Reference Guide

Introduction to PHP & Server-Side Programming
PHP Syntax Basics
Variables, Data Types & Type Juggling
Operators
Control Structures
Functions
Arrays
Strings & String Functions
Forms & User Input (GET & POST)
Input Validation & Sanitization
File I/O
Sessions & Cookies
Object-Oriented PHP
Error Handling
Working with Dates & Times
PHP & the Web: Putting It All Together

1. Introduction to PHP & Server-Side Programming

What is Server-Side Programming?

Web applications use two sides of computing:

Client-Side

Server-Side

Runs in the user's browser

Runs on the web server

HTML, CSS, JavaScript

PHP, Python, Node.js, Ruby

User can see the source code

Source code is hidden from users

Handles UI/UX interactions

Handles logic, data, security

What is PHP?

PHP (PHP: Hypertext Preprocessor) is a widely-used, open-source, server-side scripting language embedded directly into HTML. When a browser requests a .php file, the server executes the PHP code and sends only the resulting HTML back to the client.

Key characteristics:

Free and open-source
Runs on most web servers (Apache, Nginx) and operating systems
Loosely typed (flexible with data types)
Enormous ecosystem of frameworks (Laravel, Symfony, WordPress)
Powers ~78% of all websites using a known server-side language

The Request-Response Cycle

Browser → HTTP Request → Web Server → PHP Engine → Executes PHP → HTML → Browser

User visits https://example.com/index.php
Server finds the .php file
PHP engine processes the script
Output (HTML) is sent back to the browser
Browser renders the HTML — the PHP code is never visible

Your First PHP File

<?php
// This is a PHP comment
echo "Hello, World!";
?>

A .php file can mix HTML and PHP freely:

<!DOCTYPE html>
<html>
<head>
    <title>My First PHP Page</title>
</head>
<body>
    <h1><?php echo "Welcome to PHP!"; ?></h1>
    <p>Today is: <?php echo date("l, F j, Y"); ?></p>
</body>
</html>

Output in browser:

Welcome to PHP!
Today is: Monday, February 23, 2026

2. PHP Syntax Basics

PHP Tags

PHP code must be enclosed in PHP tags. The standard form is:

<?php
    // your code here
?>

The short echo tag (if enabled on the server):

<?= "This is a shorthand echo" ?>

Best Practice: Always use the full <?php tag for maximum compatibility.

Statements and Semicolons

Every PHP statement must end with a semicolon (;). Forgetting this is one of the most common beginner errors.

<?php
echo "Line one";     // correct
echo "Line two";     // correct
echo "Line three"    // PARSE ERROR - missing semicolon
?>

Comments

<?php
// This is a single-line comment

# This is also a single-line comment (shell style)

/*
   This is a
   multi-line comment
*/

/**
 * This is a PHPDoc comment
 * Used to document functions and classes
 * @param string $name The user's name
 * @return string A greeting
 */
?>

`echo` vs `print`

Both output text to the browser, but they have subtle differences:

<?php
echo "Hello";          // outputs: Hello
echo "Hello", " World"; // echo can take multiple arguments

print "Hello";         // outputs: Hello
// print always returns 1 (can be used in expressions)
$result = print "Hi";  // $result = 1
?>

Rule of thumb: Use echo — it's slightly faster and more commonly used.

3. Variables, Data Types & Type Juggling

Variables

PHP variables always start with a dollar sign $:

<?php
$name = "Alice";
$age = 17;
$gpa = 3.95;
$isEnrolled = true;
?>

Variable naming rules:

Must start with $ followed by a letter or underscore
Can contain letters, numbers, underscores
Case-sensitive ($Name and $name are different)
Cannot contain spaces or special characters

Data Types

PHP has 8 primitive data types:

Scalar Types

<?php
// Integer
$count = 42;
$temperature = -15;
$hexValue = 0x1A;   // hexadecimal = 26

// Float (double)
$price = 9.99;
$pi = 3.14159;
$scientific = 1.5e3;  // 1500.0

// String
$firstName = "John";
$lastName = 'Doe';    // single or double quotes both work
$multiLine = "Line 1\nLine 2";  // \n = newline (only in double quotes)

// Boolean
$isLoggedIn = true;
$hasError = false;
?>

Compound Types

<?php
// Array
$colors = ["red", "green", "blue"];

// Object
class Car {
    public $make = "Toyota";
}
$myCar = new Car();
?>

Special Types

<?php
// NULL - a variable with no value
$nothing = null;
$undefined;  // also NULL if never assigned

// Resource - references to external resources (file handles, etc.)
$file = fopen("data.txt", "r");
?>

Type Juggling (Loose Typing)

PHP automatically converts types based on context — this is called type juggling or type coercion.

<?php
$num = 5;
$str = "10";

$result = $num + $str;  // PHP converts "10" to integer 10
echo $result;           // outputs: 15

$sum = "5 apples" + 3;  // PHP extracts the leading number
echo $sum;              // outputs: 8

$bool = true + true;    // true = 1, false = 0
echo $bool;             // outputs: 2
?>

Checking & Casting Types

<?php
$value = "42";

// Check type
echo gettype($value);      // string
var_dump($value);          // string(2) "42"

// is_ functions
echo is_string($value);    // 1 (true)
echo is_int($value);       // (empty = false)
echo is_numeric($value);   // 1 (true — it's a numeric string)

// Type casting
$asInt    = (int) $value;     // 42
$asFloat  = (float) $value;   // 42.0
$asBool   = (bool) $value;    // true
$asString = (string) 100;     // "100"

// settype()
$num = 3.7;
settype($num, "integer");
echo $num;  // 3 (truncated, not rounded)
?>

Constants

Constants are like variables but cannot be changed after definition:

<?php
define("MAX_STUDENTS", 30);
define("SCHOOL_NAME", "Lincoln High");

echo MAX_STUDENTS;   // 30
echo SCHOOL_NAME;    // Lincoln High

// PHP 7+ syntax using const keyword (outside functions/classes)
const PI = 3.14159;

// PHP has many built-in constants
echo PHP_VERSION;    // e.g., 8.2.0
echo PHP_EOL;        // end-of-line character
echo PHP_INT_MAX;    // largest integer
?>

4. Operators

Arithmetic Operators

<?php
$a = 10;
$b = 3;

echo $a + $b;   // 13 — Addition
echo $a - $b;   // 7  — Subtraction
echo $a * $b;   // 30 — Multiplication
echo $a / $b;   // 3.333... — Division
echo $a % $b;   // 1  — Modulus (remainder)
echo $a ** $b;  // 1000 — Exponentiation (PHP 5.6+)
?>

