an eye out for unfriendly Agents. Read more about him and PHP:
A Beginner’s Guide at www.php-beginners-guide.com.

About the Technical Editor
Chris Cornutt has been involved in the PHP community for more than
eight years. Soon after discovering the language, he started up his news site,
PHPDeveloper.org, to share the latest happenings and opinions from other
PHPers around the world. Chris has written for PHP publications such as
php|architect and the International PHP Magazine on topics ranging from
geocoding to trackbacks. He is also a coauthor of PHP String Handling
(Wrox Press, 2003). Chris lives in Dallas, Texas, with his wife and son,
and works for a large natural gas distributor maintaining their Web site and
developing PHP-based applications.

Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

PHP

A Beginner’s Guide
Vikram Vaswani

New York Chicago San Francisco
Lisbon London Madrid Mexico City
Milan New Delhi San Juan
Seoul Singapore Sydney Toronto

Copyright © 2009 by The McGraw-Hill Companies. All rights reserved. Manufactured in the United States of America. Except as permitted
under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or
stored in a database or retrieval system, without the prior written permission of the publisher.
0-07-154902-1
The material in this eBook also appears in the print version of this title: 0-07-154901-3.
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name,
we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where
such designations appear in this book, they have been printed with initial caps.
McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw-hill.com or (212) 904-4069.
TERMS OF USE
This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use
of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the
work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute,
disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own
noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to
comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE
ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY
INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its
licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any
damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no
circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages
that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation
of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.
DOI: 10.1036/0071549013

For Gurgle and Tonka, my two babies

This page intentionally left blank

Contents at a Glance
PART I Understanding PHP Basics
1 Introducing PHP

..........................................................

2 Using Variables and Operators

............................................

21

................................................

49

......................................................

85

3 Controlling Program Flow
4 Working with Arrays

3

5 Using Functions and Classes

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

PART II Working with Data from Other Sources
6 Working with Files and Directories

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

7 Working with Databases and SQL

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

8 Working with XML

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

9 Working with Cookies, Sessions, and Headers

vii

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

viii

PHP: A Beginner’s Guide
PART III Security and Troubleshooting
10 Handling Errors
11 Securing PHP
12 Extending PHP

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

PART IV Appendixes
A Installing and Configuring Required Software
B Answers to Self Test

Index

. . . . . . . . . . . . . . . . . . . . . . . . . . . 391

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

For more information about this title, click here

Contents
FOREWORD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
ACKNOWLEDGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
PART I Understanding PHP Basics
1 Introducing PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Unique Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Basic Development Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating Your First PHP Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Writing and Running the Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding the Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Handling Script Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 1-1: Mixing PHP with HTML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Escaping Special Characters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sample Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
phpMyAdmin
................................................................
phpBB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Gallery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PoMMo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Smarty
.......................................................................

ix

3
4
5
7
10
10
11
12
13
15
16
17
17
17
17
18

x

PHP: A Beginner’s Guide
Squirrelmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
eZ Publish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Mantis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Wordpress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18
18
18
18
18

2 Using Variables and Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Storing Data in Variables
...........................................................
Assigning Values to Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Destroying Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Inspecting Variable Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding PHP’s Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting and Checking Variable Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Manipulating Variables with Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing Arithmetic Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concatenating Strings
........................................................
Comparing Variables
.........................................................
Performing Logical Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Other Useful Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding Operator Precedence
..........................................
Try This 2-1: Building a Dollars-to-Euros Converter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Handling Form Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 2-2: Building an Interactive HTML Color Sampler . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

22
23
24
25
26
27
29
30
30
31
32
33
34
36
37
39
42
45

3 Controlling Program Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Writing Simple Conditional Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The if Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The if-else Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 3-1: Testing Odd and Even Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Writing More Complex Conditional Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The if-elseif-else Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The switch-case Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 3-2: Assigning Boy Scouts to Tents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Combining Conditional Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Repeating Actions with Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The while Loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The do-while Loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The for Loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Combining Loops
............................................................
Interrupting and Skipping Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 3-3: Building a Factorial Calculator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

50
50
51
53
54
55
55
57
58
59
60
60
61
62
63
64

21

49

Contents
Working with String and Numeric Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using String Functions
.......................................................
Using Numeric Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 3-4: Processing a Member Registration Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

66
66
73
77
82

4 Working with Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Storing Data in Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assigning Array Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Modifying Array Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Retrieving Array Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Nesting Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Processing Arrays with Loops and Iterators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The foreach Loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Array Iterator
............................................................
Try This 4-1: Averaging the Grades of a Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Arrays with Forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 4-2: Selecting Pizza Toppings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Array Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 4-3: Checking Prime Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Dates and Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Generating Dates and Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Formatting Dates and Times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Useful Date and Time Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 4-4: Building an Age Calculator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

86
87
89
90
91
92
93
94
95
97
97
100
107
110
111
112
113
116
118

5 Using Functions and Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating User-Defined Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating and Invoking Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Arguments and Return Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Default Argument Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Dynamic Argument Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding Variable Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Recursive Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 5-1: Calculating GCF and LCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introducing Classes and Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Defining and Using Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 5-2: Encrypting and Decrypting Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Advanced OOP Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Constructors and Destructors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Extending Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adjusting Visibility Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

85

121
122
123
124
126
127
128
129
132
135
135
135
139
143
143
144
147

xi

xii

PHP: A Beginner’s Guide
Try This 5-3: Generating Form Selection Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
PART II Working with Data from Other Sources
6 Working with Files and Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reading Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reading Local Files
..........................................................
Reading Remote Files
........................................................
Reading Specific Segments of a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Writing Files
.......................................................................
Try This 6-1: Reading and Writing Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Processing Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing Other File and Directory Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 6-2: Creating a Photo Gallery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

159

7 Working with Databases and SQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introducing Databases and SQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding Databases, Records, and Primary Keys
........................
Understanding Relationships and Foreign Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Understanding SQL Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 7-1: Creating and Populating a Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PHP’s MySQLi Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Retrieving Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding or Modifying Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Handling Errors
....................................................................
Try This 7-2: Adding Employees to a Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PHP’s SQLite Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introducing SQLite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Retrieving Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding or Modifying Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Handling Errors
..............................................................
Try This 7-3: Creating a Personal To-Do List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PHP’s PDO Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Retrieving Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding and Modifying Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Handling Errors
..............................................................
Try This 7-4: Building a Login Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using a MySQL Database
....................................................
Switching to a Different Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

185

160
160
161
162
163
165
169
172
180
183
186
187
188
189
191
192
192
193
200
201
205
209
209
216
216
220
224
225
226
234
234
237
240
241
241
246
247

Contents
8 Working with XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introducing XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
XML Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Anatomy of an XML Document
..............................................
Well-Formed and Valid XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
XML Parsing Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
XML Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 8-1: Creating an XML Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PHP’s SimpleXML Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Attributes
......................................................
Try This 8-2: Converting XML to SQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Altering Element and Attribute Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding New Elements and Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating New XML Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 8-3: Reading RSS Feeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PHP’s DOM Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Attributes
......................................................
Try This 8-4: Recursively Processing an XML Document Tree . . . . . . . . . . . . . . . . . . . . . .
Altering Element and Attribute Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating New XML Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Converting Between DOM and SimpleXML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 8-5: Reading and Writing XML Configuration Files . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

249

9 Working with Cookies, Sessions, and Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cookie Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cookie Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cookie Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reading Cookies
.............................................................
Removing Cookies
...........................................................
Try This 9-1: Saving and Restoring User Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Session Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating Sessions and Session Variables
......................................
Removing Sessions and Session Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 9-2: Tracking Previous Visits to a Page
....................................
Using HTTP Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 9-3: Building a Better Login Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

293

250
250
251
253
253
254
255
257
257
259
260
262
263
264
266
270
270
275
276
279
281
283
284
289
294
294
295
296
297
297
298
298
302
302
302
304
305
306
308
313

xiii

xiv

PHP: A Beginner’s Guide
PART III Security and Troubleshooting
10 Handling Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Handling Script Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Controlling Error Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using a Custom Error Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 10-1: Generating a Clean Error Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using Custom Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 10-2: Validating Form Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Logging Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Debugging Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

317

.............................................................
11 Securing PHP
Sanitizing Input and Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Securing Data
......................................................................
Securing Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Securing Database Access
....................................................
Securing Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Validating User Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Required Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Working with Dates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 11-1: Validating Form Input
...............................................
Configuring PHP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

349

12 Extending PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PEAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing PEAR Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 12-1: Accessing POP3 Mailboxes with PEAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using PECL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing PECL Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Try This 12-2: Creating Zip Archives with PECL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

377

318
321
322
325
330
334
335
341
342
347
350
353
353
354
355
356
356
358
361
367
368
373
375
378
379
380
384
384
386
388

PART IV Appendixes
A Installing and Configuring Required Software . . . . . . . . . . . . . . . . . . . . . . . . . . .
Obtaining the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing and Configuring the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installing on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

391
392
394
394
401

Contents
Testing the Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing MySQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performing Post-Installation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting the MySQL Super-User Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring MySQL and Apache to Start Automatically . . . . . . . . . . . . . . . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
B Answers to Self Test

Index

412
412
413
415
416
416
417

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

xv

This page intentionally left blank

Foreword
I

have been programming computers for a long time. In that time, I have moved between
more languages than I can count. With each new language, I have always said that once
you learn how to program properly, everything else is just syntax. I still believe that’s true
for a lot of languages, but for PHP, that may be an oversimplification.
In PHP, there are usually several ways to accomplish any given task. Some of them
are better than others, but a few of them—mainly, anything that requires the globals
command—are outright wrong. This is always confusing to programmers new to PHP
because if there are several correct ways to accomplish a task, how do you know which
one is the best? “Best Practices” has been a theme in the PHP community for several years
now as an attempt to answer this question.
Whenever a new member of the PHP community asks me where to learn the Best
Practices of programming PHP, I invariably point them to Vikram’s “PHP 101” series,
posted in several places around the Web. His work on that 14-part series has earned him
a name in the community as an authority not only on teaching new users how to program
but teaching them how to program correctly.
I have had the pleasure of working with Vikram for two years now on DevZone. His
articles are without a doubt some of the most popular we have published. I know as you
read this book you will come to understand why.
—Cal Evans
Editor-in-chief, Zend’s DevZone

xvii
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

This page intentionally left blank

Acknowledgments
T

his book was written across 2007 and 2008, when PHP 5.3 was still under development.
Writing a book about a piece of software that is still under development is always a
challenging task. Fortunately, I was aided immeasurably in the process by a diverse group
of people, all of whom played an important role in getting this book into your hands.
First and foremost, I’d like to thank my wife, who helped keep me grounded throughout
the process. Beauty and intelligence: I lack both, but fortunately she more than makes up
for my failings. Thanks, babe!
The editorial and marketing team at McGraw-Hill Professional has been a pleasure
to work with (as usual). This is my fourth book with them, and they seem to get better
and better with each one. Acquisitions coordinator Jennifer Housh, technical editor
Chris Cornutt, and executive editor Jane Brownlow all guided this book through the
development process and played no small part in turning it from concept into reality. I’d
like to thank them for their expertise, dedication, and efforts on my behalf.
Finally, for making the entire book-writing process more enjoyable than it usually is,
thanks to: Patrick Quinlan, Ian Fleming, Bryan Adams, the Stones, Peter O’Donnell, MAD
Magazine, Scott Adams, FHM, Gary Larson, VH1, George Michael, Kylie Minogue,
Buffy, Farah Malegam, Adam and Anna, Stephen King, Shakira, Anahita Marker, Park
End, John le Carre, Barry White, Gwen Stefani, Robert Crais, Robert B. Parker, Baz
Luhrmann, Stefy, Anna Kournikova, John Connolly, Wasabi, Omega, Pidgin, Cal Evans,

xix
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

xx

PHP: A Beginner’s Guide
Ling’s Pavilion, Tonka and his evil twin Bonka, Din Tai Fung, HBO, Mark Twain, Tim
Burton, Harish Kamath, Madonna, John Sandford, Iron Man, the Tube, Dido, Google.com,
The Matrix, Lee Child, Michael Connelly, Quentin Tarantino, Alfred Hitchcock, Woody
Allen, Percy Jackson, the St. Hugh’s College bops, Booty Luv, Mambo’s and Tito’s,
Easyjet, Humphrey Bogart, Thai Pavilion, Brix, Wikipedia, 24, Amazon.com, U2, The
Three Stooges, Pacha, Oscar Wilde, Hugh Grant, Punch, Kelly Clarkson, Scott Turow,
Slackware Linux, Calvin and Hobbes, Blizzard Entertainment, Alfred Kropp, Otto, Pablo
Picasso, Popeye and Olive Oyl, Dennis Lehane, Trattoria, Dire Straits, Bruce Springsteen,
David Mitchell, The West Wing, Santana, Rod Stewart, and all my friends, at home and
elsewhere.

Introduction
N

o matter which way you cut it, PHP is pretty amazing: a language strung together
by volunteer programmers that today has the enviable distinction of being in
use on more than a third of the planet’s Web servers. Flexible, scalable, extensible,
stable, open—PHP is all of these and more, which is why it’s one of the most popular
programming toolkits in the world.
Ask me why I like PHP, though, and my reason has nothing to do with any of the
preceding buzzwords and everything to do with how friendly and nonthreatening the
language is. There’s no tortuous syntax or obfuscated code in the average PHP script:
instead, it’s clear, understandable, and easy to read, and this makes both programming and
debugging with it a pleasure. This is no small achievement: a shorter learning curve makes
it easier for novice programmers to quickly begin “doing something useful” with the
language, and increases both user interest and adoption levels. This isn’t just good design:
it’s smart marketing as well!
As an open-source project, PHP is completely free, and supported by a worldwide
community of volunteers. This open-source, community-driven approach has produced
a platform that is significantly more robust and error-free than many commercial
alternatives. So using PHP is also good economics for organizations: it allows them to
save on licensing fees and expensive server hardware, while simultaneously producing
higher-quality products in shorter time frames.

xxi
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

xxii PHP: A Beginner’s Guide
If all these sound like good reasons to begin looking into PHP, well, you’re in the
right place. This book will guide you through the world of PHP, teaching you to write
basic PHP programs and then enhance them with more advanced features such as database
queries, XML input, and third-party extensions. In short, it has everything necessary to
turn you into a PHP expert . . . and it might even make you crack a smile on occasion!
So come on in, and let’s get started.

Who Should Read This Book
As you might have guessed from the title, PHP: A Beginner’s Guide is intended for
users who are new to the PHP programming language. Unlike many other books, PHP:
A Beginner’s Guide doesn’t assume prior knowledge of Web programming or database
fundamentals. Rather, it teaches by example, using in-chapter projects and examples to
explain basic concepts and, thus, gradually increase the reader’s familiarity with PHP
concepts and programming tools. Therefore, it is most suitable for novice programmers
who are familiar with HTML and CSS, and are interested in widening their skill set to also
build dynamic, data-driven sites using PHP.

What This Book Covers
PHP: A Beginner’s Guide contains information on the PHP 5.2 and 5.3-alpha programming
toolkit and its most commonly used features: MySQL and SQLite database integration, XML
processing capabilities, and third-party extensions. It provides one-stop coverage of software
installation, language syntax and data structures, flow control routines, built-in functions,
and best practices. Each chapter also includes numerous practical projects that the reader can
“follow along with” to gain a practical understanding of the material being discussed.
The following outline describes the contents of the book and shows how the book is
broken down into task-focused chapters.

Part I: Understanding PHP Basics
Chapter 1: Introducing PHP introduces the PHP programming language, explains why
it’s so popular for Web application development, and explains how the components of a
typical PHP system interact.
Chapter 2: Using Variables and Operators explains PHP’s data types, variables, and
operators, and discusses one of PHP’s most popular applications, form input processing.

Introduction
Chapter 3: Controlling Program Flow demonstrates how to add intelligence to PHP
scripts with conditional statements, automate repetitive tasks with loops, and make use of
built-in functions for working with strings and numbers.
Chapter 4: Working with Arrays introduces PHP’s array data type, explains how it
can be used with loops and Web forms, and demonstrates some of PHP’s built-in functions
to sort, merge, add, modify, and split arrays.
Chapter 5: Using Functions and Classes provides a crash course in two of PHP’s more
complex features, functions and classes. Recursion, variable-length argument lists, visibility,
extensibility, and reflection are just some of the topics covered in this chapter, which focuses
on PHP’s frameworks for turning frequently used code blocks into reusable components.

Part II: Working with Data from Other Sources
Chapter 6: Working with Files and Directories explains PHP’s file system functions,
demonstrating the PHP routines available to read and write files, create and modify
directories, and work with file paths and attributes.
Chapter 7: Working with Databases and SQL explains databases and Structured
Query Language (SQL), and then introduces the two databases most commonly used with
PHP: MySQL and SQLite. It illustrates how PHP can be used to build Web applications
that interact with a database to view, add, and edit data, and also discusses new database
portability features.
Chapter 8: Working with XML explains basic XML concepts and technologies, and
discusses how PHP can be used to process XML data using the SimpleXML extension.
Chapter 9: Working with Cookies, Sessions, and Headers explains PHP’s built-in
functions to create sessions and cookies, and demonstrates how these functions can be
used to make Web applications more user-friendly.

Part III: Security and Troubleshooting
Chapter 10: Handling Errors focuses on PHP’s error-handling framework. It explains
the PHP error and exception model, and shows how to create customized error handling
routines tailored to specific requirements.
Chapter 11: Securing PHP discusses security issues and common attacks, and
suggests ways to increase the security of a PHP application. It discusses key applicationhardening techniques of input validation, output escaping, and PHP security configuration.
Chapter 12: Extending PHP introduces you to two of the largest repositories of
free PHP code on the Internet: PEAR, the PHP Extension and Application Repository,
and PECL, the PHP Extension Community Library. It explains how freely available
components from these repositories can be used to quickly add new capabilities and
features to PHP, making application development faster and more effective.

xxiii

xxiv PHP: A Beginner’s Guide
Part IV: Appendixes
The appendixes include reference material for the information presented in the first
three parts.
Appendix A: Installing and Configuring Required Software discusses the process
of obtaining, installing, and configuring Apache, PHP, MySQL, and SQLite.
Appendix B: Answers to Self Test provides answers to the self-test questions that
appear at the end of each chapter in this book.

Chapter Content
●

Try This Each chapter contains at least one self-contained, hands-on project that
is relevant to the topic under discussed and that the reader can use to gain a practical
understanding of the material.

●

Ask the Expert Each chapter contains one or two Ask the Expert sections that
provide expert guidance and information on questions that might arise about the
material presented in the chapter.

●

Self Test Each chapter ends with a Self Test, which is a set of questions that tests
you on the information and skills you learned in that chapter. The answers to the Self
Test are included in Appendix B, at the end of the book.

Part

I

Understanding
PHP Basics

Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

This page intentionally left blank

Chapter

1

Introducing PHP

3
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

4

PHP: A Beginner’s Guide

Key Skills & Concepts
●

Know PHP’s history

●

Learn PHP’s unique capabilities for Web application development

●

See how the components of a PHP system interact

●

Understand the basic grammar and structure of a PHP script

●

Create and run a simple PHP program

●

Embed PHP in an HTML page

P

HP. Three letters that together constitute the name of one of the world’s most popular
programming languages for Web development, the PHP Hypertext Preprocessor. And
while you might chuckle at the geekiness of the recursive acronym, statistics indicate
that PHP is not be taken lightly: the language is today in use on over twenty million Web
sites and more than a third of the world’s Web servers—no small feat, especially when
you consider that the language has been developed entirely by a worldwide community of
volunteers and is freely available on the Internet at no cost whatsoever!
Over the last few years, PHP has become the de facto choice for the development
of data-driven Web applications, notably on account of its scalability, ease of use, and
widespread support for different databases and data formats. This first chapter will gently
introduce you to the world of PHP, by taking you on a whirlwind tour of PHP’s history
and features, and then guiding you through writing and executing your first PHP program.
So flip the page, and let’s get started!

History
The current version of PHP, PHP 5.3, has been more than fourteen years in the making; its
lineage can be traced back to 1994, when a developer named Rasmus Lerdorf first created
a set of CGI scripts to monitor page views for his online résumé. This early version of PHP,
named PHP/FI, was fairly primitive; although it had support for form input and the mSQL
database, it lacked many of the security features and add-ons found in modern PHP versions.
Lerdorf later improved PHP/F1 1.0 and released it as PHP/FI 2.0, but it was only
in 1997, when the developers Andi Gutmans and Zeev Suraski rewrote the PHP parser

Chapter 1:

Introducing PHP

and released it as PHP 3.0, that the PHP movement really began to pick up steam. Not
only was PHP 3.0’s syntax more powerful and consistent, but it also introduced a new,
extensible architecture that encouraged independent developers to create their own
enhancements and extensions to the language. Needless to say, this only encouraged
adoption of the language, and it wasn’t long before PHP 3.0 began appearing on many
thousands of Web servers.
The next iteration of the code tree, PHP 4.0, was released in 2000. It offered a new
engine, better performance and reliability, and built-in support for sessions and objectoriented features. A Nexen survey in July 2007 revealed that this version of PHP, PHP 4.x,
was still the dominant version in use on the Internet’s Web sites, accounting for almost
80 percent of the PHP-capable servers surveyed. However, in July 2007, the PHP
development team announced that PHP 4.x would no longer be supported after December
2007, paving the way for more widespread adoption of newer versions.
PHP 5.0, released in 2004, was a radical redesign of PHP 4.0, boasting a completely
rewritten engine, a much-improved object model, and various security and performance
improvements. Of particular interest to developers was the new object model, which now
included support for such stalwarts of the OOP paradigm as abstract classes, destructors,
multiple interfaces, and class type hints. PHP 5.0 also introduced various new and
important tools: a common database access layer; Java-style exception handling; and an
integrated database engine.
PHP 5.3, the most recent version (and the version used throughout this book), was
released in January 2008. It improves on the new features first shown in PHP 5.0, and
also attempts to correct some of the shortcomings noted by users of earlier versions.
Some of the most noticeable improvements in this version are: support for namespacs; a
cleaner and more secure environment for managing the variable space; built-in support for
SQLite 3; and a new native driver for MySQL. So far, all these changes have conspired to
make PHP 5.3 the best PHP release in the language’s fourteen-year history, a fact amply
illustrated by the April 2008 Netcraft survey, which shows PHP in use on over thirty
million Web sites.

Unique Features
If you’re familiar with other server-side languages like ASP.NET or JSP, you might be
wondering what makes PHP so special, or so different from these competing alternatives.
Well, here are some reasons:

Performance Scripts written in PHP execute faster than those written in other scripting
languages, with numerous independent benchmarks putting the language ahead of

5

6

PHP: A Beginner’s Guide
competing alternatives like JSP, ASP.NET, and Perl. The PHP 5.0 engine was completely
redesigned with an optimized memory manager to improve performance, and is noticeably
faster than previous versions. In addition, third-party accelerators are available to further
improve performance and response time.

Portability PHP is available for UNIX, Microsoft Windows, Mac OS, and OS/2, and
PHP programs are portable between platforms. As a result, a PHP application developed
on, say, Windows will typically run on UNIX without any significant issues. This ability
to easily undertake cross-platform development is a valuable one, especially when
operating in a multiplatform corporate environment or when trying to address multiple
market segments.
Ease of Use “Simplicity is the ultimate sophistication,” said Leonardo da Vinci, and
by that measure, PHP is an extremely sophisticated programming language. Its syntax is
clear and consistent, and it comes with exhaustive documentation for the 5000+ functions
included with the core distributions. This significantly reduces the learning curve for both
novice and experienced programmers, and it’s one of the reasons that PHP is favored as a
rapid prototyping tool for Web-based applications.
Open Source PHP is an open-source project—the language is developed by a worldwide
team of volunteers who make its source code freely available on the Web, and it may be
used without payment of licensing fees or investments in expensive hardware or software.
This reduces software development costs without affecting either flexibility or reliability.
The open-source nature of the code further means that any developer, anywhere, can
inspect the code tree, spot errors, and suggest possible fixes; this produces a stable, robust
product wherein bugs, once discovered, are rapidly resolved—sometimes within a few
hours of discovery!
Community Support One of the nice things about a community-supported language
like PHP is the access it offers to the creativity and imagination of hundreds of developers
across the world. Within the PHP community, the fruits of this creativity may be found
in PEAR, the PHP Extension and Application Repository (http://pear.php.net/), and
PECL, the PHP Extension Community Library (http://pecl.php.net/), which contains
hundreds of ready-made widgets and extensions that developers can use to painlessly add
new functionality to PHP. Using these widgets is often a more time- and cost-efficient
alternative to rolling your own code.
Third-Party Application Support One of PHP’s strengths has historically been its
support for a wide range of different databases, including MySQL, PostgreSQL, Oracle,

Chapter 1:

Introducing PHP

and Microsoft SQL Server. PHP 5.3 supports more than fifteen different database engines,
and it includes a common API for database access. XML support makes it easy to read (and
write) XML documents as though they were native PHP data structures, access XML node
collections using XPath, and transform XML into other formats with XSLT style sheets.
It doesn’t just stop there either. PHP’s extensible architecture allows developers to
write custom add-ons to the language, with the result that PHP developers can today
read and write the GIF, JPEG, and PNG image formats; send and receive e-mail using
the SMTP, IMAP, and POP3 protocols; interface with Web services using the SOAP and
REST protocols; validate input using Perl regular expressions; and create and manipulate
PDF documents. Heck, PHP can even access C libraries, Java classes, and COM objects
and take advantage of program code written for these languages!

