-----------------------------------------------------------------
This is the FAQ thread where the FAQ compilation project goes.
* If you wish to improve the contents, please copy the whole content,
fix it and then post it. When posting, please change the revision
number (increase by 1) in the subject line.
* If you want to comment, do it without changing the subject line.
* Do NOT add new question and answers here. Add here only after
posting it to the separate thread; subject line should begin with
"[FAQ]" tag, for example: [FAQ] What is foo?
* Always use www.example.com for example URLs.
-----------------------------------------------------------------
URL grabbing:
============
Q: How do I retrieve a page from a web site?
A: Pass a URL to file() or file_get_conten ts(). The former returns the
contents as an array of lines. The latter returns the same as string.
Example:
$html = file_get_conten ts('http://www.example.com ');
Q: How do I retrieve a page from a web site that does browser
detection?
A: Use ini_set() to change the configuration option "user_agent ." This
sets
the User-Agent header sent by PHP.
Example:
ini_set('user_a gent', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1)');
$html = file_get_conten ts('http://www.example.com ');
Q: How do I retrieve a page from a web site that requires a cookie?
A: Use stream_context_ create() to create a HTTP context with Cookie as
one of the headers. Then, if you are coding in PHP 5, pass the context to
file() or file_get_conten ts() as the third parameter. In PHP 4 either
function
accepts a context, so you need to open the URL with fopen() and
retrieve the data a chunk at a time with fread().
Example:
$opts = array(
'http'=>array(
'method'=>"GET" ,
'header'=>
"Accept-language: en\r\n" .
"Cookie: foo=bar\r\n"
)
);
$context = stream_context_ create($opts);
$f = fopen($url, "rb", false, $context);
while($data = fread($f, 1024)) {
echo $data;
}
stream_context_ create() is available in PHP 4.3.0 and above. If you are
using an older version, you would need the cURL functions or use fsockopen()
to open the connection and send the cookie header with fputs().
Example 1:
[cURL example here]
Example 2:
$fp = fsockopen($host , $port);
fputs($fp, "GET / HTTP/1.0\r\n");
fputs($fp, "Host: $host\r\n");
fputs($fp, "Cookie: foo=bar\r\n\r\n ");
while ($data = fgets($fp, 1024)) {
echo $data;
}
-----------------------------------------------------------------
Q: How do I get the address of the referrer?
A: With the variable $_SERVER['HTTP_REFERER']. However, two
caveats:
1. A request might not have a Referer header, in which case
the variable would not be set. Some browsers do not send
Referer headers, for example, while others can be configured
not to.
'The Refer field MUST NOT be sent if the Request-URI was
obtained from a source that does not have its own URI, such
as input from the user keyboard.' [HTTP/1.1]
2. A Referer header can be faked. The information might not
be genuine.
Warning: As with all input, you should be cautious over the
value of $_SERVER['HTTP_REFERER'].
Note: The Referer header is misspelt; the word in English
is 'referrer', with four r's. As the misspelling has made
it into the HTTP specification, it is too late to correct
it.
-----------------------------------------------------------------
Register Globals:
=============== =
Q: Why PHP not parsing forms?
Q: Why form variables not getting posted?
Q: Why form variables are always empty?
[color=blue]
> <form method="post" action="form.ph p">
> Enter Your Name
> <input type="text" name="UserName" ></input><br>
> <input type="submit" name="submit" value="click"></input>
> </form>
>
> <?php
> if ($submit == "click"){
> echo "Hello, $UserName";
> }[color=green]
>>[/color]
> </body></html>[/color]
Since 4.2.0 register_global s [1] is off by default due to security
reasons [2]. One should use super globals (introduced in 4.1.0) instead
to get to user supplied data [3]. So either fix:
-fix your code [4]:
if(isset($_POST['submit']) && $_POST['submit']=="click")
{
echo 'Hello, '.$_POST['UserName'];
}
-quick&dirty hack:
extract($_REQUE ST);
in the global scope.
-enable register_global s
1: http://www.php.net/manual/en/ini.cor...gister-globals
2: http://www.php.net/manual/en/security.globals.php
3:
4: $_POST['UserName'] should offcourse be escaped properly (with
htmlspecialchar s in this particular case).
-----------------------------------------------------------------
Q: Why HTML is trunctating PHP text? As in
[color=blue]
> $test = "Mary had a little lamb"; ...