Assignment Operators

<?php
$x = 10;

$x += 5;   // $x = $x + 5  → 15
$x -= 3;   // $x = $x - 3  → 12
$x *= 2;   // $x = $x * 2  → 24
$x /= 4;   // $x = $x / 4  → 6
$x %= 4;   // $x = $x % 4  → 2
$x **= 3;  // $x = $x ** 3 → 8
?>

Comparison Operators

<?php
$a = 5;
$b = "5";

var_dump($a == $b);   // bool(true)  — equal value (type juggling)
var_dump($a === $b);  // bool(false) — equal value AND type (strict)
var_dump($a != $b);   // bool(false) — not equal
var_dump($a !== $b);  // bool(true)  — not identical

var_dump(10 > 5);     // bool(true)
var_dump(10 < 5);     // bool(false)
var_dump(10 >= 10);   // bool(true)
var_dump(10 <= 9);    // bool(false)

// Spaceship operator (PHP 7+)  returns -1, 0, or 1
echo (1 <=> 2);   // -1 (left is less)
echo (2 <=> 2);   //  0 (equal)
echo (3 <=> 2);   //  1 (left is greater)
?>

Important: Always prefer === over == to avoid unexpected type juggling bugs.

Logical Operators

<?php
$a = true;
$b = false;

var_dump($a && $b);   // false — AND
var_dump($a || $b);   // true  — OR
var_dump(!$a);        // false — NOT
var_dump($a and $b);  // false — AND (lower precedence)
var_dump($a or $b);   // true  — OR  (lower precedence)
var_dump($a xor $b);  // true  — XOR (one but not both)
?>

String Operators

<?php
$first = "Hello";
$last  = "World";

$full = $first . " " . $last;  // Concatenation: "Hello World"
$first .= "!";                  // Concatenation assignment: "Hello!"
?>

Increment/Decrement Operators

<?php
$i = 5;

echo $i++;  // 5  — Post-increment: returns then increments
echo $i;    // 6

echo ++$i;  // 7  — Pre-increment: increments then returns
echo $i;    // 7

echo $i--;  // 7  — Post-decrement
echo --$i;  // 5  — Pre-decrement
?>

Null Coalescing Operator (PHP 7+)

<?php
// Returns the first value if it exists and is not null; otherwise returns the second
$username = $_GET['user'] ?? "Guest";

// Chaining
$display = $_GET['name'] ?? $_SESSION['name'] ?? "Anonymous";
?>

Ternary Operator

<?php
$age = 17;

// Traditional ternary
$status = ($age >= 18) ? "Adult" : "Minor";
echo $status;  // Minor

// Shorthand ternary (Elvis operator) — returns left if truthy, otherwise right
$name = "" ?: "Default Name";
echo $name;  // Default Name
?>

5. Control Structures

if / elseif / else

<?php
$score = 85;

if ($score >= 90) {
    echo "Grade: A";
} elseif ($score >= 80) {
    echo "Grade: B";
} elseif ($score >= 70) {
    echo "Grade: C";
} elseif ($score >= 60) {
    echo "Grade: D";
} else {
    echo "Grade: F";
}
// Output: Grade: B
?>

switch

<?php
$day = "Monday";

switch ($day) {
    case "Monday":
    case "Tuesday":
    case "Wednesday":
    case "Thursday":
    case "Friday":
        echo "It's a weekday.";
        break;
    case "Saturday":
    case "Sunday":
        echo "It's the weekend!";
        break;
    default:
        echo "Unknown day.";
}
?>

match Expression (PHP 8+)

A cleaner, stricter alternative to switch:

<?php
$status = 2;

$label = match($status) {
    1       => "Active",
    2       => "Inactive",
    3, 4    => "Pending",     // multiple conditions
    default => "Unknown",
};

echo $label;  // Inactive
?>

Key difference from switch: match uses strict comparison (===) and does not fall through.

while Loop

<?php
$count = 1;

while ($count <= 5) {
    echo "Count: $count <br>";
    $count++;
}
// Count: 1 through Count: 5
?>

do...while Loop

<?php
$num = 10;

do {
    echo "Number: $num <br>";
    $num++;
} while ($num < 5);
// Executes ONCE even though condition is false
// Output: Number: 10
?>

for Loop

<?php
for ($i = 0; $i < 5; $i++) {
    echo "Iteration $i <br>";
}

// Counting down
for ($i = 10; $i >= 0; $i -= 2) {
    echo "$i ";
}
// 10 8 6 4 2 0
?>

foreach Loop

Used specifically for iterating over arrays:

<?php
$fruits = ["apple", "banana", "cherry"];

// Indexed array
foreach ($fruits as $fruit) {
    echo $fruit . "<br>";
}

// Associative array — get both key and value
$person = ["name" => "Alice", "age" => 17, "grade" => "11th"];

foreach ($person as $key => $value) {
    echo "$key: $value <br>";
}
?>

break and continue

<?php
// break — exits the loop entirely
for ($i = 0; $i < 10; $i++) {
    if ($i === 5) break;
    echo $i . " ";
}
// 0 1 2 3 4

// continue — skips the current iteration
for ($i = 0; $i < 10; $i++) {
    if ($i % 2 === 0) continue;
    echo $i . " ";
}
// 1 3 5 7 9

// break with level (break out of nested loops)
for ($i = 0; $i < 3; $i++) {
    for ($j = 0; $j < 3; $j++) {
        if ($j === 1) break 2;  // breaks BOTH loops
        echo "$i,$j ";
    }
}
?>

6. Functions

Defining and Calling Functions

<?php
// Define a function
function greet($name) {
    return "Hello, $name!";
}

// Call the function
echo greet("Alice");   // Hello, Alice!
echo greet("Bob");     // Hello, Bob!
?>

Parameters & Default Values

<?php
function createGreeting($name, $greeting = "Hello") {
    return "$greeting, $name!";
}

echo createGreeting("Alice");           // Hello, Alice!
echo createGreeting("Bob", "Hi");       // Hi, Bob!
echo createGreeting("Charlie", "Hey");  // Hey, Charlie!
?>

Return Values

<?php
function add($a, $b) {
    return $a + $b;
}

function divide($a, $b) {
    if ($b === 0) {
        return false;  // functions can return different types
    }
    return $a / $b;
}

$result = add(5, 3);
echo $result;  // 8

$div = divide(10, 0);
if ($div === false) {
    echo "Cannot divide by zero!";
}
?>

Type Declarations (PHP 7+)

<?php
declare(strict_types=1);

