Table of Contents

• What is Object-Oriented Programming (OOP)?
• Why Use OOP in PHP?
• Key Concepts of OOP
  • Classes and Objects
  • Properties and Methods
  • Constructor and Destructor
  • Inheritance
  • Encapsulation
  • Polymorphism
  • Abstraction
• Benefits of Using OOP in PHP
• Practical Example of OOP in PHP
• Summary

What is Object-Oriented Programming (OOP)?

Object-Oriented Programming (OOP) is a programming paradigm that organizes software design around objects rather than functions or logic. An object represents a real-world entity, and it combines data (attributes) and behavior (methods). The core idea behind OOP is to structure your code in such a way that it is more modular, reusable, and easier to maintain.

In PHP, OOP allows developers to define classes, create objects based on those classes, and manage data and behavior in a more organized way. PHP has been supporting OOP since version 5, and it has become an essential part of modern PHP development.

Why Use OOP in PHP?

There are several reasons to use Object-Oriented Programming in PHP:

1. Modularity: OOP allows you to break down your code into smaller, manageable pieces (classes and objects), making it easier to understand and maintain.
2. Reusability: Once a class is created, it can be reused across different parts of the application, or even in different projects.
3. Maintainability: OOP makes your code more flexible and easier to update or extend.
4. Abstraction and Encapsulation: OOP allows you to hide the complexity of the system and only expose necessary details to the outside world, improving security and usability.
5. Inheritance: OOP supports inheritance, which means you can create new classes based on existing ones, reducing redundancy and increasing code efficiency.
6. Polymorphism: OOP enables polymorphism, which allows methods to behave differently based on the object calling them, improving code flexibility.

Key Concepts of OOP

To get started with OOP, it’s important to understand the key concepts that form the foundation of this programming paradigm. These concepts are:

1. Classes and Objects
2. Properties and Methods
3. Constructor and Destructor
4. Inheritance
5. Encapsulation
6. Polymorphism
7. Abstraction

1. Classes and Objects

A class is a blueprint for creating objects. It defines the properties (attributes) and methods (functions) that the objects of that class will have. An object is an instance of a class. In other words, objects are actual entities created based on the class definition.

Example:

<?php
// Define a class called Car
class Car {
    // Property (attribute)
    public $make;
    public $model;

    // Method (function)
    public function start() {
        echo "The car is starting.\n";
    }
}

// Create an object of the Car class
$myCar = new Car();
$myCar->make = "Toyota";
$myCar->model = "Corolla";

// Accessing object properties and calling methods
echo "I drive a " . $myCar->make . " " . $myCar->model . ".\n";
$myCar->start();
?>

In the example above, Car is a class with two properties (make and model) and one method (start). $myCar is an object (instance) of the Car class.

2. Properties and Methods

• Properties are the variables that hold data for the object. They define the state of the object.
• Methods are the functions that define the behavior of the object. They operate on the object’s properties and perform actions.

3. Constructor and Destructor

• Constructor: The constructor is a special method that is called automatically when an object is created. It is used to initialize properties or perform any setup tasks.
• Destructor: The destructor is a special method that is called when an object is destroyed (when it is no longer in use). It is useful for cleanup tasks, such as closing database connections.

Example:

<?php
class Car {
    public $make;
    public $model;

    // Constructor
    public function __construct($make, $model) {
        $this->make = $make;
        $this->model = $model;
        echo "A new car has been created: $make $model\n";
    }

    // Destructor
    public function __destruct() {
        echo "The car $this->make $this->model is being destroyed.\n";
    }

    public function start() {
        echo "The car is starting.\n";
    }
}

// Create an object of the Car class
$myCar = new Car("Honda", "Civic");
$myCar->start();

// The object is destroyed when it goes out of scope
?>

In this example, the __construct() method initializes the car’s properties, and the __destruct() method is called when the object is destroyed.

4. Inheritance

Inheritance is a fundamental concept of OOP that allows one class (the child class) to inherit the properties and methods of another class (the parent class). This allows for code reuse and the creation of more specialized classes.

Example:

<?php
// Parent class
class Vehicle {
    public $brand;
    
    public function honk() {
        echo "Honk! Honk!\n";
    }
}

// Child class inherits from Vehicle
class Car extends Vehicle {
    public $model;

    public function display() {
        echo "This is a " . $this->brand . " " . $this->model . ".\n";
    }
}

// Create an object of the Car class
$myCar = new Car();
$myCar->brand = "Ford";
$myCar->model = "Mustang";
$myCar->display();
$myCar->honk();  // Inherited method
?>

In this example, the Car class inherits from the Vehicle class, allowing it to use the honk() method while also adding its own display() method.

