🐘 PHP Complete Guide - Server-Side Programming#

📚 Table of Contents#

What is PHP?
Basic Syntax
Variables
Data Types
Operators
Strings
Arrays
Conditionals
Loops
Functions
Superglobals
Forms Handling
File Handling
Sessions and Cookies
MySQL Database
PDO (Secure Database)
Object-Oriented PHP
Error Handling
Security Best Practices
Practical Projects

1. What is PHP?#

PHP = PHP Hypertext Preprocessor

PHP is a server-side scripting language for web development.

What can PHP do?#

✅ Generate dynamic web pages
✅ Handle forms
✅ Access databases
✅ Create sessions/cookies
✅ Send emails
✅ File manipulation

How PHP Works#

1
Browser → Request → Server (PHP) → Database
2
Browser ← Response ← Server (PHP) ← Database

2. Basic Syntax#

PHP Tags#

1
<?php
2
    // PHP code here
3
    echo "Hello, World!";
4
?>
5

6
<!-- Short echo tag -->
7
<?= "Hello" ?>
8

9
<!-- HTML with PHP -->
10
<!DOCTYPE html>
11
<html>
12
<body>
13
    <h1><?php echo "Hello, World!"; ?></h1>
14
    <p><?= "This is PHP" ?></p>
15
</body>
16
</html>

Comments#

1
<?php
2
// Single line comment
3

4
# Another single line comment
5

6
/*
7
   Multi-line
8
   comment
9
*/
10

11
/**
12
 * Documentation comment
13
 * @param string $name
14
 * @return string
15
 */
16
?>

Output#

1
<?php
2
// echo - can output multiple values
3
echo "Hello", " ", "World";
4

5
// print - returns 1, single value
6
print "Hello World";
7

8
// print_r - for arrays (human-readable)
9
print_r($array);
10

11
// var_dump - detailed info (debugging)
12
var_dump($variable);
13

14
// var_export - valid PHP code output
15
var_export($array);
16
?>

3. Variables#

Creating Variables#

1
<?php
2
// Variables start with $
3
$name = "Ahmed";
4
$age = 25;
5
$price = 19.99;
6
$isActive = true;
7

8
// Case-sensitive
9
$color = "red";
10
$Color = "blue";  // Different variable!
11

12
// Variable variables
13
$varName = "message";
14
$$varName = "Hello";  // Creates $message
15
echo $message;  // "Hello"
16
?>

Variable Scope#

1
<?php
2
$globalVar = "I'm global";
3

4
function test() {
5
    // Cannot access $globalVar directly
6

7
    // Use global keyword
8
    global $globalVar;
9
    echo $globalVar;
10

11
    // Or use $GLOBALS
12
    echo $GLOBALS['globalVar'];
13

14
    // Local variable
15
    $localVar = "I'm local";
16
}
17

18
// Static variable (keeps value between calls)
19
function counter() {
20
    static $count = 0;
21
    $count++;
22
    return $count;
23
}
24

25
echo counter();  // 1
26
echo counter();  // 2
27
echo counter();  // 3
28
?>

Constants#

1
<?php
2
// Using define()
3
define("SITE_NAME", "My Website");
4
define("MAX_USERS", 100);
5

6
// Using const (PHP 5.3+)
7
const PI = 3.14159;
8
const GREETING = "Hello";
9

10
// Case-insensitive (deprecated in PHP 7.3)
11
define("HELLO", "World", true);
12

13
// Using constant
14
echo SITE_NAME;
15
echo constant("SITE_NAME");
16

17
// Check if defined
18
if (defined("SITE_NAME")) {
19
    echo SITE_NAME;
20
}
21

22
// Magic constants
23
echo __FILE__;      // Full path to file
24
echo __DIR__;       // Directory of file
25
echo __LINE__;      // Current line number
26
echo __FUNCTION__;  // Function name
27
echo __CLASS__;     // Class name
28
echo __METHOD__;    // Class method name
29
?>

4. Data Types#

Types#

1
<?php
2
// String
3
$str = "Hello World";
4

5
// Integer
6
$int = 42;
7
$negative = -17;
8
$hex = 0x1A;    // 26
9
$octal = 0755;  // 493
10
$binary = 0b11; // 3
11

12
// Float
13
$float = 3.14;
14
$scientific = 2.5e3;  // 2500
15

16
// Boolean
17
$bool = true;
18
$bool2 = false;
19

20
// Array
21
$arr = array(1, 2, 3);
22
$arr2 = [1, 2, 3];
23

24
// Object
25
class Person {}
26
$obj = new Person();
27

28
// NULL
29
$null = null;
30

31
// Resource (file handle, database connection)
32
$file = fopen("file.txt", "r");
33
?>

Type Checking#

1
<?php
2
$var = "Hello";
3

4
// Get type
5
echo gettype($var);  // "string"
6

7
// Check specific type
8
is_string($var);   // true
9
is_int($var);      // false
10
is_float($var);    // false
11
is_bool($var);     // false
12
is_array($var);    // false
13
is_object($var);   // false
14
is_null($var);     // false
15
is_numeric($var);  // false
16
is_callable($var); // false
17

