Copyright © 1997, 1998, 1999 by the PHP Documentation Group
Copyright
This manual is © Copyright 1997, 1998, 1999 the PHP Documentation Group. The members of this group are listed on the front page of this manual.
This manual can be redistributed under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Date: 1999-08-07
PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generated pages quickly.
This manual is written in SGML using the DocBook DTD, using DSSSL (Document Style and Semantics Specification Language) for formatting. The tools used for formatting HTML, TeX and RTF versions are Jade, written by James Clark and The Modular DocBook Stylesheets written by Norman Walsh. PHP's documentation framework was assembled by Stig Sæther Bakken.
PHP is a server-side HTML-embedded scripting language.
Simple answer, but what does that mean? An example:
Example 1-1. An introductory example <html>
<head>
<title>Example</title>
</head>
<body>
<?php echo "Hi, I'm a PHP script!"; ?>
</body>
</html>
|
Notice how this is different from a CGI script written in other languages like Perl or C -- instead of writing a program with lots of commands to output HTML, you write an HTML script with a some embedded code to do something (in this case, output some text). The PHP code is enclosed in special start and end tags that allow you to jump into and out of "PHP mode".
What distinguishes PHP from something like client-side Javascript is that the code is executed on the server. If you were to have a script similar to the above on your server, the client would receive the results of running that script, with no way of determining what the underlying code may be. You can even configure your web server to process all your HTML files with PHP, and then there's really no way that users can tell what you have up your sleeve.
At the most basic level, PHP can do anything any other CGI program can do, such as collect form data, generate dynamic page content, or send and receive cookies.
Perhaps the strongest and most significant feature in PHP is its support for a wide range of databases. Writing a database-enabled web page is incredibly simple. The following databases are currently supported:
Adabas D InterBase Solid dBase mSQL Sybase Empress MySQL Velocis FilePro Oracle Unix dbm Informix PostgreSQL
PHP also has support for talking to other services using protocols such as IMAP, SNMP, NNTP, POP3, or even HTTP. You can also open raw network sockets and interact using other protocols.
PHP was conceived sometime in the fall of 1994 by Rasmus Lerdorf. Early non-released versions were used on his home page to keep track of who was looking at his online resume. The first version used by others was available sometime in early 1995 and was known as the Personal Home Page Tools. It consisted of a very simplistic parser engine that only understood a few special macros and a number of utilities that were in common use on home pages back then. A guestbook, a counter and some other stuff. The parser was rewritten in mid-1995 and named PHP/FI Version 2. The FI came from another package Rasmus had written which interpreted html form data. He combined the Personal Home Page tools scripts with the Form Interpreter and added mSQL support and PHP/FI was born. PHP/FI grew at an amazing pace and people started contributing code to it.
It is hard to give any hard statistics, but it is estimated that by late 1996 PHP/FI was in use on at least 15,000 web sites around the world. By mid-1997 this number had grown to over 50,000. Mid-1997 also saw a change in the development of PHP. It changed from being Rasmus' own pet project that a handful of people had contributed to, to being a much more organized team effort. The parser was rewritten from scratch by Zeev Suraski and Andi Gutmans and this new parser formed the basis for PHP Version 3. A lot of the utility code from PHP/FI was ported over to PHP3 and a lot of it was completely rewritten.
Today (mid-1999) either PHP/FI or PHP3 ships with a number of commercial products such as C2's StrongHold web server and RedHat Linux and a conservative estimate based on an extrapolation from numbers provided by NetCraft would be that PHP is in use on over 150,000 sites around the world. To put that in perspective, that is more sites than run Netscape's flagship Enterprise server on the Internet.
Also as of this writing, work is underway on the next generation of PHP that will utilize the powerful Zend scripting engine to deliver higher performance, and will also support running under webservers other than Apache as a native server module.
The source code, and binary distributions for some platforms (including Windows), can be found at http://www.php.net/.
This section will guide you through the configuration and installation of PHP. Prerequisite knowledge and software:
Basic UNIX skills (being able to operate "make" and a C compiler)
An ANSI C compiler
A web server
1. gunzip apache_1.3.x.tar.gz
2. tar xvf apache_1.3.x.tar
3. gunzip php-3.0.x.tar.gz
4. tar xvf php-3.0.x.tar
5. cd apache_1.3.x
6. ./configure --prefix=/www
7. cd ../php-3.0.x
8. ./configure --with-mysql --with-apache=../apache_1.3.x --enable-track-vars
9. make
10. make install
11. cd ../apache_1.3.x
12. ./configure --prefix=/www --activate-module=src/modules/php3/libphp3.a
13. make
14. make install
Instead of this step you may prefer to simply copy the httpd binary
overtop of your existing binary. Make sure you shut down your
server first though.
15. cd ../php-3.0.x
16. cp php3.ini-dist /usr/local/lib/php3.ini
You can edit /usr/local/lib/php3.ini file to set PHP options. If
you prefer this file in another location, use
--with-config-file-path=/path in step 8.
17. Edit your httpd.conf or srm.conf file and add:
AddType application/x-httpd-php3 .php3
You can choose any extension you wish here. .php3 is simply the one
we suggest.
18. Use your normal procedure for starting the Apache server. (You must
stop and restart the server, not just cause the server to reload by
use a HUP or USR1 signal.)
There are two ways of configuring PHP.
Using the "setup" script that comes with PHP. This script asks you a series of questions (almost like the "install" script of PHP/FI 2.0) and runs "configure" in the end. To run this script, type ./setup.
This script will also create a file called "do-conf", this file will contain the options passed to configure. You can edit this file to change just a few options without having to re-run setup. Then type ./do-conf to run configure with the new options.
Running configure by hand. To see what options you have, type ./configure --help.
Details about some of the different configuration options are listed below.
To build PHP as an Apache module, answer "yes" to "Build as an Apache module?" (the --with-apache=DIR option to configure) and specify the Apache distribution base directory. If you have unpacked your Apache distribution in /usr/local/www/apache_1.2.4, this is your Apache distribution base directory. The default directory is /usr/local/etc/httpd.
To build PHP as an fhttpd module, answer "yes" to "Build as an fhttpd module?" (the --with-fhttpd=DIR option to configure) and specify the fhttpd source base directory. The default directory is /usr/local/src/fhttpd. If you are running fhttpd, building PHP as a module will give better performance, more control and remote execution capability.