5. Encapsulation

Encapsulation is the concept of bundling the data (properties) and methods that operate on the data within a class, and restricting access to some of the object’s components. This is usually done through access modifiers such as public, private, and protected.

• Public: The property or method can be accessed from anywhere.
• Private: The property or method can only be accessed within the class itself.
• Protected: The property or method can be accessed within the class and by classes that inherit from it.

Example:

<?php
class Person {
    private $name;

    // Setter method to set private property
    public function setName($name) {
        $this->name = $name;
    }

    // Getter method to get private property
    public function getName() {
        return $this->name;
    }
}

$person = new Person();
$person->setName("John Doe");
echo $person->getName();  // Access private property via getter method
?>

6. Polymorphism

Polymorphism allows objects of different classes to be treated as objects of a common parent class. It also allows methods to behave differently depending on the object that is calling them.

Example:

<?php
class Animal {
    public function sound() {
        echo "Some animal sound.\n";
    }
}

class Dog extends Animal {
    public function sound() {
        echo "Bark!\n";
    }
}

class Cat extends Animal {
    public function sound() {
        echo "Meow!\n";
    }
}

$dog = new Dog();
$cat = new Cat();

$dog->sound();  // Outputs: Bark!
$cat->sound();  // Outputs: Meow!
?>

7. Abstraction

Abstraction involves hiding the complex implementation details and exposing only the necessary functionality to the user. In PHP, abstraction is achieved through abstract classes and abstract methods.

Example:

<?php
abstract class Animal {
    abstract public function sound();
}

class Dog extends Animal {
    public function sound() {
        echo "Bark!\n";
    }
}

$dog = new Dog();
$dog->sound();  // Outputs: Bark!
?>

Benefits of Using OOP in PHP

• Reusability: Code written in classes can be reused across different parts of the application, or even in different projects.
• Maintainability: OOP allows for easier maintenance and modification, as changes to a class do not affect other parts of the codebase.
• Scalability: As projects grow in size and complexity, OOP makes it easier to manage and scale the application.
• Organization: OOP helps in organizing your code logically, making it easier to understand and extend.

Practical Example of OOP in PHP

Let’s say you want to create a simple Library Management System using OOP. Here’s a high-level breakdown:

<?php
class Book {
    private $title;
    private $author;
    private $isbn;

    public function __construct($title, $author, $isbn) {
        $this->title = $title;
        $this->author = $author;
        $this->isbn = $isbn;
    }

    public function displayDetails() {
        echo "Title: $this->title\n";
        echo "Author: $this->author\n";
        echo "ISBN: $this->isbn\n";
    }
}

class Library {
    private $books = [];

    public function addBook(Book $book) {
        $this->books[] = $book;
    }

    public function displayBooks() {
        foreach ($this->books as $book) {
            $book->displayDetails();
            echo "\n";
        }
    }
}

$book1 = new Book("PHP for Beginners", "John Doe", "123456789");
$book2 = new Book("Advanced PHP Programming", "Jane Smith", "987654321");

$library = new Library();
$library->addBook($book1);
$library->addBook($book2);
$library->displayBooks();
?>

This example demonstrates how classes and objects can be used to manage books and a library system.

Summary

In this module, we introduced Object-Oriented Programming (OOP) in PHP. We discussed the key concepts such as classes, objects, properties, methods, inheritance, encapsulation, polymorphism, and abstraction. By applying these principles, developers can create modular, maintainable, and scalable applications. In the following module, we will dive deeper into more advanced OOP topics such as interfaces and traits.

Table of Contents

• Introduction to Regular Expressions
• Why Use Regular Expressions in PHP?
• Basic Syntax of Regular Expressions
• PHP Functions for Regular Expressions
  • preg_match()
  • preg_match_all()
  • preg_replace()
  • preg_split()
• Special Characters in Regular Expressions
• Modifiers in Regular Expressions
• Anchors and Boundaries
• Practical Examples of Regular Expressions in PHP
  • Validating Email Addresses
  • Extracting Data from a String
• Performance Considerations When Using Regular Expressions
• Summary

Introduction to Regular Expressions

A Regular Expression (Regex or RegExp) is a sequence of characters that form a search pattern. Regular expressions are used to match strings of text, such as particular characters, words, or patterns. In PHP, regular expressions are commonly used for text searching, validation, and manipulation tasks.

For example, you might use regular expressions to validate email addresses, phone numbers, or other user input to ensure they follow the correct format.

Regular expressions are a powerful tool, but they can be complex and difficult to understand at first. This module will introduce you to regular expressions and how to use them effectively in PHP.

