Outline

• Variable Scope in PHP Functions
• Pattern Matching
• Quiz
• Super Globals
• Example of form processing
• PHP file functions

Variable Scope

• Last Wednesday, we were looking at how functions are defined in PHP.
• We start today by looking at variable scope with regard to functions.
• The default scope of a variable in PHP is only within the function that it is used. That is local scope:

  $bob = 5;
  function test()
  { 
     $bob = 6; 
     echo $bob; //echo's 6
  }
  test();
  echo $bob; //echo's 5
  

• In order to access global variables within a local function one would need to use the global declaration:

  $bob = 5;
  function test()
  {
     global $bob; # if did not do bob would be NULL 
  
     echo $bob; 
  }
  test();
  

  PHP also supports static local variables. These preserve states between function calls:

  function addone() {
      static $count =0; echo $count++;
  }
  

Pattern Matching

• PHP supports Perl-style regular expression and POSIX regular expressions. For example,

  $fruits = preg_split("/\s+/", "apples oranges   banana");
  //notice the extra spaces between oranges and banana.
  

  would split on one or more white space characters. So in this case, $fruits = ['apples', 'oranges', 'banana'].
• There are also functions

  int preg_match ( string $pattern , string $subject [, array &$matches 
      [, int $flags = 0 [, int $offset = 0 ]]] )
  
  int preg_match_all ( string $pattern , string $subject [, array &$matches 
      [, int $flags = PREG_PATTERN_ORDER [, int $offset = 0 ]]] )
  

  that let you find matches to regular expressions. In the above, [] arguments are optional. preg_match returns 1 (if pattern found), 0 otherwise. preg_match_all returns the number of matches or false if the pattern is not found. If a variable $matches is supplied to the function call, then it will be populated with either the first match found in preg_match case, or all matches in preg_match_all case. $flags controls the format of how $matches will be populated, and $offset says at what character to begin the search in $subject.
• There is a preg_replace($pattern, $replacement, $subject) function that let's you substitute regex $pattern matches with a string $replacement of your choice.

Types of web forms

• Recall a basic web form looks like:

  <form method="get" action="script.php">
     <input type="text" name="my_textfield" 
         size="10" />
     <input type="hidden" name="secret_data"
        value="do not peak" />
     <input type="submit" name="sendform"
        value="Send this Form" />
  </form>
  

• The method can be get or post.
• The get method sends the fields as urlencoded name=value pairs appended to the URL:

  script.php?my_textfield=hello&secret_data=do%20not%20peak&sendform=Send%20this%20Form
  

• Post variables are sent as part of the content of an HTTP POST command (you won't see this in URL bar)
• File upload forms must use post and in addition must set an encoding type:

  <form method="post" action="script.php" enctype="multipart/form-data">
  <input type="file" name="my_file" />...</form>
  

Built-in Super Globals

• PHP makes available several important global variables which are useful for server side scripts, and in particular, global variables which make it easy to process form data.
• Unlike normal global variables these variables are always visible even within the scope of a function where they have not marked as global. Hence, these variables are so-called superglobals.
• The phpinfo() function can be used to find out all of these superglobals.
• Here are some of the main ones:

  $_SERVER

  an array of information about the server like $_SERVER["SERVER_NAME"], $_SERVER ["DOCUMENT_ROOT"], $_SERVER ["QUERY_STRING"], etc

  $_ENV

  an array of info about the runtime environment: $_ENV["PATH"], $_ENV["PWD"], etc.

  $_REQUEST

  an array of the variables that have been get'd or post's from forms. So if $_SERVER["QUERY_STRING"] was hi=there&hi2=there2 would have $_REQUEST["hi"] == "there" and $_REQUEST["hi2"]="there2";

  $_GET

  like $_REQUEST but only for get'd variables

  $_POST

  like $_REQUEST but for post'd variables

• PHP can be configured with register_globals = On, in which case the variable $hi would be a global with value "there". This is a bit risky security-wise.

File Reading

• Since PHP is a server side technology it is allowed to create, read, and write files on the server's filesystem.
• To open a file for reading one can do:

  $file_handle = fopen("my.dat", "r"); 
  $file_string = fread($file_handle, filesize("my.dat"));
  fclose($file_handle);
  

  Here fread reads in its second parameter many bytes.
• To read in a single line from a file one can use:

  $line = fgets($file_handle, $max_num_bytes_line);
  

• Alternatively, one can read the whole file in as a string using a single command like:

  $string = file_get_contents("my.dat");
  

• Similarly, sometimes it is useful to read in the whole file as an array of lines:

  $lines = file("my.dat"); 
  

File Writing

• File writing can be done in a similar fashion to file reading in PHP.