The default is to build PHP as a CGI program. If you are running a web server PHP has module support for, you should generally go for that solution for performance reasons. However, the CGI version enables Apache users to run different PHP-enabled pages under different user-ids. Please make sure you read through the Security chapter if you are going to run PHP as a CGI.
PHP has native support for a number of databases (as well as ODBC):
--with-adabas=DIR
Compiles with Adabas D support. The parameter is the Adabas D install directory and defaults to /usr/local/adabasd.
--with-filepro
Enables the bundled read-only filePro support. No external libraries are required.
--with-msql=DIR
Enables mSQL support. The parameter to this option is the mSQL install directory and defaults to /usr/local/Hughes. This is the default directory of the mSQL 2.0 distribution. configure automatically detects which mSQL version you are running and PHP supports both 1.0 and 2.0, but if you compile PHP with mSQL 1.0, you can only access mSQL 1.0 databases, and vice-versa.
See also mSQL Configuration Directives in the configuration file.
--with-mysql=DIR
Enables MySQL support. The parameter to this option is the MySQL install directory and defaults to /usr/local. This is the default installation directory of the MySQL distribution.
See also MySQL Configuration Directives in the configuration file.
--with-iodbc=DIR
Includes iODBC support. This feature was first developed for iODBC Driver Manager, a freely redistributable ODBC driver manager which runs under many flavors of UNIX. The parameter to this option is the iODBC installation directory and defaults to /usr/local.
--with-openlink=DIR
Includes OpenLink ODBC support. The parameter to this option is the OpenLink ODBC installation directory and defaults to /usr/local/openlink.
--with-oracle=DIR
Includes Oracle support. Has been tested and should be working at least with Oracle versions 7.0 through 7.3. The parameter is the ORACLE_HOME directory. You do not have to specify this parameter if your Oracle environment has been set up.
--with-pgsql=DIR
Includes PostgreSQL support. The parameter is the PostgreSQL base install directory and defaults to /usr/local/pgsql.
See also Postgres Configuration Directives in the configuration file.
--with-solid=DIR
Includes Solid support. The parameter is the Solid install directory and defaults to /usr/local/solid.
--with-sybase=DIR
Includes Sybase support. The parameter is the Sybase install directory and defaults to /home/sybase.
See also Sybase Configuration Directives in the configuration file.
--with-sybase-ct=DIR
Includes Sybase-CT support. The parameter is the Sybase-CT install directory and defaults to /home/sybase.
See also Sybase-CT Configuration Directives in the configuration file.
--with-velocis=DIR
Includes Velocis support. The parameter is the Velocis install directory and defaults to /usr/local/velocis.
--with-custom-odbc=DIR
Includes support for an arbitrary custom ODBC library. The parameter is the base directory and defaults to /usr/local.
This option implies that you have defined CUSTOM_ODBC_LIBS when you run the configure script. You also must have a valid odbc.h header somewhere in your include path. If you don't have one, create it and include your specific header from there. Your header may also require some extra definitions, particularly when it is multiplatform. Define them in CFLAGS.
For example, you can use Sybase SQL Anywhere on QNX as following: CFLAGS=-DODBC_QNX LDFLAGS=-lunix CUSTOM_ODBC_LIBS="-ldblib -lodbc" ./configure --with-custom-odbc=/usr/lib/sqlany50
--disable-unified-odbc
Disables the Unified ODBC module, which is a common interface to all the databases with ODBC-based interfaces, such as Solid and Adabas D. It also works for normal ODBC libraries. Has been tested with iODBC, Solid, Adabas D and Sybase SQL Anywhere. Requires that one (and only one) of these modules or the Velocis module is enabled, or a custom ODBC library specified. This option is only applicable if one of the following options is used: --with-iodbc, --with-solid, --with-adabas, --with-velocis, or --with-custom-odbc,
See also Unified ODBC Configuration Directives in the configuration file.
--with-mcrypt
Include support for the mcrypt library. See the mcrypt documentation for more information. If you use the optional DIR argument, PHP will look for mcrypt.h in DIR/include.
--enable-sysvsem
Include support for Sys V semaphores (supported by most Unix derivates). See the Semaphore and Shared Memory documentation for more information.
--enable-sysvshm
Include support for Sys V shared memory (supported by most Unix derivates). See the Semaphore and Shared Memory documentation for more information.
--with-xml
Include support for a non-validating XML parser using James Clark's expat library. See the XML function reference for details.
--enable-maintainer-mode
Turns on extra dependencies and compiler warnings used by some of the PHP developers.
--with-system-regex
Uses the system's regular expression library rather than the bundled one. If you are building PHP as a server module, you must use the same library when building PHP as when linking the server. Enable this if the system's library provides special features you need. It is recommended that you use the bundled library if possible.
--with-config-file-path=DIR
The path used to look for the configuration file when PHP starts up.
--with-exec-dir=DIR
Only allow running of executables in DIR when in safe mode. Defaults to /usr/local/bin. This option only sets the default, it may be changed with the safe_mode_exec_dir directive in the configuration file later.
--enable-debug
Enables extra debug information. This makes it possible to gather more detailed information when there are problems with PHP. (Note that this doesn't have anything to do with debugging facilities or information available to PHP scripts.)
--enable-safe-mode
Enables "safe mode" by default. This imposes several restrictions on what PHP can do, such as opening only files within the document root. Read the Security chapter for more more information. CGI users should always enable secure mode. This option only sets the default, it may be enabled or disabled with the safe_mode directive in the configuration file later.
--enable-track-vars
Makes PHP keep track of where GET/POST/cookie variables come from in the arrays HTTP_GET_VARS, HTTP_POST_VARS and HTTP_COOKIE_VARS. This option only sets the default, it may be enabled or disabled with the track_vars directive in the configuration file later.
--enable-magic-quotes
Enable magic quotes by default. This option only sets the default, it may be enabled or disabled with the magic_quotes_runtime directive in the configuration file later. See also the magic_quotes_gpc and the magic_quotes_sybase directives.
--enable-debugger
Enables the internal PHP debugger support. This feature is still in an experimental state. See also the Debugger Configuration directives in the configuration file.
