427
Further Reading
['valid_user'] is set. If the user is logged in, we show her the members’ content; oth-
erwise, we tell her that she is not authorized.
Finally we have the logout.php script that signs a user out of the system.The code
for this script is shown in Listing 20.6.
Listing 20.6 logout.php—This Script Deregisters the Session Variable and Destroys the
Session
<?php
session_start();
$old_user = $HTTP_SESSION_VARS['valid_user']; // store to test if they *were*
logged in
unset($HTTP_SESSION_VARS['valid_user']);
session_destroy();
?>
<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_user))
{
echo 'Logged out.<br />';
}
else
{
// if they weren't logged in but came to this page somehow
echo 'You were not logged in, and so have not been logged out.<br />';
}
?>
<a href="authmain.php">Back to main page</a>
</body>

</html>
The code’s very simple, but we do a little fancy footwork.We start a session, store the
user’s old username, unset the valid_user variable, and destroy the session.We then give
the user a message that will be different if she was logged out, or was not logged in to
begin with.
This simple set of scripts will form the basis for a lot of the work we’ll do in later
chapters.
Further Reading
Native sessions are new to PHP 4, but sessions have been provided by PHPLib for a
while.The best things to read for more information are the PHPLib homepage and the
25 525x ch20 1/24/03 2:57 PM Page 427
428
Chapter 20 Using Session Control in PHP
cookies specification.We’ve listed both these URLs earlier in the chapter, but we’ll
reprint them here for reference:
/> />Next
We ’re almost finished with this section of the book.
Before we move on to the projects, we’ll briefly discuss some of the useful odds and
ends of PHP that we haven’t covered elsewhere.
25 525x ch20 1/24/03 2:57 PM Page 428
21
Other Useful Features
SOME USEFUL
PHP FUNCTIONS AND FEATURES do not fit into any particular category.
This chapter will explain these features.
We ’ll look at
n
Using magic quotes
n
Evaluating strings with eval()

n
Te r minating execution: die and exit
n
Serialization
n
Getting information about the PHP environment
n
Temporarily altering the runtime environment
n
Loading PHP extensions
n
Source highlighting
Using Magic Quotes
You have probably noticed that you need to be careful when using quote symbols (' and
") and back slashes (\) within strings. PHP will get confused by an attempted string
statement like
echo "color = "#FFFFFF"";
and give a parse error.To include quotes inside a string, use the quote type that is differ-
ent from the quotes enclosing the string. For example
echo "color = '#FFFFFF'";
or
echo 'color = "#FFFFFF"';
will both be valid.
26 525x ch21 1/24/03 2:55 PM Page 429
430
Chapter 21 Other Useful Features
The same problem occurs with user input, as well as input and output to, or from, other
programs.
Tr ying to run a mysql query like
insert into company values ('Bob's Auto Parts');

will produce similar confusion in MySQL’s parser.
We have already looked at the use of addslashes() and stripslashes() that will
escape out any single quote, double quote, backslash, and NUL characters.
PHP has a useful capability to automatically or magically add and strip slashes for
you.With two settings in your php.ini file, you can turn on or off magic quoting for
GET, POST, cookie data, and for other sources.
The value of the magic_quotes_gpc directive controls whether magic quoting is used
for GET, POST, and cookie operations.
With magic_quotes_gpc on, if somebody typed "Bob's Auto Parts" into a form
on your site, your script would receive "Bob\'s Auto Parts" because the quote will be
escaped for you.
The function get_magic_quotes_gpc() returns either 1 or 0,telling you the current
value of magic_quotes_gpc.This is most useful for testing if you need to stripslash-
es() from data received from the user.
The value of
magic_quotes_runtime, controls whether magic quoting is used by
functions that get data from databases and files.
To get the value of magic_quotes_runtime, use the function
get_magic_quotes_runtime().This function returns either 1 or 0. Magic quoting can
be turned on for a particular script using the function set_magic_quotes_
runtime().
Evaluating Strings: eval()
The function eval() will evaluate a string as PHP code.
For example,
eval ( "echo 'Hello World';" );
will take the contents of the string and execute it.This line will produce the same out-
put as
echo 'Hello World';
There are a variety of cases in which eval() can be useful.You might want to store
blocks of code in a database, and retrieve and eval() them at a later point.You might

want to generate code in a loop, and then use eval() to execute it.
You can usefully use eval() to update or correct existing code. If you had a
large collection of scripts that needed a predictable change, it would be possible (but
26 525x ch21 1/24/03 2:55 PM Page 430
431
Serialization
inefficient) to write a script that loads an old script into a string, runs a regexp to make
changes, and then uses eval() to execute the modified script.
It is even conceivable that a very trusting person somewhere might want to allow
PHP code to be entered in a browser and executed on her server.
Te r minating Execution: die and exit
So far in this book we have used the language construct exit to stop execution of a
script. As you probably recall, it appears on a line by itself, like this:
exit;
It does not return anything.You can alternatively use its alias die().
For a slightly more useful termination, we can pass a parameter to exit().This can
be used to output an error message or execute a function before terminating a script.
This will be familiar to Perl programmers.
For example:
exit('Script ending now');
More commonly it is ored with a statement that might fail, such as opening a file or
connecting to a database:
mysql_query($query) or die('Could not execute query');
Instead of just printing an error message, you can call one last function before the script
terminates:
function err_msg()
{
echo 'MySQL error was: ';
echo mysql_error();
}

mysql_query($query) or die(err_msg());
This can be useful as a way of giving the user some reason why the script failed.
Alternatively, you could email yourself so that you know if a major error has occurred,
or add errors to a log file.
Serialization
Serialization is the process of turning anything you can store in a PHP variable or object
into a bytestream that can be stored in a database or passed along via a URL from page
to page.Without this, it is difficult to store or pass the entire contents of an array or
object.
It has decreased in usefulness since the introduction of session control. Serializing data
is principally used for the types of things you would now use session control for. In fact,
26 525x ch21 1/24/03 2:55 PM Page 431