  $fileHandle = fopen("my.dat", "w");  // use "a" for append
  fwrite($fileHandle, $out_data);
  fclose($fileHandle);
  

• One can also write out a whole file based on a string using:

  file_put_contents("out.dat", $str);
  

Quiz

Which of the following statements is true?

1. To cycle through the elements of an array in PHP you should use a for-in loop.
2. By default, all variables in PHP function calls are pass-by-reference.
3. Variable interpolation can occur with double quoted string literals in PHP.

Form Processing and File Functions Example

<?php
/**
 * simple_blog.php
 * This program is used to maintain a simple web blog. It has two
 * pages a landing page, where people can add new blog posts as
 * well as see a list of previous posts and an entry page where
 * people can read an old post 
 */
/**
 * Specify location of file containing all the blog posts
 */
define("BLOG_FILE", "blog.txt");
// Determine which activity to perform and call it
$activity = (isset($_REQUEST['a']) && in_array($_REQUEST['a'], [
    "main", "entry"])) ? $_REQUEST['a'] . "Controller" : "mainController";
$activity();
/**
 * Used to process perform activities realated to the blog landing page
 */
function mainController()
{
    $data["BLOG_ENTRIES"] = getBlogEntries();
    $data["BLOG_ENTRIES"] = processNewBlogEntries($data["BLOG_ENTRIES"]);
    // maybe in the future could modify so also support RSS out
    $layout = (isset($_REQUEST['f']) && in_array($_REQUEST['f'], [
        "html"])) ? $_REQUEST['f'] . "Layout" : "htmlLayout";
    $layout($data, "landingView");
}
/**
 * Used to get an array of all the blog entries currently stored on disk.
 *
 * @return array blog entries [ title1 => post1, title2 => post2 ...] if 
 *   file exists and unserializable, [] otherwise
 */
function getBlogEntries()
{
    if (file_exists(BLOG_FILE)) {
        $entries = unserialize(file_get_contents(BLOG_FILE));
        if ($entries) {
            return $entries;
        }
    }
    return [];
}
/**
 * Determines if a new blog post was sent from landing form. If so,
 * adds the new post, to the end of a current list of posts, and saves the
 * serialized result to BLOG_FILE
 *
 * @param array $entries an array of current blog entries:
 *  blog entries [ title1 =>post1, title2 => post2 ...]
 * @return array blog entries (updated) [ title1 => post1, title2 => post2 ...]
 *  if file exists and unserializable, [] otherwise
 */
function processNewBlogEntries($entries)
{
    $title = (isset($_REQUEST['title'])) ?
        filter_var($_REQUEST['title'], FILTER_SANITIZE_STRING) : "";
    $post = (isset($_REQUEST['post'])) ?
        filter_var($_REQUEST['post'], FILTER_SANITIZE_STRING) : "";
    if ($title == "" || $post == "") {
        return $entries;
    }
    $entries = array_merge([$title => $post], $entries);
    file_put_contents(BLOG_FILE, serialize($entries));
    return $entries;
}
/**
 * Used to set up and then display the view corresponding to a single blog
 * post.
 */
function entryController()
{
    $data["TITLE"] = (isset($_REQUEST['title'])) ? 
        filter_var($_REQUEST['title'], FILTER_SANITIZE_STRING) : "";
    $entries = getBlogEntries();
    if (!isset($entries[$data["TITLE"]])) {
        mainController();
        return;
    }
    $data["POST"] = $entries[$data["TITLE"]];
    $layout = (isset($_REQUEST['f']) && in_array($_REQUEST['f'], [
        "html"])) ? $_REQUEST['f'] . "Layout" : "htmlLayout";
    $layout($data, "entryView");
}
/**
 * Used to output the top and bottom boilerplate of a Web page. Within
 * the body of the document the passed $view is draw
 *
 * @param array $data an associative array of field variables which might
 *  be echo'd by either this layout in the title, or by the view that is
 *  draw in the body
 * @param string $view name of view function to call to draw body of web page
 */
function htmlLayout($data, $view)
{
    ?><!DOCTYPE html>
<html>
    <head><title>Simple Blog <?php if (!empty($data['TITLE'])) {
        echo ":" . $data['TITLE'];
    } ?></title></head>
    <body>
    <?php
    $view($data);
    ?>
    </body>
</html><?php
}
/**
 * Used to draw the main landing page with blog form on it as well as previous
 * blog posts
 *
 * @param array $data an associative array of field variables which might
 *  be echo'd by this function. In this case, we will use $data["BLOG_ENTRIES"]
 *  to output old blog entries
 */
function landingView($data)
{
    ?>
    <h1><a href="simple_blog.php">Simple Blog</a></h1>
    <h2>New Blog Entry</h2>
    <form>
    <div>
    <label for='post-title'>Title</label>:
    <input id='post-title' name="title" placeholder="Post Title" type="text" />
    </div>
    <div>
    <label for='post-body'>Post</label>:<br />
    <textarea id='post-body' name="post" rows="30" cols="80"
    placeholder="Type your blog post here" ></textarea>
    </div>
    <div>
    <button>Save</button>
    </div>
    </form>
    <h2>Previous Entries</h2>
    <?php
    if (!empty($data["BLOG_ENTRIES"])) {
        foreach ($data["BLOG_ENTRIES"] as $title => $post) {
            ?><div><a href="simple_blog.php?a=entry&title=<?=urlencode($title)
            ?>"><?=$title ?></a></div><?php
        }
    }
}
/**
 * Used to output to the browser an individual blog entry
 *
 * @param array $data an associative array of field variables which might
 *  be echo'd by this function. In this case, we will use $data["TITLE"]
 *  and $data['POST'] which contain the blog post
 */
function entryView($data)
{
    ?>
    <h1><a href="simple_blog.php">Simple Blog</a> : <?=$data['TITLE'] ?></h1>
    <h2><?=$data['TITLE'] ?></h2>
    <div><?=$data['POST'] ?>
    </div>
    <?php
}

