PHP is very rich in terms of Built-in functions. Here is the list of various important function categories. There are various other function categories which are not covered here.
Select a category to see a list of all the functions related to that category.
PDO is an acronym for PHP Data Objects. PHP can interact with most of the relational as well as NOSQL databases. The default PHP installation comes with vendor-specific database extensions already installed and enabled. In addition to such database drivers specific to a certain type of database, such as the mysqli extension for MySQL, PHP also supports abstraction layers such as PDO and ODBC.
The PDO extension defines a lightweight, consistent interface for accessing databases in PHP. The functionality of each vendor-specific extension varies from the other. As a result, if you intend to change the backend database of a certain PHP application, say from PostGreSql to MySQL, you need to make a lot of changes to the code. The PDO API on the other hand doesnt require any changes apart from specifying the URL and the credentials of the new database to be used.
Your current PHP installation must have the corresponding PDO driver available to be able to work with. Currently the following databases are supported with the corresponding PDO interfaces −
Driver Name
Supported Databases
PDO_CUBRID
Cubrid
PDO_DBLIB
FreeTDS / Microsoft SQL Server / Sybase
PDO_FIREBIRD
Firebird
PDO_IBM
IBM DB2
PDO_INFORMIX
IBM Informix Dynamic Server
PDO_MYSQL
MySQL 3.x/4.x/5.x/8.x
PDO_OCI
Oracle Call Interface
PDO_ODBC
ODBC v3 (IBM DB2, unixODBC and win32 ODBC)
PDO_PGSQL
PostgreSQL
PDO_SQLITE
SQLite 3 and SQLite 2
PDO_SQLSRV
Microsoft SQL Server / SQL Azure
By default, the PDO_SQLITE driver is enabled in the settings of php.ini, so if you wish to interact with a MySQL database with PDO, make sure that the following line is uncommented by removing the leading semicolon.
extension=pdo_mysql
You can obtain the list of currently available PDO drivers by calling PDO::getAvailableDrivers() static function in PDO class.
PDO Connection
An instance of PDO base class represents a database connection. The constructor accepts parameters for specifying the database source (known as the DSN) and optionally for the username and password (if any).
The following snippet is a typical way of establishing connection with a MySQL database −
<?php
$dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
?>
If there is any connection error, a PDOException object will be thrown.
The PDO class defines the following static methods −
PDO::beginTransaction
After obtaining the connection object, you should call this method to that initiates a transaction.
publicPDO::beginTransaction():bool
This method turns off autocommit mode. Hence, you need to call commit() method to make persistent changes to the database Calling rollBack() will roll back all changes to the database and return the connection to autocommit mode.This method returns true on success or false on failure.
PDO::commit
The commit() method commits a transaction.
publicPDO::commit():bool
Since the BeginTransaction disables the autocommit mode, you should call this method after a transaction. It commits a transaction, returning the database connection to autocommit mode until the next call to PDO::beginTransaction() starts a new transaction. This method returns true on success or false on failure.
PDO::exec
The exec() method executes an SQL statement and return the number of affected rows
publicPDO::exec(string$statement):int|false
The exec() method executes an SQL statement in a single function call, returning the number of rows affected by the statement.
Note that it does not return results from a SELECT statement. If you have a SELECT statement that is to be executed only once during your program, consider issuing PDO::query().
On the other hand For a statement that you need to issue multiple times, prepare a PDOStatement object with PDO::prepare() and issue the statement with PDOStatement::execute().
The exec() method need a string parameter that represents a SQL statement to prepare and execute, and returns the number of rows that were modified or deleted by the SQL statement you issued. If no rows were affected, PDO::exec() returns 0.
PDO::query
The query() method prepares and executes an SQL statement without placeholders
This method prepares and executes an SQL statement in a single function call, returning the statement as a PDOStatement object.
PDO::rollBack
The rollback() method rolls back a transaction as initiated by PDO::beginTransaction().
publicPDO::rollBack():bool
If the database was set to autocommit mode, this function will restore autocommit mode after it has rolled back the transaction.
