PHP: Difference between revisions

From pronounmail wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(One intermediate revision by one other user not shown)
Line 23: Line 23:
  <nowiki></p></nowiki>
  <nowiki></p></nowiki>


Note that if you're rendering user input in this way, you should wrap it in the <code>[https://www.php.net/manual/en/function.strip-tags.php strip_tags]</code> function, lest you become vulnerable to an [[wikipedia:Cross-site_scripting|XSS (Cross-site scripting)]] attack in which a nasty fellow inputs evil HTML to make your site go bad and rotten like a hard-boiled egg.
Note that if you're rendering user input in this way, you should wrap it in the <code>[https://www.php.net/manual/en/function.htmlspecialchars.php htmlspecialchars]</code> function, lest you become vulnerable to an [[wikipedia:Cross-site_scripting|XSS (Cross-site scripting)]] attack in which a nasty fellow inputs [[:Category:Evil Pages|evil]] HTML to make your site go [[:Category:Bad pages|bad]] and rotten like a hard-boiled egg.
[[Category:Pages with some amount of information in them]]
[[Category:Pages with some amount of information in them]]

Latest revision as of 18:45, 4 September 2024

PHP stands for Phantastic Programming. You can use it to make things happen on pages.

It's different from JavaScript because JavaScript runs in your browser and PHP runs somewhere else I don't know where.They won't tell me where it runs.

Having a PHP

You can make a php script by calling it something.php. It's a good idea to actually call it something/index.php so the URL remains the same if you decide to stop using PHP (a wise choice).

Writing a PHP

You can write a PHP script like this:

<?php
echo "this is my cool script";

There's a pretty okay guide on the PHP website.

The <?php bit tells PHP you're about to write some PHP. You can stop writing PHP and start writing HTML with ?>.

Sometimes you'll want to insert some values from PHPland into your HTML, which you can do like this:

<?php
$my_value = "hello!";
?>

<p>
  <?= $my_value ?>
</p>

Note that if you're rendering user input in this way, you should wrap it in the htmlspecialchars function, lest you become vulnerable to an XSS (Cross-site scripting) attack in which a nasty fellow inputs evil HTML to make your site go bad and rotten like a hard-boiled egg.