Ask the Expert
Q:
A:

Do I need to compile PHP programs before executing them, as in Java or C++?
No, because PHP is an interpreted language. One advantage of an interpreted language
is that it allows you to make changes to your source code and immediately test these
changes, without first needing to compile your source code into binary form. Skipping the
compilation step makes the development process much faster, and PHP comes with built-in
memory management and caching to negate the effect of the additional run-time load
associated with using an interpreter.

Basic Development Concepts
When developing a PHP application for the Web, the typical approach is to embed PHP
code into one or more standard HTML documents using special “tags,” or delimiters.
Here’s an example:









7

Ê

nÊ

**\Ê
Ê i}ˆ˜˜iÀ½ÃÊՈ`i
7HEN SUCH AN (4-, DOCUMENT IS REQUESTED BY A USER A 0(0 AWARE 7EB SERVER CAN
RECOGNIZE AND EXECUTE THE 0(0 CODE BLOCKS AND INTERPOLATE THE RESULTING OUTPUT INTO THE
(4-, DOCUMENT BEFORE RETURNING IT TO THE REQUESTING USER 4HE RESULT A 7EB PAGE OR
APPLICATION THAT ALMOST SEEMS ALIVE RESPONDING INTELLIGENTLY TO USER ACTIONS BY VIRTUE OF
THE 0(0 PROGRAM LOGIC EMBEDDED WITHIN IT &IGURE   ILLUSTRATES THE PROCESS SHOWING THE
FOUR ELEMENTS OF THE ,!-0 FRAMEWORK DESCRIBED LATER IN THIS SECTION
(ERES WHATS HAPPENING IN &IGURE  
Ê

£° *OE POPS OPEN HIS 7EB BROWSER AT HOME AND TYPES IN THE 52, TO A 7EB SITE !FTER

LOOKING UP THE DOMAIN *OES BROWSER THE CLIENT SENDS AN (440 REQUEST TO THE
CORRESPONDING SERVER )0 ADDRESS
Ê

Ó° 4HE 7EB SERVER HANDLING (440 REQUESTS FOR THE DOMAIN RECEIVES THE REQUEST AND

NOTES THAT THE 52, ENDS WITH A PHP SUFFIX "ECAUSE THE SERVER IS PROGRAMMED TO
AUTOMATICALLY REDIRECT ALL SUCH REQUESTS TO THE 0(0 LAYER IT SIMPLY INVOKES THE 0(0
INTERPRETER AND PASSES IT THE CONTENTS OF THE NAMED FILE
Ê

ΰ 4HE 0(0 INTERPRETER PARSES THE FILE EXECUTING THE CODE IN THE SPECIAL 0(0 TAGS 7ITHIN

THESE TAGS YOU CAN PERFORM CALCULATIONS PROCESS USER INPUT INTERACT WITH A DATABASE
READ AND WRITE FILES    THE LIST GOES ON
 /NCE THE SCRIPT INTERPRETER HAS COMPLETED
EXECUTING THE 0(0 INSTRUCTIONS IT RETURNS THE RESULT TO THE BROWSER CLEANS UP AFTER ITSELF
AND GOES BACK INTO HIBERNATION
Ê

{° 4HE RESULTS RETURNED BY THE INTERPRETER ARE TRANSMITTED TO *OES BROWSER BY THE 7EB SERVER

ˆ}ÕÀiÊ£‡£Ê Ê/ iÊ
*Ê`iÛiœ«“i˜ÌÊvÀ>“iܜÀŽ

Chapter 1:

Introducing PHP

From the preceding explanation, it should be clear that to get started building PHP
applications, your development environment must contain at least three components:
●

A base operating system (OS) and server environment (usually Linux)

●

A Web server (usually Apache on Linux or IIS on Windows) to intercept HTTP
requests and either serve them directly or pass them on to the PHP interpreter for
execution

●

A PHP interpreter to parse and execute PHP code, and return the results to the
Web server
There’s also often a fourth optional but very useful component:

●

A database engine (such as MySQL) that holds application data, accepts connections
from the PHP layer, and modifies or retrieves data from the database

An important corollary of this approach is that the PHP code is executed on the server,
and not on the client browser. This allows Web developers to write program code that
is completely independent of, and thus impervious to, browser quirks—an important
advantage over client-side scripting languages, such as JavaScript, which often require
complex logic to account for browser-specific differences. Further, because the code is
all executed on the server and only the output is sent to the client, it is impossible for
users to see the source code of your PHP program—an important security advantage over
languages like JavaScript.

Ask the Expert
Q:
A:

How much do the components of a PHP development environment cost?
The four components described in the preceding section are all open-source projects and,
as such, can be downloaded off the Internet at no charge. As a general principle, there
are also no fees or charges associated with using these components for either personal or
commercial purposes, or for developing and distributing applications that use them. If
you do intend to write commercial applications, however, it’s a good idea to review the
licensing terms that are associated with each of these components; typically, you will find
these on the component’s Web site as well as in the downloadable archive file.
When all four components—Linux, Apache, MySQL, and PHP—are present, the
development environment is referred to as the “LAMP platform.”

9

10

PHP: A Beginner’s Guide

Creating Your First PHP Script
Now that you know a little bit about PHP, let’s dive right in and begin writing some code.
By necessity, the scripts you’ll be writing in the following sections will be fairly simple—
but don’t worry, things will get more complicated as you learn more about the language!
If you haven’t already done so, this is a good place to boot up your computer,
download the newest versions of Apache and PHP, and install them to your development
environment. Appendix A of this book has detailed instructions for accomplishing this
procedure, and for testing your development system to ensure that all is working as it
should post-installation, so flip ahead and come back here once you’re ready.
All done? Let’s get started!

Writing and Running the Script
PHP scripts are merely plain-text files containing PHP instructions, sometimes combined
with other odds and ends—JavaScript, HTML, and so on. So, the simplest way to write a
PHP script is to pop open your favorite text editor and create a file containing some PHP
code, as follows:


Save this file to a location under your Web server’s document root, and name it
horse.php. Then, start up your Web browser, and browse to the URL corresponding to
the file location. You should see something like Figure 1-2.

Figure 1-2

The output of the horse.php script

Chapter 1:

Introducing PHP

Understanding the Script
What happened here? Well, when you requested the script horse.php, the Apache Web
server received your request, recognized that the file was a PHP script (by means of
the .php file extension), and handed it off to the PHP parser and interpreter for further
processing. This PHP interpreter then read the instructions between the 
tags, executed them, and passed the results back to the Web server, which in turn sent
them back to your browser. The instructions in this instance consisted of a call to PHP’s
echo statement, which is responsible for displaying output to the user; the output to be
displayed is enclosed in quotation marks.
There is some useful information to be gleaned from even this simple PHP script. It
should be clear, for example, that all PHP code must be enclosed within 
tags and every PHP statement must end in a semicolon. Blank lines within the PHP tags
are ignored by the parser.

Ask the Expert
Q:

I wrote the following PHP script (omitting the semicolon terminator), and it worked
without generating an error.


This contradicts what you said earlier about every PHP statement necessarily ending
with a semicolon. Please explain.

A:

Omitting the semi-colon at the end of a PHP statement is one of the most common
mistakes novice PHP programmers make, and it invariably results in an error message.
However, there is one situation—the one you discovered—where you can get away clean
even with this omission. A semicolon is not needed to terminate the last line of a PHP
block, because the closing ?> includes a semicolon. That’s why the script you wrote
works without an error.
Note, however, that while you can get away with this omission, omitting the
semicolon in this manner is not good programming practice. After all, you never know
when you’ll need to add something else to the end of your script!

11

12

PHP: A Beginner’s Guide
Free-form comments can be incorporated within a PHP script via the same conventions
used in JavaScript. Single-line comments must be preceded by the // characters, while
multiline comments must be enclosed within a /* ... */ comment block. These comments
are excluded from the output of the PHP script. Here are some examples:



Handling Script Errors
The PHP parser has a sharp eye. If your code includes an error, it will—depending on the
severity of the error—either display a warning message or stop script execution at the
point of error with a notification of what went wrong. Chapter 10 of this book deals with
errors and error handling in detail, but it’s instructive at this point to see what happens
when the PHP parser encounters an error, so that you have a better understanding of how
to deal with this situation when it happens to you.
To deliberately generate an error, go back to the horse.php script you created earlier and
drop in an extra semicolon after the echo keyword, so that the script now looks like this:


Save this file, and browse to it as before. This time, you should see something like
Figure 1-3.
As Figure 1-3 illustrates, the PHP parser is quick to catch errors in your code. The
error message generated by the parser is quite helpful: it tells you what the error was, as
well as the line on which it occurred. This makes it fairly easy—in most cases—to locate
and correct the error.

Chapter 1:

Figure 1-3

Introducing PHP

The output generated by PHP when it finds a script error

Try This 1-1

Mixing PHP with HTML

When the PHP parser reads a script, it executes only the code found between PHP tags;
everything outside these tags is ignored by the parser and returned “as is.” This makes
it extremely easy to embed PHP code within an HTML document to create Web pages
that have all the formatting bells and whistles of standard HTML but can additionally
perform complex calculations or read and manipulate data from external sources (such
as databases or Web services).
To see how this works in practice, consider the following code listing:







Colors with HTML and PHP

(continued)

13

14

PHP: A Beginner’s Guide
\n";
echo " \n";
echo " \n";
echo "\n";
?>


Blue






Green




Save this script as colors.php, and view it in your Web browser. You should see
an HTML page containing a table with three rows and two columns, with one column
containing a color and the other its corresponding name (Figure 1-4).
Use your browser’s View Source command to inspect the HTML code of the page, and
you’ll see that the PHP parser has interpolated the output of the various echo statements
into the HTML source code to create a complete HTML page. This is a very common

Figure 1-4

A Web page containing colors and color codes, generated by mixing PHP
with HTML

Chapter 1:

Introducing PHP

technique used for building Web applications with PHP, and you’ll see it in almost every
example that follows.

Escaping Special Characters
There’s one interesting thing about colors.php that bears explaining: the numerous
backslashes used in the script. Look at the PHP-generated third row of the HTML table,
and then at the corresponding HTML source code of the output page, and you’ll notice
that none of these backslashes make an appearance. Where did they go?
There’s a simple explanation for this. As you’ve already seen, output to be displayed
by PHP is wrapped in quotation marks. But what happens when the output to be displayed
includes quotation marks of its own, as occurs with the HTML code generated in colors.php?
If you simply enclose one set of quotation marks within another, PHP will get confused
about which quotation marks are to be printed literally, and which ones are simply
used to enclose the string value, and will generate a parser error Therefore, to handle
these situations, PHP allows you to escape certain characters by preceding them with a
backslash (\). There so-called escape sequences include
Sequence

What It Represents

\n

a line feed character

\t

a tab

\r

a carriage return

\"

a double quotation mark

\'

a single quotation mark

When the parser encounters one of these escape sequences, it knows to replace it with
the corresponding value before sending it to the output device. Consider, for example, this
line of code:


PHP knows that the quotation marks preceded with a backslash are to be printed “as is,”
and it will not confuse them with the quotation marks that signal the beginning and end of
a string. This is why you see a backslash before every PHP-generated quotation mark and
line feed in colors.php.

15

16

PHP: A Beginner’s Guide

Ask the Expert
Q:

Why does the colors.php script use single quotes in some places, and double quotes in
others?

A:

Escape sequences, such as those for line feeds (\n), carriage returns (\r), and double
quotation marks (\"), can only be understood by the PHP parser when they are themselves
enclosed in double quotes. If these escape sequences are enclosed in single quotes, they
will be printed “as is.”
Consider the following code snippets and their output, which illustrate the difference:



Now, the colors.php script is responsible for dynamically generating the HTML
code for the last row of the HTML table. This row code must be formatted for easy
readability, with  and  elements appearing on different lines. Performing this
task requires use of the line feed (\n) escape sequence, which, as explained earlier, is
only recognized when enclosed within double quotes. This is why double quotes are
used at certain places within the colors.php script.

Sample Applications
Obviously, there’s a lot more to PHP than just the echo statement, and you’ll get a crash
course in the language’s many different capabilities in subsequent chapters. For the
moment, though, this is a good place to take a well-earned break, grab some coffee, and
reflect on all you’ve just learned. And just to whet your interest for what’s coming up,
here’s a small sample of the many applications that developers just like you have used
PHP for.

Chapter 1:

Introducing PHP

phpMyAdmin
The phpMyAdmin (www.phpmyadmin.net/) application is a PHP-based administration
tool for the MySQL RDBMS. One of the most popular projects on the SourceForge
network, it allows table and record creation and modification, index management, ad hoc
SQL query execution, data import and export, and database performance monitoring.

phpBB
The phpBB (www.phpbb.com/) application is a robust, open-source PHP implementation
of an online bulletin board system that is both easy to use and simple to administer. It
provides a simple, user-friendly discussion board for portal members and includes support
for features like message posting and replying, message threading, subject/body search,
themes, private messages, and many others.

Gallery
Gallery (http://gallery.menalto.com/) is a highly configurable digital photo archive written
in PHP. It supports multiple image galleries and multiple keywords per photo, and it
includes features such as automatic thumbnail creation, image captioning and editing,
keyword search, and gallery-level authentication.

Ask the Expert
Q:

I understand how the backslash is used to mark escape sequences. But what happens
if I need to print an actual backslash in my output?

A:

The solution to this is fairly simple: use a double backslash!


PoMMo
PoMMo (www.pommo.org/) is a mass-mailing application written entirely in PHP. It is
particularly useful for managing and sending e-mail messages to one or more subscriber
mailing lists, and it also supports the use of customized input forms for the collection of
subscriber data. It allows administrators to import and export subscriber data from a MySQL
database, and subscribers to manage their subscriptions through an online control panel.

17

18

PHP: A Beginner’s Guide

Smarty
Smarty (www.smarty.net/) is a PHP-based framework for separating the business logic
of a PHP application from its user interface. It achieves this separation through the use
of templates containing output placeholders, which are replaced at run time with actual
content. Smarty supports template caching and nesting, pre- and post-rendering filters,
and built-in functions to simplify common tasks. It has rapidly become one of the most
popular template engines for PHP-based application development.

Squirrelmail
Squirrelmail (www.squirrelmail.org/) is a Web-based mail client written in PHP, with support
for both the SMTP and IMAP protocols. It includes the ability to send and receive attachments,
manage address book collections, and manipulate server-based mailboxes. The application is
highly configurable and can be extended through the use of plug-ins and themes.

eZ Publish
The eZ Publish (www.ez.no/) application is a PHP-based content management system that is
suitable for the development of both small, personal Web pages and large, corporate Web sites.
It includes support for creating and editing content, tracking changes, building customized
publishing workflows, and setting up a “Web shop” with integrated e-commerce functions.

Mantis
Mantis (www.mantisbt.org/) is a Web-based bug-tracking system designed specifically to
track and resolve issues for software and other projects. It supports multiple user access
levels, multiple projects, and multiple priority levels, and it includes a full-featured search
engine and various built-in reports for up-to-date snapshots of a project’s status.

Wordpress
Wordpress (www.wordpress.org/) is a well-known Weblog (aka blog) publishing tool. It
allows users to maintain and publish online diaries of their activities and supports themes,
tags, automatic spell-checking, video and photo upload, and built-in spam protection. It’s
extremely fast, easy to set up, and simple to use—three reasons that have made it popular
with millions of bloggers around the world.

Summary
This chapter provided a gentle introduction to the world of PHP, discussing the history
and evolution of the language and highlighting some of its unique features and advantages
vis-à-vis competing alternatives. It explained the various components of the typical PHP

Chapter 1:

Introducing PHP

development environment and illustrated how they interact with each other. Finally, it
got you started writing PHP code, showing you the basic syntactical rules of the language
and explaining how to embed PHP code inside HTML documents using the special
 PHP tags through an easy project. These basic skills will serve you well
through the next chapter, which gives you a crash course in two of the PHP’s fundamental
building blocks: variables and operators.
If you’d like to learn more about the topics discussed in this chapter, you’ll find the
following links useful:

✓

●

The official PHP Web site, at www.php.net

●

PHP usage statistics, at www.php.net/usage.php

●

A brief history of PHP, at www.php.net/manual/en/history.php

●

The community behind PHP, at www.php.net/credits.php

Chapter 1 Self Test
1. Which are the four components of the LAMP framework?
2. Why is PHP superior to client-side languages such as JavaScript?
3. What does the echo statement do?
4. What happens when the PHP parser encounters whitespace or blank lines in a PHP

script?
5. What character must necessarily be used to terminate every PHP statement? Name one

situation where omitting this termination character does not produce an error.
6. What is an escape sequence? Name three commonly used escape sequences.
7. What will be the output of the following PHP scripts:
A


B


19

20

PHP: A Beginner’s Guide
8. Find the error in each of the following PHP scripts:
A


B
Copyright Me, 2008
';
?>

C


Chapter

2

Using Variables
and Operators

21
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

22

PHP: A Beginner’s Guide

Key Skills & Concepts
●

Create and use variables and constants

●

Understand PHP’s simple data types

●

Become familiar with some of PHP’s built-in functions

●

Perform arithmetic operations

●

Compare and logically test variables

●

Handle data submitted through a Web form

T

he preceding chapter gave you a gentle introduction to PHP, letting you get your hands
dirty with two simple projects. However, as you’ll shortly see, PHP is good for much
more than simply filling in the blanks in an HTML page. In this chapter, you’ll learn about
variables and operators, the two basic building blocks of any PHP program, and you’ll
begin using them to develop more sophisticated programs. You’ll also create your very
first interactive PHP script, one which asks for, and responds to, a user’s input. So without
further ado, let’s jump straight in!

Storing Data in Variables
A variable is simply a container that’s used to store both numeric and non-numeric
information. And just as with any container, you can move it from place to place, add stuff
to it, or empty it out on the floor in a pile and fill it with something completely different.
To stretch the analogy a little further, just as it’s a good idea to label every container,
so too should you give every variable in your program a name. As a general rule, these
names should make sense and should be easy to understand. In the real world, this makes
it easier to find things; in the programming world, it makes your code cleaner and easier
to understand by others. As someone who’s been there, I can tell you that there’s nothing
more frustrating than spending three hours searching a bunch of boxes for Mom’s best
china, only to realize it’s in the one marked “Miscellaneous” together with an old rubber
bone and some crumbly biscuits!
PHP has some simple rules for naming variables. Every variable name must be
preceded with a dollar ($) symbol and must begin with a letter or underscore character,

Chapter 2:

Using Variables and Operators

optionally followed by more letters, numbers, or underscore characters. Common
punctuation characters, such as commas, quotation marks, or periods, are not permitted in
variable names; neither are spaces. So, for example, $root, $_num, and $query2 are
all valid variable names, while $58%, $1day, and email are all invalid variable names.

Assigning Values to Variables
Assigning a value to a variable in PHP is quite easy: use the equality (=) symbol, which
also happens to be PHP’s assignment operator. This assigns the value on the right side of
the equation to the variable on the left.
To use a variable in a script, simply call it by name in an expression and PHP will
replace it with its value when the script is executed. Here’s an example:





Project 2-1: USD/EUR Currency Conversion




If you’ve been following along, this script should be fairly easy to understand. It
begins by defining a constant named EXCHANGE_RATE which—surprise, surprise—stores
the dollar-to-euro exchange rate (assumed here at 1.00 U.S. dollar to 0.70 euro). Next, it
defines a variable named $dollars to hold the number of dollars to be converted, and
then it performs an arithmetic operation using the * operator, the $dollars variable, and
the EXCHANGE_RATE constant to return the equivalent number of euros. This result is then
stored in a new variable named $euros, and printed to the Web page.
Figure 2-1 illustrates what the output looks like.
To convert a different quantity of dollars, simply change the $dollars variable. Go
on, give it a whirl and see for yourself!

Figure 2-1

The output of the dollars-to-euros converter

Chapter 2:

Using Variables and Operators

Handling Form Input
So far, all the examples you’ve seen have had their variables neatly defined at the top
of the script listing. However, as your PHP scripts become more complex, this happy
situation will change, and you’ll need to learn how to interact with user-supplied input.
The most common source of this information is a Web form, and PHP comes with a
simple mechanism to retrieve information submitted through such forms.
To illustrate, consider the following simple Web form (choose.html), which asks you
to select a brand of automobile and enter your desired color:





Project 2-2: An Interactive HTML Color Sampler

R:  

G:  

B:  






Pretty standard fare here—a Web form with three input fields, one each for the red,
green, and blue color components. Notice that this form submits its data to a PHP script
named display.php, and it uses the GET method (for variety).
Figure 2-4 illustrates what the form looks like.
Next up, the PHP script that accepts the input and uses it to display a color swatch
(display.php):






Project 2-2: An Interactive HTML Color Sampler

R: 
G: 
B: 





The data entered into the form becomes accessible through the $_GET array (notice
that it’s $_GET because the GET method was used to submit the form). This data is then
swept into three variables by this script: $r, $g, and $b. These are then concatenated into
a single string using PHP’s concatenation operator (remember him?). This RGB string
is then used to set the background color for a 
 element a little further down in the
HTML document.
(continued)

43

44

PHP: A Beginner’s Guide

Figure 2-5

The color sample resulting from form submission

The result? When the browser renders the page, you’ll see a 150×150 block solidfilled with the color corresponding to the selected RGB values. And if you go back to
the Web form and enter a new set of RGB codes, the color will change appropriately . . .
hence the “interactive” in “interactive color sampler”!
Figure 2-5 illustrates what happens when you enter the codes 153,153,153 (a light
shade of gray, because this page is in black and white).
Table 2-6 has some more RGB color combinations for you to try.

Color

R

Pink

250

75

200

Orange

255

105

0

Yellow

255

255

0

Green

75

200

60

Brown

100

75

25

Table 2-6 Sample RGB Color Combinations

G

B

Chapter 2:

Using Variables and Operators

Summary
This chapter probably took you a little longer to get through than the preceding one, but at
the end of it, your knowledge of PHP’s basic constructs should have noticeably increased.
The chapter began by introducing you to PHP variables and constants, explaining how
to name them, assign values to them, use them in a script, and destroy them when done.
It gave you a quick introduction to PHP’s simple data types and then took you on a
whirlwind tour of PHP’s arithmetic, string, comparison, and logical operators, using
commented examples to explain how each of these operators could be used to manipulate
and modify variable contents.
With these basics out of the way, the chapter proceeded to an explanation of how to
process form input with PHP, a common task that you’ll perform over and over again
through the course of this book and, indeed, throughout your career as a PHP developer.
Finally, two projects—one demonstrating the use of operators to perform calculations on
variables and the other illustrating how easy it is to create an interactive PHP application
using form input—showed how this learning can be put to practical use.
The next chapter will build on everything you’ve learned so far, explaining how you
can add intelligence to your PHP scripts through the use of conditional tests, and showing
you how PHP’s loop constructs can help in performing repetitive actions. Until then,
though, spend some time looking at these PHP manual links, which offer more detailed
information on the topics discussed in this chapter:

✓

●

PHP data types, at www.php.net/manual/en/language.types.php

●

Type juggling and typecasting in PHP, at
www.php.net/manual/en/language.types.type-juggling.php

●

PHP type comparison tables, at www.php.net/manual/en/types.comparisons.php

●

Variable basics, at www.php.net/manual/en/language.variables.php

●

PHP operators and operator precedence, at
www.php.net/manual/en/language.operators.php

●

Accessing form data with PHP, at
www.php.net/manual/en/language.variables.external.php

Chapter 2 Self Test
1. The PHP function to detect the type of a variable is: _____________
2. Identify which of the following variable names are invalid: $24, $IAMHERE, $_error,

$^b, ${$var}, $yA_K

45

46

PHP: A Beginner’s Guide
3. Write a PHP statement to create a constant value holding the name of your favorite

ice-cream flavor.
4. Write a PHP script to initialize a variable and then increment its value by 3.
5. Mark the following statements as true or false:
A The unset() function de-initializes a variable and removes it from the program’s

variable space.
B The PHP expressions $c = '' and $c = null are equivalent.
C The result of the calculation (56 - 1 * 36 % 7) is 6.
D The == operator tests two variables for both value and type equality.
E The OR logical operator has higher precedence than the AND logical operator.
F The is_numeric() function returns true if passed a floating-point value.
G Casting a floating-point number to an integer always results in the number being

rounded down.
H Form elements of type 'hidden' are excluded from $_POST and $_GET.
6. What are the values of $x and ABC at the end of the following PHP script?


