February 2013
Intermediate to advanced
538 pages
20h 55m
English
Content preview from Programming PHP, 3rd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Escape Output
Escaping is a technique that preserves data as it enters another context. PHP is frequently used as a bridge between disparate data sources, and when you send data to a remote source, it’s your responsibility to prepare it properly so that it’s not misinterpreted.
For example, O'Reilly is
represented as O\'Reilly when used in
an SQL query to be sent to a MySQL database. The backslash before the
single quote exists to preserve the single quote in the context of the SQL
query. The single quote is part of the data, not part of the query, and
the escaping guarantees this interpretation.
The two predominant remote sources to which PHP applications
send data are HTTP clients (web browsers) that interpret HTML, JavaScript,
and other client-side technologies, and databases that interpret SQL. For
the former, PHP provides htmlentities():
$html=array();$html['username']=htmlentities($clean['username'],ENT_QUOTES,'UTF-8');echo"<p>Welcome back,{$html['username']}.</p>";
This example demonstrates the use of another naming convention. The
$html array is similar to the $clean array, except that its purpose is to hold
data that is safe to be used in the context of HTML.
URLs are sometimes embedded in HTML as links:
<a href="http://host/script.php?var={$value}">Click Here</a>In this particular example, $value exists within nested contexts. It’s within the query string of a URL that is embedded in HTML as a link. Because it’s alphabetic in this case, it’s safe to be used in both ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.