Returning JSON from a PHP Script

While you’re usually fine without it, you can and should set the Content-Type header: <?php $data = /** whatever you’re serializing **/; header(‘Content-Type: application/json; charset=utf-8′); echo json_encode($data); If I’m not using a particular framework, I usually allow some request params to modify the output behavior. It can be useful, generally for quick troubleshooting, to not … Read more

PHP array delete by value (not key)

Using array_search() and unset, try the following: if (($key = array_search($del_val, $messages)) !== false) { unset($messages[$key]); } array_search() returns the key of the element it finds, which can be used to remove that element from the original array using unset(). It will return FALSE on failure, however it can return a false-y value on success … Read more

What is the difference between public, private, and protected?

You use: public scope to make that property/method available from anywhere, other classes and instances of the object. private scope when you want your property/method to be visible in its own class only. protected scope when you want to make your property/method visible in all classes that extend current class including the parent class. If … Read more

What is stdClass in PHP?

stdClass is just a generic ’empty’ class that’s used when casting other types to objects. Despite what the other two answers say, stdClass is not the base class for objects in PHP. This can be demonstrated fairly easily: class Foo{} $foo = new Foo(); echo ($foo instanceof stdClass)?’Y’:’N’; // outputs ‘N’ I don’t believe there’s … Read more

How do I expire a PHP session after 30 minutes?

You should implement a session timeout of your own. Both options mentioned by others (session.gc_maxlifetime and session.cookie_lifetime) are not reliable. I’ll explain the reasons for that. First: session.gc_maxlifetime session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage’ and cleaned up. Garbage collection occurs during session start. But the garbage collector … Read more

What are Long-Polling, Websockets, Server-Sent Events (SSE) and Comet?

In the examples below the client is the browser and the server is the webserver hosting the website. Before you can understand these technologies, you have to understand classic HTTP web traffic first. Regular HTTP: A client requests a webpage from a server. The server calculates the response The server sends the response to the … Read more

Secure hash and salt for PHP passwords

DISCLAIMER: This answer was written in 2008. Since then, PHP has given us password_hash and password_verify and, since their introduction, they are the recommended password hashing & checking method. The theory of the answer is still a good read though. TL;DR Don’ts Don’t limit what characters users can enter for passwords. Only idiots do this. … Read more

How can I sanitize user input with PHP?

It’s a common misconception that user input can be filtered. PHP even has a (now deprecated) “feature”, called magic-quotes, that builds on this idea. It’s nonsense. Forget about filtering (or cleaning, or whatever people call it). What you should do, to avoid problems, is quite simple: whenever you embed a a piece of data within … Read more

Get the first element of an array

Original answer, but costly (O(n)): array_shift(array_values($array)); In O(1): array_pop(array_reverse($array)); Other use cases, etc… If modifying (in the sense of resetting array pointers) of $array is not a problem, you might use: reset($array); This should be theoretically more efficient, if a array “copy” is needed: array_shift(array_slice($array, 0, 1)); With PHP 5.4+ (but might cause an index … Read more