Category: PHP

PHP provides two alternatives for validating the form data items which are strings but are expected to be a representation of Email ID or a URL.

One way to check the form element contains email/URL is with the use of RegEx (regular expressions), and the other, more convenient approach is to use filter_var() function. Let us apply both these methods and validate email and URL submitted by a form to a PHP script.

Basic Form Structure

The HTML Form used for this chapter is as follows −

<h1>Email and URL Validation</h1><form action="hello.php" method="POST"><p><label for="email">Enter your email:</label><input type="text" id="email" name="email"></p><p><label for="URL">Enter your website<label><input type = "text" id="URL" name="url"></p><input type="submit"></form>

Validation with Regex

PHP’s built-in function library includes the preg_match() function that performs a regular expression match.

preg_match(string$pattern,string$subject,array&$matches=null,int$flags=0,int$offset=0):int|false

This function searches subject for a match to the regular expression given in pattern. preg_match() returns 1 if the pattern matches given subject, 0 if it does not, or false on failure.

A valid email ID should satisfy the following regular expression −

"/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix"

Similarly, a valid URL should satisfy the following regular expression −

"/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i"

The following function returns “1” or “0” if the string is a valid email ID.

functioncheckemail($str){return(!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix",$str))?FALSE:TRUE;}

Example: Check the Email Field

Let us use the checkmail() function to check whether the email field in the above HTML is valid or not, with the help of following PHP code −

<?php         
   function checkemail($str) {
  return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@
     ([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
   }
   if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $email = $_POST['email'];
  if(!checkemail($email)){
     echo "Invalid email address.";
  } else {
     echo "Valid email address.";
  }
   }
?>

The HTML form is rendered as below −

Test the PHP code by entering valid/invalid email string in the email field.

The following checkURL() function checks if a string represents a valid or invalid URL, and returns “1 or “0”.

functioncheckURL($str){return(!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)
  [-a-z0-9+&amp;@#\/%?=~_|!:,.;]*[-a-z0-9+&amp;@#\/%=~_|]/i",$str))?FALSE:TRUE;}</pre>


Example



The URL field extracted from the $_POST array is given as argument to the above function.



<?php         
   function checkURL($str) {
  return (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&amp;@#\/%?=~_|!:,.;]
     *[-a-z0-9+&amp;@#\/%=~_|]/i", $str)) ? FALSE : TRUE;
   }
   if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $url = $_POST['url'];
  if(!checkURL($url)){
     echo "Invalid URL.";
  } else {
     echo "Valid URL.";
  }
   }
?>



You can test the above code by entering URL string in the URL field of the above form.



Using filter_var() function



The built-in filter_var() function filters a variable with a specified filter.



filter_var(mixed$value,int$filter=FILTER_DEFAULT,array|int$options=0):mixed



Depending on the enumerated filter ID as the value of $filter parameter, the $value parameter is checked and the function returns the filtered data, or false if the filter fails.



Predefined Filter ID Constants



There are various predefined filter ID constants available −



Sr.No
ID & Description
1
FILTER_VALIDATE_BOOLReturns true for "1", "true", "on" and "yes". Returns false otherwise.
2
FILTER_VALIDATE_DOMAINValidates whether the domain name label lengths are valid.
3
FILTER_VALIDATE_EMAILValidates whether the value is a valid e-mail address.
4
FILTER_VALIDATE_IPValidates value as IP address
5
FILTER_VALIDATE_URLValidates value as URL



Example



The following PHP script validates the email and URL data submitted by the HTML for above −



<?php
   if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $email = $_POST['email'];
  $url = $_POST['url'];
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
     echo "Invalid email format and please re-enter valid email\n"; 
  }
  else
  echo "Email entered is in valid format\n";
  if (!filter_var($url, FILTER_VALIDATE_URL)) {
     echo "Invalid URL format and please re-enter valid URL\n"; 
  }
  else
  echo "URL entered is in valid format\n";
   }
?>



You can test the performance of the above script by entering valid/invalid email/URL.

The term “Form Validation” refers to the process of ascertaining if the data entered by the user in various form elements is acceptable for further processing. Validation of data before its subsequent processing avoids possible exceptions and runtime errors.

Types of Form Validation

Validation can be done both on the client-side and on the server-side. When the client submits the form, the form data is intercepted by the PHP script running on the server. Using various functions available in PHP, the server-side form validation can be done.

• Client-side Validation: This happens in the user’s web browser before the form submission. It provides instant feedback to users. This is commonly done with JavaScript.
• Server-side Validation: After the submission of the form, server-side validation happens. It is important for security and ensures that data is checked on the server even when client-side validation is turned off.

How to Validate Forms in PHP

To validate forms in PHP you will have to follow the below steps −

• Create a Form: First you need to create a simple HTML form.
• Collect Form Data: Then use PHP to collect the data after the form is submitted.
• Perform Validation: After that you have to check if the data meets specific criteria.
• Provide Feedback: Inform the user if there are any errors or if the submission is successful.

Client-side Validation

The new input controls as per the HTML5 specifications have in-built validation. For example an input element of the type ’email’, even though is a text field, is customized to accept a string that is according to email address protocol.

Validation takes place before the data is submitted to the server. Same thing is true with other input types such as URL, number, etc.

Example

Given below is an HTML form with input elements of number type, email type and URL type. If you enter data that is not as per the required format, a suitable error message is flashed as you try to submit the form.

<h1>Input Validation</h1><form><p><Label for "name">Enter your name</label><input type = "text" id="name" name="name"></p><p><label for="age">Enter age</label><input type = "text" id = "age" name="age"></p><p><label for="email">Enter your email:</label><input type="text" id="email" name="email"></p><p><label for="URL">Enter your website<label><input type = "text" id="URL" name="url"></p><input type="submit"></form>

The number type text field shows up/down counter arrows on the right. Only number is accepted, and can be incremented or decremented.

If the data in email field is invalid, you get the error message flashed as below.

Similarly, any incorrect format for the URL also flashes the error as shown −

Server-Side Validation

The validation on the server-side with PHP comes into picture, either when the form data passes the client-side validation, or there’s no validation on the client side at all.

In the HTML form used in the above example, let us remove all special input types and use all text fields of text type. The form is submitted with POST method to hello.php on the server.

<form action="hello.php" method="POST"><p><Label for "name">Enter your name</label><input type = "text" id="name" name="name"></p><p><label for="age">Enter age</label><input type = "text" id = "age" name="age"></p><p><label for="email">Enter your email:</label><input type="text" id="email" name="email"></p><p><label for="URL">Enter your website<label><input type = "text" id="URL" name="url"></p><input type="submit"></form>

Form is Empty

If the user (may be inadvertently) clicks the submit button, you can ask PHP to display the form again. You need to check if the $_POST array has been initialized with isset() function. If not, the header() function redirects the control back to the form.

