You are previewing Programming PHP, 3rd Edition.

Programming PHP, 3rd Edition

Cover of Programming PHP, 3rd Edition by Kevin Tatroe... Published by O'Reilly Media, Inc.
  1. Dedication
  2. Special Upgrade Offer
  3. Foreword
  4. Preface
    1. Audience
    2. Assumptions This Book Makes
    3. Contents of This Book
    4. Conventions Used in This Book
    5. Using Code Examples
    6. Safari® Books Online
    7. How to Contact Us
    8. Acknowledgments
      1. Kevin Tatroe
      2. Peter MacIntyre
  5. 1. Introduction to PHP
    1. What Does PHP Do?
    2. A Brief History of PHP
      1. The Evolution of PHP
      2. The Widespread Use of PHP
    3. Installing PHP
    4. A Walk Through PHP
      1. Configuration Page
      2. Forms
      3. Databases
      4. Graphics
  6. 2. Language Basics
    1. Lexical Structure
      1. Case Sensitivity
      2. Statements and Semicolons
      3. Whitespace and Line Breaks
      5. Literals
      6. Identifiers
      7. Keywords
    2. Data Types
      1. Integers
      2. Floating-Point Numbers
      3. Strings
      4. Booleans
      5. Arrays
      6. Objects
      7. Resources
      8. Callbacks
      9. NULL
    3. Variables
      1. Variable Variables
      2. Variable References
      3. Variable Scope
      4. Garbage Collection
    4. Expressions and Operators
      1. Number of Operands
      2. Operator Precedence
      3. Operator Associativity
      4. Implicit Casting
      5. Arithmetic Operators
      6. String Concatenation Operator
      7. Auto-increment and Auto-decrement Operators
      8. Comparison Operators
      9. Bitwise Operators
      10. Logical Operators
      11. Casting Operators
      12. Assignment Operators
      13. Miscellaneous Operators
    5. Flow-Control Statements
      1. if
      2. switch
      3. while
      4. for
      5. foreach
      6. try...catch
      7. declare
      8. exit and return
      9. goto
    6. Including Code
    7. Embedding PHP in Web Pages
      1. Standard (XML) Style
      2. SGML Style
      3. ASP Style
      4. Script Style
      5. Echoing Content Directly
  7. 3. Functions
    1. Calling a Function
    2. Defining a Function
    3. Variable Scope
      1. Global Variables
      2. Static Variables
    4. Function Parameters
      1. Passing Parameters by Value
      2. Passing Parameters by Reference
      3. Default Parameters
      4. Variable Parameters
      5. Missing Parameters
      6. Type Hinting
    5. Return Values
    6. Variable Functions
    7. Anonymous Functions
  8. 4. Strings
    1. Quoting String Constants
      1. Variable Interpolation
      2. Single-Quoted Strings
      3. Double-Quoted Strings
      4. Here Documents
    2. Printing Strings
      1. echo
      2. print()
      3. printf()
      4. print_r() and var_dump()
    3. Accessing Individual Characters
    4. Cleaning Strings
      1. Removing Whitespace
      2. Changing Case
    5. Encoding and Escaping
      1. HTML
      2. URLs
      3. SQL
      4. C-String Encoding
    6. Comparing Strings
      1. Exact Comparisons
      2. Approximate Equality
    7. Manipulating and Searching Strings
      1. Substrings
      2. Miscellaneous String Functions
      3. Decomposing a String
      4. String-Searching Functions
    8. Regular Expressions
      1. The Basics
      2. Character Classes
      3. Alternatives
      4. Repeating Sequences
      5. Subpatterns
      6. Delimiters
      7. Match Behavior
      8. Character Classes
      9. Anchors
      10. Quantifiers and Greed
