[FAQ] FAQ Thread (Rev 4)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

  This is the FAQ thread where the FAQ compilation project goes.
  * If you wish to improve the contents, please copy the whole content,
fix it and then post it. When posting, please change the revision
number (increase by 1) in the subject line.
  * If you want to comment, do it without changing the subject line.
  * Do NOT add new question and answers here. Add here only after
posting it to the separate thread; subject line should begin with
"[FAQ]" tag, for example: [FAQ] What is foo?
  * Always use www.example.com for example URLs.
URL grabbing:
Q: How do I retrieve a page from a web site?
A: Pass a URL to file() or file_get_contents(). The former returns the
contents as an array of lines. The latter returns the same as string.


$html = file_get_contents('http://www.example.com ');

Q: How do I retrieve a page from a web site that does browser
A: Use ini_set() to change the configuration option "user_agent." This
the User-Agent header sent by PHP.


ini_set('user_agent', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
$html = file_get_contents('http://www.example.com ');

Q: How do I retrieve a page from a web site that requires a cookie?
A: Use stream_context_create() to create a HTTP context with Cookie as
one of the headers. Then, if you are coding in PHP 5, pass the context to
file() or file_get_contents() as the third parameter. In PHP 4 either
accepts a context, so you need to open the URL with fopen() and
retrieve the data a chunk at a time with fread().


$opts = array(
        "Accept-language: en\r\n" .
        "Cookie: foo=bar\r\n"

$context = stream_context_create($opts);
$f = fopen($url, "rb", false, $context);
while($data = fread($f, 1024)) {
    echo $data;

stream_context_create() is available in PHP 4.3.0 and above. If you are
using an older version, you would need the cURL functions or use fsockopen()
to open the connection and send the cookie header with fputs().

Example 1:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER,
                         array("Cookie: foo=bar"));

Example 2:

$fp = fsockopen($host, $port);
fputs($fp, "GET / HTTP/1.0\r\n");
fputs($fp, "Host: $host\r\n");
fputs($fp, "Cookie: foo=bar\r\n\r\n");

while ($data = fgets($fp, 1024)) {
    echo $data;

Q: How do I get the address of the referrer?

A: With the variable $_SERVER['HTTP_REFERER'].  However, two

1. A request might not have a Referer header, in which case
the variable would not be set.  Some browsers do not send
Referer headers, for example, while others can be configured
not to.

'The Refer field MUST NOT be sent if the Request-URI was
obtained from a source that does not have its own URI, such
as input from the user keyboard.'  [HTTP/1.1]

2. A Referer header can be faked.  The information might not
be genuine.

Warning:  As with all input, you should be cautious over the
value of $_SERVER['HTTP_REFERER'].

Note:  The Referer header is misspelt; the word in English
is 'referrer', with four r's.  As the misspelling has made
it into the HTTP specification, it is too late to correct
Register Globals:
Q: Why PHP not parsing forms?
Q: Why form variables not getting posted?
Q: Why form variables are always empty?

Quoted text here. Click to load it

Since 4.2.0 register_globals [1] is off by default due to security
reasons [2]. One should use super globals (introduced in 4.1.0) instead
to get to user supplied data [3]. So either fix:

-fix your code [4]:
  if(isset($_POST['submit']) && $_POST['submit']=="click")
   echo 'Hello, '.$_POST['UserName'];
-quick&dirty hack:
 in the global scope.
-enable register_globals

1: http://www.php.net/manual/en/ini.core.php#ini.register-globals
2: http://www.php.net/manual/en/security.globals.php
4: $_POST['UserName'] should offcourse be escaped properly (with
   htmlspecialchars in this particular case).

Q: Why HTML is trunctating PHP text? As in

Quoted text here. Click to load it

Take a look at the source (the first place you should look to see what
PHP is actually doing) and you will see it's all there as:
<input type="text" name="T1" value=Mary had a little lamb>

See the html specs on attributes (that is what value is):

To make a long boring spec short:

The value should be surrounded by quotes if it contains whitespaces,
the quotes used to delimit should be escaped within the value.

   <input type="text" name="T1" value="<?php echo $test;?>">
   <input type="text" name="T1" value='<?php echo $test;?>'>

would be fine in this case, but will fail if there are quotes in $test:

$test = "The lamb will soon be Mary's little \"ham\"";

will break either quoting style unless escaped with:
<input type="text" name="T1" value='<?php echo

Q: What does @ (at-sign) do?
A: @ is an operator, which, when prepended to an expression,
suppresses error messages. However the usage is discouraged.