// Parameter and return type declarations
function multiply(int $a, int $b): int {
    return $a * $b;
}

function formatCurrency(float $amount): string {
    return "$" . number_format($amount, 2);
}

function findUser(int $id): ?array {  // ?array means array OR null
    // ...returns null if not found
    return null;
}

echo multiply(4, 5);            // 20
echo formatCurrency(1234.5);    // $1,234.50
?>

Variable Scope

<?php
$globalVar = "I am global";

function testScope() {
    // echo $globalVar;  // ERROR: not accessible inside function

    // Use 'global' keyword to access global variables
    global $globalVar;
    echo $globalVar;  // I am global

    $localVar = "I am local";
    echo $localVar;   // works fine inside function
}

testScope();
// echo $localVar;  // ERROR: not accessible outside function

// Static variables persist between calls
function counter() {
    static $count = 0;
    $count++;
    return $count;
}

echo counter();  // 1
echo counter();  // 2
echo counter();  // 3
?>

Variable Functions & Anonymous Functions

<?php
// Anonymous function (closure)
$double = function($n) {
    return $n * 2;
};

echo $double(5);  // 10

// Arrow functions (PHP 7.4+)
$triple = fn($n) => $n * 3;
echo $triple(5);  // 15

// Passing functions as arguments (callback)
$numbers = [3, 1, 4, 1, 5, 9, 2, 6];
usort($numbers, fn($a, $b) => $a - $b);
print_r($numbers);  // [1, 1, 2, 3, 4, 5, 6, 9]
?>

Built-In Functions (Commonly Used)

<?php
// Math
echo abs(-42);         // 42
echo round(3.7);       // 4
echo ceil(3.2);        // 4 (round up)
echo floor(3.9);       // 3 (round down)
echo max(1, 5, 3);     // 5
echo min(1, 5, 3);     // 1
echo rand(1, 100);     // random integer between 1 and 100
echo pow(2, 8);        // 256
echo sqrt(144);        // 12

// Type checking
echo is_int(42);        // 1
echo is_string("hi");   // 1
echo is_array([1,2,3]); // 1
echo is_null(null);     // 1
echo isset($var);       // 1 if set and not null
echo empty($str);       // 1 if empty ("", 0, null, [], false)
?>

7. Arrays

Indexed Arrays

<?php
// Creating arrays
$colors = ["red", "green", "blue"];
$nums   = array(10, 20, 30, 40);  // older syntax

// Accessing elements (zero-indexed)
echo $colors[0];  // red
echo $colors[2];  // blue

// Modifying
$colors[1] = "yellow";

// Appending
$colors[] = "purple";  // adds to end

// Getting length
echo count($colors);   // 4
?>

Associative Arrays

<?php
// Key => Value pairs
$student = [
    "name"    => "Alice Johnson",
    "grade"   => 11,
    "gpa"     => 3.95,
    "active"  => true
];

// Access by key
echo $student["name"];   // Alice Johnson
echo $student["gpa"];    // 3.95

// Add / update
$student["email"] = "[email protected]";
$student["gpa"]   = 4.0;

// Check if key exists
if (array_key_exists("email", $student)) {
    echo "Email found!";
}
?>

Multidimensional Arrays

<?php
$classroom = [
    ["name" => "Alice",   "grade" => 95],
    ["name" => "Bob",     "grade" => 82],
    ["name" => "Charlie", "grade" => 78],
];

// Access nested values
echo $classroom[0]["name"];   // Alice
echo $classroom[1]["grade"];  // 82

// Loop through
foreach ($classroom as $student) {
    echo $student["name"] . ": " . $student["grade"] . "<br>";
}
?>

Array Functions

<?php
$nums = [3, 1, 4, 1, 5, 9, 2, 6, 5, 3];

// Sorting
sort($nums);          // ascending: [1, 1, 2, 3, 3, 4, 5, 5, 6, 9]
rsort($nums);         // descending

$person = ["name" => "Bob", "age" => 25, "city" => "NY"];
ksort($person);       // sort by key
asort($person);       // sort by value, preserve keys

// Searching
echo in_array(5, $nums);       // 1 (true) — value exists
echo array_search(5, $nums);   // index of first match

// Manipulation
$merged = array_merge([1, 2], [3, 4]);  // [1, 2, 3, 4]
$unique = array_unique($nums);           // removes duplicates
$sliced = array_slice($nums, 1, 3);     // 3 elements starting at index 1
$reversed = array_reverse($nums);

// Stack operations
array_push($nums, 10);    // add to end
$last = array_pop($nums); // remove from end

// Queue operations
array_unshift($nums, 0);  // add to beginning
$first = array_shift($nums); // remove from beginning

// Functional array operations
$doubled = array_map(fn($n) => $n * 2, [1, 2, 3, 4]);
// [2, 4, 6, 8]

$evens = array_filter([1, 2, 3, 4, 5, 6], fn($n) => $n % 2 === 0);
// [2, 4, 6]

$sum = array_reduce([1, 2, 3, 4, 5], fn($carry, $item) => $carry + $item, 0);
// 15

// Array info
print_r($nums);   // human-readable array dump
var_dump($nums);  // detailed dump with types

// Convert array to string and back
$csv   = implode(", ", ["red", "green", "blue"]);  // "red, green, blue"
$array = explode(", ", $csv);                        // ["red", "green", "blue"]
?>

8. Strings & String Functions

String Basics

<?php
// Single quotes — literal, no variable parsing
$name = 'Alice';
$text = 'Hello, $name!';   // outputs: Hello, $name!

// Double quotes — parses variables and escape sequences
$text2 = "Hello, $name!";  // outputs: Hello, Alice!
$text3 = "Tab:\t Newline:\n";

// Curly braces for complex expressions
$item = "apple";
echo "I ate {$item}s.";    // I ate apples.

