Fasthosts Customer Support

An
Introduction
to PHP
Scripting
This guide will introduce some simple yet powerful
features of PHP, a popular scripting language, and help
you take your first steps towards building a strong web
presence.
Customer Support | An Introduction to PHP Scripting

Contents
Introduction ......................................................................................... 1
Getting Started .................................................................................... 2
Using a text editor .............................................................................. 2
Creating your page ............................................................................ 2
Using PHP on your page ................................................................... 3
Comments....................................................................................... 3
Displaying text................................................................................. 4
Integrating PHP and HTML ............................................................. 5
Variables .............................................................................................. 7
Example: Creating a variable .......................................................... 8
Arithmetic operators ........................................................................ 9
Data types ..................................................................................... 11
Arrays ............................................................................................... 12
Numerical arrays ........................................................................... 12
Associative arrays ......................................................................... 14
Multidimensional arrays ................................................................ 15
Find the number of entries in an array .......................................... 16
Conditional statements .................................................................... 16
Comparison operators ..................................................................... 17
if() ..................................................................................................... 18
if()… else .......................................................................................... 20
if()… elseif()...................................................................................... 21
Nested if() statements ...................................................................... 23
Loops ................................................................................................. 24

Page 1
Customer Support | An Introduction to PHP Scripting

while()............................................................................................... 24
do… while() ...................................................................................... 25
for()................................................................................................... 26
foreach() ........................................................................................... 27
Functions ........................................................................................... 28
Defining a function ........................................................................... 28
Create a custom function to validate an email address ................ 29
Parameters....................................................................................... 31
Passing variables .......................................................................... 32
Optional parameters ..................................................................... 33
Returning a value from a function .................................................... 34
Completing our example function .................................................... 36
Creating a web form .......................................................................... 39
Using PHP to get user input from a form ......................................... 43
POST or GET................................................................................ 44
Process the form data ................................................................... 45
Securing your forms ......................................................................... 49
Never assume the data retrieved from the form is valid. .............. 49
Never print data directly onto the page ......................................... 50
Never send unprocessed data to a database ............................... 52
Including files .................................................................................... 53
Error handling ................................................................................... 56
Testing your error handler............................................................. 59
Sending an email ............................................................................... 59
Using your new function to send an email .................................... 64
Sending an error report ................................................................. 66

Page 2
Customer Support | An Introduction to PHP Scripting

Testing the error handler............................................................... 68

Connecting to a database ................................................................ 69
An introduction to SQL ..................................................................... 69
Preparing your database .................................................................. 70
Connecting to the database ............................................................. 71
Preparing your PHP code ............................................................. 72
Creating the connection ................................................................ 74
Connection Errors ......................................................................... 78
Running a query and retrieving results ............................................ 78
Executing the statement ............................................................... 80
Binding the results to variables ..................................................... 81
Looping through the results .......................................................... 82
The complete code .......................................................................... 83
Appendix A: Common errors ........................................................... 85
Appendix B: Glossary of terms ....................................................... 87
Appendix C: Useful PHP functions ................................................. 90
Variable functions ......................................................................... 90
String functions ............................................................................. 90
Array functions .............................................................................. 91
Error functions............................................................................... 91
Appendix D: The Source code ......................................................... 92
contact.html................................................................................... 92
contact.php ................................................................................... 93
include.php.................................................................................... 94

Page 3
Customer Support | An Introduction to PHP Scripting

Introduction
If you have been following this series of guides from the beginning, you will
already be familiar with HTML. HTML is not a scripting language, it’s a mark-up
language; it simply instructs your web browser what content to display on the
page. You can add text, images, and even the elements required to create a
form. However, HTML alone is only able to display these elements, if you want to
add interactivity to your site, you will need to use a scripting language.

A scripting language allows a web developer to write a series of commands that

are executed by the web server that hosts the website. The output from that code
is then sent to your web browser. Because all of the code is processed before the
page is loaded in the end-user’s web browser, these languages are often referred
to as “server-side”.

PHP is a popular and extremely flexible scripting language. Because it is free and
open source, it is used by many 3rd party applications such as Wordpress,
Joomla, and Drupal. Even our very own support sites and control panel use PHP
to allow you to search for knowledge base articles, register domain names, add
web hosting and services, update your billing details, and so on.

Page 1
Customer Support | An Introduction to PHP Scripting

Getting Started
Using a text editor
When writing with a scripting language you will need a text editor. While you can
use Notepad, which is supplied with Windows, we highly recommend using an
advanced text editor which includes features designed for developers. One of the
most important features you should look for in your text editor is colour coding
which makes your code much clearer to read, and helps vastly when searching
for errors.

If you already have a preferred text editor please use this, otherwise there are
many text editors available for free under a General Public License (GNU). Two
commonly used text editors are Notepad++ and Crimson Editor. This guide will
assume that you have downloaded NotePad++ from http://notepad-plus-
plus.org/download.

Creating your page

Your PHP pages should be in text format, and should use the extension .php.
The name you give to your home page may vary depending on your web hosting
provider, but a common name for your default web page is index.php.

Page 2
Customer Support | An Introduction to PHP Scripting

Using PHP on your page

PHP code must always appear between the opening tag <?php and the closing
tag ?>.

1 <?php

3 ?>

Comments
When writing any code, particularly PHP code, it is very important to get into the
habit of commenting your code. This will help you better understand how your
code works if you have to modify it at a later date. There are two ways to add
comments in PHP.

 Single line comments: These start with two slashes (//). The comment
only applies to the rest of the line; any code on the following line will be run
as normal.

 Multiple line comments: These start a slash and then an asterisk (/*).
Unlike the single line comment, everything after the /* will be treated as a
comment, even on the following lines of code. You must close this
comment block with an asterisk and then a slash (*/).

Page 3
Customer Support | An Introduction to PHP Scripting

1 <?php

3 //This is a single line comment

5 /* This is a multiple

6 line comment. The comment

7 must be closed with */

9 ?>

Displaying text
Displaying text on your page with PHP is important when developing web
applications. To do this you can use either of the following commands:

 echo: For example echo “Hello World!”;

 print: For example print “Hello World”;

1 <?php

2 echo “Hello World!"; // Using echo

3 print “Hello World!"; // Using print

4 ?>

The text you want to display should be written within double or single quotation
marks. The quotation marks tell PHP that everything inside is a string. This will
be explained in the chapter Data types.

Page 4
Customer Support | An Introduction to PHP Scripting

Important: Each line of code you write in PHP must end

with a semicolon. This tells PHP that the current line of code
is finished, and it can move on to the next command.
There are exceptions to this rule. For example, a semicolon
is not required on the <?php opening tag or after comments.
There are other exceptions, which we will cover later in this
guide.

Integrating PHP and HTML

PHP code can be placed anywhere on your page, and you can combine HTML
and PHP on the same page. When your visitor browses to your website the PHP
code will run first, and the results are then sent to your web browser alongside
your HTML code.

Copy the following code and save it to a file called hello.php. Upload the file to
your FTP server with your chosen FTP client and browse to it in your web
browser. For example, if your web address is http://www.yourdomain.com visit
http://www.yourdomain.com/hello.php.

1 <!DOCTYPE html>

2 <html>

3 <head>

4 <title><?php echo "Hello World!"; ?></title>

5 </head>

6 <body>

7 <?php

8 // Display a heading

Page 5
Customer Support | An Introduction to PHP Scripting

9 echo "<h1>Hello World!</h1>";

10 ?>

11 </body>

12 </html>

When you view hello.php in a web

browser you should see a page that
displays the text “Hello World!” in a large
font.

As you can see, you can insert HTML

tags into your output. In this case we
have printed the string “<h1>Hello
Figure 1. Viewing the page in a web browser
World</h1>”. Your web browser sees
this as HTML code, and displays the text as a heading.

Quick tip: To improve the readability of your code it is a

good idea to indent it in code blocks. As a general rule
indent by one tab (or four spaces) for each new block of
code, to help you identify that code.
In the example above we have indented the <head></head>
and <body></body> tags to help you identify the code
associated with those blocks. We have also further indented
the <?php ?> code within the body.

If your code worked, well done – you are now a web developer, and you’ve just
built your first web application!

If you saw a blank page or received an error, it is possible that there is an error
somewhere in your code. It is worth checking that…

Page 6
Customer Support | An Introduction to PHP Scripting

 You have entered a correct opening PHP tag (<?php), and the
corresponding closing (?>) PHP tag.
 The text you want to display with the echo command is enclosed in one
opening and one closing single or double quotation mark.
 There is a semicolon (;) at the end of each line of PHP code, before the
closing PHP tag.

If you are still receiving an error message, see Error! Reference source not
found. on page Error! Bookmark not defined..

Variables
Variables allow you to hold certain information, which you can then manipulate
within your code. They work on the same principle as algebra, which allows you
to substitute numbers within formulae with letters.

You can simply define a variable in PHP, which can hold any value. Your code
can then refer to that variable to retrieve or modify its value. This allows you to
write code that can perform different tasks depending on the value of one or
more variables.

Variables names always begin with a dollar sign ($). You can give your variables
any name you like, but you can only use letters, numbers (though not the first
character), or underscores (_).

These are examples of valid These are examples of bad variable

variable names names
 $a  $5
 $b  $my variable
 $My_Variable  $1variable
 $_variable  $variable#one
 $variable1  variable

Page 7
Customer Support | An Introduction to PHP Scripting

Please also remember that the name of a variable is case sensitive. This means
you can define a variable called $MyVariable, and one called $myvariable, and
they can both hold different values.

To reduce the risk of confusion when reading your code, it’s a good idea to
decide on a standard naming convention before you start your project. For
example, most PHP developers will only use lower case characters when naming
variables in PHP, with underscores to represent spaces (such as $my_variable).

Example: Creating a variable

1 <?php

2 $x = 1; // Create a variable called “$x” with a value of 1

3 echo $x; // Display the value of the variable, “1”

4 echo ”<br />” // Print a line break tag

6 $x = $x +1; // Add 1 to the value of $x

7 echo $x; // This should display “2”

This example code defines a new variable called "$x” with a numeric value of “1”.
The code then uses the echo command to print the value of $x, followed by
another echo command to print the “<br />” tag. This instructs your web browser
to insert a line break.

The value for the $x variable does not need quotation marks around it, because
we are not using text. Instead we are defining a number that we can then
manipulate.

Finally we add 1 to the value of $x, and again print the value, “2”.

Page 8
Customer Support | An Introduction to PHP Scripting

Wherever possible try to give your variables helpful names that will help you
instantly recognise which data that variable will hold. This will help you no end
when writing, reviewing, or debugging your code.

Arithmetic operators
The following operators allow you to set or modify the value of a variable.