--enable-discard-path
If this is enabled, the PHP CGI binary can safely be placed outside of the web tree and people will not be able to circumvent .htaccess security. Read the section in the security chapter about this option.
--enable-bcmath
Enables bc style arbitrary precision math functions. See also the bcmath.scale option in the configuration file.
--enable-force-cgi-redirect
Enable the security check for internal server redirects. You should use this if you are running the CGI version with Apache.
When using PHP as a CGI binary, PHP by default always first checks that it is used by redirection (for example under Apache, by using Action directives). This makes sure that the PHP binary cannot be used to bypass standard web server authentication procedures by calling it directly, like http://my.host/cgi-bin/php/secret/doc.html. This example accesses http://my.host/secret/doc.html but does not honour any security settings enforced by httpd for directory /secret.
Not enabling option disables the check and enables bypassing httpd security and authentication settings. Do this only if your server software is unable to indicate that a safe redirection was done and all your files under your document root and user directories may be accessed by anyone.
Read the section in the security chapter about this option.
--disable-short-tags
Disables the short form <? ?> PHP tags. You must disable the short form if you want to use PHP with XML. With short tags disabled, the only PHP code tag is <?php ?>. This option only sets the default, it may be enabled or disabled with the short_open_tag directive in the configuration file later.
--enable-url-includes
Makes it possible to run code on other HTTP or FTP servers directly from PHP with include(). See also the include_path option in the configuration file.
To make the PHP installation look for header or library files in different directories, modify the CPPFLAGS and LDFLAGS environment variables, respectively. If you are using a sensible shell, you should be able to do LDFLAGS=-L/my/lib/dir CPPFLAGS=-I/my/include/dir ./configure
When PHP is configured, you are ready to build the CGI executable or the PHP library. The command make should take care of this. If it fails and you can't figure out why, see the Problems section.
If you have built PHP as a CGI program, you may test your build by typing make test. It is always a good idea to test your build. This way you may catch a problem with PHP on your platform early instead of having to struggle with it later.
If you have built PHP as a CGI program, you may benchmark your build by typing make bench. Note that if safe mode is on by default, the benchmark may not be able to finish if it takes longer then the 30 seconds allowed. This is because the set_time_limit() can not be used in safe mode. Use the max_execution_time configuration setting to control this time for you own scripts. make bench ignores the configuration file.
This install guide will help you install and configure PHP on your Windows 9x/NT webservers. This guide was compiled by Bob Silva. The latest revision can be found at http://www.umesd.k12.or.us/php/win32install.html.
This guide provides installation support for:
Personal Web Server (Newest version recommended)
Internet Information Server 3 or 4
Apache 1.3.x
Omni HTTPd 2.0b1
The following steps should be performed on all installations before the server specific instructions.
Extract the distribution file to a directory of your choice. "C:\PHP3\" is a good start.
Copy the file, 'php3-dist.ini' to your '%WINDOWS%' directory and rename it to 'php3.ini'. Your '%WINDOWS%' directory is typically:
| c:\windows for Windows 95/98 |
| c:\winnt or c:\winnt40 for NT servers |
Edit your 'php3.ini' file:
You will need to change the 'extension_dir' setting to point to your php-install-dir, or where you have placed your 'php3_*.dll' files. ex: c:\php3
If you are using Omni Httpd, do not follow the next step. Set the 'doc_root' to point to your webservers document_root. ex: c:\apache\htdocs or c:\webroot
Choose which modules you would like to load when PHP starts. You can uncomment the: 'extension=php3_*.dll' lines to load these modules. Some modules require you to have additional libraries installed on your system for the module to work correctly. The PHP FAQ has more information on where to get supporting libraries. You can also load a module dynamically in your script using: dl("php_*.dll");
On PWS and IIS, you can set the browscap.ini to point to: 'c:\windows\system\inetsrv\browscap.ini' on Windows 95/98 and 'c:\winnt\system32\inetsrv\browscap.ini' on NT Server. Additional information on using the browscap functionality in PHP can be found at this mirror, select the "source" button to see it in action.
The DLLs for PHP extensions are prefixed with 'php3_'. This prevents confusion between PHP extensions and their supporting libraries.
The recommended method for configuring these servers is to use the INF file included with the distribution (php_iis_reg.inf). You may want to edit this file and make sure the extensions and PHP install directories match your configuration. Or you can follow the steps below to do it manually.
WARNING: These steps involve working directly with the windows registry. One error here can leave your system in an unstable state. We highly recommend that you back up your registry first. The PHP Development team will not be held responsible if you damage your registry.
Run Regedit.
Navigate to: HKEY_LOCAL_MACHINE /System /CurrentControlSet /Services /W3Svc /Parameters /ScriptMap.
On the edit menu select: New->String Value.
Type in the extension you wish to use for your php scripts. ex: .php3
Double click on the new string value and enter the path to php.exe in the value data field. ex: c:\php3\php.exe %s %s. The '%s %s' is VERY important, PHP will not work properly without it.
Repeat these steps for each extension you wish to associate with PHP scripts.
Now navigate to: HKEY_CLASSES_ROOT
On the edit menu select: New->Key.
Name the key to the extension you setup in the previous section. ex: .php3
Highlight the new key and in the right side pane, double click the "default value" and enter phpfile.
Repeat the last step for each extension you set up in the previous section.
Now create another New->Key under HKEY_CLASSES_ROOT and name it phpfile.
Highlight the new key phpfile and in the right side pane, double click the "default value" and enter PHP Script.
Right click on the phpfile key and select New->Key, name it Shell.
Right click on the Shell key and select New->Key, name it open.
Right click on the open key and select New->Key, name it command.
Highlight the new key command and in the right side pane, double click the "default value" and enter the path to php.exe. ex: c:\php3\php.exe -q %1. (don't forget the %1).
Exit Regedit.
PWS and IIS 3 users now have a fully operational system. IIS 3 users can use a nifty tool from Steven Genusa to configure their script maps.
To install PHP on an NT Server running IIS 4, follow these instructions:
In Internet Service Manager (MMC), select the Web site or the starting point directory of an application.
Open the directory's property sheets (by right clicking and selecting properties), and then click the Home Directory, Virtual Directory, or Directory tab.
Click the Configuration button, and then click the App Mappings tab.
