Web Design company – Goweb99 blogGet your website designed for as low as $99.

Exceptions can occur in your program and you need to handle them to have your code going on. But how would you know which code is going to produce an error.

PHP exception handling provides some easy steps to deal with the exceptions:

• track where an error is produced
• throw the error to some handler
• catch the appropriate error and continue with the execution

A proper exception code includes:

• Try – It encloses the block of code or the function which is doubted to produce an exception. If the exception does not trigger, the code will continue as normal. However if the exception triggers, an exception is thrown automatically.
• Throw – Throw lets you trigger an error manually.
• Catch – It contains the code to handle the exceptions. A “catch” block retrieves an exception and creates an object containing the exception information.

A simple try-catch example:

<?php
//create function with an exception
function checkNum($number)
{
if($number<1)
{
throw new Exception(”Number must be greater than 0″);
}
return true;
}
//trigger exception in a “try” block
try
{
checkNum(2);
//If the exception is thrown, this text will not be shown
echo ‘The number is greater than 0′;
}
//catch exception
catch(Exception $e)
{
echo ‘Message: ‘ .$e->getMessage();
}
?>

Error Output:

Message: Number must be greater than 0

The code above throws an exception and catches it.It works as follows:

• The checkNum() function is created. It checks if a number is less than 1. If it is, an exception is thrown
• The checkNum() function is called in a “try” block
• The exception within the checkNum() function is thrown
• The “catch” block retrives the exception and creates an object ($e) containing the exception information
• The error message from the exception is echoed by calling $e->getMessage() from the exception object

---

[Translate]

Exceptions are special conditions which occur during execution and change the normal flow of a code.

These exceptions need to be handled to let the program going on.

PHP 5 provides an object oriented way of dealing with errors.

During the execution of a program some condition may appear when the program flow is need to be changed to protect the code from crashing or producing wrong results or stopping in the middle of execution. This is called Exception handling. And exceptions are the condtions which may cause any of the above situations.

When an exception occurs the following steps are executed:

• The current code state is saved
• The code execution will switch to a predefined (custom) exception handler function
• Depending on the situation, the handler may then resume the execution from the saved code state, terminate the script execution or continue the script from a different location in the code

Basic Idea for an Exception to handle is:

• decide whether the Error produced needs to be handled and how
• which exception to handle at which level and which point of tim
• your code should keep running even if a severe (non-fatal) error occurs
• make sure all errors of all the different types are handled uniformly.

Exceptions should only be used with error conditions, and should not be used to jump to another place in the code at a specified point.

When an exception is thrown, the execution of the following code block is stopped, and PHP will try to find the code for catching the exception.

If an exception is not caught, a fatal error will be issued with an “Uncaught Exception” message.

PHP 5 handles exceptions in a similar way to that of other programming languages.

Exception handling introduces some new keywords as:

• Try - It encloses the block of code or the function which is doubted to produce an exception. If the exception does not trigger, the code will continue as normal. However if the exception triggers, an exception is thrown automatically.
• Throw – Throw lets you trigger an error manually.
• Catch – It contains the code to handle the exceptions. A “catch” block retrieves an exception and creates an object containing the exception information.

When an exception is thrown, the program execution will be paused to handle the error. PHP will then attempt to find the first matching catch block. If an exception is not caught, a PHP Fatal Error will be issued with an “Uncaught Exception”

• Each try must have at least one corresponding catch block.
• Multiple catch blocks can be used to catch different classes of exceptions.
• Exceptions can be thrown (or re-thrown) within a catch block also.

Lets try to throw an exception without catching it:

<?php         //create function with an exception
function checkNum($number)
{
if($number==0)
{
throw new Exception(”Value must not be 0″);
}
return true;
}
//trigger exception
checkNum(0);
?>

Output:

Fatal error: Uncaught exception ‘Exception’
with message ‘Value must not be 0′ in C:\wapplications\PHPprog.php:6
Stack trace: #0 C:\wapplications\PHPprog.php(12):
checkNum(28) #1 {main} thrown in C:\wapplications\PHPprog.php on line

---

[Translate]

PHP sends an error log to the servers logging system or a file, depending on the error_log configuration in the php.ini file. But this can be changed using the error_log() function, ie you caqn send error logs to a file or a remote destination, specified by you.

You can also send error messages to yourself by e-mail. This is a good way of getting notified of specific errors.