Operator Description Example Value of $z

= Set the value of a the $z = 5; 5
variable.
. Concatenation – join two $z = “Hello” . “ “ . “Hello World”
strings together. “World”;
+ Addition – add the second $x = 5; 15
value to the first. $y = 10;
$z = $x + $y;
- Subtraction – subtract the $x = 20; 10
second value from the $y = 10;
first. $z = $x - $y
* Multiply – multiply the two $x = 10; 50
values together. $y = 5;
$z = $x * $y;
/ Divide – divide the first $x = 50; 10
value by the second. $y = 5;
$z = $x / $y;
% Modulus – the remainder $x = 10; 2
of the first variable divided $y = 8;
by the second. $z = $x % $y;

Page 9
Customer Support | An Introduction to PHP Scripting

The following example shows the use of the concatenation character to join
several strings together to form a word.

1 <?php

2 $x = ”H” . “e” . “l” . “l” . “o”; // Create the variable

3 echo ”<p>” . $x . ”</p>”; // Prints <p>Hello</p>, end

user will see words in HTML paragraph.

4 ?>

This example shows the use of several of the arithmetic operators with an
integer.

1 <?php

2 $x = 1; // Create a variable called “$x” with a value of 1

3 $x = $x + 9; // Add 9 to the value of $x to make 10

4 $x = $x - 5; // Subtract 5 to make 5

5 $x = $x * 10; // Multiply by 10 to make 50

6 $x = $x / 2; // Divide by 2 to make 25

7 echo ”<p>” . $x . ”<p>”; //Display the final number

8 ?>

Page 10
Customer Support | An Introduction to PHP Scripting

Data types
PHP has several data types which you can use when defining a variable. Here
are the most common variable types:

Data Type Description Example

String Text. When defining a string variable $x = “Hello World”;
you must place the value within single or $y = ‘Hello World’;
double quotation marks.
Boolean True or False. $x = true;
$y = false;
Integer A whole number, not a fraction. $x = 10;
Float Floating point number, one that is too $x = 1.23456780;
large or small to represent as an integer. $y = 0.00001;
$z = 7E-10;
Null Represents a variable that has no value. $x = null;
Arrays Allows you to create one variable that $x = array(“Value 1”,
holds multiple values. You can then “Value 2”, “Value 3”);
access a specific value, or loop through
the entire array and process each value
in turn.

In some programming languages you must specify the type when you define the
variable, but with PHP this is not necessary. Instead PHP will look at the value
you have supplied for the variable and set the appropriate data type for you.

Page 11
Customer Support | An Introduction to PHP Scripting

Arrays
Arrays allow you to assign multiple values to one variable. Each value in the
array has a key, which you can use to retrieve or edit that value. There are three
different types of array, numerical, associative, and multidimensional.

Numerical arrays
To define an array, you can use the following syntax.

1 <?php

2 // Define an array containing working days

3 $var = array("Monday","Tuesday","Wednesday","Thursday",”Friday”);

4 ?>

The above example will create a variable, $var, to represent an array containing
5 string items. Each item can be referred to by its key, which PHP will create
automatically for you. The first item in an array always starts at 0, so the key for
“Monday” is 0, the key for “Tuesday” is 1, the key for “Wednesday” is 3, and so
on.

Because the keys are numbers, this type of array is known as a numeric array.

To retrieve or edit data in an array, just reference the variable name and then the
key within square brackets.

Page 12
Customer Support | An Introduction to PHP Scripting

1 <?php

2 // Define an array containing working days

3 $var = array("Monday","Tuesday","Wednesday","Thursday",”Friday”);

5 // Define an array containing working days

6 echo $var[2]; // Don’t forget the first item is 0, so the third is 2

7 ?>

The above example will print “Wednesday” to the page. You can easily edit
existing values by referring to it by its key. If an item with the supplied key doesn’t
exist, it is created allowing you to add extra items to the array.

1 <?php

2 // Define an array containing working days

3 $var = array("Monday","Tuesday","Wednesday","Thursday",”Friday”);

5 // Change the first item

6 $var[0] = “Beginning of the week”;

8 // Add another item

9 $var[5] = “Saturday”;

10 ?>

Page 13
Customer Support | An Introduction to PHP Scripting

Associative arrays
Array keys do not need to be numeric; you can define your own textual keys if
you wish, using the combination “key”=>”value”. These are called associative
arrays.

1 <?php

2 // Define an array containing working days

3 $var = array(”mon”=>"Monday", ”tue”=>"Tuesday", ”wed”=>"Wednesday",

”thu”=>"Thursday", ”fri”=>”Friday”);

5 // Display the value for the key “wed”

6 echo $var[”wed”]; // Outputs “Wednesday”

7 ?>

The above example will print “Wednesday” to the page. Alternatively, you can
declare an empty array and then add each item separately.

1 <?php

2 // Define an empty array

3 $var = array();

5 // Add each day separately

6 $var["mon"] = "Monday";

7 $var["tue"] = "Tuesday";

8 $var["wed"] = "Wednesday";

9 $var["thu"] = "Thursday";

10 $var["fri"] = "Friday";

11 ?>

Page 14
Customer Support | An Introduction to PHP Scripting

Multidimensional arrays
These sound more complicated than they are! A multidimensional array is simply
an array that contains further arrays. For example:

1 <?php

2 // Define an empty array that will store a five-course menu

3 $var = array();

5 // Add each course separately

6 $menu["appetiser"] = array("Bread",”Olives”,“Breadsticks”);

7 $menu["starter"] = array("Soup",”Prawn Cocktail”,“Chicken Satay”);

8 $menu["main"] = array("Pizza",”Cheeseburger”,“Lasagne”,”Veg Curry”);

9 $menu["desert"] = array("Cheesecake",”Ice Cream”,“Profiteroles”);

10 $menu["drinks"] = array("Tea",”Coffee”,“Juice”,”Water”,”Wine”);

11 ?>

Because you have arrays within arrays, to access a value you will need the key
from both, in the format array[key1][key2];

1 <?php

2 // Access the third entry in the main courses (remember that

numerical arrays start at 0)

3 $choice = $menu[“main”][2]; //Lasagne

4 ?>

Page 15
Customer Support | An Introduction to PHP Scripting

Find the number of entries in an array

You may need to know how many values are contained within your array. This is
achieved with PHP’s count() function:

1 <?php

2 // Define an array

3 $arr = (“Monday”, “Tuesday”, “Wednesday”, “Thursday”, “Friday”);

5 // Use the count() function to display the number of entries in our

$arr array

6 $items = count($arr);

7 echo “These are” . $items . “items in this array”;

8 ?>

Conditional statements
Conditional statements in PHP are fundamental to building a web application.
They let you execute particular code depending on certain conditions.

For example, let’s say you have created a web form for your users to contact
you. You will need to process the information your visitor has entered, and send
yourself the relevant email. However, you need to first ensure that you only run
the necessary code when your visitor submits the form, and the data they
entered has been checked to ensure it is valid.

Page 16
Customer Support | An Introduction to PHP Scripting

Comparison operators
A conditional statement will compare two values using an operator. If the
condition is true, the code supplied is executed. You can use the following
operators to compare the values.

Operator Description Example

== Equals – return true if the two values are 1 == 1 returns true
equal. 1 == “1” returns true
1 == 2 return false
=== Identical – return true if the two values 1 === 1 returns true
are equal and are of the same data type. 1 === “1” returns false
1 === 2 returns false
!= Not equal – returns true if the two values 1 != 1 returns false
are not equal. 1 != 2 returns true
1 != “1” returns false
<> Not equal – returns true if the two values 1 <> 1 returns false
are not equal. 1 <> 2 returns true
1 <> “1” returns false
!== Not identical – returns true if the two 1 !== 2 returns true
values are not equal, or are not of the 1 !== 1 returns false
same data type. 1 !== “1” returns true
> Greater than – returns true if the first 5 > 4 returns true
number is greater than the second. 5 > 5 returns false
5 > 6 returns false
>= Greater than or equal – returns true if 5 >= 4 returns true
the first number is greater than or equal 5 >= 5 returns true
to the second. 5 >= 6 returns false
< Less than – returns true if the first 5 < 4 returns false
number is less than the second. 5 < 5 returns false
5 < 6 returns true
<= Less than or equal – returns true if the 5 <= 4 returns false
first number is less than or equal to the 5 <= 5 returns true
second. 5 <= 6 returns true

Page 17
Customer Support | An Introduction to PHP Scripting

if()
The most common conditional statement is the if() statement. At its most basic it
looks like this:

1 <?php

2 if(condition){

3 // Run code within the { and } brackets if condition is met

4 }

5 ?>

The if() condition always appears in normal brackets. Following the condition are
the { and } brackets. The code you would like to execute if the condition is met
should be placed within these brackets.

Note: Conditional statements, such as if(), do not require a

semicolon to close the line. All code within the { and } group
brackets, however, should be written with semicolons as
usual.

Page 18
Customer Support | An Introduction to PHP Scripting

For example:

1 <?php

2 $x = 10; // Create a variable called $x

3 if($x == 10){ // If $x variable is equal to 10 run the code within

the { and } brackets

4 echo $x; // Print the value of $x

5 }

6 ?>

In this example we have used the “==” operator to compare the value of the
variable $x with the number 10. If they are equal, the example then prints the
value to the page.

Important: When checking if two values are equal, make

sure you use ==. The single = sign is an arithmetic operator
(see page Error! Bookmark not defined.), rather than a
comparison operator, and will change the first value to equal
the second.
For example, if($x = 10) will set the value of $x to 10, rather
than checking to see if $x is equal to 10, and will always
return true.

Page 19
Customer Support | An Introduction to PHP Scripting

if()… else
There might be an occasion where you wish to run one block of code if a
condition is met, and another block of code if that condition is not met. For these
cases the else statement can be introduced to follow an if() statement.

1 <?php

2 $x = 15; // Create a variable called $x

3 if($x == 10){

4 // $x is equal to ten

5 echo "Condition met”;

6 } else {

7 // $x is not equal to ten, run this code instead

8 echo "Condition was not met”;

9 }

10 ?>

As you can see from the example above, the value of $x, which is 15, does not
meet the criteria specified in the if() statement. Therefore, when this code is run it
will display “Condition was not met”.

Page 20
Customer Support | An Introduction to PHP Scripting

if()… elseif()
You can check several conditions at once using the elseif() statement, which
must always follow an if() statement.

1 <?php

2 $x = 15; // Create a variable called $x

3 if($x == 10){

4 // $x is equal to 10

5 echo “Value is 10";

6 } elseif($x == 15){

7 // $x is equal to 15

8 echo “Value is 15";

9 }

10 ?>

In this example, the if() statement checks the value of the $x variable to see if it is
equal to 10. It isn’t, so the code moves on the the elseif() statement which checks
to see if the value is equal to 15. It is, and therefore the second group of code is
executed, printing “Value is 15” to the page.

Page 21
Customer Support | An Introduction to PHP Scripting

You can continue the if() statement with as many elseif() statements as you wish.

