I was working on PHP Data Object (PDO) . But i saw that PDOstatement::rowCount()  does not return row number for mysql when u use the SELECT command . Then i found this function to get the row number after a SELECT query .

<?
function getRowCount($sql)
{
$sql = trim($sql);
$sql = preg_replace(’~^SELECT\s.*\sFROM~s’, ‘SELECT COUNT(*) FROM’,
$sql);
$sql = preg_replace(’~ORDER\s+BY.*?$~sD’, ”, $sql);
$stmt = $dbh->query($sql);
$r = $stmt->fetchColumn(0);
$stmt->closeCursor();
return $r;
}
?>

Now call it like this

$sql = “SELECT name,email FROM user where userid=’$id’ “;
$totalBooks = getRowCount($sql);

This will return the effected row after the SELECT command .

No new post for this month ! I’m damn busy with my exam so i cant post new topics here.I’ll be back soon.I just got my new mobile. Its Sony Ericsson k750i.Its not a new model but i love it so much.Few pictures below and the full information about the set is here.

Last day one of my friend came to me.He was facing a problem (he solved later).Here is his problem –
The Bangla/Unicode data become ?????? in his page.

I’m gonna tell u today step-by-step what u need to do if u wanna develop Bangla/Unicode based Web App.

#1 . First make the database with CHARACTER utf8 and collation_connection =’utf8_general_ci’
#2 . Make the Tables with same configuration.
#3 . When u connect the database use following 2 lines just below the mysql_select_db()

mysql_query(’SET CHARACTER SET utf8′);
mysql_query(”SET SESSION collation_connection =’utf8_general_ci’”);

#4 . Set the META-TAG as “Content-Type: text/html; charset=UTF-8″

Thats it u r done.Here is a sample page what will show data from database

<?
header(’Content-Type: text/html; charset=UTF-8′); //As its php page i dont need the meta-tag so i need to send a header .

mysql_connect(’localhost’,'xxxxx’,'xxxxxx’) or die(’Error In connection’);
mysql_select_db(’test’) or die(’Error In connection(DB)’);

mysql_query(’SET CHARACTER SET utf8′);
mysql_query(”SET SESSION collation_connection =’utf8_general_ci’”);

$re = mysql_query(”SELECT * FROM test”) or die(’Query Problem’);
while($row = @mysql_fetch_assoc($re))
echo $row['name'].PHP_EOL;
?>

phpMyAdmin এর বাংলা ভার্সন রিলিজ হল । আমি ও জয় কাজটি করলাম । আমি অন্য কাজে ব্যাস্ত থাকায় বেশী সময় দিতে পারিনি । জয় বেশী সময় দিয়েছে । আজ phpMyAdmin থেকে মেইল পেলাম , ওরা ৩য় ভার্সন থেকে phpMyAdmin এর অন্যান্য ভাষার পাশাপাশি বাংলাকে ও রাখবে । কিন্তু যদি কেউ এখনি ব্যাবহার করতে চান তবে এখান থেকে ডউনলোড করতে পারেন । তবে সেটিং একটু ঝামেলার । প্রথমে ফাইলটি আনজিপ করুন bangla-utf-8.inc.php ফাইলটি কপি করে phpMyAdmin এর lang ফোল্ডারে পেষ্ট করুন । তারপর phpMyAdmin\libraries ফোল্ডারের select_lang.lib.php ফাইলটি এডিট করতে হবে । Azerbaijani ভাষার নীচে , নীচের লাইনটি যোগ করুন

‘bngla-utf-8′ => array(’bn|bangla’, ‘bangla-utf-8′, ‘bn’, ‘বাংলা’),

ব্যাস কাজ শেষ । এবার phpMyAdmin খুলে ভাষা হিসেবে বাংলাকে বাছাই করুন ।

Today one of my friend ask me how can he load the data automatically after a few secs . Let me make it clear.He want to do something which will help the user.The user dont have to refresh his/her page.It’ll refresh and update it self.

For this you need AJAX.Here is a little example of this.I used 3 files here.
#1 index.php

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″ />
<title>Ajax Auto Update Example</title>
<script src=”AJAX.JS”></script>
<style type=”text/css”>
<!–
.style1 {font-family: Verdana, Arial, Helvetica, sans-serif}
–>
</style>
</head>

<body onload=”show()”>
<table width=”561″ height=”174″ border=”0″ align=”center” cellpadding=”3″ cellspacing=”2″>
<tr>
<td height=”34″><div align=”center”><span class=”style1″>The Space Below will be update auto. </span></div></td>
</tr>
<tr>
<td><div id=”auto”></div></td>
</tr>
</table>
</body>
</html>

#2 ajax.js

var xmlHttp

function show()
{

//Show Loading Massage
document.getElementById(”auto”).innerHTML=”<h3 style=\”color:#FF0000\”>Loading……</h3>”;

xmlHttp=GetXmlHttpObject()
if (xmlHttp==null)
{
alert (”Your browser does not support AJAX!”);
return;
}
var url=”show.php”;
xmlHttp.onreadystatechange=stateChanged;