Send an Error Message by E-Mail

In the example below we will send an e-mail with an error message and end the script, if a specific error occurs:

<?php //error handler function
function customError($errorNo, $errorStr)
{
echo “<b>Error:</b> [$errorNo] $errorStr<br />”;
echo “Webmaster has been notified”;
error_log(”Error: [$errorNo] $errstr”,1,
“user1@example.com”,”From: tutor@goweb99.com”);
}
//set error handler
set_error_handler(”customError”,E_USER_WARNING);
//trigger error
$test=2;
if ($test>1)
{
trigger_error(”Value must be 1 or below”,E_USER_WARNING);
}
?>

Output:

Error: [512] Value must be 1 or below
Webmaster has been notified

And the mail received from the code above looks like this:

Error: [512] Value must be 1 or below

---

[Translate]

Creating a Custom Error Handler

A Custom Error Handler is a special function which is called when an error occurs in PHP.

This function should accept at least two parameters, ie error level and error message and at the max it may accept up to five parameters ie file, line-number, and the error context:

Syntax

error_function(error_level,error_message,error_file,error_line,error_context)

Parameter	Description
error_level	Required. Specifies the error report level for the user-defined error. Must be a value number.
error_message	Required. Specifies the error message for the user-defined error
error_file	Optional. Specifies the filename in which the error occurred
error_line	Optional. Specifies the line number in which the error occurred
error_context	Optional. Specifies an array containing every variable, and their values, in use when the error occurred

These error report levels are the different types of error the user-defined error handler can be used for:

Error Report levels

Value	Constant	Description
2	E_WARNING	Non-fatal run-time errors. Execution of the script is not halted
8	E_NOTICE	Run-time notices. The script found something that might be an error, but could also happen when running a script normally
256	E_USER_ERROR	Fatal user-generated error. This is like an E_ERROR set by the programmer using the PHP function trigger_error()
512	E_USER_WARNING	Non-fatal user-generated warning. This is like an E_WARNING set by the programmer using the PHP function trigger_error()
1024	E_USER_NOTICE	User-generated notice. This is like an E_NOTICE set by the programmer using the PHP function trigger_error()
4096	E_RECOVERABLE_ERROR	Catchable fatal error. This is like an E_ERROR but can be caught by a user defined handle (see also set_error_handler())
8191	E_ALL	All errors and warnings, except level E_STRICT (E_STRICT will be part of E_ALL as of PHP 6.0)

Now lets create a function to handle errors:

function customError($errno, $errstr)
{
echo “<b>Error:</b> [$errno] $errstr<br />”;
echo “Ending Script”;
die();
}

The code above is a simple error handling function. When it is triggered, it gets the error level and an error message. It then outputs the error level and message and terminates the script.
Here we have created an error handling function, so mow we we need to decide when it should be triggered.

Set Error Handler

PHP provides a built in default error handler error handler.

You can also change the error handler to apply for only some errors, so this way you can make more handlers for different type of errors, which will handle the errors in specific ways.

set_error_handler(”customError”);

Since we want our custom function to handle all errors, the set_error_handler() only needed one parameter, a second parameter could be added to specify an error level.

Testing the error handler by trying to output variable that does not exist:

For eg:

<?php       //error handler function
function customError($errno, $errstr)
{
echo “<b>Error:</b> [$errno] $errstr”;
}
//set error handler
set_error_handler(”customError”);

//trigger error
echo($test);
?>

Output:

Error: [8] Undefined variable: test

Trigger an Error

In the above example we triggered the error without any reason. We need some valid trigger for the error handler to be triggered. When a user inputs data, some wrong input may be provided so we need to trigger the handler whenever a user inputs a invalid data. In PHP, this is done by the trigger_error() function.

In this example an error occurs if the “test” variable is bigger than “1″:

For eg:

<?php
$test=2;
if ($test>1)
{
trigger_error(”Value must be 1 or below”);
}
?>

Output:

Note: Value must be 1 or below in C:\webfolder\test.php on line 6

By this method you can trigger an error anywhere you wish in a script. By adding a second parameter, you can specify what error level is triggered.

Possible error types:

• E_USER_ERROR – Fatal user-generated run-time error. Errors that can not be recovered from. Execution of the script is halted
• E_USER_WARNING – Non-fatal user-generated run-time warning. Execution of the script is not halted
• E_USER_NOTICE – Default. User-generated run-time notice. The script found something that might be an error, but could also happen when running a script normally

In this example an E_USER_WARNING occurs if the “test” variable is bigger than “1″. If an E_USER_WARNING occurs we will use our custom error handler and end the script:

For eg:

<?php          //error handler function
function customError($errno, $errstr)
{
echo “<b>Error:</b> [$errno] $errstr<br />”;
echo “Ending Script”;
die();
}
//set error handler
set_error_handler(”customError”,E_USER_WARNING);

//trigger error
$test=2;
if ($test>1)
{
trigger_error(”Value must be 1 or below”,E_USER_WARNING);
}
?>

Output:

Error: [512] Value must be 1 or below  Ending Script

---

[Translate]

PHP provides a default error handling, which is very simple. An error message is sent to the browser, with filename, line number and a message describing the error.