1 <?php

2 $x = 15; // Create a variable called $x

3 if($x == 10){

4 // $x is equal to 10

5 echo “Value is 10";

6 } elseif($x == 15){

7 // $x is equal to 15

8 echo “Value is 15";

9 } elseif($x == 20){

10 // $x is equal to 20

11 echo “Value is 20";

12 } else {

13 // $x has another value

14 echo “Value is" . $x;

15 }

16 ?>

Page 22
Customer Support | An Introduction to PHP Scripting

Nested if() statements

You can nest if() statements if you wish. This means you can have one or more
if() statements within another conditional code group.

1 <?php

2 $x = 15; // Create a variable called $x

3 if($x > 10){

4 // $x is greater than 10

5 if($x == 15){

6 // $x is 15

7 echo “Value is 15";

8 } else {

9 // $x has another value but it’s greater than 10

10 echo “Value is not 15 but is greater than 10";

11 }

12 } else {

13 // $x is less than or equal to 10

14 echo “Value is less than or equal to 10";

15 }

16 ?>

Page 23
Customer Support | An Introduction to PHP Scripting

Loops
A loop is a block of code that executes several times until its task has been
completed, often with one or more variables that change each time. There are
four different types of loop within PHP.

while()
While loops let you loop through a block of code while a certain condition is true.

1 <?php

2 // Create a variable containing our start number

3 $num = 1;

5 // Loop while the value of $num is less than or equal to 10

6 while($num <= 10) {

7 echo $num “<br />";

9 // Increase our number by one

10 $num = $num +1;

11 }

12 ?>

In this example we create a variable called $num with a value of 1. We then run
the code within the while() block as long as the value of $num is equal or less
than 10. The code inside the block prints the current value on the page, and then
increases it by one.

As soon as the value of $num reaches 11, the while() loop will stop running
because the supplied condition is no longer true.

Page 24
Customer Support | An Introduction to PHP Scripting

Important: When using a loop, make sure you don’t get

stuck in a situation where your condition is always true. In
our example above, if we didn’t increase the value of $num
by 1 on each iteration our loop would continue indefinitely.
While your web hosting server will force your script to stop
running after a certain time period, no further code will
execute and your visitor will have a bad user experience with
your application.

do… while()
The do… while() loop is very similar to the while() loop. The only difference is that
while() will only execute if the condition is true, but do… while()will always run the
code once, and then repeat if the supplied condition is true.

1 <?php

2 // Create a variable containing our start number

3 $num = 1;

5 // Loop while the value of $num is less than or equal to 10

6 do {

7 echo $num “<br />";

9 // Increase our number by one

10 $num = $num +1;

11 } while($num <= 10);

12 ?>

Page 25
Customer Support | An Introduction to PHP Scripting

for()
The for() loop will run a set number of times. When creating the for() loop you
need to enter the following in brackets and separated by semi-colons (;)…

 A variable and the starting value. This must be a number.

 The condition that must be true for the code to run.

 The increment by which the variable will change with each iteration of the
loop.

1 <?php

2 // Loop 5 times

3 for ($num = 1; $num <= 10; $num = $num +2) {

4 // Display the current number

5 echo $num . “<br />";

6 }

7 ?>

In this example our for() loop creates a variable called $num, with a starting value
of 1. The code within the for() loop will only run if $num is equal or less than 10,
and on each iteration of the loop the value of $num will increase by 2.

Page 26
Customer Support | An Introduction to PHP Scripting

foreach()
The foreach() loop allows you to cycle through all the values in an array, in the
order in which they appear.

1 <?php

2 // Create an array

3 $food = array(“Pizza", “Fish and chips”, “Sausages”, “Lasagne”);

5 // Loop through each item in the array

6 foreach($food as $item){

7 Echo $item . “<br />";

8 }

9 ?>

In the foreach() statement you supply name of the variable containing the array
first, then you specify the variable that will be used to represent the current item
in the loop. This must always follow the “as” keyword.

In our example, the value of $item will change on each iteration of the array,
starting with “Pizza” on the first iteration, then “Fish and chips” in the second, and
so on until it reaches the end of the array.

Page 27
Customer Support | An Introduction to PHP Scripting

Functions
A function is a portion of code that can be called independently and performs a
specific task. Often a function is written when code that performs the same job
needs to be run repetitively or accessed from different blocks of code, or even
pages.

PHP has hundreds of built in functions that you can use, or you can create your
own.

Most functions accept parameters: information required by the function to do its

job. Most functions also return a value, such as a Boolean value (true or false) to
tell you whether the function ran successfully.

Defining a function
Use the following syntax to create a function…

1 <?php

2 function function_name($parameter1, $parameter2, $parameter3) {

3 // Create an array

4 }

5 ?>

Page 28
Customer Support | An Introduction to PHP Scripting

Create a custom function to validate an email

address
For this example, let’s create a function that asks for an email address, checks
that it looks valid, and then returns true if it’s valid or false if it is not.

Writing a simple function to do this is surprisingly easy, thanks to PHP’s built in

functions.

In your text editor create a new file called validate.php and copy the following
code to it.

1 <?php

2 // Function to validate an email address

3 function validate_email() {

5 }

6 ?>

We have called our function “validate_email”, but you can give it any name you
like.

Quick tip: It’s good practice to choose a naming convention

before you begin coding. As a general rule, function and
variable names in PHP use lower case characters with
underscores to separate words.

Page 29
Customer Support | An Introduction to PHP Scripting

1 <?php

2 // Call our function

3 validate_email();

5 // Define function to validate an email address

6 Function validate_email(){

8 }

9 ?>

The opening and closing brackets after the function name are important; they tell
PHP that you are referring to a function. If you try to define or run a function
without brackets, an error will occur.

Page 30
Customer Support | An Introduction to PHP Scripting

Parameters
When you define a function, you can also define parameters that can be passed
into the function. Function parameters are just like variables that are only
available to the code within the function.

In the case of our function, we will need to know the email address that we are
validating, so we will create a parameter called $email.

10 <?php

11 // Call our function

12 validate_email(“ralph@ralphsdomainname.com”);

13

14 // Funtion to validate an email address

15 function validate_email($email){

16 echo $email; // Print the value of our $email parameter on the

page

17 }

18 ?>

The parameter is defined when we create our validate_email() function, placed

within the brackets. You can define as many parameters as you would like,
separated by commas.

When calling the function we then specify a value for the parameter. When the
code within our function is executed, the variable $email will have the string value
“ralph@ralphsdomainname.com”.

If you copy the above code to your validate.php script and run it, you should see
the email address printed on the page.

Page 31
Customer Support | An Introduction to PHP Scripting

Passing variables
You can also pass variables to functions. For example, we could define a
variable containing our email address and pass that to the validate_email()
function.

1 <?php

2 // Call our function

3 $address = ralph@ralphsdomainname.com;

4 validate_email($address);

6 // Funtion to validate an email address

7 function validate_email($email){

8 echo $email; // Print the value of our $email parameter on the

page

9 }

10 ?>

Page 32
Customer Support | An Introduction to PHP Scripting

Optional parameters
You can also specify that a parameter is optional, i.e. you can supply it when
calling the function if necessary but you don’t need to. To identify a variable as
optional simply give the variable a default value when you define the function.

1 <?php

2 // Call our function

3 display_message();

5 // Funtion to display a message

6 function display_message($message = ”No message supplied, displaying

default.”){

7 echo $message; // Print the value of our $message parameter on

the page

8 }

9 ?>

10

In this example we have defined a function to display a message on the screen.

When calling the function we can supply the $message parameter. However, if
we do not, the default will be used resulting on the message “No message
supplied, displaying default” being printed to the page.

When defining your function you should always define optional parameters after
any compulsory parameters. Take this example of a function where an optional
parameter is supplied before a mandatory one.

Page 33
Customer Support | An Introduction to PHP Scripting

1 <?php

2 function test_function($a = ”Optional”, $b){

4 }

5 ?>

In test_function(), $b is a required parameter but $a is not. However, because $b

follows $a in the definition, you must always supply $a. If you only supplied one
parameter when calling this function, it would take the place of $a, not $b, and
therefore generate an error.

Returning a value from a function

Functions have the ability to return a value back to the code that called them.
This is achieved with the return statement.

In our example our code will validate the email address. If the email address
appears to be valid our function will return true, otherwise it will return false. The
first step in validating the email address, is to check that something has been
supplied to our $email parameter.

1 <?php

2 // Call our function

3 $valid = validate_email(”ralph@ralphsdomainname.com”);

5 // Function to validate an email address

6 function validate_email($email){

7 if($email == ””) {

8 // No email address returned

9 Return false;

Page 34
Customer Support | An Introduction to PHP Scripting

10 } else {

11 // Email address supplied

12 return true;

13 }

14 }

15 ?>

Our function now contains an if() statement that checks the value of the
parameter $email. If email is a blank string (“”), i.e. nothing has been supplied,
the function returns false, otherwise the function returns true.

When we call the function, we now assign the function to a variable called $valid.
The return value from the function gets assigned to $valid, so the example above
will return true because we are supplying an email address.

If we ran the same function with the following function call, we would receive a
false value from our validate_email() function.

1 <?php

2 // Call our function

3 $valid = validate_email(””);

4 ?>

Page 35
Customer Support | An Introduction to PHP Scripting

Completing our example function

Our function is not yet complete. At the moment it simply checks to ensure an
email address has been provided, but doesn’t check to see if the email address
looks valid.

Luckily there is a function within PHP that we can call to check whether our email
address is valid or not. It is called filter_var() and it essentially takes a variable,
and filters it to ensure it is valid.

1 <?php

2 // Call our function

3 $valid =

filter_var(ralph@ralphsdomainname.com,FILTER_VALIDATE_EMAIL);

4 ?>

This function asks for a string value, and the second parameter supplied states
that we are validating an email address. This built in PHP function returns true if
the email address is in the correct format, and false if not.

We need to add this built in PHP function to our custom function. Because the
filter_var() function returns a value, we can use it in our if()… else statement
directly. We will introduce an elseif() statement.

1 <?php

2 // Call our function

3 $valid = validate_email(“ralph@ralphsdomainname.com”);

5 // Function to validate an email address

6 function validate_email($email) {

Page 36
Customer Support | An Introduction to PHP Scripting

7 if($email == ““){

8 // No email address returned

9 return false;

10 } elseif(filter_var($email, FILTER_VALIDATE_EMAIL) == false){

11 // The email address is not in the correct format

12 return false;

13 } else {

14 // Email address is valid

15 return true;

16 }

17 }

18 ?>

Now our function checks to ensure a value for $email is supplied, and returns
false if not. If $email is supplied our code moves to the next if()… elseif()
statement, which runs PHP’s built in filter_var() function using our $email
variable. If filter_var() returns false the second condition is met, and we return
false. If filter_var() returns true, our code moves to the else statement and returns
true.

At the moment our example script doesn’t output anything so we can’t see if it’s
working. Let’s add an if() statement when we call our function to display different
text on the page, depending on whether the email address is valid or not.

