Scribd
Upload
24 views

AWPChapter 6

This document provides an overview of cookies and sessions in PHP. It defines cookies as small text files saved on a user's computer that identify the user and track their activity on a website. Sessions are used to store information about a user across multiple pages to maintain state on the server-side rather than client-side like cookies. The document demonstrates how to create, retrieve, modify, and delete both cookies and sessions in PHP using functions like setcookie(), $_COOKIE, session_start(), and $_SESSION. It also discusses validating and sanitizing user input with PHP filters.

Uploaded by

kebe Aman
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
24 views

AWPChapter 6

This document provides an overview of cookies and sessions in PHP. It defines cookies as small text files saved on a user's computer that identify the user and track their activity on a website. Sessions are used to store information about a user across multiple pages to maintain state on the server-side rather than client-side like cookies. The document demonstrates how to create, retrieve, modify, and delete both cookies and sessions in PHP using functions like setcookie(), $_COOKIE, session_start(), and $_SESSION. It also discusses validating and sanitizing user input with PHP filters.

Uploaded by

kebe Aman
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 80

Chapter 5

PHP COOKIES

AND

SESSION
Introduction
2

What is a Cookie?
A cookie is often used to identify a user.
A cookie is a small text file that is saved on the user’s
computer.
The maximum file size for a cookie is 4KB.
Each time the same computer requests a page with a
browser, it will send the cookie too.
With PHP, you can both create and retrieve cookie
values.
Cont…
3

It is also known as an HTTP cookie, a web cookie, or


an internet cookie.
When a user first visits a website, the site sends data
packets to the user’s computer in the form of a
cookie.
The information stored in cookies is not safe since it
is kept on the client-side in a text format that
anybody can see.
We can activate or disable cookies based on our
needs.
Uses of Cookies

 To store information about visitors regarding the


accessed website’s page.
 Number of visit and views.
 Store first visit information and update it in every
visit that pointed towards better experience of user.
Cookies are used for client-side state management
system.
Create Cookies With PHP
5

A cookie is created with the setcookie() function.


Syntax
setcookie(name, value, expire, path, domain, secure,
http only);
Only the name parameter is required. All other
parameters are optional.
PHP Create/Retrieve a Cookie
6

 The following example creates a cookie named "user" with


the value "John Doe".
 The cookie will expire after 30 days (86400 * 30). The "/"
means that the cookie is available in entire website
(otherwise, select the directory you prefer).
 We then retrieve the value of the cookie "user" (using the
global variable $_COOKIE).
 We also use the isset() function to find out if the cookie is
set:
Example
7

 <?php
$cookie_name = "user";
$cookie_value = "John Doe";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); //
86400 = 1 day ?>
<html><body>
<?php
if(!isset($_COOKIE[$cookie_name])) {
echo "Cookie named '" . $cookie_name . "' is not set!";
} else {
echo "Cookie '" . $cookie_name . "' is set!<br>";
echo "Value is: " . $_COOKIE[$cookie_name];
}
?>
</body></html>
 Note: The setcookie() function must appear BEFORE the <html> tag.
Continued
8

 Note: The value of the cookie is automatically URL


encoded when sending the cookie, and automatically
decoded when received (to prevent URL encoding, use
setrawcookie() instead).
 Modify a Cookie Value
 To modify a cookie, just set (again) the cookie using the
setcookie() function:
Example
9

 <?php
$cookie_name = "user";
$cookie_value = "Alex Porter";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30),
"/"); ?>
<html><body>
<?php
if(!isset($_COOKIE[$cookie_name])) {
echo "Cookie named '" . $cookie_name . "' is not set!";
} else {
echo "Cookie '" . $cookie_name . "' is set!<br>";
echo "Value is: " . $_COOKIE[$cookie_name];
}
?>
</body></html>
Delete a Cookie
10

To delete a cookie, use the setcookie() function with


an expiration date in the past:
Example
<?php
// set the expiration date to one hour ago
setcookie("user", "", time() - 3600); ?>
<html> <body>
<?php
echo "Cookie 'user' is deleted."; ?>
</body>
</html>
Continued
11

Check if Cookies are Enabled


The following example creates a small script that
checks whether cookies are enabled.
First, try to create a test cookie with the setcookie()
function, then count the $_COOKIE array variable:
Example
12

<?php
setcookie("test_cookie", "test", time() + 3600, '/'); ?>
<html><body>
<?php
if(count($_COOKIE) > 0) {
echo "Cookies are enabled.";
} else {
echo "Cookies are disabled.";
}
?>
</body></html>
PHP Sessions
13

