PHP For Beginners
Link
https://laracasts.com/series/php-for-beginners-2023-edition
Laracasts > Learn Laravel Path > PHP For Beginners
01 - How to Choose a Programming Language
02 - Tools of the Trade
- Recommended editors
- PhpStorm
- Visual Studio Code
- PHP extension
All-in-One PHP support - IntelliSense, Debug, Formatter, Code Lenses, Code Fixes, Linting, Refactoring, PHPUnit Tests, Web Server, and more.
- PHP extension
- Sublime Text
- Terminals
- macOS
- Windows
- Ways of installing PHP
- Database clients
- TablePlus
- phpMyAdmin (MySQL only)
03 - Your First PHP Tag
<?php echo "Hello world"; ?>
04 - Variables
- Statements end with a
;
- Strings are concatenated with a
.
- Variables start with a
$
sign - Strings can be single-quoted or double-quoted; variables are only evaluated in the latter
05 - Conditionals and Booleans
Conditions:
if (condition) { /* ... */ } else { /* ... */ }
Alternative syntax with
:
andendif
:if (condition): /* ... */ else: /* ... */ endif;
<?=
is shorthand for<?php echo
and the semicolon is optional in this case
06 - Arrays
Arrays are declared like
[
/* … */]
Loop:
foreach ($var as $i) { /* ... do something with $i ... */ }
Alternative syntax with
:
andendforeach
, often used in views:foreach ($var as $i): /* ... do something with $i ... */ endforeach;
When echo’ing a variable that should immediately be followed by some other text, we can wrap it in curly braces:
<?php echo "{$i}©"; ?>
07 - Associative Arrays
Array indices start at zero
Arrays can be indexed:
$books[2]
Arrays can be nested
Associative arrays are indexed by key instead of numbers:
$book = [ 'name' => 'Do Androids Dream of Electric Sheep', 'author' => 'Philip K. Dick' ]; echo $book['name'];
08 - Functions and Filters
=
assigns a value==
compares equality of value===
compares equality of value and typeFunction definition and parameters:
function filterByAuthor($books) { // ... }
Returning data from a function:
return 'foo';
[] =
appends a value to an array:$filteredBooks = []; $filteredBooks[] = $book;
09 - Lambda Functions
- “Lambda functions” is the technical term for “anonymous functions”, i.e. functions that are not named (
function foo(a) { }
, calledfoo(b)
), but may still be assigned to variables ($foo = function (a) { };
, called$foo(b);
). array_filter
is one of many useful functions included with PHP.
10 - Separate Logic From the Template
- The last
?>
on the page may be omitted (unless there is HTML after it) - Good idea to separate logic (e.g., accessing the database or other servers) from the HTML (also called the template or “view”)
- For reuse or separation, code files can be “imported” using
require
orinclude
12 - Page Links
- How not to do things: duplication of code
13 - PHP Partials
- Controllers are responsible for accepting and processing an incoming request and providing a response
14 - Superglobals and Current Page Styling
var_dump
converts the value of e.g. arrays and outputs them as a string- “Superglobals”, such as
$_GET
,$_POST
,$_SERVER
, are available from anywhere die()
exits processing- Ternary operator
expr ? if_truthy : else
as a shorthand for if/else
15 - Make a PHP Router
- A router maps the URI to the corresponding controller
parse_url()
splits a URI into path and query(string)array_key_exists()
checks if an array has a given keyhttp_response_code()
sets the HTTP status code- Remember: For variables to be substituted within strings, the string must be enclosed in double quotes, and the variable must be enclosed in (a single set of) curly brackets
- Set a default for a parameter to make it optional, e.g.:
function foo($var = 12345) { /* ... */ }
16 - Create a MySQL Database
Install MySQL 8.0 on Ubuntu 22.04 running in WSL:
sudo apt install -y mysql-server-8.0
sudo /etc/init.d/mysql start
Create a database for this course:
sudo mysql -e "CREATE DATABASE myapp;"
17 - PDO First Steps
Classes 101
Think of a class like a blueprint for anything
Functions within a class are called “methods”
The default visibility for a class method is “public”, but it is good coding style to declare that explicitly
- Other visibilities are e.g. “protected” and “private”
Instances of classes are called “objects”
Class members on objects are accessed with the
->
characters, e.g.:class Person { public $name; } $person = Person(); $person->name = 'John Doe';
Within a method (class function), the current object can be accessed using the
$this
keyword/variable
Remember: The string concatenation character is
.