1 <?php

2 // Call our function

3 $valid = validate_email(“ralph@ralphsdomainname.com”);

4 if($valid == true){

5 echo “Email address is valid”;

6 } else {

7 echo “Email address is not valid”;

Page 37
Customer Support | An Introduction to PHP Scripting

8 }

10 // Function to validate an email address

11 function validate_email($email) {

12 if($email == ““){

13 // No email address returned

14 return false;

15 } elseif(filter_var($email, FILTER_VALIDATE_EMAIL) == false){

16 // The email address is not in the correct format

17 return false;

18 } else {

19 // Email address is valid

20 return true;

21 }

22 }

23 ?>

Copy this code to your validate.php file, and upload it. Your script should display
the text “Email address is valid”. Try playing around with the value supplied for
email address, and see what results you get. For example, you could try calling
our validate_email() function with the following values…

1 <?php

2 // Call our function

3 $valid = validate_email(“ralph@ralphsdomainname.com”); // Valid

4 $valid = validate_email(“ralphsdomainname.com”); // Not Valid

5 $valid = validate_email(“ralphsdomainnamecom”); // Not Valid

6 $valid = validate_email(“ralph @ ralphsdomainnamecom”); // Not Valid

7 $valid = validate_email(“@ralphsdomainname.com”); // Not Valid

8 ?>

Page 38
Customer Support | An Introduction to PHP Scripting

Creating a web form

HTML allows you to draw elements on a page, including forms which allow your
visitors to submit data through your website. Pages such as a contact form, or
login form, are useless without a scripting language, such as PHP, to process the
information entered by your users.

Let’s create a contact form to ask your visitor to enter their email address and a
message. We will validate the data and eventually we will write some code to
send the message via an email to an address you choose. However, for now let’s
just take a look at the basics.

We are going to create a form that will ask for the following information:

 The visitors email address, so we can reply to email submitted through the
form.

 A subject.

 The message.

To request this information we will need four input controls:

 A text input control, which we will call “email”.

 A text input control, which we will call “subject”.

 A text area control, which we will call “message”.

 A submit button, which the user will click in order to send the message.

Page 39
Customer Support | An Introduction to PHP Scripting

In your text editor, create a new page called contact.html. Copy the following
code into it.

1 <!DOCTYPE html>

2 <html>

3 <head>

4 <title>Contact us</title>

5 </head>

6 <body>

7 <form action="contact.php" method="post">

8 <label for="email">Your email address</label><br />

9 <input type="text" name="email" id="email" /><br />

10

11 <label for="subject">Message subject</label><br />

12 <input type="text" name="subject" id="subject" /><br />

13

14 <label for="message">Message subject</label><br />

15 <textarea name="message" id="message"></textarea><br />

16

17 <input type="Submit" value="Send Message" />

18 </form>

19 </body>

20 </html>

Page 40
Customer Support | An Introduction to PHP Scripting

This code on line 7 defines the form. The action attribute instructs your web
browser to load the contact.php page when the form is submitted. We will create
this page shortly.

7 <form action="contact.php" method="post">

… …

18 </form>

The method attribute tells your web browser how to submit the form. There are
two options you can set. For the moment enter “post” as the value. We’ll talk a
little more about the method attribute shortly.

We then create the text field that will ask the user to enter their email address.
The input control needs a type attribute which we have set to “text” to specify that
this appears as a text field. We have given it the name “email”, which we will use
to refer to this control in our PHP code later. We have also supplied an id, which
for simplicity we have also called “email”.

The id attribute is used by the label text. When we create our label we add the for
attribute, in which we enter the id of the control we want the label to point
towards.

8 <label for="email">Your email address</label><br />

9 <input type="text" name="email" id="email" /><br />

We’ve also created another text field called “subject” which will ask the user to
enter a subject, and a text area control called “message”. The text area control is
very similar to the text input control, but it allows the user to enter text that spans
multiple lines.

Page 41
Customer Support | An Introduction to PHP Scripting

11 <label for="subject">Message subject</label><br />

12 <input type="text" name="subject" id="subject" /><br />

13

14 <label for="message">Message</label><br />

15 <textarea name="message" id="message"></textarea><br />

Finally we have added another input control, but we have set the type attribute to
“submit”. This appears in your text browser as a button, and when clicked, will
submit the form. The value attribute sets the text that will be displayed on the
button.

17 <input type="Submit" value="Send Message" />

Save the contact.html page and upload it to your web server, then visit it in your
web browser.

You will see this page. As you

can see, it isn’t pretty!

You can add the form to any

page on your existing website,
and you can use CSS code to
style it to fit in with your web
presence.

If you click the Send Message

button you will receive an error,
such as “No input file specified”. Figure 2. The contact form

Page 42
Customer Support | An Introduction to PHP Scripting

This error is displayed because we have told this form to load contact.php when
submitted, but we haven’t created this file yet.

Using PHP to get user input from a form

HTML is not a scripting language, we can create the form but we can’t do
anything with it using pure HTML. In order to process the information entered by
the user, we’ll need to use PHP.

PHP provides a very easy way to retrieve the information entered into a form – it
assigns the values entered to a variable, called $_POST. The values are added
as an array, which means each field’s value is assigned to the same $_POST
variable. To access them, you would use the following syntax
$_POST[“field_name”]. For example:

1 <?php

2 // Retrieve the value of the email field

3 $email = $_POST[“email”];

4 $subject = $_POST[“subject”];

5 $message = $_POST[“message”];

7 // $_POST is case sensitive, this will not work

8 $fail = $_post[“email”];

9 ?>

Page 43
Customer Support | An Introduction to PHP Scripting

POST or GET
When you created your form, you specified that the method to use is “post”. You
can choose to use one of two available methods, POST or GET.

7 <form action=“contact.php” method=“post”>

… …

18 </form>

7 <form action=“contact.php” method=“get”>

… …

18 </form>

The difference between the two is fairly minor. When submitting a form using
GET, which is the default form method, the contents of the form are submitted as
part of the URL. As an example, our form would submit to the following URL
when using GET:

 http://www.yourdomain.com/contact.php?email=email@address.com&subj
ect=Subject&message=Message

There are security implications involved in submitting a form with GET,

particularly if you are creating a form that requests personal details or a
password. There are also restrictions in the length of a URL that will render very
large GET forms unusable. However, there are also advantages. For example,
you might want to be able to create a link that submits your form with certain
values entered.

If in doubt as to which method to use, you should choose the POST method. With
a POST form the entered information is sent with the page request itself, so there
is no limitation to the amount of data that can be sent.

Page 44
Customer Support | An Introduction to PHP Scripting

Note: When collecting data from a form that was submitted

using the GET method, the values are added to a variable
called $_GET instead of $_POST. For example,
$_GET[“email”] would retrieved the value of an input control
named “email”.

Process the form data

Let’s process the information submitted by your contact form. Create a new file in
your text editor called contact.php. This file will be called when your web form is
submitted.

The first thing we need to do is check to make sure the form has been submitted.
We can do this easily by establishing if the $_POST variable has been created
for one of our controls. PHP has a built in function called is isset() which we can
use to test if a variable has been set.

1 <?php

2 // Check to see if our form has been submitted

3 if(isset($_POST["email"]) == false){

4 // $_POST variable for our "email" control doesn’t exist. The form

has not been submitted

5 header("Location: contact.html");

6 } else {

7 // Form has been submitted

8 }

9 ?>

Page 45
Customer Support | An Introduction to PHP Scripting

If there is no variable called $_POST[“email”], our script uses another built in

PHP function, header(), to send an HTTP header to the web browser. The
header we send tells the web browser to redirect the user to the contact.html
page, containing the form.

You can test to see if this works or not by uploading both your contact.html and
contact.php pages. If you browse directly to your contact.php page, it should
direct you automatically back to contact.html. If you submit the form, you should
see a blank page because we haven’t added any code yet to process the data.
We’ll add that now.

1 <?php

2 // Check to see if our form has been submitted

3 if(isset($_POST["email"]) == false){

4 // $_POST variable for our "email" control doesn’t exist. The form

has not been submitted

5 header("Location: contact.html");

6 } else {

7 // Form has been submitted

8 if(validate_email($_POST["email"]) == false) {

9 // Email address is invalid

10 echo ”The email address is invalid";

11 } elseif($_POST[“subject”] == ""){

12 // No subject entered

13 echo “No subject entered”;

14 } elseif($_POST[“message”] == ""){

15 // No message entered

16 echo “No message entered”;

17 } else {

18 // Validation passed

19 echo “Validation passed!”;

Page 46
Customer Support | An Introduction to PHP Scripting

20 }

21 }

22 ?>

We’ve added an if() statement to validate our email address, and check to ensure
the “subject” and “message” fields hold a value.

However, this code won’t work at the moment. If you submit the form you will
receive the following error message…

Fatal error: Call to undefined function validate_email()

We haven’t added our custom validate_email() function yet! You are calling this
function in the first if() statement on line 8, but PHP can’t find this function in your
code. Let’s add it underneath our existing code…

1 <?php

2 // Check to see if our form has been submitted

3 if(isset($_POST["email"]) == false){

4 // $_POST variable for our "email" control doesn’t exist. The form

has not been submitted

5 header("Location: contact.html");

6 } else {

7 // Form has been submitted

8 if(validate_email($_POST["email"]) == false) {

9 // Email address is invalid

10 echo ”The email address is invalid";

11 } elseif($_POST[“subject”] == ""){

12 // No subject entered

13 echo “No subject entered”;

14 } elseif($_POST[“message”] == ""){

Page 47
Customer Support | An Introduction to PHP Scripting

15 // No message entered

16 echo “No message entered”;

17 } else {

18 // Validation passed

19 echo “Validation passed!”;

20 }

21 }

22

23 // Function to validate an email address

24 function validate_email($email) {

25 if($email == “”){

26 // No email address returned

27 return false;

28 } elseif(filter_var($email, FILTER_VALIDATE_EMAIL) == false) {

29 // The email address is not in the correct format

30 return false;

31 } else {

32 // Email address is valid

33 return true;

34 }

35 }

36 ?>

Upload your contact.php file to the web server and try out your web form. If you
enter a valid email address and any subject and message, you should see the
message “Validation passed!”.

Page 48
Customer Support | An Introduction to PHP Scripting

Securing your forms

There are several security implications when you create a web form. Often these
implications get overlooked, but it is very important that you consider the
following when writing the code that will process your web form.

Never assume the data retrieved from the

form is valid.
Unfortunately there is always a chance that a malicious user will attempt to
exploit your web form. You should always validate any data from an external
source, such as a GET or POST request, before you process it.

Make sure that the data is in a format you are expecting. For example, if you are
asking for a numeric value, there are a number of PHP functions to validate a
number. For information see Error! Reference source not found. on page
Error! Bookmark not defined..