//Get the value from show.php page.I use GET method here.You can use what u want GET/POST

xmlHttp.open(”GET”,url,true);
xmlHttp.send(null);

//This page will refresh it self after 2 sec.If u chage the value ‘2000′ the time will be changed .
setTimeout(’show()’,2000);

}

function stateChanged()
{
if (xmlHttp.readyState==4)
{
//Below line show the server responce on the index.php page.
document.getElementById(”auto”).innerHTML=xmlHttp.responseText;
}
}

function GetXmlHttpObject()
{
var xmlHttp=null;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject(”Msxml2.XMLHTTP”);
}
catch (e)
{
xmlHttp=new ActiveXObject(”Microsoft.XMLHTTP”);
}
}
return xmlHttp;
}

#3 show.php

<?php

//If u use data from the database use necessery code here.I just show the current BD time in the page.

$am=’AM’;

$time = localtime();

$hour = $time[2]+6;

if($hour>=12)

$am=’PM’;

$hour%=12;

echo “<h3 style=\”color:#009900\”>Now Time is–$hour:$time[1]:$time[0]-$am</h3>”;

?>

Note : You can make ur site like www.gopsop.com and www.crickinfo.com.

I was reading Hasin Bhai’s New book Object Oriented Programming with PHP5.In chapter 2 i got a nice example of OOP.Its a word counter.Its a nice tool actually and pretty little too.Here is that example.

<?
class WordCounter
{
const ASC=1;  //you need not use $ sign before Constants
const DESC=2;
private $words;
function __construct($filename)
{
$file_content = file_get_contents($filename);
$this->words =
(array_count_values(str_word_count(strtolower
($file_content),1)));
}
public function count($order)
{
if ($order==self::ASC)
asort($this->words);
else if($order==self::DESC)
arsort($this->words);
foreach ($this->words as $key=>$val)
echo $key .” = “. $val.”<br/>”;
}
}
?>

popup menus are very popular now a days.There are many software which helps us to create popup menus.Those software use a JavaScript file.But the main problem is its really tough to edit that JS file without that software.And one software doesn’t support another software’s files.So i was looking for some simple script which will helps me understand and what can i change when ever i want.Then i found a nice solution its based on CSS and javaScript.It is using visibility property.Here is an example.

<div id="MENU"
  style="position:relative; width:80px; text-align:center;
  background-color:#DC6000; color:#FFFFFF; cursor:hand"
    onmouseover="document.getElementById('ITEMS').style.visibility='visible'"
    onmouseout="document.getElementById('ITEMS').style.visibility='hidden'">
      Menu
</div>

<div id="ITEMS"
style="position:relative; visibility:hidden; width:80px; text-align:center;
background-color:#DEB887; color:#FFFFFF"
  onmouseover="this.style.visibility='visible'"
  onmouseout="this.style.visibility='hidden'">

  <div style="background-color:#DEB887"
    onmouseover="this.style.backgroundColor='#9D4602'"
    onmouseout="this.style.backgroundColor='#DEB887'"
    onclick="location='url'">
      Menu Item 1
  </div>
  <div style="background-color:#DEB887"
    onmouseover="this.style.backgroundColor='#9D4602'"
    onmouseout="this.style.backgroundColor='#DEB887'"
    onclick="location='url'">
      Menu Item 2
  </div>
  <div style="background-color:#DEB887"
    onmouseover="this.style.backgroundColor='#9D4602'"
    onmouseout="this.style.backgroundColor='#DEB887'"
    onclick="location='url'">
      Menu Item 3
  </div>

</div>

<p>Other page content...</p>

Just copy and paste the code inside a HTML file and watch :).

Version controlling is very important now.Almost all the developers (web app/desktop) have to know it.Subversion is software which helps us in version controlling.Who dont know what is Subversion please read this.

BTW i was looking a short and nice tutorial on subversion .But i didnt got any . Then Aman Bhai helps me to start with svn . Here is the mail he sent me as a tutorial ..

Lets start from the beginning.

First you need a repository. What is it… practically its a folder on a pc that subversion (svn now on) uses as the database. This
database manages version information. (skipping user/security, svn uses file system or dbms backend, default is fs).
Now if you want to enable versioning with svn you must have to import that project folder into a repository.

After importing a project folder into a repository, you MUST checkout (download ) it from that repository. It may sound weird. But think of a remote
user, at least s/he has to checkout the project first right ? and you are nothing but a user to svn

so, lets come back to using tortoise. If you want to checkout a project from a remote site, say a google code hosted project. you just right click on the folder where you want to checkout. select tortoisesvn->import. Copy the svn url from the browser and paste to URL of repository: field. click ok, you will find the project is downloading… and done. now, modify any source and right click and select svn commit. Dont forget to svn update first before any commit.

now,. say you are not going to use any remote project. rather you like to use svn as your local versioning. in that case you frirst create a folder that you want to use the repository. say, you created a folder named REPO. right click on the folder and select TortoiseSVN->Create repository here… an option will appear. select Native filesystem (FSFS). done… you have created a repository successfully.