18
// isset vs empty
19
$a = "";
20
$b = null;
21
$c = 0;
22

23
isset($a);  // true (exists)
24
isset($b);  // false (null)
25
isset($d);  // false (not defined)
26

27
empty($a);  // true (empty string)
28
empty($b);  // true (null)
29
empty($c);  // true (0 is considered empty)
30
?>

Type Casting#

1
<?php
2
$str = "42";
3

4
// Cast to int
5
$int = (int) $str;        // 42
6
$int = (integer) $str;    // 42
7
$int = intval($str);      // 42
8

9
// Cast to float
10
$float = (float) $str;    // 42.0
11
$float = floatval($str);  // 42.0
12

13
// Cast to string
14
$string = (string) 42;    // "42"
15
$string = strval(42);     // "42"
16

17
// Cast to bool
18
$bool = (bool) "hello";   // true
19
$bool = (bool) "";        // false
20
$bool = (bool) 0;         // false
21

22
// Cast to array
23
$arr = (array) "hello";   // ["hello"]
24

25
// Cast to object
26
$obj = (object) ["a" => 1]; // stdClass
27
?>

5. Operators#

Arithmetic Operators#

1
<?php
2
$a = 10;
3
$b = 3;
4

5
echo $a + $b;   // 13 (addition)
6
echo $a - $b;   // 7 (subtraction)
7
echo $a * $b;   // 30 (multiplication)
8
echo $a / $b;   // 3.333... (division)
9
echo $a % $b;   // 1 (modulus)
10
echo $a ** $b;  // 1000 (power)
11

12
// Increment/Decrement
13
$x = 5;
14
$x++;   // 6
15
$x--;   // 5
16
++$x;   // 6 (pre-increment)
17
?>

Comparison Operators#

1
<?php
2
$a = 5;
3
$b = "5";
4

5
// Loose comparison (type juggling)
6
var_dump($a == $b);   // true
7
var_dump($a != $b);   // false
8

9
// Strict comparison (type must match)
10
var_dump($a === $b);  // false
11
var_dump($a !== $b);  // true
12

13
// Other comparisons
14
var_dump($a > 3);     // true
15
var_dump($a < 3);     // false
16
var_dump($a >= 5);    // true
17
var_dump($a <= 5);    // true
18

19
// Spaceship operator (PHP 7)
20
echo 1 <=> 2;  // -1 (1 < 2)
21
echo 2 <=> 2;  // 0 (2 == 2)
22
echo 3 <=> 2;  // 1 (3 > 2)
23
?>

Logical Operators#

1
<?php
2
$a = true;
3
$b = false;
4

5
var_dump($a && $b);   // false (AND)
6
var_dump($a and $b);  // false (AND, lower precedence)
7

8
var_dump($a || $b);   // true (OR)
9
var_dump($a or $b);   // true (OR, lower precedence)
10

11
var_dump(!$a);        // false (NOT)
12

13
var_dump($a xor $b);  // true (XOR - one or other, not both)
14
?>

String Operators#

1
<?php
2
$a = "Hello";
3
$b = "World";
4

5
// Concatenation
6
echo $a . " " . $b;  // "Hello World"
7

8
// Concatenation assignment
9
$a .= " World";      // "Hello World"
10
?>

Null Coalescing Operator (PHP 7)#

1
<?php
2
// Returns first non-null value
3
$name = $_GET['name'] ?? 'Guest';
4

5
// Chaining
6
$name = $_GET['name'] ?? $_POST['name'] ?? 'Guest';
7

8
// Null coalescing assignment (PHP 7.4)
9
$name ??= 'Guest';
10
?>

6. Strings#

Creating Strings#

1
<?php
2
// Single quotes (literal)
3
$str1 = 'Hello World';
4
$str2 = 'It\'s a test';  // Escape quote
5

6
// Double quotes (interprets variables)
7
$name = "Ahmed";
8
$str3 = "Hello $name";       // "Hello Ahmed"
9
$str4 = "Hello {$name}!";    // "Hello Ahmed!"
10
$str5 = "Hello ${name}";     // "Hello Ahmed"
11

12
// Heredoc (like double quotes)
13
$html = <<<HTML
14
<div>
15
    <h1>Hello $name</h1>
16
</div>
17
HTML;
18

19
// Nowdoc (like single quotes, PHP 5.3+)
20
$text = <<<'TEXT'
21
This is literal text.
22
Variables like $name are not parsed.
23
TEXT;
24
?>

String Functions#

1
<?php
2
$str = "Hello, World!";
3

4
// Length
5
echo strlen($str);  // 13
6

7
// Find position
8
echo strpos($str, "World");  // 7
9
echo strrpos($str, "o");     // 8 (last occurrence)
10

11
// Extract
12
echo substr($str, 0, 5);     // "Hello"
13
echo substr($str, -6);       // "World!"
14