7. What is the likely output of the following PHP script?


8. What is the likely output of the following PHP script?


9. Rewrite the code from Try This 2-1 such that both the exchange rate and the amount to

be converted are supplied by the user through a Web form.

Chapter 2:

Using Variables and Operators

10. Write a PHP script that accepts a temperature value in Celsius (C) through a Web

form and converts it to the Fahrenheit (F) scale. The conversion formula to use is:
F = (9/5) * C + 32.
11. Write a PHP script to display the values entered into a Web form that contains:
●

One text input field

●

One selection list

●

One text area

●

Two radio buttons

●

One hidden field

●

Two checkboxes

●

One password field

47

This page intentionally left blank

Chapter

3

Controlling
Program Flow

49
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

50

PHP: A Beginner’s Guide

Key Skills & Concepts
●

Learn to use conditional statements like if-else and switch-case

●

Automate repetitive tasks with the while, do-while, and for loops

●

Gain experience with PHP’s built-in string and numeric functions

T

he PHP programs you saw in the preceding chapter were fairly straightforward: they
accepted one or more input values, performed calculations or comparisons with
them, and returned a result. In reality, though, PHP programs are never so simple: most
programs will need to make complex decisions and execute different operations at run
time in accordance with programmer-specified conditions.
In this chapter, you’ll learn how to create PHP programs that are more “intelligent”
and can perform different actions based on the results of a logical or comparative test.
You’ll also learn how to automate repetitive actions using loops, and find out more about
PHP’s built-in functions for working with strings and numbers. To ensure that you’re able
to apply this learning in the real world, this chapter also lets you test your newly acquired
knowledge against four practical projects.

Writing Simple Conditional Statements
In addition to storing and retrieving values in variables, PHP also lets programmers
evaluate different conditions during the course of a program and take decisions based
on whether these conditions evaluate to true or false. These conditions, and the actions
associated with them, are expressed by means of a programming construct called a
conditional statement. PHP supports different types of conditional statements, each one
intended for a particular use.

The if Statement
The simplest of PHP’s conditional statements is the if statement. This works much like
the English-language statement, “if X happens, do Y.” Here’s a simple example, which
contains a conditional statement that checks if the value of the $number variable is less
than 0 and prints a notification message if so.

Chapter 3:

Controlling Program Flow



The key to the if statement is thus the condition to be evaluated, which is always
enclosed in parentheses. If the condition evaluates to true, the code within the curly braces
is executed; if it evaluates to false, the code within the curly braces is skipped. This true/
false test is performed using PHP’s comparison operators, which you learned about in the
preceding chapter; Table 3-1 quickly recaps them.

The if-else Statement
The if statement is quite basic: it only lets you define what happens when the condition
specified evaluates to true. But PHP also offers the if-else statement, an improved
version of the if construct that allows you to define an alternative set of actions that the
program should take when the condition specified evaluates to false. Using this statement
often results in more compact and readable code, because it lets you combine two actions
into a single, unified code block. In English, this statement would read, “if X happens,
do Y; otherwise, do Z.”

Operator

Description

==

Equal to

!=

Not equal to

>

Greater than

>=

Greater than or equal to

<

Less than

<=

Less than or equal to

===

Equal to and of the same type

Table 3-1

Common Comparison Operators

51

52

PHP: A Beginner’s Guide
To illustrate, consider this revision of the previous listing:


Here, an if-else statement is used to account for two possible outcomes: a number
less than zero, and all other numbers. To see it in action, try running this script once as is,
and then again after changing the value of the $number variable to a positive value.

Ask the Expert
Q:

Is there a more compact way to write an if-else statement?

A:

Yes, there is. It involves a little thingamajig called the ternary operator. This operator,
represented by the question mark (?) symbol, lets you represent an if-else conditional
statement in a single, compact line of code. To see it in action, consider the following two
equivalent scripts:

The Standard if-else Block


The Equivalent Block Using the
Ternary Operator


Here, the ternary operator selects the code on the left of the colon if the condition
evaluates to true, and the code on the right if the condition evaluates to false.

Chapter 3:

Try This 3-1

Controlling Program Flow

Testing Odd and Even Numbers

Now that you know the basics of conditional statements, let’s look at an example of how
they can be used. The following program will ask the user to enter a number into a Web
form, test it to see whether it is odd or even, and return a corresponding message.
Here’s the code (oddeven.php):






Project 3-1: Odd/Even Number Tester


Enter value: 









(continued)

53

54

PHP: A Beginner’s Guide

Figure 3-1

Testing odd and even numbers with PHP

This program consists of two sections: the first half generates a Web form for the user
to enter a value, while the second half checks whether the value is odd or even and prints
an appropriate message. In most cases, these two sections would be in separate files;
they’ve been combined into a single PHP script by the magic of a conditional statement.
How does it work? Well, when the Web form is submitted, the $_POST variable will
contain an entry for the  element. A conditional test then
checks for the presence or absence of this variable: if absent, the program “knows” that
the Web form has not been submitted yet and so prints the form’s HTML code; if present,
the program “knows” that the Web form has been submitted and it then proceeds to test the
input value.
Testing the input value for evenness is handled by a second if-else conditional
statement. Here, the conditional expression consists of dividing the input value by 2
and testing if the remainder is zero. If this test returns true, one message is printed; else,
another message is printed.
Figure 3-1 illustrates what the output of the script looks like.

Writing More Complex Conditional Statements
The if-else statement lets you define actions for two eventualities: a true condition
and a false condition. In reality, however, your program may have more than just these
two simple outcomes to contend with. For these situations, PHP offers two constructs

Chapter 3:

Controlling Program Flow

that allow the programmer to account for multiple possibilities: the if-elseif-else
statement and the switch-case statement.

The if-elseif-else Statement
The if-elseif-else statement lets you chain together multiple if-else statements,
thus allowing the programmer to define actions for more than just two possible outcomes.
Consider the following example, which illustrates its use:


Here, the program will output a different message for each day of the week (as set
in the $today variable). Notice also the final else branch: this is a “catch-all” branch,
which will be triggered if none of the previous conditional statements evaluate to true, and
it’s a handy way to account for situations that you can’t foresee.
There’s one important thing to remember about the if-elseif-else construct:
as soon as one of the conditional statements evaluates to true, PHP will execute the
corresponding code, skip the remaining conditional tests, and jump straight to the lines
following the entire if-elseif-else block. So, even if more than one of the conditional
tests evaluates to true, PHP will only execute the code corresponding to the first true test.

The switch-case Statement
An alternative to the if-elseif-else statement is the switch-case statement, which
does almost the same thing: it tests a variable against a series of values until it finds a

55

56

PHP: A Beginner’s Guide
match, and then executes the code corresponding to that match. Consider the following
code listing, which is equivalent to the preceding one:


The switch-case construct differs from the if-elseif-else construct in one
important way. Once PHP finds a case statement that evaluates to true, it executes not
only the code corresponding to that case statement, but also the code for all subsequent
case statements. If this is not what you want, add a break statement to the end of each
case block (as is done in the previous listing) to tell PHP to break out of the switchcase statement block once it executes the code corresponding to the first true case.
Notice also the 'default' case: as the name suggests, this specifies the default set
of actions PHP should take if none of the other cases evaluate to true. This default case,
like the else branch of the if-elseif-else block, is very useful as a “catch-all”
handler for unforeseen situations.

Chapter 3:

Try This 3-2

Controlling Program Flow

Assigning Boy Scouts to Tents

Let’s now use the if-elseif-else statement to create a small application for
Scoutmasters everywhere: a Web tool that can automatically assign Scouts to the correct
tent during camping expeditions, on the basis of their age. This application presents Scouts
with a Web form into which they can enter their age; it then assigns them to one of four
tents—Red, Green, Blue, and Black—with other Scouts of approximately the same age.
Here’s the code (tent.php):






Project 3-2: Tent Assignment


Enter your age: 





 9 && $age <= 11) {
echo "You're in the Blue tent.";
} elseif ($age > 11 && $age <= 14) {
echo "You're in the Green tent.";

(continued)

57

58

PHP: A Beginner’s Guide

Figure 3-2

The result page, which assigns the user to a tent
} elseif ($age > 14 && $age <= 17) {
echo "You're in the Black tent.";
} else {
echo "You'd better get in touch with the Scoutmaster.";
}

}
?>



Like the previous project in this chapter, this one too combines the Web form and its
result page into a single script, separated by an if-else conditional statement. Once the
Scout enters his age into the Web form and submits it, an if-elseif-else block takes care
of defining four age ranges (one for each tent), testing the input age against these ranges, and
figuring out which tent is most appropriate for the Scout. The age ranges are: 0–9 (Red tent);
10–11 (Blue tent); 12–14 (Green tent); and 14–17 (Black tent). Scouts over the age of 17 see
a message asking them to contact the Scoutmaster to arrange their accommodation.
Figure 3-2 shows the result page of a form submission.

Combining Conditional Statements
PHP allows one conditional statement to be nested within another, to allow for more
complex decision-making. To illustrate this, consider the following listing:
= 3 get a $5000 bonus
// everyone else gets a $3000 bonus
if ($rating >= 3) {
if ($salary < 15000) {
$bonus = 5000;
}
} else {
if ($salary < 15000) {
$bonus = 3000;
}
}
?>

You can also combine conditional statements by using logical operators, such as the
&& or || operator. You learned about logical operators in the preceding chapter; Table 3-2
quickly recaps the list.
Here’s an example of how these logical operators can be used with a conditional
statement:


Repeating Actions with Loops
Like any good programming language, PHP also supports loops—essentially, the ability to
repeat a series of actions until a prespecified condition is fulfilled. Loops are an important
tool that help in automating repetitive tasks within a program. PHP supports four different
Operator

Description

&&

AND

||

OR

!

NOT

Table 3-2

Common Logical Operators

59

60

PHP: A Beginner’s Guide
types of loops, three of which are discussed in the following section (the fourth type is
explained in the next chapter).

The while Loop
The easiest type of loop to understand is the while loop, which repeats continuously
while a prespecified condition is true. Here’s an example, which uses a loop to repeatedly
print an 'x' to the output page.


Notice the condition enclosed in parentheses; so long as this condition evaluates to
true, the code within the curly braces is executed. As soon as the condition becomes false,
the loop stops repeating, and the lines following the loop are executed in the usual fashion.

The do-while Loop
With a while loop, the condition to be evaluated is tested at the beginning of each loop
iteration. There’s also a variant of this loop, the do-while loop, which evaluates the
condition at the end of each loop iteration. Here’s a revision of the preceding example that
illustrates it in action:


The difference in structure should also be apparent: with a do-while loop, the
condition to be evaluated now appears at the bottom of the loop block, rather than the
beginning.

Chapter 3:

Controlling Program Flow

NOTE
The difference in behavior between a while loop and a do-while loop has one
important implication: with a while loop, if the conditional expression evaluates to
false on the first pass itself, the loop will never be executed. With a do-while loop,
on the other hand, the loop will always be executed once, even if the conditional
expression is false, because the condition is evaluated at the end of the loop iteration
rather than the beginning.

The for Loop
The while and do-while loops are fairly simple: they repeat for so long as the specified
condition remains true. But PHP also supports a more sophisticated type of loop, the for
loop, which is useful when you need to execute a set of statements a specific number of
times.
The best way to understand a for loop is by looking at some code. Here’s a simple
example, which lists the numbers between 1 and 10:


In this listing, the loop begins by initializing the counter variable $x to 1; it then
executes the statements that make up the loop. Once it reaches the end of the first loop
iteration, it updates the loop counter by adding 1 to it, checks the conditional expression to
ensure that the counter hasn’t yet reached 10, and executes the loop once more. This process
continues until the counter reaches 10 and the conditional expression becomes false.
As this listing illustrates, there are thus three expressions involved in the typical for
loop, separated by semicolons and enclosed in parentheses:
●

The first of these is an assignment expression, which initializes the loop counter to a
specific value—in this case, assigning the value 1 to the variable $x.

●

The second is a conditional expression, which must evaluate to either true or false;
the loop will continue to execute so long as this condition remains true. Once the
condition becomes false, the loop will stop executing.

●

The third is again an assignment expression, which is executed at the end of each loop
iteration, and which updates the loop counter with a new value—in this case, adding 1
to the value of $x.

61

62

PHP: A Beginner’s Guide

Figure 3-3

A dynamically generated list

Here’s another example, this one demonstrating how to use a for loop to generate an
ordered HTML list:
";
for ($x=1; $x<7; $x++) {
echo "
Item $x
";
}
echo "";
?>

Figure 3-3 illustrates what the output looks like.

Combining Loops
Just as with conditional statements, it’s also possible to nest one loop inside another.
To illustrate, consider the next example, which nests one for loop inside another to
dynamically generate an HTML table.






";

Chapter 3:

Controlling Program Flow

for ($row=1; $row<4; $row++) {
echo "";
for ($col=1; $col<5; $col++) {
echo "Row $row, Column $col";
}
echo "";
}
echo "";
?>



This script utilizes two for loops. The outer loop is responsible for generating the
table rows, and it runs three times. On each iteration of this outer loop, an inner loop is
also triggered; this loop is responsible for generating the cells within each row, and it runs
four times. The end result is a table with three rows, each containing four cells. Figure 3-4
displays this result.

Interrupting and Skipping Loops
While on the topic of loops, it’s interesting to discuss two PHP statements that allow you
to either interrupt a loop or skip a particular iteration of a loop. PHP’s break statement
is aptly named: it allows you to break out of a loop at any point. To illustrate, consider
the following loop, which would normally iterate five times but stops after the second
iteration due to the break statement:
";
}
?>

Unlike break, continue doesn’t halt processing of the loop; it simply “jumps one”
iteration. To see how this works, consider the following loop, which iterates five times but
skips the third iteration due to the intervention of the continue statement:
";
}
?>

Try This 3-3

Building a Factorial Calculator

A simple real-world application that you can try for yourself to better understand how
loops work, is a factorial calculator. In case you were snoozing in math class the day they
discussed factorials, the factorial of a number n is simply the product of all the numbers
between n and 1. So, for example, the factorial of 4 is 4 *3 * 2 * 1 = 24.
The factorial calculator you’ll build in this section is interactive: it asks the user to
enter a number into a Web form, and it then calculates the factorial of that number. Here’s
the code (factorial.php):





Chapter 3:

Controlling Program Flow



Project 3-3: Factorial Calculator


Enter a number: 





=1; $x--) {
$factorial *= $x;
}
echo "Factorial of $num is: $factorial";
}
?>



Most of the work here is performed by the for loop. This loop’s counter is initialized
to the number entered by the user, and the loop then runs backward, decrementing the loop
counter by 1 on each iteration. Each time the loop runs, the previously calculated product
is multiplied by the current value of the loop counter. The end result is the factorial of the
input number.
Figure 3-5 shows the result after submitting the form.

65

66

PHP: A Beginner’s Guide

Figure 3-5

The output page, which displays the factorial of the number

Working with String and Numeric Functions
In the preceding chapter, you learned a little bit about PHP’s data types, including its
operators for string and number manipulation. But PHP lets you do a lot more than simply
concatenate strings and add values; the language comes with a full-featured library
of built-in functions that let you do everything from reversing and splitting strings to
calculating logarithmic values. This section will introduce you to some of these functions.

Using String Functions
PHP has over 75 built-in string manipulation functions, supporting operations ranging
from string repetition and reversal to comparison and search-and-replace. Table 3-3 lists
some of these functions.

Checking for Empty Strings
The empty() function returns true if a string variable is “empty.” Empty string variables
are those with the values '', 0, '0', or NULL. The empty() function also returns true
when used with a non-existent variable. Here are some examples:


Function

What It Does

empty()

Tests if a string is empty

strlen()

Calculates the number of characters in a string

strrev()

Reverses a string

str_repeat()

Repeats a string

substr()

Retrieves a section of a string

strcmp()

Compares two strings

str_word_count()

Calculates the number of words in a string

str_replace()

Replaces parts of a string

trim()

Removes leading and trailing whitespace from a string

strtolower()

Lowercases a string

strtoupper()

Uppercases a string

ucfirst()

Uppercases the first character of a string

ucwords()

Uppercases the first character of every word of a string

addslashes()

Escapes special characters in a string with backslashes

stripslashes()

Removes backslashes from a string

htmlentities()

Encodes HTML within a string

htmlspecialchars()

Encodes special HTML characters within a string

nl2br()

Replaces line breaks in a string with 
 elements

html_entity_decode()

Decodes HTML entities within a string

htmlspecialchars_decode()

Decodes special HTML characters within a string

strip_tags()

Removes PHP and HTML code from a string

Table 3-3

Common PHP String Functions

67

68

PHP: A Beginner’s Guide

Reversing and Repeating Strings
The strlen() function returns the number of characters in a string. Here’s an example
of it in action:


Reversing a string is as simple as calling the strrev() function, as in the next
listing:


In case you need to repeat a string, PHP offers the str_repeat() function, which
accepts two arguments—the string to be repeated, and the number of times to repeat it.
Here’s an example:


Working with Substrings
PHP also allows you to slice a string into smaller parts with the substr() function,
which accepts three arguments: the original string, the position (offset) at which to start
slicing, and the number of characters to return from the starting position. The following
listing illustrates this in action:


Chapter 3:

Controlling Program Flow

NOTE
When using the substr() function, the first character of the string is treated as offset 0,
the second character as offset 1, and so on.

To extract a substring from the end of a string (rather than the beginning), pass
substr() a negative offset, as in this revision of the preceding example:


Ask the Expert
Q:

Can I retrieve a single character of a string? How?

A:

There are two ways to retrieve a single character of a string. The longer way involves
using the substr() function, as in the next listing:


The substr() function accepts three arguments: the original string, the offset
at which substring extraction should begin, and the number of characters to extract
starting from the specified offset. Note that offset counting begins at 0, not 1.
However, PHP also supports a shortcut syntax to accomplish the same thing. This
consists of specifying the offset of the character to be retrieved within curly braces,
after the variable name. The following listing illustrates:


69

70

PHP: A Beginner’s Guide

Comparing, Counting, and Replacing Strings
If you need to compare two strings, the strcmp() function performs a case-sensitive
comparison of two strings, returning a negative value if the first is “less” than the second,
a positive value if it’s the other way around, and zero if both strings are “equal.” Here are
some examples of how this works:


PHP’s str_word_count() function provides an easy way to count the number of
words in a string. The following listing illustrates its use:


If you need to perform substitution within a string, PHP also has the str_replace()
function, designed specifically to perform find-and-replace operations. This function
accepts three arguments: the search term, the replacement term, and the string in which to
perform the replacement. Here’s an example:


Formatting Strings
PHP’s trim() function can be used to remove leading or trailing whitespace from a string;
this is quite useful when processing data entered into a Web form. Here’s an example:

Chapter 3:

Controlling Program Flow



Changing the case of a string is as simple as calling the strtolower() or
strtoupper() function, as illustrated in the next listing:


You can also uppercase the first character of a string with the ucfirst() function,
or format a string in “word case” with the ucwords() function. The following listing
demonstrates both these functions:


Working with HTML Strings
PHP also has some functions exclusively for working with HTML strings. First up, the
addslashes() function, which automatically escapes special characters in a string with
backslashes. Here’s an example:


71

72

PHP: A Beginner’s Guide
You can reverse the work done by addslashes() with the aptly named
stripslashes() function, which removes all the backslashes from a string.
Consider the following example, which illustrates:


The htmlentities() and htmlspecialchars() functions automatically convert
special HTML symbols (like < and >) into their corresponding HTML representations (<
and &gt;). Similarly, the nl2br() function automatically replaces newline
characters in a string with the corresponding HTML line break tag 
. Here’s an example:
This is a div
';
echo htmlentities($html);
// replace line breaks with 
s
// output: 'This is a bro

//
ken line'
$lines = 'This is a bro
ken line';
echo nl2br($lines);
?>

You can reverse the effect of the htmlentities() and htmlspecialchars()
functions with the html_entity_decode() and htmlspecialchars_decode()
functions.
Finally, the strip_tags() function searches for all HTML and PHP code within a
string and removes it to generate a “clean” string. Here’s an example:
Please log in again
';
echo strip_tags($html);
?>

Chapter 3:

Controlling Program Flow

Using Numeric Functions
Don’t think that PHP’s power is limited to strings only: the language has over 50 built-in
functions for working with numbers, ranging from simple formatting functions to
functions for arithmetic, logarithmic, and trigonometric manipulations. Table 3-4 lists
some of these functions.

Doing Calculus
A common task when working with numbers involves rounding them up and down. PHP offers
the ceil() and floor() functions for this task, and they’re illustrated in the next listing:


There’s also the abs() function, which returns the absolute value of a number. Here’s
an example:


The pow() function returns the value of a number raised to the power of another:


The log() function calculates the natural or base-10 logarithm of a number, while the
exp() function calculates the exponent of a number. Here’s an example of both in action:


Generating Random Numbers
Generating random numbers with PHP is pretty simple too: the language’s built-in
rand() function automatically generates a random integer greater than 0. You can
constrain it to a specific number range by providing optional limits as arguments. The
following example illustrates:


Converting Between Number Bases
PHP comes with built-in functions for converting between binary, decimal, octal, and
hexadecimal bases. Here’s an example which demonstrates the bindec(), decbin(),
decoct(), dechex(), hexdec(), and octdec() functions in action:


Formatting Numbers
When it comes to formatting numbers, PHP offers the number_format() function, which
accepts four arguments: the number to be formatted, the number of decimal places to
display, the character to use instead of a decimal point, and the character to use to separate
grouped thousands (usually a comma). Consider the following example, which illustrates:


For more control over number formatting, PHP offers the printf() and sprintf()
functions. These functions, though very useful, can be intimidating to new users, and
so the best way to understand them is with an example. Consider the next listing, which
shows them in action:


Both functions accept two arguments, a series of format specifiers and the raw string or
number to be formatted. The input is then formatted according to the format specifiers and
the output either displayed with printf() or assigned to a variable with sprintf().
Some common format specifiers are listed in Table 3-5.
You can also combine these format specifiers with a precision specifier, which
indicates the number of digits to display for floating-point values—for example, %1.2f
implies that the number should be formatted as a floating-point value with two digits
displayed after the decimal point. For smaller numbers, it’s also possible to add a padding
specifier, which tells the function to pad the numbers to a specified length using a custom
character. You can see both these types of specifiers in action in the preceding listing.

Chapter 3:

Specifier

What It Means

%s

String

%d

Decimal number

%x

Hexadecimal number

%o

Octal number

%f

Floating-point number

Table 3-5

Controlling Program Flow

Format Specifiers for the printf() and sprintf() Functions

Try This 3-4

Processing a Member Registration Form

Now that you’ve seen some of PHP’s built-in functions, let’s apply some of what you’ve
learned to a practical application: a membership application form for a sports club. This
form will ask the applicant to enter various bits of personal information; it will then
validate this information and, if acceptable, will formulate and send an e-mail with the
applicant’s information to the club administrator.
Here’s the HTML form (register.html):






Project 3-4: Member Registration

Name: 



Address: 



Age: 



Profession: 



(continued)

77

78

PHP: A Beginner’s Guide

Residential status: 

 Resident
 Non-Resident






This form has five input fields, one each for the applicant’s name, address, age,
profession, and residential status. Figure 3-6 has a picture of what the form looks like.

Figure 3-6

A Web-based application form

Chapter 3:

Controlling Program Flow

NOTE
In order to successfully send mail with PHP using the mail() function, your php.ini
configuration file must include some information about the mail server or mail agent to
be used. Windows users will need to set the 'SMTP' and 'smtp_port' options, while
*NIX users may need to set the 'sendmail_path' option. More information on these
options can be obtained from the PHP manual page at www.php.net/mail.

