‫اﻟﺘﻌﺎﻣـﻞ ﻣـﻊ اﻟﻨﻤﺎذج‬

PHP

Web Application Development

Mohammed 1
‫‪Outlines‬‬
‫ﺗﺨﺰﻳﻦ اﻟﻘﻴﻢ ﻓﻲ اﻟﻤﺘﻐﻴﺮات‬
‫اﻟﻤﺼﻔﻮﻓﺎت‬

‫‪2‬‬
HTML ‫ﺻﻔﺤﺔ‬ PHP ‫ﺻﻔﺤﺔ‬

Output ‫اﻟﺨﺮج‬

3
HTML ‫ﺻﻔﺤﺔ‬ PHP ‫ﺻﻔﺤﺔ‬

Output ‫اﻟﺨﺮج‬

4
 ‫‪$_SERVER‬‬
‫ﻋﺒﺎره ﻋﻦ ﻣﺘﻐﻴﺮ ﻋﺎم ﻳﻤﻜﻦ ﻣﻨﺎداﺗﻪ ﻣﻦ اي ﻣﻜﺎن ﻓﻲ‬
‫ﺻﻔﺤﺎت ‪php‬‬
‫ﻟﻪ ﻋﺪه ﻣﺘﻐﻴﺮات ﻣﻨﻬﺎ‬
‫‪PHP_SELF,REQUEST_METHOD‬‬
‫وﻏﻴﺮﻫﺎ اﻟﻜﺜﻴﺮ ﻣﻦ اﻟﻤﺘﻐﻴﺮات اﻟﺘﻲ ﺗﻔﻴﺪ ﻓﻲ ﻋﻤﻠﻴﻪ ﺗﻄﻮﻳﺮ‬
‫اﻟﻤﻮﻗﻊ‬

‫‪5‬‬
What is the $_SERVER["PHP_SELF"]
variable?
• The $_SERVER["PHP_SELF"] is a super
global variable that returns the filename of
the currently executing script.

• So, the $_SERVER["PHP_SELF"] sends the

6
 htmlspecialchars($_SERVER["
PHP_SELF"]);
• The htmlspecialchars() function converts
special characters to HTML entities. This
means that it will replace HTML
characters like < and > with &lt; and &gt;.
This prevents attackers from exploiting
the code by injecting HTML or Javascript
code (Cross-site Scripting attacks) in
forms.

7
 ‫"[‪htmlspecialchars($_SERVER‬‬
‫;)]"‪PHP_SELF‬‬
‫ﻫﻲ ﻋﺒﺎره ﻋﻦ داﻟﻪ ﺗﻌﻤﻞ ﻋﻠﻰ اﻟﺘﺤﻘﻖ ﻣﻦ أن اﻟﺮاﺑﻂ‬
‫اﻟﻤﺮﺳﻞ ﻻ ﻳﺤﺘﻮي ﻋﻠﻰ اي ﺣﺮوف ﺧﺎﺻﻪ ﻗﺪ ﺗﻌﻤﻞ ﻋﻠﻰ‬
‫اﺧﺘﺮاق اﻟﺼﻔﺤﻪ‬
‫ﺗﻌﻤﻞ ﻋﻠﻰ ﺗﺤﻮﻳﻞ اﻟﺤﺮوف اﻟﺨﺎﺻﻪ اﻟﻲ رﻣﻮزﻫﺎ اﻟﻌﺎدﻳﺔ‬

‫‪8‬‬
 htmlspecialchars($_SERVER["
PHP_SELF"]);
• http://www.example.com/test_form.php/
%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E
• :‫ﺳﻴﺘﻢ ﺗﺮﺟﻤﻪ اﻟﻜﻮد اﻟﻲ اﻟﻜﻮد اﻻﺗﻲ‬
• <form method="post" action="test_form.php/">
<script>alert('hacked')</script>

• htmlspecialchars ‫ﻳﺘﻢ ﺗﺠﻨﺐ اﻟﻤﺸﻜﻠﻪ ﻋﻦ ﻃﺮﻳﻖ اﺳﺘﺨﺪام‬

• <form method="post" action="test_form.php/&quot;

