All posts by Pramod T P

Encapsulation

Encapsulation is the packing of data and functions into a single component. The features of encapsulation are supported using classes in most object-oriented programming languages, although other alternatives also exist.

Share

Abstract Classes

PHP 5 introduces abstract classes and methods. Classes defined as abstract may not be instantiated, and any class that contains at least one abstract method must also be abstract. Methods defined as abstract simply declare the method’s signature – they cannot define the implementation.

When inheriting from an abstract class, all methods marked abstract in the parent’s class declaration must be defined by the child; additionally, these methods must be defined with the same (or a less restricted) visibility. For example, if the abstract method is defined as protected, the function implementation must be defined as either protected or public, but not private. Furthermore the signatures of the methods must match, i.e. the type hints and the number of required arguments must be the same. For example, if the child class defines an optional argument, where the abstract method’s signature does not, there is no conflict in the signature.

Share

Constructor

A is special method of the class that will be automatically invoked when an instance of the class is created is called as constructor.

Constructors are mainly used to initialize private fields of the class while creating an instance for the class.

When you are not creating a constructor in the class, then compiler will automatically create a default constructor in the class that initializes all numeric fields in the class to zero and all string and object fields to null.

Types of Constructors

  • Default Constructor
  • Parameterized Constructor
  • Copy Constructor
  • Static Constructor
  • Private Constructor
Share

SQL injection

SQL injection is a technique often used to attack databases through a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g. dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in a website’s software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

• SQL code is injected into the sql query

• Allows attacker to do almost anything the database user is permitted

• Example sql statement will return all the data from the ‘users’ table:

$sql = "SELECT * FROM users WHERE
username='$user' AND password='$pass'";
$user and $pass contain the value ' OR 1=1"

• Further attack possibilities: insert data, delete data, read data, denial of service…

Counter Measures

• Use prepared statements when supported by the database

• Use database-specific escaping functions when creating the sql statement ex: mysqli_real_escape_string()

• Addslashes() is not a sufficient approach

Share

Class

A class is used to specify the form of an object and it combines data representation and methods for manipulating that data into one neat package. The data and functions within a class are called members of the class.

Use classes to encapsulate code and represent objects, and namespaces to avoid symbol name collisions

A. A class can not extend more than one class.

B. A class can not implement more than one class.

C. A class cannot extend more than one interface.

D. A class can implement more than one interface.

Example

<?php
 class a{
 function function_a(){
 echo "Function A";
 }
 }

a::function_a();
 ?>
Share

Interface

PHP does not support multiple inheritance directly, to implement this we need Interface.

Here method are declared in the Interface body, and the body part of the method is implemented in derived class. Variables are declared as constant and it can not be changed in the child classes.

We use implement keyword to extend this kind of class, at the same time we can implement more than one interface and one interface can be implemented by another interface.

All methods declared in an interface must be public and the variables should be constant.

This is mandatory that we must declare the body part of the method in the derived class otherwise an error message will be generated.

PRIMARY PURPOSES OF AN INTERFACE

  • Interfaces allow you to define/create a common structure for your classes – to set a standard for objects.
  • Interfaces solves the problem of single inheritance – they allow you to inject ‘qualities’ from multiple sources.
  • Interfaces provide a flexible base/root structure that you don’t get with classes.
  • Interfaces are great when you have multiple coders working on a project – you can set up a loose structure for programmers to follow and let them worry about the details.

WHEN SHOULD YOU MAKE A CLASS AND WHEN SHOULD YOU MAKE AN INTEFACE?

  • If you have a class that is never directly instantiated in your program, this is a good candidate for an interface. In other words, if you are creating a class to only serve as the parent to other classes, it should probably be made into an interface.
  • When you know what methods a class should have but you are not sure what the details will be.
  • When you want to quickly map out the basic structures of your classes to serve as a template for others to follow – keeps the code-base predictable and consistent.

