Share your knowledge and create a knowledgebase.
Share your knowledge and create a knowledgebase.
Nice URLs, readable URLs, search-engine-friendly URLs. Different names same deal.
It canât really be disagreed on that something like example.com/index.php?page=article&id=409 is not nearly as nice as example.com/article/409.
Turns out this isnât all that hard with PHP - infact it can turn into something thatâs very useful from more than just a readability viewpoint.
The Plan
What weâre going to do is capture everything past a particular point in our URL and pipe it to PHP, weâre going to let PHP do most of the the legwork.
* Using mod_rewrite we get everything past a particular point.
* We will then pass that into a PHP get variable. Weâll use âpâ, you can use anything.
* In our PHP we will define ârulesâ for our URLs with very simple regular expressions.
* When something matches, weâll get the appropriate page - otherwise weâll give back a 404.
mod_rewrite
Yep, this article is purely from an Apache perspective, so I assume that you not only have Apache on your webserver, that you also have enabled mod_rewrite.
If you havenât enabled mod_rewirite, itâs usually something like this in your http.conf:
LoadModule rewrite_module modules/mod_rewrite.so
Remember to restart Apache afterwards.
.htaccess
Letâs get .htaccess out of the way now. These are special files that you may, or may not have come accross. Basically, Apache will read these set of definable rules and determines what to serve when you visit a page.
In this case weâre going to use mod_rewrite rules. So, first create a file called .htaccess and open it up. (To Windows folk - It really has no âfilenameâ, this might confuse some of the poorer text editors.)
To start with, weâre going to check if mod_rewrite is enabled - if it isnât then Apache will return an internal server error (500).
All our rules will go inside this block.
First we need to enable the rewrite engine and set our base.
RewriteEngine on
RewriteBase /The RewriteBase will tell Apache exactly where our capturing needs to come from, what the relative path is.
In our case weâre assuming weâre rewriting the root of a URL. If your script resided in a sub-directory like http://example.com/test, RewriteBase would have to be written like so:
RewriteBase /testOur first rule will tell Apache where to go when we havenât specified anything, in this case we simply want to go to index.php:
RewriteEngine on RewriteBase / # Nothing - Go to index.php RewriteRule ^$ index.php [L]
RewriteRule is how we define our actual rules.
Rewrite rules use regular expressions (regex for short), a kind of special text processing language, to define the rules. They can become very useful if you learn them properly, and we shall be using them later when we write the PHP portion of this article. PHP comes with reasonably good regex support built in.
In this case our regular expression is ^$. The caret symbol, ^, means âAt the startâ. The dollar sign, $, means âAt the end.â So this pattern effectively matches nothing, there is nothing between the two symbols.
Donât worry if regular expressions are confusing at first, there are many tutorials on it around.
The second part of RewriteRule defines where our rule goes to, in this case we always want an empty path to go to index.php.
The last part in square brackets defines a special flag, here we use the L flag. L defines this rule as the âlast oneâ - if this rule matches then Apache will disregard any further ones.
Our next rule is the one that we came here for:
RewriteEngine on RewriteBase / # Nothing - Go to index.php RewriteRule ^$ index.php [L] # If anything matches, send the path to index.php RewriteRule (.*) index.php?p=$1 [L]
In regex a fullstop means âany single characterâ and asterisk means âone or more of the previous characterâ. So our pattern is effectively - any amount of any character or simply, everything.
The parentheses around the rule indicate we want to group that match, and use it later. We do use in defining where our pattern goes to. You refer to groups with the dollar sign and the number of group. (Groups start at 1.) Again we will define this as the last rule with [L].
So with these two rules http://example.com will invisibly redirect to index.php and http://example.com/page/409 will rewrite to index.php?p=page/409.
Unfortunatly, if you try to go directly to any other file or directory, it will not show up - Instead the path will get sent to index.php! We can use RewriteCond to add additional conditions to rectify this situation.
RewriteEngine on RewriteBase / # Nothing - Go to index.php RewriteRule ^$ index.php [L] # Condition - requested path is not a file or directory. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # If anything matches, send the path to index.php RewriteRule (.*) index.php?p=$1 [L]
In a little bit of slightly backward behaviour, when Apache finds a rewrite rule it will go back to see if there were any conditions and check those before finally matching. So these conditions must appear before the rule.