> <input type="text" name="T1" value=<?php echo $test;?>>[/color]
Take a look at the source (the first place you should look to see what
PHP is actually doing) and you will see it's all there as:
<input type="text" name="T1" value=Mary had a little lamb>
See the html specs on attributes (that is what value is):
To make a long boring spec short:
The value should be surrounded by quotes if it contains whitespaces,
the quotes used to delimit should be escaped within the value.
eg:
<input type="text" name="T1" value="<?php echo $test;?>">
or
<input type="text" name="T1" value='<?php echo $test;?>'>
would be fine in this case, but will fail if there are quotes in $test:
$test = "The lamb will soon be Mary's little \"ham\"";
will break either quoting style unless escaped with:
<input type="text" name="T1" value='<?php echo
htmlspecialchar s($test,ENT_QUO TES);?>'>
-----------------------------------------------------------------
Q: What does @ (at-sign) do?
A: @ is an operator, which, when prepended to an expression,
suppresses error messages. However the usage is discouraged.
Refer:
Example:
$x = 'a';
extract($x);
@extract($x);
-----------------------------------------------------------------
Q. How do I differentiate an empty string or numeric zero from false?
A. Use the === operator.
Refer:
-----------------------------------------------------------------
Q. I'm using the GD functions to create thumbnail images. Why am I
getting
such crummy results?
A. imagecopyresize d() does not do a very good job scaling down images.
Use
imagecopyresamp led() instead. If you are already using
imagecopyresamp led(),
the problem might be that the destination image has limited color
range.
Create it with imagecreatetrue color() instead of imagecreate().
-----------------------------------------------------------------
Q. Where can I find PHP programming jobs?
A. Like Bigfoot, the Loch Ness Monster, and alien abductions, PHP jobs
are a
myth. The truth is, no one will pay you to program in PHP. If someone
tells
you he works as a PHP programmer, he is probably a spy.
A: --todo-- The above answer remains for historical reasons;-)
-----------------------------------------------------------------
Q: Why am I getting the error message 'Headers already sent'?
If you get this error your script flow is broken (in most cases). Using
OB is nothing more than hiding the symptoms of the error.
The error tells you where the real problem lies:
1:<?php
2:error_reporti ng(E_ALL);
3://do stuff
4:echo "redirectin g";
5:
6://do more stuff
7:
8:header("Locat ion: http://localhost/");
9:?>
will produce the error:
Warning: Cannot modify header information - headers already sent by
(output started at /path/to/script.php:4) in /path/to/script.php on
line 8
What is really is trying to say:
Error: line 8 at /path/to/script.php can't send headers. The problem is
at line 4 in /path/to/script.php, it produced some output to the client
so I already had sent all headers before getting to line 8.
But since you already have all required userinput you should find out
wheter you need to sent additional headers (like a redirect) before
outputting anything to the client. So the equivalent script with
correct
top down flow would be:
1:<?php
2:error_reporti ng(E_ALL);
3:if($condition ){
4:header("Locat ion: http://localhost/");
5:die("redirect ing");
6:}
7:
8:echo "condition was false";
9:?>
The following script:
1:<?php
2://do stuff
3:?>
4:<html><body>
---------------------
A: PHP produces this error message when you try to set a header for a
web
page after you have already started sending out the content of the
page.
Web content is always delivered with a few headers at the top, ending
with a
blank line. For example, a web page might start like this:
[color=blue]
> HTTP/1.1 200 OK
> Date: Tue, 01 Mar 2005 12:00:00 GMT
> Content-Type: text/html
>
> <html>
> <body> ... etc...[/color]
Once you have started sending the content of a document, you can't add
any
more headers because they won't appear at the top.
To get round this problem, use PHP's output control functions to buffer
the
output before it is sent. For example, you can generate a
"Content-Length"
header as follows:
[color=blue]
> <?php
>
> ob_start(); // Turn on output buffering
>
> // Create your web page/jpeg file/whatever here
> echo "<html><bod y> ... ";
>
> // Generate a "Content-Length" header
> $clen = ob_get_length() ;
> header("Content-Length: $clen");
>
> // Now send the buffered content
> ob_flush();
>[color=green]
>>[/color][/color]
Q. After turning on output buffering I am still getting 'Headers
already
sent.' What the?