Note that some databases, including MySQL, automatically issue an implicit COMMIT when a DDL statement such as DROP TABLE or CREATE TABLE is issued within a transaction, and hence it will prevent you from rolling back any other changes within the transaction boundary. This method returns true on success or false on failure.
Example
The following code creates a student table in the myDB database on a MySQL server.
PHP FastCGI Process Manager (PHP-FPM) is an efficient alternative to traditional CGI-based methods for handling PHP requests, particularly in high-traffic environments. PHP-FPM has a number of important features. These features are as follows −
Reduced Memory Consumption
With the help of a pool of worker processes to handle requests PHP-FPM significantly reduces memory overhead compared to traditional CGI methods that spawn a new process for each request.
Improved Performance
PHP-FPM’s worker processes are persistent. It allows them to handle multiple requests. It doesnt need ti repeatedly create and destroy processes. This leads to faster response times and improved handling of high concurrency.
Enhanced Scalability
PHP-FPM’s pool of worker processes can be dynamically adjusted based on traffic demands, allowing it to scale effectively to handle varying workloads.
Advanced Process Management
PHP-FPM offers graceful startup and shutdown. It also has granular control over process management, including, emergency restarts, and monitoring of worker processes.
Environment Isolation
PHP-FPM enables the creation of separate pools for different applications or user groups, so that better isolation and security can be provided for each environment.
Customizable Configuration
PHP-FPM uses php.ini based configuration options. With these extensive options, fine-tuning of its behavior is possible to match specific application requirements.
Supports multiple PHP Versions
PHP-FPM can manage multiple PHP versions simultaneously, enabling the deployment of different PHP applications on a single server.
PHP-FPM is commonly used with web servers like Nginx or Apache. It acts as a backend processor for handling PHP requests. It has become the preferred method for managing PHP applications in production environments due to its performance, scalability, and reliability.
The acronym “CSRF” stands for Cross-Site Request Forgery. CSRF is an Internet exploit that involves a trusted website user issuing unauthorized commands. Providing adequate protection to a PHP web application against this attack can be achieved by taking the measures explained in this chapter.
By default, the browser uses the “GET” request method to send data. This is commonly used as the exploit point in a CSRF. To inject commands into a specific website, the attacker employs HTML tags like “IMG.” For example, the url endpoint of a web application such as “/delete.php?empcode=1234” deletes account as passed from empcode parameter of a GET request. Now, if an authenticated user come across the following script in any other application.
Inadvertently causes the data related to empcode=1234 to be deleted.
A common workaround for this problem is the use of CSRF tokens. A CSRF token is a string of random characters embedded into requests so that a web application can trust that a request has been received from an expected source as per the normal workflow.
Steps to Implement CSRF
The steps to implement CSRF token protection in PHP are as follows −
Begin the script by starting a new session.
Generate a token of random characters. You can use any of the several built-in function that PHP provides for generation of random string. Let use md5() function to obtain the hash value of uniqueid() function that generates a unique randome string.
Inside the HTML form to be provided for the user to submit the data, include a hidden file with its value as the random token generated in the above step.
The token can is then validated by the server against the user session after form submission to eliminate malicious requests.
You can also add another session variable whose value is the current time, and send an expiry time for the validation purpose.
Example
Here is the PHP code that implements CSRF token verification mechanism. The following script generates a token and embeds in a HTML form.
To simulate the failure of CSRF validation, open the inspect tool of the browser, edit the value in the hidden field manually and submit the form to see that the tokens dont match leading to the validation failure.
PEAR is an acronym for PHP Extension and Application Repository. It is a repository of PHP packages or extensions. You can freely incorporate any of these extensions from PEAR in your code. The PEAR project was established by Stig S. Bakken in 1999.
Most of the precompiled distributions of PHP such as XAMPP already have PEAR bundled with it. If not, you can install PEAR by downloading go-pear.phar file from https://pear.php.net/go-pear.phar and run
php go-pear.phar
In a Windows Command Prompt to start the installation.
Based on your responses to the setup steps, the PEAR Package Manager will be installed in the path, specified during installation.