Why Use Regular Expressions in PHP?

Regular expressions provide a flexible and efficient way to search and manipulate text. Some common use cases for regular expressions in PHP include:

• Validating Input: Checking whether user input (like emails, phone numbers, or dates) follows a specific format.
• Searching: Searching for specific patterns in strings, such as extracting certain words or phrases from text.
• Text Replacement: Replacing or modifying parts of a string based on a specific pattern.
• Parsing Data: Extracting structured information from unstructured data (e.g., extracting links from HTML).

PHP supports regular expressions using the PCRE (Perl Compatible Regular Expressions) library, which allows you to use a wide range of regular expression features.

Basic Syntax of Regular Expressions

Before diving into the PHP-specific functions for regular expressions, let’s go over some of the basic syntax rules of regular expressions.

1. Literal Characters: The most basic regular expression consists of literal characters that match themselves. For example:
   • /hello/ matches the string hello.
2. Metacharacters: Special characters that have a meaning beyond matching literal characters. Some common metacharacters include:
   • .: Matches any single character except a newline.
   • ^: Anchors the pattern to the start of the string.
   • $: Anchors the pattern to the end of the string.
   • []: Matches any one of the characters inside the brackets. For example, [aeiou] matches any vowel.
3. Quantifiers: Indicate how many times a part of the pattern should appear.
   • *: Matches 0 or more occurrences of the preceding character or group.
   • +: Matches 1 or more occurrences.
   • ?: Matches 0 or 1 occurrence.
   • {n}: Matches exactly n occurrences.
   • {n,}: Matches n or more occurrences.

PHP Functions for Regular Expressions

PHP provides several functions to work with regular expressions. These functions follow the PCRE syntax and offer powerful ways to match, replace, and split strings.

1. preg_match()

The preg_match() function searches for a pattern in a string. It returns true if the pattern is found, or false otherwise. It is often used to validate input or check if a specific pattern exists.

Syntax:

int preg_match(string $pattern, string $subject, array &$matches = null, int $flags = 0, int $offset = 0);

• $pattern: The regular expression pattern.
• $subject: The string to search.
• $matches: An optional array that will be populated with the matches.
• $flags: Optional flags (e.g., PREG_OFFSET_CAPTURE to get the offset of the match).
• $offset: Optional offset to start the search.

Example:

<?php
$email = "[email protected]";
$pattern = "/^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/";

if (preg_match($pattern, $email)) {
    echo "Valid email address!";
} else {
    echo "Invalid email address.";
}
?>

In this example, we use preg_match() to validate an email address format.

2. preg_match_all()

The preg_match_all() function searches for all occurrences of a pattern in a string and returns an array of matches.

Syntax:

int preg_match_all(string $pattern, string $subject, array &$matches = null, int $flags = 0, int $offset = 0);

Example:

<?php
$text = "apple banana apple orange apple";
$pattern = "/apple/";

preg_match_all($pattern, $text, $matches);
print_r($matches);
?>

This will return all occurrences of the word “apple” in the string.

3. preg_replace()

The preg_replace() function performs a search and replace operation based on a regular expression.

Syntax:

string preg_replace(string $pattern, string $replacement, string $subject, int $limit = -1, int &$count = null);

• $replacement: The string to replace the matches.
• $limit: The maximum number of replacements to make.
• $count: Optionally returns the number of replacements made.

Example:

<?php
$text = "Hello 123, Hello 456";
$pattern = "/\d+/";  // Match all numbers
$replacement = "#";

$new_text = preg_replace($pattern, $replacement, $text);
echo $new_text;  // Outputs: Hello #, Hello #
?>

4. preg_split()

The preg_split() function splits a string into an array using a regular expression pattern.

Syntax:

array preg_split(string $pattern, string $subject, int $limit = -1, int $flags = 0);

Example:

<?php
$text = "apple, banana, cherry, date";
$pattern = "/,\s*/";  // Match comma followed by optional spaces

$fruits = preg_split($pattern, $text);
print_r($fruits);
?>

Special Characters in Regular Expressions

Regular expressions use special characters to define patterns. Some common special characters include:

• .: Matches any character except a newline.
• \d: Matches any digit (0-9).
• \D: Matches any non-digit.
• \w: Matches any word character (alphanumeric plus underscore).
• \W: Matches any non-word character.
• \s: Matches any whitespace character.
• \S: Matches any non-whitespace character.

Modifiers in Regular Expressions

Modifiers allow you to adjust the behavior of the regular expression. Common modifiers include:

• i: Makes the pattern case-insensitive.
• m: Multiline mode, which allows ^ and $ to match the start and end of each line.
• s: Dotall mode, where . matches all characters including newlines.