A. Something, somewhere is sent to the browser prior to the call to
ob_start().
One possible culprit is white-spaces contained in an included file. To
fix
this, move the call to ob_start() ahead of any include/require
statements.
Another possible culprit is UTF-8 encoding. Unicode-capable editor
often
place an invisible character at the beginning of a UTF-8 text file to
mark
it as UTF-8. This character will be output before any PHP statements
are
executed. To fix this, resave the file as ASCII.
The character in question is the zero-width non-breaking space
(U+FFEF). In
UTF-16 text it's used as a byte order indicator. In UTF-8 it's just a
signature. If you leave it out then an editor might not be able to
correctly
sniff out the encoding, leaving to other problems.
-----------------------------------------------------------------
Error reporting:
===============
Q: Why I don't get any errors?
A: You might have turned the "display errors" off. Turn it on:
1. By changing 'display_errors ' to true in php.ini (May require
Apache restart if it is mod_php)
2. Or with the ini_set('displa y_errors', 1) via script
Refer:
Q: Why certain errors are not displayed?
A: The error reporting level might be low. Set it to higher value; via
script error_reporting (E_ALL|E_STRICT )
Refer:
-----------------------------------------------------------------
Login/Authentication:
=============== =====
Q: How to implement a login system?
A: Use sessions. When the user logins, store the session id in the
database and then compare the current session id with the one stored in
the database on every page. May also check IP; but it may break if the
user is behind proxy.
Refer:
@todo Info about other authentications , better link to the login
implementation (above links use obsolete style)
-------------
Q: How to find the logged in users?
Q: How to find the number of logged in users?
A: If you use session based authentication/login mechanism, it is quite
easy when you use custom-DB-based session--so that the session
variables will be stored in database instead of default files. As the
session will be available in the database table, it is easy to query
it/count the number of sessions or records.
Refer:
-----------------------------------------------------------------
-----------------------------------------------------------------
Contributors:
============
Chung Leong
John Dunlop
Daniel Tryba
Alan Little
Nospam
Philip Ronan
Jan Pieter Kunst
+++
@revision Combined texts. Changed the example URL to www.example.com
@todo Cleanup. Grammar fix. Find proper heading.
This is the FAQ thread where the FAQ compilation project goes.
* If you wish to improve the contents, please copy the whole content,
fix it and then post it. When posting, please change the revision
number (increase by 1) in the subject line.
* If you want to comment, do it without changing the subject line.
* Do NOT add new question and answers here. Add here only after
posting it to the separate thread; subject line should begin with
"[FAQ]" tag, for example: [FAQ] What is foo?
* Always use www.example.com for example URLs.
-----------------------------------------------------------------
URL grabbing:
============
Q: How do I retrieve a page from a web site?
A: Pass a URL to file() or file_get_conten ts(). The former returns the
contents as an array of lines. The latter returns the same as string.
Example:
$html = file_get_conten ts('http://www.example.com ');
Q: How do I retrieve a page from a web site that does browser
detection?
A: Use ini_set() to change the configuration option "user_agent ." This
sets
the User-Agent header sent by PHP.
Example:
ini_set('user_a gent', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1)');
$html = file_get_conten ts('http://www.example.com ');
Q: How do I retrieve a page from a web site that requires a cookie?
A: Use stream_context_ create() to create a HTTP context with Cookie as
one of the headers. Then, if you are coding in PHP 5, pass the context to
file() or file_get_conten ts() as the third parameter. In PHP 4 either
function
accepts a context, so you need to open the URL with fopen() and
retrieve the data a chunk at a time with fread().
Example:
$opts = array(
'http'=>array(
'method'=>"GET" ,
'header'=>
"Accept-language: en\r\n" .
"Cookie: foo=bar\r\n"
)
);
$context = stream_context_ create($opts);
$f = fopen($url, "rb", false, $context);
while($data = fread($f, 1024)) {
echo $data;
}
stream_context_ create() is available in PHP 4.3.0 and above. If you are
using an older version, you would need the cURL functions or use fsockopen()
to open the connection and send the cookie header with fputs().
Example 1:
[cURL example here]
Example 2:
$fp = fsockopen($host , $port);
fputs($fp, "GET / HTTP/1.0\r\n");
fputs($fp, "Host: $host\r\n");
fputs($fp, "Cookie: foo=bar\r\n\r\n ");
while ($data = fgets($fp, 1024)) {
echo $data;
}
-----------------------------------------------------------------
Q: How do I get the address of the referrer?