<?php 
   if ($_SERVER["REQUEST_METHOD"] == "POST") {
  if (isset($_POST)) {
     header("Location: hello.html", true, 301);  
     exit();  
  }
  // form processing if the form is not empty
   }
?>

Example

You can also check if any of the fields is empty at the time of submitting the form.

<?php        
   if ($_SERVER["REQUEST_METHOD"] == "POST") {
  foreach($_POST as $k=&gt;$v) {
     if (empty($v)==true) {
        echo "One or more fields are empty \n";
        echo "&lt;a href = 'hello.html'&gt;Click here to go back &lt;/a&gt;";
        exit;
     }
     else
     echo "$k =&gt; $v \n";
  }
   }
?>

Age field is non-numeric

In the HTML form the input field for name is of text type, hence it can accept any characters. However, we want it to be numeric. This can be ensured by is_numeric() function

<?php    
   if (is_numeric($_POST["age"])==false) {
  echo "Age cannot be non-numeric \n";
  echo "&lt;a href = 'hello.html'&gt;Click here to go back&lt;/a&gt;";
   }
?>

PHP also has is_string() function to check if a filed contains a string or not. Two other functions, trim() and htmlspecialchars() are also useful for form validation.

• trim() − Removes whitespace from the beginning and end of a string
• htmlspecialchars() − Converts special characters to HTML entities to prevent cross-site scripting (XSS) attacks.

Why is Form Validation Important?

Form validation is important for a number of reasons.

• Security: It helps to prevent malicious attacks like SQL injection and cross-site scripting (XSS).
• Data integrity: Validating data makes sure it is correct and usable.
• User Experience: It provides users with instant feedback when they make errors, which improves their experience.

Following are the rules for form validation −

• Required Fields: You need to make sure important fields are not empty.
• Email Validation: You can check if the email address is valid or not.
• Number Validation: You should allow only numbers for fields like age or phone number.
• URL Validation: Need to check if a valid website URL is entered by the user.
• Length Check: You have to limit how many characters a user can enter in the form.
• Pattern Matching: You can also use regular expressions to allow only specific characters.

Avoid $_SERVER[“PHP_SELF”] Exploits

$_SERVER[“PHP_SELF”] gets the current page’s filename. This is useful, but it can be dangerous if not used correctly. Hackers can use this to inject malicious code into your website. For example, imagine your form action is this −

<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">

And the URL is changed to −

   http://example.com/form.php/<script>alert('Hacked!')</script>

The above script can run and harm your website. So to avoid this you can use the htmlspecialchars() function. It turns special characters into harmless ones.

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">

If someone tries to inject code, it will now be shown as plain text rather than executed as a script. This prevents harmful scripts from running.

Final Example

Here is the final example to avoid exploits. This means that even if someone attempts to insert harmful code, it will have no effect on your website.

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"><label for="name">Enter your name:</label><input type="text" id="name" name="name"><input type="submit"></form>

HTML Forms play an important role in PHP web applications. Although a webpage composed purely with HTML is a static webpage, the HTML form component is an important feature that helps in bringing interactivity and rendering dynamic content. PHP’s form handling functionality can validate data collected from the user, before processing.

What is Form Handling ?

An HTML Form is a collection various form controls such as text fields, checkboxes, radio buttons, etc., with which the user can interact, enter or choose certain data that may be either locally processed by JavaScript (client-side processing), or sent to a remote server for processing with the help of server-side programming scripts such as PHP.

For example – suppose a user enters their name and email, clicks submit and you can use PHP to handle this data.

HTML Form Structure

One or more form control elements are put inside <form> and </form> tags. The form element is characterized by different attributes such as name, action, and method.

<form [attributes]>
   Form controls
</form>

Form Attributes

Out of the many attributes of the HTML form element, the following attributes are often required and defined −

Action Attribute

a string representing the URL that processes the form submission. For example, http://example.com/test.php. To submit the for-data to the same PHP script in which the HTML form is defined, use the PHP_SELF server variable −

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">

Enctype Attribute

specifies the method using which the form-data should be encoded before sending it to the server. Possible values are −

• application/x-www-form-urlencoded − The default value.
• multipart/form-data − Use this if the form contains <input> elements with type=file.
• text/plain − Useful for debugging purposes.

Method Attribute

a string representing the HTTP method to submit the form with. The following methods are the possible values of method attribute −

• post − The POST method; form data sent as the request body.
• get (default) − The GET; form data appended to the action URL with a “?” separator. Use this method when the form has no side effects.
• dialog − When the form is inside a <dialog>, closes the dialog and causes a submit event to be fired on submission, without submitting data or clearing the form.

Name Attribute

The name of the form. The value must not be the empty string, and must be unique if there are multiple forms in the same HTML document.

Target Attribute

a string that indicates where to display the response after submitting the form. Should be one of the following −

• _self (default) − Load into the same browsing context as the current one.
• _blank − Load into a new unnamed browsing context.
• _parent − Load into the parent browsing context of the current one.
• _top − Load into the top-level browsing context (an ancestor of the current one and has no parent).

Hence, a typical HTML form, used in a PHP web application looks like −

<form name="form1" action="<?php echo $_SERVER['PHP_SELF'];?>" action="POST">
   Form controls
</form>

Form Elements

A HTML form is designed with different types of controls or elements. The user can interact with these controls to enter data or choose from the available options presented. Some of the elements are described below −

Input Element

The input element represents a data field, which enables the user to enter and/or edit the data.

The type attribute of INPUT element controls the data. The INPUT element may be of the following types −

Text

A text field to enter a single line text.

<input type="text" name="employee">

Password

A single line text filed that masks the entered characters.

<input type="password" name="pwd"><br>

Checkbox

A rectangular checkable box which is a set of zero or more values from a predefined list.

<input type="checkbox" id="s1" name="sport1" value="Cricket"><label for="s1">I like Cricket</label><br><input type="checkbox" id="s2" name="sport2" value="Football"><label for="s2">I like Football</label><br><input type="checkbox" id="s3" name="sport3" value="Tennis"><label for="s3">I like Tennis</label><br><br>

Radio

This type renders a round clickable button with two states (ON or OFF), usually a part of multiple buttons in a radio group.

<input type="radio" id="g1" name="gender" value="Male"><label for="g1">Male</label><br><input type="radio" id="g2" name="female" value="Female"><label for="g2">Female</label><br>

File

The input type renders a button captioned file and allows the user to select a file from the client filesystem, usually to be uploaded on the server. The form’s enctype attribute must be set to “multipart/form-data”

<input type="file" name="file">

Email

A single line text field, customized to accept a string conforming to valid email ID.

URL

A single line text filed customized to accept a string conforming to valid URL.

Submit

This input element renders a button, which when clicked, initiates the the submission of form data to the URL specified in the action attribute of the current form.