Click Add, and in the Executable box, type: c:\path-to-php-dir\php.exe %s %s. You MUST have the %s %s on the end, PHP will not function properly if you fail to do this.
In the Extension box, type the file name extension you want associated with PHP scripts. (You must repeat step 5 and 6 for each extension you want accociated with PHP scripts. (.php3 and .phtml are common)
Set up the appropriate security. (This is done in Internet Service Manager), and if your NT Server uses NTFS file system, add execute rights for I_USR_ to the directory that contains php.exe.
You must edit your srm.conf or httpd.conf to configure Apache to work with the PHP CGI binary.
Although there can be a few variations of configuring PHP under Apache, this one is simple enough to be used by the newcomer. Please consult the Apache Docs for further configuration directives.
ScriptAlias /php3/ "c:/path-to-php-dir/"
AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3 .phtml
Action application/x-httpd-php3 "/php3/php.exe"
To use the source code highlighting feature, simply create a PHP script file and stick this code in: <?php show_source ("original_php_script.php3"); ?>. Substitute original_php_script.php3 with the name of the file you wish to show the source of. (this is only one way of doing it). Note: On Win-Apache all back slashes in a path statement such as: "c:\directory\file.ext", must be converted to forward slashes.
This has got to be the easiest config there is:
| Step 1: Install Omni server |
| Step 2: Right click on the blue OmniHTTPd icon in the system tray and select Properties |
| Step 3: Click on Web Server Global Settings |
| Step 4: On the 'External' tab, enter: virtual = .php3 | actual = c:\path-to-php-dir\php.exe |
| Step 5: On the Mime tab, enter: virtual = wwwserver/stdcgi | actual = .php3 |
| Step 6: Click OK |
Repeat steps 2 - 6 for each extension you want to associate with PHP.
Table 2-1. PHP Modules
| php3_calendar.dll | Calendar conversion functions |
| php3_crypt.dll | Crypt functions |
| php3_dbase.dll | DBase functions |
| php3_dbm.dll | GDBM emulation via Berkely DB2 library |
| php3_filepro.dll | READ ONLY access to filepro databases |
| php3_gd.dll | GD Library functions for gif manipulation |
| php3_hyperwave.dll | HyperWave functions |
| php3_imap4r2.dll | IMAP 4 functions |
| php3_ldap.dll | LDAP functions |
| php3_msql1.dll | mSQL 1 client |
| php3_msql2.dll | mSQL 2 client |
| php3_mssql.dll | MSSQL client (requires MSSQL DB-Libraries |
| php3_mysql.dll | MySQL functions |
| php3_nsmail.dll | Netscape mail functions |
| php3_oci73.dll | Oracle functions |
| php3_snmp.dll | SNMP get and walk functions (NT only!) |
| php3_zlib.dll | ZLib functions |
Some problems are more common than others. The most common ones are listed in the PHP FAQ, found at http://www.php.net/FAQ.php3
If you think you have found a bug in PHP, please report it. The PHP developers probably don't know about it, and unless you report it, chances are it won't be fixed. You can report bugs using the bug-tracking system at http://www.php.net/bugs.php3.
If you are still stuck, someone on the PHP mailing list may be able to help you. You should check out the archive first, in case someone already answered someone else who had the same problem as you. The archives are available from the support page on http://www.php.net/. To subscribe to the PHP mailing list, send an empty mail to php3-subscribe@lists.php.net. The mailing list address is php3@lists.php.net.
If you want to get help on the mailing list, please try to be precise and give the necessary details about your environment (which operating system, what PHP version, what web server, if you are running PHP as CGI or a server module, etc.), and preferably enough code to make others able to reproduce and test your problem.
The configuration file (called php3.ini in PHP 3.0, and simply php.ini as of PHP 4.0) is read when PHP starts up. For the server module versions of PHP, this happens only once when the web server is started. For the CGI version, it happens on every invocation.
When using PHP as an Apache module, you can also change the configuration settings using directives in Apache configuration files and .htaccess files.
With PHP 3.0, there are Apache directives that correspond to each configuration setting in the php3.ini name, except the name is prefixed by "php3_".
With PHP 4.0, there are just a few Apache directives that allow you to change the PHP configuration settings.
This sets the value of the specified variable.
This is used to set a Boolean configuration option.
This sets the value of the specified variable. "Admin" configuration settings can only be set from within the main Apache configuration files, and not from .htaccess files.
This is used to set a Boolean configuration option.
You can view the settings of the configuration values in the output of phpinfo(). You can also access the values of individial configuration settings using get_cfg_var().
Specifies the name of a file that is automatically parsed after the main file. The file is included as if it was called with the include() function, so include_path is used.
The special value none disables auto-appending.
Note: If the script is terminated with exit(), auto-append will not occur.
Specifies the name of a file that is automatically parsed before the main file. The file is included as if it was called with the include() function, so include_path is used.
The special value none disables auto-prepending.
This determines whether errors should be printed to the screen as part of the HTML output or not.
PHP's "root directory" on the server. Only used if non-empty. If PHP is configured with safe mode, no files outside this directory are served.
This directive is really only useful in the Apache module version of PHP. It is used by sites that would like to turn PHP parsing on and off on a per-directory or per-virtual server basis. By putting php3_engine off in the appropriate places in the httpd.conf file, PHP can be enabled or disabled.
Name of file where script errors should be logged. If the special value syslog is used, the errors are sent to the system logger instead. On UNIX, this means syslog(3) and on Windows NT it means the event log. The system logger is not supported on Windows 95.
Set the error reporting level. The parameter is an integer representing a bit field. Add the values of the error reporting levels you want.
Table 3-1. Error Reporting Levels
| bit value | enabled reporting |
|---|---|
| 1 | normal errors |
| 2 | normal warnings |
| 4 | parser errors |
| 8 | non-critical style-related warnings |
Limit the files that can be opened by PHP to the specified directory-tree.
When a script tries to open a file with, for example, fopen or gzopen, the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.
The special value . indicates that the directory in which the script is stored will be used as base-directory.
Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.
Note: Support for multiple directories was added in 3.0.7.
The default is to allow all files to be opened.
Set the order of GET/POST/COOKIE variable parsing. The default setting of this directive is "GPC". Setting this to "GP", for example, will cause PHP to completely ignore cookies and to overwrite any GET method variables with POST-method variables of the same name.