Error handling is a vital part while working with scripts and creating web applications.

Error checking and handling helps you handle the errors your way, ie you can do what you want to do in case an error occurs. It makes your code look more professional and also provides security.

This tutorial contains some of the most common error checking methods in PHP.

Some of the most common error checking methods of PHP are:

• Simple “die()” statements
• Custom errors and error triggers
• Error reporting

Using the die() function

The first example shows a simple script that opens a text file:

<?php
$file=fopen(”welcome.txt”,”r”);
?>

Error Output if the file does not exist:

Warning: fopen(welcome.txt) [function.fopen]: failed to open stream:No such file or directory in C:\webfolder\test.php on line 2

You can avoid this situation by simple methods. First look for the file if it exists, then open it and if not then you can use the die() function.

<?php
if(!file_exists(”welcome.txt”))
{
die(”File not found”);
}
else
{
$file=fopen(”welcome.txt”,”r”);
}
?>

Error Output if the file does not exist:

File not found

The code above is more efficient than the earlier code, because it uses a simple error handling mechanism to stop the script after the error.

---

[Translate]

First, look at the PHP code from the previous chapter:

<html>
<body>
<?php
if (isset($_REQUEST['email']))   //if “email” is filled out, send email
{
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
mail(”someone@example.com”, “Subject: $subject”,
$message, “From: $email” );
echo “Thank you for using our mail form”;
}
else      //if “email” is not filled out, display the form
{
echo “<form method=’post’ action=’mailform.php’>
Email: <input name=’email’ type=’text’ /><br />
Subject: <input name=’subject’ type=’text’ /><br />
Message:<br />
<textarea name=’message’ rows=’15′ cols=’40′>
</textarea><br />
<input type=’submit’ />
</form>”;
}
?>
</body>
</html>

The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
Now suppose a if a user adds the following text to the email input field in the form

someone@example.com%0ACc:person2@example.com
%0ABcc:person3@example.com,person3@example.com,
anotherperson4@example.com,person5@example.com
%0ABTo:person6@example.com

The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!

PHP Stopping E-mail Injections

The best way to stop such e-mail injections is to validate the input.
In the code below we have added an input validator that checks the email field in the form:

<html>
<body>
<?php
function spamcheck($field)
{
//filter_var() sanitizes the e-mail address using FILTER_SANITIZE_EMAIL
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
//filter_var() validates the e-mail address using FILTER_VALIDATE_EMAIL
if(filter_var($field, FILTER_VALIDATE_EMAIL))
{
return TRUE;
}
else
{
return FALSE;
}
}
if (isset($_REQUEST['email']))    //if “email” is filled out, proceed
{
$mailcheck = spamcheck($_REQUEST['email']);   //check if the email address is invalid
if ($mailcheck==FALSE)
{
echo “Invalid input”;
}
else    //send email
{
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
mail(”someone@example.com”, “Subject: $subject”,
$message, “From: $email” );
echo “Thank you for using our mail form”;
}
}
else     //if “email” is not filled out, display the form
{
echo “<form method=’post’ action=’mailform.php’>
Email: <input name=’email’ type=’text’ /><br />
Subject: <input name=’subject’ type=’text’ /><br />
Message:<br />
<textarea name=’message’ rows=’15′ cols=’40′>
</textarea><br />
<input type=’submit’ />
</form>”;
}
?>
</body>
</html>

These are the PHP filters that we used in the above code to validate input:

The FILTER_SANITIZE_EMAIL- removes all illegal e-mail characters from a string
The FILTER_VALIDATE_EMAIL- validates value as an e-mail address

---

[Translate]

PHP allows you to send e-mails directly from a script.

The PHP mail() Function
The PHP mail() function is used to send emails from inside a script.

Syntax

mail(to,subject,message,headers,parameters)

Parameter	Description
to	Required. Specifies the receiver / receivers of the email
subject	Required. Specifies the subject of the email. Note: This parameter cannot contain any newline characters
message	Required. Defines the message to be sent. Each line should be separated with a LF (\n). Lines should not exceed 70 characters
headers	Optional. Specifies additional headers, like From, Cc, and Bcc. The additional headers should be separated with a CRLF (\r\n)
parameters	Optional. Specifies an additional parameter to the sendmail program

But before you will be able to use mail functions, you should have a working email system. The program to be used is defined by the configuration settings in the php.ini file.