<input type="submit" name="Submit">

Select Element

The select element represents a control for selecting amongst a set of options. Each choice is defined with option attribute of Select Control. For example −

<select name="Subjects" id="subject"><option value="Physics">Physics</option><option value="Chemistry">Chemistry</option><option value="Maths">Maths</option><option value="English">English</option></select>

Form Example

Let us use these form elements to design a HTML form and send it to a PHP_SELF script

When you fill out a form and hit the ‘Submit’ button, PHP steps in to get the information you have given. It uses something called $_POST to get the details from fields like your name, email, website, comment and gender. To keep things safe and secure, PHP employs the htmlspecialchars() function, which helps to block any potentially harmful code. After processing everything, PHP then shows you the information you’ve entered right on the webpage.

<html><body><form method = "post" action = "<?php 
  echo htmlspecialchars($_SERVER["PHP_SELF"]);<strong>?&gt;</strong>"&gt;&lt;table&gt;&lt;tr&gt;&lt;td&gt;Name:&lt;/td&gt;&lt;td&gt;&lt;input type = "text" name = "name"&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;E-mail: &lt;/td&gt;&lt;td&gt;&lt;input type = "email" name = "email"&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Website:&lt;/td&gt;&lt;td&gt;&lt;input type = "url" name = "website"&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Classes:&lt;/td&gt;&lt;td&gt;&lt;textarea name = "comment" rows = "5" cols = "40"&gt;&lt;/textarea&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Gender:&lt;/td&gt;&lt;td&gt;&lt;input type = "radio" name = "gender" value = "female"&gt;Female
           &lt;input type = "radio" name = "gender" value = "male"&gt;Male
        &lt;/td&gt;&lt;/tr&gt;&lt;td&gt;&lt;input type = "submit" name = "submit" value = "Submit"&gt;&lt;/td&gt;&lt;/table&gt;&lt;/form&gt;<strong>&lt;?php</strong>
  $name = $email = $gender = $comment = $site = "";
  if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $name = $_POST["name"];
     $email = $_POST["email"];
     $name = $_POST["name"];
     $comment = $_POST["comment"];
     $gender = $_POST["gender"];
     $site = $_POST["website"];
  }
  echo "&lt;h2&gt;Your given values are as:&lt;/h2&gt;";
  echo $name;
  echo "&lt;br&gt;";
  echo $email;
  echo "&lt;br&gt;";
  echo $site;
  echo "&lt;br&gt;";
  echo $comment;
  echo "&lt;br&gt;";
  echo $gender;
   ?></body></html>

Output

It will produce the following output −

PHP is a server-side scripting language that is used to create dynamic webpages. It is one of the most popular programming languages for web development. This chapter aims to let you get familiarized with certain important concepts of web application development using PHP.

A web-based application is a collection of webpages. A webpage is mainly created with HTML tags. HTML consists of different HTML tags which are required to define the appearance of page elements like text, image, table, etc. Hence, HTML essentially creates a static webpage.

A Web application is hosted on a HTTP server with PHP module installed. The browser acts as a http client, to establish communication with the server, following HTTP protocol.

How to Add Dynamic Content on a Webpage?

To add dynamic content io a webpage, there are two possibilities.

JavaScript is a client-side scripting language, that can access the HTML document object model and render dynamic content on the client browser. JavaScript code can be embedded in HTML page.

The browser may collect data from the user in the form of HTML form elements and send it to a HTTP server for processing. PHP is a widely used Server-side processing language. PHP script can also be embedded inside HTML page.

Example

In the following script, JavaScript code embedded in HTML renders the current date as per the client browser, and the PHP code displays the current date as per the server, where this script is hosted.

<!DOCTYPE html><html><body><script type="text/JavaScript">
  document.write("Client's date :"+Date()+"\n");
   </script><?php
  date_default_timezone_set("Asia/Calcutta");
  echo "server's date is " . date("Y-m-d") . "\n";
  echo "The time is " . date("h:i:sa");
   ?></body></html>

PHP can intercept and process the data from HTML forms. This allows you to collect information from your users. The next chapter discusses PHP’s form handling.

PHP can be used to interact with databases such as MySQL and PostgreSQL. This allows you to store and retrieve data from your database, and dynamically populate the web pages or to power the web applications. PHP includes mysql, mysqli and PDO extensions for database handling.

PHP can handle the data received from the client with HTTP GET as well as POST methods. We shall discuss in detail, how PHP handles GET/POST methods in one of the latter chapters.

HTTP is a stateless protocol. However, it allows Sessions and cookies to be maintained on server and client respectively. PHP can be used to create and manage sessions and cookies. Sessions allow you to track individual users as they navigate your website, while cookies allow you to store information on the user’s computer for later use. In of the subsequent chapters, we shall learn how PHP handles sessions and cookies.

PHP can be used to upload files to your web server. This allows you to create web applications that allow users to upload files, such as images, videos, or documents.

You can use PHP to create a login page for your website. When the user enters their username and password, PHP can check the database to see if the user is valid. If the user is valid, PHP can log the user in and redirect them to the main page of your website.

Identifying Browser & Platform

PHP creates some useful environment variables that can be seen in the phpinfo.php page that was used to setup the PHP environment.

One of the environment variables set by PHP is HTTP_USER_AGENT which identifies the user’s browser and operating system.

PHP provides a function getenv() to access the value of all the environment variables. The information contained in the HTTP_USER_AGENT environment variable can be used to create dynamic content appropriate to the browser.

Example

Following example demonstrates how you can identify a client browser and operating system.

NOTE − The function preg_match()is discussed in PHP Regular expression session.

<?php
   function getBrowser() { 
  $u_agent = $_SERVER['HTTP_USER_AGENT']; 
  $bname = 'Unknown';
  $platform = 'Unknown';
  $version = "";
        
  //First get the platform
  if (preg_match('/linux/i', $u_agent)) {
     $platform = 'linux';
  } elseif (preg_match('/macintosh|mac os x/i', $u_agent)) {
     $platform = 'mac';
  } elseif (preg_match('/windows|win32/i', $u_agent)) {
     $platform = 'windows';
  }
        
  // Next get the name of the useragent yes separately and for good reason
  if(preg_match('/MSIE/i',$u_agent) &amp;&amp; !preg_match('/Opera/i',$u_agent)) {
     $bname = 'Internet Explorer';
     $ub = "MSIE";
  } elseif(preg_match('/Firefox/i',$u_agent)) {
     $bname = 'Mozilla Firefox';
     $ub = "Firefox";
  } elseif(preg_match('/Chrome/i',$u_agent)) {
     $bname = 'Google Chrome';
     $ub = "Chrome";
  } elseif(preg_match('/Safari/i',$u_agent)) {
     $bname = 'Apple Safari';
     $ub = "Safari";
  } elseif(preg_match('/Opera/i',$u_agent)) {
     $bname = 'Opera';
     $ub = "Opera";
  } elseif(preg_match('/Netscape/i',$u_agent)) {
     $bname = 'Netscape';
     $ub = "Netscape";
  }
        
