The following statements demonstrate how to include and

exclude numeric characters from a pattern match using the

\d (digit) and \D (not a digit) character types:

preg_match("/\d/",

preg_match("/\d/",

preg_match("/\D/",

preg_match("/\D/",

"5");

"A");

"5");

"A");

//

//

//

//

returns

returns

returns

returns

1

0

0

1

169

As a more complex example, the following statement demonstrates

how to compose the e-mail validation regular expression with class

expressions:

preg_match("/^[\w-]+(\.[\w-]+)*@[\w-

]+(\.[\w-]+)*(\.[a-zA-Z]{2,})$/", $Email);

Matching Multiple Pattern Choices

To allow a string to contain an alternate set of patterns, you separate

the strings in a regular expression pattern with the | metacharacter.

This is essentially the same as using the Or operator (||) to perform

multiple evaluations in a conditional expression. For example, to

allow a string to contain either “vegetarian” or “vegan,” you include

the pattern vegetarian | vegan.

The following code demonstrates how to check whether a top-level

domain at the end of a string contains a required value of either .com,

.org, or .net. The first statement returns a value of 0 because the URL con-

tains a top-level domain of .gov, whereas the second statement returns a

Value of 1 because the top-level domain contains a valid value of .Com.

echo preg_match("/\.(com|org|net)$/i",

"http://www.dongosselin.gov"); // returns 0

Pattern Modifiers

PCRE patterns may be followed by optional pattern modifiers.

Pattern modifiers are letters placed after the closing delimiter that

change the default rules for interpreting matches. The most common

pattern modifier is i, which indicates that the case of a letter does

not matter when searching. Some other pattern modifiers change

how newline characters affect searches. For example, newline char-

acters typically divide an input string into search strings. The m pat-

tern modifier allows searches across newline characters. Also, the s

pattern modifier changes how the . (period) metacharacter works.

Normally, the . metacharacter does not match the newline character,

but it will with the s modifier.

Manipulating Strings

To modify the validateAddress() function so that it uses regular

expressions instead of the strpos() function to check the format of

the e-mail addresses in the e-mail script:

1.

170

2.

Return to the PHPEmail.php script in your text editor.

Modify the conditional expression in the if statement within

the validateAddress() function so it uses the preg_match()

function instead of the strpos() function, as follows:

if (preg_match("/^[\w-]+(\.[\w-]+)*@" .

"[\w-]+(\.[\w-]+)*(\.[[A-Za-z]{2,})$/i",

3.

Save the PHPEmail.php file, upload it to the server, and then

open the file in your Web browser by entering the following URL:

http://<yourserver>/PHP_Projects/Chapter.03/Chapter/

PHPEmail.php. As shown in Figure 3-21, more invalid mes-

sages were found using regular expressions.

Figure 3-21

Output of PHPEmail.php using regular expressions

4.

Close your Web browser window.

Short Quiz

1.

What character is used to match any single character in a

pattern?

How do you specify that you want to ensure that a string con-

tains an actual period and not just any character?

2.

3.

Describe the purpose of quantifiers in determining if a string

matches a pattern.

How are subexpressions or subpatterns used in a regular

expression?

Describe the purpose of the | metacharacter.

171

4.

5.

Summing Up

• The concatenation operator (

• An escape character tells the compiler or interpreter that the

• Simple string syntax allows you to use the value of a variable

• The type of structure in which variables are placed within curly

• The most commonly used string-counting function is the

• The

• The

• The

• When applied to text strings, the term “parsing” refers to the act of

• There are two types of string search and extraction functions:

• You use the

Manipulating Strings

• The

• You use the

172

• The

• The

• The

• You can use the

• Regular expressions are a pattern of specially formatted strings

• Regular expressions are made up of both literal characters and spe-

• In a regular expression, a backslash character is used to match

• Quantifiers are metacharacters that specify the number of times a

• Subexpressions are characters contained in parentheses within a

• A character class is a set of multiple characters enclosed in square

• The

Comprehension Check

1.

Which of the following echo statements is invalid?

a. echo "<p>Welcome to the *combat zone*!</p>";

b. echo '<p>Welcome to the "combat zone"!</p>';

c. echo "<p>Welcome to the 'combat zone'!</p>";

d. echo '<p>Welcome to the 'combat zone'!</p>';

2.