Anchors and Boundaries

Anchors define the position of a pattern in the string.

• ^: Anchors the pattern to the start of the string.
• $: Anchors the pattern to the end of the string.
• \b: Matches a word boundary (the position between a word character and a non-word character).
• \B: Matches a non-word boundary.

Practical Examples of Regular Expressions in PHP

Validating Email Addresses

<?php
$email = "[email protected]";
$pattern = "/^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}$/";

if (preg_match($pattern, $email)) {
    echo "Valid email address!";
} else {
    echo "Invalid email address.";
}
?>

Extracting Data from a String

<?php
$text = "My phone number is 123-456-7890.";
$pattern = "/\d{3}-\d{3}-\d{4}/";

preg_match($pattern, $text, $matches);
echo "Phone number: " . $matches[0];
?>

Performance Considerations When Using Regular Expressions

While regular expressions are powerful, they can also be computationally expensive, especially for complex patterns or large datasets. Here are a few tips to optimize performance:

• Avoid unnecessary backtracking: Be mindful of patterns that might lead to excessive backtracking, especially with nested quantifiers.
• Pre-compile patterns: If you use the same pattern multiple times, compile it once and reuse it.
• Limit the number of replacements: Use the limit parameter in preg_replace() to prevent infinite loops or excessive replacements.

Summary

In this module, we have explored how to use regular expressions in PHP. Regular expressions are a powerful tool for searching, validating, and manipulating strings. We covered the basic syntax of regular expressions, the PHP functions used to work with them (preg_match(), preg_replace(), preg_match_all(), preg_split()), and practical examples of their usage. With this knowledge, you can effectively use regular expressions to handle a wide range of text-processing tasks in PHP.

Table of Contents

• Introduction to JSON
• Why Use JSON in PHP?
• Encoding Data to JSON
  • json_encode()
• Decoding JSON Data
  • json_decode()
• Handling JSON Errors
  • Error Handling in JSON Functions
• Working with JSON Files in PHP
  • Reading from a JSON File
  • Writing to a JSON File
• Practical Example: Storing and Retrieving User Data
• Security Considerations When Working with JSON
• Summary

Introduction to JSON

JavaScript Object Notation (JSON) is a lightweight data interchange format that is easy for humans to read and write and easy for machines to parse and generate. JSON is language-independent, with libraries available for most programming languages, including PHP. It has become the de facto standard for data exchange on the web, particularly in RESTful APIs, AJAX requests, and client-server communication.

JSON allows you to represent structured data as key-value pairs, arrays, and other simple data types such as strings, numbers, and booleans. Its simplicity, combined with broad support across different platforms, makes it an ideal format for exchanging data between a server and a web client or storing data in a file format.

Why Use JSON in PHP?

In PHP, JSON is widely used for various tasks, including:

• APIs: JSON is the preferred format for data exchange between web servers and client applications, especially in RESTful APIs.
• Data Storage: JSON can be used as an alternative to databases or XML for simple data storage in flat files.
• AJAX Requests: JSON is the most common format for sending and receiving data in AJAX requests.
• Configuration Files: JSON is used for configuration files because of its simplicity and readability.

PHP provides native functions for encoding and decoding JSON, making it easy to work with JSON data directly in PHP.

Encoding Data to JSON

In PHP, the json_encode() function is used to convert PHP variables (arrays, objects) into a JSON string. The function converts the PHP data into JSON format, which can be transmitted to a client or stored in a file.

Syntax:

string json_encode(mixed $value, int $options = 0, int $depth = 512);

• $value: The data to be encoded into JSON. This can be an array, object, or any data type supported by JSON.
• $options: Optional. A bitmask of JSON encode options (e.g., JSON_PRETTY_PRINT to format the JSON output).
• $depth: Optional. The maximum depth to encode. Used to prevent excessive recursion in deeply nested structures.

Example:

<?php
$array = [
    "name" => "John",
    "age" => 30,
    "city" => "New York"
];

$json = json_encode($array);
echo $json;  // Outputs: {"name":"John","age":30,"city":"New York"}
?>

In this example, we encode a simple associative array into a JSON string. You can also use the JSON_PRETTY_PRINT option to make the output more readable.

$json = json_encode($array, JSON_PRETTY_PRINT);
echo $json;

The output will be:

{
    "name": "John",
    "age": 30,
    "city": "New York"
}

Decoding JSON Data

The json_decode() function in PHP is used to convert a JSON string into a PHP variable, such as an associative array or an object. This is typically used when you receive JSON data from an API, client, or file, and need to work with it in PHP.

