The protocol used to run web pages is the HTTP protocol. This is a stateless protocol. That is, the web server does not track the behavior of individual users. Each ask for comes to the web server are treated as sole. Hence it is not possible to decide which user made a request at what time. To overcome this “stateless” nature of the web server, we use sessions and cookies to uphold the state of the site.
Sessions
Sessions are used to path the activities of a particular user. If a user visits our site, then the server generates an only one of its kind id known as session id. Using this number we can also recreate the before created session environment. Using session variables we can store either textual or numeric in sequence and these information can be easily accessed from side to side the super global array $_SESSION. Some of the common php session handling functions is listed below.
session_start()
This function is used to start a session in php. If we use cookies to store session data, then we must call the session_start() function before any output is produce. In such cases the session_start() function must be the first line in our script. This line must be there for all pages in which we use $_SESSION variables to re make the preceding session surroundings
<? Php
//Used to start the session
session_start();
//registering a session variable
$_SESSION ['state'] =”Delhi”;
?>
Save this page as first.php and create one more page named second.php and save the following data
<? Php
//Used to restart the session
session_start();
// now we using the session stored in the previous page
echo “You are from “.$_SESSION['state'];
?>
session_destroy()
This function is used to destroy the current session. This function is mainly seen in logout module of a project. Before using the session_destroy() function we must use session_start() to recreate the environment.
<?php
//Used to restart the session
session_start();
//destroy the session
session_destroy();
//testing the session
echo “You are from “.$_SESSION['state'];
?>
Cookies
Cookies are used as an alternate of session. In cookies the information about the client state is kept at a file inside the client system. Cookies can be read only by the site which creates them. Maximum size of a cookie is limited to 4-6KB. If the user turn off cookie support in their browser, then the cookie does not saved. So using cookies for important user tracking is risky.
setcookie()
The setcookie() function is used for saving the cookies in client system. The first parameter of this function indicates the Name of the cookie and second parameter indicates the Value stored in the cookie. The date and time at which the cookie expired is set in Expires limit. Path specifies the index on the domain from which cookie data can be accessed>Domain specifies the domain for the cookie. The secure attributes is a Boolean flag indication that the cookie should be transmitted over a secure link https
<? Php
// set a cookie named user with value Mike and expires after 1 day
$flag = setcookie(’users’,'Mike’,time()+(3600 * 24),’/');
# time() will returns the current unix time stamp
if($flag)
echo “Cookie is created”;
else
echo “Cookie is not created”;
?>
Accessing value from a cookie
To access the value from a cookie we use the super global variable $_COOKIE.
<?php
if(isset($_COOKIE['users']))
echo “Cookie value is “.$_COOKIE['users'];
?>
setrawcookie()
This function is also used for creating a cookie. This method is similar to set cookie method except that the values saved in the cookie is not url encoded automatically when sending to the browser
Deleting a cookie
For deleting a cookie we used the same function setcookie() with same name. But the expires parameter should be something from the past.
<?php
// now the cookie is deleted…Note the expire field
setcookie(’user’,'Mike’,time()-(3600 * 24),’/');
?>
This PHP filters is used to validate and filter data coming from insecure sources, like user input.
Installation
The filter functions are part of the PHP core. There is no installation needed to use these functions.
PHP Filter Functions
PHP: indicates the earliest version of PHP that supports the function.
| Function | Description | PHP version |
|---|---|---|
| filter_has_var() | Checks if a variable of a specified input type exist | 5 |
| filter_id() | Returns the ID number of a specified filter | 5 |
| filter_input() | Get input from outside the script and filter it | 5 |
| filter_input_array() | Get multiple inputs from outside the script and filters them |
5 |
| filter_list() | Returns an array of all supported filters | 5 |
| filter_var_array() | Get multiple variables and filter them | 5 |
| filter_var() | Get a variable and filter it | 5 |
PHP Filters
| ID Name | Description |
|---|---|
| FILTER_CALLBACK | Call a user-defined function to filter data |
| FILTER_SANITIZE_STRING | Strip tags, optionally strip or encode special characters |
| FILTER_SANITIZE_STRIPPED | Alias of “string” filter |
| FILTER_SANITIZE_ENCODED | URL-encode string, optionally strip or encode special characters |
| FILTER_SANITIZE_SPECIAL_CHARS | HTML-escape ‘”<>& and characters with ASCII value less than 32 |
| FILTER_SANITIZE_EMAIL | Remove all characters, except letters, digits and !#$%&’*+-/=?^_`{|}~@.[] |
| FILTER_SANITIZE_URL | Remove all characters, except letters, digits and $-_.+!*’(),{}|\\^~[]`<>#%”;/?:@&= |
| FILTER_SANITIZE_NUMBER_INT | Remove all characters, except digits and +- |
| FILTER_SANITIZE_NUMBER_FLOAT | Remove all characters, except digits, +- and optionally .,eE |
| FILTER_SANITIZE_MAGIC_QUOTES | Apply addslashes() |
| FILTER_UNSAFE_RAW | Do nothing, optionally strip or encode special characters |
| FILTER_VALIDATE_INT | Validate value as integer, optionally from the specified range |
| FILTER_VALIDATE_BOOLEAN | Return TRUE for “1″, “true”, “on” and “yes”, FALSE for “0″, “false”, “off”, “no”, and “”, NULL otherwise |
| FILTER_VALIDATE_FLOAT | Validate value as float |
| FILTER_VALIDATE_REGEXP | Validate value against regexp, a Perl-compatible regular expression |
| FILTER_VALIDATE_URL | Validate value as URL, optionally with required components |
| FILTER_VALIDATE_EMAIL | Validate value as e-mail |
| FILTER_VALIDATE_IP | Validate value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges |
The Zip files functions let you to read ZIP files.