Which of the following operators can be used with strings?

(Choose all that apply.)

a. .

b. ==

c. .=

d. +=

3.

4.

Explain why you need to use escape characters in strings.

What is the escape sequence for a single quotation mark?

a. \\

b. \'

c. \~

d. There is no escape sequence for a single quotation mark.

5.

Which of the following character sets do you use for complex

string syntax?

a. {}

b. []

c. ()

d. // //

6.

Explain why you need to use complex string syntax. Be sure

to include an example.

If you include an array within a text string, you need to use

complex string syntax. True or False?

Which of the following functions returns the length of

a string?

a. strlen()

b. strspn()

c. substr_count()

d. strcspn()

173

7.

8.

Manipulating Strings

9.

Which of the following functions performs a case-sensitive

search for specified characters in a string and returns a sub-

string from the last occurrence of the specified characters to

the end of the string?

a. substr()

174

b. strstr()

c. strrchr()

d. strpos()

10. Explain the difference between the two types of extraction

functions.

11. Explain how to determine whether the strpos() function

(and other string functions) actually returns a Boolean value

12. Which of the following functions allows you to replace

characters within a specified portion of a string?

a. str_ireplace()

b. str_replace()

c. substr_replace()

d. strstr()

13. Explain how to use the strtok() function to break a string

into tokens and then navigate through each token.

14. If you specify an empty string as the second argument of the

strtok() function, or if the string does not contain any of the

separators you specify, the

15. Which of the following functions splits each character in a

string into an array element?

a. str_split()

b. split()

c. explode()

d. implode()

16. String comparison operators and most string comparison

functions compare individual characters according to their

17. Which of the following functions returns the number of char-

acters you need to change for two strings to be the same?

a. similar_text()

b. levenshtein()

c. soundex()

d. metaphone()

18. Which of the following quantifiers can be used to specify the

quantity of a match in a regular expression? (Choose all that

a. question mark (?)

b. minus sign (-)

c. asterisk (*)

d. plus sign (+)

19. A \. is used to match any single character in a pattern. True

or False?

20. Which of the following character pairs match characters at

the beginning and end of a string in a regular expression?

a. \* and *\

b. || and ||

c. ^ and $

d. # and #

175

Reinforcement Exercises

Exercise 3-1

In this project, you will create a script that validates whether a credit

card number contains only integers. The script will remove dashes

and spaces from the string. After the dashes and spaces are removed,

the script should reject the credit card number if it contains any other

non-numeric characters.

Manipulating Strings

1.

2.

Create a new document in your text editor.

Type the <!DOCTYPE> declaration, <html> element, document

head, and <body> element. Use the strict DTD and “Validate

Credit Card” as the content of the <title> element.

Add the following text and elements to the document body:

<h1>Validate Credit Card</h1><hr />

176

3.

4.

Add the following script section to the document body:

<?php

?>

5.

Declare a $CreditCard array that contains three values: an

empty string, a valid credit card number with numbers and

dashes, and a credit card number with four initial uppercase

letter Os.

$CreditCard = array(

"",

6.

Add the following statements to iterate through each of the

elements in the $CreditCard array to determine if the ele-

ment contains a value.

foreach ($CreditCard as $CardNumber) {

if (empty($CardNumber))

7.

Add the following else clause to validate the credit card number.

The code uses str_replace() functions to remove any dashes

and spaces in the number. Then, a nested if...else statement

checks whether the new value is numeric. If the number is not

numeric, a warning is displayed. If the number is numeric, the

modified credit card number is displayed in the Web browser.

else {

$CreditCardNumber = $CardNumber;

else

echo "<p>Credit Card Number " .

$CreditCardNumber . " is a valid

}

}

8.

Save the document as ValidateCreditCard.php in the

Projects directory for Chapter 3 and upload the file to the

server.

Open ValidateCreditCard.php in your Web browser by enter-

ing the following URL:

http://<yourserver>/PHP_Projects/Chapter.03/Projects/

ValidateCreditCard.php. Test the script to see if it displays a

message for an empty string, strips dashes and spaces from

the credit card numbers, and identifies which credit card

numbers are valid.

177

9.