Syntax:

mixed json_decode(string $json, bool $assoc = false, int $depth = 512, int $options = 0);

• $json: The JSON string to be decoded.
• $assoc: Optional. When set to true, the decoded data is returned as an associative array. When set to false, it returns an object.
• $depth: Optional. The maximum depth to decode. Default is 512.
• $options: Optional. A bitmask of JSON decode options.

Example:

<?php
$json = '{"name":"John","age":30,"city":"New York"}';

$array = json_decode($json, true);
print_r($array);

The output will be:

Array
(
    [name] => John
    [age] => 30
    [city] => New York
)

In this example, we decode a JSON string into an associative array. If you omit the second parameter or set it to false, the data will be returned as an object:

$object = json_decode($json);
echo $object->name;  // Outputs: John

Handling JSON Errors

When encoding or decoding JSON data, errors may occur. PHP provides the json_last_error() and json_last_error_msg() functions to detect and retrieve error messages.

Example:

<?php
$invalid_json = '{"name": "John", "age": 30,}';  // Invalid JSON (trailing comma)

$data = json_decode($invalid_json);

if (json_last_error() !== JSON_ERROR_NONE) {
    echo "JSON Decode Error: " . json_last_error_msg();
}
?>

In this example, an invalid JSON string (with a trailing comma) triggers an error, and json_last_error_msg() provides a descriptive message about the issue.

Working with JSON Files in PHP

PHP makes it easy to work with JSON files. You can read and write JSON data to files, making it an ideal solution for simple data storage.

Reading from a JSON File

To read data from a JSON file, use the file_get_contents() function to get the raw JSON data, followed by json_decode() to convert it into a PHP array or object.

<?php
$json_data = file_get_contents('data.json');
$data = json_decode($json_data, true);
print_r($data);
?>

Writing to a JSON File

To write data to a JSON file, first encode the data into JSON format using json_encode(), then use file_put_contents() to save the JSON string to a file.

<?php
$data = [
    "name" => "Alice",
    "age" => 25,
    "city" => "Los Angeles"
];

$json = json_encode($data, JSON_PRETTY_PRINT);
file_put_contents('data.json', $json);
?>

This will save the encoded JSON string into data.json in a readable format.

Practical Example: Storing and Retrieving User Data

Imagine you want to store and retrieve user data using JSON. Here’s how you can use PHP to store and retrieve user details in a JSON file.

Storing User Data:

<?php
$user = [
    "username" => "john_doe",
    "email" => "[email protected]",
    "password" => "securepassword"
];

// Store user data in a JSON file
file_put_contents('user_data.json', json_encode($user, JSON_PRETTY_PRINT));
?>

Retrieving User Data:

<?php
// Read the JSON file and decode the data
$user_data = json_decode(file_get_contents('user_data.json'), true);

// Access user data
echo "Username: " . $user_data['username'];
echo "Email: " . $user_data['email'];
?>

Security Considerations When Working with JSON

While JSON itself is a lightweight and efficient format, you should take precautions when using it:

• Sanitize Data: Always sanitize user input before encoding it to JSON to prevent injection attacks.
• Avoid Storing Sensitive Data in JSON: While JSON is useful for storing non-sensitive data, it is not a secure storage method for sensitive information like passwords or private keys. Use proper encryption for such data.
• Validate Data Before Decoding: Ensure that the JSON data is valid before decoding to prevent errors and malicious data from affecting your application.

Summary

In this module, we explored how to work with JSON in PHP, including encoding and decoding data, handling errors, and storing/retrieving data in JSON files. JSON is a versatile and commonly used format for data exchange, particularly in APIs and web applications. With PHP’s built-in functions like json_encode() and json_decode(), working with JSON becomes a seamless process.

Table of Contents

• Introduction to Data Validation and Filtering
• Importance of Data Validation
• PHP Filter Functions
  • filter_var()
  • filter_input()
  • filter_input_array()
• Common PHP Filters
  • FILTER_SANITIZE_*
  • FILTER_VALIDATE_*
• Validating and Sanitizing User Input
  • Email Validation
  • URL Validation
  • Integer Validation
• Custom Validation and Filtering
• Practical Example: Form Data Validation
• Security Considerations and Best Practices
• Summary

Introduction to Data Validation and Filtering

Data validation and filtering are crucial in web development for ensuring that the data being processed is clean, secure, and in the expected format. Input data that comes from external sources, such as form submissions or URL parameters, can be unreliable and may pose security risks if not properly validated or sanitized.

In PHP, filters allow developers to validate and sanitize data before it is used. Data validation ensures the data conforms to a specific format or type, while data sanitization removes unwanted characters or unwanted data to improve data quality and security.