9
 PHP - Required Fields
‫ ﻓﺈﻧﻪ‬php ‫ﻋﻨﺪ ﻋﻤﻞ ﺗﺤﻘﻖ ﻣﻦ اﻟﺤﻘﻮل وﻟﻜﻦ ﻋﻦ ﻃﺮﻳﻖ‬
<?php : ‫ﻳﺘﻢ اﻟﺘﺤﻘﻖ ﻋﻦ ﻃﺮﻳﻖ اﻻﺗﻲ‬
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $websiteErr = "";
$name = $email = $gender = $comment = $website = ""
;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
} 10
11
12
date(format,timestamp)

PHP DATE AND TIME

13
 Date
‫ﺗﺴﺘﺨﺪم ﻹﻇﻬﺎر اﻟﻮﻗﺖ واﻟﺘﺎرﻳﺦ ﺣﺴﺐ اﻟﻤﻨﻄﻘﺔ اﻟﺰﻣﻨﻴﺔ‬
Syntax : format
date(format,timestamp)
: ‫وﺗﺤﺪد ﺻﻴﻐﺔ ﻛﺘﺎﺑﺔ اﻟﻮﻗﺖ‬
d - Represents the day of the
month (01 to 31)
m - Represents a month (01 to
12)
Y - Represents a year (in four
digits)
l (lowercase 'L') - Represents the
day of the week 14
 Date
• .
<?php
echo "Today is " . date("Y/m/d") . "
<br>";
echo "Today is " . date("Y.m.d") . "
<br>";
echo "Today is " . date("Y-m-d") . "
<br>";
echo "Today is " . date("l");
?>

15
 Time
H - 24-hour format of an hour (00 to 23)
h - 12-hour format of an hour with leading
zeros (01 to 12)
i - Minutes with leading zeros (00 to 59)
s - Seconds with leading zeros (00 to 59)
a - Lowercase Ante meridiem and Post
meridiem (am or pm) <?php
echo "The time is " .
date("h:i:sa");
?> 16
 strtotime()
Syntax ‫ﺗﻌﻤﻞ ﻋﻠﻰ ﺗﺤﻮﻳﻞ اﻟﺘﺎرﻳﺦ ﻣﻦ‬
strtotime(time, now)
‫ﻧﺺ ﻳﻘﺮأ اﻟﻲ ﺗﺎرﻳﺦ رﻗﻤﻲ‬
<?php
$d=strtotime("10:30pm
April 15 2014");
echo "Created date is " .
date("Y-m-d h:i:sa", $d);
?>

17
 strtotime()
‫ ذﻛﻴﻪ ﺟﺪا ﻓﻲ ﻋﻤﻠﻴﺔ ﺗﺤﻮﻳﻞ اﻟﻨﺼﻮص اﻟﻲ‬php ‫ﺗﻌﺘﺒﺮ‬
:‫ ﻟﺬﻟﻚ ﻳﻤﻜﻦ ان ﻧﻜﺘﺒﻬﺎ ﻓﻲ ﻋﺪه ﺻﻴﻎ ك اﻻﺗﻲ‬،‫ﺗﺎرﻳﺦ‬
<?php
$d=strtotime("tomorrow");
echo date("Y-m-d h:i:sa", $d) . "<br>";
$d=strtotime("next Saturday");
echo date("Y-m-d h:i:sa", $d) . "<br>";
$d=strtotime("+3 Months");
echo date("Y-m-d h:i:sa", $d) . "<br>";
?>
18
Include and Require

PHP INCLUDE FILES

19
 ‫‪Include and Require‬‬
‫ﺗﻌﻤﻞ اﻟﻌﺒﺎرﺗﻴﻦ ﻋﻠﻰ ﻧﺴﺦ ﻛﻞ اﻟﻤﻮﺟﻮد ﻓﻲ اﻟﻤﻠﻒ اﻟﻤﻘﺼﻮد‬
‫اﻟﻲ اﻟﺼﻔﺤﻪ اﻟﺘﻲ ﺗﺤﺘﻮي ﻋﻠﻰ ﻋﺒﺎرة‪Include or‬‬
‫‪require‬‬

