Friday, February 2, 2024

Day 5 at rtCamp

Regular expression

In PHP, regular expressions are strings composed of delimiters, a pattern and optional modifiers.
Following function allow us to use regular expression
- preg_match(): Returns 1 if the pattern was found in the string and 0 if not
- preg_match_all(): Returns the number of times the pattern was found in the string, which may also be 0
- preg_replace(): Returns a new string where matched patterns have been replaced with another string

preg_match()

$str = "Visit W3Schools";
$pattern = "/w3schools/i";
echo preg_match($pattern, $str);

// output --> 1

preg_match_all()

$str = "The rain in SPAIN falls mainly on the plains.";
$pattern = "/ain/i";
echo preg_match_all($pattern, $str);

// output --> 4

preg_replace()

$str = "Visit Microsoft!";
$pattern = "/microsoft/i";
echo preg_replace($pattern, "W3Schools", $str);

// output --> Visit W3Schools!

$_GET is an array of variables passed to the current script via the URL parameters.
$_POST is an array of variables passed to the current script via the HTTP POST method.

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

$_SERVER["PHP_SELF"] is a superglobal variable that returns tha path of filename
$_SERVER["PHP_SELF"] sends the submitted form data to the page itself instead of jumping to a different page.
$_SERVER["PHP_SELF"] variable can be used by hackers

<form method="post" action="test_form.php/"><script>alert('hacked')</script>

The above code add script tag with alter command. To avoid this we use htmlspecialchars

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

<form method="post" action="test_form.php/&quot;&gt;&lt;script&gt;alert('hacked')&lt;/script&gt;">

For form field validation we do following things
- trim data using trim function
- remove backslash using stripslashes function
- and use htmlspecialchars to convert html code to html entities

In php date() function is used to get the date and time in specified
Following are some characters for date
- d: represents the day of month (01-31)
- m: represents the month (01-12)
- Y: represents year in four digits
- l: represents day of week
Following are some characters for time
- H: 24 hours format (00-23)
- h: 12 hours format (01-12)
- i: minutes (00-59)
- s: seconds (00-59)
- a: lowercase am/pm
strtotime() function is used to convert a human readable date string into a Unix timestamp (number of seconds since January 1 1970 00:00:00 GMT)

Both are ways to include content of file in current php file
But it has following difference
- require will produce a fatal error and stop the script
- include will only produce a warning and the script will continue

Main Thread in Browsers:
- Handles user events.
- Renders and paints HTML/CSS on the screen.
- Runs synchronous code in scripts.
Benefits of async-await:
- Improved syntax over then() chaining.
- Cleaner code, avoiding callback hell.
- Easy error handling with try-catch.
- Avoids callback hell problem.
API Calls in JavaScript:
- Methods: fetch, XMLHttpRequest, axios (3rd party), AJAX.
- Preferred: fetch for its simplicity and compatibility with promises.
DOM (Document Object Model):
- Represents HTML elements in a tree structure.
- Enables dynamic manipulation of elements, content, and styles.
- Vital for creating dynamic web pages, updating content without refresh.
PHP vs. JavaScript Security:
- PHP and JavaScript serve different roles.
- PHP runs on the server, keeping its code secure.
- JavaScript runs in browsers, making its code visible.
- Security depends on how and where each language is used.
PHP Cookies vs. JavaScript Cookies:
- PHP Cookies:
  - Server-side management.
  - Sent from the server to the client.
  - Stores less sensitive data.
  - Accessed using $_COOKIE superglobal.
- JavaScript Cookies:
  - Client-side management.
  - Uses document.cookie to set cookies on the browser.