Now, right click on the project folder that you want to maintain versioning and select TortoiseSVN->import. click on the … button and select your repository folder i.e. REPO folder you have just created. say, it is like file://D:/REPO, now enter as file://D:/REPO/myproject.
Thus you can use same repo for multiple projects.
দেখবে যে তোমার প্রোজক্ট ইম্পোর্ট হয়ে গেছে under myproject folder in the REPO repository.

now, comes the funny part, YOU HAVE TO CHECKOUT THIS PROJECT AGAIN :).
Create a folder name it …say… Workspace. Now enter into the folder.
right click.
TortoiseSVN->Repo browser
select your REPO folder.
You will find myproject folder in the tree.
select it.

now, checkout.

Note : This is using TortoiseSVN .

Few days ago i was thinking how can i rewrite the url ? Then i ask phpxperts and they replay me that mod re_write can do that work.Then i was looking for some mod re_write example.And got a nice one.Here it is I’m shearing with u all.

so, what is mod_rewrite for?

Simply, mod_rewrite is used for rewriting a URL at the server level, giving the user output for that final page. So, for example, a user may ask for http://www.somesite.com/widgets/blue/, but will really be given http://www.somesite.com/widgets.php?colour=blue by the server. Of course, the user will be none the wiser to this little bit of chicanery. .

What do I need to get mod_rewrite working?

There’s pretty much only one thing you’ll need to get mod_rewrite working for you, and that’s to have the mod_rewrite module installed on your Apache server!

For the purpose of this article, I’m going to assume that you don’t have access to view or edit the Apache server httpd.conf file, so the easiest way to check whether the mod_rewrite module is installed will be to look on your phpinfo page. If you’ve not already created one of these for yourself, just copy and paste the following code into an new text file using your favourite text editor, save it as phpinfo.php, and upload it to your server:

<?php phpinfo(); ?>

Load that page up in your web browser, and perform a search for “mod_rewrite”. All being well, you’ll find it in the “Apache loaded modules” section of the page. If it isn’t there, you’ll have to contact your hosting company and politely ask them to add it to the Apache configuration.

Assuming the mod_rewrite module is loaded, then you’re good to go!

A simple mod_rewrite example

So, let’s write a simple mod_rewrite example. This isn’t going to be anything fancy; we’re just going to redirect people who ask for alice.html to the page bob.html instead. First, let’s create the Alice and Bob pages. Below is Alice’s webpage - create a similar one for Bob.

<html>
   <head>
      <title>Alice's webpage</title>
   </head>
   <body>
      <p>
         This is Alice's webpage
      </p>
   </body>
</html>

Upload both of these to your web server, and check that you can view both of them. Now comes the fun - we’re going to add a couple of lines to your .htaccess file. The .htaccess file is a text file which contains Apache directives. Any directives which you place in it will apply to the directory which the .htaccess file sits in, and any below it. To ours, we’re going to add the following:

RewriteEngine on
RewriteRule ^alice.html$ bob.html

Upload this .htaccess file to the same directory as alice.html and bob.html, and reload Alice’s page. You should see Bob’s page being displayed, but Alice’s URL. If you still see Alice’s page being displayed, then check you’ve followed the instructions correctly (you may have to clear your cache). If things still aren’t working for you, then contact your technical support people and ask them to enable mod_rewrite and the FileInfo override in their httpd.conf file for you

The structure of a RewriteRule

RewriteRule Pattern Substitution [OptionalFlags]

The general structure of a RewriteRule is fairly simple if you already understand regular expressions. This article isn’t intended to be a tutorial about regular expressions though - there are already plenty of those available. RewriteRules are broken up as follows:

RewriteRule

This is just the name of the command.

Pattern

A regular expression which will be applied to the “current” URL. If any RewriteRules have already been performed on the requested URL, then that changed URL will be the current URL.

Substitution

Substitution occurs in the same way as it does in Perl, PHP, etc.

You can include backreferences and server variable names (%{VARNAME}) in the substitution. Backreferences to this RewriteRule should be written as $N, whereas backreferences to the previous RewriteCond should be written as %N.

A special substitution is -. This substitution tells Apache to not perform any substitution. I personally find that this is useful when using the F or G flags (see below), but there are other uses as well.

OptionalFlags

This is the only part of the RewriteRule which isn’t mandatory. Any flags which you use should be surrounded in square brackets, and comma separated. The flags which I find to be most useful are:

· F - Forbidden. The user will receive a 403 error.

· L - Last Rule. No more rules will be proccessed if this one was successful.

· R[=code] - Redirect. The user’s web browser will be visibly redirected to the substituted URL. If you use this flag, you must prefix the substitution with http://www.somesite.com/, thus making it into a true URL. If no code is given, then a HTTP reponse of 302 (temporarily moved) is sent.

A full list of flags is given in the Apache mod_rewrite manual.

A slightly more complicated mod_rewrite example

Let’s try a slightly more meaty example now. Suppose you have a web page which takes a parameter. This parameter tells the page how to be displayed, and what content to pull into it. Humans don’t tend to like remembering the additional syntax of query strings for URLs, and neither do search engines. Both sets of people seem to much prefer a straight URL, with no extra bits tacked onto the end.

