Windows and macOS filenames are not case-sensitive, but Linux and Unix filenames are.

1. Always start by opening the file. You do this through a call to fopen.
2. Then you can call other functions; we write to the file (fwrite), read from an existing file (fread or fgets) and do other things.
3. Finish by closing the file (fclose).

The $My_File variable is a number PHP uses to refer to internal information about the file.
Upon failure, FALSE will be returned by fopen. To capture and respond to the failure: it calls the die function to end the program and give the user an error message.
The second parameter to the fopen call: the character w, which tells the function to open the file for writing. The function creates the file if it doesn't already exist.
If the file already exists, the w mode parameter causes the fopen call to delete the old contents (even if you don't write anything new!).

• To grabs a whole line from the file use fgets.
• You can retrieve multiple lines or portions of lines through the fread function.

• Use the copy function to copy a file.
• It takes two parameters: the name of the file to copy and the name of the new file.
• It returns TRUE if the copy succeeds and FALSE if it fails.

• Use the rename function to move a file.
• It takes two parameters: the name of the file to move and the new name of the file.
• It returns TRUE if the move succeeds and FALSE if it fails.

• Use the unlink function to delete a file.
• It takes one parameter: the name of the file to delete.
• It returns TRUE if the delete succeeds and FALSE if it fails.

• The file pointer is the position within a file at which the next file access will take place, whether it's a read or a write. It is not the same as the file handle which contains details about the file being accessed.
• 'r+', which puts the file pointer right at the start.
• The fseek function is called to move the file pointer right to the file end.
• The fseek function was passed two other parameters, 0 and SEEK_END. SEEK_END tells the function to move the file pointer to the end of the file, and 0 tells it how many positions it should then be moved backward from that point.
• There are two other seek options available to the fseek function: SEEK_SET and SEEK_CUR.
  1. The SEEK_SET option tells the function to set the file pointer to the exact position given by the preceding parameter.
  2. The SEEK_CUR sets the file pointer to the current position plus the value of the given offset.

• Use the file_put_contents function to update a file.
• It takes two parameters: the name of the file to update and the new content of the file.
• It returns the number of bytes written to the file if the update succeeds and FALSE if it fails.

• The flock function. This function queues up all other requests to access a file until your program releases the lock.
• The first call to flock sets an exclusive file lock on the file referred to by $My_File using the LOCK_EX parameter.
• After that, you release the lock by using the LOCK_UN parameter.
• The call to request an exclusive lock is nested as part of an if statement. This is because flock is not supported on all systems

• Use the file_get_contents function to read an entire file.
• It takes one parameter: the name of the file to read.
• It returns the contents of the file if the read succeeds and FALSE if it fails.

• Use the move_uploaded_file function to upload a file.
• It takes two parameters: the name of the file to upload and the name of the new file.
• It returns TRUE if the upload succeeds and FALSE if it fails.
• All uploaded files are placed into the associative system array $_FILES.

1. A user's web browser issues an HTTP request for a particular web page (requested a search using an HTML form). The search results page is called action.php.
2. The web server receives the request for results.php, retrieves the file, and passes it to the PHP engine for processing.
3. The PHP engine begins parsing the script. Inside the script is a command to connect to the database and execute a query. PHP opens a connection to the MySQL server and sends on the appropriate query.
4. The MySQL server receives the database query, processes it, and sends the results back to the PHP engine.
5. The PHP engine finishes running the script. This usually involves formatting the query results nicely in HTML. It then returns the resulting HTML to the web server.
6. The web server passes the HTML back to the browser.

In any script used to access a database from the Web, you follow some basic steps:

1. Check and filter data coming from the user.
2. Set up a connection to the appropriate database.
3. Query the database.
4. Retrieve the results.
5. Present the results back to the user.

We begin the script by stripping any whitespace that the user might have inadvertently entered at the beginning or end of his input field. You can do this by applying the function trim():

$My_Variable=trim($_POST['Input_Name']);

The next step is to verify that the user has entered somthing. Note that we check whether the user entered a search term after trimming whitespace.

The basic PHP library for connecting to MySQL is called mysqli. The i stands for improved, as there was an older library called mysql. When using the mysqli library in PHP, you can use either an object-oriented or procedural syntax.
You use the following line in the script to connect to the MySQL server:

@$db = new mysqli('Server_name', 'User_Name', 'Password', 'Database_Name');

This line instantiates the mysqli class and creates a connection to host Server_name with username User_Name, and password Password. The connection is set up to use the database called Database_Name.
To connect in a procedural fashion, you can use:

@$db = mysqli_connect('Server_name', 'User_Name', 'Password', 'Database_Name');

This function returns a resource rather than an object. This resource represents the connection to the database, and if you are using the procedural approach, you will need to pass this resource in to all the other mysqli functions. This is similar to the way the file-handling functions, such as fopen(), work.
The procedural version function names start with mysqli_.

• The result of your attempt at connection is worth checking because none of the rest of code will work without a valid database connection.
• The mysqli_connect_errno() function returns an error number on error, or zero on success (This code is the same for the object-oriented and procedural versions).
• Note that when you connect to the database, you begin the line of code with the error suppression operator, @ to handle any errors (This could also be done with exceptions).
• Bear in mind that there is a limit to the number of MySQL connections that can exist at the same time. The MySQL parameter max_connections determines what this limit is. The purpose of this parameter and the related Apache parameter MaxClients is to tell the server to reject new connection requests instead of allowing machine resources to be completely used up at busy times or when software has crashed.
• You can alter both of these parameters from their default values by editing the configuration files. To set MaxClients in Apache, edit the httpd.conf file on your system. To set max_connections for MySQL, edit the file my.conf.