// Heredoc (multi-line, like double quotes)
$html = <<<EOT
<div>
    <h1>Hello, $name!</h1>
</div>
EOT;

// Nowdoc (multi-line, like single quotes — no parsing)
$raw = <<<'EOT'
No $variable parsing here.
EOT;
?>

Common String Functions

<?php
$str = "  Hello, World!  ";

// Length
echo strlen($str);           // 18 (includes spaces)

// Case
echo strtoupper($str);       // "  HELLO, WORLD!  "
echo strtolower($str);       // "  hello, world!  "
echo ucfirst("hello");       // "Hello"
echo ucwords("hello world"); // "Hello World"

// Trimming whitespace
echo trim($str);             // "Hello, World!"
echo ltrim($str);            // "Hello, World!  " (left trim)
echo rtrim($str);            // "  Hello, World!" (right trim)

// Searching
echo strpos("Hello, World", "World");  // 7 (position of first match)
echo strrpos("abcabc", "b");           // 4 (last occurrence)
echo str_contains("Hello, World", "World");  // true (PHP 8+)
echo str_starts_with("Hello", "He");         // true (PHP 8+)
echo str_ends_with("Hello", "lo");           // true (PHP 8+)

// Replacing
echo str_replace("World", "PHP", "Hello, World!");  // Hello, PHP!
echo str_ireplace("world", "PHP", "Hello, World!"); // case-insensitive

// Substrings
echo substr("Hello, World", 7);       // "World"
echo substr("Hello, World", 7, 3);    // "Wor" (start, length)
echo substr("Hello, World", -5);      // "World" (from end)

// Splitting and joining
$parts = explode(",", "red,green,blue");  // ["red", "green", "blue"]
$joined = implode(" | ", $parts);         // "red | green | blue"

// Padding
echo str_pad("42", 5, "0", STR_PAD_LEFT);   // "00042"
echo str_pad("Hi", 10, "-", STR_PAD_BOTH);  // "----Hi----"

// Repetition
echo str_repeat("ab", 3);  // "ababab"

// Reversing
echo strrev("Hello");  // "olleH"

// Counting
echo str_word_count("Hello World PHP");  // 3
echo substr_count("abcabc", "abc");      // 2

// Formatting
echo number_format(1234567.891, 2, '.', ',');  // "1,234,567.89"
echo sprintf("Name: %s, Age: %d, GPA: %.2f", "Alice", 17, 3.95);
// "Name: Alice, Age: 17, GPA: 3.95"

// sprintf format specifiers
// %s = string, %d = integer, %f = float, %b = binary, %x = hex
?>

9. Forms & User Input (GET & POST)

HTML Forms Review

<!-- GET method — data visible in URL -->
<form action="search.php" method="GET">
    <input type="text" name="query" placeholder="Search...">
    <button type="submit">Search</button>
</form>

<!-- POST method — data in request body, not in URL -->
<form action="register.php" method="POST">
    <input type="text" name="username" placeholder="Username">
    <input type="password" name="password" placeholder="Password">
    <button type="submit">Register</button>
</form>

Accessing GET Data

When a user submits search.php?query=PHP+basics:

<?php
// $_GET is a superglobal associative array
$query = $_GET['query'] ?? '';  // use null coalescing for safety

if (!empty($query)) {
    echo "You searched for: " . htmlspecialchars($query);
} else {
    echo "Please enter a search term.";
}
?>

Accessing POST Data

<?php
// Only available when form is submitted via POST
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'] ?? '';
    $password = $_POST['password'] ?? '';

    echo "Username received: " . htmlspecialchars($username);
}
?>

GET vs POST Comparison

Feature

GET

POST

Data location

URL query string

Request body

Visibility

Visible in URL

Hidden from URL

Max data size

~2000 chars

Essentially unlimited

Bookmarkable

Yes

Browser history

Yes

Use cases

Search, filtering, navigation

Secure?

More secure (but still need HTTPS)

PHP Superglobals

PHP provides several built-in global arrays:

<?php
$_GET       // URL query parameters
$_POST      // POST form data
$_REQUEST   // combines GET, POST, and COOKIE
$_SERVER    // server and environment info
$_FILES     // uploaded file data
$_SESSION   // session data
$_COOKIE    // cookie data
$_ENV       // environment variables

// Useful $_SERVER values
echo $_SERVER['PHP_SELF'];       // current script filename: /form.php
echo $_SERVER['REQUEST_METHOD']; // GET or POST
echo $_SERVER['SERVER_NAME'];    // domain name
echo $_SERVER['REMOTE_ADDR'];    // visitor's IP address
echo $_SERVER['HTTP_USER_AGENT']; // browser info
?>

Complete Form Example

<?php
// contact.php — handles both display AND submission

$errors   = [];
$success  = false;
$name = $email = $message = "";

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $name    = trim($_POST['name']    ?? '');
    $email   = trim($_POST['email']   ?? '');
    $message = trim($_POST['message'] ?? '');

    // Simple validation
    if (empty($name))    $errors[] = "Name is required.";
    if (empty($email))   $errors[] = "Email is required.";
    if (empty($message)) $errors[] = "Message is required.";

    if (empty($errors)) {
        $success = true;
    }
}
?>
<!DOCTYPE html>
<html>
<body>
    <?php if ($success): ?>
        <p style="color:green;">Message sent, <?= htmlspecialchars($name) ?>!</p>
    <?php else: ?>
        <?php foreach ($errors as $error): ?>
            <p style="color:red;"><?= htmlspecialchars($error) ?></p>
        <?php endforeach; ?>

        <form method="POST" action="">
            <input type="text" name="name" value="<?= htmlspecialchars($name) ?>">
            <input type="email" name="email" value="<?= htmlspecialchars($email) ?>">
            <textarea name="message"><?= htmlspecialchars($message) ?></textarea>
            <button type="submit">Send</button>
        </form>
    <?php endif; ?>
</body>
</html>

10. Input Validation & Sanitization

Security Rule #1: Never trust user input. Always validate and sanitize everything.

The Difference

Validation — checks if data is in the correct format (is this actually an email address?)
Sanitization — cleans data by removing/encoding dangerous characters

htmlspecialchars() — Prevent XSS

Cross-Site Scripting (XSS) is when malicious users inject JavaScript into your page.

<?php
$userInput = "<script>alert('Hacked!');</script>";

// Without protection — executes the script!
echo $userInput;

// With htmlspecialchars — safely displays the text
echo htmlspecialchars($userInput, ENT_QUOTES, 'UTF-8');
// &lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;

// Always use this when displaying user input in HTML
$name = htmlspecialchars($_POST['name'] ?? '', ENT_QUOTES, 'UTF-8');
?>

filter_var() — Validation & Sanitization

<?php
$email = "[email protected]";

// Validate email format
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Valid email!";
} else {
    echo "Invalid email.";
}

// Validate integer
$age = "17";
if (filter_var($age, FILTER_VALIDATE_INT)) {
    echo "Valid integer!";
}

// Validate integer in a range
$score = 105;
$options = ['options' => ['min_range' => 0, 'max_range' => 100]];
if (!filter_var($score, FILTER_VALIDATE_INT, $options)) {
    echo "Score must be 0-100.";  // this triggers
}