In our example, you’ve created a main index page with takes a page parameter. So, a link like index.php?page=software would take you to a software page, while a link to index.php?page=interests would take you to an interests page. What we’ll do with mod_rewrite is to silently redirect users from page/software/ to index.php?page=software etc.

The following is what needs to go into your .htaccess file to accomplish that:

RewriteEngine on
RewriteRule ^page/([^/\.]+)/?$ index.php?page=$1 [L]

Let’s walk through that RewriteRule, and work out exactly what’s going on:

^page/

Sees whether the requested page starts with page/. If it doesn’t, this rule will be ignored.

([^/.]+)

Here, the enclosing brackets signify that anything that is matched will be remembered by the RewriteRule. Inside the brackets, it says “I’d like one or more characters that aren’t a forward slash or a period, please”. Whatever is found here will be captured and remembered.

/?$

Makes sure that the only thing that is found after what was just matched is a possible forward slash, and nothing else. If anything else is found, then this RewriteRule will be ignored.

index.php?page=$1

The actual page which will be loaded by Apache. $1 is magically replaced with the text which was captured previously.

[L]

Tells Apache to not process any more RewriteRules if this one was successful.

Let’s write a quick page to test that this is working. The following test script will simply echo the name of the page you asked for to the screen, so that you can check that the RewriteRule is working.

<html>
   <head>
      <title>Second mod_rewrite example</title>
   </head>
   <body>
      <p>
         The requested page was:
         <?php echo $_GET['page']; ?>
      </p>
   </body>

RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://(www\.)?somesite.com/.*$ [NC]RewriteRule \.(gif|jpg|png)$ http://www.somesite.com/nasty.gif [R,L]

</html>

Again, upload both the index.php page, and the .htaccess file to the same directory. Then, test it! If you put the page in http://www.somesite.com/mime_test/, then try requesting http://www.somesite.com/mime_test/page/software. The URL in your browser window will show the name of the page which you requested, but the content of the page will be created by the index.php script! This technique can obviously be extended to pass multiple query strings to a page - all you’re limited by is your imagination.

Conditional Statements and mod_rewrite

But what happens when you start getting people hotlinking to your images (or other files)? Hot linking is the act of including an image, media file, etc from someone else’s server in one of your own pages as if it were your own. Obviously, as a webmaster, there are plenty of times when you don’t want people doing that. You’ll almost certainly have seen examples where someone has linked to one image on a website, only for a completely different, “nasty” one to be shown instead. So, how is this done?

It’s pretty simple really. All it takes are a couple of RewriteCond statements in your .htaccess file.

RewriteCond statements are as they sound - conditional statements for RewriteRules. The basic format for a RewriteCond is RewriteCond test_string cond_pattern. For our purpose, we will set the test_string to be the HTTP_REFERER. If the test string is neither empty nor our own server, then we will serve an alternative (low bandwidth) image, which tells the person who is hotlinking off for stealing our bandwidth.

Here’s how we do that:

Here, the RewriteRule will only be performed if all the preceeding RewriteConds are fulfilled. In the second RewriteCond, [NC] simply means “No Case”, so it doesn’t matter whether the domain name was written in upper case, lower case or a mixture of the two. So, any requests for gif, jpg or png files from referers other than somesite.com will result in your “nasty” image being shown instead.

The [R,L] in the RewriteRule simply means “Redirect, Last”. So, the RewriteRule will visibly redirect output to “nasty.gif” and no more RewriteRules will be performed on this URL.

If you simply don’t want the hot linkers to see any image at all when they hot link to your images, then simply change the final line to RewriteRule \.(gif|jpg|png)$ - [F]. The - means “don’t rewrite the requested URL”, and the [F] means “Forbidden”. So, the hot linker will get a “403 Forbidden message”, and you don’t end up wasting your bandwidth.

Note : This is the original link .

I was looking for a nice tutorial on header() in php . The www.php.net/header is not enough.Actually if i have to learn any thing of php first i search it in www.php.net if i fail then some yahoo groups.But this time i cant get enough idea about header() then i google it and got nice tuto on header().Here is the link .And the tutorial is here

HTTP Headers and the PHP header() Function

A tutorial by NicholasSolutions

1. Introduction

2. Overview of HTTP Headers

3. PHP header(): The Basics

4. PHP header(): Some Examples

5. Request Headers in PHP

6. HTML Meta Tag HTTP Header Equivalents

7. Conclusion

Introduction

Many beginning and intermediate PHP programmers seem to think the header() function is some kind of strange voodoo. They work from examples and code snippets and are able to get things done with it, but they don’t know quite how it works. That was certainly the way I regarded header() the first time I saw it.

In reality, it’s quite simple. In this tutorial, I’ll explain a little about how HTTP headers work, how they relate to PHP, and a little about their meta tag equivalents.

Hopefully by the time you’re done reading this, you’ll feel more confident about how to use the header() function, and even have some new ideas about how it can help you. We’ll also cover some other important topics related to HTTP headers and PHP. Before we talk about any programming at all, though, we need to quickly (and incompletely) go over how HTTP (HyperText Transfer Protocol) works in general.