  // finally get the correct version number
  $known = array('Version', $ub, 'other');
  $pattern = '#(?&lt;browser&gt;' . join('|', $known) . ')
     [/ ]+(?&lt;version&gt;[0-9.|a-zA-Z.]*)#';
  if (!preg_match_all($pattern, $u_agent, $matches)) {
     // we have no matching number just continue
  }
  // see how many we have
  $i = count($matches['browser']);
  if ($i != 1) {
     //we will have two since we are not using 'other' argument yet
     //see if version is before or after the name
     if (strripos($u_agent,"Version") &lt; strripos($u_agent,$ub)){
        $version= $matches['version'][0];
     } else {
        $version= $matches['version'][1];
     }
  } else {
     $version= $matches['version'][0];
  }
        
  // check if we have a number
  if ($version == null || $version == "") {$version = "?";}
     return array(
        'userAgent' =&gt; $u_agent,
        'name'      =&gt; $bname,
        'version'   =&gt; $version,
        'platform'  =&gt; $platform,
        'pattern'   =&gt; $pattern
     );
   }
     
   // now try it
   $ua = getBrowser();
   $yourbrowser = "Your browser: " . $ua['name'] . " " . $ua['version'] .
   " on " .$ua['platform'] . " reports: <br >" . $ua['userAgent'];

   print_r($yourbrowser);
?>

This is producing following result on my machine. This result may be different for your computer depending on what you are using.

It will produce the following result −

Your browser: Google Chrome 54.0.2840.99 on windows reports: 
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) 
   Chrome/54.0.2840.99 Safari/537.36

Display Images Randomly

The PHP rand() function is used to generate a random number.i This function can generate numbers with-in a given range. The random number generator should be seeded to prevent a regular pattern of numbers being generated. This is achieved using the srand() function that specifies the seed number as its argument.

Example

Following example demonstrates how you can display different image each time out of four images −

<?php
   srand( microtime() * 1000000 );
   $num = rand( 1, 4 );
     
   switch( $num ) {
  case 1: $image_file = "/php/images/php_image_sample_1.jpg";
     break;
        
  case 2: $image_file = "/php/images/php_image_sample_2.jpg";
     break;
        
  case 3: $image_file = "/php/images/php_image_sample_3.jpg";
     break;
        
  case 4: $image_file = "/php/images/php_image_sample_4.jpg";
     break;
   }
   echo "Random Image : <img src=$image_file />";
?>

It will produce the following result −

Using HTML Forms

The most important thing to notice when dealing with HTML forms and PHP is that any form element in an HTML page will automatically be available to your PHP scripts.

Example

Try out following example by putting the source code in test.php script.

<?php
   if( $_POST["name"] || $_POST["age"] ) {
  if (preg_match("/[^A-Za-z'-]/",$_POST['name'] )) {
     die ("invalid name and name should be alpha");
  }
  
  echo "Welcome ". $_POST['name']. "&lt;br /&gt;";
  echo "You are ". $_POST['age']. " years old.";
  
  exit();
   }
?><form action = "<?php <b>$_PHP_SELF</b> ?>" method = "POST">
   Name: <input type = "text" name = "name" />
   Age: <input type = "text" name = "age" /><input type = "submit" /></form>

It will produce the following result −

• The PHP default variable $_PHP_SELF is used for the PHP script name and when you click “submit” button then same PHP script will be called and will produce following result −
• The method = “POST” is used to post user data to the server script. There are two methods of posting data to the server script which are discussed in PHP GET & POST chapter.

Browser Redirection

The PHP header() function supplies raw HTTP headers to the browser and can be used to redirect it to another location. The redirection script should be at the very top of the page to prevent any other part of the page from loading.

The target is specified by the Location: header as the argument to the header() function. After calling this function the exit() function can be used to halt parsing of rest of the code.

Example

Following example demonstrates how you can redirect a browser request to another web page. Try out this example by putting the source code in test.php script.

<?php
   if( $_POST["location"] ) {
  $location = $_POST["location"];
  header( "Location:$location" );
  
  exit();
   }
?><p>Choose a site to visit :</p><form action = "<?php <b>$_SERVER['PHP_SELF']</b> ?>" method ="POST"><select name = "location">.
     
  &lt;option value = "http://www.tutorialspoint.com"&gt;
     Tutorialspoint.com
  &lt;/option&gt;&lt;option value = "http://www.google.com"&gt;
     Google Search Page
  &lt;/option&gt;&lt;/select&gt;&lt;input type = "submit" /&gt;&lt;/form&gt;</pre>


It will produce the following result −

The release of version 7.0 is an important milestone in the evolution of PHP language, when a lot of new features were introduced. The feature of Anonymous class was also made available in PHP version 7.0.

As the term “anonymous” suggests, it is a class without a (programmer declared) name. The usual practice is to define a class with a certain identifier, so that it can be used repeatedly. The anonymous class, on the other hand is for one-time use only.

Here are the covered topics in this chapter −

• Creating an Anonymous Class in PHP
• Using Methods in an Anonymous Class
• Anonymous Class as a Child Class
• Dependencies to an Anonymous Class

Creating an Anonymous Class in PHP

Here is how you can create a basic anonymous class in PHP −

$obj=newclass(){/* class body */};

Apart from this class not having a name, it is similar to a normal named class, in the sense it can contain properties and methods. Its functionality is no different from that of an object of a named class.

An anonymous class might be used over a named class especially when the class does not need to be documented, and when the class is used only once during execution. Anonymous classes are useful when simple, one-off objects need to be created.

Using Methods in an Anonymous Class

In the following code, an anonymous class is instantiated and stored in $obj object. The class includes definitions of addition() and division() methods, which are called with the $obj object.

<?php
   $obj = new class(10) {
  private int $x;
  function __construct($x) {
     $this-&gt;x = $x;
  }
  public function addition($x) {
     return $this-&gt;x+$x;
  }
  public function division($x) {
     return $this-&gt;x/$x;
  }
   };

   echo "Addition: " . $obj->addition(20) . PHP_EOL;
   echo "Division: " . $obj->division(20) . PHP_EOL;
?>

Output

It will produce the following output −

Addition: 30
Division: 0.5

Anonymous Class as a Child Class

An anonymous class can do everything that a normal class can. It can extends another class, implement an interface or even use a trait.

Example

In the example below, the anonymous class is a child class, extending a parent already available.