Once the form is submitted, the data entered into it by the applicant is passed to the
form processing script (register.php) via the POST method. The next listing shows the
contents of this script:






Project 3-4: Member Registration
 60) {
die('ERROR: Membership is only open to those between 18 and 60 years.');
}
// check profession
if (empty($profession)) {
die('ERROR: Please provide your profession.');
}

(continued)

79

80

PHP: A Beginner’s Guide
// check residential status
if (strcmp($resident, 'no') == 0) {
die('ERROR: Membership is only open to residents.');
}
// if we get this far
// all the input has passed validation
// formulate and send e-mail message
$to = 'registration@some.domain.com';
$from = 'webmaster@some.domain.com';
$subject = 'Application for membership';
$body = "Name: $name\r\nAddress: $address\r\n
Age: $age\r\nProfession: $profession\r\n
Residential status: $resident\r\n";
if(mail($to, $subject, $body, "From: $from")) {
echo 'Thank you for your application.';
} else {
die('ERROR: Mail delivery error');
}
?>



NOTE
Remember to alter the value of the $to variable in the register.php script, to reflect your
e-mail address.

This script begins by retrieving the values submitted by the user from $_POST and
assigning these values to regular PHP variables. Next, the empty() function is used
to test whether they are empty; those which are, generate an error message and cause
the script to terminate immediately. Two extra conditional tests are also present in this
section: the first for the applicant’s age, to filter out applicants younger than 18 or older
than 60; and the second for the applicant’s residential status, to filter out non-residents.
Assuming all the checks are successful, the script proceeds to create an e-mail
message, setting variables for the sender, recipient, message subject, and message body.
These variables are then passed to PHP’s mail() function, which actually does the hard
work of sending the e-mail message. If message transmission is successful, a success
notification appears; if not, an error message is generated.
The mail() function is new to you and so deserves a more detailed examination. The
mail() function is a built-in PHP function to send an e-mail message, and it accepts four
parameters: the recipient e-mail address, the message subject, the message body, and a list
of additional message headers (of which the 'From' header is mandatory). It uses these

Chapter 3:

Controlling Program Flow

parameters to construct an e-mail message, connect to the specified mail server, and hand
the message over to delivery. If handover is successful, mail() returns true; otherwise, it
returns false.

CAUTION
It’s important to understand what the return value of the mail() function means. If the
mail() function returns true, it merely means is that the message was successfully handed
over to the mail server for delivery. It does not mean that the message was subsequently
successfully transmitted to, or received by, the intended recipient (because PHP has no
way of tracking the message once it’s been handed over to the mail server). Failing to
understand this distinction is a common error made by programmers new to PHP.

Also new in this script is the die() function: this function provides a convenient way
to immediately terminate script processing, usually if an error occurs. You can also pass
an optional message to die(); this message will be output by PHP at the point of script
termination and thus serves as a useful explanation to the user about what went wrong.

Ask the Expert
Q:

Can I add a custom header to e-mail messages sent through PHP?

A:

Yes. The fourth argument to the mail() function is a string containing your custom
header, in header:value format. If you have more than one custom header to add,
separate the headers with \r\n. The following example illustrates:


81

82

PHP: A Beginner’s Guide

Summary
The goal of this chapter was to move you along the learning curve, from building simple,
linear programs to creating more sophisticated PHP applications. It began by explaining
how you can add intelligence to your PHP scripts through the use of conditional tests, and
offered usage examples for PHP’s if, if-else, if-elseif-else, and switch-case
statements. It then proceeded to a discussion of PHP’s loop constructs, showing you how
easy it is to automate repetitive actions with PHP and introducing you to three common
loop types: the while, do-while, and for loops.
The latter half of the chapter took you on a whirlwind tour of PHP’s built-in
string and numeric functions, using commented examples to explain how to perform
tasks ranging from simple string comparison and extraction to more complex number
conversion and formatting. And as if all that wasn’t enough, this chapter helped you
work your way through four projects, each designed to demonstrate practical usage
of the concepts taught. Conditional statements, loops, and built-in functions all got a
workout in these projects, which ranged the gamut from a simple odd/even number
tester to a full-fledged Web application form that included input validation and e-mail
message transmission functions.
At the close of this chapter, you now know enough about PHP’s basic grammar and
syntax to begin writing your own, reasonably complex PHP scripts. The next chapter will
help expand your bag of PHP tricks, by introducing you to a new type of PHP variable
and also giving you some insight into PHP’s date and time manipulation functions. Until
then, though, spend some time looking at the links that follow, which offer more detailed
information on the topics discussed in this chapter:
●

Conditional statements and loops, at
www.php.net/manual/en/language.control-structures.php

●

A discussion of PHP string functions, at www.php.net/manual/en/ref.strings.php
and www.melonfire.com/community/columns/trog/article.php?id=88

●

PHP math functions, at www.php.net/manual/en/ref.math.php

●

Sending e-mail with PHP, at www.php.net/manual/en/ref.mail.php

●

PHP’s ternary operator, at www.php.net/manual/en/language.operators.php

Chapter 3:

✓

Controlling Program Flow

Chapter 3 Self Test
1. What is the difference between an if-else statement and an if-elseif-else

statement?
2. Write a conditional statement that checks the value of $city and displays a message if

it is equal to 'Minneapolis'.
3. Explain the difference between a while loop and a do-while loop. Illustrate your

answer with an example.
4. Using a while loop, write a program that prints a multiplication table for the

number 8.
5. Rewrite the program from Question 4 using a for loop.
6. Name the functions you would use to
A Decode HTML entities
B Uppercase a string
C Round a number down
D Remove whitespace from a string
E Generate a random number
F Reverse a string
G Count words in a string
H Count characters in a string
I Terminate script processing with a custom message
J Compare two strings
K Calculate the exponent of a number
L Convert a decimal number to a hexadecimal value
7. What will be the output of the following line of PHP code:


8. Given the string 'Mark had a nice day', create the new string 'Mark had

icecream'.

83

This page intentionally left blank

Chapter

4

Working with Arrays

85
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

86

PHP: A Beginner’s Guide

Key Skills & Concepts
●

Understand the different array types supported by PHP

●

Process array contents with the foreach loop

●

Use arrays with Web forms

●

Sort, merge, add, modify, and split arrays using PHP’s built-in functions

●

Work with dates and times

B

y now, PHP’s simple data types should be old hat to you—you’ve spent the last few
chapters using them, in different permutations and combinations, to create applications
of varying complexity and usefulness. But there’s a lot more to PHP’s data types than
strings, numbers, and Booleans; PHP also supports arrays, which let you group and
manipulate more than one value at a time.
In this chapter, you’ll learn all about arrays: how to create them, how to add and edit
them, and how to manipulate the values they hold. You’ll also learn about a new loop type
designed specifically for use with arrays, get a crash course in some of PHP’s built-in
array functions, and apply your learning to some practical projects.

Storing Data in Arrays
So far, all the variables you’ve used have held only a single value. Array variables
are “special,” because they can hold more than one value at a time. This makes them
particularly useful for storing related values—for example, a set of fruit names, as in this
example:


Once you’ve got an array like this one, a natural question arises: how do you retrieve a
particular value? It’s quite simple: use index numbers to access the various values stored
inside it, with zero representing the first value. Thus, to access the value 'apple' from

Chapter 4:

Working with Arrays

the preceding array, you’d use the notation $fruits[0], while the value 'grape' can
be retrieved using the notation $fruits[3].
PHP also supports a slightly different type of array, in which index numbers are
replaced with user-defined strings, or “keys.” Here’s a revised version of the preceding
example, which uses keys instead of index numbers:
 'apple',
'b' => 'banana',
'p' => 'pineapple',
'g' => 'grape'
);
?>

This type of array is known as an associative array. The keys of the array must be
unique; each key references a single value, and the key-value relationship is expressed
through the => symbol. To access the value 'apple' from the array, you’d use the
notation $fruits['a'], while the value 'banana' can be retrieved using the notation
$fruits['b'].

Assigning Array Values
PHP’s rules for naming array variables are the same as those for regular variables:
variable names must be preceded with a dollar ($) symbol and must begin with a letter
or underscore character, optionally followed by more letters, numbers, or underscore
characters. Punctuation characters and spaces are not allowed within array variable names.
Once you’ve decided a name for your array, there are two ways of assigning values
to it. The first is the method you saw in the preceding section, where the values are all
assigned at once, separated with commas. This method creates a standard, numberindexed array. Here’s an example:


87

88

PHP: A Beginner’s Guide
The second way to create such an array is to set values individually using index notation.
Here’s an example, which is equivalent to the preceding one:


Ask the Expert
Q:

In all these examples, you’ve explicitly specified the array index for each assignment
statement. What if I don’t know what the correct index is? Can I make PHP
automatically assign the next available array index to my value?

A:

To automatically assign the next available index to an array value, omit the index number
in your array assignment statement, as you see here:


You can also use both these techniques with associative arrays. To assign all the values
of such an array in a single statement, set a key for each value and link the two using
the => connector, remembering to separate each key-value pair with commas. Here’s an
example:
 'john',
'password' => 'secret',
'host' => '192.168.0.1'
);
?>

Chapter 4:

Working with Arrays

You can also assign values to keys one by one, as in this next example:


To access a value from an array in a script, simply use the array name and index/key
in an expression and PHP will replace it with its value when the script is executed, as with
any normal variable. Here’s a simple example that illustrates how this works:
 'john',
'password' => 'secret',
'host' => '192.168.0.1'
);
// use array value
echo 'The password is: ' . $data['password'];
?>

NOTE
Do you remember the special container variables named $_GET and $_POST that you
first encountered in Chapter 2? Well, they’re arrays too! When a form is submitted,
each element of the form is automatically converted by PHP into a member of either the
$_POST or $_GET array (depending on the method of submission).

Modifying Array Values
Modifying an array value is as simple as modifying any other variable value: simply
assign a new value to the element using either its index or its key. Consider the following
example, which modifies the second element of the $meats array to hold the value
'turkey' instead of 'ham':


To remove an element from an array, use the unset() function on the corresponding
key or index:


Ask the Expert
Q:

If I remove an element from the middle of an array, what happens to the values on
either side?

A:

If you remove an element from an array with unset(), PHP will set that array element to
NULL but will not automatically re-index the array. If the array is a numerically indexed
array, you can re-index it to remove these “holes” in the indexing sequence, by passing the
array through PHP’s array_multisort() function.

You can also remove an element from an array using the array_pop() or array_
push() function; these functions are discussed a little further along in this chapter.

Retrieving Array Size
An important task when using arrays, especially in combination with loops, is finding out
how many values the array contains. This is easily accomplished with PHP’s count()
function, which accepts the array variable as a parameter and returns an integer value
indicating how many elements it contains. Here’s an example:


TIP
Instead of the count() function, you can also use the sizeof() function, which
does the same thing.

Ask the Expert
Q:
A:

Is there an upper limit on how many elements a PHP array can hold?
No. The number of elements in an array is limited only by available memory, as defined in
the 'memory_limit' configuration variable in PHP’s configuration file.

Nesting Arrays
PHP also allows you to combine arrays, by placing one inside another to an unlimited
depth. This can come in handy when dealing with structured, hierarchically arranged
information. To illustrate, consider the following example:
 'Raymond Rabbit',
'tel' => '1234567',
'email' => 'ray@bunnyplanet.in',
),
array(
'name' => 'David Duck',
'tel' => '8562904',
'email' => 'dduck@duckpond.corp',
),
array(
'name' => 'Harold Horse',
'tel' => '5942033',
'email' => 'kingharold@farmersmarket.horsestuff.com',
)
);
?>

91

92

PHP: A Beginner’s Guide
In this example, $phonebook is an array nested two levels deep. The first level is
numerically indexed, with each element representing an entry from a phone book. Each of
these elements is itself an associative array, holding specific information on the attributes
of the corresponding phone book entry, such as the contact’s name, phone number, and
e-mail address.
To access a value a few levels deep in a nested array, use the correct hierarchical
sequence of indices/keys to get to the value. Here’s an example, which returns the phone
number of the contact 'David Duck':
 'Raymond Rabbit',
'tel' => '1234567',
'email' => 'ray@bunnyplanet.in',
),
array(
'name' => 'David Duck',
'tel' => '8562904',
'email' => 'dduck@duckpond.corp',
),
array(
'name' => 'Harold Horse',
'tel' => '5942033',
'email' => 'kingharold@farmersmarket.horsestuff.com',
)
);
// access nested value
echo "David Duck's number is: " . $phonebook[1]['tel'];
?>

TIP
Want to look inside an array and see what it contains? The var_dump() and
print_r() functions discussed in Chapter 2 work just as well on arrays as on other
variables. Try them out for yourself and see!

Processing Arrays with Loops and Iterators
Often, your PHP program will need to work its way through an array, performing an
operation or calculation on each value it finds. The best way to do this is with a loop,

Chapter 4:

Working with Arrays

which you learned about in the preceding chapter. Consider the following example, which
sets up an array and then iterates over it using a for loop:


In this listing, a for loop iterates over the $cities array, printing each value found. The
loop runs as many times as there are elements in the array; this information is quickly
ascertained by a call to the count() function.

The foreach Loop
You might remember that the preceding chapter’s discussion of loops was left unfinished,
with one loop type still left to be explained. That loop, the foreach loop, was first
introduced in PHP 4.0 and is the simplest way of iterating over arrays—not surprising, as
that’s what it was specifically designed for!
With a foreach loop, each time the loop runs, the current array element is assigned to
a temporary variable, which can then be processed in any way you please—printed, copied
to another variable, used in a calculation, and so on. Unlike a for loop, a foreach loop
doesn’t use a counter; it automatically “knows” where it is in the array, and it moves forward
continuously until it reaches the end of the array, at which point it automatically halts.
The best way to understand this marvel of automation is with an example. The next
listing shows it in action, rewriting the preceding listing to use a foreach loop instead of
a for loop:


93

94

PHP: A Beginner’s Guide
The foreach loop also works with associative arrays, except that for such arrays, it
uses two temporary variables (one each for the key and value). The next listing illustrates
the difference:
 "London",
"United States" => "Washington",
"France" => "Paris",
"India" => "Delhi"
);
// iterate over array
// print each value
foreach ($cities as $key => $value) {
echo "$value is in $key. \r\n";
}
?>

The Array Iterator
Alternatively, you may prefer to use an ArrayIterator (new in PHP 5.0), which provides a
ready-made, extensible tool to loop over array elements. Here’s a simple example:
 "London",
"United States" => "Washington",
"France" => "Paris",
"India" => "Delhi"
);
// create an ArrayIterator object
$iterator = new ArrayIterator($cities);
// rewind to beginning of array
$iterator->rewind();
// iterate over array
// print each value
while($iterator->valid()) {
print $iterator->current() . " is in " . $iterator->key() . ". \r\n";
$iterator->next();
}
?>

In this listing, an ArrayIterator object is initialized with an array variable, and the
object’s rewind() method is used to reset the internal array pointer to the first element

Chapter 4:

Working with Arrays

of the array. A while loop, which runs so long as a valid() element exists, can then be
used to iterate over the array. Individual array keys are retrieved with the key() method,
and their corresponding values are retrieved with the current() method. The next()
method moves the internal array pointer forward to the next array element.

NOTE
Don’t worry if the syntax used by the ArrayIterator object isn’t completely clear to you.
Objects are dealt with in some depth in Chapter 5, and the preceding listing will make
more sense once you’ve worked your way through that chapter.

Try This 4-1

Averaging the Grades of a Class

Now that you’ve understood the basics of working with arrays, let’s try a small application
that demonstrates their practical utility. In this section, you’ll write a small script that
accepts an array of values, representing the numerical grades of individual students in
a class, and then calculates various summary statistics, including the average and the
number of students in the top and bottom 20 percent of the class.
Here’s the code (grades.php):






Project 4-1: Grade Averaging
= 80) {
$top++;
}
}
// calculate average
$avg = round($total / $count);
// print statistics
echo "Class average: $avg 
";
echo "Number of students in bottom 20%: $bottom 
";
echo "Number of students in top 20%: $top 
";
?>



This script begins by defining an array, which holds the grades received by each
student in the class. A foreach loop then iterates over the array, generating a cumulative
total; this total is then divided by the number of students, retrieved via the count()
function, to calculate the class average.
Since the grades range between 1 and 100, it’s also not difficult to calculate the
number of students in the top and bottom 20 percent of the class. Within the foreach
loop, each value is checked to see if it is less than 20 or greater than 80, and the
corresponding counter is incremented accordingly. The summary data thus collected is
then printed to the Web page, as shown in Figure 4-1.

Figure 4-1

The summary statistics generated by the grade averaging program

Chapter 4:

Working with Arrays

Using Arrays with Forms
Arrays are particularly potent when used in combination with form elements that support
more than one value, such as multiple-selection list boxes or grouped checkboxes. To
capture a user’s input in an array, simply add square braces to the form element’s 'name'
to automatically convert it into a PHP array when the form is submitted.
The easiest way to illustrate this is with an example. Consider the following form,
which holds a multiple-selection list of popular music artists:

Select your favourite artists: 


Britney Spears
Aerosmith
Black-Eyed Peas
Diana Ross
Foo Fighters





Notice the 'name' attribute of the  element, which is named artists[].
This tells PHP that, when the form is submitted, all the selected values from the list should be
converted into elements of an array. The name of the array will be $_POST['artists'],
and it will look something like this:
Array
(
[0] => Britney Spears
[1] => Black-Eyed Peas
[2] => Diana Ross
)

Try This 4-2

Selecting Pizza Toppings

A practical application will make it easier to understand how PHP interacts with array
variables and forms. This next application presents the user with a form containing various
pizza toppings and asks the user to select, via checkbox, his or her favorite toppings.
Here’s the form (pizza.html):


(continued)

97

98

PHP: A Beginner’s Guide





Project 4-2: Pizza Topping Selector

Select your favourite pizza toppings: 

Tomato
Onion
Jalapeno
peppers
Olives
Mint
Pineapple
Bacon
Chicken
Ham
Anchovies
Extra cheese






Figure 4-2 illustrates what the form looks like.
And here’s the code for the form submission script (pizza.php):






Project 4-2: Pizza Topping Selector
You selected the following toppings: 


$t \r\n";
}
?>




Chapter 4:

Figure 4-2

Working with Arrays

A Web form to select pizza toppings

When the Web form is submitted, PHP automatically places all the checked values
into the $_POST['toppings'] array. This array can then be processed like any other
array—in this case, with a foreach loop that prints the selected toppings in an ordered
list. Figure 4-3 illustrates this output.

Figure 4-3

The result of submitting the form

99

100

PHP: A Beginner’s Guide

Working with Array Functions
PHP has numerous built-in array manipulation functions, supporting operations ranging
from array search and comparison to sorting and conversion operations. Table 4-1 lists
some of these functions.

Converting Between Strings and Arrays
PHP lets you convert a string into an array, by splitting the string on a user-defined separator
and assigning the resulting segments to an array. The PHP function to accomplish this task is
Function

What It Does

explode()

Splits a string into array elements

implode()

Joins array elements into a string

range()

Generates a number range as an array

min()

Finds the smallest value in an array

max()

Finds the largest value in an array

shuffle()

Randomly rearranges the sequence of elements in an array

array_slice()

Extracts a segment of an array

array_shift()

Removes an element from the beginning of an array

array_unshift()

Adds an element to the beginning of an array

array_pop()

Removes an element from the end of an array

array_push()

Adds an element to the end of an array

array_unique()

Removes duplicate elements from an array

array_reverse()

Reverses the sequence of elements in an array

array_merge()

Combines two or more arrays

array_intersect()

Calculates the common elements between two or more arrays

array_diff()

Calculates the difference between two arrays

in_array()

Checks if a particular value exists in an array

array_key_exists()

Checks if a particular key exists in an array

sort()

Sorts an array

asort()

Sorts an associative array by value

ksort()

Sorts an associative array by key

rsort()

Reverse-sorts an array

krsort()

Reverse-sorts an associative array by value

arsort()

Reverse-sorts an associative array by key

Table 4-1

Common PHP Array Functions

Chapter 4:

Working with Arrays

the aptly named explode() function, which accepts two arguments—the separator and the
source string—and returns an array. Here’s an example:


It’s also possible to reverse the process, joining the elements of an array into a single
string using user-supplied “glue.” The PHP function for this is named implode(), and
it’s illustrated in the next listing:


Working with Number Ranges
If you’re trying to fill an array with a range of numbers, the range() function offers a
convenient alternative to manually entering each value. This function accepts two end
points and returns an array containing all the numbers between those end points. Here’s an
example, which generates an array containing all the values between 1 and 1000:


Alternatively, if you already have an array of numbers and are trying to calculate the
minimum or maximum of the series, PHP’s min() and max() functions will come in

101

102

PHP: A Beginner’s Guide
handy—they accept an array of numbers and return the smallest and largest values in the
array respectively. The next listing has an example:


Extracting Array Segments
PHP allows you to slice an array into smaller parts with the array_slice() function,
which accepts three arguments: the original array, the index position (offset) at which to
start slicing, and the number of elements to return from the starting offset. The following
listing illustrates this in action:


To extract a segment from the end of an array (rather than the beginning), pass
array_slice() a negative offset, as in this revision of the preceding example:


Chapter 4:

Working with Arrays

Adding and Removing Array Elements
PHP comes with four functions that allow you to add or remove elements from the
beginning or end of an array: the array_unshift() function adds an element to the
beginning of an array; the array_shift() function removes the first element of an
array; the array_push() function adds an element to the end of an array; and the
array_pop() function removes the last element of an array. The following listing
illustrates them all in action:


NOTE
The array_unshift(), array_shift(), array_push(), and array_pop()
functions should be used only with numerically indexed arrays and not with associative
arrays. Each of these functions automatically re-indexes the array to account for the
value(s) added or removed during its operation.

Removing Duplicate Array Elements
PHP lets you strip an array of duplicate values with its array_unique() function, which
accepts an array and returns a new array containing only unique values. The next listing
illustrates it in action:


Randomizing and Reversing Arrays
PHP’s shuffle() function re-arranges the elements of an array in random order, while
its array_reverse() function reverses the order of an array’s elements. The following
listing illustrates:


Searching Arrays
The in_array() function looks through an array for a specified value and returns
true if found. Here’s an example, which searches the array $cities for the string
'Barcelona':


If, instead of values, you’d like to search the keys of an associative array, PHP has you
covered there too: the array_key_exists() function looks for a match to the specified
search term among an array’s keys. The following listing illustrates:

Chapter 4:

Working with Arrays

 "London",
"United States" => "Washington",
"France" => "Paris",
"India" => "Delhi"
);
// search array for key
echo array_key_exists('India', $cities);
?>

Sorting Arrays
PHP comes with a number of built-in functions designed for sorting array elements in
different ways. The first of these is the sort() function, which lets you sort numerically
indexed arrays alphabetically or numerically, from lowest to highest value. Here’s an
example:


If you’re sorting an associative array, though, it’s better to use the asort() function,
which maintains the correlation between keys and values while sorting. The following
listing illustrates this:
 "Susan",
"lname" => "Doe",
"sex" => "female",
"sector" => "Asset Management"
);
// sort by value
// output: ('sector' => 'Asset Management',
// 'lname' => 'Doe',

105

106

PHP: A Beginner’s Guide
// 'fname' => 'Susan',
// 'sex' => 'female')
asort($profile);
print_r($profile);
?>

Also related to associative arrays is the ksort() function, which uses keys instead of
values when performing the sorting. Here’s an example:
 "Susan",
"lname" => "Doe",
"sex" => "female",
"sector" => "Asset Management"
);
// sort by key
// output: ('fname' => 'Susan',
// 'lname' => 'Doe',
// 'sector' => 'Asset Management',
// 'sex' => 'female')
ksort($profile);
print_r($profile);
?>

TIP
To reverse the sorted sequence generated by sort(), asort(), and ksort(), use the
rsort(), arsort(), and krsort() functions respectively.

Merging Arrays
PHP lets you merge one array into another with its array_merge() function, which
accepts one or more array variables. The following listing and output illustrates its use:


Chapter 4:

Working with Arrays

Comparing Arrays
PHP provides two functions to compare arrays: the array_intersect() function
returns the values common to two arrays, while the array_diff() function returns
the values from the first array that don’t exist in the second. Here’s an example, which
illustrates both these functions in action:


TIP
You can also compare arrays with PHP’s equality (==) operator, in much the same way
as you would compare other variables.