HTTP Overview

Headers: words in a conversation

HTTP is the protocol (the set of ‘rules’) for transferring data (e.g. HTML in web pages, pictures, files) between web servers and client browsers, and usually takes place on port 80. This is where the ‘http://‘ in website URLs comes from.

The first time most people make a web page, they write the HTML on their computer, view it locally in a browser, upload it to their server, and view it on the web. It might seem like viewing a page locally and viewing it on the server is exactly the same, and that the only data going back and forth between the server and the browser is the HTML and any images included in the page. But there is actually a lot of other information that you do not see when you view a file on the web — the headers.

Headers can be separated into two broad types: Request headers that your browser sends to the server when you request a file, and Response headers that the server sends to the browser when it serves the file. Think of these headers as the words in a conversation taking place between the browser and the server. I like to imagine the server as a librarian, and the browser as a researcher asking for a library resource. The browser walks up to the server at the main desk (port 80) and says something like, “Hi, my name is Mozilla, and I’m looking for the resource with the call number ‘www.expertsrt.com’. Can you get it for me?” The server listens, and responds “Yes, I found it, let me send it to you. The data in the item is HTML text, and it says ‘<html>…’” The browser reads through, and comes to an image tag, and asks the server for item with the location in the src attribute. The server looks, finds the file and says “This file is a PNG image, and the data is….” You get the idea.

Another conversation might go like this:

Browser: Hi, I’m Mozilla, can I have the file at ‘www.expertsrt.com/moved.html’?
Server: That file is no longer there, it is at ‘www.expertsrt.com/newloc.html’.
Browser: Hi, I’m Mozilla, can I have the file at ‘www.expertsrt.com/newloc.html’?
Server: I found the file. Look at it for 10 seconds and then ask me again. It’s HTML text and it reads….
…10 seconds…
Browser:> Hi, I’m Mozilla, can I have the file at ‘www.expertsrt.com/newloc.html’?
Server: I found the file. Look at it for 10 seconds and then ask me again. It’s HTML text and it reads….
…10 seconds…
Browser: Hi, I’m Mozilla, can I have the file at ‘www.expertsrt.com/newloc.html’?
Server: I found the file. Look at it for 10 seconds and then ask me again. It’s HTML text and it reads….
….and so on, until the browser is redirected by the user….

As you can see, there is a lot going on that headers control. Using the header() function, you can make the server send any headers that you need want, which allows you to do some really cool things beyond just sending plain old HTML.

Seeing the whole conversation

Before moving ahead, let’s get a better idea of how HTTP headers work by viewing a webpage without a browser, so we can see the converation in is entirety. Start by opening a command prompt (in windows, go to Start->Run, type cmd, and click “OK”…if you’re using linux you probably already know). At the prompt, type:

telnet expertsrt.com 80

and press Enter. This will connect you to expertsrt.com on port 80. Next, copy and paste just the text below:

GET / HTTP/1.1
Host: expertsrt.com

Don’t worry if when you type or paste the text, it does not show up in your command window and all you see is the cursor — it is indeed being sent to the server. The first line says you are using the GET request method to get the resource / (i.e. the file in the base directory of the host), and that you are using HTTP version 1.1. The second tells the server which host you want to connect to. When you finish typing ‘expertsrt.com’, hit Enter twice (and twice only). You should almost immediately get a response that looks like:

HTTP/1.1 301 Moved Permanently
Date: Wed, 08 Feb 2006 07:44:07 GMT
Server: Apache/2.0.54 (Debian GNU/Linux) mod_auth_pgsql/2.0.2b1 mod_ssl/2.0.54 OpenSSL/0.9.7e
Location: http://www.expertsrt.com/
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.expertsrt.com/">here</a>.</p>
</body></html>

Whoops! Looks like we requested a resource that wasn’t there; it’s been permanently moved to the new Location http://www.expertsrt.com. If you were using a browser, you’d only see the HTML — everything before the first blank line is the headers. In fact, modern browsers are even smarter than that — when they see the Location header on the third line, they automatically go there so you don’t have to type in a new URL. Let’s go to the new URL. By this point, you probably got disconnected while you were reading this. If so, just press your up arrow on the keyboard to get your telnet command back, and press enter to reconnect. If you’re still connected, you can just go ahead and type the following:

GET / HTTP/1.1
Host: www.expertsrt.com

and press Enter twice after the second line. You’ll get another similar response telling you that the page is actually at http://www.expertsrt.com/index.php. The server is particular, isn’t it? Repeat the above, but this time type

GET /index.php HTTP/1.1
Host: www.expertsrt.com

Notice that the name of the file we want is in the first line. This time we get flooded with text: the HTML from ERT’s homepage. The headers look like

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2006 08:20:07 GMT
Server: Apache/2.0.54 (Debian GNU/Linux) mod_auth_pgsql/2.0.2b1 mod_ssl/2.0.54 OpenSSL/0.9.7e
X-Powered-By: PHP/4.4.0
Transfer-Encoding: chunked
Content-Type: text/html

Simple, no?. Let’s move forward and see how this relates to your programming. Don’t worry if you didn’t understand every single thing that we just did. The important thing is to have a general feel for how the browser and server talk to each other, and to realize that there is nothing magic about it. The take home points are:

• The browser and the server talk to each other using headers
• Headers are sent before the main content, and are separated from the main content by a a double-CRLF/newline.
• In the header section, there is one header per line. The name of the header comes first, followed by a colon and a space, followed by the content/value of the header:

Header-Name: header-value

• Headers can contain many types of information and instructions that the server and browser use to help each other know what to do next

Note: If you’re the type who likes to really dig into the details, you can look at RFC 2616 for the complete HTTP/1.1 specification in all its glory. In particular, Section 14 offers a complete definition for each header field.

