The Ultimate PHP Cheat Sheet for Developers

1. Introduction to PHP

If you’ve ever wondered how dynamic websites like Facebook, WordPress, or Wikipedia serve real-time content, PHP is a big part of that magic. PHP (Hypertext Preprocessor) is one of the most widely-used server-side scripting languages — and for good reason. Whether you're building a simple contact form or a large-scale content management system, PHP has the tools to get it done quickly and efficiently.

Why Learn PHP in 2025/2026?

Despite the rise of newer technologies like Node.js and Python, PHP continues to dominate because:

• It's the backbone of WordPress, which powers 40%+ of websites.
• It has a huge ecosystem (Laravel, Symfony, Composer).
• PHP 8+ has modern features like JIT, match expressions, and attributes.

Plus, shared hosting environments almost always support PHP out of the box, making deployment easy for solo developers and small businesses.

Who Should Use This PHP Cheat Sheet?

This guide is for:

• Absolute beginners trying to understand the basics.
• Students and job seekers preparing for PHP-based interviews.
• Working developers who want a quick reference.
• Bloggers and freelancers building custom sites on WordPress or core PHP.

2. PHP Basics: Syntax, Variables, Data Types & More

Every great PHP application begins with understanding its core structure. Whether you're displaying a welcome message or processing a user form, all PHP code starts from the same basic building blocks.

2.1. Writing Your First PHP Script

<?php
  echo "Hello, World!";
?>

Pro Tip from Experience: Always use <?php ... ?> tags (not short <? ... ?>) to ensure compatibility across all servers.

Save the file as index.php, place it in your htdocs (if using XAMPP), and open it in your browser:
http://localhost/index.php

2.2. Understanding PHP Syntax

• Every PHP statement ends with a semicolon ;
• PHP is case-sensitive for variables ($Name ≠ $name)
• PHP scripts run top to bottom

<?php
$name = "Prakash";
echo "My name is $name.";
?>

2.3. Comments in PHP

// This is a single-line comment
# Also a single-line comment
/*
   This is a multi-line comment
*/

In real projects, comments help teams understand your logic. I always encourage students to document key blocks during teaching.

2.4. PHP Variables

Variables in PHP start with a $ sign.

$age = 25;
$name = "Sita";
$price = 99.99;

You don’t need to declare types — PHP is a loosely typed language.

2.5. PHP Data Types

PHP supports several data types. Here are the most commonly used:

2.6. Type Juggling in PHP

PHP automatically converts types when needed.

$x = "10";
$y = 5;
echo $x + $y; // Outputs 15

This flexibility is useful, but can cause unexpected results. Always test your logic carefully, especially when working with forms.

2.7. Best Practices for Beginners

• Use clear variable names ($userEmail instead of $x)
• Stick to lowercase file names and save all files as .php
• Avoid mixing PHP logic with HTML presentation too much in large projects

3. PHP Operators – Arithmetic, Logical, Comparison & More

Operators in PHP are symbols or keywords used to perform operations on variables and values — such as adding numbers, comparing values, or combining logic conditions.

In this section, we’ll break down the main types of operators with real-world examples and beginner-friendly explanations.

3.1. Arithmetic Operators

Used to perform basic math operations.

Example:

$a = 10;
$b = 3;
echo $a + $b;  // 13
echo $a % $b;  // 1

I’ve used arithmetic operators often when calculating prices, discounts, or pagination logic in eCommerce and blog projects.

3.2. Assignment Operators

Used to assign values to variables.

3.3. Comparison Operators

Used to compare values — commonly used in if statements and forms.

Example:

$age = 18;
if ($age >= 18) {
    echo "You are eligible to vote.";
} else {
    echo "You are too young.";
}

 In form validation, I always use === to ensure exact matches between password fields.

3.4. Logical Operators

Used to combine multiple conditions.

Example:

$loggedIn = true;
$isAdmin = false;

if ($loggedIn && $isAdmin) {
    echo "Welcome, Admin!";
} else {
    echo "Access Denied.";
}

This is something you can use in login systems, role management, and conditional display of content.

