Professional WEB Development Blog

PHP Functions

When I was beginning to learn programming in Pascal, for a long time I could not fathom what functions were needed for. All my programs had flat structure without branchings or any kind. But once I ran into a problem: I had to write a program whose code looked like shown in next code.

print("Select one of the actions<BR>");

print("===========================<BR>");
print("Search <BR>");
print("===========================<BR>");

print("===========================<BR>");
print("Print <BR>");
print("===========================<BR>");

print("===========================<BR>");
print("Exit <BR>");
print("===========================<BR>");

Terminating Programs

Sometimes a situation will arise when a loop execution has to be terminated. Quite often, this is necessary when an error occurs and further execution may have serious consequences. For example, the required file is not available or a user provided wrong parameters. In either case, further script execution may display confidential information or perform some other undesirable actions. Do not experiment in such case and stop the script execution.

Script execution can be interrupted with the exit() function. Script execution is terminated at once when this command is executed. The die() command is an alias for exit(), and both command allow a message to be displayed in the browser to be specified as a parameter. Consider the following classical example of connecting to a database:

PHP Web Hosting

If you are looking for the key to your website design then PHP, PHP Hypertext Processor, just might be the thing. PHP is one of the most popular open source scripting languages and with it you will be able to create beautifully designed dynamic websites. One of its biggest advantages is that it is so very easy to use that even the most inexperienced web developer will be able to use it. Why make life more difficult than it has to be?

PHP and Web Development

As PHP is open source it is also free and to that it will match all of your web design requirements. When looking at PHP Hosting you will quickly notice that it is usually part of a web hosting package known as LAMP for Linux, Apache, MySQL and PHP. Linux is the operating system that is being used, Apache is the web server software, MySQL is the database management system that you will be using and PHP is nothing less than the programming language.

Loops in PHP

Loops are important program flow control. For example, the problem of raising a number to a power that we used as an example when considering the switch statement, can be solved much easier and more efficient using one of the loop statements. A number is raised to a certain power by multiplying it by itself this number of times. For example, the operation of raising 2 to the power of 3 can be written as follows: 2*2*2. But what if a number has to be raised to the power of 100? This task is somewhat more difficult. Even more difficult is the problem when the power is not known in advance. Here is where loops come to the rescue.

The most often used loop is the for loop. It is also the easiest to understand, so we start our study of loops with it. In the general format it looks as the following:

for (start counter value; end counter value; counter step)
 Statements

Let's use the for loop to raise a number to a power. The code for this may look like the following:

Controlling Program Execution

It is a rare program that simply executes from the beginning to the end, because in most cases there are some conditions that can change the program execution flow. Thus, these conditions have to be checked and reacted to in one way or another. Let's consider an example of a site's main page. When a user visits the site for the first time, he or she can be shown some additional information or greeted with some funny presentation to get him interested in the site. For succeeding visits by the same user, the presentation is no longer shown. The script logic for these actions will be something like the following:

• If visiting for the first time, show the presentation before showing the main page.
• Otherwise, show the main page right away.

As another example, we have to do numerous checks to ensure that a script is reliable and secure. For example, if a script is intended to send a mail message, it is a good idea to check whether the address is specified correctly before mailing the message. Here, the logic can be the following:

• If the address format is valid, mail the message.
• Otherwise, don't and issue an error message.

Constants in PHP

Constants are similar to variables in that they are named memory locations holding certain values; unlike variables, however, once a constant was assigned a value at its declaration, it cannot be changed during script execution.

Constants are used to store some frequently used numbers or strings. For example, your site may be programmed for 640-pixel wide pages and you want to switch to using 800-pixel wide pages. If you used number 640 explicitly in your code, you will have to find all instances it was used in the code and change it. Even though this task can be automated, there is no guarantee that you will find all the numbers that need to be changed or not change a number 640 referring to something other than the page width. Instead of using the number 640 explicitly, you can declare a constant, for example $PgWdth, at the beginning of the file, set it to 640, and then use the constant throughout the file wherever you need to use number 640. Then, if you need to change 640 to 800, all you need to do is to reassign the value of the constant $PgWdth to 800 once at the beginning of the file.

I recommend always using constants or at least variables if a number or a string is used more than once in the code. These constants and variables can be stored in a separate file, which can then be included into the PHP files using these constants or variables. Based on my personal experience, I can tell that using constants can make software maintenance and modification significantly easier.

Input Validation

Input Validation is the primary task for every security specialist and software (web) developer. I will describe the problem using web development because it is my passion. Web programs get data from users using parameters. The parameters it is an entry point to your application. Hackers may impact on the parameters to impact on your application to intrude to your system. Parameters are the gate between your application and users. You have to take the gate protected and your application will be secure.

Input validation is not only security issue but it is the main one. You have to provide proper input data validation to make your system protected. There is no single solution to make the parameters secure. It depends on your application and how you use the data.

Assume all input is malicious. Do not trust to data received from users. Trust only to data received personally from you or your code that already checked the values. Other values must be checked.

PHP Main Operations

Variables are created to perform some operations on them. At present, we will consider only the following simple mathematical operations:

• + (addition)
• - (subtraction)
• * (multiplication)
• / (division)

As is common in mathematics, mathematical operations in PHP are performed in the order of operator precedence. Multiplication and division are performed before addition and subtraction. Consider the following classical example:

$index = 2 + 2 * 2;

If you ask, for example, a third-grader to evaluate the above expression, the most likely answer will be 8. But those with further advances in math will not fall into the sequential evaluation trap. Their answer will be 6, because pursuant to the mathematical operator precedence order, first the multiplication operation is performed, yielding 4, which is then added to 2, thus producing 6.

Variables in PHP

If you have experience programming in high-level languages (e.g., C++, Delphi), you must know that all variables must be of a strictly defined type, and the code must follow quite stringent syntax rules. PHP is more flexible and does not impose strict rules. This flexibility, however, comes at the price of greater chances of erroneous script execution and being much more difficult to provide proper security. Lots of break-ins have been perpetrated exactly because variables in PHP are not assigned a specific type when declared.

Suppose a hacker passes a database query string through a parameter that the programmer intended to be used to pass a numerical value. (By the way, this is how the PHPNuke site management system was cracked.) If the parameter variable were defined of a specific type, such action would return an error, because the string could not be converted into a number. Because PHP is weak-typed language, programmers must implement data type checks and handle incorrect data type errors themselves.

If you have programmed in C, Java, or Perl before, many concepts in PHP will be familiar to you, because PHP is very similar to C/C++.

We have already touched slightly on variables and know that a variable is a memory area in which values can be stored and can be referenced by a name. We don't care where exactly in the memory our variables are stored, because their values can always be retrieved or changed by referencing their names. PHP variables have the following properties:

How do viruses spread?

Every executable file has a header. This header contains the entry point: a program address from which it starts its execution. When a virus piggybacks on a program, it adds itself at the program's end and changes the entry point to itself, passing control to the old entry point only after the virus code executes. This way, when an infected executable file starts, the virus code executes first, after which control is passed to the program.

Some especially lazy virus writes do not like bothering with headers. They do it the other way around: They add the executable file to their virus, that is, the virus's body goes first.

This is the main manner of operation of most attachable viruses that were common until about 2000 – MS DOS viruses in particular. The least you can do to protect against this type of malicious code is to check the headers of executable files. A modified header is good cause for alarm, as this may have been done by a virus or a worm. Of course, keeping track of all file headers is a difficult task to carry out manually. At least the size of the main programs, however, can be checked, for it changes when a virus attaches itself to a file.