15
// Replace
16
echo str_replace("World", "PHP", $str);  // "Hello, PHP!"
17

18
// Case
19
echo strtoupper($str);  // "HELLO, WORLD!"
20
echo strtolower($str);  // "hello, world!"
21
echo ucfirst("hello");  // "Hello"
22
echo ucwords("hello world");  // "Hello World"
23

24
// Trim
25
echo trim("  hello  ");      // "hello"
26
echo ltrim("  hello  ");     // "hello  "
27
echo rtrim("  hello  ");     // "  hello"
28

29
// Split and join
30
$arr = explode(",", "a,b,c");  // ["a", "b", "c"]
31
$str = implode("-", $arr);     // "a-b-c"
32

33
// Reverse
34
echo strrev("hello");  // "olleh"
35

36
// Repeat
37
echo str_repeat("ha", 3);  // "hahaha"
38

39
// Padding
40
echo str_pad("5", 3, "0", STR_PAD_LEFT);  // "005"
41

42
// Compare
43
echo strcmp("a", "b");     // -1 (case-sensitive)
44
echo strcasecmp("A", "a"); // 0 (case-insensitive)
45

46
// Check content
47
var_dump(str_contains("Hello World", "World"));  // true (PHP 8)
48
var_dump(str_starts_with("Hello", "He"));        // true (PHP 8)
49
var_dump(str_ends_with("Hello", "lo"));          // true (PHP 8)
50
?>

7. Arrays#

Creating Arrays#

1
<?php
2
// Indexed array
3
$fruits = array("Apple", "Banana", "Orange");
4
$fruits = ["Apple", "Banana", "Orange"];
5

6
// Associative array
7
$user = array(
8
    "name" => "Ahmed",
9
    "age" => 25,
10
    "city" => "Casablanca"
11
);
12

13
$user = [
14
    "name" => "Ahmed",
15
    "age" => 25,
16
    "city" => "Casablanca"
17
];
18

19
// Multi-dimensional array
20
$users = [
21
    ["name" => "Ahmed", "age" => 25],
22
    ["name" => "Sara", "age" => 22],
23
    ["name" => "Ali", "age" => 30]
24
];
25
?>

Accessing Elements#

1
<?php
2
$fruits = ["Apple", "Banana", "Orange"];
3
$user = ["name" => "Ahmed", "age" => 25];
4

5
echo $fruits[0];       // "Apple"
6
echo $fruits[1];       // "Banana"
7

8
echo $user["name"];    // "Ahmed"
9
echo $user["age"];     // 25
10

11
// Check if key exists
12
if (isset($user["email"])) {
13
    echo $user["email"];
14
}
15

16
// Null coalescing
17
echo $user["email"] ?? "No email";
18
?>

Modifying Arrays#

1
<?php
2
$arr = [1, 2, 3];
3

4
// Add element
5
$arr[] = 4;              // [1, 2, 3, 4]
6
array_push($arr, 5, 6);  // [1, 2, 3, 4, 5, 6]
7
array_unshift($arr, 0);  // [0, 1, 2, 3, 4, 5, 6]
8

9
// Remove element
10
array_pop($arr);         // Remove last
11
array_shift($arr);       // Remove first
12
unset($arr[2]);          // Remove specific index
13

14
// Merge arrays
15
$merged = array_merge([1, 2], [3, 4]);  // [1, 2, 3, 4]
16

17
// Spread operator (PHP 7.4)
18
$merged = [...[1, 2], ...[3, 4]];
19
?>

Array Functions#

1
<?php
2
$arr = [3, 1, 4, 1, 5, 9, 2, 6];
3

4
// Count
5
echo count($arr);  // 8
6
echo sizeof($arr); // 8
7

8
// Search
9
echo in_array(5, $arr);         // true
10
echo array_search(5, $arr);     // 4 (index)
11
echo array_key_exists("name", $user);  // true
12

13
// Sort
14
sort($arr);           // Sort ascending
15
rsort($arr);          // Sort descending
16
asort($arr);          // Sort, maintain keys
17
ksort($arr);          // Sort by keys
18

19
// Filter
20
$evens = array_filter($arr, fn($n) => $n % 2 === 0);
21

22
// Map
23
$doubled = array_map(fn($n) => $n * 2, $arr);
24

25
// Reduce
26
$sum = array_reduce($arr, fn($acc, $n) => $acc + $n, 0);
27

28
// Keys and values
29
$keys = array_keys($user);     // ["name", "age"]
30
$values = array_values($user); // ["Ahmed", 25]
31

32
// Flip
33
$flipped = array_flip(["a" => 1, "b" => 2]);  // [1 => "a", 2 => "b"]
34

35
// Unique
36
$unique = array_unique([1, 2, 2, 3, 3, 3]);  // [1, 2, 3]
37

38
// Slice
39
$slice = array_slice($arr, 0, 3);  // First 3 elements
40

41
// Combine
42
$combined = array_combine(["a", "b"], [1, 2]);  // ["a" => 1, "b" => 2]
43

