File Extensions

For our purposes we can make the following rule:

Even though PHP programs are embedded in HTML, you should save PHP programs in a file with a ".php" extension, not a ".html" extension.

This rule helps those who are new to PHP distinguish between PHP and HTML files. It is also a good rule for beginners to remember since they might find themselves throwing PHP code into an old ".html" file and not knowing why they see the code itself, as opposed to its output. We will use the above rule in this tutorial and all of our examples will be in ".php" files.

The exception to the above rule is that PHP can be configured on a server in a variety of ways. So, it is possible for a file containing PHP code that ends in ".xyz" to be executed on a server provided that the server has been configured to recognize files of that extension.

As of PHP version 4, the default extension of a PHP file is ".php" and this format has become the most popular format to expect PHP code in. You might run into older code however, so some extensions you should be aware of are ".php3", ".phtml", ".html", and ".inc". The final format, ".inc", was used in the past for imported libaries. We will discuss imported libararies at a later time, but this format is not recomended, unless you specifically want to make your active code viewable to everyone.

The relevance of the extension applies to the PHP environment that you are working in. When a file is requested by a client's web browser, the web server will transmit the file to the client. Usually a client is just requesting an HTML file so the webserver will send it directly. However, If a client requests a PHP file the webserver will process the PHP code before it sends the file and then send the output of the PHP code along with the file. Whether or not webserver will scan certain files for PHP code to be executed will depend on the file's extension. So if you don't use the propper extension, your PHP code will not be executed.

File Locations

PHP files must be saved in a directory that is viewable from the web. This means that (unless you have been give write access to the htdocs directory or a directory like it) that you should save your web viewable PHP files in your public_html directory. This is at least the case on a Unix flavored system (in the case of blender, GNU/Linux). The exercises from our class will be run in a sub directory of public_html called php, but you are free to save your PHP scripts in public_html or any of its subdirectories.

Using a WSYWIG

This tutorial will focus on writing your PHP directly in a text editor. It is possible to use a What-You-See-Is-What-You-Get (WYSIWYG) Editor to create your PHP based webpages, but it is not recomended.

If your WSYWIG will allow you to save ".php" files and will allow you to edit your HTML code directly so that you can embed PHP code in them, I don't see why you couldn't use it to write PHP code. However, this would not be an efficient way to work, since you wouldn't be able to run your PHP code until you had FTP'd it to the server.

Usually with a WSYWIG you "preview" your page before you "publish" it, by viewing it's HTML in a browser. In these previewing cases, you ask your browser to look at the HTML and there is no server involved. If you were to preview your WSYWIG file with embedded PHP, what would run the PHP? You would have to install PHP on your local machine (your PC) to have it run the code so that it would work with your WSYWIG. Instead, it makes more sense to just edit the file directly on the server and then reload it with your browser so that your PHP can be executed.

PHP is a scripting language. It focuses on the logic of how a page responds to user input, not how the page looks. How the page looks is an issue of HTML. You can make your PHP automate your HTML but there is no WSYWIG to capture the abstact idea of writing a PHP script.

If you have pages that were made with a WSYWIG that you are interested in automating with PHP, I would recommend that you study the pages (after you complete this tutorial) to learn how to modularize them. You could then copy and paste the HTML that your WSYWIG would use for a template into a PHP function, and then call that function whenever you need that look. So, you could use a WSYWIG to design your page, but then chop it up and let PHP manage the look of your page so that you could again focus on the content.

PHP vs Implementing your own CGI

PHP can be thought of as a safer implementation of CGI. CGI (Common Gateway Interface) is a standard (not a language) by which programs can be run over the web to implement dynamic pages. When someone implements a CGI script they typically write code in C, Perl, Python, or any shell script, and then allow that code to be executed by a web server.

On some Unix systems an administrator will not let there users implement their own CGI programs, because unless a CGI programmer is experienced, he/she might unintentionally open security holes which could allow someone to trick the system into executing commands or giving out sensitive information. For more information on CGI security problems see the W3 CGI FAQ. So, on the average machine that you will find yourself working on, rights to implement CGI might not be available. In comparison, given the Netcraft PHP Usage Survey it is becoming more probable that they web system you work on will run PHP.

PHP is a separate language that happens to be written in C, but it does not allow its users direct access to the C code beneath, so they are not likely to make a mistake which might allow for a buffer overflow. Since it is a somewhat high level language, it does not allow for many of the common exploits that people can use to break into a system. You can think of it as a CGI implementation that gives its users tools which won't be easily exploited. It is designed specifically to be a more secure language for writing CGI programs than Perl or C and is also more intuitive to use, since you embed it in the HTML that your page revolves around.

However, don't think that any script you write is bullet proof just becuase you used PHP. We are in the beginning of the course so it would not make sense to talk about PHP security at this point, but when you get better at PHP and when you start writing applications that people actually depend on, you should have look at Chapter 12 of the O'Reilly book Programming PHP.

Your Own PHP Server

This tutorial is oriented towards running PHP on CCIP's GNU/Linux System, blender. However, as long as you own a computer there is nothing to stop you from setting up your own webserver, which is a good experience for any aspiring webmaster. This tutorial will not cover this topic directly, but you should be aware of this option as supplementary information.

I have an informal document (by this I mean that it is not official documentation) that shows how you can setup a webserver with PHP/MySQL and some other software. To see this informal document, click here. As broadband internet service becomes more popular in homes (via DSL or Cablemodem), more and more people are taking advantage of this opportunity. It is even possible to setup a webserver that only serves to itself (localhost), so that even if you don't have access to broadband interent you can still learn to configure you own webserver.

Putting Things in Place

We are about to program in PHP! First, however we need to put things in place. Our PHP scripts for this course will be hosted on blender so please use the SSH client to make a secure connection to blender. Once you have a connection to blender you should have a prompt on which you can type commands.

There is a class preparation script on blender which will create a public_html directory for you (in the case that you don't have one). It will also create a php sub-directory, which contains the examples for our class. It is not required that you run the script, but it is recommended since our future examples will assume that you have run it. None of your files will be overwritten as a result of running the script. To run the script type the following:

~jfulton/classprep

The script will notify you of its status as it runs and you should see the message "class preparation successful" when it is done.