10. Close your Web browser window.

Exercise 3-2

In this project, you will create a script that uses comparison operators

and functions to compare two strings to see if they are the same.

1.

2.

Create a new document in your text editor.

Type the <!DOCTYPE> declaration, <html> element, document

head, and <body> element. Use the strict DTD and “Compare

Strings” as the content of the <title> element.

Add the following text and elements to the document body:

<h1>Compare Strings</h1><hr />

3.

4.

Add the following script section to the document body:

<?php

?>

5.

In the script section, declare and initialize two string

variables:

$firstString = "Geek2Geek";

$secondString = "Geezer2Geek"

Manipulating Strings

6.

178

Add the following if statement to the script section. If both

the $firstString and $secondString contain a value, the

statements in the if statement execute. The nested if state-

ment uses the comparison operator (==) to determine if both

strings are the same. If the strings are not the same, the else

clause uses the similar_text() and levenshtein() func-

tions to compare the strings.

if ( !empty($firstString) && !empty($secondString)) {

if ($firstString == $secondString)

7.

At the end of the script section, add the following else

clause, which executes if either the $firstString or the

$secondString contains an empty value.

else

echo "<p>Either the \$firstString variable or

the \$secondString variable does not

8.

Save the document as CompareStrings.php in the Projects

directory for Chapter 3 and upload the file to the server.

Open CompareStrings.php in your Web browser by entering

the following URL:

http://<yourserver>/PHP_Projects/Chapter.03/Projects/

CompareStrings.php.

9.

10. Close your Web browser window.

Exercise 3-3

In this project, you will create a script that uses regular expressions

to validate that an e-mail address is valid for delivery to a user at

example.org. For an e-mail address to be in the correct format, only

username or first.last may appear before the @ symbol, and only

example.org or mail.example.org may appear after the @ symbol.

1.

2.

Create a new document in your text editor.

Type the <!DOCTYPE> declaration, <html> element, document

head, and <body> element. Use the strict DTD and “Validate

Local Address” as the content of the <title> element.

Add the following text and elements to the document body:

<h1>Validate Local Address</h1><hr />

179

3.

4.

Add the following script section to the document body:

<?php

?>

5.

In the script section, declare an $email array that contains

five e-mail addresses:

$email = array(

"jsmith123@example.org",

6.

Add the following statements to iterate through each of

the elements in the $email array to determine if it is in the

correct format:

foreach ($email as $emailAddress){

echo "The email address “" . $emailAddress .

7.

Save the document as ValidateLocalAddress.php in the

Projects directory for Chapter 3 and upload the file to

the server.

Open ValidateLocalAddress.php in your Web browser by

entering the following URL:

http://<yourserver>/PHP_Projects/Chapter.03/Projects/

ValidateLocalAddress.php. Test the script to see if it specifies

8.

Manipulating Strings

which e-mail addresses are valid and which are not. The sec-

ond and fourth e-mail addresses should be invalid.

9.

180

Close your Web browser window.

Exercise 3-4

A palindrome is a word or phrase that is identical forward or back-

ward, such as the word “racecar.” A standard palindrome is similar to a

perfect palindrome, except that spaces and punctuation are ignored in

a standard palindrome. For example, “Madam, I’m Adam” is a standard

palindrome because the characters are identical forward or backward,

provided you remove the spaces and punctuation marks. Write a script

that checks words or phrases stored in two separate string variables to

determine if they are a perfect palindrome. If you feel ambitious, see if

you can modify the program to check for standard palindromes. Save

the perfect palindrome script as PerfectPalindrome.php and the

standard palindrome script as StandardPalindrome.php.

Exercise 3-5

Write a PHP program that checks the elements of a string array

named $Passwords. Use regular expressions to test whether each ele-

ment is a strong password.

For this exercise, a strong password must have at least one number,

one lowercase letter, one uppercase letter, no spaces, and at least one

character that is not a letter or number. (Hint: Use the [^0-9A-Za-z]

character class.) The string should also be between 8 and 16 charac-

ters long.

The $Passwords array should contain at least 10 elements, and at

least six of the elements should fail. Ensure that one entry fails each

of the five regular expression tests and that at least one fails because

of the length. Display whether each password in the $Passwords array

was strong enough, and display the test or tests that a password failed

if it is not strong enough. Save the script as PasswordStrength.php.