3.5. Increment/Decrement Operators

Quickly increase or decrease a variable’s value.

$x = 5;
echo ++$x; // 6
echo $x++; // 6 (but $x becomes 7 afterward)

3.6. The Ternary Operator (?:)

A shorthand for if...else

$age = 20;
echo ($age >= 18) ? "Adult" : "Minor";

Clean and perfect for short decision-making tasks like UI messages.

4. PHP Control Structures: if, else, switch, loops & more

Control structures in PHP let you make decisions and repeat actions. Whether you’re checking a user’s login status or looping through blog posts, you’ll use these structures all the time.

This section covers:

• Conditional statements (if, else, elseif, switch)
• Looping statements (while, for, foreach, do-while)
• Practical examples used in real projects

4.1. Conditional Statements in PHP

☑ Basic if...else Syntax:

$age = 18;

if ($age >= 18) {
    echo "You are an adult.";
} else {
    echo "You are underage.";
}

☑ elseif for Multiple Conditions:

$marks = 75;

if ($marks >= 90) {
    echo "Grade A+";
} elseif ($marks >= 75) {
    echo "Grade A";
} elseif ($marks >= 60) {
    echo "Grade B";
} else {
    echo "Needs Improvement";
}

I use elseif frequently in dashboards, filtering, and grading systems.

4.2. switch Statement

Perfect for checking one variable against many values.

$day = "Wednesday";

switch ($day) {
    case "Monday":
        echo "Start of the week.";
        break;
    case "Wednesday":
        echo "Mid-week!";
        break;
    case "Friday":
        echo "Weekend starts soon!";
        break;
    default:
        echo "Just another day.";
}

Much cleaner than writing many if...elseif blocks when you're comparing a single value.

4.3. PHP Looping Statements

Loops are used to repeat code based on conditions — useful for listing users, posts, or items.

🔄 while Loop

$i = 1;
while ($i <= 5) {
    echo "Number: $i <br>";
    $i++;
}

🔄 do...while Loop
Ensures the loop runs at least once.

$i = 1;
do {
    echo "Count: $i <br>";
    $i++;
} while ($i <= 3);

I use this in admin panels when paginating — display content at least once even if fewer entries are there.

🔁 for Loop

Best when you know exactly how many times to run.

for ($i = 1; $i <= 5; $i++) {
    echo "Item $i <br>";
}

🔁 foreach Loop

Specifically for arrays and objects.

$fruits = ["Apple", "Banana", "Mango"];

foreach ($fruits as $fruit) {
    echo "$fruit <br>";
}

This is what I use 90% of the time while listing database results or working with APIs.

⚡ Tips from Real Experience

• Always use break; in switch to prevent fall-through
• foreach is safer for arrays than for
• Combine loops with if for conditional rendering inside lists

5. PHP Arrays – Types, Accessing, Looping, and Real Use Cases

What Are Arrays in PHP?

An array is a special variable that holds multiple values at once. You can think of it like a list — of names, products, prices, users, anything.

PHP supports:

• Indexed Arrays
• Associative Arrays
• Multidimensional Arrays

5.1. Indexed Arrays

These use numeric keys starting from 0.

$colors = ["Red", "Green", "Blue"];
echo $colors[1];  // Green

Loop through indexed array:

foreach ($colors as $color) {
    echo $color . "<br>";
}

Use this when looping through image galleries, product tags, form inputs, etc.

5.2. Associative Arrays

These use named keys instead of numbers.

$user = [
    "name" => "Prakash",
    "email" => "[email protected]",
    "age" => 28
];

echo $user["email"];  // [email protected]

Loop through associative array:

foreach ($user as $key => $value) {
    echo "$key: $value <br>";
}

⚡ This is my go-to structure when working with user profiles or config data.

5.3. Multidimensional Arrays

An array inside another array — useful for complex data structures like tables or records.