44
// Column (from 2D array)
45
$names = array_column($users, "name");  // ["Ahmed", "Sara", "Ali"]
46
?>

Looping Arrays#

1
<?php
2
$fruits = ["Apple", "Banana", "Orange"];
3

4
// foreach
5
foreach ($fruits as $fruit) {
6
    echo $fruit;
7
}
8

9
// With index
10
foreach ($fruits as $index => $fruit) {
11
    echo "$index: $fruit";
12
}
13

14
// Associative
15
$user = ["name" => "Ahmed", "age" => 25];
16
foreach ($user as $key => $value) {
17
    echo "$key: $value";
18
}
19

20
// for loop
21
for ($i = 0; $i < count($fruits); $i++) {
22
    echo $fruits[$i];
23
}
24
?>

8. Conditionals#

if / else if / else#

1
<?php
2
$age = 18;
3

4
if ($age < 13) {
5
    echo "Child";
6
} elseif ($age < 20) {
7
    echo "Teenager";
8
} else {
9
    echo "Adult";
10
}
11

12
// Alternative syntax (for templates)
13
if ($age >= 18):
14
    echo "Adult";
15
else:
16
    echo "Minor";
17
endif;
18
?>

Ternary Operator#

1
<?php
2
$age = 20;
3
$status = ($age >= 18) ? "Adult" : "Minor";
4

5
// Short ternary (Elvis operator)
6
$name = $_GET['name'] ?: "Guest";  // Use "Guest" if falsy
7
?>

Switch#

1
<?php
2
$day = 3;
3

4
switch ($day) {
5
    case 1:
6
        echo "Monday";
7
        break;
8
    case 2:
9
        echo "Tuesday";
10
        break;
11
    case 3:
12
        echo "Wednesday";
13
        break;
14
    default:
15
        echo "Unknown";
16
}
17

18
// Match expression (PHP 8)
19
$result = match($day) {
20
    1 => "Monday",
21
    2 => "Tuesday",
22
    3 => "Wednesday",
23
    default => "Unknown"
24
};
25
?>

9. Loops#

for Loop#

1
<?php
2
for ($i = 0; $i < 5; $i++) {
3
    echo $i;  // 0, 1, 2, 3, 4
4
}
5
?>

while Loop#

1
<?php
2
$i = 0;
3
while ($i < 5) {
4
    echo $i;
5
    $i++;
6
}
7
?>

do…while Loop#

1
<?php
2
$i = 0;
3
do {
4
    echo $i;
5
    $i++;
6
} while ($i < 5);
7
?>

foreach Loop#

1
<?php
2
$arr = ["a", "b", "c"];
3

4
foreach ($arr as $item) {
5
    echo $item;
6
}
7

8
foreach ($arr as $index => $item) {
9
    echo "$index: $item";
10
}
11

12
// Modify by reference
13
foreach ($arr as &$item) {
14
    $item = strtoupper($item);
15
}
16
unset($item);  // Important: unset reference
17
?>

break and continue#

1
<?php
2
for ($i = 0; $i < 10; $i++) {
3
    if ($i === 5) break;     // Exit loop
4
    if ($i === 2) continue;  // Skip iteration
5
    echo $i;
6
}
7
// Output: 0, 1, 3, 4
8
?>

10. Functions#

Basic Functions#

1
<?php
2
// Define function
3
function greet($name) {
4
    return "Hello, $name!";
5
}
6

7
// Call function
8
echo greet("Ahmed");  // "Hello, Ahmed!"
9

10
// Default parameters
11
function greet2($name = "Guest") {
12
    return "Hello, $name!";
13
}
14

15
echo greet2();         // "Hello, Guest!"
16
echo greet2("Ahmed");  // "Hello, Ahmed!"
17
?>

Type Declarations (PHP 7+)#

1
<?php
2
// Parameter types
3
function add(int $a, int $b): int {
4
    return $a + $b;
5
}
6

7
// Return type
8
function getName(): string {
9
    return "Ahmed";
10
}
11

12
// Nullable type
13
function findUser(?int $id): ?array {
14
    return null;
15
}
16

17
// Union types (PHP 8)
18
function process(int|string $value): int|string {
19
    return $value;
20
}
21

22
// Mixed type (PHP 8)
23
function anything(mixed $value): mixed {
24
    return $value;
25
}
26
?>

Variable Arguments#

1
<?php
2
// Variadic function
3
function sum(...$numbers) {
4
    return array_sum($numbers);
5
}
6

7
echo sum(1, 2, 3);     // 6
8
echo sum(1, 2, 3, 4);  // 10
9

10
// Spread operator
11
$nums = [1, 2, 3];
12
echo sum(...$nums);    // 6
13
?>

Anonymous Functions (Closures)#

1
<?php
2
// Anonymous function
3
$greet = function($name) {
4
    return "Hello, $name!";
5
};
6