The first parameter is what we test against, it refers to a special server variable, in this case REQUEST_FILENAME. The second parameter is our actual condition. -f asks âIs an existing fileâ and -d is directories.
Since we only want to continue if the match is not a file we can use a !, so our final patterns are !-f and !-d.
Our rewrite ruleset is nearly complete, but thereâs one tiny thing, sometimes you may want to pass GET parameters around in the URL the same way you normally would, as it stands these will be ignored by Apache when rewriting. We can use a flag to append all extra request parameters to the URL - QSA.
Our final .htaccess file looks like this:
RewriteEngine on RewriteBase / # Nothing - Go to index.php RewriteRule ^$ index.php [L] # Condition - requested path is not a file or directory. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # If anything matches, send the path to index.php RewriteRule (.*) index.php?p=$1 [QSA,L]
If anything about mod_rewrite is confusing itâs worth knowing that the documentation on it is actually not all that terrifying and can help you understand it much better.
Using PHP to get the requested URL
Our rewrite rule will pipe everything into index.php as a GET parameter called âpâ. So everything in our script will need to be included through this.
To start our index.php file we need to define a list of matches.
/* * Work out what page we are on */ $page_rules = array( "index" => "home.php", "about" => "about.php" ); $page_val = (isset($_GET['p'])) ? $_GET['p'] : "index";
$page_rules is an associative array pointing matched rules to special pages. You can keep your eventually pages whereever you like, for our example weâll simply have a âpages/â subdirectory where these will go in.
We set $page_val to our âpâ parameter if it was set, otherwise defaulting to index.
Next we go through all our rules and find if weâve matched one with our parameter.
/* * Work out what page we are on */ $page_rules = array( "index" => "home.php", "about" => "about.php" ); $page_val = (isset($_GET['p'])) ? $_GET['p'] : "index"; /* * Iterate through rules and test them on our request */ $match = NULL; foreach($pages as $regex => $page_to) { if(preg_match("/^".$regex."$/i", $page_val)) { $match = $page_to; break; } } /* * If we didn't match anything deliver a 404 or include our file */ if($match === NULL) die("404"); else require "pages/".$page_to;
We now use preg_match to match against each of our rules.
For our index rule, the regular expression looks like /^index$/i. The forward slashes indicate the start and end delimeters of the regex, we can use extra flags to define special things, in this case we use the i flag which indicates that the match is case insensitive.
When we match a rule, we save the page name, then serve it later, or give a 404 message if not. (Your 404 message should be a lot better - this is a simple example after all.)
At this point our rewriting will work perfectly fine. Thereâs a few issues to work out first.
Small issues
First off, if you go to http://example.com/about the rule works, but if you go to http://example.com/about/ then nothing matches - our p variable has changed with that one character!
Luckily we can expand our regular expression to account for this. Question mark, ?, means âthe previous character none or more timesâ. So /? would mean âforward slash or no forward slashâ, except that as we know, forward slash means something in regular expressions. To escape characters in regex simply use the backslash character. The correct match is \/?.
Our new rule check looks like this:
if(preg_match("/^".$regex."\/?$/i", $page_val)) { $match = $page_to; break; }
You may be starting to think that regular expressions can start to look messy the more complicated they get - youâd be right, but that doesnât discount how useful they can be. A regular expression can be broken down into smaller parts if necessary.
This leads on to our second problem, if any of our matches have a forward slash in, which they most likely will, you will get an error when hitting the regex because it would be unescaped. A quick str_replace will sort that.
$regex = str_replace("/", "\/", $regex); if(preg_match("/^".$regex."\/?$/i", $page_val)) { $match = $page_to; break; }
Grouping
This is all well and good, but if you have a URL like our initial example of http://example.com/article/409 surely youâd have to make a new rule for each ID? Luckily we can leverage the power of regex to do that for us.
First we need to ammend our rules to match /article/ and any number. This is done like so:
$page_rules = array( "index" => "home.php", "about" => "about.php" "article/[0-9]+" => "article.php" );
[0-9] is a range, a single number from 0 to 9. And whereas ? means âzero or more timesâ, in this case we need to use plus, + which means âone or more timesâ. So weâre now matching any integer.