<?php
   class myclass {
  public function hello() {
     echo "Hello World!" . PHP_EOL;
  }
   }
   $obj = new class("Neena") extends myclass {
  private string $nm;
  function __construct($x) {
     $this-&gt;nm = $x;
  }
  public function greeting() {
     parent::hello();
     echo "Welcome " . $this-&gt;nm . PHP_EOL;
  }
   };
   $obj->greeting();
?>

Output

It will produce the following output −

Hello World!
Welcome Neena

Example: Internal Name of an Anonymous Class

Although the anonymous class doesn’t have any user defined name, PHP does assign it an internal name, which can be obtained with the built-in get_class() function as follows −

<?php
   $obj = new class() {
  function greeting() {
     echo "Hello World" . PHP_EOL;
  }
   };
   $obj->greeting();
   echo "Name of class: " . get_class($obj);
?>

Output

It will produce the following output −

Hello World
Name of class: class@anonymousC:\xampp\htdocs\hello.php:2$0

PHP parser assigns the internal name randomly.

Dependencies to an Anonymous Class

Dependencies can be sent to an anonymous class via its constructor, making it suitable for dynamic, one-time use cases. This shows how to inject a logger or another service directly into an anonymous class, which is useful for small, temporary tasks.

<?php
   class Logger {
  public function log($message) {
     echo "Log: " . $message . PHP_EOL;
  }
   }

   $logger = new Logger();

   $obj = new class($logger) {
  private $logger;
  public function __construct($logger) {
     $this-&gt;logger = $logger;
  }
  public function doSomething() {
     $this-&gt;logger-&gt;log("Doing something important!");
  }
   };

   $obj->doSomething();
?>

Output

Here is the outcome of the following code −

Log: Doing something important!

A PHP statement such as “$obj1 = $obj2” merely creates another reference to the same object in memory. Hence, changes in attribute reflect both in original and duplicate object. The clone keyword in PHP creates a shallow copy of an object.

$obj2=$obj1

Changes in the original object do not reflect in the shallow copy.

Cloning Types

There are two types of object copies in PHP −

• Shallow Copy: Copy only the item, not the objects it references.
• Deep Copy: The __clone() function creates a complete copy of an object, including its children.

Example: Basic Reference Copy

Take a look at the following example −

<?php
   class foo {
  var $var1 = 'Hello';
   }
   $x = new foo();
   $y = $x;		# reference copy
   echo $x->var1 . " " . $y->var1 . PHP_EOL;

   $x->var1 = "Hello World";
   echo $x->var1 . " " . $y->var1 . PHP_EOL;
?>

Output

It will produce the following output −

Hello Hello
Hello World Hello World

In the first case, $y is just a reference copy of $x. Hence, any change in var1 property reflects in both.

However, if we declare $y as a clone of $x, then any change in the original object is not reflected in its shallow copy.

Example: Basic Shallow Copy

Take a look at the following example −

<?php
   class foo {
  var $var1 = 'Hello World';
   }

   $x = new foo();

   # shallow copy
   $y = clone $x;
   echo $x->var1 . " " . $y->var1 . PHP_EOL;

   $x->var1 = "Hello PHP";
   echo $x->var1 . " " . $y->var1 . PHP_EOL;
?>

Output

It will generate the following output −

Hello World Hello World
Hello PHP Hello World

Example: Shallow Copy with Embedded Object

In the following code, myclass has one of attributes as object of address class. An object of myclass is duplicated by assignment. Any change in the value of its embedded address object is reflected in both the objects, but change in the name property is not effected in the cloned object.

<?php
   class address {
  var $city="Nanded";
  var $pin="431601";
  function setaddr($arg1, $arg2) {
     $this-&gt;city=$arg1;
     $this-&gt;pin=$arg2;
  }
   }
   class myclass {
  var $name="Raja";
  var $obj;
  function setname($arg) {
     $this-&gt;name=$arg;
  }
   }

   $obj1=new myclass();
   $obj1->obj=new address();
   echo "original object\n";
   print_r($obj1);
   echo "\n";

   $obj2=$obj1;		# reference copy
   $obj1->setname("Ravi");
   $obj1->obj->setaddr("Mumbai", "400001");
   echo "after change: Original object\n";
   print_r($obj1);
   echo "\nCopied object\n";
   print_r($obj2);
?>

Output

It will produce the below output −

original object
myclass Object
(
   [name] => Raja
   [obj] => address Object
   (
  [city] => Nanded
  [pin] => 431601
   )
)

after change: Original object
myclass Object
(
   [name] => Ravi
   [obj] => address Object
   (
  [city] => Mumbai
  [pin] => 400001
   )
)

Copied object
myclass Object
(
   [name] => Ravi
   [obj] => address Object
   (
  [city] => Mumbai
  [pin] => 400001
   )
)

Using the clone Keyword

In a shallow copy, any properties of the original object that are references to other variables will remain references. The clone keyword does not copy the contained objects of the copied objects.

We now create a clone of myclass object, so that $obj2 is the clone of $obj1. We change the name property of $obj1 from Raja to Ravi, and also modify the embedded address object. The property change will not reflect in its clone, but the referred address object will be changed.

Example

Take a look at the following example −

<?php
   class address {
  var $city="Nanded";
  var $pin="431601";
  function setaddr($arg1, $arg2) {
     $this-&gt;city=$arg1;
     $this-&gt;pin=$arg2;
  }
   }
   class myclass {
  var $name="Raja";
  var $obj;
  function setname($arg) {
     $this-&gt;name=$arg;
  }
   }
   $obj1=new myclass();
   $obj1->obj=new address();
   echo "original object\n";
   print_r($obj1);
   echo "\n";

   $obj2=clone $obj1;		# clone copy
   $obj1->setname("Ravi");
   $obj1->obj->setaddr("Mumbai", "400001");
   echo "after change: Original object\n";
   print_r($obj1);
   echo "\nCopied object\n";
   print_r($obj2);
?>

Output

It will produce the following output −

original object
myclass Object
(
   [name] => Raja
   [obj] => address Object
   (
  [city] => Nanded
  [pin] => 431601
   )
)

after change: Original object
myclass Object
(
   [name] => Ravi
   [obj] => address Object
   (
  [city] => Mumbai
  [pin] => 400001
   )
)

Copied object
myclass Object
(
   [name] => Raja
   [obj] => address Object
   (
  [city] => Mumbai
  [pin] => 400001
   )
)

Using __clone() Method

The clone keyword creates a shallow copy of the object. When an object is cloned, PHP will perform a shallow copy of all of the object’s properties. Any properties that are references to other variables will remain references. Hence, any changes done to the original object will also appear in the cloned object.

If you wish to prevent the copied object to update automatically, we need to create a deep copy of the object with the __clone() method. It is one of the magic methods in PHP.

Once the cloning is complete, if a __clone() method is defined, then the newly created object’s __clone() method will be called, to allow any necessary properties that need to be changed.