7
echo $greet("Ahmed");
8

9
// Arrow function (PHP 7.4)
10
$double = fn($n) => $n * 2;
11
echo $double(5);  // 10
12

13
// Closure with use
14
$multiplier = 3;
15
$multiply = function($n) use ($multiplier) {
16
    return $n * $multiplier;
17
};
18
echo $multiply(5);  // 15
19
?>

11. Superglobals#

$_GET#

1
<?php
2
// URL: page.php?name=Ahmed&age=25
3

4
$name = $_GET['name'];  // "Ahmed"
5
$age = $_GET['age'];    // "25"
6

7
// Safe access
8
$name = $_GET['name'] ?? 'Guest';
9
?>

$_POST#

1
<?php
2
// Form with method="POST"
3
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
4
    $name = $_POST['name'];
5
    $email = $_POST['email'];
6
}
7
?>

$_REQUEST#

1
<?php
2
// Contains $_GET, $_POST, and $_COOKIE
3
$name = $_REQUEST['name'];
4
?>

$_SERVER#

1
<?php
2
echo $_SERVER['REQUEST_METHOD'];  // GET, POST
3
echo $_SERVER['HTTP_HOST'];       // Domain name
4
echo $_SERVER['REQUEST_URI'];     // /page.php?id=1
5
echo $_SERVER['REMOTE_ADDR'];     // Client IP
6
echo $_SERVER['HTTP_USER_AGENT']; // Browser info
7
echo $_SERVER['DOCUMENT_ROOT'];   // Server path
8
echo $_SERVER['PHP_SELF'];        // Current script
9
?>

$_SESSION#

1
<?php
2
session_start();
3

4
// Set session
5
$_SESSION['user_id'] = 123;
6
$_SESSION['username'] = 'Ahmed';
7

8
// Get session
9
$userId = $_SESSION['user_id'];
10

11
// Check if set
12
if (isset($_SESSION['user_id'])) {
13
    echo "Logged in!";
14
}
15

16
// Destroy session
17
session_destroy();
18
?>

$_COOKIE#

1
<?php
2
// Set cookie (before any output!)
3
setcookie("username", "Ahmed", time() + 86400);  // 1 day
4

5
// Get cookie
6
$username = $_COOKIE['username'] ?? 'Guest';
7

8
// Delete cookie
9
setcookie("username", "", time() - 3600);
10
?>

$_FILES#

1
<?php
2
// Handle file upload
3
if ($_FILES['upload']['error'] === UPLOAD_ERR_OK) {
4
    $name = $_FILES['upload']['name'];
5
    $tmp = $_FILES['upload']['tmp_name'];
6
    $size = $_FILES['upload']['size'];
7
    $type = $_FILES['upload']['type'];
8

9
    move_uploaded_file($tmp, "uploads/$name");
10
}
11
?>

12. Forms Handling#

HTML Form#

1
<form action="process.php" method="POST" enctype="multipart/form-data">
2
    <input type="text" name="username" required>
3
    <input type="email" name="email" required>
4
    <input type="password" name="password" required>
5
    <input type="file" name="avatar">
6
    <button type="submit">Submit</button>
7
</form>

Processing Form#

1
<?php
2
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
3

4
    // Sanitize input
5
    $username = htmlspecialchars(trim($_POST['username']));
6
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
7
    $password = $_POST['password'];
8

9
    // Validate
10
    $errors = [];
11

12
    if (empty($username)) {
13
        $errors[] = "Username is required";
14
    }
15

16
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
17
        $errors[] = "Invalid email";
18
    }
19

20
    if (strlen($password) < 8) {
21
        $errors[] = "Password must be at least 8 characters";
22
    }
23

24
    // Handle file upload
25
    if (isset($_FILES['avatar']) && $_FILES['avatar']['error'] === 0) {
26
        $allowed = ['jpg', 'jpeg', 'png', 'gif'];
27
        $ext = pathinfo($_FILES['avatar']['name'], PATHINFO_EXTENSION);
28

29
        if (in_array(strtolower($ext), $allowed)) {
30
            $newName = uniqid() . '.' . $ext;
31
            move_uploaded_file($_FILES['avatar']['tmp_name'], "uploads/$newName");
32
        } else {
33
            $errors[] = "Invalid file type";
34
        }
35
    }
36

37
    if (empty($errors)) {
38
        // Process data...
39
        header("Location: success.php");
40
        exit;
41
    }
42
}
43
?>

13. File Handling#

Read Files#

1
<?php
2
// Read entire file
3
$content = file_get_contents("file.txt");
4

5
// Read into array (line by line)
6
$lines = file("file.txt", FILE_IGNORE_NEW_LINES);
7

8
// Read with handle
9
$file = fopen("file.txt", "r");
10
while (!feof($file)) {
11
    $line = fgets($file);
12
    echo $line;
13
}
14
fclose($file);
15

16
// Read character by character
17
$file = fopen("file.txt", "r");
18
while (!feof($file)) {
19
    echo fgetc($file);
20
}
21
fclose($file);
22
?>