Great, our rule works! But itâs useless to us if we canât get that parameter out. Well, first we need to define this as a group in our regex by using parentheses, the same way we did in our .htaccess rules before.
$page_rules = array( "index" => "home.php", "about" => "about.php" "article/([0-9]+)" => "article.php" );
To get our groups out of our regular expression we need to use the third parameter of preg_match, in which we pass in an array that will then be filled with our groups.
Our foreach loop needs to look something like this:
$match = NULL; $matches = array(); foreach($pages as $regex => $page_to) { $regex = str_replace("/", "\/", $regex); if(preg_match("/^".$regex."\/?$/i", $page_val, $matches)) { $match = $page_to; break; } }
Great, now if you tried to go to /article/409 and did a print_r of $matches, youâd get something like:
Array
(
[0] => article/43/
[1] => 43
)
The first entry is filled with the entire pattern, the second one is our requested ID - the group we defined in our match.
Notice that because weâve defined any number, if you try to enter anything other than a number into the URL as an ID you will get given a 404 - This can act as a kind of first-defense validation for input variables.
This is almost the end of the article, however we can make this a little nicer to work with.
Named groups
Being able to refer to something like $_GET[âidâ] is a convenience, thereâs a name. $matches[1] is not so easy to dechyper - or even keep track of, what if we add another group that appears before it like a category name - the group number may shift.
Luckily with regex we can name our groups using the simple syntax of ? inside the start of the group. Our new rules can now look like this.
$page_rules = array( "index" => "home.php", "about" => "about.php" "article/(?<id>[0-9]+)" => "article.php" );
Now when you print_r $matches you get:
Array
(
[0] => article/43/
[id] => 43
[1] => 43
)
You can still refer to the group as $matches[1], but weâre also given the option of $matches[âidâ].
Conclusion
Our final PHP script looks like this:
/* * Work out what page we are on */ $page_rules = array( "index" => "home.php", "about" => "about.php" "article/(?[0-9]+)" => "article.php" ); $page_val = (isset($_GET['p'])) ? $_GET['p'] : "index"; /* * Iterate through rules and test them on our request */ $match = NULL; $matches = array(); foreach($pages as $regex => $page_to) { $regex = str_replace("/", "\/", $regex); if(preg_match("/^".$regex."\/?$/i", $page_val, $matches)) { $match = $page_to; break; } } /* * If we didn't match anything deliver a 404 or include our file */ if($match === NULL) die("404"); else require "pages/".$page_to; ?>
Weâve implemented friendly URLs in a simple way that is also very easy to work with in your script, we even have some basic validation that wouldnât get relying on $_GET.
Every website has âem. Forms. Places for users to enter data into your website. Whether it be a search box, a âContact Usâ form, or variables in the website address, at some point in the flow of your script these suckers are going to touch your database. Oh, thatâs no problem â Weâll just take what they type in and run a query in MySQL on it!
WHOA, there! Are you sure you want to do that? Any input from a user should be treated like a nuclear fuel rod. You can handle it, but youâve got to make sure you do it right. You wouldnât just pick it up with your bare hands, would you?
Why? Just what are MySQL Injection attacks anyway?
Lets say your database has a table inside called âtbl_Usersâ. Inside âtbl_Usersâ are a list of your users, which all have usernames, passwords, first names, last names, addresses, etc. If these users are presented with a login box somewhere on your site, your php user verification query might be something like this:
SELECT * FROM `tbl_Users` WHERE `username`=’”.$_POST['username'].ââ AND `password`=ââ.md5($_POST['password']).âââThe problem is that unscrupulous users (read: bad ones) could enter this into your form:
Â
username: no_onepassword: ‘ OR ”=”Which would make your query look something like this:
SELECT * FROM `tbl_Users` WHERE `username`=’no_one’ AND `password`=” OR ”=”Which, if you read that correctly, would allow that user access to whatever it was you wanted hidden by logging them in. There are a multitude of other ways this can be dangerous, but this is by far the easiest example. Even more unscrupulous users (read: the real jackasses) could send in multiple queries including DELETE queries.
