Reusing pieces of HTML code is a common way of making web sites (or web applications) more consistent, reliable, and more manageable. Even a small web site consisting of perhaps 20 or 30 web pages can benefit from reusing code for header and footer sections, for example. If the same header or footer is used across all the pages on the site, it makes sense to put the header and footer code in separate files, and then call those files to insert their contents where required.

PHP offers two statements that can be used for inserted the contents of one file inside another: include() and require(). These two statements are virtually identical, with the only real difference being that if require() fails, it gives a fatal error, whereas if include() fails it just gives a warning. For this reason I tend to use the include() statement as it just seems slightly more friendly.

So, to include the contents of a file called header.inc inside a web page called index.php, you would just need to insert the following line of code (wrapped in PHP opening and closing tags) inside index.php.

Include 'header.inc';

As PHP takes no notice of the extension used for the included file, you can use whatever extension you want to. Be careful though, if you put passwords inside an include file with a .inc extension, they will be visible. You can get around this by putting include files that contain sensitive information outside the document tree to prevent people from browsing to them.

In Part 2 we'll look at the use of functions when developing web sites and applications.

What Is PHP?

The full form of PHP is Hypertext PreProcessor and is a server-side scripting language. The PHP code can be combined with regular HTML tags and parsed on the server. The creator of PHP, Rasmus Lerdorf first displayed the language in the form of a Perl script . In 1997 it was adapted by Andi Gutmans and Zeev Suraski to use a C-written compiler. They completely reconstructed the original PHP into the web language that we know and use today.

Uses of PHP

It is used in the creation of dynamic web pages. Web developers like it because of its fast parsing and flexibility and versatility. PHP is a popular tool for managing a form's data after it is submitted and comes built in with many different interfaces and API's. It has database capability built into the language, the most common database being MySQL. Typically the PHP can connect to any SQL enabled database.

The Syntax of PHP is similar in structure to Perl and C where curly braces { } define blocks of code and semi-colons specify the end of a statement PHP is as easy to learn as Perl. It maintains all the traditional loops, if/else, and subroutines that are expected in a programming language. One difference between the two is that the code'?' is embedded in with the HTML; you could however, use a separate file. The PHP code is different from HTML code by use of the opening and closing tags. When it finds a PHP file, it tells the server to scan through for these tags, and execute the code in between them. The server recognizes a PHP enabled file by its extension, .php. These are essentially HTML files with PHP codes in them.

Getting Started

To start PHP requires a server with PHP installed and a simple ASCII text editor such as Notepad or VI, eMacs, Kate, etc. for a UNIX/Linux machine.

What are the problems faced by PHP?

It is case sensitive. For example if you name a variable $MyVar, you cannot call it as $myvar or $mYvAr. In case you forget to close your curly brackets, then it helps to indent lines inside the curly braces so that any missing braces can be spotted easily.

An SSL, or Secure Socket Layer, is technology that has been developed that allows web browsers and web servers to communicate over a secured connection.

The system uses cryptography that uses two keys to encrypt data  a public key known to everyone and a private or secret key known only to the recipient of the message. It’s a way to encrypt data, like credit cards numbers (as well other personally identifiable information), which prevents the "bad guys" from stealing your information for malicious intent.

The recently introduced SSL v3 improved upon SSL v2 by adding SHA-1 based ciphers, and support for certificate authentication. SSL v2 was known to be flawed in a variety of ways. Identical cryptographic keys are used for message authentication and encryption. The older version did not have any protection for the handshake, meaning a Man-in-the-middle downgrade attack could go undetected.

SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL and is included as part of both the Microsoft and Netscape browsers and most Web server products. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.

SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client's list of trusted CAs. Client authentication allows a server to confirm a user's identity. It’s a way to assure a client that they are dealing with the real server they intended to connect to. It can prevent any unauthorized clients from connecting to the server, preventing anyone from meddling with data going to or coming from the server.

From the very beginning SSL was designed to provide security between client and server, and to avoid any kind of 3-way man-in-the-middle attack.

Conceptually it’s quite simple: it negotiates the cryptography algorithms and keys between two sides of a communication, and establishes an encrypted tunnel through which other protocols (like HTTP) can be transported. It can also be easily passed through firewalls and proxies, as well as through NAT (Network Address Translation) without issues.