$users = [
    ["name" => "Sita", "age" => 28],
    ["name" => "Ram", "age" => 32],
    ["name" => "Gita", "age" => 22]
];

echo $users[1]["name"];  // Ram

Loop through:

foreach ($users as $person) {
    echo $person["name"] . " is " . $person["age"] . " years old.<br>";
}

 ⚡Multidimensional arrays are vital for managing database records, tables, and API responses.

5.4 Array Functions You’ll Use Often

Example:

$colors = ["Red", "Blue"];
if (in_array("Red", $colors)) {
    echo "Red is in the list!";
}

Real Use Case Example:

$posts = [
    ["title" => "PHP Basics", "author" => "Sam"],
    ["title" => "Working with MySQL", "author" => "Rita"]
];

foreach ($posts as $post) {
    echo "<h2>{$post['title']}</h2>";
    echo "<p>By {$post['author']}</p>";
}

⚡This is the exact format you can use to render blog posts from a database or API.

6. PHP Functions – Built-in & User-Defined with Real Use Cases

What is a Function in PHP?

A function is a block of code you define once and use as many times as needed. PHP has:

• Built-in functions (like strlen(), date())
• User-defined functions (your custom logic)

Functions help avoid repeating code, improve readability, and encapsulate logic — all critical for professional development.

6.1. Syntax: Defining and Calling a Function

function greetUser($name) {
    return "Hello, $name!";
}

echo greetUser("Aarav");  // Hello, Aarav!

⚡Real use: You can use such greeting functions in user dashboards or for email templates.

6.2. Parameters and Return Values

➡ Function with multiple parameters:

function add($a, $b) {
    return $a + $b;
}

echo add(5, 3);  // 8

➡ Default parameter values:

function greet($name = "Guest") {
    return "Welcome, $name!";
}

6.3. Passing by Value vs Reference

function modify($num) {
    $num += 10;
}

function modifyRef(&$num) {
    $num += 10;
}

⚡Use pass by reference (&) when you want the original value to be updated.

5.4. Returning Arrays or Multiple Values

function userInfo() {
    return ["name" => "Sita", "email" => "[email protected]"];
}

$user = userInfo();
echo $user["email"];  // [email protected]

5.5. Anonymous Functions (Closures)

Useful for one-off operations, especially in array_map, filter, or events.

$square = function($x) {
    return $x * $x;
};

echo $square(5);  // 25

5.6. Arrow Functions (PHP 7.4+)

Shorter syntax for closures:

$double = fn($n) => $n * 2;

I use arrow functions a lot inside array processing, especially with array_map or array_filter.

 5.7. Recursive Functions

A function that calls itself — great for dealing with nested data or directory structures.

function factorial($n) {
    if ($n <= 1) return 1;
    return $n * factorial($n - 1);
}

5.8. Useful Built-in PHP Functions (Most Common)

🧑‍💻 Real Project Tips

• I use user-defined functions for reusable utilities like slug generation, string sanitization, image resizing, etc.
• Use built-in functions as much as possible — they’re optimized and save development time.
• Group related functions into helpers.php or functions.php files for modular design.

7. PHP String Handling – Manipulation, Formatting, and Security

What is String Handling?

Strings are sequences of characters. PHP offers a rich set of string functions to manipulate text for:

• Validating input
• Formatting content
• Preparing data for storage or output
• Protecting against injections

7.1. Declaring and Printing Strings

$name = "Sita";
echo "Hello, $name!";

• Use double quotes for variable parsing ("Hello, $name")
• Use single quotes for raw strings ('Hello, $name' outputs the variable name literally)

7.2. Most Common String Functions in PHP

Real Use Examples

➡ Capitalize names from form input:

$name = "prakash bhandari";
$name = ucwords(strtolower(trim($name)));  // "Prakash Bhandari"

➡ Format currency:

$price = number_format(49999.99);  // 49,999.99

➡ Safe output of HTML:

echo htmlspecialchars("<script>alert('Hi');</script>");

➡ Output:

<script>alert('Hi');</script>

7.3. Converting Between Strings and Arrays

String to array:

$tags = "php,html,css";
$arr = explode(",", $tags);  // ["php", "html", "css"]

Array to string:

echo implode(" | ", $arr);  // php | html | css

Used in tags, categories, CSV parsing, and filters.

