CS 328 - Week 7 Lecture 2 - 2016-03-02
* PHP intro, continued!
* supports 4 scalar data types:
* integer
* float
* string
* boolean
* also two non-scalar data types:
* arrays
* objects
* ++ -- are like C++
* what is = ? assignment, just like C++
== is value comparison -
true if its operands have the same value,
(BUT not necessarily the same type)
=== is also comparison, but value-AND-type comparison -
true if its operands have
the same value AND the same type
there are also !== != for not-equal
* != true if values are different (not caring about type)
* !== true if values *or* types are different
* while looking up stuff after class in the PHP manual,
confirmed: yup, there are indeed numerous cast
options in PHP...
* booleans: TRUE FALSE
* confirmed after class using the PHP manual--
the two boolean literals in
PHP are indeed TRUE and FALSE,
BUT!! "Both are case insensitive" !!
* I find it interesting that, that said, this manual
section:
http://php.net/manual/en/language.types.boolean.php
...nevertheless uses TRUE and FALSE except for
the *one* example demo'ing its being
not-case-sensitive;
* I'll be trying to remember to use
TRUE and FALSE, then, in
class examples
* (and, many values are treated booleanishly
in a boolean context...)
* you can have PHP functions
function <funct_name> ( <param>, <param>, ...)
{
statement;
...
/* returning a value is optional */
/* either of the following is allowed:
(or you might not have any return...) */
return;
return <expr>;
}
* interacting with FORMS...
* consider:
what if the action attribute's value of a form element
happens to be the URL of a .php file?
when the web server hands this over to the
PHP Preprocessor,
that PHP page also has available to it
several superglobal associative arrays
* their names are written in all-uppercase
* their names (after the $) start with an
underscore
* associative arrays? indexed by a key that
doesn't have to be a number...
* two of these are
$_GET
$_POST
* is form's method="get"?
* then $_GET contains the name=value pairs from
the submitted form such that
the name is the array key, and the value is
the value in the $_GET array for that key
* is form's method="post"?
* then $_POST contains the name=value pairs from
the submitted form such that
the name is the array key, and the value is
the value in the $_POST array for that key
* for example:
<form method="get"
action="something.php" >
<input type="text" name="info" />
<input type="submit />
</form>
* then, when this form is submitted,
within something.php,
$_GET["info"]
...would contain whatever the user
had typed in the textfield with name="info"
when this form was submitted
* DO YOU SEE that you had better be CAREFUL with
whatever is in the $_GET or $_POST arrays?!
* you don't know WHAT the user might've put in there!!
* better somehow CHECK it or SANITIZE it before
you USE it!!!!
* there are application-tier tools for this --
for example, PHP provides functions such as:
strip_tags - expects a string, returns that string
with any tags removed
htmlspecialchars - expects a string, returns that string
with any characters considered special in
HTML replaced with
non-executable, non-special display-only
versions of those characters
(for example, replaces < with <)
htmlentities - similar to htmlspecialchars, but
goes further, replacing ALL characters
that have HTML character entity equivalents
with those equivalents