Discovery Projects

The Chinese zodiac site is a comprehensive project that will be

updated in the Discovery Projects section at the end of each chapter.

All files for the site will be saved in a folder named ChineseZodiac in

the root Web folder on the server.

Discovery Project 3-1

Create a new text document in your text editor and include home_

links_bar.inc at the top of the file. Remember that you will need to

insert a PHP script section to insert the include file.

Insert the text from the ChineseZodiac.txt file that you researched in

Discovery Project 1-3. Format the text using XHTML formatting tags

or style it with CSS style definitions. Save the file as inc_chinese_

zodiac.php and upload it to the Includes folder in the ChineseZodiac

folder on the server. A link to this file will be added in Discovery

Project 4-5.

181

Discovery Project 3-2

Create a new text document in your text editor and include home_

links_bar.inc at the top of the file. Remember that you will need to

insert a PHP script section to insert the include file.

Insert content describing the role of PHP in Web development and

why it has become the highest-rated tool in the Web developer’s

toolkit. Format the text using XHTML formatting tags or style it with

CSS style definitions.

Save the file as inc_php_info.php and upload the file to the Includes

folder in the ChineseZodiac folder on the server. A link to this file will

be added in Discovery Project 4-5.

Discovery Project 3-3

In your text editor, use XHTML scripting to create a text links bar

with two text links: PHP and Chinese Zodiac. Format the text using

XHTML formatting tags or style it with CSS style definitions. These

links will be enabled in Discovery Project 4-5. Save the file as inc_

home_links_bar.php and upload the file to the Includes folder in the

ChineseZodiac folder on the server. A link to this file will be added in

the Discovery Projects in Chapter 4.

Discovery Project 3-4

The levenshtein() function and the similar_text() function both

calculate the difference between two strings. Because they use dif-

ferent algorithms, they can come up with different answers. In this

Manipulating Strings

project, you create a script that illustrates the differences by finding

the most similar Chinese zodiac sign names using the two functions.

1.

182

Create a new document in your text editor.

Type the <!DOCTYPE> declaration, <html> element, document

head, and <body> element. Use the strict DTD and “Similar

Names” as the content of the <title> element.

Add the following text, elements, and PHP script section to

the document body:

<h1>Similar Names</h1><hr />

<?php

?>

2.

3.

4.

In the script section, declare the $SignNames array and vari-

ables to track the smallest value from the levenshtein() func-

tion and the largest value from the similar_text() function.

Note that the levenshtein() function returns the number

of differences, so a small return value indicates that the two

strings are similar, while a large return value indicates that

the two strings are different. In contrast, the similar_text()

function returns the number of matching characters, so a small

return value indicates that the two strings are different, while a

large return value indicates that the two strings are similar.

$SignNames = array(

"Rat",

When search-

5.

Add the following nested for loops to the end of the script

section. The initial value and conditional of each for loop are

designed so that each element of the array will be compared once

to every other element of the array. Within the inner for loop,

you retrieve the value from the levenshtein() function for each

pair of names and compare the returned value to the smallest

value found so far. If the returned value is smaller, this pair of

names is closer, so you store the returned value as the smallest

value found so far and save the pair of names associated with

that value. You then do the same thing with the similar_text()

function, except that you test for the largest value.

for ($i=0; $i<11; ++$i) {

for ($j=$i+1; $j<12; ++$j) {

183

6.

Add the following code to the end of the script section to dis-

play the pairs of words that the functions determined are the

most similar.

echo "<p>The levenshtein() function has determined that

"$LevenshteinWord1" and

7.

Save the document as SimilarNames.php in the

ChineseZodiac directory and upload the file to the server.

Open SimilarNames.php in your Web browser by entering the

following URL:

http://<yourserver>/ChineseZodiac/SimilarNames.php.

Figure 3-22 shows the output.

8.

Manipulating Strings

184

Figure 3-22

Output of SimilarNames.php

9.

Close your Web browser window.

Discovery Project 3-5

In this project, you will create a script that determines which of the

12 Chinese zodiac sign names can be made using the letters in each

of a set of phrases.

1.

2.

Create a new document in your text editor.

