Home » Questions » php

php

PHP logo

PHP: Hypertext Preprocessor (PHP) is a widely used, general-purpose server side scripting language that is especially suited for web development. The latest stable release, development changes, and development branches can be found on the PHP website (http://www.php.net/).

See the UPGRADING and UPGRADING.INTERNALS files for release migration instructions.

Community

PHP has many active community forums, including:

Online documentation

The PHP manual is the official documentation for the language syntax, featuring function search and URL shortcuts (for example http://php.net/explode). The API is well documented for native and additional extensions. Most additional extensions can be found in PECL. The PEAR repository contains a plethora of community supplied classes.

Free PHP Programming Books

Database support

PHP supports a wide range of databases, relational and non-relational alike.

PHP is often paired with the MySQL relational database. PHP also includes great database support for PostgreSQL, SQLite, Microsoft SQL Server (API reference), Oracle, IBM DB2 & Cloudscape, Apache Derby and even ODBC.

All modern versions of PHP include PDO, a built-in data-access abstraction library with comprehensive connectivity options. More recently, PECL extensions have surfaced that offer “NoSQL” database support, including Apache Thrift (for Apache Cassandra), MongoDB, Redis, and others.

Useful Third-party Code and Tools

In addition to the vast functionality provided in the PHP Core and through PEAR and PECL, there are a number of noteworthy 3rd party contributions to the PHP world, some of which are listed below.

Frameworks

PHP has a variety of object-oriented web application frameworks that provide a lot of the common functionality required to build modern web application out of the box, with the more well-known being (in alphabetical order) the following ones:

Object-Relational Mapping

Object relational Maps try to solve or mitigate the object-relational impedance mismatch problem by transparently mapping between table structures in a database and business objects in an application. The more prominent ORMs in the PHP world are (in alphabetical order):

Popular questions and answers

Quality Assurance Tools

Over the last years, there has been a steady increase of quality assurance tools in the PHP world. As PHP moved into the professional mainstream, tools to assert certain quality features and metrics were needed and provided by the PHP community. These tools include frameworks for debugging, unit-testing, code analysis and coverage, continuous integration and other aspects of professional development, some of which are listed below:

Popular questions and answers

IDEs

An Integrated Development Environment (IDE) is software that provides most of the tools needed to produce other software in a convenient package. Standard features of IDEs are usually source code editors with syntax highlighting, code completion as well as debugging functionality, build assistance, version control system integration, etc. Some of the major known PHP IDEs are (in alphabetical order):

Popular questions and answers


Frequently Asked Questions

Find some answers to some of the more frequently asked questions about PHP below.

I have a question about PHP 6

Note that all development on the PHP 6 branch has been canceled. While there is a more or less historical Wiki with a tentative roadmap and feature list for PHP 6, the existing branch in the source code repository has been deleted. There is currently no definite information about PHP 6 so no one will be able to give you factual information. This means all your questions about PHP 6 are not a good fit for Stack Overflow because we want questions to be answerable. Please refrain from asking questions about PHP 6 (yet).

I have a typical “does not work” problem. What should I do before asking a question?

The causes of a typical “does not work” or “works on localhost but does not work on production server” problem can easily be diagnosed by setting the display_errors value to On or 1.

An incorrectly configured development server and a typical production server has this setting turned off. This suppresses all error messages – something you should be looking for when trying to diagnose the problem.

Before you post your question, find all error messages reported by PHP and see if you can fix them yourself. Errors such as “PHP Warning: …” and “You have an error in your SQL syntax; check the manual …” might be fairly simple to fix. Google the error message and search for it on Stack Overflow. Most error messages have well known solutions.

display_errors can be set to On via multiple ways. On your development machine you should set the value by editing php.ini file. On a production server, if it is not possible (or desirable) to edit this file, add these line at the beginning of the script:

error_reporting(-1); // to enable all errors
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);

Make sure to list any errors you cannot fix on your own in your question.

Make sure you are not suppressing errors by using the @ syntax. This is not good practice, particularly during development when you want to be advised of errors.

From the manual:

Warning
Currently the “@” error-control operator prefix will even disable error reporting for critical errors that will terminate script execution. Among other things, this means that if you use “@” to suppress errors from a certain function and either it isn’t available or has been mistyped, the script will die right there with no indication as to why.

How do I make my database queries secure from SQL injection?

In a nutshell, use proper escaping techniques using prepared statements and placeholders. Each database interface follows the same general pattern:

  • Prepare a SQL statement containing placeholders
  • Bind PHP variables to those placeholders
  • Execute the prepared statement

Some interfaces allow you to skip the bind step by providing the list of replacements for the placeholders during execute. For your reference:

Note that the old ext/mysql extension does not support prepared statements and is generally discouraged to use nowadays. Use PDO or MySqli instead.

See Also

My special characters come out all screwed up. Why?

Welcome to charset hell. This PHP charset/encoding FAQ may be some help.

“Headers have already been sent…”

You’re outputting content and triggering PHP’s default content-type:text/html header before making your own call to header(). There are a few ways this can happen, check for a stray echo or print, whitespace before and after the <?php and ?> tags or maybe a Unicode BOM. Consider using output buffering. With many scripts, there is no need to include the ending ?> and the problem is easily fixed by removing the ending ?> tag from your files. See "Warning: Headers already sent" in PHP.

How do I make my E-Mails secure from E-Mail injection?

Validate your input! In recent versions of PHP, mail() is no longer vulnerable to e-mail header injection through the subject line or receiver, as it removes all the control characters, but you may want to make sure the receivers’ list doesn’t include multiple addresses if that’s not what you desire.
If you allow the user to specify part of the body of the message, you must also validate or sanitize it so that he’s unable to, e.g. add new MIME parts or end any prematurely. Therefore, for building MIME messages, you’re strongly encouraged to use a library. See, for instance, PEAR Mail_Mime.