A. A class can not extend more than one interface.

B. A class can implement more than one interface.

C. An interface can extend more than one interface.

D. An interface can not implement more than one interface.

EXAMPLE

<?php
interface a{
public function test();
}

class b implements a{
public function test(){
echo “Function Test”;
}
}

$b=new b();
$b->test();
?>

Share

Heredoc

Heredoc is a robust way to create string in PHP with more lines but without using quotations. Heredoc is rarely used as the day by day usage is more complicated as creating strings with quotes or double quotes. Besides this the not properly used heredoc can lead to problems in your code.

• Delimits strings without using quotes (so no need to escape)
• Start with <<< and an identifier; end with same identifier
• Do not indent ending identifier or add any chars

Example

<?php
 $str = <<<DEMO
 phpcode
 DEMO;
 print $str;
 ?>

Output

phpcode

Share

cookie

Cookies can be used to store user information for future use . Cookies allow us to store data in users’ machine it self . Cookie is a small file that the server generate in user machine and using that file server can identify the user .When ever the browser send http request to the server , it send the cookies as well . Cookies can be created using PHP functions .

Cookies can be created using the function ‘ setcookie(name,Value ,exp,path,domain)’ and its arguments are given below

Name :Name of the cookie that store the value and it is using to retrieve the stored data

Value : Its the value to be stored in the cookie ()generally we store login details like username , password)

exp : This is the the time that cookie lasts . if its not set ,the cookie will get destroyed when the browser closed .

path : This is path where the cookie to be stored

Domain: Domain where the cookie to be generated

The following can be used to send a cookie from within a PHP application.

  • header()
  • setcookie()
  • setrawcookie()

Example
======

<?php
 setcookie(“user_name”, “phpcodez”, time()+3600);
 ?>

You can retrieve the cookie values as follows

<?php
 echo $_COOKIE["user_name"];
 ?>

You can delete the cookie by setting expiration date in the past

Example:

<?php
 setcookie(“user”, “”, time()-3600);
 ?>
 
Share

Regular expression

• It describes a pattern

• PCRE (PERL Compatible RegularExpression)

• Delimiter

o usually “/”, “#”, or “!”
o used at beginning and end of each pattern

• Literals are any characters

• Boundaries (examples)

^ start of a line

$ end of a line

\A start of a string

\Z end of a string

• Character classes delimited with [ ]

o built-in character classes; capitalization indicates absence (example)

\d digit

\D no digit

• “greediness”

o maximum match is returned

o usually need to use parentheses with alternatives

• Quantifiers (examples)

* any number of times

+ any number of times, but at least once

? 0 or 1 combination of ? with * or + makes non-greedy

• Pattern matching

o use the preg_match(pattern, string) function

o returns number of matches

o optional third param defines match

o preg_match_all() returns all matches o returns all matches in an array

• Replacing

preg_replace(search pattern, replace pattern, string)

In computing, a regular expression provides a concise and flexible means to “match” (specify and recognize) strings of text, such as particular characters, words, or patterns of characters.PHP has three sets of functions that allow you to work with regular expressions.

The most important set of regex functions start with preg. These functions are a PHP wrapper around the PCRE library (Perl-Compatible Regular Expressions). Anything said about the PCRE regex flavor in the regular expression tutorial on this website applies to PHP’s preg functions. You should use the preg functions for all new PHP code that uses regular expressions. PHP includes PCRE by default as of PHP 4.2.0 (April 2002).

The oldest set of regex functions are those that start with ereg. They implement POSIX Extended Regular Expressions, like the traditional UNIX egrep command. These functions are mainly for backward compatibility with PHP 3, and officially deprecated as of PHP 5.3.0. Many of the more modern regex features such as lazy quantifiers, lookaround and Unicode are not supported by the ereg functions. Don’t let the “extended” moniker fool you. The POSIX standard was defined in 1986, and regular expressions have come a long way since then.

The last set is a variant of the ereg set, prefixing mb_ for “multibyte” to the function names. While ereg treats the regex and subject string as a series of 8-bit characters, mb_ereg can work with multi-byte characters from various code pages. If you want your regex to treat Far East characters as individual characters, you’ll either need to use the mb_ereg functions, or the preg functions with the /u modifier. mb_ereg is available in PHP 4.2.0 and later. It uses the same POSIX ERE flavor.

Share