If you are expecting text, make sure you only accept characters that you would
like to allow. If you are validating an address, for example, you probably only
need to accept alphanumeric characters, spaces, and possibly dashes. You don’t
need special characters such as < > ; and * which can be used within malicious
code. A useful built in function to strip all characters from a string, except those
which you allow, is preg_replace().

Page 49
Customer Support | An Introduction to PHP Scripting

preg_replace()

The preg_replace() function uses a regular expression to perform a search and

replace on a given string. A regular expression allows you to match characters
based on a given pattern.

The following example will string all characters that are not alphanumeric (letters
and numbers).

1 <?php

2 // Define our string, and then use preg_replace to strip non-

alphanumeric characters

3 $string = "Strip $ all ^ non-alphanumeric % characters.";

4 $string = preg_replace("/[^a-zA-Z0-9]+/", "",$string);

5 ?>

Never print data directly onto the page

Unsecure web forms are often used by malicious users to hack a website. A
common method is known as cross site scripting, in which JavaScript code is
inserted into the form input controls. If your code then prints the contents of the
form to the page, that JavaScript code could be executed.

In cross site scripting the JavaScript code can be used to read cookies and steal
data, such as personal information about your visitors or even their passwords if
you use a login

You should never print data directly from an external source onto the page.
Instead there are a number of PHP built in functions that you can use to sanitise
and convert the data into a safe format to display on a page.

Page 50
Customer Support | An Introduction to PHP Scripting

htmlentities()

This function converts a given string into a harmless string containing HTML
entities. For example, the tag “<script>” which tells your web browser that the text
that follows is JavaScript, would become “&lt;script&gt;”. Because the function
has converted the < and > brackets into html entities, your web browser will not
treat it as an HTML tag and will not execute any JavaScript code. The string
when displayed on the page, however, will appear as normal.

For example, try copying this code into a PHP file, uploading it to your server,
and then visiting the page in your web browser. You should see a page that
contains the string "<script>alert('This is a JavaScript alert');</script>".

1 <?php

2 // Use htmlentities() to make a string safe

3 $x= "<script>alert('This is a JavaScript alert');</script>";

4 echo htmlentities($x);

5 ?>

Now try removing the htmlentities() function, and printing the $x variable directly
to the page. You will notice that, instead of printing the string on the page, a
JavaScript alert box pops up.

Hopefully this demonstrates how important this function can be. If you accept
data from a web form, and print it directly to the page without htmlentities(), it
would be easy for a malicious user to submit their own JavaScript code in your
web form. If they can do this, they can perform a number of activities, such as
hijacking user’s cookie or session data to steal personal information, or infecting
your website with a virus.

Page 51
Customer Support | An Introduction to PHP Scripting

strip_tags()

This function does exactly what the name suggests; it strips any HTML tags from
a given string.

1 <?php

2 // Use strip_tags() to make a string safe

3 $x= "<script>alert('This is a JavaScript alert');</script>";

4 echo strip_tags($x);

5 ?>

This example will remove the “<script>” and closing “</script>” tags from the
string. Without these tags, the JavaScript code will not run.

Never send unprocessed data to a database

We haven’t covered connecting to a database yet, but another common method
of exploiting a vulnerable script is known as SQL injection. This vulnerability can
only exist where a web script uses the data entered into a web form to query a
database for information. For example, a search field, login form, or registration
form.

If the data entered into the form is not sanitised before it is sent to the database,
a malicious user could inject their own SQL code.

This could allow them, in theory, to modify, add, or even delete the data in your
database.

Page 52
Customer Support | An Introduction to PHP Scripting

Including files
Another extremely useful feature of PHP is the ability to include additional files
into your code. Let’s say you have written a function that you need to run on
more than one page of your website. Rather than copying the code for each
page, you can instead create another PHP file and place your function into that.
You can then call that file within each page that needs to access your function.

For example, on our website we might want to ask users to enter their email
address to sign up for a newsletter. When they sign up we will need to validate
their email address to make sure it’s valid. We’ve already written a function to do
this, which is used by our contact form. There is no need to write that function
again, we could just move that function into a separate file that both the contact
form and the newsletter sign up form could access.

Not only are we streamlining our code by removing unnecessary duplication, we

are making life much easier for ourselves if we need to find and fix any bugs
within our function, or add extra functionality.

Using your text editor, create a new file called include.php. Copy the
validate_email() function we wrote earlier to it, and upload it to the same folder as
your contact.html and contact.php files.

1 <?php

2 // Function to validate an email address

3 function validate_email($email) {

4 if($email == "") {

5 // No email address returned

6 return false;

7 } elseif(filter_var($email, FILTER_VALIDATE_EMAIL) == false) {

Page 53
Customer Support | An Introduction to PHP Scripting

8 // The email address is not in the correct format

9 return false;

10 } else {

11 // Email address is valid

12 return true;

13 }

14 }

15 ?>

PHP will not allow two functions to be defined with the same name, so open up
your contact.php file in your web browser and delete the validate_email()
function code.

Now let’s include our new file. Add the following line to the top of your
contact.php file.

2 // Include our additional file

3 include "include.php”;

Your contact.php file should now look like this…

1 <?php

2 // Include our additional file

3 include "include.php";

5 // Check to see if our form has been submitted

6 if(isset($_POST["email"]) == false) {

7 // $_POST variable for our "email" control doesn’t exist. The

form has not been submitted

8 header(’Location: contact.html’)

Page 54
Customer Support | An Introduction to PHP Scripting

9 } else {

10 // Form has been submitted

11 if(validate_email($_POST["email”]) == false) {

12 // Email address is invalid

13 echo "The email address is invalid";

14 } elseif($_POST["subject”] == ""){

15 // No subject entered

16 echo "No subject entered”;

17 } elseif($_POST["message”] == ""){

18 // No message entered

19 echo "No message entered”;

20 } else {

21 // validation passed

22 echo "Validation passed”;

23 }

24 }

25 ?>

Save the file, upload it to your web server, and try it out. If you get any error
messages check to ensure that the file you are calling in your include call is spelt
correctly, and that the contact.php and include.php files have been uploaded to
the same folder on your web server.

Page 55
Customer Support | An Introduction to PHP Scripting

Important: If you are hosting your website on a Linux web

server, remember that file names are case sensitive. This
means if you called your file “include.php”, calling, for
example, “Includes.php” or “INCLUDES.PHP” will cause an
error.
File names on Windows web servers are not case sensitive,
but it’s good practice to use the correct case when referring
to files.

Error handling
It is important that you trap any errors that occur in your code, to allow you to
track down and resolve the cause. Bugs often creep in to web applications,
particularly larger ones, but if you have a robust error handling process, trapping
and fixing them shouldn’t be difficult.

PHP allows you to create your own error handling function, which will be called
whenever an error occurs. You could use this function to send a report of the
error by email, and/or to log the error to a text file, as well as displaying the error
on the screen.

To define a custom error handler, use the PHP function set_error_handler().

Copy the following code at the top of your includes.php file, before your existing
validate_email() function.

1 <?php

2 // Set your own error handler

3 set_error_handler("error_handler");

Page 56
Customer Support | An Introduction to PHP Scripting

5 // Create the function that will handle the error

6 function error_handler($err_number,$err_text,$err_file,$err_line){

7 // Perform your error handling here

8 }

9 ?>

In this example we set the error handler to a custom function that we’ve called
“error_handler”.

The custom error handling function can accept four parameters, which we’ve
called $err_number, $err_text, $err_file, and $err_line.

 $err_number – Each error in PHP has a unique code. The first parameter
will contain this code for the error that’s just occurred.

 $err_text – The second parameter contains the text of the error message.

 $err_file – The third parameter contains the name of the file in which the
error occurred. This is extremely useful for tracking the code that caused
the error.

 $err_line – The fourth parameter tells you on which line of your code the
error was encountered. Again, this is essential for tracking down the cause
of the error.

Quick tip: These parameters are always passed to your

custom error handler in this order. However, you can give
the parameters any name you would like.

Page 57
Customer Support | An Introduction to PHP Scripting

Let’s modify our error handler to display a detailed error message.

1 <?php

2 // Set your own error handler

3 set_error_handler("error_handler");

5 // Create the function that will handle the error

6 function error_handler($err_number,$err_text,$err_file,$err_line){

7 // Display this error

8 echo "Oops, an error occurred: " . $err_text . "<br />";

9 echo "Error code: " . $err_number . "<br />";

10 echo "In file: " . $err_file . "<br />";

11 echo "On line: " . $err_line . “<br />”;

12 }

13 ?>

Upload your modified includes.php file to your web server.

Page 58
Customer Support | An Introduction to PHP Scripting

Testing your error handler

If you want to test your error, handler you can use PHP’s trigger_error() function.
This will trigger a user defined error.

1 <?php

2 // Trigger an error

3 trigger_error("This is an error message!");

4 ?>

Sending an email
Let’s create a function to send an email. The built in PHP function mail() can be
used to send the mail, but before we do we need to apply a little validation.

Our function will have three parameters, $from, $subject, and $message. When
calling the function we will supply the email address we are sending the mail
from, the subject of the email, and the message itself. We will validate the
supplied email address, check that a subject and message have been supplied,
and send the mail.

Open the include.php file in your text editor, and add the following code below
the validate_email() function, but before the closing PHP ?> tag.

1 // Function to send an email

2 function send_email($from, $subject, $message){

3 if(validate_email($from) == false) {

4 // Sender email address is invalid

5 return false;

Page 59
Customer Support | An Introduction to PHP Scripting

6 } elseif($subject == "") {

7 // No subject supplied

8 return false;

9 } elseif($message == "") {

10 // No message supplied

11 Return false;

12 } else {

13 // Send email

14 }

15 }

As you can see we are defining a function called “send_email” with our three
parameters. The if() statement validates each parameter in turn and returns false
if any of those parameters are invalid or not supplied.

Now we’ll create the code to prepare and send the email if the validation passes
successfully.

The mail() function needs to know what time zone to use when sending the
email, so we’ll set this first. While your server may have the time zone set by
default, it’s best to set this manually to be safe especially if you are hosting your
website on a shared web server.

We will use the PHP built in function date_default_timezone_set() to set the time
zone to “Europe/London”.

13 // Set timezone

14 date_default_timezone_set ("Europe/London");

Next we need to set the email address from which the email will be sent. This
must be a valid email address.

Page 60
Customer Support | An Introduction to PHP Scripting

Important: If your website is hosted with Fasthosts, either

the email address you are sending to or the email address
you are sending from must be an existing mailbox on the
Fasthosts email platform.

If you are not hosting your website with Fasthosts, your

hosting provider may have a similar requirement.

16 // The email address to send to (don’t forget to change this to your

own email address)

17 $to = "ralph@ralphsdomainname.com";

We now need to prepare our email address to send from the email address
supplied to the function, which will eventually be the email address your visitor
provides when filling out the contact form. We set the email address in the email
headers, so we’ll create another variable called $headers for these.