Importance of Data Validation

The importance of data validation cannot be overstated. It protects the application from several common security vulnerabilities such as:

• SQL Injection: Malicious input intended to manipulate SQL queries.
• Cross-Site Scripting (XSS): Harmful scripts injected into web pages.
• Data Integrity Issues: Ensuring the integrity of data entered into the system.

By validating and filtering data, you can avoid these vulnerabilities and ensure that your application processes only valid data, making it more reliable and secure.

PHP Filter Functions

PHP provides several functions to filter data, which can be categorized into three main types:

• filter_var(): Filters a single variable.
• filter_input(): Filters data coming from an input source (e.g., $_GET, $_POST, $_COOKIE).
• filter_input_array(): Filters data coming from an array of input sources.

These functions provide a simple and secure way to filter user input.

filter_var()

The filter_var() function is used to filter a single variable according to a specified filter. It has the following syntax:

filter_var($variable, $filter, $options);

• $variable: The variable to be filtered.
• $filter: The filter to apply (e.g., FILTER_VALIDATE_EMAIL).
• $options: Optional parameters to specify flags or options.

Example of using filter_var() to validate an email address:

<?php
$email = "[email protected]";
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Valid email address.";
} else {
    echo "Invalid email address.";
}
?>

filter_input()

filter_input() is used to filter data from external input sources like $_GET, $_POST, or $_COOKIE. It is particularly useful when dealing with user-submitted data.

$input = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
if ($input) {
    echo "Valid email address.";
} else {
    echo "Invalid email address.";
}

filter_input_array()

filter_input_array() works similarly to filter_input(), but it can handle multiple input variables at once, providing an array of filtered values.

$inputs = filter_input_array(INPUT_POST, [
    'email' => FILTER_VALIDATE_EMAIL,
    'age' => FILTER_VALIDATE_INT
]);
if ($inputs['email'] && $inputs['age']) {
    echo "Valid email and age.";
} else {
    echo "Invalid input.";
}

Common PHP Filters

PHP provides a variety of built-in filters for sanitizing and validating data. Some of the most common filters are:

Sanitization Filters (FILTER_SANITIZE_*)

Sanitization filters are used to clean data by removing or encoding potentially dangerous characters.

• FILTER_SANITIZE_STRING: Removes HTML tags from a string.
• FILTER_SANITIZE_EMAIL: Removes all characters except letters, digits, !#$%&'*+/=?^_{|}~-, and .` for email validation.
• FILTER_SANITIZE_URL: Removes characters that are not valid in a URL.
• FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits and + and -.

Example:

$dirty_email = "[email protected]<script>alert('XSS')</script>";
$clean_email = filter_var($dirty_email, FILTER_SANITIZE_EMAIL);
echo $clean_email;  // Outputs: [email protected]

Validation Filters (FILTER_VALIDATE_*)

Validation filters check if a variable matches a specific format or type.

• FILTER_VALIDATE_EMAIL: Validates an email address.
• FILTER_VALIDATE_URL: Validates a URL.
• FILTER_VALIDATE_INT: Validates an integer.
• FILTER_VALIDATE_IP: Validates an IP address.

Example:

$dirty_url = "http://example.com";
if (filter_var($dirty_url, FILTER_VALIDATE_URL)) {
    echo "Valid URL.";
} else {
    echo "Invalid URL.";
}

Validating and Sanitizing User Input

Validating and sanitizing user input are two fundamental practices to ensure your application is safe from malicious inputs.

Email Validation

To validate an email address and ensure it conforms to the proper format, you can use the FILTER_VALIDATE_EMAIL filter:

$email = "[email protected]";
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Email is valid.";
} else {
    echo "Invalid email address.";
}

URL Validation

To validate a URL and check if it’s properly formatted, you can use the FILTER_VALIDATE_URL filter:

$url = "https://example.com";
if (filter_var($url, FILTER_VALIDATE_URL)) {
    echo "URL is valid.";
} else {
    echo "Invalid URL.";
}

Integer Validation

To validate if a value is an integer, you can use the FILTER_VALIDATE_INT filter. You can also specify a range of valid values:

$age = "25";
if (filter_var($age, FILTER_VALIDATE_INT, ["options" => ["min_range" => 18, "max_range" => 100]])) {
    echo "Valid age.";
} else {
    echo "Invalid age.";
}

Custom Validation and Filtering

In addition to the built-in filters, you can create custom validation and filtering functions based on specific needs.

For example, a custom function to validate a username:

function validate_username($username) {
    return preg_match("/^[a-zA-Z0-9]{5,15}$/", $username);
}

$username = "user123";
if (validate_username($username)) {
    echo "Valid username.";
} else {
    echo "Invalid username.";
}

This example uses a regular expression to ensure the username is alphanumeric and between 5 to 15 characters in length.

