Additional PHP

1
Additional PHP

• Working with server side files
• And String Processing

2
File Processing

• The normal technique for storing permanent
  information on the server side is using a
  database
• Sometimes storage in flat files is useful
• When database storage is overkill
• During development and testing of code
• Rapid prototyping

3
Basic File Processing

• Open a file for writing
• Write to the file
• Close the file
• Open a file for reading
• Read from the file
• Close the file

4
Opening Files

• fp fopen("file.txt", "r")
• Open a file for reading
• fp fopen("file.txt", "w")
• Open a file for writing
• Note depending on operating system file paths
  might need to be escaped
• "\\pathtofile\\filename.txt"

5
Reading a File

• contents fread(fp, filesize(filename))
• Reads whole of file into one string
• Poor performance for large files
• contents fgets(fp, 4096)
• Reads one line or the number of bytes specfied
• Whichever is less
• contents file_get_contents(filename)
• Efficient way to read whole file into string

6
Writing to a File

• fwrite(fp, outputstring)
• Write string out to given file pointer
• fwrite(fp, outputstring, 80)
• Write first 80 characters to output string

7
Closing Files

• fclose(fp)
• Close given file pointer
• Normally wont be an error.

8
String Processing

• Strings specified using single or double quotes
• strhello
• strhello
• Single quotes are literal
• myStrstr one
• Double quotes substitute variables
• myStrstr world
• Use curly braces if variable name is joined to
  more text
• myStrstrworld

9
Substrings

• subStrsubstr(str, 10 , 20)
• Extracts substring
• countsubstr_count(str, text)
• Counts the number of accurances of text in the
  string
• restStrstrstr(str, text)
• Extract substring of str from first occurance of
  text
• strlen(str)
• Length of a string
• str0
• Access individual characters in a string
• newStrStr.more text
• Concatenate strings using the dot . operator

10
Passwords

• Passwords should be uploaded using a secure
  connection
• Use https protocol rather than http protocol
• The webserver must have https enabled
• Not available in free version of Xitami
• Available in Apache web server
• Once passwords uploaded
• php server should store in encrypted form
• encrypted_pswrd md5(password)
• One way hash
• Need to hash submitted password to check if
  correct

11
Uploading Files

• Submitting Files
• ltform enctype"multipart/form-data"
  action"upload.php" method"post"gtltinput
  type"hidden" name"MAX_FILE_SIZE"
  value"1000000"gt File ltinput name"userfile"
  type"file"gt ltbrgt ltinput type"submit"
  value"Upload"gtlt/formgt
• Use mulitpart/form-data encoding
• A buggy browser can ignore the MAX_FILE_SIZE
  variable
• Worth checking file size so that files that are
  too large are not uploaded

12
Receiving Files

• _FILES'userfile''tmp_name'
• where the file is temporarily stored on the
  server.
• _FILES'userfile''name'
• file's name on the system the file was uploaded
  from.
• _FILES'userfile''size'
• size of the uploaded file (in bytes).
• _FILES'userfile''type'
• MIME type of the file such as image/gif.
• _FILES'userfile''error'
• error that have been generated as a result of the
  upload.

13
Moving uploaded file to webserver directory

• upfile _SERVER'DOCUMENT_ROOT' .'/uploads/'.
  _FILES'userfile''name'
• Specify directory and filename where the file
  will be copied
• Better not to make this a directory that can be
  served by the webserver
• // is_uploaded_file and move_uploaded_fileif
  (is_uploaded_file(_FILES'userfile''tmp_name')
  )if (!move_uploaded_file(_FILES'userfile''t
  mp_name', upfile))echo 'Problem Could not
  move file to destination directory'exit
  else echo 'Problem Possible file upload
  attack. Filename '.userfile_nameexitecho
  'File uploaded successfullyltbr /gtltbr /gt'

14
Summary
Main points to remember PHP File
processing String Processing Uploading Files