🧰 Advanced Tip: Multibyte Strings (mb_* functions)

If you're working with non-English characters (e.g. Nepali, Chinese), use:

mb_strlen($str);
mb_substr($str, 0, 10);

⚡Why? strlen("राम") may return 6 instead of 2 — mb_strlen() solves this.

7.4. Security in String Handling

• Always use htmlspecialchars() when outputting user input to prevent XSS.
• Use strip_tags() to remove HTML tags from strings.
• Use addslashes() or better — prepared statements (in database context).

$userInput = strip_tags($_POST["comment"]);
$safeOutput = htmlspecialchars($userInput);

8. PHP Superglobals – The Core of Dynamic Web Apps

Superglobals are built-in variables in PHP that are accessible from anywhere in your script — no need to use global or pass them as arguments.

They are essential for handling:

• Form submissions
• Sessions and cookies
• URLs and query parameters
• Server and environment data

📜 List of Common PHP Superglobals

8.1. $_GET – Access Query Parameters

// URL: example.com/page.php?name=Sita
echo $_GET["name"];  // Outputs: Sita

⚡Use $_GET for search forms, pagination, filters, etc.

8.2. $_POST – Handle Form Submissions

<form method="post">
  <input type="text" name="email">
  <input type="submit">
</form>

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    echo $_POST["email"];
}

⚡Use this in contact forms, login systems, comments, etc.

8.3. $_REQUEST – Mixed Method Access

$name = $_REQUEST["name"]; // Can be from GET or POST

⚠️ Not recommended for security-critical operations. Prefer $_POST or $_GET directly.

8.4. $_SERVER – Server and Execution Environment

Example:

echo $_SERVER["REQUEST_URI"];  // /blog?id=5

8.5. $_SESSION – Store Persistent Data (like login)

session_start();
$_SESSION["user"] = "Ram";

echo $_SESSION["user"];  // Ram

⚡Use sessions to store login status and flash messages.

8.6. $_COOKIE – Store Small Data on Browser 🍪

setcookie("theme", "dark", time() + (86400 * 30)); // 30 days

echo $_COOKIE["theme"];

⚡ Cookies are used for "remember me", themes, preferences.

8.7. $_FILES – Handle File Uploads 📂

<form method="post" enctype="multipart/form-data">
  <input type="file" name="photo">
  <input type="submit">
</form>

<?php
$filename = $_FILES["photo"]["name"];
$tmpName = $_FILES["photo"]["tmp_name"];
move_uploaded_file($tmpName, "uploads/" . $filename);

⚡You can use this for profile picture uploads, post images, etc.

8.8. $_ENV – Environment Variables 🌱

Often used with .env files or system configs:

echo $_ENV["APP_ENV"];  // development / production

9. PHP File Handling – Read, Write, Append, Upload, and Delete Files

PHP provides a rich set of built-in functions to interact with the file system — whether you're saving logs, uploading user images, exporting CSV data, or reading content from a text file.

9.1. Reading Files in PHP – Two Effective Ways

Method 1: Read Entire File :

Sometimes, you just want to load the entire file content—say a markdown post or a log file.

$content = file_get_contents("notes.txt");
echo $content;

⚡It's a one-liner that works like magic when you're dealing with static content.

Method 2: Read Line-by-Line:

When working with large files (think logs or CSVs), reading line-by-line saves memory.

$handle = fopen("sample.txt", "r");

while (!feof($handle)) {
    $line = fgets($handle);
    echo $line . "<br>";
}

fclose($handle);

⚡Pro tip: Always fclose() to free resources.