Practical Example: Form Data Validation

Consider a scenario where a user submits a contact form with a name, email, and message. We can validate the input before storing or processing it.

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    $message = filter_var($_POST['message'], FILTER_SANITIZE_STRING);

    if (filter_var($email, FILTER_VALIDATE_EMAIL) && !empty($name) && !empty($message)) {
        echo "Form submitted successfully.";
    } else {
        echo "Invalid input. Please try again.";
    }
}

In this example, we sanitize the name, email, and message fields, then validate the email using the FILTER_VALIDATE_EMAIL filter. If the data is valid, we process it; otherwise, we display an error message.

Security Considerations and Best Practices

• Always Sanitize and Validate Input: Never trust user input directly. Sanitize and validate all external input to prevent malicious data from being processed.
• Use Prepared Statements for Database Queries: While PHP filters protect against some common security vulnerabilities, you should always use prepared statements (with mysqli or PDO) to prevent SQL injection.
• Use HTTPS: To protect user data during transmission, ensure your application uses HTTPS (SSL/TLS encryption).
• Avoid Storing Sensitive Information in Cookies: Cookies can be manipulated, so avoid storing sensitive data in them. Always hash passwords and use proper authentication techniques.

Summary

In this module, we explored PHP filters and data validation techniques to ensure user input is clean and secure. We covered how to use built-in PHP functions like filter_var(), filter_input(), and filter_input_array() for validating and sanitizing data. We also discussed common filters for sanitization and validation, such as FILTER_SANITIZE_EMAIL and FILTER_VALIDATE_URL. Additionally, we learned how to apply custom validation logic using regular expressions and practical examples.

Table of Contents

• Introduction to Cookies
• Setting Cookies in PHP
• Retrieving Cookies in PHP
• Modifying and Unsetting Cookies
• Cookie Expiration and Lifetime
• Secure Cookies and HttpOnly Cookies
• Cookie Scope: Domain and Path
• Practical Example: Remember Me Functionality
• Troubleshooting Common Cookie Issues
• Summary

Introduction to Cookies

Cookies are small pieces of data that are stored on a user’s browser by the server. They are sent with every HTTP request, which makes them useful for storing information about the user or their session. Unlike sessions, which store data on the server, cookies store data on the client side.

Cookies are commonly used for:

• Remembering user preferences.
• Storing authentication details (e.g., “Remember Me” functionality).
• Tracking user behavior across different pages.

In PHP, cookies are managed using the setcookie() function, and they are accessible through the $_COOKIE superglobal.

Setting Cookies in PHP

To create a cookie in PHP, you use the setcookie() function. This function must be called before any output is sent to the browser, including HTML or whitespace, because cookies are sent as HTTP headers.

The syntax for setting a cookie is:

setcookie(name, value, expiration, path, domain, secure, httponly);

• name: The name of the cookie.
• value: The value of the cookie.
• expiration: The expiration time of the cookie (in seconds from the current time). If set to 0, the cookie will expire when the browser is closed.
• path: The path on the server where the cookie is available. The default value is /, meaning the cookie is available across the entire website.
• domain: The domain that the cookie is available to.
• secure: If true, the cookie will only be sent over HTTPS connections.
• httponly: If true, the cookie can only be accessed via HTTP(S) requests and not by JavaScript (enhancing security).

Here’s an example of setting a cookie:

<?php
setcookie('user', 'JohnDoe', time() + 3600, '/');  // Cookie expires in 1 hour
?>

This sets a cookie named user with the value JohnDoe that will expire in 1 hour.

Retrieving Cookies in PHP

Once a cookie has been set, you can retrieve its value using the $_COOKIE superglobal. The $_COOKIE array will hold all cookies sent with the current HTTP request.

For example, to retrieve the user cookie that we set earlier:

<?php
if (isset($_COOKIE['user'])) {
    echo "Hello, " . $_COOKIE['user'];
} else {
    echo "Cookie not found!";
}
?>

In this example, we check if the user cookie is set. If it is, we display its value; otherwise, we print a message saying that the cookie is not found.

Modifying and Unsetting Cookies

To modify a cookie, you can simply call the setcookie() function again with the same name but a different value. For example, to update the value of the user cookie:

<?php
setcookie('user', 'JaneDoe', time() + 3600, '/');  // Modify the cookie value
?>

If you want to delete a cookie, you can set its expiration time to a time in the past. This will instruct the browser to delete the cookie.

