PHP Basic

• PHP symbol: <? php -------content--------- ?>
• Every PHP statement must be ended with a semicolon
• The PHP variable must start with dollar mark and without any whitespace.
• $_POST is a default super global variable (data array) that binds with the post method of html form, all the data in the form will be wraped into the $_POST variable. To fetch a specific field from the html form, use the attribute name of tag input. $_POST["...."]
• the dot notation allow the conjointion of multiple variable.
• echo used to print the html to the browser, using double quotation marks to wrap the variable and string together.
• The content inside the single quotation marks is treated as pure text.
• The php variable can be directly used inside the double quotation marks.
• The line break must be used insides the double quotation marks.
• Function: mail ($to, $subject, $msg, 'From:' . $email );
• Database function:
• mysqli_connect():
  • parameter 1: Database server location
  • parameter 2: Database username
  • parameter 3: Database password
  • parameter 4: Database name
• mysqli_query (return resource ID numbers):
  • parameter 1: variable that stores the function mysqli_connect
  • parameter 2: variable that stores the query string.
• mysqli_close:
  • parameter: variable that stores the function mysqli_connect
• use logic notation or to include function die("error info")
• $row = mysqli_fetch_array($result):
  • variable $row is a array that stores a single row data of database.
  • variable $result stores a specific resource id
  • Common usage: while($row = mysqli_fetch_array($result))
• Verification PHP defines empty value as: 0, '' "", false and NULL,
• isset() return true when variable is already assigned (include empty value).
• empty() return true only if the variable haven't been assigned.
• PHP logic structure:

•    if(){                         while(){
     }                              }            
  
     use if statement to judge whether need to print out the content (when the form is wrong and needs to remain intact):
  

<?php
if ( ) {
?>
html content (if the html content repeats too much time, set a flag variable)
<?php
}
?>

foreach ($group as $single) {}

- **Implement sticky form**
- Step1: use variable `$_POST` to  judge the form submitted or not at the very beginning, and add more verification into the if block.
- Step2: change the attribute `action` to `action = "<?php echo $_SERVER['PHP_SELF']; ?>"`
- Step3: change the attribute `value` to the corresponding variable `value = "<?php echo $variableName;  ?>"` in order to be sticky.
- Need to check the variable `$_POST[submit]` to find out the form is just generated or not.
-  Add `[]` after the the attribute `name` can generate an array in `$_POST` to store the value of attribute `value` (tag `input checkbox`  use for deletion at database)
- ```                
    <input value=" $row['id']"  name="todelete[]">
    <?php
         foreach ( $_POST['todelete'] as $deleteid) {}
    ?>

• Adding uploading files function into form:
• add more attribute into the form tag: enctype="multipart/form-data"
• add more input tag under form tag: <input type="hidden" name="MAX_FILE_SIZE" value="32768" /> to define the maximal file size.
• add file upload field: <input type="file" id="screenshot" name="screenshot" />
• Get the inofrmation about the uploaded file $_FILES:
  • $_FILES['screenshot']['name']: the file name.
  • $_FILES['screenshot']['type']: the file type.
  • $_FILES['screenshot'][size]: the file's size.
  • $_FILES['screenshot']['tmp_name']: the file's temporary store location
  • $_FILES['screenshot']['error']: the error code of file uploading, and zero represents success.
• Function : is_file() tells whether the filename is a regular file.
• Function: fileszie() tells the file size.
• Function: move_upload_file($_FILES['screenshot']['tmp_name'], $target), accept two parameter, the source location and target location. (you can change the initial save location by modifying the php.ini)
• Define a const variable: define('GW_UPLOADPATH', 'image/')
• Make the const variable into another files, and import into other files when is necessary. using require_once('xxxxx.php')
• Communication between scripts:
• post method through the form
• Get method (send data parametersas key/value pairs encoded within URL):
  • ? ---split URL in two pieces: address to left and parameters to right
  • &---must be used to separate on parameter from another.
  • All the parameters will finally be stored into the $_GET
• Get method usually used to fetch data from server and won't change the state of server ( eg: select row from the database);
  Postmethod is suitable for those reuqests that change the state of databse.

Using PHP to control the head of http

• Function: header(), the call of this function should at the first line of every php script. And the head should be the first file that sent from server to broswer.
• The username and password are all stored in variable $_SERVER
• The http authentication's basic realm is a safe zone that connects to a specific group of username and password, and allow multiple pages got the same protection. Once successfully logged in, the authentication window won't be popped up for the rest of pages in some realm.
• Function: exit() call this function will immediately exit the current php script and only display the content inside the exit function.

<?php
    //User name and password for authentication
    $username = 'rock';
    $password = 'roll';

    if( !isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || 
($_SERVER['PHP_AUTH_USER'] != $username) || ($_SERVER['PHP_AUTH_PW'] != $password) ) {
        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: Basic realm="XXXXXX"');
        exit('Sorry, you must enter a valid user name and password to access');
    }
?>

Solution to SQL injection

• Function trim(): get rid of the white space around the string
• Function mysqli_real_escape_string() handle other dangerous and meaningless characters, need two parameters, one is database connection variable and another is string.
• Alter the database table.
• Using other authentication function like function is_numeric()

User Login management

• MySQL Function SHA(): encry a password to a 40 characters long string, and need to be part of the inquery string