A session is a way to store information (in variables)


to be used across multiple pages.
Unlike a cookie, the information is not stored on the
users computer.
What is a PHP Session?
When you work with an application, you open it, do
some changes, and then you close it. This is much
like a Session.
Cont…
14

A session is used to save information on the server


momentarily so that it may be utilized across various
pages of the website.
It is the overall amount of time spent on an activity.
The user session begins when the user logs in to a
specific network application and ends when the user
logs out of the program or shuts down the machine.
When the user shuts down the machine or logs out of
the program, the session values are automatically
deleted.
Continued
15

The computer knows who you are. It knows when


you start the application and when you end. But on
the internet there is one problem: the web server
does not know who you are or what you do, because
the HTTP address doesn't maintain state.
Session variables solve this problem by storing user
information to be used across multiple pages (e.g.
username, favorite color, etc).
Continued
16

By default, session variables last until the user closes


the browser.
So; Session variables hold information about one
single user, and are available to all pages in one
application.
Tip: If you need a permanent storage, you may want
to store the data in a database.
Start a PHP Session
17

A session is started with the session_start() function.


Session variables are set with the PHP global
variable: $_SESSION.
Now, let's create a new page called
"demo_session1.php". In this page, we start a new
PHP session and set some session variables:
Example
18

 <?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html><body>
<?php
// Set session variables
$_SESSION["favcolor"] = "green";
$_SESSION["favanimal"] = "cat";
echo "Session variables are set.";
?>
</body></html>
 Note: The session_start() function must be the very first thing in your
document. Before any HTML tags.
Get PHP Session Variable Values
19

 Next, we create another page called "demo_session2.php".


 From this page, we will access the session information we
set on the first page ("demo_session1.php").

 Notice that session variables are not passed individually to


each new page, instead they are retrieved from the session
we open at the beginning of each page (session_start()).

 Also notice that all session variable values are stored in the
global $_SESSION variable:
Example
20

 <?php
session_start();
?>
<!DOCTYPE html>
<html><body>
<?php
// Echo session variables that were set on previous page
echo "Favorite color is " . $_SESSION["favcolor"] . ".<br>";
echo "Favorite animal is " . $_SESSION["favanimal"] . ".";
?>
</body></html>
 Another way to show all the session variable values for a user
session is to run the following code:
Example
21

 <?php
session_start();
?>
<!DOCTYPE html>
<html><body>
<?php
print_r($_SESSION);
?>
</body></html>
 How does it work? How does it know it's me?
Most sessions set a user-key on the user's computer that looks something like
this:
 765487cf34ert8dede5a562e4f3a7e12.
 Then, when a session is opened on another page, it scans the computer for a
user-key.
 If there is a match, it accesses that session, if not, it starts a new session.
Modify a PHP Session Variable
22

To change a session variable, just overwrite it:


Example
<?php
session_start();
?>
<!DOCTYPE html>
<html><body>
<?php
// to change a session variable, just overwrite it
$_SESSION["favcolor"] = "yellow";
print_r($_SESSION);
?>
</body></html>
Destroy a PHP Session
23

To remove all global session variables and destroy the


session, use session_unset() and session_destroy():
<?php
session_start();
?>
<!DOCTYPE html>
<html><body>
<?php // remove all session variables
session_unset(); // destroy the session
session_destroy();
?></body></html>
Assignment
24

Compare and contrast php cookies and session in


detail.
PHP Filters
25

Validating data = Determine if the data is in proper form.


Sanitizing data = Remove any illegal character from the data.
The PHP Filter Extension
PHP filters are used to validate and sanitize external input.
The PHP filter extension has many of the functions needed
for checking user input, and is designed to make data
validation easier and quicker.
The filter_list() function can be used to list what the PHP
filter extension offers:
Example
26

<!DOCTYPE html>
<html><head><style>table, th, td { border: 1px solid
black; border-collapse: collapse;
}th, td { padding: 5px; } </style></head><body><table>
<tr><td>Filter Name</td><td>Filter ID</td></tr>
<?php
foreach (filter_list() as $id =>$filter) {
echo '<tr><td>' . $filter . '</td><td>' .
filter_id($filter) . '</td></tr>';
} ?></table>
</body>
</html>
Why Use Filters?
27

Many web applications receive external input.


External input/data can be:
 User input from a form
 Cookies
 Web services data
 Server variables
 Database query results

You should always validate external data!