Write Files#

1
<?php
2
// Write (overwrite)
3
file_put_contents("file.txt", "Hello World");
4

5
// Append
6
file_put_contents("file.txt", "New line\n", FILE_APPEND);
7

8
// Write with handle
9
$file = fopen("file.txt", "w");  // w = write, a = append
10
fwrite($file, "Hello World");
11
fclose($file);
12
?>

File Operations#

1
<?php
2
// Check if exists
3
if (file_exists("file.txt")) {
4
    echo "File exists!";
5
}
6

7
// Check if readable/writable
8
is_readable("file.txt");
9
is_writable("file.txt");
10

11
// Get file info
12
echo filesize("file.txt");              // Size in bytes
13
echo filemtime("file.txt");             // Last modified time
14
echo pathinfo("file.txt", PATHINFO_EXTENSION);  // Extension
15

16
// Copy, rename, delete
17
copy("file.txt", "backup.txt");
18
rename("file.txt", "newname.txt");
19
unlink("file.txt");  // Delete
20

21
// Directory operations
22
mkdir("new_folder");
23
rmdir("empty_folder");
24
$files = scandir("folder");  // List files
25
?>

14. Sessions and Cookies#

Sessions#

1
<?php
2
// Start session (must be first!)
3
session_start();
4

5
// Set session data
6
$_SESSION['user_id'] = 123;
7
$_SESSION['username'] = 'Ahmed';
8
$_SESSION['logged_in'] = true;
9

10
// Get session data
11
if (isset($_SESSION['logged_in']) && $_SESSION['logged_in']) {
12
    echo "Welcome, " . $_SESSION['username'];
13
}
14

15
// Unset specific session
16
unset($_SESSION['username']);
17

18
// Destroy all session data
19
session_destroy();
20

21
// Regenerate session ID (security)
22
session_regenerate_id(true);
23
?>

Cookies#

1
<?php
2
// Set cookie
3
// setcookie(name, value, expire, path, domain, secure, httponly)
4
setcookie("user", "Ahmed", time() + 3600);  // 1 hour
5
setcookie("theme", "dark", time() + 86400 * 30, "/");  // 30 days
6

7
// HTTP only (not accessible by JavaScript)
8
setcookie("session", "abc123", time() + 3600, "/", "", true, true);
9

10
// Get cookie
11
$user = $_COOKIE['user'] ?? 'Guest';
12

13
// Delete cookie
14
setcookie("user", "", time() - 3600);
15

16
// Check if cookie exists
17
if (isset($_COOKIE['user'])) {
18
    echo "Cookie exists";
19
}
20
?>

15. MySQL Database#

Connect (mysqli)#

1
<?php
2
// Procedural
3
$conn = mysqli_connect("localhost", "username", "password", "database");
4

5
if (!$conn) {
6
    die("Connection failed: " . mysqli_connect_error());
7
}
8

9
// Object-oriented
10
$conn = new mysqli("localhost", "username", "password", "database");
11

12
if ($conn->connect_error) {
13
    die("Connection failed: " . $conn->connect_error);
14
}
15
?>

CRUD Operations#

1
<?php
2
// CREATE
3
$sql = "INSERT INTO users (name, email) VALUES ('Ahmed', 'ahmed@mail.com')";
4
mysqli_query($conn, $sql);
5

6
// READ
7
$sql = "SELECT * FROM users";
8
$result = mysqli_query($conn, $sql);
9

10
while ($row = mysqli_fetch_assoc($result)) {
11
    echo $row['name'] . " - " . $row['email'];
12
}
13

14
// UPDATE
15
$sql = "UPDATE users SET name = 'Sara' WHERE id = 1";
16
mysqli_query($conn, $sql);
17

18
// DELETE
19
$sql = "DELETE FROM users WHERE id = 1";
20
mysqli_query($conn, $sql);
21

22
// Close connection
23
mysqli_close($conn);
24
?>

Prepared Statements (SAFE!)#

1
<?php
2
// Prepare
3
$stmt = $conn->prepare("SELECT * FROM users WHERE email = ?");
4

5
// Bind parameters
6
$stmt->bind_param("s", $email);  // s = string, i = int, d = double
7

8
// Execute
9
$email = "ahmed@mail.com";
10
$stmt->execute();
11

12
// Get result
13
$result = $stmt->get_result();
14
while ($row = $result->fetch_assoc()) {
15
    echo $row['name'];
16
}
17

18
$stmt->close();
19
?>

16. PDO (Secure Database)#

Connect#

1
<?php
2
try {
3
    $pdo = new PDO(
4
        "mysql:host=localhost;dbname=mydb;charset=utf8mb4",
5
        "username",
6
        "password",
7
        [
8
            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
9
            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
10
            PDO::ATTR_EMULATE_PREPARES => false
11
        ]
12
    );
13
} catch (PDOException $e) {
14
    die("Connection failed: " . $e->getMessage());
15
}
16
?>

