427 Further Reading ['valid_user'] is set. If the user is logged in, we show her the members’ content; oth- erwise, we tell her that she is not authorized. Finally we have the logout.php script that signs a user out of the system.The code for this script is shown in Listing 20.6. Listing 20.6 logout.php—This Script Deregisters the Session Variable and Destroys the Session <?php session_start(); $old_user = $HTTP_SESSION_VARS['valid_user']; // store to test if they *were* logged in unset($HTTP_SESSION_VARS['valid_user']); session_destroy(); ?> <html> <body> <h1>Log out</h1> <?php if (!empty($old_user)) { echo 'Logged out.<br />'; } else { // if they weren't logged in but came to this page somehow echo 'You were not logged in, and so have not been logged out.<br />'; } ?> <a href="authmain.php">Back to main page</a> </body> </html> The code’s very simple, but we do a little fancy footwork.We start a session, store the user’s old username, unset the valid_user variable, and destroy the session.We then give the user a message that will be different if she was logged out, or was not logged in to begin with. This simple set of scripts will form the basis for a lot of the work we’ll do in later chapters. Further Reading Native sessions are new to PHP 4, but sessions have been provided by PHPLib for a while.The best things to read for more information are the PHPLib homepage and the 25 525x ch20 1/24/03 2:57 PM Page 427 428 Chapter 20 Using Session Control in PHP cookies specification.We’ve listed both these URLs earlier in the chapter, but we’ll reprint them here for reference: http://phplib.sourceforge.net/ http://home.netscape.com/newsref/std/cookie_spec.html Next We ’re almost finished with this section of the book. Before we move on to the projects, we’ll briefly discuss some of the useful odds and ends of PHP that we haven’t covered elsewhere. 25 525x ch20 1/24/03 2:57 PM Page 428 21 Other Useful Features SOME USEFUL PHP FUNCTIONS AND FEATURES do not fit into any particular category. This chapter will explain these features. We ’ll look at n Using magic quotes n Evaluating strings with eval() n Te r minating execution: die and exit n Serialization n Getting information about the PHP environment n Temporarily altering the runtime environment n Loading PHP extensions n Source highlighting Using Magic Quotes You have probably noticed that you need to be careful when using quote symbols (' and ") and back slashes (\) within strings. PHP will get confused by an attempted string statement like echo "color = "#FFFFFF""; and give a parse error.To include quotes inside a string, use the quote type that is differ- ent from the quotes enclosing the string. For example echo "color = '#FFFFFF'"; or echo 'color = "#FFFFFF"'; will both be valid. 26 525x ch21 1/24/03 2:55 PM Page 429 430 Chapter 21 Other Useful Features The same problem occurs with user input, as well as input and output to, or from, other programs. Tr ying to run a mysql query like insert into company values ('Bob's Auto Parts'); will produce similar confusion in MySQL’s parser. We have already looked at the use of addslashes() and stripslashes() that will escape out any single quote, double quote, backslash, and NUL characters. PHP has a useful capability to automatically or magically add and strip slashes for you.With two settings in your php.ini file, you can turn on or off magic quoting for GET, POST, cookie data, and for other sources. The value of the magic_quotes_gpc directive controls whether magic quoting is used for GET, POST, and cookie operations. With magic_quotes_gpc on, if somebody typed "Bob's Auto Parts" into a form on your site, your script would receive "Bob\'s Auto Parts" because the quote will be escaped for you. The function get_magic_quotes_gpc() returns either 1 or 0,telling you the current value of magic_quotes_gpc.This is most useful for testing if you need to stripslash- es() from data received from the user. The value of magic_quotes_runtime, controls whether magic quoting is used by functions that get data from databases and files. To get the value of magic_quotes_runtime, use the function get_magic_quotes_runtime().This function returns either 1 or 0. Magic quoting can be turned on for a particular script using the function set_magic_quotes_ runtime(). Evaluating Strings: eval() The function eval() will evaluate a string as PHP code. For example, eval ( "echo 'Hello World';" ); will take the contents of the string and execute it.This line will produce the same out- put as echo 'Hello World'; There are a variety of cases in which eval() can be useful.You might want to store blocks of code in a database, and retrieve and eval() them at a later point.You might want to generate code in a loop, and then use eval() to execute it. You can usefully use eval() to update or correct existing code. If you had a large collection of scripts that needed a predictable change, it would be possible (but 26 525x ch21 1/24/03 2:55 PM Page 430 431 Serialization inefficient) to write a script that loads an old script into a string, runs a regexp to make changes, and then uses eval() to execute the modified script. It is even conceivable that a very trusting person somewhere might want to allow PHP code to be entered in a browser and executed on her server. Te r minating Execution: die and exit So far in this book we have used the language construct exit to stop execution of a script. As you probably recall, it appears on a line by itself, like this: exit; It does not return anything.You can alternatively use its alias die(). For a slightly more useful termination, we can pass a parameter to exit().This can be used to output an error message or execute a function before terminating a script. This will be familiar to Perl programmers. For example: exit('Script ending now'); More commonly it is ored with a statement that might fail, such as opening a file or connecting to a database: mysql_query($query) or die('Could not execute query'); Instead of just printing an error message, you can call one last function before the script terminates: function err_msg() { echo 'MySQL error was: '; echo mysql_error(); } mysql_query($query) or die(err_msg()); This can be useful as a way of giving the user some reason why the script failed. Alternatively, you could email yourself so that you know if a major error has occurred, or add errors to a log file. Serialization Serialization is the process of turning anything you can store in a PHP variable or object into a bytestream that can be stored in a database or passed along via a URL from page to page.Without this, it is difficult to store or pass the entire contents of an array or object. It has decreased in usefulness since the introduction of session control. Serializing data is principally used for the types of things you would now use session control for. In fact, 26 525x ch21 1/24/03 2:55 PM Page 431 . Reading Native sessions are new to PHP 4, but sessions have been provided by PHPLib for a while.The best things to read for more information are the PHPLib homepage and the 25 525x ch20 1/24/03 2:57. discuss some of the useful odds and ends of PHP that we haven’t covered elsewhere. 25 525x ch20 1/24/03 2:57 PM Page 428 21 Other Useful Features SOME USEFUL PHP FUNCTIONS AND FEATURES do not fit into. quote symbols (' and ") and back slashes () within strings. PHP will get confused by an attempted string statement like echo "color = "#FFFFFF""; and give a parse error.To