In which case, when you wake up the morning after the attack you are most likely to be heard saying:âHey, where did all my users go?âÂ
Wow. Okay so Iâve got a friend⌠and his website isnât secure. What can I do to help him out?
The good news is that with a few easy precautions, your âfriendâsâ website will be pretty secure against these types of attacks. I say pretty secure because there is no way to prevent every attack. We can only do our best to increase security to a point to take every realistic precaution to prevent these attacks.
#1: Escape your variables!
Using the php function âmysql_real_escape_stringâ you can âescapeâ the single quote character from user input. This is probably the easiest method to prevent MySQL injection attacks. It works by adding a backslash (â\â) before each quote that the user enters into their input. So, to use our example from before:
username: hey’therebecomes
username: hey\’thereThis effectively stops MySQL injection in its tracks since it not only escapes the single quote (âââ) character but also all other characters that the baddies can use to hijack your queries.
If youâve got an array of data coming in, you can use this neat function that I found on the PHP mysql_real_escape_string page (code by âbrian dot folts at gmail dot comâ). It escapes all of the values in your array with ease.
To escape an array, use this function:
function mysql_real_escape_array($t){
return array_map(âmysql_real_escape_stringâ,$t);
}
Then you can call that function easily by passing your array to it:
$your_array = mysql_real_escape_array($your_array);
#2: Check the variable type of your input.
This is done by using the php functions âis_numeric()â, âis_string()â, âis_float()â, and âis_int()â to determine if the input the user is sending in is the same type that you were asking for. Itâs not perfect, but if you were asking for a number and they sent in a word you know to discard it straight away and return an error thereby entirely avoiding any change of a MySQL injection attack.
#3: Always use proper MySQL syntax, including â`â and âââ characters.
If your queries look something like this:
SELECT * FROM tbl_Users WHERE username=$value; Rewrite it so that it looks more like this:
$value = mysql_real_escape_string($value);mysql_query(SELECT * FROM `tbl_Users` WHERE `username`=’”.$value.”‘”); Proper MySQL syntax requires that all table and field names are surrounded by the reverse apostraphe (â`â) and values surrounded with single quotes / apostraphe (âââ).
I hope this gives you a better indication of what you can do to help secure your websites. Keep in mind that this is in no way a complete list. Be ever vigilant in your efforts to prevent attacks of any kind on your code. Leave a comment or two if this helped you at all or if you have different suggestions on how to secure your code from injection attacks!
PHP comes with an extensive catalog of date and time functions, all designed to let you easily retrieve temporal information, massage it into a format you require, and either use it in a calculation or display it to the user. However, if you’d like to do something more complicated, things get much, much hairier.
A simple example of this involves displaying the time on a Web page. With PHP, you can easily use the date() function to read the server’s clock and display the required information in a specific format. But what if you’d like to display the time in a different location - for example, if your company is located in a different country from your server and you want to see “home” time instead of local time? Well, then you have to figure out the difference between the two places and perform some date arithmetic to adjust for the different time zones. If the time difference is significant, you need to take account of whether the new time is on the day before or after, worry about daylight savings time, and keep track of end-of-the-month and leap year constraints.
As you can imagine, the math to perform such time zone conversions can quickly get very complicated if you do it manually. To be fair, PHP has built-in time zone functions to help with this, but these aren’t particularly intuitive and require a fair amount of time to get used to. A quicker alternative is to use the PEAR Date class, which comes with built-in support for time zones and is, by far, the simplest way to perform these conversions.
This tutorial will teach you how to convert temporal values between time zones with the PEAR Date class. It assumes that you have a working Apache and PHP installation and that the PEAR Date class has been correctly installed.
Note: You can install the PEAR Date package directly from the Web, either by downloading it or by using the instructions provided.
Let’s begin with the basics - initialising and using a Date object. Create a PHP script with the following lines of code:
<?php // include class include ("Date.php"); // initialize object $d = new Date("2006-06-21 15:45:27"); // retrieve date echo $d->getDate(); ?>
This is fairly simple - include the class code, initialise a Date() object with a date/time string, and then use the getDate() method to display the value you just inserted. Here’s the output:
2006-06-21 15:45:27
What if you want the date in a different format? If the format is a standard one, such as the ISO format, simply pass getDate() a modifier indicating this:
<?php // include class include ("Date.php"); // initialize object $d = new Date("2006-06-21 15:45:27"); // retrieve date as timestamp echo $d->getDate(DATE_FORMAT_ISO_BASIC); ?>
The output in this case conforms to the standard ISO format.