If you want to change the default database, you can do so with the mysqli_select_db() function.
The procedural version begins with mysqli_ and requires the extra database handle parameter.

To actually perform the query, you can use the mysqli_query() function. Before doing this, however, it's a good idea to set up the query you want to run:

$query = "SELECT * FROM user WHERE user.User_ID<=?";

The reason we have a question mark in the query is that we're going to use a type of query known as a prepared statement. The question mark is a placeholder. This tells MySQL, "whatever we replace the question mark with should be treated as data only, and not code."
Placeholders can only be used for data, and not for column, table, or database names.
Remember that the query you send to MySQL does not need a semicolon at the end of it, unlike a query you type into the MySQL monitor.
You should not put any quotation marks or other delimiters around these question marks.

The mysqli library supports the use of prepared statements. These are useful for speeding up execution when you are performing large numbers of the same query with different data.
The basic concept of a prepared statement is that you send a template of the query you want to execute to MySQL and then send the data separately.
The function $db->prepare(), which is called mysqli_stmt_prepare() in the procedural version. This line constructs a statement object or resource that you will then use to do the actual processing.
The statement object has a method called bind_param(). (In the procedural version, it is called mysqli_stmt_bind_param()). The purpose of bind_param() is to tell PHP which variables should be substituted for the question marks. The first parameter is a format string.
Other possible characters in the format string are i for integer and b for blob. After this parameter, you should list the same number of variables as you have question marks in your statement. They will be substituted in this order.
The call to $stmt->execute() (mysqli_stmt_execute() in the procedural version) actually runs the query.

A large variety of functions is available to break the results out in different ways.
As well as binding parameters, you can bind results. For SELECT-type queries, you can use $stmt->bind_result() (or mysqli_stmt_bind_result()) to provide a list of variables that you would like the result columns to be filled into. Each time you call $stmt->fetch() (or mysqli_stmt_fetch()), column values from the next row in the resultset are filled into these bound variables.

If we'd like to get a count of the number of rows returned, we first tell PHP to retrieve and buffer all of the rows returned from the query: $stmt->store_result(); When you use the object-oriented approach, the number of rows returned is stored in the num_rows member of the result object.
When you use a procedural approach, the function mysqli_num_rows() gives you the number of rows returned by the query. You should pass it the result identifier.

There are other approaches to fetching data from a query result other than using mysqli_stmt_fetch(). To use these, first we must extract a result set resource from the statement. You can do this using the mysqli_stmt_get_result() function.
This function returns an instance of the mysqli_result object, which itself has a number of useful functions for extracting the data. Probably the most useful are:

• mysqli_fetch_array() (and related mysqli_fetch_assoc()), which returns the next row from the result set as an array. The mysqli_fetch_assoc() version uses the column names as keys, although you can also get this behavior from mysqli_fetch _array(). The mysqli_fetch_array() function takes a second parameter for the type of array to return. Passing MYSQLI_ASSOC will get you the column names as keys, passing MYSQLI_NUM will result in numbered keys, and MYSQLI_BOTH will give you an array containing two sets of the data, one with column names as keys and one with numerical keys.
• mysqli_fetch_all() returns all of the rows returned by the query as an array of arrays where each of the inner arrays is one of the rows returned.
• mysqli_fetch_object() returns the next row from the result set as an object, where each value is stored in an attribute carrying the name of the column.

Inserting new items into the database is remarkably similar to getting items out of the database.

You can free your result set by calling either

$result->free();

or

mysqli_free_result($result);

You can then use

$db->close();

or

mysqli_close($db);

to close a database connection. Using this command isn't strictly necessary because the
connection will be closed when a script finishes execution anyway.

• When you create a new PDO object, you pass it the connection details for the database you want to connect to.
• The first parameter is a string containing the database type, the host name, and the database name (dsn or Data Source Name).
• The second parameter is the username for the database.
• The third parameter is the password for the database.
• The fourth parameter is an array of options. You can use this to set the error mode and other options.

• Use the query function to query the database.
• It takes one parameter: the query to run.
• It returns a PDOStatement object if the query succeeds and FALSE if it fails.
• The query function prepares and executes an SQL statement without placeholders
• Once you have an object returned in $result, you can use it to extract the data you want, one item at a time, using the fetch method of the object. The fetch method can return data in various styles, including the following:
  • PDO::FETCH_ASSOC Returns the next row as an array indexed by column name.
  • PDO::FETCH_BOTH (default) Returns the next row as an array indexed by both column name and number.
  • PDO::FETCH_LAZY Returns the next row as an anonymous object with names as properties.
  • PDO::FETCH_OBJ Returns the next row as an anonymous object with column name as properties.
  • PDO::FETCH_NUM Returns an array indexed by column number.

The prepare function is used to prepare a statement for execution and returns a statement object.
It takes one parameter: the query to prepare.
The bindParam function is used to bind a parameter to the specified variable name.
The first argument to bindParam is a number representing the position in the query string of the value to insert (in other words, which question mark placeholder is being referred to). This is followed by the variable that will supply the data for that placeholder, and then the type of data the variable must be, and, if a string, another value follows stating its maximum length.
At this point, PHP has everything it needs to execute the prepared statement, so you can issue the following command, which calls the execute method of the $stmt object created earlier, passing the values to be inserted in the form of an array.