You can then add that installation path to your PATH environment. Either do this manually (Start > Control Panel > System > Environment) or run (double-click) the newly generated PEAR_ENV.reg that’s now found in the PHP source directory.
You can now access the PEAR Package Manager by running the command −
C:\xampp\php>pear
In a Windows Command Prompt.
You will get the list of PEAR commands as follows −
C:\xampp\php>pear
Commands:
build Build an Extension From C Source
bundle Unpacks a Pecl Package
channel-add Add a Channel
channel-alias Specify an alias to a channel name
channel-delete Remove a Channel From the List
channel-discover Initialize a Channel from its server
channel-info Retrieve Information on a Channel
channel-login Connects and authenticates to remote channel server
channel-logout Logs out from the remote channel server
channel-update Update an Existing Channel
clear-cache Clear Web Services Cache
config-create Create a Default configuration file
config-get Show One Setting
config-help Show Information About Setting
config-set Change Setting
config-show Show All Settings
convert Convert a package.xml 1.0 to package.xml 2.0 format
cvsdiff Run a "cvs diff"for all files in a package
cvstag Set CVS Release Tag
download Download Package
download-all Downloads each available package from the default channel
info Display information about a package
install Install Package
listList Installed Packages In The Default Channel
list-all List All Packages
list-channels List Available Channels
list-files List Files In Installed Package
list-upgrades List Available Upgrades
login Connects and authenticates to remote server [Deprecated in favor of channel-login]
logout Logs out from the remote server [Deprecated in favor of channel-logout]
makerpm Builds an RPM spec file from a PEAR package
package Build Package
package-dependencies Show package dependencies
package-validate Validate Package Consistency
pickle Build PECL Package
remote-info Information About Remote Packages
remote-listList Remote Packages
run-scripts Run Post-Install Scripts bundled with a package
run-tests Run Regression Tests
search Search remote package database
shell-test Shell Script Test
sign Sign a package distribution file
svntag Set SVN Release Tag
uninstall Un-install Package
update-channels Update the Channel List
upgrade Upgrade Package
upgrade-all Upgrade All Packages [Deprecated in favor of calling upgrade with no parameters]
Installing packages with PEAR is so easy. One way to find packages, is using the official PEAR site https://pear.php.net/packages.php and then run
pear install <package-name>
The next step is to use the PEAR package in your code. To do that, you should include the main PHP script of the package in your program with include, require, include_once or require_once statements.
<?php
include "PEARPACKAGE.php";
. . . . .
// rest of the code
. . . . .
?>
A newer PHP package manager called Composer is an alternative available for managing packages for a PHP project. Composer also supports the installation of PEAR packages. Composer is preferred by many instead of PEAR for PHP package distribution.
With each new version of PHP, new functionality is added and at the same time certain obsolete functionality is removed. PHP version 7 is a major version when a number of PHP extensions and SAPIs (Server-side Application Programming Interface) were removed. In the subsequent PHP 8 version also, a few more extensions have been removed.
In PHP, an extension is a library or plugin, written in C/C++, and compiled into shared libraries so that can be loaded into the PHP interpreter. Once the PHP interpreter starts, the functions in the extension are available to PHP scripts.
The extensions are periodically removed because they are either no longer maintained or have been replaced with more modern alternatives. Coinciding with PHP 7 for example, the ereg extension was replaced with the preg extension, and the mssql extension was replaced with the PDO_MSSQL extension.
Removed Extensions
The following extensions have been removed with effect from PHP 7 −
ereg extension replaced by preg
mssql extension replaced by pdo_mssql
mysql extension mysqli
sybase_ct replaced by pdo_sybase
The following extensions have been removed from PHP 8 onwards −
Mcrypt − The Mcrypt extension was used for encryption and decryption, but it has been deprecated since PHP 7.1 and removed in PHP 8 due to security vulnerabilities.
MDB2 − The MDB2 extension, earlier used for accessing MDB database files, is removed in PHP 8 due to lack of maintenance.