20060621T154527Z
If you’d like a custom format, you can do that too, with the format() method. Like PHP’s native date() function, this method accepts a series of format specifiers that indicate how each component of the date is to be formatted. Below is an example (look in the class documentation for a complete list of modifiers):
<?php // include class include ("Date.php"); // initialize object $d = new Date("2006-06-21 15:45:27"); // retrieve date as formatted string echo $d->format("%A, %d %B %Y %T"); ?>
And here’s the output:
Wednesday, 21 June 2006 15:45:27
Converting between time zones
Now that you’ve got the basics, let’s talk about time zones. Once you have a Date() object initialised, converting from one time zone to another is a simple two-step process:
1. Tell the Date class which time zone you’re converting from, with the setTZByID() method.
2. Then, tell the Date class which time zone you wish to convert to, with the convertTZByID() method.
<?php // include class include ("Date.php"); // initialize object $d = new Date("2006-06-21 10:36:27"); // set local time zone $d->setTZByID("GMT"); // convert to foreign time zone $d->convertTZByID("IST"); // retrieve converted date/time echo $d->format("%A, %d %B %Y %T"); ?>
In this case, I’m attempting to convert from Greenwich Mean Time (GMT) to Indian Standard Time (IST). India is about 5.5 hours ahead of Greenwich, which is why the output of the script is:
Wednesday, 21 June 2006 16:06:27
Simple, isn’t it? Here’s another example, this one demonstrating how the class handles leap years and month end values.
<?php> // include class include ("Date.php"); // initialize object $d = new Date("2008-03-01 06:36:27"); // set local time zone $d->setTZByID("GMT"); // print local time echo "Local time is " . $d->format("%A, %d %B %Y %T") . "\n"; // convert to foreign time zone $d->convertTZByID("PST"); // retrieve converted date/time echo "Destination time is " . $d->format("%A, %d %B %Y %T"); ?>
And the output is:
Local time is Saturday, 01 March 2008 06:36:27
Destination time is Friday, 29 February 2008 22:36:27
Note: In case you’re wondering where the time zone IDs come from, you can find a complete list within the class documentation.
Calculating GMT offsets
Another piece of information that’s sometimes useful when working with time zones is the GMT offset — that is, the difference between the specified time zone and standard GMT. The PEAR Date class lets you get this information easily, via its getRawOffset() method. Here’s an example:
<?php // include class include ("Date.php"); // initialize object $d = new Date("2006-06-21 10:36:27"); // set local time zone $d->setTZByID("PST"); // get raw offset from GMT, in msec echo $d->tz->getRawOffset(); ?>
Here, the getRawOffset() method calculates the time difference between the local time and GMT. Here’s the output:
-28800000
Note that this offset value is expressed in milliseconds, so you will need to divide it by 3600000 (the number of milliseconds in one hour) to calculate the time zone difference in hours.
Tip: You can use the inDaylightTime() method to see if the destination is currently observing daylight savings time. Look in the class documentation for details on this method.
Adding and subtracting timespans
The Date class also lets you perform sophisticated date arithmetic on temporal values, adding or subtracting durations to a date/time value. These durations (or timespans) are expressed as a string containing day, hour, minute and/or second components.
<?php // include class include ("Date.php"); // initialize object $d = new Date("2006-06-21 15:45:27"); // add 01:20 to it $d->addSpan(new Date_Span("0,1,20,0")); // retrieve date as formatted string echo $d->format("%A, %d %B %Y %T"); ?>
In this case, I’ve added an hour and twenty minutes to the initial timestamp, by calling the Date class’ addSpan() method and supplying it with a Date_Span() object initialised to that duration. The output is fairly easy to guess:
Wednesday, 21 June 2006 17:05:27
Just as you can add timespans, so too can you subtract them. That, in fact, is the purpose of the subtractSpan() method, which is illustrated below.