      11. Noncapturing Groups
      12. Backreferences
      13. Trailing Options
      14. Inline Options
      15. Lookahead and Lookbehind
      16. Cut
      17. Conditional Expressions
      18. Functions
      19. Differences from Perl Regular Expressions
  9. 5. Arrays
    1. Indexed Versus Associative Arrays
    2. Identifying Elements of an Array
    3. Storing Data in Arrays
      1. Adding Values to the End of an Array
      2. Assigning a Range of Values
      3. Getting the Size of an Array
      4. Padding an Array
    4. Multidimensional Arrays
    5. Extracting Multiple Values
      1. Slicing an Array
      2. Splitting an Array into Chunks
      3. Keys and Values
      4. Checking Whether an Element Exists
      5. Removing and Inserting Elements in an Array
    6. Converting Between Arrays and Variables
      1. Creating Variables from an Array
      2. Creating an Array from Variables
    7. Traversing Arrays
      1. The foreach Construct
      2. The Iterator Functions
      3. Using a for Loop
      4. Calling a Function for Each Array Element
      5. Reducing an Array
      6. Searching for Values
    8. Sorting
      1. Sorting One Array at a Time
      2. Natural-Order Sorting
      3. Sorting Multiple Arrays at Once
      4. Reversing Arrays
      5. Randomizing Order
    9. Acting on Entire Arrays
      1. Calculating the Sum of an Array
      2. Merging Two Arrays
      3. Calculating the Difference Between Two Arrays
      4. Filtering Elements from an Array
    10. Using Arrays
      1. Sets
      2. Stacks
    11. Iterator Interface
  10. 6. Objects
    1. Terminology
    2. Creating an Object
    3. Accessing Properties and Methods
    4. Declaring a Class
      1. Declaring Methods
      2. Declaring Properties
      3. Declaring Constants
      4. Inheritance
      5. Interfaces
      6. Traits
      7. Abstract Methods
      8. Constructors
      9. Destructors
    5. Introspection
      1. Examining Classes
      2. Examining an Object
      3. Sample Introspection Program
    6. Serialization
  11. 7. Web Techniques
    1. HTTP Basics
    2. Variables
    3. Server Information
    4. Processing Forms
      1. Methods
      2. Parameters
      3. Self-Processing Pages
      4. Sticky Forms
      5. Multivalued Parameters
      6. Sticky Multivalued Parameters
      7. File Uploads
      8. Form Validation
    5. Setting Response Headers
      1. Different Content Types
      2. Redirections
      3. Expiration
      4. Authentication
    6. Maintaining State
      1. Cookies
      2. Sessions
      3. Combining Cookies and Sessions
    7. SSL
  12. 8. Databases
    1. Using PHP to Access a Database
    2. Relational Databases and SQL
      1. PHP Data Objects
    3. MySQLi Object Interface
      1. Retrieving Data for Display
    4. SQLite
    5. Direct File-Level Manipulation
    6. MongoDB
      1. Retrieving Data
      2. Inserting More Complex Data
  13. 9. Graphics
    1. Embedding an Image in a Page
    2. Basic Graphics Concepts
    3. Creating and Drawing Images
      1. The Structure of a Graphics Program
      2. Changing the Output Format
      3. Testing for Supported Image Formats
      4. Reading an Existing File
      5. Basic Drawing Functions
    4. Images with Text
      1. Fonts
      2. TrueType Fonts
    5. Dynamically Generated Buttons
      1. Caching the Dynamically Generated Buttons
      2. A Faster Cache
    6. Scaling Images
    7. Color Handling
      1. Using the Alpha Channel