Off by default. If changed to On scripts will run to completion even if the remote client disconnects in the middle. See also ignore_user_abort().
Specifies a list of directories where the require(), include() and fopen_with_path() functions look for files. The format is like the system's PATH environment variable: a list of directories separated with a colon in UNIX or semicolon in Windows.
Example 3-1. UNIX include_path include_path=.:/home/httpd/php-lib |
Example 3-2. Windows include_path include_path=".;c:\www\phplib" |
Tells whether script error messages should be logged to the server's error log. This option is thus server-specific.
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.
If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.
If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash if magic_quotes_gpc or magic_quotes_runtime is enabled.
This sets the maximum time in seconds a script is allowed to take before it is terminated by the parser. This helps prevent poorly written scripts from tieing up the server.
This sets the maximum amount of memory in bytes that a script is allowed to allocate. This helps prevent poorly written scripts for eating up all available memory on a server.
Tells whether the short form (<? ?>of PHP's open tag should be allowed. If you want to use PHP in combination with XML, you have to disable this option. If disabled, you must use the long form of the open tag (<?php ?>).
If enabled, the last error message will always be present in the global variable $php_errormsg.
If enabled, GET, POST and cookie input can be found in the global associative arrays $HTTP_GET_VARS, $HTTP_POST_VARS and $HTTP_COOKIE_VARS, respectively.
The temporary directory used for storing files when doing file upload. Must be writable by whatever user PHP is running as.
The base name of the directory used on a user's home directory for PHP files, for example public_html.
If enabled, this option makes PHP output a warning when the plus (+) operator is used on strings. This is to make it easier to find scripts that need to be rewritten to using the string concatenator instead (.).
DNS name or IP address of the SMTP server PHP under Windows should use for mail sent with the mail() function.
Which "From:" mail address should be used in mail sent from PHP under Windows.
Where the sendmail program can be found, usually /usr/sbin/sendmail or /usr/lib/sendmail configure does an honest attempt of locating this one for you and set a default, but if it fails, you can set it here.
Systems not using sendmail should set this directive to the sendmail wrapper/replacement their mail system offers, if any. For example, Qmail users can normally set it to /var/qmail/bin/sendmail.
Whether to enable PHP's safe mode. Read the Security chapter for more more information.
If PHP is used in safe mode, system() and the other functions executing system programs refuse to start programs that are not in this directory.
DNS name or IP address of host used by the debugger.
Port number used by the debugger.
Whether the debugger is enabled.
This directive is really only useful in the Apache module version of PHP. You can turn dynamic loading of PHP extensions with dl() on and off per virtual server or per directory.
The main reason for turning dynamic loading off is security. With dynamic loading, it's possible to ignore all the safe_mode and open_basedir restrictions.
The default is to allow dynamic loading, except when using safe-mode. In safe-mode, it's always imposible to use dl().
In what directory PHP should look for dynamically loadable extensions.
Which dynamically loadable extensions to load when PHP starts up.
Whether to allow persistent MySQL connections.
The maximum number of persistent MySQL connections per process.
The maximum number of MySQL connections per process, including persistent connections.
Whether to allow persistent mSQL connections.
The maximum number of persistent mSQL connections per process.
The maximum number of mSQL connections per process, including persistent connections.
Whether to allow persistent Postgres connections.
The maximum number of persistent Postgres connections per process.
The maximum number of Postgres connections per process, including persistent connections.
Whether to allow persistent Sybase connections.
The maximum number of persistent Sybase connections per process.
The maximum number of Sybase connections per process, including persistent connections.
Whether to allow persistent Sybase-CT connections. The default is on.
The maximum number of persistent Sybase-CT connections per process. The default is -1 meaning unlimited.
The maximum number of Sybase-CT connections per process, including persistent connections. The default is -1 meaning unlimited.
Server messages with severity greater than or equal to sybct.min_server_severity will be reported as warnings. This value can also be set from a script by calling sybase_min_server_severity(). The default is 10 which reports errors of information severity or greater.
Client library messages with severity greater than or equal to sybct.min_client_severity will be reported as warnings. This value can also be set from a script by calling sybase_min_client_severity(). The default is 10 which effectively disables reporting.
The maximum time in seconds to wait for a connection attempt to succeed before returning failure. Note that if max_execution_time has been exceeded when a connection attempt times out, your script will be terminated before it can take action on failure. The default is one minute.
The maximum time in seconds to wait for a select_db or query operation to succeed before returning failure. Note that if max_execution_time has been exceeded when am operation times out, your script will be terminated before it can take action on failure. The default is no limit.
The name of the host you claim to be connecting from, for display by sp_who. The default is none.
Whether to allow persistent Informix connections.
The maximum number of persistent Informix connections per process.
The maximum number of Informix connections per process, including persistent connections.
The default host to connect to when no host is specified in ifx_connect() or ifx_pconnect().
The default user id to use when none is specified in ifx_connect() or ifx_pconnect().
The default password to use when none is specified in ifx_connect() or ifx_pconnect().
Set to true if you want to return blob columns in a file, false if you want them in memory. You can override the setting at runtime with ifx_blobinfile_mode().
Set to true if you want to return TEXT columns as normal strings in select statements, false if you want to use blob id parameters. You can override the setting at runtime with ifx_textasvarchar().
Set to true if you want to return BYTE columns as normal strings in select queries, false if you want to use blob id parameters. You can override the setting at runtime with ifx_textasvarchar().
Set to true if you want to trim trailing spaces from CHAR columns when fetching them.
Set to true if you want to return NULL columns as the literal string "NULL", false if you want them returned as the empty string "". You can override this setting at runtime with ifx_nullformat().
Number of decimal digits for all bcmath functions.
ODBC data source to use if none is specified in odbc_connect() or odbc_pconnect().
User name to use if none is specified in odbc_connect() or odbc_pconnect().
Password to use if none is specified in odbc_connect() or odbc_pconnect().
Whether to allow persistent ODBC connections.
The maximum number of persistent ODBC connections per process.
The maximum number of ODBC connections per process, including persistent connections.
PHP is a powerful language and the interpreter, whether included in a web server as a module or executed as a separate CGI binary, is able to access files, execute commands and open network connections on the server. These properties make anything run on a web server insecure by default. PHP is designed specifically to be a more secure language for writing CGI programs than Perl or C, and with correct selection of compile-time and runtime configuration options it gives you exactly the combination of freedom and security you need.