Invalid submitted data can lead to security problems and break your webpage!
By using PHP filters you can be sure your application gets the correct input!
PHP filter_var() Function
28

The filter_var() function both validate and sanitize


data. And it filters a single variable with a specified
filter.
It takes two pieces of data:
 The variable you want to check
 The type of check to use
Sanitize a String
The following example uses the filter_var() function
to remove all HTML tags from a string:
Example
29

 <!DOCTYPE html>
<html>
<body>
<?php
$str = "<h1>Hello World!</h1>";
$newstr = filter_var($str, FILTER_SANITIZE_STRING);
echo $newstr;
?> </body></html>
 Validate an Integer
 The following example uses the filter_var() function to check if the
variable $int is an integer.
 If $int is an integer, the output of the code above will be: "Integer is
valid".
 If $int is not an integer, the output will be: "Integer is not valid":
Example
30

<!DOCTYPE html>
<html><body>
<?php
$int = 100;
if (!filter_var($int, FILTER_VALIDATE_INT) ===
false) {
echo("Integer is valid");
} else {
echo("Integer is not valid"); } ?>
</body></html>
Continued
31

Tip: filter_var() and Problem With 0


In the example above, if $int was set to 0, the function
above will return "Integer is not valid".
To solve this problem, use the code below:
<!DOCTYPE html>
<html><body>
<?php $int = 0;
if (filter_var($int, FILTER_VALIDATE_INT) === 0 || !
filter_var($int, FILTER_VALIDATE_INT) === false) {
echo("Integer is valid");
} else { echo("Integer is not valid");}?>
</body></html>
Validate an IP Address
32

The following example uses the filter_var() function to


check if the variable $ip is a valid IP address:
<!DOCTYPE html>
<html><body>
<?php
$ip = "127.0.0.1";
if (!filter_var($ip, FILTER_VALIDATE_IP) === false) {
echo("$ip is a valid IP address");
} else {
echo("$ip is not a valid IP address");}?>
</body></html>
Sanitize and Validate an Email Address
33

The following example uses the filter_var() function


to first remove all illegal characters from the $email
variable, then check if it is a valid email address:
Example
34

<!DOCTYPE html>
<html><body>
<?php
$email = "[email protected]";
// Remove all illegal characters from email
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
// Validate e-mail
if (!filter_var($email, FILTER_VALIDATE_EMAIL) ===
false) {
echo("$email is a valid email address");
} else {
echo("$email is not a valid email address");
}?></body></html>
Sanitize and Validate a URL
35

The following example uses the filter_var() function


to first remove all illegal characters from a URL, then
check if $url is a valid URL:
Example
36

<!DOCTYPE html>
<html><body>
<?php
$url = "http://www.w3schools.com";
// Remove all illegal characters from a url
$url = filter_var($url, FILTER_SANITIZE_URL);
// Validate url
if (!filter_var($url, FILTER_VALIDATE_URL) === false) {
echo("$url is a valid URL");
} else {
echo("$url is not a valid URL");} ?>
</body></html>
PHP Error Handling
37

The default error handling in PHP is very simple. An


error message with filename, line number and a
message describing the error is sent to the browser.
PHP Error Handling
When creating scripts and web applications, error
handling is an important part.
If your code lacks error checking code, your program
may look very unprofessional and you may be open
to security risks.
Continued
38

Some of the most common error checking methods


in PHP.
 Simple "die()" statements
 Custom errors and error triggers
 Error reporting
Basic Error Handling
39

Using the die() function


The first example shows a simple script that opens a text file:
<?php $file=fopen("welcome.txt","r"); ?>
If the file does not exist you might get an error like this:
Warning: fopen(welcome.txt) [function.fopen]: failed to
open stream:
No such file or directory in C:\webfolder\test.php on
line 2
To prevent the user from getting an error message like the
one above, we test whether the file exist before we try to
access it:
Example
40

<?php
if(!file_exists("welcome.txt")) {
die("File not found");
} else {
$file=fopen("welcome.txt","r"); } ?>
Now if the file does not exist you get an error like
this:
File not found
 The code above is more efficient than the earlier code,
because it uses a simple error handling mechanism to stop
the script after the error.
Continued
41

 However, simply stopping the script is not always the right


way to go.
 Let's a look at alternative PHP functions for handling
errors.
 Creating a Custom Error Handler
 Creating a custom error handler is quite simple. We simply
create a special function that can be called when an error
occurs in PHP.
 This function must be able to handle a minimum of two
parameters (error level and error message) but can accept
up to five parameters (optionally: file, line-number, and the
error context):
Syntax
42

