PHP is one of the most popular languages for building websites. In fact, you probably used it today if you visited a Wordpress site or Facebook.
Here are a few useful built in PHP functions every developer should use more often.
1 - htmlspecialchars
The htmlspecialchars function is better than than using only using echo for one main reason: it prevents XSS. For example:
<?php
echo htmlspecialchars("<script>console.log('XSS!');<script>");
Output:
<script>console.log('XSS!');<script>gt;
2 - exec
This function allows you to run code on the command prompt or terminal, depending what OS you use to host/test. While this function is a bit more advanced, it is very useful. Example:
<?php
exec("mkdir files");
Upon running this code, a folder will be created called files. This is a very powerful command, and user input NEVER be allowed in this function.
3 - header
HTTP headers are very useful online, they tell your browser what to do when a website is loaded. You can use PHP to set headers in seconds. This code will set the 302 Found header, creating a redirect to riverside.rocks:
<?php
header("Location: https://riverside.rocks");
die();
Upon viewing this with cURL, we can see it worked.
Note: The die() function is used to end the code, it is not necessary, but good to use to ensure no more code is executed after the redirect.
This is an example of a 404:
<?php
header("HTTP/1.1 404 Not Found");
4 - file_get_contents
This function retrieves the HTML contents of a website. If you ever work with APIs in PHP, you will have to use this function quite a bit. This example gets and echos the HTML contents of riverside.rocks:
<?php
echo file_get_contents("https://riverside.rocks");
I hope you enjoyed reading and keep coding!
~ Riverside Rocks
Top comments (12)
Some additions:
Avoid
exec
if possible! A great many use-cases have dedicated native wrappers for system calls (e.g.mkdir
). Very rarely will you be forced to actually execute shell commands, and when you are, you'll have to struggle with the output of that shell call as well.file_get_contents
for HTTP requests is also best discouraged. It's great for local disk, butext-curl
provides a much better wrapper aroundcurl
.I had completely forgotten about
htmlspecialchars()
, would have saved me a lot of time had I read this yesterday morning :DThe yet another function about preventing XSS is htmlentities() :).
What a beginner should know is how to search effectively the documentation / on Google.
And how to use Stackoverflow
I always start with the official docs. php.net/manual/en/features.command... You can write php scripts and run them like
php myfile.php
with arguments, options etc.You can use PHP for CLI applications too.
... and all the mb_* versions of string functions. You might not even know you're deling with an encoding with multi-byte characters. Basically, if the normal string functions return wrong or strange results, try adding the mb_ in front of them.
No. Don't try that at home.
There is built-in web server
If you use windows, download XAMPP:
apachefriends.org/index.html
If you use Linux, download Apache:
sudo apt-get install apache2
You can set up local server