A: With the variable $_SERVER['HTTP_REFERER']. However, two
caveats:
1. A request might not have a Referer header, in which case
the variable would not be set. Some browsers do not send
Referer headers, for example, while others can be configured
not to.
'The Refer field MUST NOT be sent if the Request-URI was
obtained from a source that does not have its own URI, such
as input from the user keyboard.' [HTTP/1.1]
2. A Referer header can be faked. The information might not
be genuine.
Warning: As with all input, you should be cautious over the
value of $_SERVER['HTTP_REFERER'].
Note: The Referer header is misspelt; the word in English
is 'referrer', with four r's. As the misspelling has made
it into the HTTP specification, it is too late to correct
it.
-----------------------------------------------------------------
Register Globals:
=============== =
Q: Why PHP not parsing forms?
Q: Why form variables not getting posted?
Q: Why form variables are always empty?
[color=blue]
> <form method="post" action="form.ph p">
> Enter Your Name
> <input type="text" name="UserName" ></input><br>
> <input type="submit" name="submit" value="click"></input>
> </form>
>
> <?php
> if ($submit == "click"){
> echo "Hello, $UserName";
> }[color=green]
>>[/color]
> </body></html>[/color]
Since 4.2.0 register_global s [1] is off by default due to security
reasons [2]. One should use super globals (introduced in 4.1.0) instead
to get to user supplied data [3]. So either fix:
-fix your code [4]:
if(isset($_POST['submit']) && $_POST['submit']=="click")
{
echo 'Hello, '.$_POST['UserName'];
}
-quick&dirty hack:
extract($_REQUE ST);
in the global scope.
-enable register_global s
1: http://www.php.net/manual/en/ini.cor...gister-globals
2: http://www.php.net/manual/en/security.globals.php
3:
4: $_POST['UserName'] should offcourse be escaped properly (with
htmlspecialchar s in this particular case).
-----------------------------------------------------------------
Q: Why HTML is trunctating PHP text? As in
[color=blue]
> $test = "Mary had a little lamb"; ...
> <input type="text" name="T1" value=<?php echo $test;?>>[/color]
Take a look at the source (the first place you should look to see what
PHP is actually doing) and you will see it's all there as:
<input type="text" name="T1" value=Mary had a little lamb>
See the html specs on attributes (that is what value is):
To make a long boring spec short:
The value should be surrounded by quotes if it contains whitespaces,
the quotes used to delimit should be escaped within the value.
eg:
<input type="text" name="T1" value="<?php echo $test;?>">
or
<input type="text" name="T1" value='<?php echo $test;?>'>
would be fine in this case, but will fail if there are quotes in $test:
$test = "The lamb will soon be Mary's little \"ham\"";
will break either quoting style unless escaped with:
<input type="text" name="T1" value='<?php echo
htmlspecialchar s($test,ENT_QUO TES);?>'>
-----------------------------------------------------------------
Q: What does @ (at-sign) do?
A: @ is an operator, which, when prepended to an expression,
suppresses error messages. However the usage is discouraged.
Refer:
Example:
$x = 'a';
extract($x);
@extract($x);
-----------------------------------------------------------------
Q. How do I differentiate an empty string or numeric zero from false?
A. Use the === operator.
Refer:
-----------------------------------------------------------------
Q. I'm using the GD functions to create thumbnail images. Why am I
getting
such crummy results?
A. imagecopyresize d() does not do a very good job scaling down images.
Use
imagecopyresamp led() instead. If you are already using
imagecopyresamp led(),
the problem might be that the destination image has limited color
range.
Create it with imagecreatetrue color() instead of imagecreate().
-----------------------------------------------------------------
Q. Where can I find PHP programming jobs?
A. Like Bigfoot, the Loch Ness Monster, and alien abductions, PHP jobs
are a
myth. The truth is, no one will pay you to program in PHP. If someone
tells
you he works as a PHP programmer, he is probably a spy.
A: --todo-- The above answer remains for historical reasons;-)
-----------------------------------------------------------------
Q: Why am I getting the error message 'Headers already sent'?
If you get this error your script flow is broken (in most cases). Using
OB is nothing more than hiding the symptoms of the error.