<?php // include class include ("Date.php"); // initialize object $d = new Date("2006-06-21 15:45:27"); // add 01:20 to it $d->addSpan(new Date_Span("0,1,20,0")); // subtract 00:05 from it $d->subtractSpan(new Date_Span("0,0,5,0")); // retrieve date as formatted string echo $d->format("%A, %d %B %Y %T"); ?>
Here, I’ve first added an hour and twenty minutes, and then subtracted a further five minutes. The net effect is an addition of an hour and fifteen minutes, and the output reflects this:
Wednesday, 21 June 2006 17:00:27
As the examples above illustrate, the PEAR Date class provides methods to intuitively and efficiently perform fairly complex date math. If you’re looking for a stress-free way to convert timestamps between different locations, I’d heartily recommend it to you.
When working with XML-based applications, developers often find themselves facing the requirement to generate XML-encoded data structures on the fly. Examples of this include an XML order template based on user input in a Web form, or an XML representation of a server request or client response based on run-time parameters.
Although this task might seem intimidating, it’s actually quite simple when one takes into account PHP’s sophisticated DOM API for dynamic node construction and manipulation. Over the course of this article, I’ll be introducing you to the main functions in this API, showing you how to programmatically generate a complete well-formed XML document from scratch and save it to disk.
Note: This article assumes a working Apache/PHP5 installation with the DOM functions enabled, and a working knowledge of basic XML constructs such as elements, attributes and CDATA blocks. You can obtain an introduction to these topics from the introductory material at Melonfire (http://melonfire.com/community/columns/trog/article.php?id=78 and http://melonfire.com/community/columns/trog/article.php?id=79)
Creating the Doctype declaration
Let’s start right at the top, with the XML declaration. In PHP, this is fairly simple; it only requires you to instantiate an object of the DOMDocument class and supply it with a version number. To see it in action type out the example script in Listing A.
Listing A
<?php // create doctype $dom = new DOMDocument("1.0"); // display document in browser as plain text // for readability purposes header("Content-Type: text/plain"); // save and display tree echo $dom->saveXML(); ?>
Notice the saveXML() method of the DOMDocument object — I’ll come back to this later, but for the moment simply realise that this is the method used to output a current snapshot of the XML tree, either to a file or to the browser. In this case, I’ve sent the output directly to the browser as ASCII text for readability purposes; in real-world applications, you would probably send this with a Content-Type: text/xml header.
When you view the output in your browser, you should see something like this:
<?xml version="1.0"?>Adding elements and text nodes
Now that’s all very pretty and fine, but the real power of XML comes from its elements and the content they enclose. Fortunately, once you’ve got the basic DOMDocument initialised, this becomes extremely simple. There are two steps to the process:
1. For each element or text node you wish to add, call the DOMDocument object’s createElement() or createTextNode() method with the element name or text content. This will result in the creation of a new object corresponding to the element or text node.
2. Append the element or text node to a parent node in the XML tree by calling that node’s appendChild() method and passing it the object produced in the previous step.
An example will make this clearer. Consider the script in Listing B.
Listing B
<?php // create doctype $dom = new DOMDocument("1.0"); // display document in browser as plain text // for readability purposes header("Content-Type: text/plain"); // create root element $root = $dom->createElement("toppings"); $dom->appendChild($root); // create child element $item = $dom->createElement("item"); $root->appendChild($item); // create text node $text = $dom->createTextNode("pepperoni"); $item->appendChild($text); // save and display tree echo $dom->saveXML(); ?>
Here, I’ve first created a root element named
<?xml version="1.0"?> <toppings> <item>pepperoni</item> </toppings>
If you’d like to add another topping, simply create another
Listing C
<?php // create doctype $dom = new DOMDocument("1.0"); // display document in browser as plain text // for readability purposes header("Content-Type: text/plain"); // create root element $root = $dom->createElement("toppings"); $dom->appendChild($root); // create child element $item = $dom->createElement("item"); $root->appendChild($item); // create text node $text = $dom->createTextNode("pepperoni"); $item->appendChild($text); // create child element $item = $dom->createElement("item"); $root->appendChild($item); // create another text node $text = $dom->createTextNode("tomato"); $item->appendChild($text); // save and display tree echo $dom->saveXML(); ?>
And here’s the revised output:
<?xml version="1.0"?> <toppings> <item>pepperoni</item> <item>tomato</item> </toppings>
Adding attributes
You can also add qualifying information to your elements, through the thoughtful use of attributes. With the PHP DOM API, attributes are added in a two-step process: first create an attribute node holding the name of the attribute with the DOMDocument object’s createAttribute() method, and then append a text node to it holding the attribute value. Listing D is an example.
