PHP is a scripting language designed to be embedded into the HTML markup used for web pages. Web pages that contain PHP scripts are preprocessed by the PHP scripting engine and the source code replaced with the output of the script. Indeed, the acronym PHP suggests just that; PHP: Hypertext Preprocessor.
Consider a simple PHP script embedded in an HTML document:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" > <html> <head> <title>Hello, world</title> </head> <body> <?php echo "Hello, world"; ?> </body> </html>
When preprocessed by the PHP scripting engine, the short (and not very useful) script:
<?php echo "Hello, world"; ?>
is replaced with its output:
Hello, world
The text before and after the script is HTML; the first three lines define that HTML Version 4 is being used.
You can embed any number of PHP scripts in a single
HTML document, as long as each
PHP script is surrounded by the
begin tag <?php
and the end tag
?>
. Other tags can also be used to delimit PHP
scripts, but these are the most common and reliable.
One of the best language features of PHP is how it decodes user data and automatically initializes variables. Consider an example script stored in the file printuser.php:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" > <html> <head> <title>Saying hello</title> </head> <body> <?php echo "Hello, $username"; ?> </body> </html>
Let’s assume that the file is stored in the document root of the web server. If the web server is Apache and the machine runs a variant of the Unix operating system, the document root is the directory /usr/local/apache/htdocs. The script can then be retrieved using a web browser—if it is running on the same machine as the web server—by requesting the URL http://localhost/printuser.php?username=Selina. In response to the request, the PHP engine replaces the script:
<?php echo "Hello, $username"; ?>
with the output:
Hello, Selina
The URL is automatically decoded. Also, a variable
$username
, that matches the name of the attribute
in the URL is initialized, and its value is set to
Selina
. This automatic registration of variables
is an excellent feature, but one that has security problems in some
cases. How to guard against them is discussed in Section 11.4.
Files that contain PHP scripts usually have the extension .php instead of the HTML file extensions .html or .htm. The .php extension is the trigger for the web server to invoke the PHP scripting engine to preprocess the file. This is controlled by a directive in the web server’s configuration file and is discussed in more detail in Section 11.2.
Passing variables and values using the URL is one way of transferring
data from a web browser to a web server. However, the most common
technique is to use an
HTML <form>
such as the following:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" > <html> <head> <title>Saying hello</title> </head> <body> <form method="GET" action="printuser.php"> Enter your name: <input type="text" name="username"> <br><input type="submit" value="Print it!"> </body> </html>
When this HTML document is rendered by a web browser, the user is
able to enter a name into an input widget. Below the widget is a
button labeled Print It!. When the user presses the button, the
script listed as the action
attribute of the
<form>
tag is requested, and the data in the
input widget is sent to the server as part of the URL. For example,
if the user enters the name Selina
into the input
widget and clicks on the Print It! button, the URL http://localhost/printuser.php?username=Selina
is requested, and the output of the script is the same as before:
Hello, Selina