The error tells you where the real problem lies:
1:<?php
2:error_reporti ng(E_ALL);
3://do stuff
4:echo "redirectin g";
5:
6://do more stuff
7:
8:header("Locat ion: http://localhost/");
9:?>
will produce the error:
Warning: Cannot modify header information - headers already sent by
(output started at /path/to/script.php:4) in /path/to/script.php on
line 8
What is really is trying to say:
Error: line 8 at /path/to/script.php can't send headers. The problem is
at line 4 in /path/to/script.php, it produced some output to the client
so I already had sent all headers before getting to line 8.
But since you already have all required userinput you should find out
wheter you need to sent additional headers (like a redirect) before
outputting anything to the client. So the equivalent script with
correct
top down flow would be:
1:<?php
2:error_reporti ng(E_ALL);
3:if($condition ){
4:header("Locat ion: http://localhost/");
5:die("redirect ing");
6:}
7:
8:echo "condition was false";
9:?>
The following script:
1:<?php
2://do stuff
3:?>
4:<html><body>
---------------------
A: PHP produces this error message when you try to set a header for a
web
page after you have already started sending out the content of the
page.
Web content is always delivered with a few headers at the top, ending
with a
blank line. For example, a web page might start like this:
[color=blue]
> HTTP/1.1 200 OK
> Date: Tue, 01 Mar 2005 12:00:00 GMT
> Content-Type: text/html
>
> <html>
> <body> ... etc...[/color]
Once you have started sending the content of a document, you can't add
any
more headers because they won't appear at the top.
To get round this problem, use PHP's output control functions to buffer
the
output before it is sent. For example, you can generate a
"Content-Length"
header as follows:
[color=blue]
> <?php
>
> ob_start(); // Turn on output buffering
>
> // Create your web page/jpeg file/whatever here
> echo "<html><bod y> ... ";
>
> // Generate a "Content-Length" header
> $clen = ob_get_length() ;
> header("Content-Length: $clen");
>
> // Now send the buffered content
> ob_flush();
>[color=green]
>>[/color][/color]
Q. After turning on output buffering I am still getting 'Headers
already
sent.' What the?
A. Something, somewhere is sent to the browser prior to the call to
ob_start().
One possible culprit is white-spaces contained in an included file. To
fix
this, move the call to ob_start() ahead of any include/require
statements.
Another possible culprit is UTF-8 encoding. Unicode-capable editor
often
place an invisible character at the beginning of a UTF-8 text file to
mark
it as UTF-8. This character will be output before any PHP statements
are
executed. To fix this, resave the file as ASCII.
The character in question is the zero-width non-breaking space
(U+FFEF). In
UTF-16 text it's used as a byte order indicator. In UTF-8 it's just a
signature. If you leave it out then an editor might not be able to
correctly
sniff out the encoding, leaving to other problems.
-----------------------------------------------------------------
Error reporting:
===============
Q: Why I don't get any errors?
A: You might have turned the "display errors" off. Turn it on:
1. By changing 'display_errors ' to true in php.ini (May require
Apache restart if it is mod_php)
2. Or with the ini_set('displa y_errors', 1) via script
Refer:
Q: Why certain errors are not displayed?
A: The error reporting level might be low. Set it to higher value; via
script error_reporting (E_ALL|E_STRICT )
Refer:
-----------------------------------------------------------------
Login/Authentication:
=============== =====
Q: How to implement a login system?
A: Use sessions. When the user logins, store the session id in the
database and then compare the current session id with the one stored in
the database on every page. May also check IP; but it may break if the
user is behind proxy.
Refer:
@todo Info about other authentications , better link to the login
implementation (above links use obsolete style)
-------------
Q: How to find the logged in users?
Q: How to find the number of logged in users?
A: If you use session based authentication/login mechanism, it is quite
easy when you use custom-DB-based session--so that the session
variables will be stored in database instead of default files. As the
session will be available in the database table, it is easy to query
it/count the number of sessions or records.
Refer:
-----------------------------------------------------------------
-----------------------------------------------------------------
Contributors:
============
Chung Leong
John Dunlop
Daniel Tryba
Alan Little
Nospam
Philip Ronan
Jan Pieter Kunst
+++
@revision Combined texts. Changed the example URL to www.example.com
@todo Cleanup. Grammar fix. Find proper heading.