Listing D
<?php // create doctype $dom = new DOMDocument("1.0"); // display document in browser as plain text // for readability purposes header("Content-Type: text/plain"); // create root element $root = $dom->createElement("toppings"); $dom->appendChild($root); // create child element $item = $dom->createElement("item"); $root->appendChild($item); // create text node $text = $dom->createTextNode("pepperoni"); $item->appendChild($text); // create attribute node $price = $dom->createAttribute("price"); $item->appendChild($price); // create attribute value node $priceValue = $dom->createTextNode("4"); $price->appendChild($priceValue); // save and display tree echo $dom->saveXML(); ?>
And here’s what the output will look like:
<?xml version="1.0"?> <toppings> <item price="4">pepperoni</item> </toppings>
Adding CDATA blocks and processing instructions
While not used quite as often, CDATA blocks and processing instructions (PI) are also well-supported by the PHP API, through the DOMDocument object’s createCDATASection() and createProcessingInstruction() methods. Listing E shows you an example.
Listing E
<?php // create doctype $dom = new DOMDocument("1.0"); // display document in browser as plain text // for readability purposes header("Content-Type: text/plain"); // create root element $root = $dom->createElement("toppings"); $dom->appendChild($root); // create child element $item = $dom->createElement("item"); $root->appendChild($item); // create text node $text = $dom->createTextNode("pepperoni"); $item->appendChild($text); // create attribute node $price = $dom->createAttribute("price"); $item->appendChild($price); // create attribute value node $priceValue = $dom->createTextNode("4"); $price->appendChild($priceValue); // create CDATA section $cdata = $dom->createCDATASection("\nCustomer requests that pizza be sliced into 16 square pieces\n"); $root->appendChild($cdata); // create PI $pi = $dom->createProcessingInstruction("pizza", "bake()"); $root->appendChild($pi); // save and display tree echo $dom->saveXML(); ?>
And here’s the output:
<?xml version="1.0"?> <toppings> <item price="4">pepperoni</item> <![CDATA[ Customer requests that pizza be sliced into 16 square pieces ]]> <?pizza bake()?> </toppings>
Saving the results
Once you’ve got the tree the way you want it, you can either save it to a file or store it in a PHP variable. The former function is performed by calling the save() method with a file name, while the latter is performed by calling the saveXML() method and assigning the result to a string. Here’s an example (Listing F).
Listing F
<?php // create doctype $dom = new DOMDocument("1.0"); // create root element $root = $dom->createElement("toppings"); $dom->appendChild($root); $dom->formatOutput=true; // create child element $item = $dom->createElement("item"); $root->appendChild($item); // create text node $text = $dom->createTextNode("pepperoni"); $item->appendChild($text); // create attribute node $price = $dom->createAttribute("price"); $item->appendChild($price); // create attribute value node $priceValue = $dom->createTextNode("4"); $price->appendChild($priceValue); // create CDATA section $cdata = $dom->createCDATASection("\nCustomer requests that pizza be sliced into 16 square pieces\n"); $root->appendChild($cdata); // create PI $pi = $dom->createProcessingInstruction("pizza", "bake()"); $root->appendChild($pi); // save tree to file $dom->save("order.xml"); // save tree to string $order = $dom->save("order.xml"); ?>
And that’s about it. Hopefully you found this article interesting, and will be able to use these techniques in your daily work with XML. Happy coding!
Most PHP Web developers have heard of PEAR, the PHP Extension and Application Repository, but very few of them actually use it on a regular basis. Here are 10 reasons to get started today.
Most PHP Web developers have heard of PEAR, the PHP Extension and Application Repository, but very few of them actually use it on a regular basis. This is an oversight that should be corrected, because PEAR is actually a rich treasure trove of PHP widgets that can significantly simplify the average Web developer’s workday.