Syntax
error_function(error_level,error_message,
error_file,error_line,error_context)
Continued
43

Parameter Description
error_level Required. Specifies the error report level for the user-defined
error. Must be a value number. See table below for possible error
report levels
error_message Required. Specifies the error message for the user-defined error
error_file Optional. Specifies the filename in which the error occurred
error_line Optional. Specifies the line number in which the error occurred
error_context Optional. Specifies an array containing every variable, and their
values, in use when the error occurred
Error Report levels
44

These error report levels are the different types of


error the user-defined error handler can be used for:
Continued
45
Value Constant Description

2 E_WARNING Non-fatal run-time errors. Execution of the script is not halted

8 E_NOTICE Run-time notices. The script found something that might be an error, but could also happen when running a script
normally

256 E_USER_ERROR Fatal user-generated error. This is like an E_ERROR set by the programmer using the PHP function trigger_error()

512 E_USER_WARNING Non-fatal user-generated warning. This is like an E_WARNING set by the programmer using the PHP function
trigger_error()

1024 E_USER_NOTICE User-generated notice. This is like an E_NOTICE set by the programmer using the PHP function trigger_error()

4096 E_RECOVERABLE_E Catchable fatal error. This is like an E_ERROR but can be caught by a user defined handle (see also
RROR set_error_handler())

8191 E_ALL All errors and warnings (E_STRICT became a part of E_ALL in PHP 5.4)
Example
46

 Now lets create a function to handle errors:


 function customError($errno, $errstr) {
echo "<b>Error:</b> [$errno] $errstr<br>";
echo "Ending Script";
die();
}
 The code above is a simple error handling function. When it
is triggered, it gets the error level and an error message.
 It then outputs the error level and message and terminates
the script.
 Now that we have created an error handling function we
need to decide when it should be triggered.
Set Error Handler
47

The default error handler for PHP is the built in


error handler.
We are going to make the function above the default
error handler for the duration of the script.
It is possible to change the error handler to apply for
only some errors, that way the script can handle
different errors in different ways.
However, in this example we are going to use our
custom error handler for all errors:
Continued
48

set_error_handler("customError");
Since we want our custom function to handle all
errors, the set_error_handler() only needed one
parameter, a second parameter could be added to
specify an error level.
Example
49

 Testing the error handler by trying to output variable that


does not exist:
 <?php
//error handler function
function customError($errno, $errstr) {
echo "<b>Error:</b> [$errno] $errstr";
}//set error handler
set_error_handler("customError");
//trigger error
 echo($test); ?>
 The output of the code above should be something like this:
 Error: [8] Undefined variable: test
Trigger an Error
50

In a script where users can input data it is useful to trigger


errors when an illegal input occurs.
 In PHP, this is done by the trigger_error() function.
Example
In this example an error occurs if the "test" variable is bigger
than "1":
<?php $test=2;
if ($test>1) { trigger_error("Value must be 1 or below");
} ?>
The output of the code above should be something like this:
Notice: Value must be 1 or below in C:\webfolder\
test.php on line 6
51

An error can be triggered anywhere you wish in a script, and


by adding a second parameter, you can specify what error
level is triggered.
Possible error types:
E_USER_ERROR - Fatal user-generated run-time error.
Errors that can not be recovered from. Execution of the script
is halted
E_USER_WARNING - Non-fatal user-generated run-time
warning. Execution of the script is not halted
E_USER_NOTICE - Default. User-generated run-time
notice. The script found something that might be an error,
but could also happen when running a script normally
Continued
52

Example
In this example an E_USER_WARNING occurs if
the "test" variable is bigger than "1".
If an E_USER_WARNING occurs we will use our
custom error handler and end the script:
Example
53

<?php
//error handler function
function customError($errno, $errstr) {
echo "<b>Error:</b> [$errno] $errstr<br>";
echo "Ending Script";
die();} //set error handler
set_error_handler("customError",E_USER_WARNI
NG);
//trigger error
$test=2; if ($test>1) { trigger_error("Value must be
1 or below",E_USER_WARNING); } ?>
54

The output of the code above should be something


like this:
Error: [512] Value must be 1 or below
Ending Script
Now that we have learned to create our own errors
and how to trigger them, lets take a look at error
logging.
Error Logging
55

By default, PHP sends an error log to the server's


logging system or a file, depending on how the
error_log configuration is set in the php.ini file.
By using the error_log() function you can send error
logs to a specified file or a remote destination.
Sending error messages to yourself by e-mail can be a
good way of getting notified of specific errors.
Send an Error Message by E-Mail
In the example below we will send an e-mail with an
error message and end the script, if a specific error
occurs:
Example
56