Ming − As Flash is not popular nowadays, the Ming extension, used for generating flash content, has been deprecated since PHP 5.5 and removed in PHP 8.
Phar Data − The Phar Data extension was used for accessing data within PHAR archives, but it has been removed in PHP 8 as there are other methods for accessing PHAR data.
SNMP − Because it is not being maintained, the SNMP extension has been removed in PHP 8.
Tidy − Since new libraries for HTML validation have been added, the Tidy extension was removed in PHP.
Tokenizer − The Tokenizer extension was also removed in PHP 8 for the same reason.
cURL − The cURL extension was removed in PHP 8.1, as it was no longer maintained.
Removed SAPIs
SAPI stands for Server-side Application Programming Interface in PHP. The SAPI is responsible for translating PHP code into something that the web server can understand. It parses the PHP code and calls the appropriate web server functions. The web server then generates an HTTP response that is sent back to the client.
The following SAPIs (Server-side Application Programming Interfaces) have been removed from PHP 7 onwards −
As some new features are added with each new version, some features are also removed as they are deemed to be obsolete. In this chapter, we have a look at deprecated features after PHP version 5.
Deprecated in PHP Ver 7
PHP 4 Style Constructors
PHP 4 style Constructors are methods having same name as the class they are defined in, are now deprecated, and will be removed in the future. PHP 7 will emit E_DEPRECATED if a PHP 4 constructor is the only constructor defined within a class. Classes implementing a __construct() method are unaffected.
Example
Take a look at the following example −
<?php
class A {
function A() {
print('Style Constructor');
}
}
?>
It produces the following output on the browser −
Deprecated: Methods with the same name as their class will not be
constructors in a future version of PHP; A has a deprecated constructor in...
Static Calls to Non-static Methods
Static calls to non-static methods are deprecated, and may be removed in the future.
Example
Take a look at the following example −
<?php
class A {
function b() {
print('Non-static call');
}
}
A::b();
?>
It produces the following output on the browser −
Deprecated: Non-static method A::b() should not be called statically in...
Non-static call
password_hash() salt option
The salt option for the password_hash() function has been deprecated so that the developers do not generate their own (usually insecure) salts. The function itself generates a cryptographically secure salt, when no salt is provided by the developer – thus custom salt generation is not required any more.
capture_session_meta SSL context option
The capture_session_meta SSL context option has been deprecated. SSL metadata is now used through the stream_get_meta_data() function.
ext/mcrypt
The mcrypt extension has been deprecated in favour of OpenSSL.
Unquoted Strings
Unquoted strings that are non-existent global constants are taken to be strings of themselves. This behaviour used to emit an E_NOTICE, but will now emit an E_WARNING. In the next major version of PHP, an Error exception will be thrown instead.
The __autoload() Method
The __autoload() method has been deprecated because it is inferior to spl_autoload_register() (due to it not being able to chain autoloaders), and there is no interoperability between the two autoloading styles.
The create_function() Function
Given the security issues of this function has now been deprecated. The preferred alternative is to use anonymous functions.
The each() Function
This function causes implementation issues for some language changes. It has therefore been deprecated.
Case-Insensitive Constants
The declaration of case-insensitive constants has been deprecated. Passing true as the third argument to define() will now generate a deprecation warning.
The (real) and is-real() Function
The (real) cast is deprecated, use (float) instead. The is_real() function is also deprecated, use is_float() instead.
The “parent” Leyword
Using parent inside a class without a parent is deprecated, and will throw a compile-time error in the future. Currently an error will only be generated if/when the parent is accessed at run-time.
Deprecated in PHP Ver 8
If a parameter with a default value is followed by a required parameter, the default value has no effect. This is deprecated as of PHP 8.0.0 and can generally be resolved by dropping the default value, without a change in functionality −
<?php
function test($a = [], $b) {} // Before
function test($a, $b) {} // After
?>
One exception to this rule are parameters of the form Type $param = null, where the null default makes the type implicitly nullable. This usage remains allowed, but it is recommended to use an explicit nullable type instead −
<?php
function test(A $a = null, $b) {} // Still allowed
function test(?A $a, $b) {} // Recommended
?>
Calling get_defined_functions() with exclude_disabled explicitly set to false is deprecated and no longer has an effect. get_defined_functions() will never include disabled functions.