  $x = 'a';
Q. How do I differentiate an empty string or numeric zero from false?
A. Use the === operator.

Q. I'm using the GD functions to create thumbnail images. Why am I
such crummy results?

A. imagecopyresized() does not do a very good job scaling down images.
imagecopyresampled() instead. If you are already using
the problem might be that the destination image has limited color
Create it with imagecreatetruecolor() instead of imagecreate().
Q. Where can I find PHP programming jobs?
A. Like Bigfoot, the Loch Ness Monster, and alien abductions, PHP jobs
are a
myth. The truth is, no one will pay you to program in PHP. If someone
you he works as a PHP programmer, he is probably a spy.

A: --todo-- The above answer remains for historical reasons;-)
Q: Why am I getting the error message 'Headers already sent'?

If you get this error your script flow is broken (in most cases). Using
OB is nothing more than hiding the symptoms of the error.

The error tells you where the real problem lies:
3://do stuff
4:echo "redirecting";
6://do more stuff
8:header("Location: http://localhost/");

will produce the error:

Warning: Cannot modify header information - headers already sent by
(output started at /path/to/script.php:4) in /path/to/script.php on
line 8

What is really is trying to say:

Error: line 8 at /path/to/script.php can't send headers. The problem is
at line 4 in /path/to/script.php, it produced some output to the client
so I already had sent all headers before getting to line 8.

But since you already have all required userinput you should find out
wheter you need to sent additional headers (like a redirect) before
outputting anything to the client. So the equivalent script with
top down flow would be:
4:header("Location: http://localhost/");
8:echo "condition was false";

The following script:
2://do stuff


A: PHP produces this error message when you try to set a header for a
page after you have already started sending out the content of the

Web content is always delivered with a few headers at the top, ending
with a
blank line. For example, a web page might start like this:

Quoted text here. Click to load it

Once you have started sending the content of a document, you can't add
more headers because they won't appear at the top.

To get round this problem, use PHP's output control functions to buffer
output before it is sent. For example, you can generate a
header as follows:

Quoted text here. Click to load it

Q. After turning on output buffering I am still getting 'Headers
sent.' What the?
A. Something, somewhere is sent to the browser prior to the call to

One possible culprit is white-spaces contained in an included file. To
this, move the call to ob_start() ahead of any include/require

Another possible culprit is UTF-8 encoding. Unicode-capable editor
place an invisible character at the beginning of a UTF-8 text file to
it as UTF-8. This character will be output before any PHP statements
executed. To fix this, resave the file as ASCII.

The character in question is the zero-width non-breaking space
(U+FFEF). In
UTF-16 text it's used as a byte order indicator. In UTF-8 it's just a
signature. If you leave it out then an editor might not be able to
sniff out the encoding, leaving to other problems.

Error reporting:
Q: Why I don't get any errors?
A: You might have turned the "display errors" off. Turn it on:
  1. By changing 'display_errors' to true in php.ini (May require
Apache restart if it is mod_php)
  2. Or with the ini_set('display_errors', 1) via script


Q: Why certain errors are not displayed?
A: The error reporting level might be low. Set it to higher value; via
script error_reporting(E_ALL|E_STRICT)

Q: How to implement a login system?
A: Use sessions. When the user logins, store the session id in the
database and then compare the current session id with the one stored in
the database on every page. May also check IP; but it may break if the
user is behind proxy.

http://www.mt-dev.com/2002/07/creating-a-secure-php-login-script /
http://www.mt-dev.com/2002/09/php-login-script /

@todo Info about other authentications, better link to the login
implementation (above links use obsolete style)
Q: How to find the logged in users?
Q: How to find the number of logged in users?

A: If you use session based authentication/login mechanism, it is quite
easy when you use custom-DB-based session--so that the session
variables will be stored in database instead of default files. As the
session will be available in the database table, it is easy to query
it/count the number of sessions or records.

Chung Leong
John Dunlop
Daniel Tryba
Alan Little
Philip Ronan
Jan Pieter Kunst

@revision Combined texts. Changed the example URL to www.example.com
@todo Cleanup. Grammar fix. Find proper heading.

Site Timeline