      2. Identifying Colors
      3. True Color Indexes
      4. Text Representation of an Image
  14. 10. PDF
    1. PDF Extensions
    2. Documents and Pages
      1. A Simple Example
      2. Initializing the Document
      3. Outputting Basic Text Cells
    3. Text
      1. Coordinates
      2. Text Attributes
      3. Page Headers, Footers, and Class Extension
      4. Images and Links
      5. Tables and Data
  15. 11. XML
    1. Lightning Guide to XML
    2. Generating XML
    3. Parsing XML
      1. Element Handlers
      2. Character Data Handler
      3. Processing Instructions
      4. Entity Handlers
      5. Default Handler
      6. Options
      7. Using the Parser
      8. Errors
      9. Methods as Handlers
      10. Sample Parsing Application
    4. Parsing XML with DOM
    5. Parsing XML with SimpleXML
    6. Transforming XML with XSLT
  16. 12. Security
    1. Filter Input
    2. Cross-Site Scripting
      1. SQL Injection
    3. Escape Output
      1. Filenames
    4. Session Fixation
    5. File Uploads
      1. Distrust Browser-Supplied Filenames
      2. Beware of Filling Your Filesystem
      3. Surviving register_globals
    6. File Access
      1. Restrict Filesystem Access to a Specific Directory
      2. Get It Right the First Time
      3. Don’t Use Files
      4. Session Files
      5. Concealing PHP Libraries
    7. PHP Code
    8. Shell Commands
    9. More Information
    10. Security Recap
  17. 13. Application Techniques
    1. Code Libraries
    2. Templating Systems
    3. Handling Output
      1. Output Buffering
      2. Compressing Output
    4. Error Handling
      1. Error Reporting
      2. Error Suppression
      3. Triggering Errors
      4. Defining Error Handlers
    5. Performance Tuning
      1. Benchmarking
      2. Profiling
      3. Optimizing Execution Time
      4. Optimizing Memory Requirements
      5. Reverse Proxies and Replication
  18. 14. PHP on Disparate Platforms
    1. Writing Portable Code for Windows and Unix
      1. Determining the Platform
      2. Handling Paths Across Platforms
      3. The Server Environment
      4. Sending Mail
      5. End-of-Line Handling
      6. End-of-File Handling
      7. External Commands
      8. Common Platform-Specific Extensions
    2. Interfacing with COM
      1. Background
      2. PHP Functions
      3. Determining the API
  19. 15. Web Services
    1. REST Clients
      1. Responses
      2. Retrieving Resources
      3. Updating Resources
      4. Creating Resources
      5. Deleting Resources
    2. XML-RPC
      1. Servers
      2. Clients
  20. 16. Debugging PHP
    1. The Development Environment
    2. The Staging Environment
    3. The Production Environment
    4. php.ini Settings
    5. Manual Debugging
    6. Error Log
    7. IDE Debugging
    8. Additional Debugging Techniques
  21. 17. Dates and Times
  22. A. Function Reference
    1. PHP Functions by Category
      1. Arrays
      2. Classes and Objects
      3. Date and Time
      4. Directories
      5. Errors and Logging
      6. Program Execution
      7. Filesystem
      8. Data Filtering
      9. Functions
      10. PHP Options/Info
      11. Mail
      12. Math
      13. Miscellaneous Functions
      14. Network
      15. Output Buffering
      16. Session Handling
      17. Streams
      18. Strings
      19. PHP Language Tokenizer
      20. URLs
      21. Variables
    2. Alphabetical Listing of PHP Functions
  23. Index
  24. About the Authors
  25. Colophon
  26. Special Upgrade Offer
  27. Copyright