As there are many different ways of utilizing PHP, there are many configuration options controlling its behaviour. A large selection of options guarantees you can use PHP for a lot of purposes, but it also means there are combinations of these options and server configurations that result in an insecure setup. This chapter explains the different configuration option combinations and the situations they can be safely used.
Using PHP as a CGI binary is an option for setups that for some reason do not wish to integrate PHP as a module into server software (like Apache), or will use PHP with different kinds of CGI wrappers to create safe chroot and setuid environments for scripts. This setup usually involves installing executable PHP binary to the web server cgi-bin directory. CERT advisory CA-96.11 recommends agains placing any interpreters into cgi-bin. Even if the PHP binary can be used as a standalone interpreter, PHP is designed to prevent the attacks this setup makes possible:
Accessing system files: http://my.host/cgi-bin/php?/etc/passwd
The query information in an url after the question mark (?) is passed as command line arguments to the interpreter by the CGI interface. Usually interpreters open and execute the file specified as the first argument on the command line.
When invoked as a CGI binary, PHP refuses to interpret the command line arguments.
Accessing any web document on server: http://my.host/cgi-bin/php/secret/doc.html
The path information part of the url after the PHP binary name, /secret/doc.html is conventionally used to specify the name of the file to be opened and interpreted by the CGI program. Usually some web server configuration directives (Apache: Action) are used to redirect requests to documents like http://my.host/secret/script.php3 to the PHP interpreter. With this setup, the web server first checks the access permissions to the directory /secret, and after that creates the redirected request http://my.host/cgi-bin/php/secret/script.php3. Unfortunately, if the request is originally given in this form, no access checks are made by web server for file /secret/script.php3, but only for the /cgi-bin/php file. This way any user able to access /cgi-bin/php is able to access any protected document on the web server.
In PHP, compile-time configuration option --enable-force-cgi-redirect and runtime configuration directives doc_root and user_dir can be used to prevent this attack, if the server document tree has any directories with access restrictions. See below for full explanation of different combinations.
If your server does not have any content that is not restricted by password or ip based access control, there is no need for these configuration options. If your web server does not allow you to do redirects, or the server does not have a way to communicate with the PHP binary that the request is a safely redirected request, you can specify the option --disable-force-cgi-redirect to the configure script. You still have to make sure your PHP scripts do not rely on one or another way of calling the script, neither by directly http://my.host/cgi-bin/php/dir/script.php3 nor by redirection http://my.host/dir/script.php3.
Redirection can be configured in Apache by using AddHandler and Action directives (see below).
This compile-time option prevents anyone from calling PHP directly with a url like http://my.host/cgi-bin/php/secretdir/script.php3. Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.
Usually the redirection in the Apache configuration is done with the following directives:
Action php3-script /cgi-bin/php AddHandler php3-script .php3
This option has only been tested with the Apache web server, and relies on Apache to set the non-standard CGI environment variable REDIRECT_STATUS on redirected requests. If your web server does not support any way of telling if the request is direct or redirected, you cannot use this option and you must use one of the other ways of running the CGI version documented here.
To include active content, like scripts and executables, in the web server document directories is sometimes consider an insecure practice. If for some configuration mistake the scripts are not executed but displayed as usual HTML documents, this may result in leakage of intellectual property or security information like passwords. Therefore many sysadmins will prefer setting up another directory structure for scripts that is only accessible through the PHP CGI, and therefore always interpreted and not displayed as such.
Also if the method for making sure the requests are not redirected, as described in the previous section, is not available, it is necessary to set up a script doc_root that is different from web document root.
You can set the PHP script document root by the configuration directive doc_root in the configuration file, or you can set the environment variable PHP_DOCUMENT_ROOT. If it is set, the CGI version of PHP will always construct the file name to open with this doc_root and the path information in the request, so you can be sure no script is executed outside this directory (except for user_dir below).
Another option usable here is user_dir. When user_dir is unset, only thing controlling the opened file name is doc_root. Opening an url like http://my.host/~user/doc.php3 does not result in opening a file under users home directory, but a file called ~user/doc.php3 under doc_root (yes, a directory name starting with a tilde [~]).
If user_dir is set to for example public_php, a request like http://my.host/~user/doc.php3 will open a file called doc.php3 under the directory named public_php under the home directory of the user. If the home of the user is /home/user, the file executed is /home/user/public_php/doc.php3.
user_dir expansion happens regardless of the doc_root setting, so you can control the document root and user directory access separately.
A very secure option is to put the PHP parser binary somewhere outside of the web tree of files. In /usr/local/bin, for example. The only real downside to this option is that you will now have to put a line similar to:
#!/usr/local/bin/php
To get PHP to handle PATH_INFO and PATH_TRANSLATED information correctly with this setup, the php parser should be compiled with the --enable-discard-path configure option.
When PHP is used as an Apache module it inherits Apache's user permissions (typically those of the "nobody" user).
There are four ways of escaping from HTML and entering "PHP code mode":
Example 5-1. Ways of escaping from HTML 1. <? echo ("this is the simplest, an SGML processing instruction\n"); ?>
2. <?php echo("if you want to serve XML documents, do like this\n"); ?>
3. <script language="php">
echo ("some editors (like FrontPage) don't
like processing instructions");
</script>
4. <% echo ("You may optionally use ASP-style tags"); %>
<%= $variable; # This is a shortcut for "<%echo .." %>
|
The first way is only available if short tags have been enabled (either by calling short_tags(), they are configured on using the short_tags run-time configuration setting, or they are enabled using the --enable-short-tags compile-time configuration setting.
The fourth way is only available if ASP-style tags have been enabled using either the asp_tags configuration setting or the --enable-asp-tags compile-time configuration setting.
Note: Support for ASP-style tags was added in 3.0.4.
The closing "bracket" for the block will include the immediately trailing newline if one is present.
Instructions are separated the same as in C or perl - terminate each statement with a semicolon.
The closing tag (?>) also implies the end of the statement, so the following are equivalent:
<?php
echo "This is a test";
?>
<?php echo "This is a test" ?>
PHP supports 'C', 'C++' and Unix shell-style comments. For example:
<?php
echo "This is a test"; // This is a one-line c++ style comment
/* This is a multi line comment
yet another line of comment */
echo "This is yet another test";
echo "One Final Test"; # This is shell-style style comment
?>
The "one-line" comment styles actually only comment to the end of the line or the current block of PHP code, whichever comes first.