PHP header(): The Basics

Notice the response headers X-Powered-By: PHP/4.4.0 and Content-Type: text/html that were returned when we finally got to the homepage. PHP was designed from the beginning to output HTML (the ‘H’ in PHP stands for ‘Hypertext’), and the first time a script generates output (e.g. by using echo), PHP automatically includes those headers for you. This is very convenient, but also contributes to the confusion many PHP beginners have regarding headers — in more ‘bare bones’ languages like Perl that were not originally designed for the web, sending output without including your own headers produces the dreaded ‘500 Internal Server Error’, so Perl web programmers have no choice but to learn about headers immediately.

The header() function sends HTTP response headers; nothing more, nothing less.

Using this function, you can make your scripts send headers of your choosing to the browser, and create some very useful and dynamic results. However, the first thing you need to know about the header() function is that you have to use it before PHP has sent any output (and therefore its default headers).

I doubt there is a PHP programmer in the world who has never seen an error that looks like

Warning: Cannot modify header information - headers already sent by…..

As we said above, the response headers are separated from the content by a blank line. This means you can only send them once, and if your script has any output (even a blank line or space before your opening <?php tag), PHP does so without asking you. For example, consider the script below, which seems logical enough:

Welcome to my website!<br />
<?php
if($test){
echo “You’re in!”;
}
else{
header(‘Location: http://www.mysite.com/someotherpage.php’);
}
?>

What this script is trying to do is redirect the visitor using the Location header if $test is not true. Do you see the problem? The ‘Welcome…’ text gets sent no matter what, so the headers are automatically sent. By the time header() is called, it’s already too late: instead of getting redirected, the user will just see an error message (or if you have error reporting off, nothing but the ‘Welcome…’ text).

There are basically two solutions to this. The first is to rewrite the code

<?php
if($test){
echo ‘Welcome to my website<br />You’re in!’;
}
else{
header(‘Location: http://www.mysite.com/someotherpage.php’);
}
?>

The second is output buffering, which can be somewhat more elegant and easy to use. In our example above, rewriting the code wasn’t much trouble, but imagine if there had been quite a bit of HTML to move around — it could be pretty cumbersome, and it might make our code harder to follow. While our first example caused an error, the logic of the program was fine. Output buffering allows you to hold on to (’buffer’) output (even HTML outside of PHP code tags) and send it to the browser only when you explicitly say to do so. This way you can program however you would like to, and explicitly send the output after you’ve specified any headers you need to. The two relevant functiosns are ob_start(), which turns output buffering on, and ob_flush(), which sends the content that has accumulated in the buffer:

<?php
ob_start(); //begin buffering the output
?>
Welcome to my website!
<?php
if(true){
echo “You’re in!”;
}
else{
header(‘Location: http://www.mysite.com/someotherpage.php’);
}

ob_flush(); //output the data in the buffer
?>

I encourage you to read more about all of the output buffering functions, which can be quite useful. You should flush the output buffer as soon as possible, especially if you have quite a bit of content to send. Otherwise, your page will appear to load slower, becuase the content will be sent only after it has been entirely assembled, rather than as it is available.

Note: The 2nd argument If you call header() more than once for the same header field, the value for that header will be the one included in the last call you made. For example,

<?php
header(‘Some-Header: Value-1′);
header(‘Some-Header: Value-2′);
?>

would produce the header Some-Header: Value-2. You can cause both headers to be sent by using the second replace argument for header, which is true by default. If you set this to false, the second header value will not replace the first, and both will be sent. So the code

<?php
header(‘Some-Header: Value-1′);
header(‘Some-Header: Value-2′, false); //don’t replace the first value
?>

will produce the header Some-Header: Value-1, Value-2. You will rarely need this, but is good to know.

Armed with a good understanding of how HTTP headers and PHP work together, let’s look at some specific examples of using this functionality.

PHP header(): Some Examples

Note: The code snippets appearing below are just that: snippets from complete working code. When you you include them in your own programs, remember to define all your variables, assign default values, and adhere to other good programming practices.

Redirecting with the Location header

We’ve seen this one a couple times above: it redirects the browser.

<?php
header(‘Location: http://www.mysite.com/new_location.html’);
?>

While you can somtimes get away with supplying a relative URL for the value, according to the HTTP specification, you should really use an absolute URL.