// Validate URL
$url = "https://www.example.com";
if (filter_var($url, FILTER_VALIDATE_URL)) {
    echo "Valid URL!";
}

// Sanitize a string (removes tags)
$dirty = "<b>Hello</b> <script>alert('xss')</script> World";
$clean = filter_var($dirty, FILTER_SANITIZE_SPECIAL_CHARS);
echo $clean;

// Sanitize an integer (strips non-numeric chars)
$dirtyNum = "42abc";
$cleanNum = filter_var($dirtyNum, FILTER_SANITIZE_NUMBER_INT);
echo $cleanNum;  // 42
?>

Validation Functions

<?php
function validateUsername(string $username): bool {
    // 3-20 characters, letters, numbers, underscores only
    return preg_match('/^[a-zA-Z0-9_]{3,20}$/', $username) === 1;
}

function validatePassword(string $password): bool {
    // At least 8 characters
    return strlen($password) >= 8;
}

function validateAge(mixed $age): bool {
    return filter_var($age, FILTER_VALIDATE_INT) !== false
        && (int)$age >= 0
        && (int)$age <= 120;
}

// Test them
var_dump(validateUsername("alice_99"));    // true
var_dump(validateUsername("a!"));          // false
var_dump(validatePassword("abc"));         // false
var_dump(validatePassword("SecurePass1")); // true
var_dump(validateAge("17"));              // true
var_dump(validateAge("999"));             // false
?>

Regular Expressions in PHP

<?php
// preg_match() — test if string matches pattern
preg_match('/^\d{3}-\d{4}$/', '555-1234');   // true — phone number format
preg_match('/^[A-Z]{2}\d{4}$/', 'CS4201');   // true — course code format

// preg_replace() — replace matches
$phone = preg_replace('/[^0-9]/', '', '(555) 867-5309');
echo $phone;  // 5558675309

// preg_split() — split by pattern
$words = preg_split('/\s+/', "Hello   World   PHP");
// ["Hello", "World", "PHP"]

// preg_match_all() — find all matches
$text = "Prices: $5.99, $12.50, $0.99";
preg_match_all('/\$(\d+\.\d{2})/', $text, $matches);
print_r($matches[1]);  // ["5.99", "12.50", "0.99"]
?>

11. File I/O

Reading Files

<?php
// Read entire file into a string
$content = file_get_contents('data.txt');
echo $content;

// Read file into an array of lines
$lines = file('data.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach ($lines as $lineNum => $line) {
    echo "Line $lineNum: $line <br>";
}

// Read with a file handle (better for large files)
$handle = fopen('data.txt', 'r');

if ($handle) {
    while (!feof($handle)) {
        $line = fgets($handle);   // read one line
        echo $line . "<br>";
    }
    fclose($handle);
}
?>

Writing Files

<?php
// Write (overwrites existing content)
file_put_contents('output.txt', "Hello, World!\n");

// Append to existing file
file_put_contents('output.txt', "New line\n", FILE_APPEND);

// Write with file handle
$handle = fopen('log.txt', 'a');  // 'a' = append
if ($handle) {
    fwrite($handle, date('Y-m-d H:i:s') . " - User logged in\n");
    fclose($handle);
}
?>

File Mode Flags

Mode

Description

'r'

Read only, pointer at beginning

'w'

Write only, truncates file, pointer at beginning

'a'

Write only, pointer at end (append)

'x'

Create and write, fails if file exists

'r+'

Read and write, pointer at beginning

'w+'

Read and write, truncates file

'a+'

Read and write, pointer at end

File System Functions

<?php
// Check existence
echo file_exists('data.txt');  // true/false
echo is_file('data.txt');      // true if it's a file (not a directory)
echo is_dir('uploads/');       // true if it's a directory

// File info
echo filesize('data.txt');         // size in bytes
echo filemtime('data.txt');        // last modified timestamp
echo pathinfo('path/to/file.php', PATHINFO_EXTENSION);  // "php"
echo pathinfo('path/to/file.php', PATHINFO_FILENAME);   // "file"
echo pathinfo('path/to/file.php', PATHINFO_DIRNAME);    // "path/to"

// File operations
copy('source.txt', 'dest.txt');
rename('old.txt', 'new.txt');
unlink('delete_me.txt');          // delete a file

// Directory operations
mkdir('new_folder', 0755);        // create directory
rmdir('empty_folder');            // remove empty directory
$files = scandir('uploads/');     // list files in directory
?>

File Upload Handling

<!-- HTML: must include enctype for file uploads -->
<form method="POST" action="upload.php" enctype="multipart/form-data">
    <input type="file" name="userfile">
    <button type="submit">Upload</button>
</form>

<?php
// upload.php
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['userfile'])) {
    $file = $_FILES['userfile'];

    // $_FILES structure:
    // $file['name']     — original filename
    // $file['type']     — MIME type (untrustworthy, verify server-side)
    // $file['size']     — size in bytes
    // $file['tmp_name'] — temporary path on server
    // $file['error']    — error code (0 = no error)

    $allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
    $maxSize = 2 * 1024 * 1024;  // 2 MB

    if ($file['error'] !== UPLOAD_ERR_OK) {
        echo "Upload error.";
    } elseif ($file['size'] > $maxSize) {
        echo "File too large.";
    } elseif (!in_array(mime_content_type($file['tmp_name']), $allowedTypes)) {
        echo "Invalid file type.";
    } else {
        $destination = 'uploads/' . basename($file['name']);
        if (move_uploaded_file($file['tmp_name'], $destination)) {
            echo "Upload successful!";
        }
    }
}
?>

12. Sessions & Cookies

Sessions

Sessions allow you to store data that persists across multiple page loads for a single user. The data is stored on the server and identified by a session ID stored in a cookie.

<?php
session_start();  // MUST be the very first line (before any HTML output)

// Set session variables
$_SESSION['username'] = 'alice';
$_SESSION['role']     = 'student';
$_SESSION['login_time'] = time();

// Access session variables
echo $_SESSION['username'];   // alice

// Check if a session variable exists
if (isset($_SESSION['username'])) {
    echo "Welcome back, " . $_SESSION['username'] . "!";
}

// Remove a specific session variable
unset($_SESSION['role']);

// Destroy the entire session (logout)
session_destroy();
?>

<?php
// login.php
session_start();

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'] ?? '';
    $password = $_POST['password'] ?? '';

    // In a real app, check against a database
    if ($username === 'admin' && $password === 'secret') {
        $_SESSION['user']      = $username;
        $_SESSION['logged_in'] = true;
        header('Location: dashboard.php');
        exit;
    } else {
        $error = "Invalid credentials.";
    }
}
?>

<?php
// dashboard.php — protected page
session_start();

if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
    header('Location: login.php');
    exit;
}

echo "Welcome, " . htmlspecialchars($_SESSION['user']) . "!";
?>

<?php
// logout.php
session_start();
session_unset();    // clear all session variables
session_destroy();  // destroy the session
header('Location: login.php');
exit;
?>

Cookies

Cookies are stored in the browser. They can persist beyond the browser session.