Try This 4-3

Checking Prime Numbers

Now that you’ve seen the many ways PHP lets you work with arrays, let’s try a small
practical example that illustrates some of these built-in functions in action. This
application asks the user to enter a series of numbers into a form, and returns a message
indicating which of them are prime numbers.
Here’s the code (primes.php):






Project 4-3: Prime Number Tester

(continued)

107

108

PHP: A Beginner’s Guide


Enter a list of numbers, separated by commas: 





 0) {
$primes = array_unique($primes);
sort($primes);
echo 'The following numbers are prime: ' . implode($primes, ' ');
} else {
echo 'No prime numbers found';
}
}
?>



Using a technique that should now be familiar to you, this application also combines
the Web form and its result page into a single script, separated by an if-else conditional
statement. The Web form allows the user to enter a series of numbers, separated by
commas. Figure 4-4 illustrates what the form looks like.
Once a user enters some numbers into the Web form and submits it, the second half
of the script is triggered. It should be clear that this part of the script uses many of the
array functions discussed in the preceding section. First, the explode() function takes
care of extracting the individual numbers from the user’s submission into an array, using

Figure 4-4

A Web form to enter numbers

(continued)

109

110

PHP: A Beginner’s Guide

Figure 4-5

The result of the form submission, displaying the prime numbers found

the comma as separator. Next, a foreach loop iterates over the array, first calculating
the absolute value of each number and then dividing that number by all other numbers
between itself and 2 to determine whether or not it is prime.
Assuming the number is not perfectly divisible by at least one other number, the
number is considered prime, and the array_push() function is used to add it to a new
array named $primes. Once all the numbers submitted by the user are processed in this
manner, the count() function is used to check if any primes were found; if yes, the
$primes array is checked for duplicate values, sorted from lowest to highest value, and
sent to the page as output.
Figure 4-5 shows the output after submitting the sequence.

Working with Dates and Times
In addition to allowing you to store multiple values in an array, PHP also comes with a
full-featured set of functions for working with dates and times. Although the language
does not have a dedicated data type for date and time values, it nevertheless allows
programmers a great deal of flexibility when creating, formatting, and manipulating
such values.

Chapter 4:

Working with Arrays

Ask the Expert
Q:
A:

What’s a UNIX timestamp?
Very simply, a UNIX timestamp for a particular time point represents the number of
seconds that have elapsed between midnight on January 1, 1970, and that time point. So,
for example, the time point January 5 2008 10:15:00 AM in UNIX timestamp format
would be 1199508300.
PHP can automatically turn a date value into a UNIX timestamp with its mktime()
function, which accepts day, month, year, hour, minute, and second arguments and
returns a UNIX timestamp corresponding to that instant in time.

Generating Dates and Times
Like many other programming languages, PHP represents date/time values in UNIX
timestamp format. Generating a timestamp is usually accomplished with the mktime()
function, which accepts a series of date and time parameters and converts them into
a timestamp. To illustrate, consider the following example, which returns a UNIX
timestamp corresponding to January 5 2008 10:15:00 AM:


Calling mktime() without any arguments returns the UNIX timestamp corresponding
to the present time:


Another way to get the current date and time is with PHP’s getdate() function,
which returns an associative array containing information about the current date and time.
Here’s an example of what this array looks like:
Array
(
[seconds] => 33
[minutes] => 27

111

112

PHP: A Beginner’s Guide
[hours] => 19
[mday] => 12
[wday] => 1
[mon] => 11
[year] => 2007
[yday] => 315
[weekday] => Monday
[month] => November
[0] => 1194875853
)

And here’s an example of this function in action:


TIP
Notice that the array returned by getdate() includes a UNIX timestamp representation
of the date, at index position 0.

Formatting Dates and Times
In most cases, generating a timestamp is only half the battle: you also need to find a
way to display it in human-readable form. That’s where PHP’s date() function comes
in: it allows you to massage that long, ugly timestamp into something that’s much more
informative. This function accepts two arguments: a formatting string and a timestamp.
The formatting string is a sequence of characters, each of which has a special meaning;
Table 4-2 has a list of the most commonly used ones.
Using the special characters from Table 4-2, it’s possible to format a UNIX timestamp
with date() to customize the display of a date/time value. Here are some examples:


Useful Date and Time Functions
PHP also supports many other date/time manipulation functions, which allow you to check
if a date is valid or convert between time zones. Table 4-3 lists some of these functions.

Function

What It Does

checkdate()

Checks a date for validity

strtotime()

Creates timestamps from English-language descriptions

gmdate()

Expresses a timestamp in GMT

Table 4-3

Common PHP Date Functions

113

114

PHP: A Beginner’s Guide

Checking Date Validity
A useful built-in function is the checkdate() function, which accepts a month, day,
and year combination and returns a true/false value indicating whether the corresponding
date is valid. Consider the following example, which illustrates it by testing the date
30 February 2008:


Converting Strings to Timestamps
Another very useful function is PHP’s strtotime() function, which accepts a string
value containing an embedded date or time and converts this into a UNIX timestamp.
Here’s an example:


Interestingly, strtotime() also recognizes common time descriptions such as
"now", "3 hours ago", "tomorrow", or "next Friday". The following listing
illustrates this very useful feature:


Mapping Day and Month Numbers to Names
The date() function discussed in the preceding section isn’t useful only for formatting
timestamps into readable date strings; it can also be used to find the weekday name
corresponding to a particular date. To do this, simply use the 'D' format character with
your timestamp . . . as in the following example, which displays the day that Oct 5 2008
falls on:


You can also do this for month names, by using the date() function’s 'F' parameter:


Calculating GMT Time
PHP’s gmdate() function works exactly like its date() function, except that it returns
GMT representations of formatted date strings, instead of local time representations. To
see this in action, consider the following examples, which return GMT equivalents for two
local times:


115

116

PHP: A Beginner’s Guide

Try This 4-4

Building an Age Calculator

Now that you know a little bit about how PHP deals with dates and times, let’s put all this
learning to good use with a practical project: a Web application that lets you enter your
date of birth and calculates how old you are today, in years and months.
Here’s the code (agecalc.php):






Project 4-4: Age Calculator


Enter your date of birth, in mm/dd/yyyy format: 





= $now) {
die('ERROR: Please enter a date of birth earlier than today');
}
// calculate difference between date of birth and today in days
// convert to years
// convert remaining days to months
// print output
$ageDays = floor(($now - $dateTs) / 86400);
$ageYears = floor($ageDays / 365);
$ageMonths = floor(($ageDays - ($ageYears * 365)) / 30);
echo "You are approximately $ageYears years and $ageMonths months old.";
}
?>



Once a user submits his or her date of birth into the Web form (Figure 4-6) in
MM/DD/YYYY format, the second half of the script is triggered. The first bit of this section
of the program is concerned mostly with error checks. First, the date entered into the form
is split into its constituent values of month, day, and year, and the checkdate() function
is used to verify whether or not it is valid. Following this, the strtotime() function is
used to convert the entered date into a UNIX timestamp; this is then compared with “today”
to verify that the date entered is in the past.

Figure 4-6

A Web form for the user to enter his or her date of birth

(continued)

117

118

PHP: A Beginner’s Guide

Figure 4-7

The result of the form submission, showing the calculated age

Assuming the date entered into the form passes these error checks, the script proceeds
to the calculation stage. First, “today’s” timestamp is subtracted from the birth timestamp;
as both timestamps are expressed in seconds, the result of this calculation returns the
user’s age, in seconds. This value is then divided by 86400—the number of seconds
in a day—to return the user’s age in days. Dividing the number of days by 365 returns
the user’s age in years. Finally, the fractional part of the age (months) is calculated by
dividing the remaining days by 30.
Figure 4-7 shows the output after a form submission.

Summary
This chapter introduced you to a new type of PHP variable, the array, which allows you to
group multiple related values together and operate on them as a single entity. In addition
to showing you how to create, edit, and process arrays, it also demonstrated some of
PHP’s array manipulation functions, showed you how you can use arrays in the context
of Web forms, and put arrays to practical use through three simple applications. Finally, it
explained how to work with temporal data in PHP, illustrating the most commonly used
date and time functions and using them to build a simple age calculator.

Chapter 4:

Working with Arrays

Arrays are an important addition to your PHP toolkit, and as your scripts become more
sophisticated, you’ll begin to appreciate how powerful and flexible they really are. To find
out more about them, consider visiting the following links:

✓

●

Arrays, at www.php.net/manual/en/language.types.array.php

●

Array operators, at www.php.net/manual/en/language.operators.array.php

●

Array manipulation functions, at www.php.net/manual/en/ref.array.php

●

The special $_POST and $_GET arrays, at
www.php.net/manual/en/reserved.variables.php#reserved.variables.get

●

Date and time functions, at www.php.net/manual/en/ref.datetime.php

Chapter 4 Self Test
1. What are the two types of PHP arrays, and how do they differ?
2. Name the functions you would use to
A Remove duplicate elements from an array
B Add an element to the beginning of an array
C Sort an array in reverse
D Count the number of elements in an array
E Search for a value in an array
F Display the contents of an array
G Shuffle the contents of an array
H Combine two arrays into one
I Find the common elements between two arrays
J Convert a string to an array
K Extract a segment of an array
3. What will be the output of the following line of PHP code:


119

120

PHP: A Beginner’s Guide
4. Using only an array and a foreach loop, write a program that prints the days of

the week.
5. Write a program that reads an array of numbers and returns a list of all those numbers

less than 15.
6. Write a program that reads an array and returns a message indicating whether the array

contains only unique values.

Chapter

5

Using Functions
and Classes

121
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

122

PHP: A Beginner’s Guide

Key Skills & Concepts
●

Learn the benefits of encapsulating code into functions and classes

●

Define and use your own functions, arguments, and return values

●

Understand local and global variables

●

Learn about recursion and variable-length argument lists

●

Define and use your own classes, methods, and properties

●

Understand OOP concepts of visibility, extensibility, and reflection

A

s your PHP programs get more complex, you might find yourself repeatedly writing
code to perform the same task—for example, testing a number for prime-ness or
checking a form field to see if it’s empty or not. In these situations, it usually makes
sense to turn this code into a reusable component, which can be managed independently
and “called upon” as needed from different PHP programs. Not only does this reduce the
amount of duplicate code you have to write, but it also makes your scripts leaner, more
efficient, and easier to maintain.
PHP offers two constructs to help you reduce code duplication in your programs:
user-defined functions are reusable code segments that are created by the programmer to
perform specific tasks, while classes provide a more formal, object-oriented approach to
reusability and encapsulation. This chapter will introduce you to both these constructs,
using practical examples to illustrate their real-world utility.

Creating User-Defined Functions
In previous chapters, you’ve been introduced to many of PHP built-in functions for string,
number, and array manipulation. However, PHP doesn’t only restrict you to its built-in
functions; it also lets you define your own. These user-defined functions are a neat way for
you to create independent, reusable code “packages” that perform specific tasks and can
be maintained independently of the main program.

Chapter 5:

Using Functions and Classes

Packaging your code into functions has four important advantages:
●

It reduces duplication within a program, by allowing you to extract commonly used
routines into a single component. This has the added benefit of making programs
smaller, more efficient, and easier to read.

●

A function is created once but used many times, often from more than one program.
If the function code changes, the changes are implemented in one spot (the
function definition) while the function invocations remain untouched. This fact can
significantly simplify code maintenance and upgrades, especially when contrasted
with the alternative: manually changing every occurrence of the earlier code wherever
it occurs (and possibly introducing new errors in the process).

●

Debugging and testing a program becomes easier when the program is subdivided
into functions, as it becomes easier to trace the source of an error and correct it with
minimal impact on the rest of the program.

●

Functions encourage abstract thinking, because packaging program code into a
function is nothing more or less than understanding how a specific task may be
encapsulated into a generic component. In this sense, functions encourage the creation
of more robust and extensible software designs.

Creating and Invoking Functions
There are three components to every function:
●

Arguments, which serve as inputs to the function

●

Return values, which are the outputs returned by the function

●

The function body, which contains the processing code to turn inputs into outputs

To begin with, let’s start with a simple example, one that doesn’t use either arguments
or return values. Consider the following PHP script, which contains a user-defined
function to print the current day of the week:


123

124

PHP: A Beginner’s Guide
Function definitions begin with the function keyword, followed by the function
name and a list of arguments (optional) in parentheses. Curly braces then enclose the
main body of the function, which can contain any legal PHP code, including variable
definitions, conditional tests, loops, and output statements. Function names must begin
with a letter or underscore character, optionally followed by more letters, numbers, or
underscore characters; punctuation characters and spaces are not allowed within function
names. In the preceding listing, the function is named whatIsToday() and its body
contains a single statement, which uses echo and date() to obtain and print the current
weekday name.
Of course, defining a function is only half the battle: the other half is using it. In PHP,
invoking a function is as simple as calling it by name (and passing it optional arguments,
if needed). The main body of the script in the preceding listing does just this: it invokes
the function by name and then stands back to see the results.

Ask the Expert
Q:
A:

Can I invoke a function before it’s been defined?
Yes. PHP 4.0 (and better) allow developers to invoke a function even if the corresponding
function definition appears later on in the program. This feature is particularly useful for
developers who prefer to place their function definitions at the bottom of a PHP script,
rather than the top, for easier readability.

Using Arguments and Return Values
A function that always returns the same output is a lot like a radio station that plays the
same song all day—not very useful or interesting at all! What you’d really like is the
ability to change the music the station plays in response to feedback that you, the listener,
provide—in effect, to create an audience request show. In PHP terms, this amounts to
creating functions that can accept input values at run time and use these input values to
affect the output returned by the function.
That’s where arguments come in. Arguments are “placeholder” variables within a
function definition; they’re replaced at run time by values provided to the function from
the main program. The processing code within the function then manipulates these values
to return the desired result. Since the input to the function will differ each time it is
invoked, the output will necessarily differ too.

Chapter 5:

Using Functions and Classes

To illustrate, consider the following listing, which defines a function accepting two
arguments and uses these arguments to perform a geometric calculation:


The function in this listing performed a calculation and then printed the result directly
to the output page. But what if you want the function to perform its work and, instead
of printing the result, do something else with it? Well, in PHP, you can have a function
explicitly return a value, like the result of a calculation, to the statement that called it. This
is accomplished by using a return statement inside the function, as in the next example:


You can return multiple values from a function, by placing them all in an array and
returning the array. The next example illustrates, by accepting a sentence and returning the
individual words, reversed, to the caller as an array:
 $v) {
$words[$k] = strrev($v);
}
return $words;
}
// function invocation
// output: 'evaH a doog yad'
echo implode(' ', reverseMe('Have a good day'));
// function invocation
// output: 'lliW uoy yrram em'
echo implode(' ', reverseMe('Will you marry me'));
?>

NOTE
When PHP encounters a return statement inside a function, it halts processing of the
function and “returns” control to the main body of the program.

Setting Default Argument Values
As you saw earlier, the arguments that a function expects to receive from the main
program are specified in the function’s argument list. For convenience, you can assign
default values to any or all of these arguments; these default values are used in the event
the function invocation is missing some arguments. Here’s an example, which generates
an e-mail address from supplied username and domain arguments; if the domain argument
is missing, a default domain is automatically assigned:


Notice that in the first instance, the function has been called with only a single
argument, even though the function definition requires two. However, since a default
value is present for the second argument, the missing argument is automatically replaced
by said default value, and no errors are generated.

TIP
If only some of your function’s arguments have default values assigned to them, place
these arguments at the end of the function’s argument list. This lets PHP correctly
differentiate between missing arguments that don’t have default values, and missing
arguments that do.

Using Dynamic Argument Lists
A PHP function definition normally has a fixed argument list, where the number of
arguments is known in advance. However, PHP also lets you define functions with
so-called variable-length argument lists, where the number of arguments can change
with each invocation of the function. A good example of this is a function that accepts an
arbitrary number of arguments, adds them up, and returns the average . . . as illustrated in
the following listing:


127

128

PHP: A Beginner’s Guide
Notice that the calcAverage() function definition in the previous listing does not
include a predefined argument list; rather, the arguments passed to it are retrieved at run
time using the func_num_args() and func_get_args() functions. The func_num_
args() function returns the number of arguments passed to a function, while the func_
get_args() function returns the actual argument values, as an array. As illustrated in
the preceding listing, both functions come in very handy when dealing with functions that
accept an arbitrary number of arguments.

Understanding Variable Scope
A key concept related to user-defined functions in PHP is variable scope: the extent of a
variable’s visibility within the space of a PHP program. By default, variables used within
a function are local—their impact is restricted to the function space alone, and they cannot
be viewed or manipulated from outside the function in which they exist. To illustrate this,
consider the following example:


// output: 11

Here, the variable $score is defined in the main program, and the changeScore()
function contains code to change the value of this variable. However, after running this
function, the value of $score remains at its original setting, because the changes made to
$score within the changeScore() function remain “local” to the function and do not
reflect in the main program.
This “bounding” of variables to within a function space is deliberate: it maintains
a degree of separation between the main program and its functions, and it reduces

Chapter 5:

Using Functions and Classes

the chances of variables from the main program affecting variables within a function.
However, there are certainly occasions when it may be necessary to “import” a variable
from the main program into a function, or vice versa. For these situations, PHP offers
the global keyword: when applied to a variable inside a function, this keyword
turns the variable into a global variable, making it visible both inside and outside
the function.
The next example illustrates the difference between global and local scope more
clearly:


// output: 25

In this revision of the previous listing, the global keyword used with the $score
variable within the changeScore() function changes the scope of the variable,
increasing its scope to encompass the entire program. As a result, changes made to the
variable within the function will reflect in the main program (and vice versa). The output
of the script illustrates this fact clearly.

Using Recursive Functions
Another, slightly more complex idea involving functions is recursion. A recursive function
is a function that calls itself repeatedly until a condition is satisfied. Such a function
is typically used to solve complex, iterative calculations, or to process deeply nested
structures.

129

130

PHP: A Beginner’s Guide
To illustrate how a recursive function works, consider the next example, which writes
a recursive function to drill down into a nested array and print all of its contents:
 $count, 'values' => $out);
}
// define nested array
$data = array(
'o' => array(
'orange',
'owl',
'one'),
't' => array(

Chapter 5:

Using Functions and Classes

'tea',
'ten',
'tag',
'twentythree' => array(
array('twenty', 'three'),
array('vingt', 'trois', array(
'red' => 'baron',
'blue' => 'blood'
))
)
)
);
// count and print values in nested array
$ret = printValues($data);
echo $ret['total'] . ' value(s) found: ';
echo implode(', ', $ret['values']);
?>

The output of this example would be
12 value(s) found: orange, owl, one, tea, ten,
tag, twenty, three, vingt, trois, baron, blood

The core of this example is the printValues() function, which accepts an array
as argument. It then loops through this array using a foreach loop, adding each value
it finds to an output array named $out. For each such value found, it also increments
a counter named $count by 1. In the event that any of the values encountered in this
manner is itself an array, printValues() calls itself recursively to process that child
array (and any other child arrays found at deeper nesting levels). This process continues
until no further values are left to be processed.
Because both $out and $count are global variables, they maintain their values
throughout this process. Once the function has completed its work, these two variables are
packaged into a single associative array, which is returned to the caller and printed to the
output page.

TIP
While recursive functions are often the quickest way to solve a complex calculation,
they’re not the only way: in most cases, you can accomplish the same thing, albeit less
elegantly, by using one or more loops.

131

132

PHP: A Beginner’s Guide

Try This 5-1

Calculating GCF and LCM

Now that you’ve imbibed a fair amount of knowledge about PHP’s user-defined functions,
let’s put that knowledge to the test with a small practical application. This next example
invites the user to enter two numbers into a Web form, and calculates the greatest common
factor (GCF) and least common multiple (LCM) of the entered numbers.

NOTE
In case you skipped Math class, the GCF of two numbers is the largest factor common to
both, while the LCM of two numbers is the smallest multiple common to both. Thus, for
example, the GCF of 6 and 10 is 2, while the LCM is 30. Read more about GCF and
LCM, including a detailed description of the Euclidean algorithm used in this example,
at http://en.wikipedia.org/wiki/Greatest_common_factor and http://en.wikipedia.org/
wiki/Least_common_multiple.

Here’s the code (gcf_lcm.php):







Project 5-1: GCF and LCM


Enter two integers: 


Chapter 5:

Using Functions and Classes







";
echo "The GCF of ($num1, $num2) is: " . getGCF($num1, $num2);
echo "
";
echo "The LCM of ($num1, $num2) is: " . getLCM($num1, $num2);
}
?>



This script generates a form for the user to enter two numbers (Figure 5-1).
Once the form is submitted, the numbers entered by the user are passed as arguments
to the getGCF() and getLCM() functions, which, respectively, calculate and return the
GCF and LCM of the number pair to the caller. Figure 5-2 displays the results of one such
form submission.

Figure 5-1

A Web form to enter two numbers

(continued)

133

134

PHP: A Beginner’s Guide

Figure 5-2

The results of the form submission, displaying the calculated GCF and LCM

Since this chapter is all about functions, it’s worthwhile spending a few minutes to
dissect the getGCF() and getLCM() functions.
1. The getGCF() function accepts two arguments and calculates the GCF value using the

Euclidean algorithm. Wikipedia’s description of this algorithm, at http://en.wikipedia
.org/wiki/Euclidean_algorithm, states: “Given two natural numbers a and b, not both
equal to zero: check if b is zero; if yes, a is the GCD. If not, repeat the process using,
respectively, b, and the remainder after dividing a by b.”
From this description, it should be clear that the Euclidean algorithm can be expressed
as a recursive function that calls itself repeatedly, feeding the remainder of the previous
division into the next one until the remainder becomes zero. If you look at getGCF(),
you’ll see that’s precisely what it does.
2. Once the GCF has been calculated, the LCM can be easily obtained using the

relationship LCM (A,B) = (A*B)/GCF(A,B). This relationship, and its derivation,
may also be obtained from Wikipedia, at http://en.wikipedia.org/wiki/Least_common_
multiple—and if you look inside the getLCM() function, you’ll see this same
calculation in action. You’ll notice also that getLCM() internally calls getGCF()—a
fine example of inter-function cooperation and an illustration of how functions can be
used to break down large complex tasks into smaller, more focused operations.

Chapter 5:

Using Functions and Classes

Creating Classes
In addition to allowing you to create your own functions, PHP also allows you to group
related functions together using a class. Classes are the fundamental construct behind
object-oriented programming (OOP), a programming paradigm that involves modeling
program behavior into “objects” and then using these objects as the basis for your
applications.
Up until recently, PHP’s support for OOP was limited; however, PHP 5.0 introduced
a new object model that allowed programmers significantly greater flexibility and ease of
use when working with classes and objects. Although OOP is generally considered “too
complex” for beginners to attempt, the widespread prevalence and use of objects under
PHP 5.1 and PHP 5.2 means that no aspiring PHP programmer can afford to be totally
unaware of it.
With this in mind, the following sections will offer a simple introduction to how
classes and objects work under PHP. Interested readers are encouraged to learn more by
referring to the advanced material suggested at the end of the chapter.

Introducing Classes and Objects
Think of a class as a miniature ecosystem: it’s a self-contained, independent collection of
variables and functions, which work together to perform one or more specific (and usually
related) tasks. Variables within a class are called properties; functions are called methods.
Classes serve as templates for objects, which are specific instances of a class. Every
object has properties and methods corresponding to those of its parent class. Every object
instance is completely independent, with its own properties and methods, and can thus be
manipulated independently of other objects of the same class.
To put this in more concrete terms, consider an example: an Automobile class that
contain properties for color and make, and methods for acceleration, braking, and
turning. It’s possible to derive two independent objects from this Automobile class, one
representing a Ford and the other a Honda. Each of these objects would have methods
for acceleration, braking, and turning, as well as specific values for color and make. Each
object instance could also be manipulated independently: for example, you could change
the Honda’s color without affecting the Ford, or call the Ford’s acceleration method
without any impact on the Honda.
Figure 5-3 illustrates the relationship between a class and its object instances visually.

