• I cannot remember the parameter order of PHP functions, are they random?
• I would like to write a generic PHP script that can handle data coming from any form. How do I know which POST method variables are available?
• I need to convert all single-quotes (‘) to a backslash followed by a single-quote (\’). How can I do this with a regular expression? I’d also like to convert ” to \” and \ to \\.
• All my ” turn into \” and my ‘ turn into \’, how do I get rid of all these unwanted backslashes? How and why did they get there?
• How does the PHP directive register_globals affect me?
• When I do the following, the output is printed in the wrong order: what’s going on?
• Hey, what happened to my newlines?
• I get the message ‘Warning: Cannot send session cookie – headers already sent…’ or ‘Cannot add header information – headers already sent…’.
• I need to access information in the request header directly. How can I do this?
• When I try to use authentication with IIS I get ‘No Input file specified’.
• Windows: I can’t access files shared on another computer using IIS
• How am I supposed to mix XML and PHP? It complains about my

Note

:

Superglobals: availability note

Superglobal arrays such as

$_GET

,

$_POST

, and

$_SERVER

, etc. are available as of PHP 4.1.0. For more information, read the manual section on

superglobals I need to convert all single-quotes (‘) to a backslash followed by a single-quote (\’). How can I do this with a regular expression? I’d also like to convert ” to \” and \ to \\.

Assuming this is for a database, use the escaping mechanism that comes with the database. For example, use

mysql_real_escape_string()

with MySQL and

pg_escape_string()

with PostgreSQL. There is also the generic

addslashes()

and

stripslashes()

functions, that are more common with older PHP code.

Note

:

directive note: magic_quotes_gpc

The

magic_quotes_gpc

directive defaults to

on

. It essentially runs

addslashes()

on all GET, POST, and COOKIE data.

stripslashes()

may be used to remove them.

All my ” turn into \” and my ‘ turn into \’, how do I get rid of all these unwanted backslashes? How and why did they get there?

Most likely the backslashes magically exist because the PHP directive

magic_quotes_gpc

is on. This is an old feature of PHP, and should be disabled and not relied upon. Also, the PHP function

stripslashes()

may be used to strip the backslashes from the

string

.

Note

:

directive note: magic_quotes_gpc

The

magic_quotes_gpc

directive defaults to

on

. It essentially runs

addslashes()

on all GET, POST, and COOKIE data.

stripslashes()

may be used to remove them.

How does the PHP directive register_globals affect me?
Warning

This feature has been

DEPRECATED

as of PHP 5.3.0 and

REMOVED

as of PHP 5.4.0.

First, an explanation about what this ini setting does. Let’s say the following URL is used:

http://example.com/foo.php?animal=cat

and in

foo.php

we might have the following PHP code:

The code above demonstrates how register_globals creates a lot of variables. For years this type of coding has been frowned upon, and for years it’s been disabled by default. So although most web hosts disable register_globals, there are still outdated articles, tutorials, and books that require it to be on. Plan accordingly.

See also the following resources for additional information:

 

Note

:

The

register_globals

directive

The

security chapter about register globals
Handling external variables

Use

superglobals

instead

In the example above, we used an

URL

that contained a QUERY_STRING. Passing information like this is done through a GET HTTP Request, so this is why the superglobal

$_GET

was used.

When I do the following, the output is printed in the wrong order:
W

hat’s going on?

To be able to use the results of your function in an expression (such as concatenating it with other strings in the example above), you need to

return

the value, not

echo

it.

Hey, what happened to my newlines?

In PHP, the ending for a block of code is either “?>” or “?>\n” (where \n means a newline). So in the example above, the echoed sentences will be on one line, because PHP omits the newlines after the block ending. This means that you need to insert an extra newline after each block of PHP code to make it print out one newline. Why does PHP do this? Because when formatting normal HTML, this usually makes your life easier because you don’t want that newline, but you’d have to create extremely long lines or otherwise make the raw page source unreadable to achieve that effect.

 

I get the message ‘Warning: Cannot send session cookie – headers already sent…’ or ‘Cannot add header information – headers already sent…’.

The functions

header()

,

setcookie()

, and the

session functions

need to add headers to the output stream but headers can only be sent before all other content. There can be no output before using these functions, output such as HTML. The function

headers_sent()

will check if your script has already sent headers and see also the

Output Control functions

.

I need to access information in the request header directly. How can I do this?

The

getallheaders()

function will do this if you are running PHP as an Apache module. So, the following bit of code will show you all the request headers:

\n";

}

?>

See also

apache_lookup_uri()

,

apache_response_headers()

, and

fsockopen()When I try to use authentication with IIS I get ‘No Input file specified’.

The security model of IIS is at fault here. This is a problem common to all CGI programs running under IIS. A workaround is to create a plain HTML file (not parsed by PHP) as the entry page into an authenticated directory. Then use a META tag to redirect to the PHP page, or have a link to the PHP page. PHP will then recognize the authentication correctly. With the ISAPI module, this is not a problem. This should not effect other NT web servers. For more information, see:

» http://support.microsoft.com/kb/q160422/

and the manual section on

HTTP Authentication

.

Windows: I can’t access files shared on another computer using IIS

You have to change the

Go to Internet Information Services

. Locate your PHP file and go to its properties. Go to the

File Security

tab,

Edit -< Anonymous access and authentication control

.You can fix the problem either by unticking

Anonymous Access

and leaving

Integrated Window Authentication

ticked, or, by ticking

Anonymous Access

and editing the user as he may not have the access right.

 

How am I supposed to mix XML and PHP? It complains about my

. The default for this directive is

On

.

Where can I find a complete list of variables are available to me in PHP?

Read the manual page on

predefined variables

as it includes a partial list of predefined variables available to your script. A complete list of available variables (and much more information) can be seen by calling the

phpinfo()

function. Be sure to read the manual section on

variables from outside of PHP

as it describes common scenarios for external variables, like from a HTML form, a Cookie, and the URL.

Note

:

register_globals: important note

As of PHP 4.2.0, the default value for the PHP directive

register_globals

is

off

. The PHP community discourages developers from relying on this directive, and encourages the use of other means, such as the

superglobals

.

How can I generate PDF files without using the non-free and commercial libraries like PDFLib? I’d like something that’s free and doesn’t require external PDF libraries.
<