<?php
// Set a cookie
// setcookie(name, value, expiry, path, domain, secure, httponly)
setcookie(
    'theme',         // cookie name
    'dark',          // value
    time() + 86400,  // expires in 1 day (86400 seconds)
    '/',             // available to entire site
    '',              // domain (empty = current)
    false,           // HTTPS only (set true in production)
    true             // httpOnly (not accessible via JavaScript)
);

// Read a cookie
if (isset($_COOKIE['theme'])) {
    $theme = $_COOKIE['theme'];
    echo "Your theme: $theme";  // Your theme: dark
}

// Delete a cookie (set expiry in the past)
setcookie('theme', '', time() - 3600, '/');
?>

Feature

Session

Storage location

Server

Browser/Client

Security

More secure

Less secure

Capacity

Limited by server

~4KB per cookie

Lifespan

Until browser closes (default)

Can be long-lived

Access

$_SESSION

$_COOKIE

Use for

Sensitive data (login state)

Preferences, tracking

13. Object-Oriented PHP

Classes and Objects

<?php
class Student {
    // Properties
    public string $name;
    public int $grade;
    private float $gpa;

    // Constructor
    public function __construct(string $name, int $grade, float $gpa) {
        $this->name  = $name;
        $this->grade = $grade;
        $this->gpa   = $gpa;
    }

    // Methods
    public function getGpa(): float {
        return $this->gpa;
    }

    public function setGpa(float $gpa): void {
        if ($gpa >= 0.0 && $gpa <= 4.0) {
            $this->gpa = $gpa;
        }
    }

    public function getInfo(): string {
        return "{$this->name} (Grade {$this->grade}), GPA: {$this->gpa}";
    }
}

// Create instances (objects)
$alice = new Student("Alice", 11, 3.95);
$bob   = new Student("Bob", 10, 3.5);

echo $alice->getInfo();   // Alice (Grade 11), GPA: 3.95
echo $bob->name;          // Bob — public property

$alice->setGpa(4.0);
echo $alice->getGpa();    // 4.0
?>

Access Modifiers

Modifier

Class

Subclass

External

public

✅

protected

✅

❌

private

✅

❌

Inheritance

<?php
class Person {
    public function __construct(
        public string $name,
        public int $age
    ) {}

    public function introduce(): string {
        return "Hi, I'm {$this->name}, age {$this->age}.";
    }
}

class Teacher extends Person {
    public function __construct(
        string $name,
        int $age,
        public string $subject
    ) {
        parent::__construct($name, $age);  // call parent constructor
    }

    // Override parent method
    public function introduce(): string {
        return parent::introduce() . " I teach {$this->subject}.";
    }
}

$teacher = new Teacher("Ms. Smith", 35, "Computer Science");
echo $teacher->introduce();
// Hi, I'm Ms. Smith, age 35. I teach Computer Science.
?>

Interfaces and Abstract Classes

<?php
// Interface — defines a contract that classes must follow
interface Shape {
    public function area(): float;
    public function perimeter(): float;
}

// Abstract class — can have implementation, cannot be instantiated
abstract class Polygon implements Shape {
    abstract public function sides(): int;

    public function describe(): string {
        return "A " . $this->sides() . "-sided polygon";
    }
}

class Rectangle extends Polygon implements Shape {
    public function __construct(
        private float $width,
        private float $height
    ) {}

    public function area(): float {
        return $this->width * $this->height;
    }

    public function perimeter(): float {
        return 2 * ($this->width + $this->height);
    }

    public function sides(): int {
        return 4;
    }
}

$rect = new Rectangle(5, 3);
echo $rect->area();        // 15
echo $rect->perimeter();   // 16
echo $rect->describe();    // A 4-sided polygon
?>

Static Properties and Methods

<?php
class Counter {
    private static int $count = 0;

    public static function increment(): void {
        self::$count++;
    }

    public static function getCount(): int {
        return self::$count;
    }
}

Counter::increment();
Counter::increment();
Counter::increment();

echo Counter::getCount();  // 3
// No need to instantiate — call directly on the class
?>

Magic Methods

<?php
class MagicDemo {
    private array $data = [];

    // Called when setting an undefined property
    public function __set(string $name, mixed $value): void {
        $this->data[$name] = $value;
    }

    // Called when getting an undefined property
    public function __get(string $name): mixed {
        return $this->data[$name] ?? null;
    }

    // Called when object is used as a string
    public function __toString(): string {
        return json_encode($this->data);
    }

    // Called when object is destroyed
    public function __destruct() {
        // cleanup code here
    }
}

$obj = new MagicDemo();
$obj->color = "blue";   // triggers __set
echo $obj->color;       // triggers __get → "blue"
echo $obj;              // triggers __toString → {"color":"blue"}
?>

14. Error Handling

Error Reporting

<?php
// Show all errors (development only — NEVER in production)
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Log errors to a file (better for production)
ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', '/var/log/php_errors.log');
?>

PHP Error Types

Type

Constant

Description

Fatal

E_ERROR

Script halts (e.g., calling undefined function)

Warning

E_WARNING

Non-fatal, script continues

Notice

E_NOTICE

Minor issue (e.g., undefined variable)

Parse

E_PARSE

Syntax error during compilation

Deprecated

E_DEPRECATED

Using old, removed features

try / catch / finally

<?php
function divide(int $a, int $b): float {
    if ($b === 0) {
        throw new InvalidArgumentException("Division by zero!");
    }
    return $a / $b;
}

try {
    echo divide(10, 2);   // 5
    echo divide(10, 0);   // throws exception
} catch (InvalidArgumentException $e) {
    echo "Caught: " . $e->getMessage();
} catch (Exception $e) {
    echo "Generic error: " . $e->getMessage();
} finally {
    // ALWAYS runs, whether or not exception occurred
    echo "Cleanup code runs here.";
}
?>