Defining and Using Classes
In PHP, classes are defined much like functions: a class definition begins with the class
keyword, which is followed by the class name and a pair of curly braces. The complete

135

136

PHP: A Beginner’s Guide
Object
Ford
Class

brake()
accelerate()
turn()

Automobile
Object
brake()
accelerate()
turn()

Figure 5-3

Honda

brake()
accelerate()
turn()

The relationship between classes and objects

class definition must be enclosed within these braces; in most cases, this definition
consists of property (variable) definitions followed by method (function) definitions.
To see what a class definition looks like, review the following listing: it contains a
definition for an Automobile class, with two properties named $color and $make and
methods named accelerate(), brake(), and turn():


Chapter 5:

Using Functions and Classes

Once a class has been defined, objects can be created from the class with the new
keyword. Class methods and properties can directly be accessed through this object
instance. Here’s an example, which creates an instance of the Automobile class and
assigns it to $car, and then sets the object’s properties and invokes object methods
(note the -> symbol used to connect objects to their properties or methods):
color = 'red';
$car->make = 'Ford Taurus';
// invoke object methods
$car->accelerate();
$car->turn();
?>

To access or change a class method or property from within the class itself, it’s
necessary to prefix the corresponding method or property name with $this, which refers
to “this” class. To see how this works, consider this revision of the preceding example,
which sets a class property named $speed and then modifies this property from within
the accelerate() and brake() functions:
speed += 10;
echo 'Accelerating to ' . $this->speed . '...';
}
public function brake() {
$this->speed -= 10;
echo 'Slowing down to ' . $this->speed . '...';
}

137

138

PHP: A Beginner’s Guide
public function turn() {
$this->brake();
echo 'Turning...';
$this->accelerate();
}
}
?>

And now, when you invoke these functions, you’ll see the effect of changes in
$speed:
accelerate();
$car->turn();
?>

Ask the Expert
Q:
A:

Can I look inside an object or class to see its structure?
Since PHP 5.0, PHP has included a full-fledged reflection API, which lets you peer into
any class or object and obtain detailed information on its properties, methods, interfaces,
and constants. To use it, instantiate an object of either ReflectionClass or ReflectionObject
and pass it the class or object to be X-rayed. Here’s an example:


Read more about reflection in PHP at www.php.net/manual/en/language.oop5
.reflection.php

Chapter 5:

Try This 5-2

Using Functions and Classes

Encrypting and Decrypting Text

Now that you know the basics of classes and objects, let’s run through a brief practical
example. This next listing defines a class named Jumbler, which allows users to encrypt
(and decrypt) text using a simple encryption algorithm and a user-supplied numeric key.
Take a look at the class definition (jumbler.php):
key = $key;
}
// get encryption key
public function getKey() {
return $this->key;
}
// encrypt
public function encrypt($plain) {
for ($x=0; $xgetKey() + ($x * $this->getKey());
}
return implode('/', $cipher);
}
// decrypt
public function decrypt($cipher) {
$data = explode('/', $cipher);
$plain = '';
for ($x=0; $xgetKey() - ($x * $this->getKey()));
}
return $plain;
}
}
?>

(continued)

139

140

PHP: A Beginner’s Guide
This class has a single property and four methods:
●

The $key property holds the numeric key entered by the user. This key is used to
perform the encryption.

●

The setKey() method accepts an argument and sets the $key property to that value.

●

The getKey() method returns the value of the $key property.

●

The encrypt() function accepts a plain-text string and “jumbles” it using the key.

●

The decrypt() function accepts an encrypted string and restores the original plaintext string from it using the key.

A quick word about the internals of the encrypt() and decrypt() methods, before
proceeding to a usage example. When encrypt() is invoked with a plain-text string, it
steps through the string and calculates a numeric value for each character. The numeric
value is the sum of
●

The character’s ASCII code, as returned by the ord() function

●

The numeric key set by the user through the setKey() method

●

The product of the numeric key and the character’s position in the string

Each number returned after this calculation is added to an array, and once the entire
string is processed, the elements of the array are joined into a single string, separated by
slashes, with implode().
Table 5-1 has a brief illustration of how the word 'Ant' is converted into the
encrypted string '410/800/1151' using this method.
The decryption routine reverses this process: it first splits the encrypted ciphertext
string into individual numbers using the slashes as delimiters, and adds them to an array.
It then obtains the character corresponding to each number, by subtracting
●

The numeric key set by the user through the setKey() method; and

●

The product of the numeric key and the character’s position in the string

Character $c

Position $p

'A'

0

65

345

0

410

'n'

1

110

345

345

800

't'

2

116

345

690

1151

Table 5-1

ord($c)

An Example Encryption Run

Key $key

$key * $p

Total

Chapter 5:

Using Functions and Classes

from the number, and then using the chr() function to retrieve the ASCII character
corresponding to the remainder. The characters returned through this process are
concatenated into a single string and returned to the caller.

CAUTION
The encryption routine used by the Jumbler class is illustrative only, and highly
insecure—don’t even think about using it to secure real-world data.

Now that you’ve understood how the class works, let’s look at how it could be used. This
next listing generates a form for the user to enter plaintext or ciphertext, as well as a numeric
key, and then uses a Jumbler object to encrypt or decrypt it. Here’s the code (jumbler.php):






Project 5-2: Encrypting Text


Enter:
Plaintext
Ciphertext 




Enter numeric key: 





setKey($key);
if ($type == 'C') {
echo $j->decrypt($text);
} else {
echo $j->encrypt($text);
}
}
?>



The script is quite simple: it generates a Web form containing text fields for the user to
enter text and a numeric key, and radio buttons to indicate whether the text being entered
is plaintext or ciphertext. On submission, a new instance of the Jumbler class is created,
and the key entered by the user is registered with the instance via the setKey() method.
Depending on the type of text entered, the instance’s encrypt() or decrypt() method
is called, and the output is printed back to the page.
Figure 5-4 shows what the Web form looks like, and Figure 5-5 has an example of the
encrypted text generated after form submission.

Figure 5-4

A Web form to enter plaintext

Chapter 5:

Figure 5-5

Using Functions and Classes

The result after encryption

Using Advanced OOP Concepts
PHP’s object model also supports many more advanced features, giving developers a great
deal of power and flexibility in building OOP-driven applications. This section illustrates
three such features: constructors and destructors, extensibility, and visibility.

Using Constructors and Destructors
PHP makes it possible to automatically execute code when a new instance of a class is
created, using a special class method called a constructor. You can also run code when
a class instance ends using a so-called destructor. Constructors and destructors can be
implemented by defining functions named __construct() and __destruct() within
the class, and placing object (de)initialization code within them.
Here’s a simple example illustrating how this works:


Extending Classes
For most developers, extensibility is the most powerful reason for using the OOP
paradigm. Put very simply, extensibility implies that a new class can be derived from an
existing one, inheriting all the properties and methods of the parent class and adding its
own new properties and methods as needed. Thus, for example, a Human class could
extend a Mammal class, which is itself an extension of a Vertebrate class, with each new
extension adding its own features as well as inheriting the features of its parent.
In PHP, extending a class is as simple as attaching the extends keyword and the
name of the class being extended to a class definition, as in the following example:


With such an extension, all the properties and methods of the parent class become
available to the child class and can be used within the class’ program logic. To illustrate,
consider the following listing:
age = $age;
}
function getAge() {
return $this->age;
}
function grow() {
$this->age += 4;
}
}
// child class definition
class Human extends Mammal {
public $name;
function __construct() {
parent::__construct();
}
function setName($name) {
$this->name = $name;
}
function getName() {
return $this->name;
}
function grow() {
$this->age += 1;
echo 'Growing...';
}
}
?>

This listing contains two class definitions:
1. Mammal, the parent class, which contains the $age property and the methods

setAge(), getAge(), and grow();

145

146

PHP: A Beginner’s Guide
2. Human, which extends Mammal and inherits all of Mammal’s properties and

methods. Human contains the additional $name property and the additional methods
setName() and getName(); its grow() method overrides the method of the same
name in the parent class. Notice also that Human’s __construct() method internally
calls Mammal’s __construct() method; the special keyword parent provides an
easy shortcut to refer to the current class’ parent.
Here’s an example of how you’d use the extended class:
setAge(1);
$baby->setName('Tonka');
echo $baby->getName() . ' is now ' . $baby->getAge() . ' year(s) old...';
$baby->grow();
$baby->grow();
echo $baby->getName() . ' is now ' . $baby->getAge() . ' year(s) old.';
?>

Figure 5-6 shows the output of this listing.
From the output, it should be clear that even though the class definition for Human
doesn’t explicitly contain getAge() and setAge() methods, nor the $age property,

Figure 5-6

Using inherited methods of a class

Chapter 5:

Using Functions and Classes

instances of the Human class can still use these methods, as they are inherited from the
parent Mammal class.
Once you begin working with inheritance and extensibility, it’s easy to quickly
become overwhelmed with long and complex class trees. For this reason, PHP provides an
instanceof operator, to test if an object is an instance of a particular class. This operator
returns true if the object instance has the named class anywhere in its parent tree. Here’s
an example of it in action:


TIP
There’s also the get_class() function, which returns the name of the class from which
an object was instantiated, and the get_parent_class() function, which returns the
name of its parent.

Adjusting Visibility Settings
In the first part of this chapter, you learned the difference between “local” and “global”
scope, and you saw how variables used inside a function are invisible to the main
program. When working with classes, PHP allows you to exert even greater control over
the visibility of object properties and methods. Three levels of visibility exist, ranging
from most visible to least visible; these correspond to the public, protected, and
private keywords.
You’ll have noticed that all the property and method definitions in earlier examples
are prefixed with the keyword public; this sets the corresponding class methods and
properties to be “public” and allows a caller to manipulate them directly from the main
body of the program. This “public” visibility is the default level of visibility for any class
member (method or property) under PHP.

147

148

PHP: A Beginner’s Guide
If you don’t like the thought of this intrusion, you can explicitly mark a particular
property or method as private or protected, depending on how much control you
want to cede over the object’s internals. “Private” methods and properties are only visible
within the class that defines them, while “protected” methods and properties are visible
to both their defining class and any child (inherited) classes. Attempts to access these
properties or methods outside their visible area typically produces a fatal error that stops
script execution.
To see how this works in practice, consider the following example:
name = 'William';
$mammal->age = 3;
$mammal->species = 'Whale';
$human = new Human;
$human->name = 'Barry';
$human->age = 1;
$human->species = 'Boy';
?>

Try This 5-3

// ok
// fatal error
// fatal error

// ok
// fatal error
// undefined

Generating Form Selection Lists

Let’s now turn to another example to illustrate some of the more advanced concepts
taught in the preceding section. Here, you’ll create objects to mimic the  and
 elements used in a Web form, writing methods that allow you to define such
a selection list programmatically from your application. There are three primary objects
you’ll encounter in the next example: a base Element object and two derived objects
named Select and Option.
Let’s start with the base Element object, which represents a generic form element:
name = $name;
}
// method: get element 'name'
public function getName() {
return $this->name;
}
// method: set element value
public function setValue($value) {
$this->value = $value;
}
// method: get element value
public function getValue() {
return $this->value;
}
// method: set English-language element label
public function setLabel($label) {
$this->label = $label;
}
// method: get element label
public function getLabel() {
return $this->label;
}
}
?>

We assume here that every form element has three properties: a name, a value, and a
text label. The preceding class definition defines just these properties and also provides
“getter” and “setter” methods to change and retrieve these properties.
This Element object serves as the base for other, more focused form elements—such
as the Option object, which represents an  element. Here’s the definition:
setValue($value);
$this->setLabel($label);
}
// method: output HTML for  elements
public function render() {
echo "getValue() . "\">" . $this->getLabel() .
"\n";
}
}
?>

The constructor for an Option accepts two arguments: a value and a label. These
two arguments are then used to set the Option’s $value and $label properties, via its
setValue() and setLabel() methods. Note that these methods are not explicitly
defined in the class but actually belong to the Element class; however, due to extensibility,
the methods of the parent class are automatically available to its children.
The Option class also adds a new method, render(), which outputs the HTML
code necessary to create an  element. Notice that this method internally calls
getValue() and getLabel(), also methods of its parent, to correctly generate the
necessary HTML code.
All that’s left now is to define the Select class:
options = array();
}
// method: add an option to the list
public function setOption($option) {
$this->options[] = $option;
}
// method: return all options for the list as array
private function getOptions() {
return (array)$this->options;
}
// method: output HTML code for  element
public function render() {

Chapter 5:

Using Functions and Classes

echo $this->getLabel() . ": 
\n";
echo "getName() . "\">\n";
foreach ($this->getOptions() as $opt) {
echo $opt->render();
}
echo "";
}
}
?>

This class defines a single protected property, $options, as an array. The class also
offers the setOption() method, which accepts an Option object and adds it to the
$options array; and the render() method, which iterates over the $options array
and outputs the HTML code needed for the  element. Both the preceding
methods are public; however, there’s also a getOptions() method, which is a private
method only used internally to return the $options array to the caller.
How would you use these objects? Here’s an example:
setLabel('Fruits');
$fruits->setName('fruit_sel');
$fruits->setOption(new Option('Oranges', 'Oranges'));
$fruits->setOption(new Option('Strawberries', 'Strawberries'));
$fruits->setOption(new Option('Pineapples', 'Pineapples'));
$fruits->setOption(new Option('Bananas', 'Bananas'));
$fruits->render();
?>

The first step is to initialize an instance of the Select class and assign the element
a label and name via the setLabel() and setName() methods—remember that
these methods have been inherited from the parent Element class. Next, the Select
object’s setOption() method is used to assign options to the selection list—each
setOption() call is passed an Option object holding the option’s label and value. Once
all the options have been assigned, the Select object’s render() method takes care of
actually writing the HTML to the page:
Here’s what the HTML output generated by render() looks like:
Fruits: 


Oranges
Strawberries
Pineapples
Bananas


(continued)

151

152

PHP: A Beginner’s Guide
Why stop with just one selection list? The nice thing about OOP, after all, is
reusability—and so, it’s easy to generate multiple selection lists, just by reusing the
three classes described previously. Here’s an example illustrating this (select.php):






Project 5-3: Generating Form Selection Lists


setLabel('Fruits');
$fruits->setName('fruit_sel');
$fruits->setOption(new Option('Oranges', 'Oranges'));
$fruits->setOption(new Option('Strawberries', 'Strawberries'));
$fruits->setOption(new Option('Pineapples', 'Pineapples'));
$fruits->setOption(new Option('Bananas', 'Bananas'));
$fruits->render();
?>

setLabel('Metals');
$metals->setName('metal_sel');
$metals->setOption(new Option('Iron', 'Iron'));
$metals->setOption(new Option('Silver', 'Silver'));
$metals->setOption(new Option('Gold', 'Gold'));
$metals->setOption(new Option('Platinum', 'Platinum'));
$metals->render();
?>

setLabel('Animals');

Chapter 5:

Using Functions and Classes

$animals->setName('animal_sel');
$animals->setOption(new Option('Lion', 'Lion'));
$animals->setOption(new Option('Hyena', 'Hyena'));
$animals->setOption(new Option('Fox', 'Fox'));
$animals->render();
?>







Figure 5-7 illustrates the output of this listing.

Figure 5-7

A form containing three dynamically generated selection lists

153

154

PHP: A Beginner’s Guide

Summary
This chapter introduced you to two fairly advanced constructs: user-defined functions,
which allow you to package your PHP code into reusable blocks; and classes, which
allow you to group related functions into independent, extensible units. It also gave you
a crash course in important software design concepts, such as recursion, encapsulation,
inheritance, visibility, and reflection. All of these concepts and techniques were reinforced
through the development of three practical examples; you probably found these somewhat
more challenging than those in previous chapters, but working through them will almost
certainly have moved your PHP skills up a notch.
At the close of this chapter (and this section), you know enough about the basic
grammar and syntax of object-oriented programming to recognize and understand its use
in third-party code, and also to begin writing modular, OOP-driven scripts of your own.
These skills will stand you in good stead as you move into the next section of this book,
which focuses on integrating your PHP application with data from other external sources.
Until then, though, spend some time looking at the links that follow, which offer more
detailed information on the topics discussed in this chapter.

✓

●

User-defined functions, at www.php.net/manual/en/language.functions.php

●

Classes, at www.php.net/manual/en/language.oop5.php

●

Class visibility, at www.php.net/manual/en/language.oop5.visibility.php

Chapter 5 Self Test
1. State one advantage of using functions.
2. What is the difference between an argument and a return value?
3. Using the relationship DISTANCE = SPEED * TIME, write a function that calculates

distance given the speed and time. Use this function to find the distance traveled by an
aircraft departing from London, England, at 9:30 P.M. and arriving in Bombay, India,
at 11 A.M. the next day. Assume the aircraft flies at 910 km/hr and the time difference
between London and Bombay is 4.5 hours.
4. Using the property LCM (P,Q,R,S) = LCM(LCM(LCM(P,Q),R),S), extend the

LCM/GCF example in this chapter such that it accepts an arbitrary number of values
and returns the LCM of the series.
5. What is a constructor?

Chapter 5:

Using Functions and Classes

6. What happens if you attempt to access a private method of a parent class from its child

class?
7. What would be the output of the following code?
play();
?>

8. Using the Select class defined earlier in this chapter, create a new DateSelect class

containing three selection lists, one each for day, month, and year. Demonstrate usage
of this class in a Web form.
9. What would be the output of the following PHP code:


155

This page intentionally left blank

Part

II

Working with Data from
Other Sources

Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

This page intentionally left blank

Chapter

6

Working with Files
and Directories

159
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

160

PHP: A Beginner’s Guide

Key Skills & Concepts
●

Learn to read and write disk files

●

Process directories recursively

●

Copy, move, rename, and delete files and directories

●

Work with file paths and attributes

J

ohn Donne famously said, “No man is an island,” and this maxim holds true for PHP
scripts as well. So far, all the examples you’ve seen have been self-contained, with their
source data arriving either from user input or from variables hard-wired into the program
body. In reality, though, your PHP script will need to work with data retrieved from disk
files, SQL resultsets, XML documents, and many other data sources.
PHP comes with numerous built-in functions to access these data sources and this
chapter will get you started on the road to discovering them, by focusing specifically on
PHP’s file system functions. With 70+ functions available, there’s an abundance of options;
this chapter will give you a crash course in the most important ones, with both examples
and practical projects of reading, writing, and manipulating disk files and directories.

Reading Files
PHP’s file manipulation API is extremely flexible: it lets you read files into a string or into
an array, from the local file system or a remote URL, by lines, bytes, or characters. The
following sections explain all these variants in greater detail.

Reading Local Files
The easiest way to read the contents of a disk file in PHP is with the file_get_
contents() function. This function accepts the name and path to a disk file, and reads
the entire file into a string variable in one fell swoop. Here’s an example:


Chapter 6:

Working with Files and Directories

An alternative method of reading data from a file is PHP’s file() function, which
accepts the name and path to a file and reads the entire file into an array, with each
element of the array representing one line of the file. To process the file, all you need do is
iterate over the array using a foreach loop. Here’s an example, which reads a file into an
array and then displays it using such a loop:


Reading Remote Files
Both file_get_contents() and file() also support reading data from URLs, using
either the HTTP or FTP protocol. Here’s an example, which reads an HTML file off the
Web into an array:


In case of slow network links, it’s sometimes more efficient to read a remote file in
“chunks,” to maximize the efficiency of available network bandwidth. To do this, use the
fgets() function to read a specific number of bytes from a file, as in the next example:


161

162

PHP: A Beginner’s Guide
This listing introduces four new functions, so let’s take a closer look at it. First, the
fopen() function: it accepts the name of the source file and an argument indicating
whether the file is to be opened in read ('r'), write ('w'), or append ('a') mode,
and then creates a pointer to the file. Next, a while loop calls the fgets() function
continuously in a loop to read a specific number of bytes from the file and append these
bytes to a string variable; this loop continues until the feof() function returns true,
indicating that the end of the file has been reached. Once the loop has completed, the
fclose() function destroys the file pointer.

NOTE
In order to read remote URLs, the PHP configuration variable 'allow_url_fopen'
must be set to true in the PHP configuration file php.ini. If this variable is set to false, all
attempts to read remote files will fail.

Reading Specific Segments of a File
A final twist involves reading only a specific block of lines from a line—something that
can be accomplished with a combination of PHP’s fseek() and fgets() functions.
Consider the next example, which sets up a user-defined function named readBlock()
and accepts three arguments: the filename, the starting line number, and the number of
lines to return from the starting point:
= $start) {
$out .= $line;
$linesRead++;
// if max number of lines is defined and reached

Chapter 6:

Working with Files and Directories

// break out of loop
if (!is_null($linesRead) && $linesRead == ($lines)) {
break;
}
}
$linesScanned++;
}
return $out;
}
echo readBlock('example.txt', 3, 4);
?>

Within readBlock(), a loop iterates through the file line by line, until the starting
line number is reached (a line counter named $linesScanned keeps track of the current
line number, incrementing by 1 on each iteration of the loop). Once the starting line is
reached, it (and all subsequent lines) are read into a string variable until the specified
maximum number of lines are processed or until the end of the file is reached.

Writing Files
The flip side of reading data from files is writing data to them. And PHP comes with a
couple of different ways to do this as well. The first is the file_put_contents()
function, a close cousin of the file_get_contents() function you read about in the
preceding section: this function accepts a filename and path, together with the data to be
written to the file, and then writes the latter to the former. Here’s an example:


If the file specified in the call to file_put_contents() already exists on disk,
file_put_contents() will overwrite it by default. If, instead, you’d prefer to preserve
the file’s contents and simply append new data to it, add the special FILE_APPEND flag to
your file_put_contents() function call as a third argument. Here’s an example:


An alternative way to write data to a file is to create a file pointer with fopen(), and
then write data to the pointer using PHP’s fwrite() function. Here’s an example of this
technique:


Notice the flock() function from the preceding listing: this function “locks” a file
before reading or writing it, so that it cannot be accessed by another process. Doing this
reduces the possibility of data corruption that might occur if two processes attempt to
write different data to the same file at the same instant. The second parameter to flock()
specifies the type of lock: LOCK_EX creates an exclusive lock for writing, LOCK_SH
creates a non-exclusive lock for reading, and LOCK_UN destroys the lock.

Ask the Expert
Q:
A:

Can I read and write binary files with PHP?
Yes. The file_get_contents(), file_put_contents(), and file() functions
all read and write data in binary format by default; this lets you use PHP with binary files
without worrying that your data will get corrupted.

NOTE
The directory into which you’re trying to save the file must already exist, or else PHP
will generate a fatal error. You can test if a directory exists with the file_exists()
function, discussed later in this chapter.

Chapter 6:

Try This 6-1

Working with Files and Directories

Reading and Writing Configuration Files

Now that you know how to read and write files, let’s try creating an application that
uses the functions described in the preceding section. Assume for a second that you’re
developing a Weblog application, and you’d like your users to be able to configure certain
aspects of this application’s behavior—for example, how many posts appear on the index
page or the e-mail address that comments are sent to. In this case, you’d probably need
to build a Web-based form that allows users to input these configuration values and saves
them to a file that your application can read as needed.
This next listing generates just such a Web form, allowing users to enter values for
different configuration values and then saving this information to a disk file. When users
revisit the form, the data previously saved to the file is read and used to prefill the form’s
fields.
Here’s the code (configure.php):






Project 6-1: Reading And Writing Configuration Files


Administrator email address: 



Default author name: 



Number of posts on index page: 



Number of anonymous comments: 



URL for automatic notification of new posts: 





 $value) {
if (trim($value) != '') {
fwrite($fp, "$key=$value\n") or die('ERROR: Cannot write [$key] to
configuration file');
}
}

Chapter 6:

Working with Files and Directories

// close and save file
flock($fp, LOCK_UN) or die ('ERROR: Cannot unlock file');
fclose($fp);
echo 'Configuration data successfully written to file.';
}
?>



This example illustrates a common, and practical, use of PHP’s file functions: to read
and write configuration files in the context of a Web application. Figure 6-1 illustrates the
Web form generated by this script.
Once the form is submitted, the data entered into it arrives in the form of an associative
array, whose keys correspond to the configuration variables in use. This data is then validated
and a file pointer is opened to the configuration file, config.ini. A foreach loop then iterates
over the array, writing the keys and values to the file pointer in key=value format, with each
key-value pair on a separate line. The file pointer is then closed, saving the data to disk.

Figure 6-1

A Web form to enter configuration data

(continued)

167

168

PHP: A Beginner’s Guide
Here’s an example of what config.ini would look like after submitting the form in
Figure 6-1:
AdminEmailAddress=admin@abc.com
DefAuthor=Charles W
NumPosts=8
NumComments=4

If a user revisits the Web form, the script first checks if a configuration file named
config.ini exists in the current directory. If it does, the lines of the file are read into an
array with PHP’s file() function; a foreach loop then processes this array, splitting
each line on the equality (=) symbol and turning the resulting key-value pairs into an
associative array. This array is then used to prefill the form fields, by assigning a value to
each input field’s 'value' attribute.
Figure 6-2 illustrates one such Web form, prefilled with data read from the
configuration file.
Users are, of course, free to resubmit the form with new data; as explained previously,
this submission will then be used to rewrite the configuration file with new values.