PHP Simple E-Mail

In the example below we first declare the variables ($to, $subject, $message, $from, $headers), then we use the variables in the mail() function to send an e-mail:

$to = "user1@example.com";
$subject = "Sample mail";
$message = "This is a test email message.";
$from = "user2@example.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
?>

---

[Translate]

PHP isset() Function

When we create a variable and store it in a session, it is with the intention to use it in the future. But to use a session variable it should first be created and set. So you must first check for its existence.

Here we use PHP’s isset function. isset is a function that takes any variable you want to use and checks to see whether it has been assigned some value or not.

Destroying a Session

If you wish to delete some session data, you can use the following two functions:

• unset() function
• session_destroy() function

The unset() function is used to free the specified session variable:

<?php
unset($_SESSION['views']);
?>

You can also completely destroy the session by calling the session_destroy() function:

<?php
session_destroy();
?>

session_destroy() will reset your session and you will lose all your stored session data.

---

[Translate]

Whenever a user logs in to a system some variables are set to identify this same user throughout his working duration and when the user logs out of the system the variables are reset. This duration from log=in to log-out is called a session and the variables used are session variables to identify a session.

Starting a PHP Session

Before storing the user information in a session, it should be first started. The code to start a session must be at the very beginning of your code, before any HTML or text is sent.

<?php session_start(); ?>
<html>
<body>
………….
</body>
</html>

The code above will register the user’s session with the server, allow you to start saving user information, and assign a UID for that user’s session.

Storing a Session Variable

When you want to store user data in a session use the built-in PHP associative array $_SESSION. This is where you both store and retrieve session data. In previous versions of PHP there were other ways to perform this store operation, but it has been updated and this is the correct way to do it.

<?php
session_start();
// store session data
$_SESSION['username']=”Tutor”;
?>
<html>
<body>
<?php
//retrieve session data
echo “Username=”. $_SESSION['username'];
?>
</body>
</html>

Output:

Username=Tutor

In the example below, we create a simple page-views counter. The isset() function checks if the “views” variable has already been set. If “views” has been set, we can increment our counter. If “views” doesn’t exist, we create a “views” variable, and set it to 1:

<?php
session_start();
if(isset($_SESSION['views']))
$_SESSION['views']=$_SESSION['views']+1;
else
$_SESSION['views']=1;
echo “Views=”. $_SESSION['views'];
?>

---

[Translate]

A PHP session allows you to store user information like username, shopping cart items, etc or change settings for a user session. Session variables hold information about one single user, and are available to all pages in one application.

However, this session information is temporary and is deleted very quickly after the user has left the website that uses sessions.

It is important to think and verify if the sessions’ temporary storage is applicable to your website. If you require a more permanent storage you will have to use a database.

Sessions too have some major loop holes which need some advanced techniques to fill into those gaps. So if you are not experienced with session programming it is not recommended that you use sessions on a website that requires high-security.

PHP Session Variables

Session is the duration for which you browse a website or you visit some page. That means, when you are working with an application, you open it, do some changes and then you close it. This is a Session. The time you login to an application or start it the computer recognizes you.

It knows when you start the application and when you end. This is the case with applications running on your system, but on the internet there is one problem: HTTP address doesn’t maintain state, so a web server cannot know who you are and what you do.

A PHP session is used to solve this problem. It allows you to store user information on the server for later use. However, session information is temporary and is deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.

Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL.

---

[Translate]

Retrieving Cookie

The built-in PHP variable $_COOKIE is used to retrieve a cookie value.

In the example below, we retrieve the value of the cookie named “username” and display it on a page:

For eg:

<?php
// Print a cookie
echo $_COOKIE["username"];
// A way to view all cookies
print_r($_COOKIE);
?>

We can also use the isset() function to find out if a cookie has been set:

<html>
<body>
<?php
if (isset($_COOKIE["username"]))
echo “Welcome ” . $_COOKIE["username"] . “!<br />”;
else
echo “Welcome Tutor!<br />”;
?>
</body>
</html>
Deleting Cookie
When deleting a cookie, its should have been expired ie you should assure that the expiration date is in the past.
For eg:

<?php
// set the expiration date to one hour ago
setcookie(”username”, “”, time()-3600);
?>
Browsers not supporting Cookies
If a browser do not support cookies, you will have to use other methods to pass information from one page to another in your application. You may use the form method to pass the information in such a case.
The form below passes the user input to “main.php” when the user clicks on the “Submit” button:
For eg:

<html>
<body>
<form action=”main.php” method=”post”>
Name: <input type=”text” name=”username” />
Address: <input type=”text” name=”address” />
<input type=”submit” />
</form>
</body>
</html>
Retrieve the values in the “main.php” file like this:
<html>
<body>
Welcome <?php echo $_POST["name"]; ?>.<br />
You live at <?php echo $_POST["address"]; ?>.
</body>
</html>
---
[Translate]
Read More