19 // Prepare the email headers

20 $headers = "From: " . $from . “\r\n”;

21 $headers = $headers . “Reply-To: “ . $from . “\r\n”;

The “\r\n” characters specify a line break should be used. Because email headers
are plain text, and not HTML, the “<br />” tag will not create a line break here.

With our headers prepared, we can send the email. Before we do this, however,
we need to use another PHP function called ini_set() to set the sender email
address configuration setting for your website. This is necessary if sending mail
from Fasthosts web servers.

Page 61
Customer Support | An Introduction to PHP Scripting

Following the ini_set() function is the mail() function. We supply the following
variables as parameters.

 $to – The email address we are sending to, which we have just set.

 $subject – The subject of the message, passed to the function as a

parameter.

 $message – The message body, again passed to the function as a

parameter.

 $headers – The headers we compiled earlier.

 “-f” . $from – Fasthosts web hosting require you to again supply the
senders email address, along with the “-f” flag. If you are not hosting your
site with Fasthosts, you may not need this additional parameter.

23 // Send the email

24 ini_set("sendmail_from", $from);

25 return mail($to, $subject, $message, $headers,“-f “ . $from);

The mail() function returns true if the email was accepted for delivery, and false if
not. Our function will return the value that the mail() function supplies.

That’s all there is to it! Your complete send_email() function should look like
this…

Page 62
Customer Support | An Introduction to PHP Scripting

1 // Function to send an email

2 function send_email($from, $subject, $message){

3 if(validate_email($from) == false) {

4 // Sender email address is invalid

5 return false;

6 } elseif($subject == “”){

7 // No subject supplied

8 return false;

9 } elseif($message == “”){

10 // No message supplied

11 return false;

12 } else {

13 // Set timezone

14 date_default_timezone_set(“Europe/London”);

15

16 // The email address to send to (don’t forget to change this

to your own email address)

17 $to = “ralph@ralphsdomainname.com”;

18

19 // Prepare the email headers

20 $headers = "From: " . $from . "\r\n";

21 $headers = $headers . "Reply-To: " . $from . "\r\n";

22

23 // Send the email

24 ini_set(“sendmail_from”,$from);

25 return mail($to, $subject, $message, $headers, "-f" .$from);

26 }

27 }

Page 63
Customer Support | An Introduction to PHP Scripting

Important: Don’t forget to substitute the

“ralph@ralphsdomainname.com” email address with your
own!

Using your new function to send an email

Let’s add a call to our new send_email() function to our contact.php page, so
when a visitor submits your contact form you receive an email.

Because our send_email() function returns true if successful, and false if not, we
are going to call the function inside another if() conditional statement. This will
allow us to display an error if we can’t send the email and a success message if
we can.

This is the code we will add after the validation. It calls our send_email() function
with the values retrieved from the form input controls called “email”, “subject”,
and “message”.

1 // Validation passed

2 if(send_email($_POST["email"], $_POST["subject"], $_POST["message"])) {

3 // Message sent

4 echo "Thankyou, your email has been sent";

5 } else {

6 //Error sending email

7 echo ” An error occurred whilst sending the email, please try again

later”;

8 }

Page 64
Customer Support | An Introduction to PHP Scripting

Open the contact.php file in your text editor, and add the code above to it as
shown below.

1 <?php

2 // Include our additional file

3 include “include.php”;

5 // Check to see if our form has been submitted

6 if(isset($_POST["email"]) == false) {

7 // $_POST variable for our "email" control doesn’t exist. The

form has not been submitted

8 header('Location: contact.html');

9 } else {

10 // Form has been submitted

11 if(validate_email($_POST["email"]) == false) {

12 // Email address is invalid

13 echo "The email address is invalid";

14 } elseif($_POST["subject"] == "") {

15 // No subject entered

16 echo "No subject entered";

17 } elseif($_POST["message"] == "") {

18 // No message entered

19 echo "No message entered";

20 } else {

21 // Validation passed

22 if(send_email($_POST["email"], $_POST["subject"],

$_POST["message"])) {

23 // Message sent

24 echo "Thankyou, your email has been sent";

25 } else {

26 // Error sending email

Page 65
Customer Support | An Introduction to PHP Scripting

27 echo "An error occurred whilst sending the email,

please try again later";

28 }

29 }

30 }

31 ?>

Upload the contact.php file to your web server, along with the include.php file,
and test it. Did you receive the email? If you didn’t make sure both the email
addresses you are sending to and from exist, and that one of them is hosted with
your web hosting provider.

Sending an error report

Now that our send_email() function is complete, we can modify our custom error
handler to send us a report by email should any error occur. This demonstrates
the beauty of functions – rather than having to write additional code to send the
email, we can simply call our existing code and put it to a slightly different use.

We’ll add the following code to send the error report…

13 // Send an error report

14 $report = "Error: “ . $err_text . "\r\n“;

15 $report = $report . "Error code: " . $err_number . "\r\n";

16 $report = $report . "In file: " . $err_file . "\r\n";

17 $report = $report . "On line: " . $err_line;

18 $success = send_mail("error@ralphsdomainname.com", "Error report",

$report);

19 if($success == true) {

Page 66
Customer Support | An Introduction to PHP Scripting

20 echo "This error has been reported to the website administrator.<br

/>";

21 }

This code compiles the report to send, using the $report variable. We then call
our send_email() function, specifying that we are sending the email from
“error@ralphsdomainname.com”, with a subject of “Error report”.

Important: Don’t forget to substitute the

“error@ralphsdomainname.com” email address with your
own!

As a courtesy we inform the user that an error report has been sent to the
website administrator if the email is sent successfully.

Let’s put this code into our error handling function. Open the include.php file in
your text editor and add the above code to your error_handler() function.

1 <?php

2 // Set your own error handler

3 set_error_handler("error_handler");

5 // Create the function that will handle the error

6 function error_handler($err_number, $err_text, $err_file,$err_line){

7 // Display this error

8 echo "Oops, an error occurred: " . $err_text . "<br />";

9 echo "Error code: " . $err_number . "<br />";

10 echo "In file: " . $err_file . "<br />";

11 echo "On line: " . $err_line . "<br />";

Page 67
Customer Support | An Introduction to PHP Scripting

12

13 // Send an error report

14 $report = "Error: " . $err_text . "\r\n";

15 $report = $report . "Error code: " . $err_number . "\r\n";

16 $report = $report . "In file: " . $err_file . "\r\n";

17 $report = $report . "On line: " . $err_line;

18 $success = send_mail("error@ralphsdomainname.com","Error

report",$report);

19 if($success == true) {

20 echo "This error has been reported to the website

administrator.<br />";

21 }

22 }

23 ?>

Testing the error handler

Let’s test the error handler to make sure you receive the error report. Add the
following code to your contact.php file.

Make sure you trigger the error after you have included your include.php file,
because that’s where you define your custom error handler.

1 <?php

2 // Include our additional file

3 include "include.php";

5 // Trigger an error

6 trigger_error("This is an error message");

Page 68
Customer Support | An Introduction to PHP Scripting

Save both your contact.php and include.php files, upload them to your web
server, and test your form. Don’t forget to remove the trigger_error() function call
once you’ve finished testing your error handler.

Connecting to a database
One of the most powerful features of PHP is the ability to connect to a database.
You can use a database to significantly extend the capabilities of your website.
For example, a database makes it rather simple to add or modify website content
through a content management system, without the need to modify your site’s
source files. You could also implement search features, an account sign up and
login system, or a shopping basket.

The database of choice for PHP users is MySQL which, just like PHP, is free and
open source software. It is also extremely powerful, and as a result is one of the
most popular database solutions available today.

An introduction to SQL
SQL is an acronym for Structured Query Language. It is a programming
language specifically designed for querying and managing the data held within a
relational database.

With PHP, you simply connect to the MySQL database and send an SQL query
to the database server. The MySQL server will then process the query, and send
the requested data back for PHP to handle.

SQL queries can be very basic. One of the most common types of query is a
SELECT query, which simply returns data from the database. For example, the
following query will display all records found in a table called “Products”.

Page 69
Customer Support | An Introduction to PHP Scripting

SELECT * FROM Products;

The asterisk (*) is a shorthand method of telling MySQL to select all fields in the
table. If you only needed to retrieve the value of two fields called “ID” and “Name”
you could use.

SELECT ID, Name FROM Products;

Preparing your database

In order to complete this chapter you will need a MySQL database with at least
one table. If you do not already have a MySQL database, you can add one in
your Fasthosts control panel. If you host your website with another hosting
provider, they probably also offer MySQL.

You will need the following details for your database:

 The database host – This is the address you use to connect to the
database. If the database is hosted on the same server as your website this
will be “localhost”, otherwise it will probably be an IP address.

 The database name – This is the name you chose when you created the
database.

 The database user – The username you use to connect to the database.

 The database password – The password for the above user.

The script that we will write will retrieve a list of products from a table called
“Products” in your database. If this table does not exist, you can either create it,

Page 70
Customer Support | An Introduction to PHP Scripting

with the following fields, or just substitute the table and field names for your own
in the code.

Our “Products” table contains the following fields.

Field name Field type Description

ID INTEGER The unique ID of each record. This is the
primary key for this table.
Name VARCHAR(20) String of up to 20 characters containing the
name of the product.
Description VARCHAR(100) String of up to 100 characters containing a
short description of the product.
Connecting to the database
To connect to the database we are going to use the MySQL Improved (MySQLi)
extension. This extension is supplied with PHP, and should be enabled for the
majority of web hosting providers.

This extension is the recommended method of connecting to a database because

it has built upon an earlier MySQL extension to provide enhanced security and
stability

Note: The MySQLi extension has been supplied with PHP

from version 5.0.0. However, in some installations the
extension may not be enabled by default. If you are
configuring your own development environment, please see
the PHP article on installing the MySQLi extension libraries.

Page 71
Customer Support | An Introduction to PHP Scripting

Preparing your PHP code

Let’s start writing a script that will connect to the database. Create a new file in
your text editor called database.php.

First, we will define the database connection details. We do this using a feature
of PHP called constants. Constants are similar to variables, except that their
value cannot be changed during runtime.

They are defined in your code like this.

1 <?php

2 define("CONSTANT_NAME", "Value");

3 echo CONSTANT_NAME;

4 ?>

When defining the constant, you can use any name you wish. However,
developers usually use upper case names for constants to help them easily
identify them in their code.

Note that when defining a constant it is named within a string, but when referring
to it from then on no quotation marks are required.

Page 72
Customer Support | An Introduction to PHP Scripting

Let’s define four constants that will hold our database connection details.

1 <?php

2 define("DB_HOST", "213.171.200.57"); // The host address of the database.

3 define("DB_NAME", "ralphsdatabase"); // The name of the database.

4 define("DB_USER", "username"); // The username to connect with.

5 define("DB_USER", "password"); // The password for the above user.

6 ?>

Quick tip: For security it’s a good idea to define these

connection details in a separate include file that is located in
a private folder that cannot be directly browsed to in a web
browser.