Example: Deep Copy with __clone() Method

In the above example, we have an object of myclass, one of its attributes $obj holding the reference to an object of address class. To achieve a deep copy, we override the __clone() magic method in myclass.

<?php
   class address {
  var $city="Nanded";
  var $pin="431601";
  function setaddr($arg1, $arg2) {
     $this-&gt;city=$arg1;
     $this-&gt;pin=$arg2;
  }
   }
   class myclass {
  var $name="Raja";
  var $obj;
  function setname($arg) {
     $this-&gt;name=$arg;
  }
  public function __clone() {
     $this-&gt;obj = clone $this-&gt;obj ;
  }
   }
   $obj1=new myclass();
   $obj1->obj=new address();
   echo "original object\n";
   print_r($obj1);
   echo "\n";

   $obj2=clone $obj1;		# cloned deep copy
   $obj1->setname("Ravi");
   $obj1->obj->setaddr("Mumbai", "400001");
   echo "after change: Original object\n";
   print_r($obj1);
   echo "\nCloned object\n";
   print_r($obj2);
?>

Output

You will now see that the changes in the original object (we change the address attributes) won’t reflect in the cloned object, as the following output shows −

original object
myclass Object
(
   [name] => Raja
   [obj] => address Object
   (
  [city] => Nanded
  [pin] => 431601
   )
)

after change: Original object
myclass Object
(
   [name] => Ravi
   [obj] => address Object
   (
  [city] => Mumbai
  [pin] => 400001
   )
)

Cloned object
myclass Object
(
   [name] => Raja
   [obj] => address Object
   (
  [city] => Nanded
  [pin] => 431601
   )
)

Shallow vs Deep Copy

Here is the difference between shallow copy and deep copy −

Aspect	Shallow Copy	Deep Copy
Object itself	Duplicated	Duplicated
Nested objects	Copied by reference	Fully duplicated
Independent state	No (shared nested objects)	Yes (completely independent)
PHP tool	clone	clone + __clone()

When to Use Each Type

Shallow copy is sufficient when objects have no references to other objects or when shared state is required.

Deep Copy is required when items form nested objects and you want no connection between the original and clone.

In C++ or Java, the term means a class can a class method of same name more than once but with different arguments and/or return type. In PHP, the term overloading has a different interpretation. It is a feature with which properties and methods can be created dynamically. PHP’s magic methods (method names starting with double underscore) are used to set up dynamic properties and methods.

The magic methods used for the purpose of overloading are invoked when interacting with properties or methods that have not been declared or are not visible in the current scope.

So in this chapter we have covered the below topics −

• Property Overloading
• Method Overloading
• Access Control in Overloading
• Handle Undefined Properties and Methods
• Inheritance and Overloading

Property Overloading

The examples of PHP’s magic methods are __construct(), __destruct(), __tostring(), etc. PHP uses the following magic methods for overloading properties.

public__set(string$name,mixed$value):voidpublic__get(string$name):mixedpublic__isset(string$name):boolpublic__unset(string$name):void

Here,

• __set() is run for writing data to inaccessible properties that are protected or private or non-existing.
• __get() reads data from inaccessible properties.
• __isset() calls isset() or empty() on inaccessible properties.
• __unset() is invoked when unset() is called on inaccessible properties.

The $name argument used above is the name of the property to be set or retrieved. The $value argument of __set() method specifies the value to be assigned to the property.

The __isset() method checks if a certain property has been set or not. The __unset() method removes the property.

Property overloading works only in object context. In any static context, these magic methods will not be triggered. Hence they should not be declared static.

Example

In the following code, a dynamic property named myprop, which is not declared in the class, is set and retrieved.

<?php
   class myclass {
  public function __set($name, $value) {
     echo "setting $name property to $value \n";
     $this-&gt;$name = $value;
  }
  public function __get($name) {
     echo "value of $name property is ";
     return $this-&gt;$name;
  }
   }

   $obj = new myclass();

   # This calls __set() method
   $obj->myproperty="Hello World!";

   # This call __get() method
   echo "Retrieving myproperty: " . $obj->myproperty . PHP_EOL;
?>

It will produce the following output −

setting myproperty property to Hello World! 
Retrieving myproperty: Hello World!

The __set() and __get() magical methods also set and retrieve a property which is declared as private. Add the following statement inside myclass (before the function definitions)

private$myproperty;

You can check if the property, define __isset() method in myclass −

publicfunction__isset($name){returnisset($this->$name);}

Check if the property is set with this statement −

var_dump(isset($obj->myproperty));

Which in this case returns true.

To unset the dynamically created property with the __unset() method defined in myclass −

publicfunction__unset($name){unset($this->$name);}

The following code would return false −

var_dump(isset($obj->myproperty));

Method Overloading

Two magic methods used to set methods dynamically are __call() and __callStatic().

public__call(string$name,array$arguments):mixedpublicstatic__callStatic(string$name,array$arguments):mixed

The __call() is triggered when invoking inaccessible (not defined or private) methods in an object context. On the other hand, the __callStatic() is triggered when invoking inaccessible methods in a static context.

Example

The following example demonstrates method overloading in PHP

<?php
   class myclass {
  public function __call($name, $args) {
	  
     // Value of $name is case sensitive.
     echo "Calling object method $name with " . implode(" ", $args). "\n";
  }
  public static function __callStatic($name, $args) {
     echo "Calling static method $name with " . implode(" ", $args). "\n";
  }
   }
   $obj = new myclass();

   # This invokes __call() magic method
   $obj->mymethod("Hello World!");

   # This invokes __callStatic() method
   myclass::mymethod("Hello World!");
?>

It will produce the following output −

Calling object method mymethod with Hello World!
Calling static method mymethod with Hello World!

Access Control in Overloading

Here __get and __set methods can access private or protected properties which might bypass encapsulation.

<?php
   class Example {
  private $name;
  public function __set($property, $value) {
     $this-&gt;$property = $value;
  }
  public function __get($property) {
     return $this-&gt;$property;
  }
   }

   $obj = new Example();
   // Accessing private property
   $obj->name = "Radhika"; 

   echo $obj->name;
?>

Output

Following is the output of the above code −

Radhika

Handle Undefined Properties and Methods

To avoid unexpected behavior, add tests or exceptions to magic methods. So see the below example −

<?php
   class SafeExample {
  public function __get($name) {
     if (!property_exists($this, $name)) {
        throw new Exception("Property '$name' does not exist.");
     }
  }
   }

   $obj = new SafeExample();
   try {
  echo $obj-&gt;unknownProperty;
   } catch (Exception $e) {
  echo $e-&gt;getMessage(); 
   }
?>

Output

This will create the below output −

Property 'unknownProperty' does not exist.

