loading...

PHP Functions every beginner should know.

riversiderocks profile image RiversideRocks ・2 min read

PHP is one of the most popular languages for building websites. In fact, you probably used it today if you visited a Wordpress site or Facebook.

Here are a few useful built in PHP functions every developer should use more often.

1 - htmlspecialchars

The htmlspecialchars function is better than than using only using echo for one main reason: it prevents XSS. For example:

<?php

echo htmlspecialchars("<script>console.log('XSS!');<script>");

Output:

&lt;script&gt;console.log('XSS!');&lt;script&gt;gt;

2 - exec

This function allows you to run code on the command prompt or terminal, depending what OS you use to host/test. While this function is a bit more advanced, it is very useful. Example:

<?php

exec("mkdir files");

Upon running this code, a folder will be created called files. This is a very powerful command, and user input NEVER be allowed in this function.

3 - header

HTTP headers are very useful online, they tell your browser what to do when a website is loaded. You can use PHP to set headers in seconds. This code will set the 302 Found header, creating a redirect to riverside.rocks:

<?php
header("Location: https://riverside.rocks");
die();

Upon viewing this with cURL, we can see it worked.
Alt Text

Note: The die() function is used to end the code, it is not necessary, but good to use to ensure no more code is executed after the redirect.

This is an example of a 404:

<?php
header("HTTP/1.1 404 Not Found");

4 - file_get_contents

This function retrieves the HTML contents of a website. If you ever work with APIs in PHP, you will have to use this function quite a bit. This example gets and echos the HTML contents of riverside.rocks:

<?php
echo file_get_contents("https://riverside.rocks");

I hope you enjoyed reading and keep coding!

~ Riverside Rocks

Posted on by:

Discussion

pic
Editor guide
 

There are lots of array and string functions. Who definitely helps beginners like:
Array methods:

  1. count();
  2. Impolde();
  3. explode();
  4. sizeof();
  5. sort();
  6. array_count_values();
  7. array_keys(); etc... String methods:
  8. strlen();
  9. strtoupper();
  10. strtolower();
  11. trim();
  12. strstr();
 

... and all the mb_* versions of string functions. You might not even know you're deling with an encoding with multi-byte characters. Basically, if the normal string functions return wrong or strange results, try adding the mb_ in front of them.

 

Some additions:
Avoid exec if possible! A great many use-cases have dedicated native wrappers for system calls (e.g. mkdir). Very rarely will you be forced to actually execute shell commands, and when you are, you'll have to struggle with the output of that shell call as well.

file_get_contents for HTTP requests is also best discouraged. It's great for local disk, but ext-curl provides a much better wrapper around curl.

 

I had completely forgotten about htmlspecialchars(), would have saved me a lot of time had I read this yesterday morning :D

 

The yet another function about preventing XSS is htmlentities() :).

 

What a beginner should know is how to search effectively the documentation / on Google.

 

And how to use Stackoverflow

 

You can use PHP for CLI applications too.

I always start with the official docs. php.net/manual/en/features.command... You can write php scripts and run them like php myfile.php with arguments, options etc.

 

No. Don't try that at home.

 

If you use windows, download XAMPP:
apachefriends.org/index.html

If you use Linux, download Apache:
sudo apt-get install apache2

 

You can set up local server