Next, we’ll prepare the SQL query that we will be using. It’s good practice to only
open the connection to the database for the minimum time necessary to run the
query and return the results, so we’ll prepare the query before we open the
connection.

All our query will do is return the ID, name, and a description of each product in
our “Products” table. The SQL query will look like this.

SELECT ID, Name, Description FROM Products ORDER BY Name ASC;

Page 73
Customer Support | An Introduction to PHP Scripting

This query will select the fields “ID”, “Name”, and “Description” from the table
called “Products”. It will also order the results in ascending order by the “Name”
field. This will result in all products being listed in alphabetical order.

1 <?php

2 define(" DB_HOST", "213.171.200.57"); // The host address of the database.

3 define("DB_NAME", "ralphsdatabase"); // The name of the database.

4 define("DB_USER", "username"); // The username to connect with.

5 define("DB_USER", "password"); // The password for the above user.

7 // Prepare our query

8 $query = "SELECT ID, Name, Description FROM Products ORDER BY Name ASC;";

9 ?>

Creating the connection

Now that we have prepared our database and query details, let’s attempt to make
the connection. To do this we use the line…

10 // Connect to the database

11 $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

This code creates a new variable called “mysqli” (you can use any name you
like), which contains the database connection. When we initialise the connection
we are creating a new object based on the MySQLi extension.

Essentially, an object is similar to an array in that it can contain different values.

However, an object can also contain one or more code functions to perform
specific tasks. In this case the MySQLi object that we have created and assigned

Page 74
Customer Support | An Introduction to PHP Scripting

to the $mysqli variable contains several functions that we can use to query the
database and retrieve the results.

When creating the database object we specify the database host, user,
password, and database name. These parameters must be placed in this order.

At the moment we have no idea if the connection to the database has been
successful. So let’s find out.

13 // See if the connection was successful

14 if(mysqli_connect_errno()) {

15 // Error connecting to database

16 echo "Unable to connect to the database: " . $mysqli-

>connect_error();

17 } else {

18 // Database connection successful

19 echo "Connection successful";

20

21 // Close database connection

22 $mysqli->close();

23 }

If there was an error connecting to the database, the mysqli_connect_errno()

function will return that error. Our code above checks to see if there was an error,
and displays the error if there was. If there was no error it prints “Connection
successful” to the page.

After this the command $mysqli->close() closes the connection to the database.

Page 75
Customer Support | An Introduction to PHP Scripting

Important: You must always close database connections as

soon as you have finished with them. If you don’t, your
database server will start to suffer from performance issues
as more and more connections open.

In this code we run two functions in the MySQLi object, connect_error() and
close(). Notice how to run these functions you must specify the name of the
variable containing the object, followed by a dash and greater than symbol (->),
then the function name.

The full code in your database.php file should look similar to this…

13 <?php

14 define("DB_HOST","213.171.200.57");//The host address of the

database.

15 define("DB_NAME", "ralphsdatabase");//The name of the database.

16 define("DB_USER", "username");//The username to connect with.

17 define("DB_PASSWORD", "password");//The password for the above user.

18

19 //Prepare our query

20 $query = "SELECT ID, Name, Description FROM Products ORDER BY Name

ASC;";

21

22 //Connect to the database

23 $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

24

25 //See if the connection was successful

26 if(mysqli_connect_errno()) {

27 //Error connecting to database

Page 76
Customer Support | An Introduction to PHP Scripting

28 echo "Unable to connect to the database: " . $mysqli-

>connect_error();

29 } else {

30 //Database connection successful

31 echo "Connection successful";

32

33 //Close database connection

34 $mysqli->close();

35 }

36 ?>

Save the database.php file and upload it to your web server, it’s time to test it.

Page 77
Customer Support | An Introduction to PHP Scripting

Connection Errors
If it worked and you’re now looking at a page with the words “Connection
successful” then well done! If it didn’t work, then there is a good chance you’re
looking at one of these errors (or one very similar).

Warning: mysqli::mysqli() [mysqli.mysqli]: (28000/1045): Access denied for

user '<database user>'@'<database host>' (using password: YES)

Cause Solution
This is a simple “Access denied” error. Check that your username and
The username and/or the password password are spelt correctly.
you are using are not correct. Remember they are case sensitive. If
your database is hosted with
Fasthosts you can change the
password in your control panel.
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2003): Can't connect to
MySQL server on '<database host>' (10061)

Cause Solution
The database host you supplied is Check that the database host is
incorrect or the database server is correct. If your database is hosted with
unavailable. Fasthosts this will be an IP address,
which is available in your control
panel.
Running a query and retrieving results
All we’ve done so far is successfully connect to the database; we have yet to
query and data from it.

To query the data we are going to create a prepared statement. Prepared

statements allow optimised performance when querying the database, and
minimise the risk of SQL injection where a malicious user is able to insert their
own code.

Page 78
Customer Support | An Introduction to PHP Scripting

In our current example this isn’t a risk, because we are not using data from an
external source (such as a form) to create our SQL statement. However, it’s good
practice to get into the habit of using prepared statements.

Once the connection to the database is established, we need to prepare our

statement with the following code.

18 // Create the statement

19 $stmt = $mysqli->stmt_init();

20 if(!$stmt->prepare($query)) {

21 // Unable to prepare statement, probably an SQL error.

22 echo "Unable to prepare the statement: " . $stmt->error;

23 } else {

24 //Statement created

25 echo "Statement created";

26

27 //Close statement

28 $stmt->close();

29 }

The first line of code uses the MySQLi objects stmt_init() function to initiate the
prepared statement engine. This creates another object, which we’ve assigned to
a variable called $stmt. This object will allow us to prepare and run the statement,
and retrieve the results.

The following line then prepares the statement using the query we defined
earlier, in the $query variable. If there is a problem preparing the query, we
display the error message.

Page 79
Customer Support | An Introduction to PHP Scripting

If the query is prepared successfully you must remember to close the statement
when you have finished using it, just like you must close the database
connection.

Executing the statement

At this stage we still haven’t queried the database, but we are now ready to do
this, with the following code.

24 //Execute query and store result

25 $stmt = $mysqli->stmt_init();

26 if(!$stmt->prepare($query)) {

These lines of code are relatively easy to understand. The first, $stmt->execute(),
simply executes our SQL query.

The second, $stmt->store_result(), stores the results from the database which
will allow our following code to access those results. Let’s check to see if there
were any records returned.

28 //Check if there were any results

29 if($stmt->num_rows == 0) {

30 //No records found

31 echo "No records";

32 } else {

33 //There are records

34 echo "There are " , $stmt->num_rows . " records<br />";

35 }

Page 80
Customer Support | An Introduction to PHP Scripting

The property “num_rows” of our statement contains the number of records that
were retrieved from the database. If this is 0, our code displays a message to
inform the user that there were no records; otherwise it displays the number of
records found.

Binding the results to variables

If records were returned from our query, we are going to need to write some code
to retrieve these values. As this is a demonstration, our code is simply going to
print each returned record on a new line.

With prepared statements we need to create a new variable for each field that we
have asked for in our query. Let’s take another look at the SQL we are using:

SELECT ID, Name, Description FROM Products ORDER BY Name ASC;

We are asking for the values of the ID, Name, and Description fields. We must
bind, or link, each of these three fields to its own variable.

It doesn’t matter what you call these variables. However, to make it easy to
understand which variable contains data from which field, we’ll call them $id,
$name, and $description.

36 //Bind the results from the database to variables

37 $stmt->bind_result($id, $name, $description);

The bind_result() function connects the fields in our query with the variables. It is
important that your variables appear in the same order when passed to the
bind_result() function as they do in your SQL statement.

Page 81
Customer Support | An Introduction to PHP Scripting

Looping through the results

Now that our results are bound to our variables, it’s nice and easy to loop through
all the results. To do this we’ll use a while() loop.

39 // Loop through each record

40 while($stmt->fetch()) {

41 echo $name . " (ID: " . $id . ") - " . $description . "<br />";

42 }

The prepared statement’s fetch() function will retrieve the values from the first
record returned, and then each time it is called it will return the next record until it
reaches the last. When there are no results left, the function will return false.

Our while() loop will loop until fetch() returns false, i.e. it will loop once for each
record returned from our results.

Each time the fetch() function is called it will assign the data for each field in the
current record to the corresponding variable that we bound earlier. Hence, for
each iteration of the loop our $id, $name, and $description variables will contain
the relevant details from the current record, which we can print on the page.

Page 82
Customer Support | An Introduction to PHP Scripting

The complete code

Here is the code in all its glory! If you haven’t already, copy this to your
database.php file and upload it to your web hosting server. Don’t forget to
update the database connection details with your own.

1 <?php

2 define("DB_HOST","213.171.200.57");//The host address of the

database.

3 define("DB_NAME", "ralphsdatabase");//The name of the database.

4 define("DB_USER", "username");//The username to connect with.

5 define("DB_PASSWORD", "password");//The password for the above user.

7 //Prepare our query

8 $query = "SELECT ID, Name, Description FROM Products ORDER BY Name

ASC;";

10 //Connect to the database

11 $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

12

13 //See if the connection was successful

14 if(mysqli_connect_errno()) {

15 // Error connecting to database

16 echo "Unable to connect to the database: " . $mysqli-

>connect_error();

17 } else {

18 // Create the statement

19 $stmt = $mysqli->stmt_init();

20 if(!$stmt->prepare($query)) {

21 // Unable to prepare statement, probably an SQL error.

22 echo "Unable to prepare the statement: " . $stmt->error;

Page 83
Customer Support | An Introduction to PHP Scripting

23 } else {

24 // Execute query and store result

25 $stmt->execute();

26 $stmt->store_result();

27

28 // Check if there were any results

29 if($stmt->num_rows == 0) {

30 // No records found

31 echo "No records";

32 } else {

33 // There are records

34 echo "There are " . $stmt->num_rows . " records<br

/>";

35

36 // Bind the results from the database to variables

37 $stmt->bind_result($id, $name, $description);

38

39 // Loop through each record

40 while($stmt->fetch()) {

41 echo $name . " (ID: " . $id . ") - " .

$description . "<br />";

42 }

43 }

44

45 // Close statement

46 $stmt->close();

47 }

48

49 // Close database connection

50 $mysqli->close();

51 }

52 ?>

Page 84
Customer Support | An Introduction to PHP Scripting

Congratulations, you have now connected to a database and retrieved a series of

data! Of course, this is a very simple demonstration. The power of MySQL is far
greater than we can cover in this guide.

If you would like to learn more about setting up and querying MySQL databases,
as well as building a powerful web application using a database, then take a look
at our next guide in this series An Introduction to MySQL Databases.

Appendix A: Common errors

Here is a list of some of the common errors that you might encounter when you
start programming with PHP, along with some possible solutions.

No input file specified.