A Brief History of PHP

Rasmus Lerdorf first conceived of PHP in 1994, but the PHP that people use today is quite different from the initial version. To understand how PHP got where it is today, it is useful to know the historical evolution of the language. Here’s that story, with ample comments and emails from Rasmus himself.

The Evolution of PHP

Here is the PHP 1.0 announcement that was posted to the Usenet newsgroup comp.infosystems.www.authoring.cgi in June 1995:

    From: (Rasmus Lerdorf)
    Subject: Announce: Personal Home Page Tools (PHP Tools)
    Date: 1995/06/08
    Message-ID: <3r7pgp$>#1/1
    organization: none
    newsgroups: comp.infosystems.www.authoring.cgi

    Announcing the Personal Home Page Tools (PHP Tools) version 1.0.

    These tools are a set of small tight cgi binaries written in C.
    They perform a number of functions including:

    . Logging accesses to your pages in your own private log files
    . Real-time viewing of log information
    . Providing a nice interface to this log information
    . Displaying last access information right on your pages
    . Full daily and total access counters
    . Banning access to users based on their domain
    . Password protecting pages based on users' domains
    . Tracking accesses ** based on users' e-mail addresses **
    . Tracking referring URL's - HTTP_REFERER support
    . Performing server-side includes without needing server support for it
    . Ability to not log accesses from certain domains (ie. your own)
    . Easily create and display forms
    . Ability to use form information in following documents

    Here is what you don't need to use these tools:

    . You do not need root access - install in your ~/public_html dir
    . You do not need server-side includes enabled in your server
    . You do not need access to Perl or Tcl or any other script interpreter
    . You do not need access to the httpd log files

    The only requirement for these tools to work is that you have
    the ability to execute your own cgi programs.  Ask your system
    administrator if you are not sure what this means.

    The tools also allow you to implement a guestbook or any other
    form that needs to write information and display it to users
    later in about 2 minutes.

    The tools are in the public domain distributed under the GNU
    Public License.  Yes, that means they are free!

    For a complete demonstration of these tools, point your browser

    Rasmus Lerdorf

Note that the URL and email address shown in this message are long gone. The language of this announcement reflects the concerns that people had at the time, such as password-protecting pages, easily creating forms, and accessing form data on subsequent pages. The announcement also illustrates PHP’s initial positioning as a framework for a number of useful tools.

The announcement talks only about the tools that came with PHP, but behind the scenes the goal was to create a framework to make it easy to extend PHP and add more tools. The business logic for these add-ons was written in C—a simple parser picked tags out of the HTML and called the various C functions. It was never in the plan to create a scripting language.

So what happened?

Rasmus started working on a rather large project for the University of Toronto that needed a tool to pull together data from various places and present a nice web-based administration interface. Of course, he used PHP for the task, but for performance reasons, the various small tools of PHP 1 had to be brought together better and integrated into the web server.

Initially, some hacks to the NCSA web server were made, to patch it to support the core PHP functionality. The problem with this approach was that as a user, you had to replace your web server software with this special, hacked-up version. Fortunately, Apache was starting to gain momentum around this time, and the Apache API made it easier to add functionality like PHP to the server.

Over the next year or so, a lot was done and the focus changed quite a bit. Here’s the PHP 2.0 (PHP/FI) announcement that was sent out in April 1996:

    From: (Rasmus Lerdorf)
    Subject: ANNOUNCE: PHP/FI Server-side HTML-Embedded Scripting Language
    Date: 1996/04/16
    Newsgroups: comp.infosystems.www.authoring.cgi

    PHP/FI is a server-side HTML embedded scripting language.  It has built-in
    access logging and access restriction features and also support for
    embedded SQL queries to mSQL and/or Postgres95 backend databases.

    It is most likely the fastest and simplest tool available for creating
    database-enabled web sites.

    It will work with any UNIX-based web server on every UNIX flavour out
    there.  The package is completely free of charge for all uses including

    Feature List:

    . Access Logging
      Log every hit to your pages in either a dbm or an mSQL database.
      Having hit information in a database format makes later analysis easier.
    . Access Restriction
      Password protect your pages, or restrict access based on the refering URL
      plus many other options.
    . mSQL Support
      Embed mSQL queries right in your HTML source files
    . Postgres95 Support
      Embed Postgres95 queries right in your HTML source files
    . DBM Support
      DB, DBM, NDBM and GDBM are all supported
    . RFC-1867 File Upload Support
      Create file upload forms
    . Variables, Arrays, Associative Arrays
    . User-Defined Functions with static variables + recursion
    . Conditionals and While loops
      Writing conditional dynamic web pages could not be easier than with
      the PHP/FI conditionals and looping support
    . Extended Regular Expressions
      Powerful string manipulation support through full regexp support
    . Raw HTTP Header Control
      Lets you send customized HTTP headers to the browser for advanced
      features such as cookies.
    . Dynamic GIF Image Creation
      Thomas Boutell's GD library is supported through an easy-to-use set of

    It can be downloaded from the File Archive at: <URL:>

    Rasmus Lerdorf

This was the first time the term “scripting language” was used. PHP 1’s simplistic tag-replacement code was replaced with a parser that could handle a more sophisticated embedded tag language. By today’s standards, the tag language wasn’t particularly sophisticated, but compared to PHP 1 it certainly was.