CRUD with PDO#

1
<?php
2
// CREATE
3
$stmt = $pdo->prepare("INSERT INTO users (name, email) VALUES (?, ?)");
4
$stmt->execute([$name, $email]);
5
$lastId = $pdo->lastInsertId();
6

7
// READ
8
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
9
$stmt->execute([$id]);
10
$user = $stmt->fetch();
11

12
// READ all
13
$stmt = $pdo->query("SELECT * FROM users");
14
$users = $stmt->fetchAll();
15

16
// UPDATE
17
$stmt = $pdo->prepare("UPDATE users SET name = ? WHERE id = ?");
18
$stmt->execute([$name, $id]);
19

20
// DELETE
21
$stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
22
$stmt->execute([$id]);
23
?>

Named Parameters#

1
<?php
2
$stmt = $pdo->prepare("SELECT * FROM users WHERE name = :name AND age > :age");
3
$stmt->execute([
4
    ':name' => $name,
5
    ':age' => $age
6
]);
7
$users = $stmt->fetchAll();
8
?>

17. Object-Oriented PHP#

Basic Class#

1
<?php
2
class User {
3
    // Properties
4
    public $name;
5
    public $email;
6
    private $password;
7
    protected $role;
8

9
    // Constructor
10
    public function __construct($name, $email) {
11
        $this->name = $name;
12
        $this->email = $email;
13
    }
14

15
    // Method
16
    public function greet() {
17
        return "Hello, " . $this->name;
18
    }
19

20
    // Getter
21
    public function getEmail() {
22
        return $this->email;
23
    }
24

25
    // Setter
26
    public function setPassword($password) {
27
        $this->password = password_hash($password, PASSWORD_DEFAULT);
28
    }
29

30
    // Static method
31
    public static function create($name, $email) {
32
        return new self($name, $email);
33
    }
34

35
    // Destructor
36
    public function __destruct() {
37
        echo "User destroyed";
38
    }
39
}
40

41
// Create object
42
$user = new User("Ahmed", "ahmed@mail.com");
43
echo $user->greet();
44
echo $user->name;
45

46
// Static method
47
$user2 = User::create("Sara", "sara@mail.com");
48
?>

Inheritance#

1
<?php
2
class Animal {
3
    protected $name;
4

5
    public function __construct($name) {
6
        $this->name = $name;
7
    }
8

9
    public function speak() {
10
        return "Some sound";
11
    }
12
}
13

14
class Dog extends Animal {
15
    public function speak() {
16
        return "{$this->name} says: Woof!";
17
    }
18
}
19

20
class Cat extends Animal {
21
    public function speak() {
22
        return "{$this->name} says: Meow!";
23
    }
24
}
25

26
$dog = new Dog("Buddy");
27
echo $dog->speak();  // "Buddy says: Woof!"
28
?>

Interface and Abstract#

1
<?php
2
// Interface
3
interface Drawable {
4
    public function draw();
5
}
6

7
// Abstract class
8
abstract class Shape {
9
    abstract public function area();
10

11
    public function describe() {
12
        return "This is a shape";
13
    }
14
}
15

16
class Circle extends Shape implements Drawable {
17
    private $radius;
18

19
    public function __construct($radius) {
20
        $this->radius = $radius;
21
    }
22

23
    public function area() {
24
        return pi() * $this->radius ** 2;
25
    }
26

27
    public function draw() {
28
        return "Drawing circle";
29
    }
30
}
31
?>

Traits#

1
<?php
2
trait Loggable {
3
    public function log($message) {
4
        echo "[LOG] $message";
5
    }
6
}
7

8
trait Timestampable {
9
    public function touch() {
10
        return date('Y-m-d H:i:s');
11
    }
12
}
13

14
class User {
15
    use Loggable, Timestampable;
16

17
    public function save() {
18
        $this->log("User saved");
19
    }
20
}
21

22
$user = new User();
23
$user->log("Hello");
24
echo $user->touch();
25
?>

18. Error Handling#

try / catch#

1
<?php
2
try {
3
    $result = 10 / 0;
4
} catch (DivisionByZeroError $e) {
5
    echo "Cannot divide by zero!";
6
} catch (Exception $e) {
7
    echo "Error: " . $e->getMessage();
8
} finally {
9
    echo "This always runs";
10
}
11
?>

Custom Exceptions#

1
<?php
2
class ValidationException extends Exception {
3
    protected $errors = [];
4

5
    public function __construct($errors) {
6
        parent::__construct("Validation failed");
7
        $this->errors = $errors;
8
    }
9

10
    public function getErrors() {
11
        return $this->errors;
12
    }
13
}
14

15
function validate($data) {
16
    $errors = [];
17
    if (empty($data['name'])) {
18
        $errors[] = "Name is required";
19
    }
20
    if (!empty($errors)) {
21
        throw new ValidationException($errors);
22
    }
23
}
24