Custom Exceptions

<?php
class ValidationException extends RuntimeException {
    private array $errors;

    public function __construct(array $errors) {
        $this->errors = $errors;
        parent::__construct("Validation failed.");
    }

    public function getErrors(): array {
        return $this->errors;
    }
}

function validateForm(array $data): void {
    $errors = [];

    if (empty($data['name']))  $errors[] = "Name required";
    if (empty($data['email'])) $errors[] = "Email required";

    if (!empty($errors)) {
        throw new ValidationException($errors);
    }
}

try {
    validateForm(['name' => '', 'email' => '']);
} catch (ValidationException $e) {
    echo $e->getMessage() . "<br>";
    foreach ($e->getErrors() as $error) {
        echo "- $error<br>";
    }
}
?>

15. Working with Dates & Times

The `date()` Function

<?php
// date(format, timestamp)
// If timestamp is omitted, uses current time

echo date('Y');             // 2026 — four-digit year
echo date('m');             // 02   — month with leading zero
echo date('d');             // 23   — day with leading zero
echo date('H');             // 14   — hour (24h)
echo date('i');             // 30   — minutes
echo date('s');             // 45   — seconds

// Common date formats
echo date('Y-m-d');                  // 2026-02-23
echo date('m/d/Y');                  // 02/23/2026
echo date('l, F j, Y');             // Monday, February 23, 2026
echo date('D, d M Y H:i:s');        // Mon, 23 Feb 2026 14:30:45
echo date('g:i A');                  // 2:30 PM
?>

Common Date Format Characters

Character

Description

Example

Y

4-digit year

2026

y

2-digit year

m

Month (01-12)

M

Month abbreviation

Feb

F

Full month name

February

d

Day (01-31)

D

Day abbreviation

Mon

l

Full day name

Monday

H

Hour, 24h (00-23)

h

Hour, 12h (01-12)

i

Minutes (00-59)

s

Seconds (00-59)

A

AM or PM

U

Unix timestamp

1740322245

Unix Timestamps

<?php
echo time();           // current Unix timestamp (seconds since Jan 1, 1970)
echo mktime(12, 0, 0, 6, 15, 2026);  // timestamp for Jun 15, 2026 at 12:00:00

// strtotime — parse English date strings into timestamps
$ts = strtotime('next Monday');
echo date('Y-m-d', $ts);

$ts2 = strtotime('+30 days');
echo date('Y-m-d', $ts2);

$ts3 = strtotime('2026-12-25');
echo date('l', $ts3);   // day of the week for Christmas 2026
?>

DateTime Class (OOP Approach)

<?php
// Create DateTime objects
$now   = new DateTime();
$bday  = new DateTime('2009-04-15');
$xmas  = new DateTime('2026-12-25');

echo $now->format('Y-m-d H:i:s');   // 2026-02-23 14:30:00

// Modify
$now->modify('+1 month');
$now->modify('-2 days');

// Difference between dates
$diff = $now->diff($xmas);
echo $diff->days . " days until Christmas";

// DateInterval
$now->add(new DateInterval('P30D'));   // Add 30 days (P=period, D=days)
$now->sub(new DateInterval('PT2H'));   // Subtract 2 hours (T=time, H=hours)
?>

16. PHP & the Web: Putting It All Together

A Complete Mini-Application: Grade Calculator

This example demonstrates form handling, validation, sessions, and OOP working together.

index.php

<?php
session_start();

class GradeCalculator {
    private array $grades = [];

    public function addGrade(float $grade): void {
        if ($grade < 0 || $grade > 100) {
            throw new RangeException("Grade must be between 0 and 100.");
        }
        $this->grades[] = $grade;
    }

    public function average(): float {
        if (empty($this->grades)) return 0.0;
        return array_sum($this->grades) / count($this->grades);
    }

    public function letterGrade(): string {
        $avg = $this->average();
        return match(true) {
            $avg >= 90 => 'A',
            $avg >= 80 => 'B',
            $avg >= 70 => 'C',
            $avg >= 60 => 'D',
            default    => 'F',
        };
    }

    public function highest(): float { return max($this->grades); }
    public function lowest(): float  { return min($this->grades); }
    public function getGrades(): array { return $this->grades; }
}

$errors  = [];
$results = null;
$inputGrades = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $inputGrades = trim($_POST['grades'] ?? '');

    if (empty($inputGrades)) {
        $errors[] = "Please enter at least one grade.";
    } else {
        $raw = explode(',', $inputGrades);
        $calc = new GradeCalculator();

        try {
            foreach ($raw as $g) {
                $g = trim($g);
                if (!is_numeric($g)) {
                    $errors[] = "\"$g\" is not a valid number.";
                    break;
                }
                $calc->addGrade((float)$g);
            }

            if (empty($errors)) {
                $results = [
                    'grades'  => $calc->getGrades(),
                    'avg'     => round($calc->average(), 2),
                    'letter'  => $calc->letterGrade(),
                    'highest' => $calc->highest(),
                    'lowest'  => $calc->lowest(),
                ];
                $_SESSION['last_result'] = $results;
            }
        } catch (RangeException $e) {
            $errors[] = $e->getMessage();
        }
    }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Grade Calculator</title>
</head>
<body>
    <h1>Grade Calculator</h1>

    <?php foreach ($errors as $error): ?>
        <p style="color:red;"><?= htmlspecialchars($error) ?></p>
    <?php endforeach; ?>

    <form method="POST" action="">
        <label>Enter grades (comma-separated):
            <input type="text"
                   name="grades"
                   value="<?= htmlspecialchars($inputGrades) ?>"
                   placeholder="85, 92, 78, 95, 88">
        </label>
        <button type="submit">Calculate</button>
    </form>

    <?php if ($results): ?>
        <h2>Results</h2>
        <p>Grades entered: <?= implode(', ', $results['grades']) ?></p>
        <p>Average: <?= $results['avg'] ?></p>
        <p>Letter Grade: <?= $results['letter'] ?></p>
        <p>Highest: <?= $results['highest'] ?></p>
        <p>Lowest: <?= $results['lowest'] ?></p>
    <?php endif; ?>

    <?php if (isset($_SESSION['last_result']) && !$results): ?>
        <h3>Last Calculation:</h3>
        <p>Average was: <?= $_SESSION['last_result']['avg'] ?>
           (<?= $_SESSION['last_result']['letter'] ?>)</p>
    <?php endif; ?>
</body>
</html>

PHP Best Practices Summary

Security

Always sanitize output with htmlspecialchars() to prevent XSS
Always validate all user input server-side (never trust client-side only)
Use prepared statements when working with databases (parameterized queries)
Store passwords with password_hash() — never plain text
Use HTTPS in production environments
Keep session IDs secure; regenerate on login with session_regenerate_id()