<h1>This is an <?# echo "simple";?> example.</h1> <p>The header above will say 'This is an example'.
You should be careful not to nest 'C' style comments, which can happen when commenting out large blocks.
<?php
/*
echo "This is a test"; /* This comment will cause a problem */
*/
?>
PHP supports the following types:
The type of a variable is usually not set by the programmer; rather, it is decided at runtime by PHP depending on the context in which that variable is used.
If you would like to force a variable to be converted to a certain type, you may either cast the variable or use the settype() function on it.
Note that a variable may behave in different manners in certain situations, depending on what type it is a the time. For more information, see the section on Type Juggling.
Integers can be specified using any of the following syntaxes:
$a = 1234; # decimal number $a = -123; # a negative number $a = 0123; # octal number (equivalent to 83 decimal) $a = 0x12; # hexadecimal number (equivalent to 18 decimal)
Floating point numbers ("doubles") can be specified using any of the following syntaxes:
$a = 1.234; $a = 1.2e3;
Strings can be specified using one of two sets of delimiters.
If the string is enclosed in double-quotes ("), variables within the string will be expanded (subject to some parsing limitations). As in C and Perl, the backslash ("\") character can be used in specifying special characters:
Table 6-1. Escaped characters
| sequence | meaning |
|---|---|
| \n | newline |
| \r | carriage |
| \t | horizontal tab |
| \\ | backslash |
| \$ | dollar sign |
| \" | double-quote |
You can escape any other character, but a warning will be issued at the highest warning level.
The second way to delimit a string uses the single-quote ("'") character, which does not do any variable expansion or backslash processing (except for "\\" and "\'" so you can insert backslashes and single-quotes in a singly-quoted string).
When a string is evaluated as a numeric value, the resulting value and type are determined as follows.
The string will evaluate as a double if it contains any of the characters '.', 'e', or 'E'. Otherwise, it will evaluate as an integer.
The value is given by the initial portion of the string. If the string starts with valid numeric data, this will be the value used. Otherwise, the value will be 0 (zero). Valid numeric data is an optional sign, followed by one or more digits (optionally containing a decimal point), followed by an optional exponent. The exponent is an 'e' or 'E' followed by one or more digits.
When the first expression is a string, the type of the variable will depend on the second expression.
$foo = 1 + "10.5"; // $foo is double (11.5)
$foo = 1 + "-1.3e3"; // $foo is double (-1299)
$foo = 1 + "bob-1.3e3"; // $foo is integer (1)
$foo = 1 + "bob3"; // $foo is integer (1)
$foo = 1 + "10 Small Pigs"; // $foo is integer (11)
$foo = 1 + "10 Little Piggies"; // $foo is integer (11)
$foo = "10.0 pigs " + 1; // $foo is integer (11)
$foo = "10.0 pigs " + 1.0; // $foo is double (11)
For more information on this conversion, see the Unix manual page for strtod(3).
Arrays actually act like both hash tables (associative arrays) and indexed arrays (vectors).
PHP supports both scalar and associative arrays. In fact, there is no difference between the two. You can create an array using the list() or array() functions, or you can explicitly set each array element value.
$a[0] = "abc";
$a[1] = "def";
$b["foo"] = 13;
You can also create an array by simply adding values to the array.
$a[] = "hello"; // $a[2] == "hello"
$a[] = "world"; // $a[3] == "world"
Arrays may be sorted using the asort(), arsort(), ksort(), rsort(), sort(), uasort(), usort(), and uksort() functions depending on the type of sort you want.
You can count the number of items in an array using the count() function.
You can traverse an array using next() and prev() functions. Another common way to traverse an array is to use the each() function.
Multi-dimensional arrays are actually pretty simple. For each dimension of the array, you add another [key] value to the end:
$a[1] = $f; # one dimensional examples
$a["foo"] = $f;
$a[1][0] = $f; # two dimensional
$a["foo"][2] = $f; # (you can mix numeric and associative indices)
$a[3]["bar"] = $f; # (you can mix numeric and associative indices)
$a["foo"][4]["bar"][0] = $f; # four dimensional!
You can "fill up" multi-dimensional arrays in many ways, but the trickiest one to understand is how to use the array() command for associative arrays. These two snippets of code fill up the one-dimensional array in the same way:
# Example 1:
$a["color"] = "red";
$a["taste"] = "sweet";
$a["shape"] = "round";
$a["name"] = "apple";
$a[3] = 4;
# Example 2:
$a = array(
"color" => "red",
"taste" => "sweet",
"shape" => "round",
"name" => "apple",
3 => 4
);
The array() function can be nested for multi-dimensional arrays:
<?
$a = array(
"apple" => array(
"color" => "red",
"taste" => "sweet",
"shape" => "round"
),
"orange" => array(
"color" => "orange",
"taste" => "sweet",
"shape" => "round"
),
"banana" => array(
"color" => "yellow",
"taste" => "paste-y",
"shape" => "banana-shaped"
)
);
echo $a["apple"]["taste"]; # will output "sweet"
?>
To initialize an object, you use the new statement to instantiate the object to a variable.
class foo {
function do_foo () {
echo "Doing foo.";
}
}
$bar = new foo;
$bar -> do_foo ();
PHP does not require (or support) explicit type definition in variable declaration; a variable's type is determined by the context in which that variable is used. That is to say, if you assign a string value to variable var, var becomes a string. If you then assign an integer value to var, it becomes an integer.
An example of PHP's automatic type conversion is the addition operator '+'. If any of the operands is a double, then all operands are evaluated as doubles, and the result will be a double. Otherwise, the operands will be interpreted as integers, and the result will also be an integer. Note that this does NOT change the types of the operands themselves; the only change is in how the operands are evaluated.
$foo = "0"; // $foo is string (ASCII 48)
$foo++; // $foo is the string "1" (ASCII 49)
$foo += 1; // $foo is now an integer (2)
$foo = $foo + 1.3; // $foo is now a double (3.3)
$foo = 5 + "10 Little Piggies"; // $foo is integer (15)
$foo = 5 + "10 Small Pigs"; // $foo is integer (15)
If the last two examples above seem odd, see String conversion.