9.2. Writing to Files – Overwrite or Append

Overwrite File Content:

file_put_contents("log.txt", "New log entry at " . date('Y-m-d H:i:s'));

Append to File:

file_put_contents("log.txt", "Another entry\n", FILE_APPEND);

Or, the manual way:

$handle = fopen("log.txt", "a");
fwrite($handle, "Appended line at " . date('H:i:s') . "\n");
fclose($handle);

⚡Use case: I use append mode for writing error logs or chat transcripts without wiping previous content.

9.3. Always Check if File Exists

Avoid "file not found" errors:

if (file_exists("data.txt")) {
    echo file_get_contents("data.txt");
} else {
    echo "File not found.";
}

⚡Best practice: Always check existence before reading or deleting.

9.4. Deleting Files

if (file_exists("oldfile.txt")) {
    unlink("oldfile.txt");
    echo "File deleted!";
}

⚡Use case: Run this during cleanup routines for temporary or outdated files.

9.5. Creating & Listing Directories

Create a New Folder

mkdir("newfolder");

List Files in Directory

$files = scandir("uploads/");
print_r($files);

This includes "." and "..", so you may want to filter those out.

9.6. File Uploads – PHP + HTML

HTML Upload Form:

<form method="POST" enctype="multipart/form-data">
  <input type="file" name="myfile">
  <button type="submit">Upload</button>
</form>

PHP Upload Script:

if ($_FILES["myfile"]["error"] === 0) {
    $filename = $_FILES["myfile"]["name"];
    $tempPath = $_FILES["myfile"]["tmp_name"];
    
    move_uploaded_file($tempPath, "uploads/" . $filename);
    echo "File uploaded successfully!";
}

9.7. Upload Security Best Practices (Highly Recommended)

Validate File Type:

$allowed = ["jpg", "png", "pdf"];
$ext = pathinfo($_FILES["myfile"]["name"], PATHINFO_EXTENSION);

if (!in_array(strtolower($ext), $allowed)) {
    die("Invalid file type");
}

Limit File Size:

if ($_FILES["myfile"]["size"] > 2 * 1024 * 1024) { // 2MB
    die("File too large");
}

Rename to Prevent Overwrites:

$newName = time() . "_" . basename($_FILES["myfile"]["name"]);
move_uploaded_file($_FILES["myfile"]["tmp_name"], "uploads/" . $newName);

⚡Note: Never trust file names from users. Always sanitize or rename.

10. PHP Forms and Validation – Clean, Validate & Secure User Input

Every interactive website needs forms — for login, contact, registration, search, etc. But badly handled user input can lead to bugs, spam, or even security vulnerabilities like XSS and SQL injection.

In this section, you’ll learn how to:

• Accept form input using POST or GET
• Validate and sanitize inputs
• Display errors
• Keep users safe from malicious data

10.1. Basic Form Example

<form method="post" action="">
  Name: <input type="text" name="username"><br>
  Email: <input type="email" name="email"><br>
  <input type="submit">
</form>

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = $_POST["username"];
  $email = $_POST["email"];

  echo "Name: $name <br> Email: $email";
}

⌛ This works, but it’s not safe yet.

10.2. Sanitizing Input

$name = htmlspecialchars(trim($_POST["username"]));
$email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);

10.3. Validating User Input

$errors = [];

if (empty($name)) {
  $errors[] = "Name is required.";
}

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  $errors[] = "Invalid email format.";
}

if (count($errors)) {
  foreach ($errors as $error) {
    echo "<p style='color:red;'>$error</p>";
  }
} else {
  echo "Form submitted successfully.";
}

10.4. Complete Secure Form Handling Flow

<?php
$name = $email = "";
$errors = [];

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = htmlspecialchars(trim($_POST["username"]));
  $email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL);

  if (empty($name)) {
    $errors[] = "Name is required.";
  }
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    $errors[] = "Valid email is required.";
  }

  if (empty($errors)) {
    echo "Welcome, $name! We will contact you at $email.";
  }
}
?>

10.5. Preserving User Input After Errors

<input type="text" name="username" value="<?= htmlspecialchars($name) ?>">

⚡Preserve user input in forms to improve UX and avoid frustration after validation fails.

