COSC405 PHP PROGRAMMING INDIVIDUAL ASSIGNMENT REPORT

Name: HALIMA LAWAL ALIYU

Matric Number: U22DLCS10199
Course Code: COSC405
Course Title: PHP Programming
Assignment Title: Individual Assignment

Question 1

a. In PHP, a data type refers to the type of value a variable can hold. Common data types
include strings (text), integers (whole numbers), floats (decimal numbers), booleans (true or
false), arrays (collections of values), objects (instances of classes), and NULL (no value).
PHP is dynamically typed, meaning you do not need to declare the data type of a variable
before using it. The type is determined automatically at runtime based on the assigned value,
making development more flexible but requiring caution to avoid type-related bugs.

b.

<!DOCTYPE html>
<html>
<body>
<form method="post">
Number 1: <input type="text" name="num1"><br>
Number 2: <input type="text" name="num2"><br>
<input type="submit" name="submit">
</form>

<?php
if (isset($_POST['submit'])) {
$num1 = (int)$_POST['num1'];
$num2 = (int)$_POST['num2'];

echo "<br />Type of num1: " . gettype($num1) . "<br>";

echo "<br />Type of num2: " . gettype($num2) . "<br>";

$sum = $num1 + $num2;

echo "<br />Sum: $sum";
echo "<br><br>Submitted by: HALIMA LAWAL ALIYU";

}
?>
</body>
</html>
Question 2

a. The include() function in PHP allows developers to insert the content of one PHP file
into another before the server executes it. This is useful for reusing common components
such as headers, footers, or navigation bars. The difference between include() and
include_once() is that include_once() will check if the file has already been included,
and if so, it will not include it again. This helps prevent errors from multiple inclusions of the
same file.

b.

// header.php
<h1>Welcome to My Website</h1>
<hr>
// footer.php
<hr>
<footer>Copyright 2025 - HALIMA LAWAL ALIYU</footer>
// index.php
<?php
include("header.php");
echo "<p>Main content of the page.</p>";
include("footer.php");
?>
Question 3

a. In PHP, form handling using the $_POST superglobal allows the script to collect input from
forms sent via the POST method. $_POST is an associative array containing key-value pairs
where keys correspond to input field names. This is a secure way to send data, especially
passwords, as the data is not visible in the URL.

b.

<form method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="login">
</form>

<?php
if (isset($_POST['login'])) {
$user = $_POST['username'];
$pass = $_POST['password'];

if ($user == "halima" && $pass == "lawal") {

echo "Welcome, HALIMA LAWAL ALIYU!";
} else {
echo "Invalid credentials.";
}
}
?>
Question 4

a. The GET and POST methods are used to send data to the server via forms. GET appends
data to the URL, making it visible and suitable for non-sensitive data or bookmarking. POST
sends data within the HTTP request body, making it hidden from the URL and more secure
for transmitting sensitive information.

b.

<form method="get">
Feedback: <input type="text" name="feedback">
<input type="submit" name="send">
</form>

<?php
if (isset($_GET['send'])) {
echo "HALIMA LAWAL ALIYU says: " . htmlspecialchars($_GET['feedback']);
}
?>
Question 5

a. A session in PHP is a way to store user information to be used across multiple pages.
Unlike cookies, session data is stored on the server. PHP manages sessions using a unique
session ID, which is usually stored in a cookie on the client side.

b.