 <?php
//error handler function
function customError($errno, $errstr) {
echo "<b>Error:</b> [$errno] $errstr<br>";
echo "Webmaster has been notified";
error_log("Error: [$errno] $errstr",1,
"[email protected]","From: [email protected]");
}
//set error handler
set_error_handler("customError",E_USER_WARNING);//trigger error
$test=2;
if ($test>1) {
trigger_error("Value must be 1 or below",E_USER_WARNING);
}
?>
Continued
57

The output of the code above should be something


like this:
Error: [512] Value must be 1 or below
Webmaster has been notified
And the mail received from the code above looks like
this:
Error: [512] Value must be 1 or below
This should not be used with all errors. Regular
errors should be logged on the server using the
default PHP logging system.
PHP Exception Handling
58

Exceptions are used to change the normal flow of a


script if a specified error occurs.
What is an Exception?
Exception handling is used to change the normal
flow of the code execution if a specified error
(exceptional) condition occurs.
This condition is called an exception.
Continued
59

This is what normally happens when an exception is


triggered:
The current code state is saved
The code execution will switch to a predefined
(custom) exception handler function
Depending on the situation, the handler may then
resume the execution from the saved code state,
terminate the script execution or continue the script
from a different location in the code
60

We will show different error handling methods:


 Basic use of Exceptions
 Creating a custom exception handler
 Multiple exceptions
 Re-throwing an exception
 Setting a top level exception handler
Note: Exceptions should only be used with error
conditions, and should not be used to jump to
another place in the code at a specified point.
Basic Use of Exceptions
61

When an exception is thrown, the code following it


will not be executed, and PHP will try to find the
matching "catch" block.
If an exception is not caught, a fatal error will be
issued with an "Uncaught Exception" message.
Lets try to throw an exception without catching it:
Example
62

<?php
//create function with an exception
function checkNum($number) {
if($number>1) {
throw new Exception("Value must be 1 or below");
}
return true;
}

//trigger exception
checkNum(2);
?>
Try, throw and catch
63

To avoid the error from the example above, we need to


create the proper code to handle an exception.
Proper exception code should include:
Try - A function using an exception should be in a "try"
block. If the exception does not trigger, the code will
continue as normal. However if the exception triggers,
an exception is "thrown"
Throw - This is how you trigger an exception. Each
"throw" must have at least one "catch"
Catch - A "catch" block retrieves an exception and
creates an object containing the exception information
Example
64

 <?php
//create function with an exception
function checkNum($number) {
if($number>1) { throw new Exception("Value must be 1 or below");
}
return true;
}//trigger exception in a "try" block
try {checkNum(2); //If the exception is thrown, this text will not be
shown
echo 'If you see this, the number is 1 or below';
}//catch exception
catch(Exception $e) { echo 'Message: ' .$e->getMessage(); } ?>
The code above will get an error like this:
Message: Value must be 1 or below
Example explained:
65

The code above throws an exception and catches it:


The checkNum() function is created.
It checks if a number is greater than 1. If it is, an
exception is thrown
The checkNum() function is called in a "try" block
The exception within the checkNum() function is
thrown
Continued
66

The "catch" block retrieves the exception and creates


an object ($e) containing the exception information
The error message from the exception is echoed by
calling $e->getMessage() from the exception object
However, one way to get around the "every throw
must have a catch" rule is to set a top level exception
handler to handle errors that slip through.
Creating a Custom Exception Class
67

Creating a custom exception handler is quite simple.


We simply create a special class with functions that
can be called when an exception occurs in PHP.
The class must be an extension of the exception
class.
The custom exception class inherits the properties
from PHP's exception class and you can add custom
functions to it.
Lets create an exception class:
Continued
68
 <?php
class customException extends Exception {
public function errorMessage() { //error message $errorMsg = 'Error on line '.$this-
>getLine().' in '.$this->getFile() .': <b>'.$this->getMessage().'</b> is not a valid E-Mail
address'; return $errorMsg;
}}
$email = "[email protected]";

try { //check if
if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
//throw exception if email is not valid
throw new customException($email);
}
}
catch (customException $e) {
//display custom message
echo $e->errorMessage();
}
?>
Continued
69

The new class is a copy of the old exception class


with an addition of the errorMessage() function.
Since it is a copy of the old class, and it inherits the
properties and methods from the old class, we can
use the exception class methods like getLine() and
getFile() and getMessage().
Example explained:
70