Remarks on Code

• We only use copy mode only in functions
• We have phpdocs on each function call.
• We use variable function calls like $layout($data, "landingView"). The function called depends on the value of $layout.
• We are using serialize and unserialize to switch array to strings and back.
• We use filter_var to try to make sure data sent from forms is not bogus.

File Locking

• It is completely possible for two scripts to try to access the same file at the same time.
• To prevent this you should call the flock function to get a lock before you try to do something with a file:

  $fp = fopen("/tmp/my-data.txt", "w");
  if (flock($fp, LOCK_EX)) { 
     // do an exclusive/write lock. use LOCK_SH (for  shared/read lock)
     fwrite($fp, "Write something here\n");
     flock($fp, LOCK_UN); // release the lock
  } else {
     echo "Couldn't lock the file !";
  }
  fclose($fp);
  

  Locks are released when fclose() is called.

Permissions and Unix-like File Manipulation

• PHP supports several functions for manipulating files and directories:

  rename($oldname, $newname); //like Unix mv command, renames/moves a file
  copy($source, $dest); //copies a file, like Unix cp
  unlink($filename); // delete a file
  mkdir($path); // make a directory
  rmdir($path); // delete a directory
  link($target, $name); // create a link
  chmod($filename, $mode); // change file permissions
  chown($filename, $user); // change owner of a file or dir or link
  chgrp($filename, $group); //change group of a file or dir or link
  stat($filename); 
     //returns an array saying size, last access, last modified, etc.  for a file
  touch($filename [, int $time = time() [, int $atime ]]); 
     //sets modification/ access times of a file
  

Directory Handling in PHP

• You can read the contents of a directory (aka a folder) with the following PHP code:

  if(file_exists('/path/to/folder')) { //file_exists check if a file or dir exists
      $h = opendir('/path/to/folder'); //can use is_dir to check is something is a directory
      while (($item = readdir($h)) !== false) {
          $type = is_dir($item) ? "directory" : 
              (is_link($item) ? "link" : 
              "file");
          //there is also a is_file
          echo "$item is a $type\n";
      }
  }
  

• Alternatively, you can get an array of all file names whose path matches a file pattern using the glob command:

  $text_files = glob("/some_path/*.txt");
  foreach($text_files as $file_name) {
     //do something
  }