<?php
session_start();

if (!isset($_SESSION['visits'])) {
$_SESSION['visits'] = 0;
}
$_SESSION['visits']++;

echo "HALIMA LAWAL ALIYU has visited this page " . $_SESSION['visits'] . "
times.";
?>

Question 6

a. SQL Injection is a security vulnerability that allows an attacker to interfere with the queries
an application makes to its database. It can be used to view, modify, or delete data. To
prevent this in PHP, we use PDO with prepared statements, which separate SQL logic from
user input.

b.
<?php

// Database configuration

$host = 'localhost';

$db = 'sample_db';

$user = 'root';

$pass = '';

$charset = 'utf8mb4';

try {

$pdo = new PDO("mysql:host=$host;dbname=$db;charset=$charset", $user,

$pass);

$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$stmt = $pdo->query("SELECT regno, full_name FROM users");

echo "<h3>Registered Users:</h3>";

echo "<ul>";

while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {

echo "<li>" . htmlspecialchars($row['regno']) . " - " .

htmlspecialchars($row['full_name']) . "</li>";

echo "</ul>";

} catch (PDOException $e) {

echo "Connection failed: " . $e->getMessage();

?>

Question 7

a. In PHP, variable scope refers to the context within which a variable is defined and
accessible. There are three main types of scope:
  Global: Declared outside functions and accessible globally using the global keyword
inside functions.
 Local: Declared within a function and only accessible within that function.
 Static: Retains its value between function calls. Useful for counters and accumulators.

b.

<?php
$counter = 5;

function testScope() {
global $counter;
static $staticVar = 0;
$counter++;
$staticVar++;
echo "Global: $counter | Static: $staticVar - HALIMA LAWAL ALIYU<br>";
}

testScope();
testScope();
testScope();
?>

Question 8

a. The require() function is used to include and evaluate a specified file. If the file is not
found, it halts the execution of the script. require_once() works similarly but ensures the
file is only included once to prevent redeclaration errors.

b.

// navbar.php
<nav>Navigation: Home | About | Services</nav>
// sidebar.php
<aside>Sidebar: Quick Links</aside>
// main.php
<?php
require("navbar.php");
require("sidebar.php");
echo "<main>Welcome to HALIMA LAWAL ALIYU's page.</main>";
?>
Question 9

a. File uploads in PHP are managed using forms with enctype="multipart/form-data"

and processed with the $_FILES superglobal. This array contains details like file name, size,
type, and the temporary file location. It's essential to validate and move uploaded files
securely.

b.

<form method="post" enctype="multipart/form-data">

Upload your photo: <input type="file" name="profile">
<input type="submit" name="upload">
</form>

<?php
if (isset($_POST['upload'])) {
$file = $_FILES['profile'];
move_uploaded_file($file['tmp_name'], "uploads/" . $file['name']);
echo "Uploaded by: HALIMA LAWAL ALIYU<br>";
echo "<img src='uploads/{$file['name']}' width='150'>";
}
?>

Question 10

a. Cookies are small text files stored on the client's computer to hold user information across
sessions. Sessions, however, store data on the server. Cookies persist even after the browser
is closed (until expiration), whereas session data is cleared when the browser is closed or
session ends.

b.

<?php
if (!isset($_COOKIE['visitor'])) {
setcookie("visitor", "HALIMA LAWAL ALIYU", time()+3600);
echo "Cookie set for HALIMA LAWAL ALIYU. Please refresh.";
} else {
echo "Welcome back, " . $_COOKIE['visitor'];
}
?>

Question 11

a. Associative arrays in PHP use named keys instead of numeric indexes. They are especially
useful for processing forms or organizing related data like student records.

b.

<?php
$student = [
"name" => "HALIMA LAWAL ALIYU",
"department" => "Computer Science",
"matric_number" => " U22DLCS10199"
];

foreach ($student as $key => $value) {

echo ucfirst($key) . ": $value<br>";
}
?>

Question 12
a. Cross-Site Scripting (XSS) is a vulnerability where attackers inject malicious scripts into
webpages. It can lead to data theft or session hijacking. Preventing XSS involves validating
and sanitizing user input. In PHP, the htmlspecialchars() function is commonly used to
neutralize potentially dangerous code.

b.

<form method="post">
Enter comment: <input type="text" name="comment">
<input type="submit" name="post">
</form>

<?php
if (isset($_POST['post'])) {
$comment = htmlspecialchars($_POST['comment']);
echo "HALIMA LAWAL ALIYU commented: $comment";
}
?>