You probably are thinking at this moment why I am posting some tricks with variables. Well, there are many useful things a variable can do for us. For one they can actually be used to create simple games. They also can be used to produce a random result in a page. Another great use is shoutboxes.

Well here are some cool variable effects.

Adding Multiple Strings
We can use strings to create great effects.
Example:


We used str_replace to show two sentences with strings.
Neat huh.

Random Integers
This is one of the sweetest features of PHP. the rand() function. Here is a neat trick using this function.
Example

That will run the function and tell you if it is 100 or less. Great for guessing games.

MySQL Connect
With variables we make connecting to a MySQL database clean and simple
Most mysql connection codes are like this.


Simple huh! Variables make it look simpler and neater.

Superglobals
This is another awesome feature of PHP and variables. The $_POST and $_GET variables. We can use these to receive user input. We also can use the $_GET global to host a small website in ONE FILE.
$_POST is very widely used in registration scripts and chatboxes.
Example of $_GET


Example of $_POST


The first code gives us a one file site using the $_GET variable and If statements.

Our second code processes the form and prints the user input.

Thank you for reading my tutorial.

 

 

 

Reply

Nice one there. Would you mind having me on your MSN so that we can chat about PHP here? I need some training with PHP as i am beginner only. So as if i have any queries, perhaps you can help me?

Reply

Assalam-o-Alaikum!
(Peace be upon You)

Hey it was great! I am a newbie in PHP! PLease can you explain that how should we save it and this and that! Do you know how to make an upload script which can upload files to a database? PLease reply!

Reply

Yeap another cool thing is this



this is a good way to keep your message or your errors on a sepearte file to make it easy to call upon an error... although i did something completly diffrent than that above.

Reply

It's easy to save... just save it as a .php file

so in words

file.php

Reply

The $_GET example isn't really clear... at all.

I'm not sure how to use it, so if anyone wouldn't mind explaining, I would greatly appreciate it. =]

Oh, I would also like to add that I read somewhere that some $_GET commands can be dangerous because people can inject Javascript snippets to steal cookies or bother people.

Reply

$_GET is used to get information out of the address, which is passed to the PHP script. For example, look at the address for this topic:

http://www.trap17.com/forums/index.php?showtopic=53286

The ? indicates that PHP variables will follow. showtopic is the name of the variable, the = indicates its value is next, and 53286 is the value for that variable.

You can access these variables with $_GET['variable_name']. So, in this example, in the PHP script you could use $_GET['showtopic'] to get the ID of a topic to look for. You could then use that value in a MySQL lookup to get the topic information.



Yes. If you are not careful and have made glaring security mistakes with your code, then people can start inserting whatever code they like - thus allowing them to run JavaScript or other stuff. Generally, as long as you use the right functions to sanitise any inputs, you will be fine.

 

 

 

Reply

This is one reason I try and not use any $_GET in my code. If I can I will always try and use $_POST so I wont have to deal with people trying to include their own code in there. I guess $_GET does have an advantage as it can be bookedmarked unlike $_POST. I think more experience will be able to tell you what you can and cant use. I probably will need to use $_GET sometime in the future but it hasnt come up just yet in my current project.

edit:

Thinking about it abit I cant see how anyone would be able to inject some javascripte code into the URL. I mean unless you parse out that varname+value pair in the URL in your code it would be outputed right? Unless I'm missing something else obvious here how can someone do that?

Reply

Well honestly I have expected more from such name of tutorial however this is more or less just basic calculations with variables nothing more. I would also suggest everyone to check out sessions as this is one of the most usuful parts of php. And important thing to note is that when you are using any variable i the php you should also chec whether that variable is set due to the fact that php is not type strict language you must check whether variable is set and this must be obligatory job in the cases when you are passing one variable from one script to another.

Also I would like to say a bit more what does type strict means. (Just for the record I think about php very highly however this is one thing I hate it.)

Type stricts means that when you have some variable you must declare it with type for example int bool string as object char long double float and so on. However you do not have to do this in the php and because of that there are so many security issues and mistakes in the scripts that are really hard to trace.

So if you are writing larger scripts always check variables that are passed over and over because error might be just there, in most cases of my bugs I have discovered that it happened because certain variable had not been initialized.

------------------------------------------------------------------------------


Addition (simple code to check whether variable is set or not):



This code checks whether both varaibles are set. And if they are not and in this case $var2 is not set code witll return Variable not set and then new line.

---------------------------------------------------

This is another addition:

OK as I have read from one member that he mention java script injecions read more here it is asmall article about solution to certain javascript injection mission at hackthissite.org. So important thig is that basically with javascript you are merely trying to interface with html code that is you are chanigng html code in send to adopt it and use it to your cause. Java script injections are fairly dangerous and you should try to write neat code so that no script kiddie or someone else might change your scripts and force them to work in another manner then needed.

And one more important thing is that you can change php variables with javascript injections however it is not that usual because they have to be saved on your computer since php code is executed on the server side and not client side.

Reply

Thanks for sharing the link hitmanblood. I had a quick read over it and I think I understand what you mean about being able to inject JS code in the url. So I guess if your trying to build a secure (as possible) site your should not rely on any HTML fields or javascript for any sensitive data as JS injection can be used to exploit it.

I've used hidden fields personally but thats just to store data to properly handle forms durings its life cycle. I think this time round I'ma think different when building my webpages.

Thanks again.

Reply