Type the <!DOCTYPE> declaration, <html> element, docu-

ment head, and <body> element. Use the strict DTD and

“Embedded Words” as the content of the

Add the following text, elements, and PHP script section to

the document body:

<h1>Embedded Words</h1><hr />

<?php

?>

3.

4.

In the script section, declare the $Phrases and $SignNames

arrays as follows:

$Phrases = array(

"Your Chinese zodiac sign tells a lot about

"Snake",

"Horse",

"Goat",

"Monkey",

"Rooster",

"Dog",

"Pig");

185

5.

Add a function named BuildLetterCounts(). The first state-

ment converts all of the letters in the string to uppercase. The

second statement uses the count_chars() function to create

an array of the counts of the 256 ASCII characters. The final

statement returns the newly created array.

function BuildLetterCounts($text) {

$text = strtoupper($text);

6.

Add a function named AContainsB(). The function takes

two arrays created by the BuildLetterCounts() function

from Step 5. First, a default return value (TRUE) is set, then the

ord() function is used to get the ASCII values of the first and

last capital letters (‘A’ and ‘Z’). These values define the range of

characters that need to be tested. Finally, you use a for loop

to check the counts for each uppercase letter. At any iteration,

if the count for the current character from array $A is less

than the count for the current character from array $B, the

word cannot be made from the letters in the phrase, so the

return value is set to FALSE.

function AContainsB($A, $B) {

$retval = TRUE;

return $retval;

}

7.

Create a foreach loop to step through each of the phrases.

Use the BuildLetterCounts() function to create an array of

the counts of the ASCII characters in the phrase. Initialize a

list of the words that can be made as the $GoodWords array,

Manipulating Strings

and a list of the words that cannot be made as the $BadWords

array.

foreach ($Phrases as $Phrase) {

$PhraseArray = BuildLetterCounts($Phrase);

186

8.

Immediately after initializing the $BadWords array, create an

inner foreach loop to step through each of the sign names.

Use the BuildLetterCounts() function to create an array

of the counts of the ASCII characters in the sign name. Use

the AContainsB() function to determine if the sign name

(B) can be made with the letters in the phrase (A). If the

AContainsB() function returns TRUE, add the sign name to

the $GoodWords array. If the AContainsB() function returns

FALSE, add the sign name to the $BadWords array.

foreach ($SignNames as $Word) {

$WordArray = BuildLetterCounts($Word);

9.

After the inner foreach loop, add the following code to dis-

play the list of words that can and cannot be made from the

phrase.

echo "<p>The following words can be made from

the letters in the phrase

10. Save the document as EmbeddedWords.php in the

ChineseZodiac directory and upload the file to the server.

11. Open EmbeddedWords.php in your Web browser by entering

the following URL:

187

Figure 3-23

Output of EmbeddedWords.php

12. Close your Web browser window.

Links to

Handling User Input

In this chapter, you will:

Learn about autoglobal variables

Build XHTML Web forms

Process form data

Handle submitted form data

Create an All-in-One form

Display dynamic data based on a URL token

4

Two of the most common ways that PHP interfaces with the user are

by accessing values from fill-in forms that are submitted to a PHP

script and by handling events, such as dynamically displaying pages

when the user clicks a hyperlink. The data needed to process these

interactions is stored in PHP autoglobals.

189

Using Autoglobals

PHP includes various predefined global arrays, called autoglobals

or superglobals, which contain client, server, and environment

information that you can use in your scripts. Table 4-1 lists the PHP

autoglobals.

Array

$_COOKIE

$_ENV

$_FILES

$_GET

$_POST

$_REQUEST

$_SERVER

$_SESSION

$GLOBALS

Description

An array of values passed to the current script as HTTP cookies

An array of environment information

An array of information about uploaded files

An array of values from a form submitted with the “get” method

An array of values from a form submitted with the “post” method

An array of all the elements in the $_COOKIE, $_GET, and $_POST arrays

An array of information about the Web server that served the current script

An array of session variables that are available to the current script

An array of references to all variables that are defined with global scope

PHP autoglobals

You will work

with most

of the

autoglobals

in later

chapters.

Table 4-1

Autoglobals are associative arrays, which are arrays whose elements

are referred to with an alphanumeric key instead of an index number.