To delete a cookie:

<?php
setcookie('user', '', time() - 3600, '/');  // Expire the cookie
?>

Here, we set the cookie’s value to an empty string and its expiration time to one hour in the past, effectively deleting the cookie.

Cookie Expiration and Lifetime

The expiration time of a cookie is specified in seconds from the current time. For example, if you want a cookie to expire in 30 minutes, you can set the expiration time as follows:

setcookie('user', 'JohnDoe', time() + 1800, '/');  // Expires in 30 minutes

If you set the expiration time to 0, the cookie will expire when the browser is closed. This is useful for temporary cookies that should only persist during the session.

setcookie('session_cookie', 'value', 0, '/');  // Expires when the browser is closed

Secure Cookies and HttpOnly Cookies

Cookies can be made more secure by using the secure and httponly flags.

• secure: If set to true, the cookie will only be sent over HTTPS connections, ensuring the cookie’s data is encrypted in transit.
• httponly: If set to true, the cookie cannot be accessed via JavaScript, reducing the risk of cross-site scripting (XSS) attacks.

To set a secure and HttpOnly cookie:

setcookie('user', 'JohnDoe', time() + 3600, '/', '', true, true);  // Secure and HttpOnly

In this example:

• The cookie will only be transmitted over HTTPS.
• JavaScript will not be able to access the cookie, reducing the risk of XSS attacks.

Cookie Scope: Domain and Path

Cookies have a scope, meaning they are only accessible on certain pages and domains. The path and domain parameters allow you to control where the cookie is available.

• path: The cookie will only be sent for requests that match the specified path. For example, if you set the path to /admin, the cookie will only be sent for requests to /admin/* and not for other pages.

setcookie('user', 'JohnDoe', time() + 3600, '/admin');  // Cookie is only available on /admin

• domain: The cookie will be sent to all subdomains of the specified domain.

setcookie('user', 'JohnDoe', time() + 3600, '/', 'example.com');  // Available on all subdomains of example.com

If you don’t specify the domain parameter, the cookie will only be sent to the domain that set the cookie.

Practical Example: Remember Me Functionality

One of the most common uses for cookies is to implement “Remember Me” functionality on a website. This allows users to stay logged in between sessions.

Login Form (login.php)

<form method="POST" action="login_process.php">
    <label for="username">Username:</label>
    <input type="text" name="username" required>
    <label for="password">Password:</label>
    <input type="password" name="password" required>
    <label for="remember_me">
        <input type="checkbox" name="remember_me"> Remember Me
    </label>
    <input type="submit" value="Login">
</form>

Login Processing (login_process.php)

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$remember_me = isset($_POST['remember_me']) ? true : false;

// Validate credentials (this is just a simple example)
if ($username == 'John' && $password == 'password123') {
    $_SESSION['username'] = $username;

    // Set a cookie if "Remember Me" is checked
    if ($remember_me) {
        setcookie('username', $username, time() + 3600 * 24 * 30, '/');  // Expires in 30 days
    }

    header("Location: welcome.php");
    exit();
} else {
    echo "Invalid credentials!";
}
?>

Welcome Page (welcome.php)

<?php
session_start();

if (isset($_SESSION['username'])) {
    echo "Welcome, " . $_SESSION['username'];
} elseif (isset($_COOKIE['username'])) {
    echo "Welcome back, " . $_COOKIE['username'] . " (via cookie)";
} else {
    echo "Please log in.";
}
?>

In this example, if the “Remember Me” checkbox is checked, the username is stored in a cookie that lasts for 30 days. On subsequent visits, the username will be retrieved from the cookie, allowing the user to be automatically logged in.

Troubleshooting Common Cookie Issues

1. Cookies Not Being Set: Make sure that you call setcookie() before any HTML output. Cookies are sent as HTTP headers, so they must be set before the content is sent to the browser.
2. Cookies Not Persisting: If your cookies are not persisting, ensure that the expiration time is set correctly. If the expiration time is set to 0, the cookie will expire when the browser is closed.
3. Session Cookies Not Working: Session cookies will only persist until the browser is closed. If you’re trying to test cookies and the session is expired, ensure you haven’t set an immediate expiration time.
4. Domain and Path Issues: Make sure that the domain and path are set correctly. If you’re using subdomains or specific directories, ensure that the cookie is accessible in those areas.

Summary

In this module, we explored cookies in PHP and how they are used to store data on the client side. We discussed how to set, retrieve, modify, and delete cookies using PHP’s setcookie() function and the $_COOKIE superglobal. We also covered topics such as cookie expiration, secure cookies, and scope (domain and path). Finally, we provided a practical example of implementing “Remember Me” functionality with cookies.