25
try {
26
    validate([]);
27
} catch (ValidationException $e) {
28
    print_r($e->getErrors());
29
}
30
?>

Error Handling#

1
<?php
2
// Set error handler
3
set_error_handler(function($errno, $errstr, $errfile, $errline) {
4
    throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
5
});
6

7
// Set exception handler
8
set_exception_handler(function($e) {
9
    echo "Uncaught exception: " . $e->getMessage();
10
});
11

12
// Error reporting
13
error_reporting(E_ALL);  // All errors
14
ini_set('display_errors', 0);  // Don't show to users
15
ini_set('log_errors', 1);  // Log errors
16
?>

19. Security Best Practices#

SQL Injection Prevention#

1
<?php
2
// BAD - Never do this!
3
$sql = "SELECT * FROM users WHERE id = " . $_GET['id'];
4

5
// GOOD - Use prepared statements
6
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
7
$stmt->execute([$_GET['id']]);
8
?>

XSS Prevention#

1
<?php
2
// BAD
3
echo $_GET['name'];
4

5
// GOOD
6
echo htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');
7

8
// Even better - use a function
9
function escape($value) {
10
    return htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
11
}
12
?>

CSRF Protection#

1
<?php
2
// Generate token
3
session_start();
4
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
5

6
// In form
7
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
8

9
// Validate
10
if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
11
    die("CSRF token mismatch!");
12
}
13
?>

Password Hashing#

1
<?php
2
// Hash password
3
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
4

5
// Verify password
6
if (password_verify($inputPassword, $hashedPassword)) {
7
    echo "Password is correct!";
8
}
9

10
// Check if rehash needed
11
if (password_needs_rehash($hashedPassword, PASSWORD_DEFAULT)) {
12
    $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
13
    // Update in database
14
}
15
?>

Input Validation#

1
<?php
2
// Filter and validate
3
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
4
$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT);
5

6
// Sanitize
7
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
8
$url = filter_input(INPUT_POST, 'url', FILTER_SANITIZE_URL);
9

10
// Custom validation
11
function validateUsername($username) {
12
    return preg_match('/^[a-zA-Z0-9_]{3,20}$/', $username);
13
}
14
?>

20. Practical Projects#

1
<?php
2
session_start();
3

4
$pdo = new PDO("mysql:host=localhost;dbname=myapp", "user", "pass", [
5
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
6
]);
7

8
function escape($str) {
9
    return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
10
}
11

12
// login.php
13
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
14
    $email = $_POST['email'];
15
    $password = $_POST['password'];
16

17
    $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
18
    $stmt->execute([$email]);
19
    $user = $stmt->fetch();
20

21
    if ($user && password_verify($password, $user['password'])) {
22
        $_SESSION['user_id'] = $user['id'];
23
        $_SESSION['username'] = $user['name'];
24
        header("Location: dashboard.php");
25
        exit;
26
    } else {
27
        $error = "Invalid credentials";
28
    }
29
}
30
?>
31

32
<!DOCTYPE html>
33
<html>
34
<body>
35
    <form method="POST">
36
        <input type="email" name="email" required>
37
        <input type="password" name="password" required>
38
        <button>Login</button>
39
    </form>
40
    <?php if (isset($error)) echo "<p>$error</p>"; ?>
41
</body>
42
</html>
43

44
<?php
45
// dashboard.php
46
if (!isset($_SESSION['user_id'])) {
47
    header("Location: login.php");
48
    exit;
49
}
50
?>
51
<h1>Welcome, <?= escape($_SESSION['username']) ?>!</h1>
52
<a href="logout.php">Logout</a>
53

54
<?php
55
// logout.php
56
session_destroy();
57
header("Location: login.php");
58
?>

REST API#

1
<?php
2
header("Content-Type: application/json");
3

4
$method = $_SERVER['REQUEST_METHOD'];
5
$path = $_GET['path'] ?? '';
6

7
switch ($method) {
8
    case 'GET':
9
        if ($path === 'users') {
10
            $users = $pdo->query("SELECT id, name, email FROM users")->fetchAll();
11
            echo json_encode($users);
12
        }
13
        break;
14

15
    case 'POST':
16
        $data = json_decode(file_get_contents('php://input'), true);
17
        $stmt = $pdo->prepare("INSERT INTO users (name, email) VALUES (?, ?)");
18
        $stmt->execute([$data['name'], $data['email']]);
19
        echo json_encode(['id' => $pdo->lastInsertId()]);
20
        break;
21

22
    default:
23
        http_response_code(405);
24
        echo json_encode(['error' => 'Method not allowed']);
25
}
26
?>

🎯 Quick Reference#

Feature	Syntax
Variables	`$name = "value";`
Arrays	`$arr = [1, 2, 3];`
Functions	`function name() {}`
Classes	`class Name {}`
Echo	`echo "text";`
Include	`include "file.php";`
Session	`$_SESSION['key']`
GET	`$_GET['param']`
POST	`$_POST['field']`

Created by cat0x01 🥷🏻