The main reason for this change was that few people who used PHP 1 were actually interested in using the C-based framework for creating add-ons. Most users were much more interested in being able to embed logic directly in their web pages for creating conditional HTML, custom tags, and other such features. PHP 1 users were constantly requesting the ability to add the hit-tracking footer or send different HTML blocks conditionally. This led to the creation of an if tag. Once you have if, you need else as well, and from there it’s a slippery slope to the point where, whether you want to or not, you end up writing an entire scripting language.

By mid-1997, PHP version 2 had grown quite a bit and had attracted a lot of users, but there were still some stability problems with the underlying parsing engine. The project was also still mostly a one-man effort, with a few contributions here and there. At this point, Zeev Suraski and Andi Gutmans in Tel Aviv, Israel, volunteered to rewrite the underlying parsing engine, and we agreed to make their rewrite the base for PHP version 3. Other people also volunteered to work on other parts of PHP, and the project changed from a one-person effort with a few contributors to a true open source project with many developers around the world.

Here is the PHP 3.0 announcement from June 1998:

    June 6, 1998 -- The PHP Development Team announced the release of PHP 3.0,
    the latest release of the server-side scripting solution already in use on
    over 70,000 World Wide Web sites.

    This all-new version of the popular scripting language includes support
    for all major operating systems (Windows 95/NT, most versions of Unix,
    and Macintosh) and web servers (including Apache, Netscape servers,
    WebSite Pro, and Microsoft Internet Information Server).

    PHP 3.0 also supports a wide range of databases, including Oracle, Sybase, Solid,
    MySQ, mSQL, and PostgreSQL, as well as ODBC data sources.

    New features include persistent database connections, support for the
    SNMP and IMAP protocols, and a revamped C API for extending the language
    with new features.

    "PHP is a very programmer-friendly scripting language suitable for
    people with little or no programming experience as well as the
    seasoned web developer who needs to get things done quickly.  The
    best thing about PHP is that you get results quickly," said
    Rasmus Lerdorf, one of the developers of the language.

    "Version 3 provides a much more powerful, reliable, and efficient
    implementation of the language, while maintaining the ease of use and
    rapid development that were the key to PHP's success in the past,"
    added Andi Gutmans, one of the implementors of the new language core.

    "At Circle Net we have found PHP to be the most robust platform for
    rapid web-based application development available today," said Troy
    Cobb, Chief Technology Officer at Circle Net, Inc.  "Our use of PHP
    has cut our development time in half, and more than doubled our client
    satisfaction.  PHP has enabled us to provide database-driven dynamic
    solutions which perform at phenomenal speeds."

    PHP 3.0 is available for free download in source form and binaries for
    several platforms at

    The PHP Development Team is an international group of programmers who
    lead the open development of PHP and related projects.

    For more information, the PHP Development Team can be contacted at

After the release of PHP 3.0, usage really started to take off. Version 4 was prompted by a number of developers who were interested in making some fundamental changes to the architecture of PHP. These changes included abstracting the layer between the language and the web server, adding a thread-safety mechanism, and adding a more advanced, two-stage parse/execute tag-parsing system. This new parser, primarily written by Zeev and Andi, was named the Zend engine. After a lot of work by a lot of developers, PHP 4.0 was released on May 22, 2000.

As this book goes to press, PHP version 5.4 has been released for some time. There have already been a few minor “dot” releases, and the stability of this current version is quite high. As you will see in this book, there have been some major advances made in this version of PHP. XML, object orientation, and SQLite are among the major updates. Many other minor changes, function additions, and feature enhancements have also been incorporated.

The Widespread Use of PHP

Figure 1-1 shows the usage of PHP as collected by W3Techs as of May 2012. The most interesting portion of data here is the almost 78% of usage on all the surveyed websites. If you look at the methodology used in their surveys, you will see that they select the top 1 million sites (based on traffic) in the world. As is evident, PHP has a very broad adoption indeed!

PHP usage as of May 2012
Figure 1-1. PHP usage as of May 2012

The best content for your career. Discover unlimited learning on demand for around $1/day.