One mistake that is easy to make with the Location header is not calling exit directly afterwards (you may not always want to do this, but usually you do). The reason this is a mistake is that the PHP code of the page continues to execute even though the user has gone to a new location. In the best case, this uses system resources unnecessarily. In the worst case, you may perform tasks that you never meant to. Consider the code below:

<?php
//Redirect users with access level below 4
if (check_access_level($username) < 4){
header(‘Location: http://www.mysite.com/someotherpage.php’);
}

//Mail users with higher access level the secret code
mail_secret_code($username);
echo ‘The secret email is on its way!’;
?>

Unauthorized users are indeed redirected, but in fact, they too will receive the email, because the script continues to run. To avoid this, the part for authorized users could be wrapped in an else{} statement, but it is cleaner and easier to call exit immediately after the header command to end the execution of the script:

<?php
//Redirect users with access level below 4
if (check_access_level($username) < 4){
header(‘Location: http://www.mysite.com/someotherpage.php’);
exit; //stop script execution
}

//Mail users with higher access level the secret code
mail_secret_code($username);
echo ‘The secret email is on its way!’;
?>

Redirecting with the Refresh header

The Refresh redirects users like the Location header does, but you can add a delay before the user is redirected. For example, the following code would redirect the user to a new page after displaying the current one for 10 seconds:

<?php
header(‘Refresh: 10; url=http://www.mysite.com/otherpage.php’);
echo ‘You will be redirected in 10 seconds’;
?>

Another common application is to force a page to update repeatedly by ‘redirecting’ to the current page (see the second ‘conversation’ above). For example, here is a simple page that will ‘count’ down from 10, with a 3 second pause between numbers:

<?php
if(!isset($_GET['n'])){
$_GET['n'] = 10;
}

if($_GET['n'] > 0){
header(‘Refresh: 3; url=’ . $_SERVER['PHP_SELF'].‘?n=’ . ($_GET['n']-1) );
echo $_GET['n'];
}
else{
echo ‘BLAST OFF!’;
}
?>

Note: If the refresh time is set to 0, then the Refresh header is effectively the same as the Location header.

Serving different types of files and generating dynamic content using the Content-Type header

The Content-Type header tells the browser what type of data the server is about to send. Using this header, you can have your PHP scripts output anything from plain text files to images or zip files. The table below lists frequently-used MIME types:

You can do several interesting things with this. For example, perhaps you want to send the user a pre-formatted text file rather than HTML:

<?php
header(‘Content-Type: text/plain’);
echo $plain_text_content;
?>

Or perhaps you’d like to prompt the user to download the file, rather than viewing it in the browser. With the help of the Content-Disposition header, it’s easy to do, and you can even suggest a file name for the user to use:

<?php
header(‘Content-Type: application/octet-stream’);
header(‘Content-Disposition: attachment; ‘
.‘filename=”plain_text_file.txt”‘);
echo $plain_text_content;
?>

Maybe you need to serve a file for download, but you’d like to obscure its true location and name, and only serve it to users who are logged in:

<?php
if($b_is_logged_in){
header(‘Content-Type: application/octet-stream’);
header(‘Content-Disposition: attachment; ‘
.‘filename=”‘.$different_filename.‘”‘);
readfile(‘/path/to/files/’ . $filename);
}
else{
echo ‘You are not authorized to view this file’;
}
?>

Perhaps you’ve dynamically generated an image using PHP’s image functions and you want to display it to the user. You could create a file build_image.php like this

<?php
//build the image above
header(‘Content-Type: image/jpeg’);
imagejpeg($image_resouce);
?>

Note: Beware of magic_quotes! PHP’s automatic escaping of special characters with a backslash may seem like a good idea at first, but most good programmers generally agree that it (a) encourages sloppy programming that does not validate input and (b) causes annoyances in well-written code that would not occur if “magic quoting” were turned off. One such annoyance is the corruption of binary data. In the example above, if magic_quotes_runtime is on, the data that readfile() outputs may have backslashes added to it, thus corrupting the file that is sent to the user. Ideally, you should turn magic_quotes_runtime off in your php.ini file to avoid this, but if you do not have access to the configuration file, you can also use the set_magic_quotes_runtime() function (pass is the 0 (zero) integer) to turn the setting off.

Happily, the minutes of a recent PHP Developer meeting show that they have decided to abandon magic quotes in future versions (6+) of PHP. Until everyone upgrades, however, keeping the problems this feature can cause in mind can save you quite a bit of trouble and frustration.
You might pass the parameters necessary to generate the image via the URL so you can access them in the $_GET array. Then in another page, you might include this image using an img tag:

<img src=”build_image.php<?php echo “?$user_id&$caption”; ?>“>

The possibilities are more or less endless. The more PHP programming you do, the more you will find that the Content-Type header truly is your friend.

Note: The way that browser are supposed to handle content of various MIME types, and the way they actually do may not always be consistent (especially with Internet Explorer), so you’re well-advised to test your pages in the browsers you need to support to make sure they behave as expected. The PHP Manual has many helpful tips in the user-contributed comments on the header() page.