Installation
For the Zip file functions to work on your server, these libraries must be installed:
- The ZZIPlib library by
Guido Draheim: Download the ZZIPlib library
- The Zip PELC
extension:Â Download the Zip PELC extension
Installation on Linux Systems
PHP 5+: Zip functions and the Zip
library is not enabled by default and must be downloaded from the links above.
Use the –with-zip=DIR configure option to include Zip support.
Installation on Windows Systems
PHP 5+: Zip functions are not
enabled by default, so the php_zip.dll and the ZZIPlib library must be downloaded from the link above. Php_zip.dll must be enabled inside of php.ini. To enable any PHP extension, the PHP extension_dir setting (in the php.ini file) should be set to the directory where the PHP extensions are located. An example extension_dir value is c:\php\ext.
PHP Zip File Functions
PHP: indicates the earliest version of PHP that supports the function.
| Function | Description | PHPversion |
|---|---|---|
| zip_close() | Closes a ZIP file | 4 |
| zip_entry_close() | Closes an entry in the ZIP file | 4 |
| zip_entry_compressedsize() | Returns the compressed size of an entry in the ZIP file | 4 |
| zip_entry_compressionmethod() | Returns the compression method of an entry in the ZIP file |
4 |
| zip_entry_filesize() | Returns the actual file size of an entry in the ZIP file |
4 |
| zip_entry_name() | Returns the name of an entry in the ZIP file | 4 |
| zip_entry_open() | Opens an entry in the ZIP file for reading | 4 |
| zip_entry_read() | Reads from an open entry in the ZIP file | 4 |
| zip_open() | Opens a ZIP file | 4 |
| zip_read() | Reads the next entry in a ZIP file | 4 |
The HTTP functions let you influence information sent to the browser by the Web server, before any other output has been sent.
Installation
The index functions are part of the PHP core. There is no installation needed to employ these functions.
PHP HTTP Functions
PHP: indicates the earliest version of PHP that ropes the function.
| Function | Description | PHP version |
|---|---|---|
| header() | Sends a raw HTTP header to a client | 3 |
| headers_list() | Returns a list of response headers sent (or ready to send) |
5 |
| headers_sent() | Checks if / where the HTTP headers have been sent | 3 |
| setcookie() | Sends an HTTP cookie to a client | 3 |
| setrawcookie() | Sends an HTTP cookie without URL encoding the cookie value |
5 |
Setting and reading cookies in PHP is a part of–dare we say it?–cake. We don’t want to get into all the misinformation about cookies, but they’re important and useful. Sometimes they’re the right tool for the work.
create and modify a cookie In PHP
To create and modify a cookie, use the PHP function setcookie(). setcookie() takes up to six arguments, depending upon how much control you want over the cookie and who can read its value.
The best way of setting a cookie is like this:
setcookie(’name’, ‘xxx’);
Then, for every further page on your site viewed by this browser (without the user quitting) you’ll have the value of ‘xxx’ stored in the variable $name for easy right to use in PHP. This type of cookie is known as a session cookie, since it lasts for the length of a user’s session.
If you want the cookie to persevere after the person exits his or her browser, you must pass setcookie() through a third parameter, the date you want the cookie to expire. Since PHP’s background springs fully formed from the head of Unix, you correspond to this time as the number of seconds since March 23, 1985. If you’re a Unix programmer, this makes total sense. But, if you’re from a Windows or a Macintosh background, you’re just trembling your head wondering if you’ll ever understand those wacky Unix folk.
PHP has a very nice function, mktime(). You pass mktime() (in this order) the hour, minute, second, month, day, and year that you want to represent, and mktime() returns to you the number of seconds since March 1, 1985. So, if you want to simulate a ZZZ meltdown:
<?php
$ZZZ = mktime(0,0,0,1,1,2000);
setcookie(’name’, ‘xxx’, $ZZZ);
?>
your cookie will end with the millennium.
If you want to update a cookie to store a newer value, you can simply overwrite its value. So, even if you’ve previously sent the cookie above on an earlier page, it’s perfectly legal to go ahead and change your name to “akki.”
<?php
$ZZZ = mktime(0,0,0,1,1,2000);
setcookie(’name’, ‘akki’, $ZZZ);
?>
Note that doing this doesn’t alter the value of the variable $name. It’s set when the page is loaded. If you want to make sure these two are always in sync, you can code like this:
<?php
$name = ‘Akki’;
$ZZZ = mktime(0,0,0,1,1,2000);
setcookie(’name’, $name, $ZZZ);
?>
The next two parameters for setcookie() let you control the path and the domain of who can read your cookie. By default, only pages equivalent to or lower down in the ladder on the same server that sends the cookie can read its value. That’s for security’s sake. However, if you had an account that’s sometimes “www.any.com” but also “other.any.com,” and your account lets you serve pages from ~/myhome, you should modify setcookie() as such:
<?php
setcookie(’name’, ‘akki’, $ZZZ, ‘~/myhome’, ‘.any.com’);
?>
The last parameter to setcookie(), which we’ve never used, teach that the cookie be sent only to a Web server that’s running a secure connection such as SSL. For this to occur, set the sixth value to 1.
Delete Cookie
Deleting a cookie is simple, simply pass setcookie() the name of your cookie and PHP will arrange for it to be deleted.
<?php setcookie(’name’); ?>
There’s one last important item to cite about using cookies. Because of the way cookies work within HTTP, it’s important that you send all cookies before you print any text. If you don’t, PHP will give you a warning and your cookies will not be sent. So, this is OK:
<?php
setcookie(’name’, ‘akki’);
echo “Good Morning!”;
?>
But this is not:
<?php
echo “Good Morning!”;
setcookie(’name’, ‘akki’);
?>