Figure 6-2

A Web form prefilled with data from a configuration file

Chapter 6:

Working with Files and Directories

Processing Directories
PHP also allows developers to work with directories on the file system, iterating through
directory contents or moving forward and backward through directory trees. Iterating through
a directory is a simple matter of calling PHP’s DirectoryIterator object, as in the following
example, which uses the DirectoryIterator to read a directory and list each file within it:
valid()) {
if (!$dit->isDot()) {
echo $dit->getFilename() . "\n";
}
$dit->next();
}
unset($dit);
?>

Here, a DirectoryIterator object is initialized with a directory name, and the object’s
rewind() method is used to reset the internal pointer to the first entry in the directory. A
while loop, which runs so long as a valid() entry exists, can then be used to iterate over
the directory. Individual filenames are retrieved with the getFilename() method, while
the isDot() method can be used to filter out the entries for the current (.) and parent (..)
directories. The next() method moves the internal pointer forward to the next entry.
You can also accomplish the same task with a while loop and some of PHP’s
directory manipulation functions . . . as in the following listing:


169

170

PHP: A Beginner’s Guide
Here, the opendir() function returns a pointer to the directory named in the function
call. This pointer is then used by the readdir() function to iterate over the directory,
returning a single entry each time it is invoked. It’s then easy to filter out the . and ..
directories, and print the names of the remaining entries. Once done, the closedir()
function closes the file pointer.

TIP
Also consider PHP’s scandir() function, which accepts a directory name and returns
an array containing a list of the files within that directory together with their sizes. It’s
then easy to process this array with a foreach loop.

In some cases, you might need to process not just the first-level directory, but also
its subdirectories and sub-subdirectories. A recursive function, which you learned about
in Chapter 5, is usually the best tool for this purpose: consider the next listing, which
illustrates one such function in action:
';
printDir('.');
echo '
';
}
?>

Chapter 6:

Working with Files and Directories

The printDir() function in this listing might appear complex, but it’s actually quite
simple. It accepts two arguments: the name of the top-level directory to use, and a “depth
string,” which indicates, via indentation, the position of a particular file or directory in the
hierarchy. Using this input, the function opens a pointer to the named directory and begins
processing it with readdir(), printing the name of each directory or file found. In the
event that a directory is found, the depth string is incremented by an additional character
and the printDir() function is itself recursively called to process that subdirectory. This
process continues until no further files or directories remain to be processed.
Figure 6-3 has an example of the output of this listing.

Figure 6-3

An indented directory listing

171

172

PHP: A Beginner’s Guide

Performing Other File and Directory Operations
In addition to the tools you’ve seen in previous sections, PHP comes with a whole range
of file and directory manipulation functions, which allow you to check file attributes;
copy, move, and delete files; and work with file paths and extensions. Table 6-1 lists some
of the important functions in this category.

Checking if a File or Directory Exists
If you try reading or appending to a file that doesn’t exist, PHP will typically generate a
fatal error. Ditto for attempts to access or read/write from/to a directory that doesn’t exist.
To avoid these error messages, always check that the file or directory you’re attempting to
access already exists, with PHP’s file_exists() function. The next listing illustrates it
in action:

Function

What It Does

file_exists()

Tests if a file or directory exists

filesize()

Returns the size of a file in bytes

realpath()

Returns the absolute path of a file

pathinfo()

Returns an array of information about a file and its path

stat()

Provides information on file attributes and permissions

is_readable()

Tests if a file is readable

is_writable()

Tests if a file is writable

is_executable()

Tests if a file is executable

is_dir()

Tests if a directory entry is a directory

is_file()

Tests if a directory entry is a file

copy()

Copies a file

rename()

Renames a file

unlink()

Deletes a file

mkdir()

Creates a new directory

rmdir()

Removes a directory

include() / require()

Reads an external file into the current PHP script

Table 6-1

Common PHP File and Directory Functions

Chapter 6:

Working with Files and Directories



Calculating File Size
To calculate the size of a file in bytes, call the filesize() function with the filename
as argument:


Finding the Absolute File Path
To retrieve the absolute file system path to a file, use the realpath() function, as in the
next listing:


173

174

PHP: A Beginner’s Guide

Ask the Expert
Q:
A:

Are PHP’s file functions case-sensitive with respect to filenames?
It depends on the underlying file system. Windows is case-insensitive with respect
to filenames, so PHP’s file functions are case-insensitive too. However, filenames
on *NIX systems are case-sensitive, and so PHP’s file functions are case-sensitive
too on these systems. Thus, given the file eXAMple.txt, the statement  might return false on a *NIX system but true on a
Windows system.

You can also use the pathinfo() function, which returns an array containing the
file’s path, name, and extension. Here’s an example:


Retrieving File Attributes
You can obtain detailed information on a particular file, including its ownership,
permissions, and modification and access times, with PHP’s stat() function, which
returns this information as an associative array. Here’s an example:


You can check if a file is readable, writable or executable with the is_readable(),
is_writable(), and is_executable() functions. The following example illustrates
their usage:


The is_dir() function returns true if the argument passed to it is a directory, while
the is_file() function returns true if the argument passed to it is a file. Here’s an
example:


Creating Directories
To create a new, empty directory, call the mkdir() function with the path and name of the
directory to be created:


Copying Files
You can copy a file from one location to another by calling PHP’s copy() function with
the file’s source and destination paths as arguments. Here’s an example:


It’s important to note that if the destination file already exists, the copy() function
will overwrite it.

Renaming Files or Directories
To rename or move a file (or directory), call PHP’s rename() function with the old and
new path names as arguments. Here’s an example that renames a file and a directory,
moving the file to a different location in the process:


As with copy(), if the destination file already exists, the rename() function will
overwrite it.

CAUTION
PHP will only allow you to copy, delete, rename, create, and otherwise manipulate a file
or directory if the user "owning" the PHP script has the privileges necessary to perform
the task.

Removing Files or Directories
To remove a file, pass the filename and path to PHP’s unlink() function, as in the
following example:


To remove an empty directory, PHP offers the rmdir() function, which does the
reverse of the mkdir() function. If the directory isn’t empty, though, it’s necessary to
first remove all its contents (including all subdirectories) and only then call the rmdir()
function to remove the directory. You can do this manually, but a recursive function is

177

178

PHP: A Beginner’s Guide
usually more efficient—here’s an example, which demonstrates how to remove a directory
and all its children:


Here, the removeDir() function is a recursive function that accepts one input
argument: the name of the top-level directory to remove. The function begins by creating

Chapter 6:

Working with Files and Directories

a pointer to the directory with opendir() and then iterating over the directory’s contents
with a while loop—you’ve seen this technique in a previous section of this chapter.
For each directory entry found, the is_file() and is_dir() methods are used to
determine if the entry is a file or a sub-directory; if the former, the unlink() function is
used to delete the file and if the latter, the removeDir() function is called recursively
to again process the subdirectory’s contents. This process continues until no files or
subdirectories are left; at this point, the top-level directory is empty and can be removed
with a quick rmdir().

Reading and Evaluating External Files
To read and evaluate external files from within your PHP script, use PHP’s include()
or require() function. A very common application of these functions is to include a
standard header, footer, or copyright notice across all the pages of a Web site. Here’s an
example:








This is the page body.





Here, the script reads two external files, header.php and footer.php, and places
the contents of these files at the location of the include() or require() call. It’s
important to note that any PHP code to be evaluated within the files included in this
manner must be enclosed within  tags.

Ask the Expert
Q:
A:

What is the difference between include() and require()?
Fairly simple: a missing include() will generate a warning but allow script execution
to continue, whereas a missing require() will generate a fatal error that halts script
execution.

179

180

PHP: A Beginner’s Guide

Try This 6-2

Creating a Photo Gallery

Let’s now try another practical example, this one using what you’ve learned about
manipulating directories and using different file functions. This next listing scans a
specified directory for digital photographs and dynamically generates a Web page to
display these images—a digital photo gallery, if you will. Here’s the code (gallery.php):







Project 6-2: Creating An Image Gallery

 0) {
for ($x=0; $x











This listing begins by defining the path to the directory containing your digital images;
you’ll need to modify this to reflect your local system in order for the listing to work. It
also sets up an array named $photosExt containing common file extensions for digital
photographs; this information is useful when searching for image files in the named
directory.
Having set up these two variables, the listing uses PHP’s opendir() and readdir()
functions to iterate over the specified directory and process each entry in it. If an entry’s
file extension is found to match an element from $photosExt, the file and path are added

(continued)

181

182

PHP: A Beginner’s Guide
to a separate $photosList array. This process continues until all the entries in the named
directory are processed.
Assuming at least one image has been found, the next (and final) step is to generate
the HTML code to display the images on a Web page. This is accomplished by iterating
over $photosList with a foreach loop and generating an  tag for each
file found in it, together with the image’s filename and file size in kilobytes. The image
references thus created are formatted as elements of a horizontal HTML list, such that
they appear neatly arranged on the final output page.
Figure 6-4 illustrates the output of this listing. As the listing illustrates, it’s quite easy
to use PHP’s directory and file functions to iterate through a directory and process the files
found within it.

Figure 6-4

A dynamically generated Web photo gallery

Chapter 6:

Working with Files and Directories

Summary
Reading and writing files are basic tasks that any PHP developer should know how
to accomplish; this chapter covered both these tasks, and many more. It began with a
demonstration of how to read local and remote files, as well as how to create new files
or append data to existing ones. It then moved on to directory manipulation under PHP
and explained many of PHP’s file and directory functions, illustrating each with a brief
example. Two projects—reading and writing a configuration file, and creating a Webbased photo gallery—assisted in applying this learning in a practical context.
To read more about the topics discussed in this chapter, consider visiting the following
links:

✓

●

Working with files and directories, at www.melonfire.com/community/columns/
trog/article.php?id=208 and www.melonfire.com/community/columns/trog/
article.php?id=211

●

File system functions, at www.php.net/manual/en/ref.filesystem.php

●

Directory functions, at www.php.net/manual/en/ref.dir.php

Chapter 6 Self Test
1. Name the functions you would use to
A Obtain the absolute path to a file
B Delete a file
C Retrieve the size of a file
D Read the contents of a file into an

array

G Read the contents of a directory

into an array
H Write a string to a file
I Create a new directory
J Delete a directory

E Check if a file is writable

K Create a pointer to a directory

F Check if a directory exists

L Check if a directory entry is a file

2. Why would you use the flock() function?
3. Write a PHP script to count the number of lines in a file.
4. Write a PHP script to read a file, reverse its contents, and write the result back to a

new file.

183

184

PHP: A Beginner’s Guide
5. Write a PHP script to look through the current directory and rename all the files with

extension .txt to extension .xtx.
6. Using the removeDir() recursive function in this chapter as model, write a recursive

function to copy the contents of one directory to another.
7. Write a PHP script to read the current directory and return a file list sorted by last

modification time. (Hint: The PHP function to return the last modification time of a file
is filemtime()).

Chapter

7

Working with
Databases and SQL

185
Copyright © 2009 by The McGraw-Hill Companies. Click here for terms of use.

186

PHP: A Beginner’s Guide

Key Skills & Concepts
●

Learn database concepts and Structured Query Language

●

Add, edit, delete, and view records using MySQL and SQLite databases

●

Retrieve database records with PHP

●

Validate and save user input to a database with PHP

●

Write portable database-driven programs

O

ne of the reasons for PHP’s popularity as a Web scripting language is its support
for a wide range of relational database systems. This support makes it easy for Web
developers to create data-driven Web sites and to prototype new Web applications quickly
and efficiently, with minimal fuss and muss.
PHP supports more than fifteen different database engines, including Microsoft SQL
Server, IBM DB2, PostgreSQL, MySQL, and Oracle. Until PHP 5, this support was
offered through native database extensions, each with its own functions and features;
however, this made it hard for developers to change from one database engine to another.
PHP 5 rectified this situation by introducing a common API for database access: the
PHP Data Objects (PDO) extension, which provides a unified interface to working with
databases and helps developers manipulate different databases in a consistent manner.
In PHP 5.3, the PDO extension has been further improved, with support for new
database engines and further optimizations for security and performance. For backward
compatibility, the native database extensions also continue to be supported. Because you’ll
often find yourself having to choose between a native extension (which may be faster or
offer more features) or PDO (which offers portability and consistency across database
engines), this chapter covers both options: it introduces you to PDO and also discusses
two of PHP’s most popular native extensions, the MySQL Improved extension and the
SQLite extension.

Introducing Databases and SQL
In the Internet age, information is no longer represented in filing cabinets; instead, it’s
stored as digital ones and zeros in electronic databases, which are data storage “containers”
that impose a certain structure on information. Not only do these electronic databases take

Chapter 7:

Working with Databases and SQL

up less physical space than their wood-and-metal counterparts, but they also come packed
with tools to help users quickly filter and retrieve information using different criteria. In
particular, most electronic databases today are relational databases, which allow users to
define relationships between different database tables for more effective search and analysis.
There are a large number of database management systems currently available, some
commercial and some free. You’ve probably already heard of some of them: Oracle,
Microsoft Access, MySQL, and PostgreSQL. These database systems are powerful,
feature-rich software applications, capable of organizing and searching millions of records
at very high speeds; as such, they’re widely used by businesses and government offices,
often for mission-critical purposes.
Before getting into the nitty-gritty of manipulating database records with PHP, it’s
essential to first have a clear understanding of basic database concepts. If you’re new to
databases, the following sections provide a grounding in the basics and also let you get your
hands dirty with a practical exercise in Structured Query Language (SQL). This information
will be helpful to understand the more advanced material in subsequent sections.

Understanding Databases, Records, and Primary Keys
Every database is composed of one or more tables. These tables, which structure data into
rows and columns, impose organization on the data. Figure 7-1 illustrates a typical table.
This table contains sales figures for various locations, with each row, or record, holding
information for a different location and year. Each record is itself subdivided into columns,
or fields, with each field holding a different fragment of information. This tabular structure
makes it easy to search the table for records matching particular criteria: for example, all
locations with sales greater than $10,000, or sales for all locations in the year 2008.
The records in a table are not arranged in any particular order—they can be sorted
alphabetically, by year, by sales total, by location, or by any other criteria you choose
to specify. To make it easy to identify a specific record, therefore, it becomes necessary
ID

Figure 7-1

An example table

1
2
3
4
5
6
7
8
9
10
11
12

Year
2007
2007
2007
2007
2007
2007
2008
2008
2008
2008
2008
2008

Location
Dallas
Chicago
Washington
New York
Los Angeles
Boston
Dallas
Chicago
Washington
New York
Los Angeles
Boston

Sales ($)
9495
8574
12929
13636
8748
3478
15249
19433
3738
12373
16162
4745

187

188

PHP: A Beginner’s Guide
to add a unique identifying attribute to each record, such as a serial number or sequence
code. In the preceding example, each record is identified by a unique “record ID” field;
this field is referred to as the primary key for that table.

TIP
An easy way to understand these concepts is with an analogy. Think of a database as a
library, and each table as a bookshelf within this library. A record is thus the electronic
representation of a book on a shelf, with the title of the book serving as the record’s
primary key. In the absence of this title, it would be impossible to easily distinguish one
book from another. (The only way to do so would be to open each book and investigate
its contents—a time-consuming process, which the primary key helps you avoid!)

Once you’ve got information into a table, you typically want to use it to answer specific
questions—for example, how many locations had sales greater than $5000 in 2008? These
questions are known as queries, and the results returned by the database in response to these
queries are known as result sets. Queries are performed using the Structured Query Language.

Understanding Relationships and Foreign Keys
You already know that a single database can hold multiple tables. In a relational database
system, these tables can be linked to each other by one or more common fields, called
foreign keys. These foreign keys make it possible to create one-to-one or one-to-many
relationships between different tables, and combine data from multiple tables to create
more comprehensive result sets.
To illustrate, consider Figure 7-2, which shows three linked tables.
GenreID
1
2
3

GenreName
Horror
Crime
Romance

BookID
1
2
3
4
5
6
7
8

Figure 7-2

Table relationships

BookName
The Shining
Shutter Island
Pet Sematary
The Overlook
Sisters
Safe Harbour
Trunk Music
Blood Brothers

AuthorID
1
2
3
4
5

AuthorName
Stephen King
Danielle Steele
Dennis Lehane
Michael Connelly
Nora Roberts

GenreID AuthorID
1
1
3
2
1
1
4
1
2
3
2
3
4
1
5
3

Chapter 7:

Working with Databases and SQL

Figure 7-2 shows three tables, containing information on authors (Table A), genres
(Table G), and books (Table B) respectively. Tables G and B are fairly straightforward:
they contain a list of genre and author names respectively, with each record identified by a
unique primary key. Table B is a little more complex: each book in the table is linked to a
specific genre by means of the genre’s primary key (from Table G) and to a specific author
via the author’s primary key (from Table A).
By following these keys to their respective source tables, it’s easy to identify the author
and genre for a specific book. For example, it can be seen that the title “The Shining” is
written by “Stephen King” and belongs to the genre “Horror.” Similarly, starting from the
other end, it can be seen that the author “Michael Connelly” has written two books, “The
Overlook” and “Trunk Music.”
Relationships such as the ones seen in Figure 7-2 form the foundations of a relational
database system. Linking tables using foreign keys is also more efficient than the
alternative: while creating a single everything-but-the-kitchen-sink table to hold all your
information might appear convenient at first glance, updating such a table is always a
manual (and error-prone) process of finding every occurrence of a particular value and
replacing it with a new value. Breaking information up into independent tables and linking
these tables with foreign keys ensures that a particular piece of information appears
once, and only once, in your database; this eliminates redundancies, simplifies changes
(by localizing them to a single location), and makes the database more compact and
manageable.
The process of streamlining a database by defining and implementing one-to-one
and one-to-many relationships between its component tables is known as database
normalization, and it’s a key task faced by any database engineer when creating a new
database. In the normalization process, the database engineer also identifies crossrelationships and incorrect dependencies between tables, and optimizes data organization
so that SQL queries perform at their maximum efficiency. A number of normal forms
are available to help you test the extent to which your database is normalized; these
normal forms provide useful guidelines to help ensure that your database design is both
structurally consistent and efficient.

Understanding SQL Statements
Structured Query Language, or SQL, is the standard language used to communicate with
a database, add or change records and user privileges, and perform queries. The language,
which became an ANSI standard in 1989, is currently used by almost all of today’s
commercial RDBMSs.

189

190

PHP: A Beginner’s Guide
SQL statements fall into one of three categories:
●

Data Definition Language (DDL) DDL consists of statements that define the
structure and relationships of a database and its tables. Typically, these statements are
used to create, delete, and modify databases and tables; specify field names and types;
and set indexes.

●

Data Manipulation Language (DML) DML statements are related to altering
and extracting data from a database. These statements are used to add records to, and
delete records from, a database; perform queries; retrieve table records matching one
or more user-specified criteria; and join tables together using their common fields.

●

Data Control Language (DCL) DCL statements are used to define access levels
and security privileges for a database. You would use these statements to grant or deny
user privileges; assign roles; change passwords; view permissions; and create rulesets
to protect access to data.

SQL commands resemble spoken English, which makes the language easy to learn.
The syntax is quite intuitive as well: every SQL statement begins with an “action word,”
like DELETE, INSERT, ALTER, or DESCRIBE, and ends with a semicolon. Whitespace,
tabs, and carriage returns are ignored. Here are a few examples of valid SQL statements:
CREATE DATABASE library;
SELECT movie FROM movies WHERE rating > 4;
DELETE FROM cars WHERE year_of_manufacture < 1980;

Table 7-1 lists the syntax for some common SQL statements, with explanations.
SQL Statement

What It Does

CREATE DATABASE database-name

Creates a new database

CREATE TABLE table-name (field1, field2, ...)

Creates a new table

INSERT INTO table-name (field1, field2, ...)
VALUES (value1, value2, ...)

Inserts a new record into a table
with specified values

UPDATE table-name SET field1=value1,
field2=value2, ... [WHERE condition]

Updates records in a table with
new values

DELETE FROM table-name [WHERE condition]

Deletes records from a table

SELECT field1, field2, ... FROM table-name
[WHERE condition]

Retrieves matching records from
a table

RENAME table-name TO new-table-name

Renames a table

DROP TABLE table-name

Deletes a table

DROP DATABASE database-name

Deletes a database

Table 7-1

Common SQL Statements

Chapter 7:

Working with Databases and SQL

Ask the Expert
Q:
A:

How widely supported is SQL?

SQL is both an ANSI and ISO standard, and is widely supported by all standardscompliant SQL database systems. That said, many database vendors have also
extended “standard” SQL with proprietary extensions, in order to offer customers
an improved feature set or better performance. These extensions differ from vendor
to vendor, and SQL statements that use these extensions may not work in the same
fashion on all database systems. Therefore, it’s always wise to check your database
system’s documentation and understand which, if any, proprietary extensions it offers
and how these extensions affect the SQL statements that you write.

Try This 7-1

Creating and Populating a Database

Now that you’ve understood the basics, let’s try a hands-on exercise that should get you
familiar with using databases and SQL. In this section, you’ll use the interactive MySQL
command-line client to create a database and tables, add and edit records, and generate
result sets matching various criteria.

NOTE
Throughout the following exercise, boldface type indicates commands that you
should enter at the MySQL command-line prompt. Commands can be entered in
either uppercase or lowercase. Before beginning with the exercise, ensure that you
have installed, configured, and tested the MySQL database system according to the
instructions in Appendix A of this book.

Begin by starting up the MySQL command-line client and connecting to the MySQL
database with your username and password:
shell> mysql -u user -p
Password: ******

If all went well, you’ll see a welcome message and an interactive SQL prompt, like this:
mysql>

You can now proceed to enter SQL statements at this prompt. These statements will be
transmitted to, and executed on, the MySQL server, and the results will be displayed on
the lines following the prompt. Remember to end each statement with a semicolon.

(continued)

191

192

PHP: A Beginner’s Guide

Creating the Database
Since all tables are stored in a database, the first step is to create one, using the CREATE
DATABASE statement:
mysql> CREATE DATABASE music;
Query OK, 1 row affected (0.05 sec)

Next, select this newly minted database as the default for all future commands with
the USE statement:
mysql> USE music;
Database changed

Adding Tables
Once you’ve got your database initialized, it’s time to add some tables to it. The SQL
command to accomplish this is the CREATE TABLE statement, which requires a table
name and a detailed description of the table’s fields. Here’s an example:
mysql> CREATE TABLE artists (
-> artist_id INT(4) NOT NULL PRIMARY KEY AUTO_INCREMENT,
-> artist_name VARCHAR (50) NOT NULL,
-> artist_country CHAR (2) NOT NULL
-> );
Query OK, 0 rows affected (0.07 sec)

This statement creates a table named artists with three fields, artist_id, artist_name,
and artist_country. Notice that each field name is followed by a type declaration; this
declaration identifies the type of data that the field will hold, whether string, numeric,
temporal, or Boolean. MySQL supports a number of different data types, and the most
important ones are summarized in Table 7-2.
There are a few additional constraints (modifiers) that are set for the table in the
preceding statement:
●

The NOT NULL modifier ensures that the field cannot accept a NULL value after each
field definition.

●

The PRIMARY KEY modifier marks the corresponding field as the table’s primary key.

●

The AUTO_INCREMENT modifier, which is only available for numeric fields, tells
MySQL to automatically generate a value for this field every time a new record is
inserted into the table, by incrementing the previous value by 1.