‫ﺗﻀﻤﻴﻦ اﻟﻤﻠﻔﺎت ﻣﻔﻴﺪ ﺟﺪا ﻋﻨﺪ إﻋﺎدة اﺳﺘﺨﺪام ﺑﻌﺾ‬

‫‪20‬‬
 Include and Require
‫اﻟﻌﺒﺎرﺗﻴﻦ ﻟﻬﻤﺎ ﻧﻔﺲ اﻻﺳﺘﺨﺪام ﻣﺎﻋﺪا ﻋﻨﺪ ﺣﺪوث ﺧﻄﺄ ﻓﺎن‬
require
‫ﺗﻈﻬﺮ ﺧﻄﺄ وﺗﻮﻗﻒ اﻟﺘﻨﻔﻴﺬ‬
will produce a fatal error (E_COMPILE_ERROR)
and stop the script

include
‫ﺗﻈﻬﺮ ﺗﺤﺬﻳﺮ وﺗﻮاﺻﻞ اﻟﺘﻨﻔﻴﺬ‬
will only produce a warning (E_WARNING) and
the script will continue
21
 Include and Require
include 'filename'; ‫اﻟﺼﻴﻐﺔ اﻟﻌﺎﻣﻪ‬
or
require 'filename';

22
 ‫ ﻓﻔﻲ ﻫﺬه‬،‫ﻧﻔﺘﺮض ان ﻟﻠﻤﻮﻗﻊ ﺗﺬﻳﻴﻞ ﻣﺤﺪد ﻟﻜﻞ اﻟﺼﻔﺤﺎت‬
‫اﻟﺤﺎﻟﻪ ﻳﻤﻜﻦ ﻋﻤﻞ ﻫﺬا اﻟﺘﺬﻳﻴﻞ ﻓﻲ ﺻﻔﺤﻪ واﺣﺪه وﺗﻈﻤﻴﻨﻪ‬
: ‫ﻓﻲ ﻛﻞ اﻟﺼﻔﺤﺎت ك اﻻﺗﻲ‬
<html>
footer.php <body>
<?php <h1>Welcome to my home
echo "<p>Copyright &copy; page!</h1>
2021-" . date("Y") . " <p>Some text.</p>
mohammed.com</p>"; <p>Some more text.</p>
?> <?php include 'footer.php';?>
</body>
</html> 23
24
<?php
$color='red';
$car='BMW';
?>
include ‫ﺳﻴﺘﻢ ﺗﻨﻔﻴﺬ‬
‫وﻓﻲ ﺣﺎﻟﻪ ﻋﺪم وﺟﻮد ااﻟﻤﻠﻒ‬
<html>
<body> ‫ﺳﻴﺘﻢ ﻣﻮاﺻﻠﻪ اﻟﺘﻨﻔﻴﺬ دون‬
<h1>Welcome !</h1> ‫اﻟﺘﻮﻗﻒ وإﻇﻬﺎر ﺗﺤﺬﻳﺮ ﻓﻘﻂ‬
<?php include
'noFileExists.php';
echo "I have a $color
$car.";
?>
</body>
</html> 25
<?php
$color='red';
$car='BMW';
?>
‫ﻫﻨﺎ ﻟﻦ ﻳﺘﻢ ﻣﺘﺎﺑﻌﺔ اﻟﺘﻨﻔﻴﺬ ﻻﻧﻪ‬
‫ﻻﺑﺪ ﻣﻦ وﺟﻮد اﻟﻤﻠﻒ وﺗﻀﻤﻴﻨﻪ‬
<html>
<body> ‫ واﻻ ﻓﺈﻧﻪ ﺳﻴﺘﻢ‬،‫داﺧﻞ اﻟﺼﻔﺤﺔ‬
<h1>Welcome !</h1> ‫إﻳﻘﺎف اﻟﺘﻨﻔﻴﺬ‬
<?php require
'noFileExists.php';
echo "I have a $color
$car.";
?>
</body>
</html> 26