Inheritance and Overloading

Child classes can override magic methods, so you may need to use parent::__call() to maintain parent functionality.

classParentClass{publicfunction__call($name,$arguments){echo"Parent method: $name\n";}}classChildClassextendsParentClass{publicfunction__call($name,$arguments){echo"Child method: $name\n";parent::__call($name,$arguments);}}$obj=newChildClass();$obj->testMethod();

Output

This will generate the below output −

Child method: testMethod
Parent method: testMethod

Note that the use of “->” operator implies that the method is an instance method, and “::” operator means that the method is a static method.

In PHP, the final keyword prevents classes and functions from being changed or overridden. It helps to keep important parts of your code secure, to guarantee no one accidentally breaks them while making changes.

The “final” keyword is used in the definition of a class, a method inside a class, as well as with the definition of a constant property of a class.

What Does the final Keyword Do?

The final keyword can be used in two ways −

• For Classes: This prevents the class from being extended (inherited).
• For methods: This prevents them from being overridden in child classes.

In this chapter we will cover the below topics −

• Using final with Classes
• Using final with Methods
• Using final with Constants
• Real-World Example: ellipse and circle Classes

Using final with Classes

Let’s see how to create a class with the “final” keyword −

finalclassmyclass{/*class members*/}

Example: Class inheritance error

The “final” keyword in class definition prevents such a class from being extended. In other words, you cannot use a final class as a parent. If you try, PHP parser throws an error

<?php
   final class myclass {
   
  /* class body */
   }
   class newclass extends myclass {
   
  /* class body */ 
   }
?>

Output

When you run this code, it will show an error −

PHP Fatal error:  Class newclass may not inherit from final class (myclass)

Using final with Methods

Here is how you can create a method with the “final” keyword −

classmyclass{finalfunctionmyfunction(){/* function body */}}

Prefixing a method definition with the final keyword prevents it from being overridden in a child class. A class with final method can be extended, but the child class cannot override it.

Example: Method overriding error

Take a look at the following example −

<?php
   class myclass {
  final public function hello() {
     echo "Hello World!";
  }
   }
   class newclass extends myclass {
  public function hello() {
     echo "Hello PHP!";
  }
   }
?>

Output

When you run this code, it will show an error −

PHP Fatal error:  Cannot override final method myclass::hello() in hello.php

Using final with Constants

You can also declare a constant in a class with the final keyword, starting from PHP 8.1.0 onwards.

finalpublicconstNAME="My Class";

Example: Final constant inheritance error

If you try to override a final constant from parent class in a child class, an error is encountered.

<?php
   class myclass {
  final public const NAME = "My Class";
  final public function hello() {
     echo "Hello World!";
  }
   }

   class newclass extends myclass {
  public const NAME = "New Class";
   }
?>

Output

When you run this code, it will show an error −

Fatal error: newclass::NAME cannot override final constant myclass::NAME

Real-World Example: ellipse and circle Classes

The following PHP script contains a parent class ellipse with a PI constant and area() method both declared as final. They are inherited by the circle class. The area() function calculates the area of circle.

<?php
   class ellipse {
  final public const PI=22/7;
  private float $a, $b;
  public function __construct($x, $y) {
     $this-&gt;a = $x;
     $this-&gt;b = $y;
  }
  final public function area() : float {
     return self::PI*$this-&gt;a*$this-&gt;b;
  }
   }
   class circle extends ellipse {
  public function __construct(float $x) {
     parent::__construct($x, $x);
  }
   }
   $c1 = new circle(5);
   echo "Area: " . $c1->area() . PHP_EOL;
?>

Output

It will produce the following output −

Area: 78.571428571429

Note that the instance variables or properties of a class cannot be declared as final.

PHP implements encapsulation, one of the important principles of OOP with access control keywords: public, private and protected.

Encapsulation refers to the mechanism of keeping the data members or properties of an object away from the reach of the environment outside the class, allowing controlled access only through the methods or functions available in the class.

Principle of Encapsulation

The following diagram illustrates the principle of encapsulation in object-oriented programming methodology.

Access Modifiers in PHP

PHP’s keywords list contains the following keywords that determine the accessibility of properties and methods of an object, which is an instance of a class in PHP −

• Public − Class members are accessible from anywhere, even from outside the scope of the class, but only with the object reference.
• Private − Class members can be accessed within the class itself. It prevents members from outside class access even with the reference of the class instance.
• Protected − Members can be accessed within the class and its child class only, nowhere else.

These three keywords “public, private and protected” are often called access modifiers. They are also referred as visibility modes, as they decide upto what extent a certain class member is available.

Public Members

In PHP, the class members (both member variables as well as member functions) are public by default.

Example

In the following program, the member variables title and price of the object are freely accessible outside the class because they are public by default, if not otherwise specified.

<?php
   class Person {
   
  /* Member variables */
  var $name;
  var $age;
  /*Constructor*/
  function __construct(string $param1="Ravi", int $param2=28) {
     $this-&gt;name = $param1;
     $this-&gt;age = $param2;
  }
  function getName() {
     echo "Name: $this-&gt;name" . PHP_EOL;;
  }
  function getAge() {
     echo "Age: $this-&gt;age" . PHP_EOL;;
  }
   }
   $b1 = new Person();
   $b1->getName();
   $b1->getAge();
   echo "Name : $b1->name Age: $b1->age" . PHP_EOL;
?>

It will produce the following output −

Name: Ravi
Age: 28
Name : Ravi Age: 28

Note that the properties all the class members are public by default, you can explicitly declare them as public if desired. As a result, the instance methods getName() and getAge() can be called from outside the class.

Since properties name and age are also public, hence they can also be accessed outside the class, something which is not desired as per the principle of encapsulation.

Private Members

As mentioned above, the principle of encapsulation requires that the member variables should not be accessible directly. Only the methods should have the access to the data members. Hence, we need to make the member variables private and methods public.

Example

Let us change the declaration of name and age properties to private and run the following PHP script −

<?php
   class Person {
   
  /* Member variables */
  private $name;
  private $age;
  /*Constructor*/
  function __construct(string $param1="Ravi", int $param2=28) {
     $this-&gt;name = $param1;
     $this-&gt;age = $param2;
  }
  public function getName() {
     echo "Name: $this-&gt;name" . PHP_EOL;;
  }
  public function getAge(){
     echo "Age: $this-&gt;age" . PHP_EOL;;
  }
   }

   $b1 = new Person();
   $b1->getName();
   $b1->getAge();
   echo "Name : $b1->name Age: $b1->age" . PHP_EOL;
?>

It will produce the following output −

Name: Ravi
Age: 28
PHP Fatal error:  Uncaught Error: Cannot access private property Person::$name in person.php:27

The error message tells the reason that a private property cannot be accessed from a public scope.

Protected Members

The effect of specifying protected access to a class member is effective in case of class inheritance. We know that public members are accessible from anywhere outside the class, and private members are denied access from anywhere outside the class.

