Tricks With Php Variables

[coolcat50 0]

You probably are thinking at this moment why I am posting some tricks with variables. Well, there are many useful things a variable can do for us. For one they can actually be used to create simple games. They also can be used to produce a random result in a page. Another great use is shoutboxes.

 

Well here are some cool variable effects.

 

Adding Multiple Strings

We can use strings to create great effects.

Example:

<?php$var1="Hello person.";$var2=str_replace("person","world",$var1);echo $var1." ".$var2;?>

We used str_replace to show two sentences with strings.

Neat huh.

 

Random Integers

This is one of the sweetest features of PHP. the rand() function. Here is a neat trick using this function.

Example

<?phpfunction exVar(){$num=rand(1,100);if ($num<100){echo "The number is less than 100.";}else{echo "The number is 100.";}}exVar()?>

That will run the function and tell you if it is 100 or less. Great for guessing games.

 

MySQL Connect

With variables we make connecting to a MySQL database clean and simple

Most mysql connection codes are like this.

<?php$localhost="localhost";$name="username";$password="password";$database="db";$connect=mysql_connect($localhost,$name,$password) or die(mysql_error());mysql_db_select($database,$connect);?>

Simple huh! Variables make it look simpler and neater.

 

Superglobals

This is another awesome feature of PHP and variables. The $_POST and $_GET variables. We can use these to receive user input. We also can use the $_GET global to host a small website in ONE FILE.

$_POST is very widely used in registration scripts and chatboxes.

Example of $_GET

<?phpif ($_GET['var'] == 'var'){//Post some html/php stuff here}else{//post the main page code here}?>

Example of $_POST

<?php$name=$_POST['var'];echo $name;?><form action="page.php" method="post"><input type="text" name="var" /><input type="submit" value="Submit" /></form>

The first code gives us a one file site using the $_GET variable and If statements.

 

Our second code processes the form and prints the user input.

 

Thank you for reading my tutorial.

[OneMinute 0]

Nice one there. Would you mind having me on your MSN so that we can chat about PHP here? I need some training with PHP as i am beginner only. So as if i have any queries, perhaps you can help me?

[wailedhero 0]

Assalam-o-Alaikum!(Peace be upon You) Hey it was great! I am a newbie in PHP! PLease can you explain that how should we save it and this and that! Do you know how to make an upload script which can upload files to a database? PLease reply!

[cwconline 0]

Yeap another cool thing is this

<?php$msg["welcome"] = "Welcome to our site";$msg["GoodBye"] = "Take it easy... come back and see us";echo $msg["welcome"];?>

this is a good way to keep your message or your errors on a sepearte file to make it easy to call upon an error... although i did something completly diffrent than that above.

Edited January 6, 2008 by cwconline (see edit history)

[cwconline 0]

Assalam-o-Alaikum!(Peace be upon You)

Hey it was great! I am a newbie in PHP! PLease can you explain that how should we save it and this and that! Do you know how to make an upload script which can upload files to a database? PLease reply!

It's easy to save... just save it as a .php file

so in words

file.php

[GaiaZone 0]

The $_GET example isn't really clear... at all.I'm not sure how to use it, so if anyone wouldn't mind explaining, I would greatly appreciate it. =]Oh, I would also like to add that I read somewhere that some $_GET commands can be dangerous because people can inject Javascript snippets to steal cookies or bother people.

[rvalkass 5]

$_GET is used to get information out of the address, which is passed to the PHP script. For example, look at the address for this topic:

 

http://forums.xisto.com/topic/53286-tricks-with-php-variables/

 

The ? indicates that PHP variables will follow. showtopic is the name of the variable, the = indicates its value is next, and 53286 is the value for that variable.

 

You can access these variables with $_GET['variable_name']. So, in this example, in the PHP script you could use $_GET['showtopic'] to get the ID of a topic to look for. You could then use that value in a MySQL lookup to get the topic information.

 

Oh, I would also like to add that I read somewhere that some $_GET commands can be dangerous because people can inject Javascript snippets to steal cookies or bother people.