Preventing Page Caching

PHP pages often generate very dynamic content, and to prevent users from missing updates by viewing cached pages, it is often helpful to be able to tell browsers not to cache certain pages. The following snippet works quite well on the browsers that are likely to visit your site:

<?php
header(‘Cache-Control: no-cache, no-store, must-revalidate’); //HTTP/1.1
header(‘Expires: Sun, 01 Jul 2005 00:00:00 GMT’);
header(‘Pragma: no-cache’); //HTTP/1.0
?>

The Expires header can be any date in the past. As with MIME types, browsers (especially older ones) may not always listen properly to your caching instructions (although most modern ones will).

Other Applications

There are other ways you can use headers as well, such as setting the HTTP Response Code, or in performing HTTP Authentication (if you are running PHP as an Apache module). Now that you understand how header() works and how to use it, you’ll be able to do all sorts of things you might not have thought of before.

Request Headers in PHP

We’ve covered some of the things you can do with response headers above. We can also get a great deal of information from the request headers received by the server from the browser. There are two ways to access these. First, many of the values in the $_SERVER array are determined from the request headers. Second, if PHP is installed as an Apache module, then apache_request_headers() will return an array of all request headers (even those not in $_SERVER).

Security first: don’t trust request headers

Since request headers are set by the browser, which is controlled by the client, you must never trust request headers for information that is important to the security of your site. A good example is the $_SERVER['HTTP_REFERER'] variable, which should hold the URL of the page that referred the user to the current one. A common mistake among beginners is to think that they can use this to make sure that users only access pages through a certain path, and that they therefore do not need to worry about server side data validation. For example, consider this code, which attempts to make sure that data has been submitted from a specific page, rather than a custom form on another website:

<?php
if($_SERVER['HTTP_REFERER'] != ‘http://www.mysite.com/myform.html’){
header(‘Refresh: 5; url=http://www.mysite.com/myform.html’);
echo ‘You must use the form on my site…redirecting now.’;
}
else{
insert_data($_POST['var1'], $_POST['var2']);
}
?>

This might work to deter an unsophisticated hacker who is using his web browser to submit data through a custom form, but someone who is a little more savvy could easily submit data via a telnet session like we did above, including the request header

Referer: http://www.mysite.com/myform.html

and easily defeat this ‘protection’. The moral of the story is: use HTTP request headers to gather statistics and to help make the user experience more pleasant — most request headers you receive will be supplied by standard browsers and will be entirely truthful…But do not rely on request headers for any issues pertaining to security.

Using HTTP request headers

There are several things you can do with these. Using $_SERVER['HTTP_USER_AGENT'] you can detect the type of browser the user says it has. You might check the $_SERVER['HTTP_ACCEPT_LANGUAGE'] (perhaps along with $_SERVER['HTTP_ACCEPT_CHARSET'] and some IP address geolocation) to help determine the best language in which to serve your pages to a given user. Although $_SERVER['HTTP_REFERER'] is not reliable for security purposes, it could be useful as an aid for building statistics about your website traffic or customizing content to match the path the user took to reach a given page. If for some reason you want to manipulate the raw query string used when the page was accessed, you can look in $_SERVER['QUERY_STRING']. Looking in $_SERVER['REQUEST_METHOD'] will tell you whether your page was accessed via GET or POST. There’s quite a bit of information there for you to find creative uses for.

HTML Meta Tag HTTP Header Equivalents

Chances are, before reading this article, you have seen or used the HTML meta tag below to redirect a user:

<meta http-equiv=”refresh” content=”0;http://www.mysite.com/somepage.html” />

Look familiar? The ‘http-equiv’ meta tags are ‘equivalent’ to HTTP response headers, and were introduced so that people writing HTML pages without server side programming would have access to the powerful functionality described above. Using these meta tags is simple: they can be placed anywhere in the <head> of the document, and their http-equiv attribute contains the header name, while the content attribute contains the value for the header.

I’ve found that these, like the HTTP headers in general, often produce confusion, but now they should seem quite simple to you. Although I usually prefer to use the PHP header() function, these meta tag HTTP header equivalents are often very handy for things like specifying the character set. For example, I often use this is my HTML pages (and sometimes my PHP ones):

<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />

Note: Support for HTTP headers as equivalet meta tags is not uniformally supported, so it is usually safer and faster to use the headers themselves if you can. Also, it should be obvious that some headers and values will not work as meta equivalents: you cannot set the Content-Type to image/png when the real headers have been sent and the browser is already reading the HTML

Conclusion

Now that you are done with this article, you should have a pretty firm grasp of how HTTP works, how request and response headers are used, and how you can employ this functionality in your programming. This reasonably detailed knowledge should also enable you to start thinking more critically about your web application efficiency and security. I hope that as you move forward with your programming, you will find that you’ve become quite comfortable working with HTTP headers, and that you are able to exploit them to make your job easier and your pages better.

As a parting thought, remember that headers are like words: they convey information and ask for certain actions to be performed, but by themselves they don’t force anything to happen. 99.9% of the time, cooperative browsers are talking to cooperative servers, and everything happens smoothly. But you have to remember that, as in life, every once in a while you’ll run across a jerk (a hacker), or someone who’s got his own way of doing things (Internet Explorer). Web development is very much a job of customer service, so you’ve got to do your best to keep the crooks out, and accomodate the customers with ’special needs.’