What
is Magic Constant?
PHP provides a large number of predefined
constants to any script which it runs.There are seven magical constants that
change depending on where they are used. For example, the value of __LINE__
depends on the line that it's used on in your script. These special constants
are case-insensitive and are as follows:
Name
|
Description
|
__LINE__
|
The current line number of the file.
|
__FILE__
|
The full path and filename of the file.
If used inside an include, the name of the included file is returned. Since
PHP 4.0.2, __FILE__ always contains an absolute path with symlinks resolved
whereas in older versions it contained relative path under some
circumstances.
|
__DIR__
|
The directory of the file. If used inside
an include, the directory of the included file is returned. This is
equivalent to dirname(__FILE__). This directory name does not have a trailing
slash unless it is the root directory. (Added in PHP 5.3.0.)
|
__FUNCTION__
|
The function name. (Added in PHP 4.3.0)
As of PHP 5 this constant returns the function name as it was declared
(case-sensitive). In PHP 4 its value is always lowercased.
|
__CLASS__
|
The class name. (Added in PHP 4.3.0) As
of PHP 5 this constant returns the class name as it was declared
(case-sensitive). In PHP 4 its value is always lowercased.
|
__METHOD__
|
The class method name. (Added in PHP
5.0.0) The method name is returned as it was declared (case-sensitive).
|
__NAMESPACE__
|
The name of the current namespace
(case-sensitive). This constant is defined in compile-time (Added in PHP
5.3.0).
|
What
is Magic Methods?
The function names __construct(),
__destruct(), __call(), __callStatic(), __get(), __set(), __isset(), __unset(),
__sleep(), __wakeup(), __toString(), __invoke(), __set_state() and __clone()
are magical in PHP classes. You cannot have functions with these names in any
of your classes unless you want the magic functionality associated with them.
What
is Magic Quotes?
This feature has been DEPRECATED as of PHP 5.3.0.
Relying on this feature is highly discouraged.
When
ON, all ' (single-quote), "
(double quote), \ (backslash) and NULL characters are escaped with a backslash
automatically. This is identical to what addslashes()
does.
There
are three magic quote directives:
magic_quotes_gpc Affects HTTP
Request data (GET, POST, and COOKIE). Cannot be set at runtime, and defaults to
on in PHP. See also get_magic_quotes_gpc().
magic_quotes_runtime If enabled, most
functions that return data from an external source, including databases and
text files, will have quotes escaped with a backslash. Can be set at runtime,
and defaults to off in PHP. See also set_magic_quotes_runtime() and
get_magic_quotes_runtime().
magic_quotes_sybase If enabled, a
single-quote is escaped with a single-quote instead of a backslash. If on, it
completely overrides magic_quotes_gpc. Having both directives enabled means
only single quotes are escaped as ''. Double quotes, backslashes and NULL's
will remain untouched and unescaped. See also ini_get() for retrieving its
value.
What
is register global?
This
feature has been DEPRECATED as of PHP 5.3.0.
Relying on this feature is highly discouraged.
A common
security problem with PHP is the
register_globals
setting in PHP's configuration file (php.ini
). This
setting (which can be either On or Off)
tells whether or not to register the contents of the EGPCS (Environment, GET,
POST, Cookie, Server) variables as global variables. For example, if register_globals
is on, the url http://www.example.com/test.php?id=3
will
declare $id
as a global variable with no code required. Similarly, $DOCUMENT_ROOT
would also be defined, since it is part of
the $_SERVER
'superglobal' array. These two examples are
the equivalent of placing the following code at the beginning of a script:$id = $_GET['id'];
$DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];
This
feature is a great security risk, and you should ensure that
register_globals
is Off for all scripts (as of PHP 4.2.0 this
is the default). It's preferred to go through PHP Predefined Variables instead,
such as the superglobal $_REQUEST. Even more secure is to further specify by
using: $_ENV, $_GET, $_POST, $_COOKIE, or $_SERVER instead of using the more
general superglobal $_REQUEST.
How can we parse URL?
mixed = parse_url ( string $url [, int
$component = -1 ] )
$url = The URL to parse. Invalid characters
are replaced by _.
$component = Specify one of PHP_URL_SCHEME,
PHP_URL_HOST, PHP_URL_PORT, PHP_URL_USER, PHP_URL_PASS, PHP_URL_PATH,
PHP_URL_QUERY or PHP_URL_FRAGMENT to retrieve just a specific URL component as
a string .
<?php
$url
=
'http://username:password@hostname/path?arg=value#anchor'
;
print_r
(
parse_url
(
$url
));
echo
parse_url
(
$url
,
PHP_URL_PATH
);
?>
Array
(
[scheme] => http
[host] => hostname
[user] => username
[pass] => password
[path] => /path
[query] => arg=value
[fragment] => anchor
)