Yes. If you are not careful and have made glaring security mistakes with your code, then people can start inserting whatever code they like - thus allowing them to run JavaScript or other stuff. Generally, as long as you use the right functions to sanitise any inputs, you will be fine.

[sonesay 7]

This is one reason I try and not use any $_GET in my code. If I can I will always try and use $_POST so I wont have to deal with people trying to include their own code in there. I guess $_GET does have an advantage as it can be bookedmarked unlike $_POST. I think more experience will be able to tell you what you can and cant use. I probably will need to use $_GET sometime in the future but it hasnt come up just yet in my current project.edit:Thinking about it abit I cant see how anyone would be able to inject some javascripte code into the URL. I mean unless you parse out that varname+value pair in the URL in your code it would be outputed right? Unless I'm missing something else obvious here how can someone do that?

Edited January 11, 2008 by sonesay (see edit history)

[hitmanblood 0]

Well honestly I have expected more from such name of tutorial however this is more or less just basic calculations with variables nothing more. I would also suggest everyone to check out sessions as this is one of the most usuful parts of php. And important thing to note is that when you are using any variable i the php you should also chec whether that variable is set due to the fact that php is not type strict language you must check whether variable is set and this must be obligatory job in the cases when you are passing one variable from one script to another.

 

Also I would like to say a bit more what does type strict means. (Just for the record I think about php very highly however this is one thing I hate it.)

 

Type stricts means that when you have some variable you must declare it with type for example int bool string as object char long double float and so on. However you do not have to do this in the php and because of that there are so many security issues and mistakes in the scripts that are really hard to trace.

 

So if you are writing larger scripts always check variables that are passed over and over because error might be just there, in most cases of my bugs I have discovered that it happened because certain variable had not been initialized.

 

------------------------------------------------------------------------------

 

 

Addition (simple code to check whether variable is set or not):

 

$var1 = 0;if(isset($var1) && isset($var2)){ 	  echo "Nice $var1, $var2 <br>";}else{	  echo "Variable not set <br>";}

This code checks whether both varaibles are set. And if they are not and in this case $var2 is not set code witll return Variable not set and then new line.

 

---------------------------------------------------

 

This is another addition:

 

OK as I have read from one member that he mention java script injecions read more here it is asmall article about solution to certain javascript injection mission at hackthissite.org. So important thig is that basically with javascript you are merely trying to interface with html code that is you are chanigng html code in send to adopt it and use it to your cause. Java script injections are fairly dangerous and you should try to write neat code so that no script kiddie or someone else might change your scripts and force them to work in another manner then needed.

 

And one more important thing is that you can change php variables with javascript injections however it is not that usual because they have to be saved on your computer since php code is executed on the server side and not client side.

Edited January 11, 2008 by hitmanblood (see edit history)

[sonesay 7]

Thanks for sharing the link hitmanblood. I had a quick read over it and I think I understand what you mean about being able to inject JS code in the url. So I guess if your trying to build a secure (as possible) site your should not rely on any HTML fields or javascript for any sensitive data as JS injection can be used to exploit it. I've used hidden fields personally but thats just to store data to properly handle forms durings its life cycle. I think this time round I'ma think different when building my webpages. Thanks again.

[hitmanblood 0]

Well yes in fact these java script injections are used in such manner to alter data. Let me give you example how would smeone bypass your security check if you have some as you said life cycle of the form. So user on one page enters some data let's say it is his age, as he hits submit (I am assuming that no user elder then let's say 15 may enter) you save this variable in some hidden field and show him the code that he may not enter since he is younger then 15 years however since after his first click on submit button values sent will be let's say checked via your server php script and you will no longer after that check them but the problem now is that when you showed him next page you don't want him to continue that is the main reason why you provided the hidden field, and if user finds oout this he may use javascript injection to change the value of the hidden field variable and in such manner to pass he just needs to reload he page. I know this is not quite good example however I hope you understand the point.The simple solution would be to sttore the data in session or cookie this will in fact save data and you will be able to access the data via $_SESSION['nameofvariable'] and this data will be encoded also remember that this data can be changed as well as any data stored in the cookie :)Hope I helped somewhat.