Sort comparison functions that return true or false will now throw a deprecation warning, and should be replaced with an implementation that returns an integer less than, equal to, or greater than zero.
The implicit conversion of float to int which leads to a loss in precision is now deprecated. This affects array keys, int type declarations in coercive mode, and operators working on ints.
Calling a Static Element on a Trait
Calling a static method, or accessing a static property directly on a trait is deprecated. Static methods and properties should only be accessed on a class using the trait.
Date Functions
date_sunrise() and date_sunset() have been deprecated. Use date_sun_info() instead.
strptime() has been deprecated. Use date_parse_from_format() instead (for locale-independent parsing), or IntlDateFormatter::parse() (for locale-dependent parsing).
strftime() and gmstrftime() have been deprecated. You can use date() instead (for locale-independent formatting), or IntlDateFormatter::format() (for locale-dependent formatting).
Dynamic Properties
The creation of dynamic properties is deprecated. Instead, use stdClass that allows dynamic properties.
PHP has introduced a new function intdiv(), which performs integer division of its operands and return the division as int.
The intdiv() function returns integer quotient of two integer parameters. If “a/b” results in “c” as division and “r” as remainder such that −
a=b*c+r
In this case, intdiv(a,b) returns r −
intdiv(int$x,int$y):int
The $x and $y are the numerator and denominator parts of the division expression. The intdiv() function returns an integer. The return value is positive if both parameters are positive or both parameters are negative.
Example 1
If numerator is < denominator, the intdiv() function returns “0”, as shown below −
With the help of use keyword, you can insert a trait into a class. A Trait is similar to a class, but only intended to group functionality in a fine-grained and consistent way. It is not possible to instantiate a Trait on its own.
Example
Take a look at the following example −
<?php
trait mytrait {
public function hello() {
echo "Hello World from " . __TRAIT__ .;
}
}
class myclass {
use mytrait;
}
$obj = new myclass();
$obj->hello();
?>
It will produce the following output −
Hello World from mytrait
Closures
Closure is also an anonymous function that can access variables outside its scope with the help of the “use” keyword.
Example
Take a look at the following example −
<?php
$maxmarks=300;
$percent=function ($marks) use ($maxmarks) {
Expectations are a backwards compatible enhancement to the older assert() function. Expectation allows for zero-cost assertions in production code, and provides the ability to throw custom exceptions when the assertion fails.
assert() is now a language construct, where the first parameter is an expression as compared to being a string or Boolean to be tested.
Configuration Directives for assert()
The following table lists down the configuration directives for the assert() function −
Directive
Default value
Possible values
zend.assertions
1
1 − generate and execute code (development mode)0 − generate code but jump around it at runtime-1 − do not generate code (production mode)
assert.exception
0
1 − throw, when the assertion fails, either by throwing the object provided as the exception or by throwing a new AssertionError object if exception was not provided.0 − use or generate a Throwable as described above, but only generates a warning based on that object rather than throwing it (compatible with PHP 5 behaviour)
Parameters
Assertion − The assertion. In PHP 5, this must be either a string to be evaluated or a Boolean to be tested. In PHP 7, this may also be any expression that returns a value, which will be executed and the result is used to indicate whether the assertion succeeded or failed.
Description − An optional description that will be included in the failure message, if the assertion fails.
Exception − In PHP 7, the second parameter can be a Throwable object instead of a descriptive string, in which case this is the object that will be thrown, if the assertion fails and the assert.exception configuration directive is enabled.
Return Values
FALSE if the assertion is false, TRUE otherwise.
Example
Take a look at the following example −
<?php
ini_set('assert.exception', 1);
class CustomError extends AssertionError {}
assert(false, new CustomError('Custom Error Message!'));
?>
It will produce the following output −
PHP Fatal error: Uncaught CustomError: Custom Error Message! In test.php:6