The protected keyword grants access to an object of the same class and an object of its inherited class, denying it to any other environment.

Example

Let us inherit the person class and define a student class. We shall change the name property from private to protected. The student class has a new public method getDetails() that prints the values of name and age properties.

Person class

<?php
class Person {

   /* Member variables */
   protected $name;
   private $age;

   /*Constructor*/
   function __construct(string $param1="Ravi", int $param2=28) {
  $this-&gt;name = $param1;
  $this-&gt;age = $param2;
   }

   public function getName(){
  echo "Name: $this-&gt;name" . PHP_EOL;;
   }

   public function getAge() {
  echo "Age: $this-&gt;age" . PHP_EOL;;
   }
}

Student class

classstudentextendsPerson{publicfunctiongetDetails(){echo"My Name: $this->name".PHP_EOL;echo"My age: $this->age".PHP_EOL;}}$s1=newstudent();$s1->getDetails();?>

It will produce the following output −

My Name: Ravi
PHP Warning:  Undefined property: student::$age in person.php on line 28
My age:

Why Use Encapsulation?

Here are some reasons given that shows why you need to use encapsulation −

• Protect Data: You can prevent unwanted changes to data by using encapsulation.
• Control Access: You can only allow important parts of the code to deal with specific properties.
• Simplify Maintenance: You can makes it simpler to modify and maintain the code.
• Improve Security: You can minimize the risk of accidental errors and bugs.

Accessibility of Class Members in PHP

The following table illustrates the rules of accessibility of class members in PHP −

When working with objects in PHP, you may want to go over each property one by one. This is referred to as object iteration. It is useful when you want to verify or display all of an object’s properties without having to access them individually.

A foreach loop may be employed to iterate through all the publicly visible members of an object of a PHP class. This feature has been available in versions of PHP 5 onwards. You can of course access the list of private properties inside an instance method. PHP also defines Iterator interface which can be used for the purpose.

When Can You Iterate an Object?

Iteration provides access exclusively to an object’s public properties. Private and protected properties will not appear unless you use certain methods.

Why Use Object Iteration?

Object iteration is useful in situations such as −

• Accessing Multiple Objects: If you have an array of objects, you are able to operate on them all without having to write separate code.
• Efficient Data Management: You can easily process data from a variety of objects.
• Simplifies Code: The use of loops to traverse across objects reduces code by reducing the need for repeated coding.

Using foreach Loop

In the example below, the public properties of the class are listed with the use of foreach loop.

Example

<?php
   class myclass {
  private $var;
  protected $var1;
  public $x, $y, $z;
  public function __construct() {
     $this-&gt;var="Hello World";
     $this-&gt;var1=array(1,2,3);
     $this-&gt;x=100;
     $this-&gt;y=200;
     $this-&gt;z=300;
  }
   }
   $obj = new myclass();
   foreach($obj as $key => $value) {
  print "$key =&gt; $value\n";
   }
?>

Output

It will produce the following output −

x => 100
y => 200
z => 300

Note that only the public members are accessible outside the class. If the class includes a method, all the members (public, private or protected) can be traversed with a foreach loop from inside it.

Let us add an iterate method in the above myclass.

publicfunctioniterate(){foreach($thisas$k=>$v){if(is_array($v)){var_dump($v);echoPHP_EOL;}else{echo"$k : $v".PHP_EOL;}}}

Call this instance method to get the list of all the members.

Output

It will produce the following output −

var : Hello World
array(3) {
   [0]=>
   int(1)
   [1]=>
   int(2)
   [2]=>
   int(3)
}
x : 100
y : 200
z : 300

With Private or Protected Properties

If you want to access private or protected properties directly using foreach, they will not show. You can still use them within the class using a method.

Iterating over the class returns all attributes (public, private, and protected). And outside of the classroom, only public properties are accessible.

Example

Take a look at the below example −

classMyClass{private$privateVar="Private Data";protected$protectedVar="Protected Data";public$x=100;publicfunctioniterate(){foreach($thisas$key=>$value){echo"$key : $value\n";}}}$obj=newMyClass();$obj->iterate();

Output

This will create the below output −

privateVar : Private Data  
protectedVar : Protected Data  
x : 100

Using Iterator Interface

PHP provides Iterator interface for external iterators or objects that can be iterated themselves internally. It defines following abstract methods which need to be implemented in the user defined class.

interfaceIteratorextendsTraversable{/* Methods */publiccurrent():mixedpublickey():mixedpublicnext():voidpublicrewind():voidpublicvalid():bool}

• The rewind() method rewinds the Iterator to the first element. This is the first method called when starting a foreach loop. It will not be executed after foreach loops.
• The current() method returns the current element.
• The key() method returns the key of the current element on each iteration of foreach loop.
• The next() method is called after each iteration of foreach loop and moves forward to next element.
• The valid() method checks if current position is valid.

Example

The following example demonstrates object iteration by implementing Iterator interface

<?php
   class myclass implements Iterator {
  private $arr = array('a','b','c');
  public function rewind():void {
     echo "rewinding\n";
     reset($this-&gt;arr);
  }
  public function current() {
     $var = current($this-&gt;arr);
     echo "current: $var\n";
     return $var;
  }
  public function key() {
     $var = key($this-&gt;arr);
     echo "key: $var\n";
     return $var;
  }
  public function next() : void {
     $var = next($this-&gt;arr);
     echo "next: $var\n";
     # return $var;
  }
  public function valid() : bool {
     $key = key($this-&gt;arr);
     $var = ($key !== NULL &amp;&amp; $key !== FALSE);
     echo "valid: $var\n";
     return $var;
  }
   }

   $obj = new myclass();

   foreach ($obj as $k => $v) {
  print "$k: $v\n";
   }
?>

Output

It will produce the following output −

rewinding
valid: 1
current: a
key: 0
0: a
next: b
valid: 1
current: b
key: 1
1: b
next: c
valid: 1
current: c
key: 2
2: c
next:

Example: Combined Everything

In the following example, we are combining all of the above concept we have discussed so far. So tak a look at the following example −

<?php
   class Book implements Iterator {
  private $properties = [];
  private $position = 0;
  public function __construct($title, $author, $year) {
     $this-&gt;properties['title'] = $title;
     $this-&gt;properties['author'] = $author;
     $this-&gt;properties['year'] = $year;
  }
  public function rewind(): void {
     $this-&gt;position = 0;
  }
  public function current() {
     return array_values($this-&gt;properties)[$this-&gt;position];
  }
  public function key() {
     return array_keys($this-&gt;properties)[$this-&gt;position];
  }
  public function next(): void {
     ++$this-&gt;position;
  }
  public function valid(): bool {
     return $this-&gt;position  
Output
Following is the output of the above code − 
title: PHP Basics  
author: Jane Doe  
year: 2024