 The code above throws an exception and catches it with a custom


exception class:
 The customException() class is created as an extension of the old
exception class.
 This way it inherits all methods and properties from the old
exception class
 The errorMessage() function is created. This function returns an
error message if an e-mail address is invalid
 The $email variable is set to a string that is not a valid e-mail address
 The "try" block is executed and an exception is thrown since the e-
mail address is invalid
 The "catch" block catches the exception and displays the error
message
Multiple Exceptions
71

It is possible for a script to use multiple exceptions to


check for multiple conditions.
It is possible to use several if..else blocks, a switch, or
nest multiple exceptions. These exceptions can use
different exception classes and return different error
messages:
Example
72
 <?php
class customException extends Exception {
public function errorMessage() { //error message
$errorMsg = 'Error on line '.$this->getLine().' in '.$this->getFile() .': <b>'.$this-
>getMessage().'</b> is not a valid E-Mail address';
return $errorMsg;
}
}$email = "[email protected]";

try { //check if
if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) { //throw exception if email
is not valid
throw new customException($email);
} //check for "example" in mail address
if(strpos($email, "example") !== FALSE) {
throw new Exception("$email is an example e-mail"); } }
catch (customException $e) {
echo $e->errorMessage();
} catch(Exception $e) {
echo $e->getMessage(); } ?>
Example explained:
73

 The code above tests two conditions and throws an


exception if any of the conditions are not met:
 The customException() class is created as an extension of
the old exception class.
 This way it inherits all methods and properties from the old
exception class
 The errorMessage() function is created. This function
returns an error message if an e-mail address is invalid
 The $email variable is set to a string that is a valid e-mail
address, but contains the string "example"
Continued
74

 The "try" block is executed and an exception is not thrown


on the first condition
 The second condition triggers an exception since the e-mail
contains the string "example"
 The "catch" block catches the exception and displays the
correct error message
 If the exception thrown were of the class custom Exception
and there were no custom Exception catch, only the base
exception catch, the exception would be handled there.
Re-throwing Exceptions
75

Sometimes, when an exception is thrown, you may


wish to handle it differently than the standard way. It
is possible to throw an exception a second time
within a "catch" block.
A script should hide system errors from users.
System errors may be important for the coder, but
are of no interest to the user.
To make things easier for the user you can re-throw
the exception with a user friendly message:
Example
76

 <?php
class customException extends Exception {
public function errorMessage() { //error message
$errorMsg = $this->getMessage().' is not a valid E-Mail address.';
return $errorMsg; }}
$email = "[email protected]";
try {
try { //check for "example" in mail address
if(strpos($email, "example") !== FALSE) { //throw exception if email is not
valid
throw new Exception($email); }
} catch(Exception $e) {
//re-throw exception
throw new customException($email); } }
catch (customException $e) { //display custom message
echo $e->errorMessage(); }
?>
Example explained:
77

 The code above tests if the email-address contains the string "example" in it, if it
does, the exception is re-thrown:
 The customException() class is created as an extension of the old exception class.
This way it inherits all methods and properties from the old exception class
 The errorMessage() function is created. This function returns an error message if
an e-mail address is invalid
 The $email variable is set to a string that is a valid e-mail address, but contains
the string "example"
 The "try" block contains another "try" block to make it possible to re-throw the
exception
 The exception is triggered since the e-mail contains the string "example"
 The "catch" block catches the exception and re-throws a "customException"
 The "customException" is caught and displays an error message
 If the exception is not caught in its current "try" block, it will search for a catch
block on "higher levels".
Continued
78

 Set a Top Level Exception Handler


 The set_exception_handler() function sets a user-defined function to handle all uncaught
exceptions.
 <?php
function myException($exception) {
echo "<b>Exception:</b> " . $exception->getMessage();
}
set_exception_handler('myException');

throw new Exception('Uncaught Exception occurred');


?>
 The output of the code above should be something like this:
 Exception: Uncaught Exception occurred
 In the code above there was no "catch" block. Instead, the top level exception handler
triggered. This function should be used to catch uncaught exceptions.
Rules for exceptions
79

Code may be surrounded in a try block, to help catch


potential exceptions
Each try block or "throw" must have at least one
corresponding catch block
Multiple catch blocks can be used to catch different
classes of exceptions
Exceptions can be thrown (or re-thrown) in a catch
block within a try block
A simple rule: If you throw something, you have to
catch it.
The
End

You might also like