If you wish to force a variable to be evaluated as a certain type, see the section on Type casting. If you wish to change the type of a variable, see settype().
Type casting in PHP works much as it does in C: the name of the desired type is written in parentheses before the variable which is to be cast.
$foo = 10; // $foo is an integer
$bar = (double) $foo; // $bar is a double
The casts allowed are:
(int), (integer) - cast to integer
(real), (double), (float) - cast to double
(string) - cast to string
(array) - cast to array
(object) - cast to object
Note that tabs and spaces are allowed inside the parentheses, so the following are functionally equivalent:
$foo = (int) $bar;
$foo = ( int ) $bar;
The scope of a variable is the context within which it is defined. For the most part all PHP variables only have a single scope. However, within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope. For example:
$a = 1; /* global scope */
Function Test () {
echo $a; /* reference to local scope variable */
}
Test ();
This script will not produce any output because the echo statement refers to a local version of the $a variable, and it has not been assigned a value within this scope. You may notice that this is a little bit different from the C language in that global variables in C are automatically available to functions unless specifically overridden by a local definition. This can cause some problems in that people may inadvertently change a global variable. In PHP global variables must be declared global inside a function if they are going to be used in that function. An example:
$a = 1;
$b = 2;
Function Sum () {
global $a, $b;
$b = $a + $b;
}
Sum ();
echo $b;
The above script will output "3". By declaring $a and $b global within the function, all references to either variable will refer to the global version. There is no limit to the number of global variables that can be manipulated by a function.
A second way to access variables from the global scope is to use the special PHP-defined $GLOBALS array. The previous example can be rewritten as:
$a = 1;
$b = 2;
Function Sum () {
$GLOBALS["b"] = $GLOBALS["a"] + $GLOBALS["b"];
}
Sum ();
echo $b;
The $GLOBALS array is an associative array with the name of the global variable being the key and the contents of that variable being the value of the array element.
Another important feature of variable scoping is the static variable. A static variable exists only in a local function scope, but it does not lose its value when program execution leaves this scope. Consider the following example:
Function Test () {
$a = 0;
echo $a;
$a++;
}
This function is quite useless since every time it is called it sets $a to 0 and prints "0". The $a++ which increments the variable serves no purpose since as soon as the function exits the $a variable disappears. To make a useful counting function which will not lose track of the current count, the $a variable is declared static:
Function Test () {
static $a = 0;
echo $a;
$a++;
}
Now, every time the Test() function is called it will print the value of $a and increment it.
Static variables are also essential when functions are called recursively. A recursive function is one which calls itself. Care must be taken when writing a recursive function because it is possible to make it recurse indefinitely. You must make sure you have an adequate way of terminating the recursion. The following simple function recursively counts to 10:
Function Test () {
static $count = 0;
$count++;
echo $count;
if ($count < 10) {
Test ();
}
$count--;
}
Sometimes it is convenient to be able to have variable variable names. That is, a variable name which can be set and used dynamically. A normal variable is set with a statement such as:
$a = "hello";
A variable variable takes the value of a variable and treats that as the name of a variable. In the above example, hello, can be used as the name of a variable by using two dollar signs. ie.
$$a = "world";
At this point two variables have been defined and stored in the PHP symbol tree: $a with contents "hello" and $hello with contents "world". Therefore, this statement:
echo "$a ${$a}";
produces the exact same output as:
echo "$a $hello";
ie. they both produce: hello world.
In order to use variable variables with arrays, you have to resolve an ambiguity problem. That is, if you write $$a[1] then the parser needs to know if you meant to use $a[1] as a variable, or if you wanted $$a as the variable and then the [1] index from that variable. The syntax for resolving this ambiguity is: ${$a[1]} for the first case and ${$a}[1] for the second.
When a form is submitted to a PHP script, any variables from that form will be automatically made available to the script by PHP. For instance, consider the following form:
Example 7-1. Simple form variable <form action="foo.php3" method="post">
Name: <input type="text" name="name"><br>
<input type="submit">
</form>
|
When submitted, PHP will create the variable $name, which will will contain whatever what entered into the Name: field on the form.
PHP also understands arrays in the context of form variables, but only in one dimension. You may, for example, group related variables together, or use this feature to retrieve values from a multiple select input:
Example 7-2. More complex form variables <form action="array.php" method="post">
Name: <input type="text" name="personal[name]"><br>
Email: <input type="text" name="personal[email]"><br>
Beer: <br>
<select multiple name="beer[]">
<option value="warthog">Warthog
<option value="guinness">Guinness
</select>
<input type="submit">
</form>
|
If PHP's track_vars feature is turned on, either by the track_vars configuration setting or the <?php_track_vars?> directive, then variables submitted via the POST or GET methods will also be found in the global associative arrays $HTTP_POST_VARS and $HTTP_GET_VARS as appropriate.
When submitting a form, it is possible to use an image instead of the standard submit button with a tag like:
<input type=image src="image.gif" name="sub">
When the user clicks somewhere on the image, the accompanying form will be transmitted to the server with two additional variables, sub_x and sub_y. These contain the coordinates of the user click within the image. The experienced may note that the actual variable names sent by the browser contains a period rather than an underscore, but PHP converts the period to an underscore automatically.
PHP transparently supports HTTP cookies as defined by Netscape's Spec. Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users. You can set cookies using the SetCookie() function. Cookies are part of the HTTP header, so the SetCookie function must be called before any output is sent to the browser. This is the same restriction as for the Header() function. Any cookies sent to you from the client will automatically be turned into a PHP variable just like GET and POST method data.
If you wish to assign multiple values to a single cookie, just add [] to the cookie name. For example:
SetCookie ("MyCookie[]", "Testing", time()+3600);
Note that a cookie will replace a previous cookie by the same name in your browser unless the path or domain is different. So, for a shopping cart application you may want to keep a counter and pass this along. i.e.
Example 7-3. SetCookie Example $Count++;
SetCookie ("Count", $Count, time()+3600);
SetCookie ("Cart[$Count]", $item, time()+3600);
|
PHP automatically makes environment variables available as normal PHP variables.
echo $HOME; /* Shows the HOME environment variable, if set. */
Since information coming in via