An example of an associative array is a list of a company’s payroll

information that uses each employee’s last name instead of an index

number to refer to elements in the array. To refer to an element in

an associative array, you place an element’s key in single or double

quotation marks inside the array brackets. For example, the follow-

ing statements display three elements of the $_SERVER autoglobal.

The $_SERVER["SCRIPT_NAME"] element displays the path and name

of the current script, the $_SERVER["SERVER_SOFTWARE"] element

displays the name of the server software that executed the script, and

the $_SERVER["SERVER_PROTOCOL"] element displays the server pro-

tocol that was used to request the script. Figure 4-1 shows the output.

echo "<p>The name of the current script is ",

$_SERVER["SCRIPT_NAME"], "<br />";

echo "This script was executed with the following server

software: ", $_SERVER["SERVER_SOFTWARE"], "<br />";

You will learn

how to create

associative

arrays in

Chapter 6.

Handling User Input

190

Figure 4-1

You can

The

Most

Output of a script that references the $_SERVER autoglobal

As shown in the previous example, the $_SERVER autoglobal contains

information about the Web server and the PHP scripting engine, as

well as detailed information about the current Web page request. The

elements that are available with the $_SERVER autoglobal depend on

the Web server that executes the PHP script.

You can use the $_SERVER["SCRIPT_NAME"] element to include the

full URL path and script name of the current script. This is useful

when creating a link back to the current page, either as the action

attribute of an All-in-One Web form or as a link to a different view

of a Web page template. Both options are discussed later in this

chapter. Use of the similar $_SERVER["PHP_SELF"] element should

be avoided because it includes any additional path information

appended to the URL. Attackers can take advantage of this addi-

tional path information to insert dangerous XHTML code into your

Web page. The $_SERVER["SCRIPT_NAME"] element does not include

additional path information, so hackers cannot use this method to

attack your Web site.

The $_ENV autoglobal contains the environmental variables set for

the operating system on the machine that hosts the Web server.

Environmental variables are variables that programs use to interact

with the system. Unlike the $_SERVER autoglobal, which contains a

predefined list of elements, the $_ENV elements change depending on

the operating system and the machine’s configuration.

As mentioned in Chapter 2, you must use the global keyword to

reference a global variable within the scope of a function. You can

also use the $GLOBALS autoglobal array to refer to the global version

of a variable from inside a function. To refer to a global variable with

the $GLOBALS autoglobal, you use the variable’s name as the key in

single or double quotation marks inside the array brackets. The fol-

lowing example shows a modified version of the script containing the

scopeExample() function you saw in Chapter 2. In this example, the

script references $GlobalVariable using the $GLOBALS autoglobal

instead of the global keyword.

<?php

$GlobalVariable = "Global variable";

function scopeExample() {

echo "<p>" . $GLOBALS["GlobalVariable"] . "</p>";

When using

191

The $_GET, $_POST, and $_REQUEST autoglobals contain data entered

in Web forms and URL tokens. All of these are discussed in greater

detail later in this chapter. The $_FILES autoglobal contains data

about files uploaded to the server using Web forms, as you will learn

in Chapter 5. The $_COOKIE and $_SESSION autoglobals contain dif-

ferent types of state information, which are explained in Chapter 9.

For more information on any of the autoglobals, see the online PHP

documentation at http://www.php.net/docs.php.

Short Quiz

1.

Which element of the $_SERVER autoglobal is used to refer to

the current script?

What keyword is used to reference a global variable within

the scope of a function?

Autoglobals are considered associative arrays. True or False?

2.

3.

Building XHTML Web Forms

Web forms are Web pages with interactive controls that allow users to

enter data in text input boxes, select an option from a drop-down list,

or choose a response from a check box or radio button control. Web

forms also provide a method for electronically submitting the form

data entered by the user to a program on the server that processes the

user’s input.

Web forms are used whenever the server requires information from

the user. For e-commerce sites, order processing and billing are

accomplished via Web forms. Web forms allow visitors to subscribe

to a mailing list or newsletter. Search engine sites use Web forms to

allow visitors to enter search keywords.

A Web form is a standard XHTML page. The only difference is that a

Web form requires a <form> section that contains XHTML markup,