(a dot)Installing and enabling the PDO MySQL driver for the CLI server (assuming PHP 8.1 on Ubuntu 22.04 installed using the Ondřej Surý PPA):
sudo apt install php8.1-mysql sudo phpenmod pdo_mysql
phpenmod
,phpdismod
andphpquery
are tools for enabling, disabling and viewing the status of PHP modules, they are included in thephp-common
package (on Ubuntu 22.04)Creating a MySQL user for the demo/course app:
CREATE USER 'myapp'@'localhost' IDENTIFIED BY 'SOME_SUPER_SECURE_PASSWORD_GOES_HERE'; GRANT ALL ON myapp.* TO 'myapp'@'localhost'; FLUSH PRIVILEGES;
For the demo to work, I had to change the
host
in the DSN from “localhost” to “127.0.0.1”.
18 - Extract a PHP Database Class
- The constructor method is called
__construct()
in PHP. - If the PHP file only contains a class, the convention is to start the file name with a capital letter.
19 - Environments and Configuration Flexibility
- The “scope resolution operator”
::
gives access to constants (“static values”) defined in a class, e.g. we used it when referencingPDO::FETCH_ASSOC
- http_build_query()
converts an associative array to a querystring- A PHP file can
return
something - and that return value can be assigned to a variable in another file using therequire
statement- Good for e.g. configuration values
20 - SQL Injection Vulnerabilities Explained
- To avoid SQL injection, substitute any dynamic (user-provided) values in SQL statements with
?
or:name
placeholders, and bind the actual values by providing them as an array to theexecute()
method
21 - Database Tables and Indexes
- Unique indices prevent multiple rows from having the same value in the same column (e.g. multiple users having the same email address)
- Foreign keys reference other tables
ON UPDATE
/ON DELETE
configure rules to keep the database integrity intact, e.g. here to automatically delete all of a user’s notes when the user gets deleted
22 - Render the Notes and Note Page
23 - Introduction to Authorization
- Trying to fetch a non-existing result (no rows) from the database results in the return value
false
24 - Programming is Rewriting
25 - Intro to Forms and Request Methods
- Good coding style / conventions:
- Start all controllers/views/etc. related to the same “class”/topic with the same expression, e.g.:
- If one controller relates to one view - call the files the same
- A plural route (“/notes”) should show a list of items of that type
- A singular route (“/note/ID-SLUG”) should show a single note with that ID/slug
- All form input fields should have a corresponding name, which will often be the same as the property/database column
- GET requests should be idempotent (not changing data on the server/database, except request logging obviously)
- POST request data can be accessed using the superglobal
$_POST
26 - Always Escape Untrusted Input
- Always assume that the user is guilty (i.e. malicious) until proven otherwise
htmlspecialchars()
converts HTML code to plain text (no risk of XSS when displaying it)
27 - Intro to Form Validation
Use client-side validation to provide faster feedback to the regular user, but server-side validation to avoid abuse by malicious actors (or users with Javascript disabled for some reason)
isset()
can be used to determine if a variable exists (including whether a key exists in an associate array) and is set to something else thannull
The “null coalescing operator”
??
, introduced in PHP 7, uses the following value if the preceding one does not exist, e.g. the following snippets are equivalent:<?= isset($_POST['body']) ? $_POST['body'] : '' ?>
<?= $_POST['body'] ?? '' ?>
strlen()
returns the length of a string
28 - Extract a Simple Validator Class
trim()
removes whitespace from the beginning and end of a stringINF
is a global constant for “infinity”, i.e. the largest number- A “pure function” does not require any state from the outside (“self-contained”; only relying on its input to produce its output)
- Methods which are pure functions can be made “static”, which means they can be called directly using the class and the
::
operator, without having to instantiate an object of the class first filter_var()
can e.g. be used for validating that something looks like a valid email address
29 - Resourceful Naming Conventions
__DIR__
gives the directory of the current file
30 - PHP Autoloading and Extraction
- The path to the project root is often called
BASE_PATH
. - Constants are declared using the
const
keyword and do not start with a$
sign. extract()
turns an array into a set of (declared) variablesspl_autoload_register()
can be used to autoload classes and avoid the issue of having to require them (and the risk of requiring them twice, resulting in an error about duplicate declaration)
31 - Namespacing: What, Why, How?
- The
namespace
keyword is used to declare a namespace in PHP - Namespaces are used to prevent conflicts between classes that have the same name and can be used to organize code by grouping related classes together
- When using a namespaced file, use the
use
keyword to “import” it str_replace()
replaces occurances of strings in strings with other stringsDIRECTORY_SEPARATOR
is a global constant that contains the current operating system’s directory separator (e.g.,/
or\
)- By now it should be obvious that the convention is to name constants with all capital letters 😀
- Every class mentioned in a “namespaced” class is assumed to be in the same namespace
- To reference a class in the “global” namespace (i.e. without a namespace), prefix it with the
\
(backslash) character - Instead, one can also
use
a class from the global namespace, which also serves as a sort of documentation (answering the question “which other classes are used within this class?”)