Chapter 7:

Working with Databases and SQL

Field Type

Description

INT

A numeric type that can accept values in the range of –2147483648 to 2147483647

DECIMAL

A numeric type with support for floating-point or decimal numbers

DATE

A date field in the YYYY-MM-DD format

TIME

A time field in the HH:MM:SS format

DATETIME

A combined date/time type in the YYYY-MM-DD HH:MM:SS format

YEAR

A field specifically for year displays in the range 1901 to 2155, in either YYYY or YY formats

TIMESTAMP

A timestamp type, in YYYYMMDDHHMMSS format

CHAR

A string type with a maximum size of 255 characters and a fixed length

VARCHAR

A string type with a maximum size of 255 characters and a variable length

TEXT

A string type with a maximum size of 65535 characters

BLOB

A binary type for variable data

ENUM

A string type that can accept one value from a list of previously defined possible values

SET

A string type that can accept zero or more values from a set of previously defined possible values

Table 7-2

MySQL Data Types

Now, go ahead and create two more tables using these SQL statements:
mysql> CREATE TABLE ratings (
-> rating_id INT(2) NOT NULL PRIMARY KEY,
-> rating_name VARCHAR (50) NOT NULL
-> );
Query OK, 0 rows affected (0.13 sec)
mysql> CREATE TABLE songs (
-> song_id INT(4) NOT NULL PRIMARY KEY AUTO_INCREMENT,
-> song_title VARCHAR(100) NOT NULL,
-> fk_song_artist INT(4) NOT NULL,
-> fk_song_rating INT(2) NOT NULL
-> );
Query OK, 0 rows affected (0.05 sec)

Adding Records
Adding a record to a table is a simple matter of calling the INSERT statement with
appropriate values. Here’s an example, which adds a record to the artists table by
specifying values for the artist_id and artist_name fields:
mysql> INSERT INTO artists (artist_id, artist_name, artist_country)
-> VALUES ('1', 'Aerosmith', 'US');
Query OK, 1 row affected (0.00 sec)

(continued)

193

194

PHP: A Beginner’s Guide
You’ll remember, from the preceding section, that the artist_id field was marked with
the AUTO_INCREMENT flag. This is a MySQL extension to standard SQL, which tells
MySQL to automatically assign a value to this field if it’s left unspecified. To see this in
action, try adding another record using the following statement:
mysql> INSERT INTO artists (artist_name, artist_country)
-> VALUES ('Abba', 'SE');
Query OK, 1 row affected (0.00 sec)

In a similar vein, add some records to the ratings table:
mysql> INSERT INTO ratings (rating_id, rating_name) VALUES (4, 'Good');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO ratings (rating_id, rating_name) VALUES (5, 'Excellent');
Query OK, 1 row affected (0.00 sec)

And some to the songs table:
mysql> INSERT INTO songs (song_title, fk_song_artist, fk_song_rating)
-> VALUES ('Janie\'s Got A Gun', 1, 4);
Query OK, 1 row affected (0.04 sec)
mysql> INSERT INTO songs (song_title, fk_song_artist, fk_song_rating)
-> VALUES ('Crazy', 1, 5);
Query OK, 1 row affected (0.00 sec)

Notice that the records in the songs table are linked to records in the artists and ratings
tables via foreign keys. You’ll see these foreign key relationships in action in the next
section.

NOTE
The code archive for this book has a full list of SQL INSERT statements to populate the
three tables used in this exercise. Run these statements and complete building the tables
before proceeding to the next section.

Executing Queries
Once the data is in the database, it’s time to do something with it. SQL allows you to
search for records matching specific criteria using the SELECT statement. Here’s an
example, which returns all the records from the artists table:

Chapter 7:

Working with Databases and SQL

mysql> SELECT artist_id, artist_name FROM artists;
+-----------+-------------+
| artist_id | artist_name |
+-----------+-------------+
|
1 | Aerosmith
|
|
2 | Abba
|
|
3 | Timbaland
|
|
4 | Take That
|
|
5 | Girls Aloud |
|
6 | Cubanismo
|
+-----------+-------------+
6 rows in set (0.00 sec)

In most cases, you will want to add filters to your query, to reduce the size of your result
set and ensure that it contains only records matching certain criteria. This is accomplished
by adding a WHERE clause to your SELECT statement together with one or more conditional
expressions. Here’s an example, which lists only artists from the United States:
mysql> SELECT artist_id, artist_name FROM artists
-> WHERE artist_country = 'US';
+-----------+-------------+
| artist_id | artist_name |
+-----------+-------------+
|
1 | Aerosmith
|
|
3 | Timbaland
|
+-----------+-------------+
2 rows in set (0.00 sec)

All the standard comparison operators you’re already familiar with from PHP are
supported by SQL. The preceding example demonstrated the equality (=) operator; this
next one demonstrates the greater-than-or-equal-to (>=) operator, by listing all those songs
with ratings of 4 or higher:
mysql> SELECT song_title, fk_song_rating FROM songs
-> WHERE fk_song_rating >= 4;
+-------------------+----------------+
| song_title
| fk_song_rating |
+-------------------+----------------+
| Janie's Got A Gun |
4 |
| Crazy
|
5 |
| En Las Delicious |
5 |
| Pray
|
4 |
| Apologize
|
4 |
| SOS
|
4 |
| Dancing Queen
|
4 |
+-------------------+----------------+
7 rows in set (0.00 sec)

(continued)

195

196

PHP: A Beginner’s Guide
You can combine conditional expressions using the AND, OR, and NOT logical operators
(just like with regular PHP conditional statements). Here’s an example, which lists artists
from the United States or United Kingdom:
mysql> SELECT artist_name, artist_country FROM artists
-> WHERE artist_country = 'US'
-> OR artist_country = 'UK';
+-------------+----------------+
| artist_name | artist_country |
+-------------+----------------+
| Aerosmith
| US
|
| Timbaland
| US
|
| Take That
| UK
|
| Girls Aloud | UK
|
+-------------+----------------+
4 rows in set (0.02 sec)

Ordering and Limiting Result Sets
If you’d like to see the data from a table ordered by a specific field, SQL offers the ORDER
BY clause. This clause lets you define the field name to sort against and the sort direction
(ascending or descending).
For example, to see an alphabetically sorted song list, use the following SQL statement:
mysql> SELECT song_title FROM songs
-> ORDER BY song_title;
+---------------------------+
| song_title
|
+---------------------------+
| Another Crack In My Heart |
| Apologize
|
| Babe
|
| Crazy
|
| Dancing Queen
|
| En Las Delicious
|
| Gimme Gimme Gimme
|
| Janie's Got A Gun
|
| Pray
|
| SOS
|
| Sure
|
| Voulez Vous
|
+---------------------------+
12 rows in set (0.04 sec)

Chapter 7:

Working with Databases and SQL

To reverse-sort the list, add the additional DESC modifier, as in the next example:
mysql> SELECT song_title FROM songs
-> ORDER BY song_title DESC;
+---------------------------+
| song_title
|
+---------------------------+
| Voulez Vous
|
| Sure
|
| SOS
|
| Pray
|
| Janie's Got A Gun
|
| Gimme Gimme Gimme
|
| En Las Delicious
|
| Dancing Queen
|
| Crazy
|
| Babe
|
| Apologize
|
| Another Crack In My Heart |
+---------------------------+
12 rows in set (0.00 sec)

SQL also lets you limit how many records appear in the result set with the LIMIT
keyword, which accepts two parameters: the record offset to start at (beginning with 0)
and the number of records to display. For example, to display rows 4–9 (inclusive) of a
result set, use the following statement:
mysql> SELECT song_title FROM songs
-> ORDER BY song_title
-> LIMIT 3,6;
+-------------------+
| song_title
|
+-------------------+
| Crazy
|
| Dancing Queen
|
| En Las Delicious |
| Gimme Gimme Gimme |
| Janie's Got A Gun |
| Pray
|
+-------------------+
5 rows in set (0.00 sec)

Using Wildcards
The SQL SELECT statement also supports a LIKE clause, which can be used to search
within text fields using wildcards. There are two types of wildcards allowed in a LIKE

(continued)

197

198

PHP: A Beginner’s Guide
clause: the % character, which is used to signify zero or more occurrences of a character,
and the _ character, which is used to signify exactly one occurrence of a character.
The following example illustrates a LIKE clause in action, searching for song titles
with the character 'g' in them:
mysql> SELECT song_id, song_title FROM songs
-> WHERE song_title LIKE '%g%';
+---------+-------------------+
| song_id | song_title
|
+---------+-------------------+
|
1 | Janie's Got A Gun |
|
7 | Apologize
|
|
8 | Gimme Gimme Gimme |
|
10 | Dancing Queen
|
+---------+-------------------+
4 rows in set (0.00 sec)

Joining Tables
So far, all the queries you’ve seen have been concentrated on a single table. But SQL also
allows you to query two or more tables at a time, and display a combined result set. This
is technically referred to as a join, since it involves “joining” different tables at common
fields (the foreign keys) to create new views of the data.

TIP
When joining tables, prefix each field name with the name of the table it belongs to, in
order to avoid confusion in case fields in different tables share the same name.

Here’s an example of joining the songs and artists tables together using the common
artist_id field (the WHERE clause is used to map the common fields to each other):
mysql> SELECT song_id, song_title, artist_name FROM songs, artists
-> WHERE songs.fk_song_artist = artists.artist_id;
+---------+---------------------------+-------------+
| song_id | song_title
| artist_name |
+---------+---------------------------+-------------+
|
1 | Janie's Got A Gun
| Aerosmith
|
|
2 | Crazy
| Aerosmith
|
|
8 | Gimme Gimme Gimme
| Abba
|
|
9 | SOS
| Abba
|
|
10 | Dancing Queen
| Abba
|
|
11 | Voulez Vous
| Abba
|
|
7 | Apologize
| Timbaland
|
|
4 | Sure
| Take That
|

Chapter 7:

Working with Databases and SQL

|
5 | Pray
| Take That
|
|
6 | Another Crack In My Heart | Take That
|
|
12 | Babe
| Take That
|
|
3 | En Las Delicious
| Cubanismo
|
+---------+---------------------------+-------------+
12 rows in set (0.00 sec)

And here’s an example of joining all three tables together and then filtering the result set
even further to include only those songs with a rating of 4 or higher and with non-U.S. artists:
mysql> SELECT song_title, artist_name, rating_name
-> FROM songs, artists, ratings
-> WHERE songs.fk_song_artist = artists.artist_id
-> AND songs.fk_song_rating = ratings.rating_id
-> AND ratings.rating_id >= 4
-> AND artists.artist_country != 'US';
+------------------+-------------+-------------+
| song_title
| artist_name | rating_name |
+------------------+-------------+-------------+
| En Las Delicious | Cubanismo
| Excellent
|
| Pray
| Take That
| Good
|
| SOS
| Abba
| Good
|
| Dancing Queen
| Abba
| Good
|
+------------------+-------------+-------------+
4 rows in set (0.02 sec)

Modifying and Removing Records
Just as you INSERT records into a table, so too can you delete records with the DELETE
statement. Typically, you would select a specific subset of rows to be deleted by adding
the WHERE clause to the DELETE statement, as in the next example, which deletes all those
songs with a rating less than or equal to 3:
mysql> DELETE FROM songs
-> WHERE fk_song_rating <= 3;
Query OK, 5 rows affected (0.02 sec)

There’s also an UPDATE statement, which can be used to change the contents of a
record; this too accepts a WHERE clause, so that you can apply changes to only those
records matching specific criteria. Consider the following example, which changes the
rating 'Excellent' to 'Fantastic':
mysql> UPDATE ratings SET rating_name = 'Fantastic'
-> WHERE rating_name = 'Excellent';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

(continued)

199

200

PHP: A Beginner’s Guide
You can alter multiple fields by separating them with commas. Here’s an example that
updates a particular song record in the songs table, changing both its title and its rating:
mysql> UPDATE songs SET song_title = 'Waterloo',
-> fk_song_rating = 5
-> WHERE song_id = 9;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

Ask the Expert
Q:

I’m using ____ database and it doesn’t support the _____ field type. What do I
do now?

A:

Different databases have different syntax for field data types. For example, MySQL
calls integer fields INT, while SQLite calls the same fields INTEGER. However,
almost all databases will support—at a minimum—data types for integer values,
floating-point values, string values, binary values, and NULL values. All you need to
do is look up your database documentation and figure out the syntax to correctly use
these data types in your SQL statements.

Q:

Why do I need to list all the required fields in my SELECT statement? Can’t I use the
* wildcard to get back all available fields?

A:

While SQL does support the asterisk (*) wildcard to represent “all fields in a table,”
it is preferable to always explicitly name the fields that you would like to see in the
result set. This allows the application to survive structural changes in its table(s), and
is also usually more memory-efficient because the result set will not contain unwanted
or irrelevant data.

Using PHP’s MySQLi Extension
As explained previously, PHP allows developers to interact with databases in two ways:
by using a customized database-specific extension, or by using the database-neutral
PHP Data Objects (PDO) extension. While the PDO extension is more portable, many
developers still find it preferable to use the native database extension, especially when the
native extension offers better performance or more features than the PDO version.

Chapter 7:

Working with Databases and SQL

Of the various database engines supported by PHP, the most popular one by far is
MySQL. It’s not difficult to understand why: both PHP and MySQL are open-source
projects, and by using them together, developers can benefit from huge savings on the
licensing costs of commercial alternatives. Historically, too, PHP has offered out-ofthe-box support for MySQL since PHP 3, and it only makes sense to leverage off the
tremendous amount of thought PHP and MySQL developers have put into making sure
that the two packages work together seamlessly and smoothly.
In addition to supporting MySQL through the PHP Data Objects extension (discussed
in the next section), PHP also includes a custom MySQL extension named MySQL
Improved (MySQLi). This extension provides both speed and feature benefits over
the PDO version and is a good choice for MySQL-specific development projects. The
following sections discuss this extension in greater detail.

Retrieving Data
In the preceding section, you create a database table and used a SELECT query to retrieve
a result set from it. Now, do the same thing using PHP, as in the following script:
query($sql)) {
if ($result->num_rows > 0) {
while($row = $result->fetch_array()) {
echo $row[0] . ":" . $row[1] . "\n";
}
$result->close();
} else {
echo "No records matching your query were found.";
}
} else {
echo "ERROR: Could not execute $sql. " . $mysqli->error;
}
// close connection
$mysqli->close();
?>

201

202

PHP: A Beginner’s Guide

Figure 7-3

Retrieving records from a MySQL database with PHP

Figure 7-3 illustrates what the output of this script should look like.
As you can see, using PHP to get data from a database involves several steps, which
are described here:
1. In order to begin communication with the MySQL database server, you first need to

open a connection to the server. All communication between PHP and the database
server takes place through this connection.
In order to initialize this connection, initialize an instance of the MySQLi class and
pass the object constructor four arguments: the host name of the MySQL server to
connect to, a valid username and password to gain access to it, and the name of the
database to use.
Assuming the connection attempt is successful, this object instance represents the
database connection for all future operations and exposes methods for querying,
fetching, and processing result sets. If the connection attempt is unsuccessful, the
object instance will become false; an error message explaining the reason for failure
can now be obtained by calling the mysqli_connect_error() function.

TIP
If the database server and the Web server are both running on the same physical
machine, you can use localhost as the server name.

Chapter 7:

Working with Databases and SQL

2. The next step is to create and execute the SQL query. This is accomplished by calling

the MySQLi object’s query() method and passing it the query to be executed.
If the query was unsuccessful, the method returns Boolean false, and an error message
explaining the cause of failure is stored in the MySQLi object’s 'error' property.
3. If, on the other hand, the query is successful and returns one or more records, the return

value of the query() method is another object, this one an instance of the MySQLi_
Result class. This object represents the result set returned by the query, and it exposes
various methods for processing the individual records in the result set.
One such method is the fetch_array() method. Each time fetch_array()
is invoked, it returns the next record in the result set as an array. This makes the
fetch_array() method very suitable for use in a while or for loop. The loop
counter determines how many times the loop should run; this value is obtained from
the MySQLi_Result object’s 'num_rows' property, which stores the number of
rows returned by the query. Individual fields from the record can be accessed as array
elements, using either the field index or the field name.

CAUTION
The 'num_rows' property is only meaningful when used with queries that return data,
such as SELECT queries; it shouldn’t be used with INSERT, UPDATE, or DELETE queries.

4. Each result set returned after a query occupies some amount of memory. Thus, once the

result set has been processed, it’s a good idea to destroy the MySQLi_Result object,
and free up the used memory, by calling the object’s close() method. And once
you’ve completed working with the database, it’s also a good idea to destroy the main
MySQLi object in a similar manner, by calling its close() method.

Returning Records as Arrays and Objects
The preceding listing demonstrated one method of processing a result set: the fetch_
array() method of the MySQLi_Result object. This method returns each record from
the result set as an array containing both numerically indexed and string-indexed keys;
this allows developers the convenience of referring to individual fields of each record
either by index or by field name.
The preceding listing demonstrated how to retrieve individual fields using the field
index number. The following listing, which is equivalent to the preceding one, performs
the same task using field names:
query($sql)) {
if ($result->num_rows > 0) {
while($row = $result->fetch_array()) {
echo $row['artist_id'] . ":" . $row['artist_name'] . "\n";
}
$result->close();
} else {
echo "No records matching your query were found.";
}
} else {
echo "ERROR: Could not execute $sql. " . $mysqli->error;
}
// close connection
$mysqli->close();
?>

However, there’s also a third way of retrieving records: as objects, using the fetch_
object() method. Here, each record is represented as an object, and the fields of a
record are represented as object properties. Individual fields can then be accessed using
standard $object->property notation. The following listing illustrates this approach:
query($sql)) {
if ($result->num_rows > 0) {
while($row = $result->fetch_object()) {
echo $row->artist_id . ":" . $row->artist_name . "\n";
}

Chapter 7:

Working with Databases and SQL

$result->close();
} else {
echo "No records matching your query were found.";
}
} else {
echo "ERROR: Could not execute $sql. " . $mysqli->error;
}
// close connection
$mysqli->close();
?>

Adding or Modifying Data
It’s equally simple to perform a query that changes the data in the database, be it an
INSERT, UPDATE, or DELETE. The following example illustrates, by adding a new record
to the artists table:
query($sql) === true) {
echo 'New artist with id:' . $mysqli->insert_id . ' added.';
} else {
echo "ERROR: Could not execute query: $sql. " . $mysqli->error;
}
// close connection
$mysqli->close();
?>

As you’ll see, this is not very different from the programming needed to perform a
SELECT query. In fact, it’s a little simpler because there’s no result set to process; all
that’s needed is to test the return value of the query() method and check if the query was
successfully executed or not. Notice also the use of a new property, the 'insert_id'

205

206

PHP: A Beginner’s Guide
property: this property returns the ID generated by the last INSERT query (only useful if
the table into which the INSERT occurred contained an auto-incrementing field).
How about updating an existing record? All that’s needed is to change the SQL
query string:
query($sql) === true) {
echo $mysqli->affected_rows . ' row(s) updated.';
} else {
echo "ERROR: Could not execute query: $sql. " . $mysqli->error;
}
// close connection
$mysqli->close();
?>

When performing an UPDATE or DELETE, the number of rows affected by the
statement will be stored in the MySQLi object’s 'affected_rows' property. The
preceding listing shows this property in use.

Using Prepared Statements
In the event that you need to execute a particular query multiple times with different
values—for example, a series of INSERT statements—the MySQL database server
supports prepared statements, which offer a more efficient means of accomplishing this
task than repeatedly calling the $mysqli->query() method.
Essentially, a prepared statement is an SQL query template containing placeholder
variables for the values to be inserted or modified. This statement is stored on the database
server and invoked as often as needed, with the placeholders replaced with actual values
on each execution. Because the statement is stored on the database server, a prepared
statement is typically faster for batch operations that involve running the same SQL query
over and over with different values.

Chapter 7:

Working with Databases and SQL

Ask the Expert
Q:
A:

How do prepared statements offer better performance?

In the normal course, every time an SQL statement is executed on the database server,
the server must parse the SQL code and check its syntax and structure before allowing
it to execute. With a prepared statement, the SQL statement is stored in a temporary
location on the database server and thus only needs to be parsed and validated once.
Further, every time the statement is executed, only the placeholder values need to be
transmitted to the server instead of the complete statement.

To see a prepared statement in action, consider the following script, which inserts
multiple songs into the database using a prepared statement with PHP’s MySQLi
extension:
prepare($sql)) {
foreach ($songs as $s) {
$stmt->bind_param('sii', $s[0], $s[1], $s[2]);
if ($stmt->execute()) {
echo "New song with id: " . $mysqli->insert_id . " added.\n";
} else {
echo "ERROR: Could not execute query: $sql. " . $mysqli->error;
}
}

207

208

PHP: A Beginner’s Guide
} else {
echo "ERROR: Could not prepare query: $sql. " . $mysqli->error;
}
// close connection
$mysqli->close();
?>

As this listing illustrates, using a prepared statement involves a different procedure
from the one you’re used to seeing from previous examples.
To use a prepared statement, it is necessary to first define the SQL query string
that will be executed multiple times. This query string typically contains one or more
placeholders, denoted by question marks (?). These placeholders will be replaced by
actual values on each execution of the statement. The query string with its placeholders is
then passed to the MySQLi object’s prepare() method, which checks the SQL for errors
and returns a MySQLi_Stmt object representing the prepared statement.
Executing the prepared statement is now a matter of performing two actions, usually
within a loop:
1. Bind the values to the prepared statement. The values to be interpolated into the

statement must be bound to their placeholders with the MySQLi_Stmt object’s
bind_param() method. The first argument to this method must be an ordered
string sequence indicating the data types of the values to be interpolated (s for string,
i for integer, d for double-precision number); this argument is then followed by the
actual values. In the preceding listing, the string 'sii' indicates that the values to be
interpolated into the prepared statement will be, in sequence, a string type (the song
title), an integer type (the artist foreign key), and an integer type (the rating foreign key).
2. Execute the prepared statement. Once the values have been bound to their placeholders,

the prepared statement is executed by calling MySQLi_Stmt object’s execute()
method. This method replaces the placeholders in the prepared statement with actual
values and executes it on the server.
Thus, using a prepared statement offers performance benefits when you need to execute
the same statement multiple times, with only the values changing on each execution.
Most popular databases, including MySQL, PostgreSQL, Oracle, and InterBase, support
prepared statements, and this feature should be used where available to make your SQL
batch operations more efficient.

Chapter 7:

Working with Databases and SQL

Handling Errors
If your database code doesn’t work as expected, don’t worry—the MySQLi extension
comes with a bunch of functions that can tell you why. You’ve already seen these in action
at various places in previous listings, but here’s a complete list:
●

The MySQLi object’s 'error' property holds the last error message generated by the
database server.

●

The MySQLi object’s 'errno' property holds the last error code returned by the
database server.

●

The mysqli_connect_error() function returns the error message generated by
the last (failed) connection attempt.

●

The mysqli_connect_errno() function returns the error code generated by the
last (failed) connection attempt.

TIP
To make your application more robust to errors, and to make it easier to find and
resolve bugs, it’s a good idea to use these error-handling functions liberally within
your code.

Try This 7-2

Adding Employees to a Database

Now that you know the basics of using PHP’s MySQLi extension, let’s apply what you
learned in the preceding section to a “real” application. The application here is a Web
form, which allows a user to enter employee names and designations into a MySQL-based
employee database. Values entered into the form are validated and sanitized using PHP,
and transformed into database records using the PHP MySQLi extension.
To begin building this application, first fire up your MySQL command-line client and
initialize an empty database:
mysql> CREATE DATABASE employees;
Query OK, 1 row affected (0.20 sec)

Next, create a table to hold the employee records:
mysql> USE employees;
Database changed
mysql> CREATE TABLE employees (

(continued)

209

210

PHP: A Beginner’s Guide
-> id INT(4) NOT NULL AUTO_INCREMENT PRIMARY KEY,
-> name VARCHAR(255) NOT NULL,
-> designation VARCHAR(255) NOT NULL
-> );
Query OK, 0 rows affected (0.26 sec)

All done? The next step is to build a Web form to accept employee data—in this case,
each employee’s name and designation. On submission, the form processor will check the
input and, if valid, generate an INSERT query to write it to the database table created in
the preceding step.
Here’s the script (employee.php):







Project 7-2: Adding Employees to a Database
Add New Employee
';
// retrieve and check input values
$inputError = false;
if (empty($_POST['emp_name'])) {

Chapter 7:

Working with Databases and SQL

echo 'ERROR: Please enter a valid employee name';
$inputError = true;
} else {
$name = $mysqli->escape_string($_POST['emp_name']);
}
if ($inputError != true && empty($_POST['emp_desig'])) {
echo 'ERROR: Please enter a valid employee designation';
$inputError = true;
} else {
$designation = $mysqli->escape_string($_POST['emp_desig']);
}
// add values to database using INSERT query
if ($inputError != true) {
$sql = "INSERT INTO employees (name, designation)
VALUES ('$name', '$designation')";
if ($mysqli->query($sql) === true) {
echo 'New employee record added with ID: ' . $mysqli->insert_id;
} else {
echo "ERROR: Could not execute query: $sql. " . $mysqli->error;
}
}
// close message block
echo '