If you think I’m overstating the benefits, ask yourself if you’ve ever written custom code to (a) create HTML e-mail, (b) generate Web forms on the fly, or (c) validate email addresses. PEAR has pre-built PHP packages for all these tasks, and a few hundred more besides. These packages provide a robust, well-tested code base that can save you the time and effort you would otherwise spend on “rolling your own” code. You can’t beat the price either…they’re free!
PEAR classes cover a wide range of tasks, and so this document will focus specifically on classes of interest to developers working with Web pages and form input. If there are other categories you’d like to see addressed, send in your suggestions and we will examine those areas too…and until then, here’s to easier coding!
Note: You can install PEAR packages directly from the Web, by following the provided instructions.
Package Name: Validate
Description: This package provides validation routines for common input types: email addresses, credit card numbers, URLs, dates and times, string and number classes, and more.
Use this package to test user input entered in Web forms and ensure it is valid before using it in a calculation/saving it to a file or database.
URL: http://pear.php.net/package/Validate
Calendar
This package creates calendar data structures for one or more months. These data structures can then be combined with HTML formatting or a template to create a calendar display, complete with forward/backward navigation links.
Use this package to quickly integrate a pop-up Web calendar into a Web site.
http://pear.php.net/package/Calendar
Mail_Mime
This package provides routines to create a MIME-compliant multi-part message. Such a message can contain embedded HTML, images, file attachments, or other parts. The package also provides functions to decode received multi-part messages into their constituent parts.
Use this package to create HTML email with embedded images, or messages with one or more attachments. You can also use this class to decode multi-part messages - for example, as an attachment browser in a Web mail client.
http://pear.php.net/package/Mail_Mime
Cache
This package provides a simple caching framework for a Web site. It allows you to cache the output of PHP scripts as well as function calls, and reduce response times by rendering the cached pages to clients. Cached pages may be stored as files on disk, in a database, or using a custom storage engine.
If your site receives a lot of traffic, use this package to reduce server load and page processing time by occasionally providing clients with snapshots from the page cache instead of the “live” page. You can also reduce the load on your database server by caching the output of frequently-used SQL queries.
http://pear.php.net/package/Cache
Image_Graph
This package makes it possible to automatically convert numerical data into a graph suitable for display on a Web page. Bar, graph, pie, radar and scatter graphs are just some of the supported graph types. X and Y axis customisations are supported, as are many different output formats.
Use this package to display numerical data in a visual manner for easier comprehension - for example, when calculating Web site traffic or ad clicks.
http://pear.php.net/package/Image_Graph
HTML_QuickForm
This package provides routines to generate, validate, and process Web forms programmatically. It supports all the HTML form input types, and comes with built-in validation routines for most common input types. It also provides built-in functionality for multi-page forms and file upload forms.
Use this package to significantly simplify the task of generating Web forms at run-time, or to efficiently validate and process form input.
http://pear.php.net/package/HTML_QuickForm
Auth
This package provides a framework for a basic login/authentication system using PHP. It can verify user credentials against a variety of data sources, including MySQL databases, ASCII files, LDAP servers and POP3 servers.
Use this package to quickly create a login system for a Web application. Because it has “out of the box” support for so many authentication sources, it can also be used to implement Web-based “single login” infrastructure.
http://pear.php.net/package/Auth
XML_RSS
This package is designed to parse RSS documents. It extracts information from an RSS feed as PHP data structures, which can be processed and formatted for display.
Use this package to integrate RSS feeds from other sites into your Web pages.
http://pear.php.net/package/XML_RSS
HTML_Progress
This package provides a framework for a progress bar on a Web site. It uses PHP, JavaScript and CSS to display and dynamically update a progress bar with visual notification of a task’s progress.
Use this package to display progress bars for time-consuming Web tasks — for example a file upload or a long-running loop.
http://pear.php.net/package/HTML_Progress
Translation
This package provides a framework for multi-lingual Web sites. It contains routines to retrieve a translation for each string value from a database and insert it into the appropriate location on each translation-enabled page.
Use this package to efficiently handle multi-language versions of a Web site.