Code Quality

Use strict type declarations (declare(strict_types=1))
Follow PSR coding standards (PSR-1, PSR-2, PSR-12)
Separate concerns: keep HTML, PHP logic, and data access in separate layers
Use meaningful variable and function names
Comment your code, but prefer self-documenting code

Performance

Use require_once / include_once to avoid loading files multiple times
Avoid queries inside loops
Cache expensive operations where possible

Quick Reference Cheat Sheet

<?php
// Output
echo "text";                     // print to browser
print_r($array);                 // readable array output
var_dump($var);                  // detailed type+value dump

// String
strlen($s)                       // length
strtolower($s) / strtoupper($s) // case conversion
trim($s)                         // strip whitespace
str_replace($find, $rep, $s)    // replace
explode(",", $s)                 // string to array
implode(",", $arr)               // array to string
htmlspecialchars($s)            // encode for safe HTML output
sprintf("Name: %s", $name)     // formatted string

// Array
count($arr)                     // length
in_array($val, $arr)            // search for value
array_merge($a, $b)             // combine arrays
array_push($arr, $val)          // add to end
array_pop($arr)                 // remove from end
array_keys($arr)                // get all keys
array_values($arr)              // get all values
array_map($fn, $arr)            // transform each element
array_filter($arr, $fn)         // filter elements
sort($arr)                      // sort ascending

// Math
abs($n), round($n), ceil($n), floor($n)
rand($min, $max)
max($a, $b), min($a, $b)

// Date
date('Y-m-d')                  // current date
time()                          // Unix timestamp
strtotime('+7 days')           // relative timestamp

// Type
gettype($v), is_int($v), is_string($v), is_array($v)
(int)$v, (float)$v, (string)$v  // casting
isset($v), empty($v)

// Error Handling
try { } catch (Exception $e) { echo $e->getMessage(); }

// Session
session_start();
$_SESSION['key'] = 'value';
unset($_SESSION['key']);
session_destroy();

// Superglobals
$_GET['param']
$_POST['field']
$_SERVER['REQUEST_METHOD']
$_FILES['upload']
$_COOKIE['name']
?>

PreviousReference Guide NextReference Guide

Last updated 1 month ago

Good morning

hashtagTable of Contents

hashtag1. Introduction to PHP & Server-Side Programming

hashtagWhat is Server-Side Programming?

hashtagWhat is PHP?

hashtagThe Request-Response Cycle

hashtagYour First PHP File

hashtag2. PHP Syntax Basics

hashtagPHP Tags

hashtagStatements and Semicolons

hashtagComments

hashtagecho vs print

hashtag3. Variables, Data Types & Type Juggling

hashtagVariables

hashtagData Types

hashtagType Juggling (Loose Typing)

hashtagChecking & Casting Types

hashtagConstants

hashtag4. Operators

hashtagArithmetic Operators

hashtagAssignment Operators

hashtagComparison Operators

hashtagLogical Operators

hashtagString Operators

hashtagIncrement/Decrement Operators

hashtagNull Coalescing Operator (PHP 7+)

hashtagTernary Operator

hashtag5. Control Structures

hashtagif / elseif / else

hashtagswitch

hashtagmatch Expression (PHP 8+)

hashtagwhile Loop

hashtagdo...while Loop

hashtagfor Loop

hashtagforeach Loop

hashtagbreak and continue

hashtag6. Functions

hashtagDefining and Calling Functions

hashtagParameters & Default Values

hashtagReturn Values

hashtagType Declarations (PHP 7+)

hashtagVariable Scope

hashtagVariable Functions & Anonymous Functions

hashtagBuilt-In Functions (Commonly Used)

hashtag7. Arrays

hashtagIndexed Arrays

hashtagAssociative Arrays

hashtagMultidimensional Arrays

hashtagArray Functions

hashtag8. Strings & String Functions

hashtagString Basics

hashtagCommon String Functions

hashtag9. Forms & User Input (GET & POST)

hashtagHTML Forms Review

hashtagAccessing GET Data

hashtagAccessing POST Data

hashtagGET vs POST Comparison

hashtagPHP Superglobals

hashtagComplete Form Example

hashtag10. Input Validation & Sanitization

hashtagThe Difference

hashtaghtmlspecialchars() — Prevent XSS

hashtagfilter_var() — Validation & Sanitization

hashtagValidation Functions

hashtagRegular Expressions in PHP

hashtag11. File I/O

hashtagReading Files

hashtagWriting Files

hashtagFile Mode Flags

hashtagFile System Functions

hashtagFile Upload Handling

hashtag12. Sessions & Cookies

hashtagSessions

hashtagSession-Based Login System

hashtagCookies

hashtagSession vs Cookie

hashtag13. Object-Oriented PHP

hashtagClasses and Objects

hashtagAccess Modifiers

hashtagInheritance

Table of Contents

1. Introduction to PHP & Server-Side Programming

What is Server-Side Programming?

What is PHP?

The Request-Response Cycle

Your First PHP File

2. PHP Syntax Basics

PHP Tags

Statements and Semicolons

Comments

`echo` vs `print`

3. Variables, Data Types & Type Juggling

Variables

Data Types

Type Juggling (Loose Typing)

Checking & Casting Types

Constants

4. Operators

Arithmetic Operators

Assignment Operators

Comparison Operators

Logical Operators

String Operators

Increment/Decrement Operators

Null Coalescing Operator (PHP 7+)

Ternary Operator

5. Control Structures

if / elseif / else

switch

match Expression (PHP 8+)

while Loop

do...while Loop

for Loop

foreach Loop

break and continue

6. Functions

Defining and Calling Functions

Parameters & Default Values

Return Values

Type Declarations (PHP 7+)

Variable Scope

Variable Functions & Anonymous Functions

Built-In Functions (Commonly Used)

7. Arrays

Indexed Arrays

Associative Arrays

Multidimensional Arrays

Array Functions

8. Strings & String Functions

String Basics

Common String Functions

9. Forms & User Input (GET & POST)

HTML Forms Review

Accessing GET Data

Accessing POST Data

GET vs POST Comparison

PHP Superglobals

Complete Form Example

10. Input Validation & Sanitization

The Difference

htmlspecialchars() — Prevent XSS

filter_var() — Validation & Sanitization

Validation Functions

Regular Expressions in PHP

11. File I/O

Reading Files

Writing Files

File Mode Flags

File System Functions

File Upload Handling

12. Sessions & Cookies

Sessions

Session-Based Login System

Cookies

Session vs Cookie

13. Object-Oriented PHP

Classes and Objects

Access Modifiers

Inheritance

Interfaces and Abstract Classes