We’ll look at n Using magic quotes n Evaluating strings with eval n Terminating execution:dieand exit n Serialization n Getting information about the PHP environment n Temporarily alteri
Trang 1427 Further Reading
['valid_user']is set If the user is logged in, we show her the members’ content; oth-erwise, we tell her that she is not authorized
Finally we have the logout.phpscript that signs a user out of the system.The code for this script is shown in Listing 20.6
Listing 20.6 logout.php—This Script Deregisters the Session Variable and Destroys the
Session
<?php session_start();
$old_user = $HTTP_SESSION_VARS['valid_user']; // store to test if they *were*
logged in unset($HTTP_SESSION_VARS['valid_user']);
session_destroy();
?>
<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_user)) {
echo 'Logged out.<br />';
} else { // if they weren't logged in but came to this page somehow echo 'You were not logged in, and so have not been logged out.<br />';
}
?>
<a href="authmain.php">Back to main page</a>
</body>
</html>
The code’s very simple, but we do a little fancy footwork.We start a session, store the user’s old username, unset the valid_uservariable, and destroy the session.We then give the user a message that will be different if she was logged out, or was not logged in to begin with
This simple set of scripts will form the basis for a lot of the work we’ll do in later chapters
Further Reading
Native sessions are new to PHP 4, but sessions have been provided by PHPLib for a while.The best things to read for more information are the PHPLib homepage and the
Trang 2Next
We’re almost finished with this section of the book
Before we move on to the projects, we’ll briefly discuss some of the useful odds and ends of PHP that we haven’t covered elsewhere
Trang 3Other Useful Features
SOME USEFULPHP FUNCTIONS AND FEATURESdo not fit into any particular category This chapter will explain these features
We’ll look at
n Using magic quotes
n Evaluating strings with eval()
n Terminating execution:dieand exit
n Serialization
n Getting information about the PHP environment
n Temporarily altering the runtime environment
n Loading PHP extensions
n Source highlighting
Using Magic Quotes
You have probably noticed that you need to be careful when using quote symbols ('and
") and back slashes (\) within strings PHP will get confused by an attempted string statement like
echo "color = "#FFFFFF"";
and give a parse error.To include quotes inside a string, use the quote type that is differ-ent from the quotes enclosing the string For example
echo "color = '#FFFFFF'";
or echo 'color = "#FFFFFF"';
will both be valid
Trang 4insert into company values ('Bob's Auto Parts');
will produce similar confusion in MySQL’s parser
We have already looked at the use of addslashes()and stripslashes()that will escape out any single quote, double quote, backslash, and NUL characters
PHP has a useful capability to automatically or magically add and strip slashes for you.With two settings in your php.inifile, you can turn on or off magic quoting for GET, POST, cookie data, and for other sources
The value of the magic_quotes_gpcdirective controls whether magic quoting is used for GET, POST, and cookie operations
With magic_quotes_gpcon, if somebody typed "Bob's Auto Parts"into a form
on your site, your script would receive "Bob\'s Auto Parts"because the quote will be escaped for you
The functionget_magic_quotes_gpc()returns either 1or 0, telling you the current value of magic_quotes_gpc.This is most useful for testing if you need to stripslash-es()from data received from the user
The value of magic_quotes_runtime, controls whether magic quoting is used by functions that get data from databases and files
To get the value of magic_quotes_runtime, use the function
get_magic_quotes_runtime().This function returns either 1or 0 Magic quoting can
be turned on for a particular script using the function set_magic_quotes_
runtime()
Evaluating Strings: eval()
The function eval()will evaluate a string as PHP code
For example,
eval ( "echo 'Hello World';" );
will take the contents of the string and execute it.This line will produce the same out-put as
echo 'Hello World';
There are a variety of cases in which eval()can be useful.You might want to store blocks of code in a database, and retrieve and eval()them at a later point.You might want to generate code in a loop, and then use eval()to execute it
You can usefully use eval()to update or correct existing code If you had a large collection of scripts that needed a predictable change, it would be possible (but
Trang 5431 Serialization
inefficient) to write a script that loads an old script into a string, runs a regexpto make changes, and then uses eval()to execute the modified script
It is even conceivable that a very trusting person somewhere might want to allow PHP code to be entered in a browser and executed on her server
Terminating Execution: die and exit
So far in this book we have used the language construct exitto stop execution of a script As you probably recall, it appears on a line by itself, like this:
exit;
It does not return anything.You can alternatively use its alias die() For a slightly more useful termination, we can pass a parameter to exit().This can
be used to output an error message or execute a function before terminating a script
This will be familiar to Perl programmers
For example:
exit('Script ending now');
More commonly it is ored with a statement that might fail, such as opening a file or connecting to a database:
mysql_query($query) or die('Could not execute query');
Instead of just printing an error message, you can call one last function before the script terminates:
function err_msg() {
echo 'MySQL error was: ';
echo mysql_error();
}
mysql_query($query) or die(err_msg());
This can be useful as a way of giving the user some reason why the script failed
Alternatively, you could email yourself so that you know if a major error has occurred,
or add errors to a log file
Serialization
Serialization is the process of turning anything you can store in a PHP variable or object into a bytestream that can be stored in a database or passed along via a URL from page
to page.Without this, it is difficult to store or pass the entire contents of an array or object
It has decreased in usefulness since the introduction of session control Serializing data
is principally used for the types of things you would now use session control for In fact,