Can I protect my PHP code from theft? If so, how?

There is no effective technical solution to protect, encode or encrypt PHP source code. There are many products that offer some levels of protection, like IonCube (commercial) and Zend Guard (commercial), but all can be broken with time and effort. Your best option is not a technical solution, but a legal solution in the form of a license agreement.

How can strings be written in PHP?

There are four ways to write strings literals in PHP. Each method is slightly different in terms of escape sequences and string interpolation. For instance, '\n' is a literal two-character string with characters \ and n, while "\n" is a one-character string with a LF character. All of them produce values of type string (which is actually a byte array, as it completely encoding unaware).

What does a specific Operator mean in PHP?

See this Community Wiki for a helpful list.

How do I parse HTML/XML with PHP?

See How to parse and process HTML with PHP? and Best XML Parser for PHP.

How do I turn on error reporting to find the source of problems?

See PHP production server – turn on error messages. You typically need just error_reporting(E_ALL); at the top of your script, unless it’s a parsing error there. As very crude method set_error_handler("var_dump"); overrides all uncommon disable options. And in case of a HTTP 500 internal server error, or a completely blank page, you often want to look into the web servers error.log first.

How do I fix “eregi is deprecated” messages and switch to preg_match()?

See How can I convert ereg expressions to preg in PHP?.

Why does mysql_fetch_array() or mysql_fetch_assoc() return only one row?

Many RDBMS fetching functions must be called in a loop until the query result resource returns FALSE.

// A common looping pattern, appending result rows onto the array $rowset
$result = mysql_query("SELECT column1, column2 FROM table");
if ($result) {
  $rowset = array();
  while ($row = mysql_fetch_array($result)) {
    // Append the current row onto $rowset
    $rowset[] = $row;
  }
}
else {
  echo mysql_error();
}

Can I fill class properties with new object() calls or function calls?

No. See Instance as a static class property; see Why don't PHP attributes allow functions? for an attempt at an explanation.

How do I fix the error mysql_fetch_array() or mysql_num_results() or mysql_fetch_assoc() expects parameter 1 to be resource, boolean given?

This is caused by a failed query, which is typically indicative of a syntax error in the SQL statement. Another common cause is using a MySQL reserved keyword as a table or column name without surrounding it with backticks. For example:

$query = 'SELECT order FROM my_table'; // This will fail
$query = 'SELECT `order` FROM my_table'; //This will work

Use echo mysql_error() to view the error message that was generated by MySQL.

How do I validate an email address?

See How to validate an email address in PHP. As of PHP 5.2 you can simply use the filter_var() function with the FILTER_VALIDATE_EMAIL filter.

Why does my assigned session-variable not appear in the next script?

Session-variable require a session to be started. Please review the manual-page of session_start().

Additionally, cookies need to be enabled, as explained on this Google page.

NOTE: The content of this tag was originally posted at StackOverflow.com

1 vote
45k views
What is this? This is a collection of questions that come up every now and then about syntax in P...
  • Sherry asked 14 years ago
  • last active 2 years ago
1 vote
28k views
As I continue to build more and more websites and web applications I am often asked to store user...
  • Elizabeth asked 14 years ago
  • last active 13 years ago
0 votes
116k views
Is there a good object-relational-mapping library for PHP? I know of PDO/ADO, but they seem to o...
  • Wayne asked 16 years ago
  • last active 12 years ago
0 votes
71k views
Every now and then I hear the advice “Use bcrypt for storing passwords in PHP, bcrypt rules...
  • Laurie asked 13 years ago
  • last active 11 years ago
1 vote
144k views
If user input have inserted into an SQL query directly, the application becomes vulnerable to SQL...
  • Tom asked 16 years ago
  • last active 7 months ago
1 vote
94k views
What would you recommend using between a datetime and a timestamp field, and why? (using mysql). ...
  • Maria asked 15 years ago
  • last active 7 years ago
1 vote
68k views
How can one parse HTML and extract information from it? What libraries exist for that purpose? Wh...
  • Rhonda asked 14 years ago
  • last active 2 years ago
1 vote
184k views
In PHP 5, what is the difference between using self and $this? When is each appropriate? NOTE: Th...
  • Vicki asked 16 years ago
  • last active 8 years ago
1 vote
74k views
It is currently said that MD5 is partially unsafe. Taking this into consideration, I’d like...
  • Tina asked 15 years ago
  • last active 9 years ago
1 vote
31k views
<?php for ($i = 'a'; $i <= 'z'; $i++) echo "$i\n"; This snippet gives the following ou...
  • Arthur asked 13 years ago
  • last active 5 years ago
1 vote
12k views
I’m not a fan of PHP or spaghetti code, or anything like that, but in my experience WordPre...
  • Michele asked 15 years ago
  • last active 2 weeks ago
2 votes
15k views
I would like to know if anyone knows of an online service where we paste the code and it generate...
  • Betty asked 14 years ago
  • last active 14 years ago
1 vote
40k views
In order to gain more experience in Wordpress I delved into its code base to study its inner work...
  • Wayne asked 12 years ago
  • last active 9 years ago
1 vote
13k views
[ThemesPlugins.com][1] is testing this plugin. is the below code ok? (it’s just a php code ...
  • demo asked 11 years ago
  • last active 11 years ago
0 votes
11k views
Does it support codes?
  • demo asked 10 years ago
  • last active 8 years ago
0 votes
0 answers
5k views
enter image description here dsfsdfsdfs fs sfs
  • demo asked 10 years ago
0 votes
0 answers
3k views
Это проверочный вопрос
  • demo asked 5 years ago
Showing 17 results