Cause Solution
This error message is displayed when Check that the URL you are browsing
you browse to a PHP file that doesn’t to exists on your web server. If you are
exist. hosting your website on a Linux web
server, remember that file names are
case sensitive, so a file called
“index.php” would not be found if you
browsed to “Index.php”.
Parse error: syntax error, unexpected <statement>, expecting ',' or ';'

Cause Solution
This error message is most often Check the line before the line number
caused by a missing semi-colon at the given in the error message to make
end of the line. sure there is a semi-colon (;) at the
end of the text.

Page 85
Customer Support | An Introduction to PHP Scripting

Parse error: syntax error, unexpected $end

Cause Solution
This error message is often caused by Check that each if() conditional
an unclosed if() condition, loop, or statement and loop (while(), do…
string. while(), for(), foreach()) has the correct
number of opening and closing { }
brackets. Check also that every string
you define has an opening and closing
single or double quotation mark.
Missing argument <n> for <function>()

Cause Solution
You have defined a function, The error message will tell you on
<function>, which requires one or which line your function is called.
more parameters to be supplied when Check the code on that line to make
the function is called. However, your sure you are supplying the correct
code is missing one or more number of parameters.
parameters (<n>).
Parse error: syntax error, unexpected '='

Cause Solution
You are defining a variable but have The error will give you the line number
not used the dollar ($) sign when on which the error occurs. Check that
naming it. For example “x = 5;” instead line in your code to make sure you are
of “$x = 5;”. defining the variable correctly.
Notice: Use of undefined constant <name> - assumed '<name>'

Cause Solution
You are most likely referring to a The error will give you the line number
variable incorrectly. For example, you on which the error occurs. Make sure
have defined a variable called $x in you are referring to your variable
your code, but are referring to it as “x”. correctly.

Page 86
Customer Support | An Introduction to PHP Scripting

Fatal error: Call to undefined function <function>()

Cause Solution
You are calling a function, Check the spelling of the function you
<function>(), which does not exist. are calling. If the spelling is correct,
make sure the file in which the function
exists has been included in your
project.

Appendix B: Glossary of terms

Term Description
Array An array allows you to store several pieces of data in one
variable. Each piece of data has a numerical key which can
be used to refer to that data.
Associative An associative array allows you to store several pieces of
array data in one variable. Each piece of data has its own key
which can be used to refer to that data. In an associative
array each key has a unique name, rather than a number.
Boolean A Boolean is a data type that holds the value "true" or
"false".

Camel case Camel case is where names with multiple words are written
as one word without spaces, with capital letters to separate
the words. This is common when naming functions, for
example myFunctionName().
Client side Something that is described as client side is executed on the
user's machine. JavaScript, for example, is a client side
language because it is run by the web browser after the
page has downloaded.
Concatenation The concatenation operator is a full stop (.) and allows two
Operator values to be joined together.

Conditional A conditional statement allows different code to be executed

statement depending on whether a condition is met. An example is the
if() statement.

Page 87
Customer Support | An Introduction to PHP Scripting

Constant A constant is a given name that refers to a value. It is similar

to a variable, but the value of a constant cannot be changed
at run time.

Cookie A cookie is a text file that is stored in the client’s web

browser. They store data from a website that the site can
retrieve at a later date.

Error Handler An error handler is a function that is designed to trap and

process any errors that occur in the code.

Expression An expression is essentially anything that has a value, for

example variables or constants. A function that returns a
value can also be classed as an expression.

Float A float, or floating point number, is a number that can be a

whole number or a decimal. This data type is usually used
for large decimal numbers.

Function A function is a collection of code that runs independently to

any other code. Functions can be called from any block of
code, and are often used to run repetitive tasks to avoid
code duplication.
Integer An integer is a whole number.

Loop A loop allows a block of code to run repeatedly, either a set

number of times or while a given condition is true.

Multidimensional A multidimensional array is an array that holds one or more

array arrays within it.

Null A data type that represents a variable with no value.

Page 88
Customer Support | An Introduction to PHP Scripting

Operator An operator is a symbol used to assign a value to a variable,

or compare two or more variables in a conditional statement.

Prepared When connecting to a database, a prepared statement

Statement allows you to prepare an SQL statement before you execute
it. Prepared statements allow you to run similar queries with
greater efficiency.
Query In a database a query is a piece of SQL code that is
executed by the database in order to modify data or return a
list of records.

Server side Something that is described as server side is executed on

the web hosting server, before any results are sent to the
client. PHP is a server side language.

SQL Structured Query Language (SQL) is a language used to

create, retrieve, and organise data in a database.

String A string is a data type that holds text.

Variable A variable is a named element that holds a piece of data.

The data held within a variable can change during runtime.

Page 89
Customer Support | An Introduction to PHP Scripting

Appendix C: Useful PHP functions

There are hundreds of built in PHP functions to make your life much easier. Here
are just a few essential functions along with links to the official PHP
documentation.

Variable functions
Function Name Description
filter_var() Filter a variable to see if it appears valid.
is_array() Check to see if a given variable is an array.
is_bool() Check to see if a given variable is a Boolean (true or false)
data type.
is_int() Check to see if a given variable is an integer (whole
number) data type.
is_null() Check to see if a given variable is null, i.e. has no value.
is_numeric() Check to see if a given variable is a number. Unlike
is_int(), the number doesn’t necessarily have to be an
integer.
is_string() Check to see if a given variable is a string data type.
isset() Check to see if a given variable has been initialized.
unset() Destroy a variable.
String functions
Function Name Description
addslashes() Returns a string with backslashes before characters
that need to be escaped for database queries (e.g.
single/double quotes and backslash characters).
echo() Print text to the page. This function is the same as
print().
html_entity_decode() The opposite of htmlentities(), converts a string
containing HTML entities to normal characters.
htmlentities() Convert a string to HTML entities. This is a useful
security measure, and should be used whenever
printing data from an external source to the page.
ltrim() Trim whitespace (e.g. spaces, tabs, line breaks) from
the left side of a string.

Page 90
Customer Support | An Introduction to PHP Scripting

print() Print text to the page. This function is the same as

echo().
rtrim() Trim whitespace (e.g. spaces, tabs, line breaks) from
the right side of a string.
strip_tags() Remove any HTML tags from a given string variable.
strlen() Return the number of characters in a string.
strtolower() Convert the supplied text to lower case characters.
strtoupper() Convert the supplied text to upper case characters.
trim() Trim whitespace (eg spaces, tabs, line breaks) from
both ends of a string.
Array functions
Function Name Description

array() Create an array.

array_pop() Remove the last entry from an array.
count() Count the number of items in an array.
in_array() Check to see if the given value exists in an array.

sort() Sort the elements in an array from lowest to highest.

Error functions
Function Name Description

set_error_handler() Set the error handler to a custom function. This gives you
much more control over how your application deals with
errors.
trigger_error() Triggers a custom error.

Page 91
Customer Support | An Introduction to PHP Scripting

Appendix D: The Source code

For your reference, the full source code for the contact form built during this
guide is available below. The project consists of three files, contact.html,
contact.php, and include.php.

contact.html

1 <!DOCTYPE html>

2 <html>

3 <head>

4 <title>Contact us</title>

5 </head>

6 <body>

7 <form action="contact.php" method="post">

8 <label for="email">Your email address</label><br />

9 <input type="text" name="email" id="email" /><br />

10

11 <label for="subject">Message subject</label><br />

12 <input type="text" name="subject" id="subject" /><br />

13

14 <label for="message" >Message</label><br />

15 <input type=“textarea"name="message"id="message"/><br />

16

17 <input type="Submit" value="Send Message" />

18 </form>

19 </body>

20 </html>

Page 92
Customer Support | An Introduction to PHP Scripting

contact.php

1 <?php

2 // Include our additional file

3 include "include.php";

5 // Check to see if our form has been submitted

6 if(isset($_POST["email"]) == false) {

7 // $_POST variable for our "email" control doesn’t exist. The

form has not been submitted

8 header('Location: contact.html');

9 } else {

10 // Form has been submitted

11 if(validate_email($_POST["email"]) == false) {

12 // Email address is invalid

13 echo "The email address is invalid";

14 } elseif($_POST["subject"] == "") {

15 // No subject entered

16 echo "No subject entered";

17 } elseif($_POST["message"] == "") {

18 // No message entered

19 echo "No message entered";

20 } else {

21 // Validation passed

22 if(send_email($_POST["email"], $_POST["subject"],

$_POST["message"])) {

23 // Message sent

24 echo "Thankyou, your email has been sent";

25 } else {

26 // Error sending email

Page 93
Customer Support | An Introduction to PHP Scripting

27 echo "An error occurred whilst sending the email,

please try again later";

28 }

29 }

30 }

31 ?>

include.php

1 <?php

2 // Set your own error handler

3 set_error_handler("error_handler");

5 // Create the function that will handle the error

6 function error_handler($err_number,$err_text,$err_file,$err_line) {

7 // Display this error

8 echo "Oops, an error occurred: " . $err_text . "<br />";

9 echo "Error code: " . $err_number . "<br />";

10 echo "In file: " . $err_file . "<br />";

11 echo "On line: " . $err_line . "<br />";

12

13 // Send an error report

14 $report = "Error: " . $err_text . "\r\n";

15 $report = $report . "Error code: " . $err_number . "\r\n";

16 $report = $report . "In file: " . $err_file . "\r\n";

17 $report = $report . "On line: " . $err_line;

18 $success = send_mail("error@ralphsdomainname.com", "Error

report", $report);

19 if($success == true) {

20 echo "This error has been reported to the website

administrator.<br />";

Page 94
Customer Support | An Introduction to PHP Scripting

21 }

22 }

23

24 // Function to validate an email address

25 function validate_email($email) {

26 if($email == "") {

27 // No email address returned

28 return false;

29 } elseif(filter_var($email, FILTER_VALIDATE_EMAIL) == false) {

30 // The email address is not in the correct format

31 return false;

32 } else {

33 // Email address is valid

34 return true;

35 }

36 }

37

38 // Function to send an email

39 function send_email($from, $subject, $message) {

40 if(validate_email($from) == false) {

41 // Sender email address is invalid

42 return false;

43 } elseif($subject == "") {

44 // No subject supplied

45 return false;

46 } elseif($message == "") {

47 // No message supplied

48 return false;

49 } else {

50 // Set timezone

51 date_default_timezone_set("Europe/London");

52

Page 95
Customer Support | An Introduction to PHP Scripting

53 // The email address to send to

54 $to = "ralph@ralphsdomainname.com";

55

56 // Prepare the email headers

57 $headers = "From: " . $from . "\r\n";

58 $headers = $headers . "Reply-To: " . $from . "\r\n";

59

60 // Send the email

61 ini_set("sendmail_from", $from);

62 return mail($to,$subject,$message,$headers,"-f" .$from);

63 }

64 }

65 ?>

Important: Don’t forget to substitute the

“ralph@ralphsdomainname.com” and
“error@ralphsdomainname.com” email addresses with your
own!

Page 96