10.6. Avoiding Common Security Mistakes

11. PHP Sessions & Cookies – Store and Manage User State

PHP is a stateless language — but with sessions and cookies, you can retain data across multiple pages. This is essential for:

• Logging users in
• Showing flash messages
• Remembering preferences
• Creating shopping carts

11.1. What Are Sessions?

• Stored on the server
• Track user data (e.g. $_SESSION["user_id"])
• Unique session ID is stored in a cookie called PHPSESSID

🚀 Starting and Using a Session

session_start(); // Must be at the top

$_SESSION["username"] = "Ram";
echo $_SESSION["username"]; // Ram

⚡Use this on admin dashboards to remember login status.

❌ Destroying a Session (Logout)

session_start();
session_unset();  // Removes all session variables
session_destroy(); // Destroys session data

11.2. What Are Cookies?

• Stored on the browser
• Can persist for days/months
• Used to “remember” settings across visits

Creating and Reading Cookies

// Set cookie for 30 days
setcookie("theme", "dark", time() + (86400 * 30));

echo $_COOKIE["theme"]; // Outputs: dark

• time() returns current time in seconds
• 86400 = seconds in a day

🔒 Secure Cookie Example

setcookie("secure_login", "1", time()+3600, "/", "", true, true);

⚡The last true, true enables secure and HTTP-only flags

11.3. Real-World Examples From My Projects

🔐 11.4. Session vs Cookie

11.5. Flash Message Example (Using Session)

// On form submit
session_start();
$_SESSION["flash"] = "Post saved successfully!";
header("Location: dashboard.php");

// On dashboard.php
session_start();
if (isset($_SESSION["flash"])) {
  echo "<p>" . $_SESSION["flash"] . "</p>";
  unset($_SESSION["flash"]);
}

⚡ Flash messages show once and disappear.

12. Error Handling & Debugging in PHP – Write Bug-Free Code

Every PHP developer — from beginner to pro — deals with errors, warnings, and bugs. Instead of ignoring them, learn to handle them gracefully using proper techniques like:

• Error reporting
• Logging
• try-catch for exceptions
• Debugging tools

12.1. Display PHP Errors (During Development Only)

ini_set('display_errors', 1);
error_reporting(E_ALL);

• Shows all errors and warnings
• Use only in development, not production

⚡Add this at the top during testing.

12.2. Logging Errors to a File

ini_set("log_errors", 1);
ini_set("error_log", "logs/php-error.log");

// Now errors go to logs/php-error.log

• Keeps your screen clean
• Great for production environments

12.3. Custom Error Handling with set_error_handler()

function customError($errno, $errstr) {
  echo "Oops! [$errno] $errstr<br>";
}
set_error_handler("customError");

// Trigger error
echo 10 / 0;

Lets you format or log errors your way

12.4. Exception Handling with try-catch

try {
  if (!file_exists("data.csv")) {
    throw new Exception("File not found!");
  }
} catch (Exception $e) {
  echo "Caught Exception: " . $e->getMessage();
}

⚡ Best practice for file operations, external APIs, and user authentication

12.5. Basic Error Types in PHP

12.6. Debugging with var_dump() and print_r()

$users = ["admin", "editor", "guest"];
var_dump($users);
print_r($users);

12.7. PHP Error Constants

error_reporting(E_ERROR | E_WARNING | E_PARSE);

13. PHP Object-Oriented Programming (OOP) – Classes, Objects

OOP (Object-Oriented Programming) in PHP helps you organize your code better, reuse components, and build scalable applications like CMSs, eCommerce platforms, or frameworks (like Laravel).

If you’ve worked with C or Java, some concepts will feel familiar.

13.1. What Is OOP in PHP?

OOP is a way of structuring code using:

• Classes – blueprints
• Objects – instances of classes
• Properties – variables inside a class
• Methods – functions inside a class

13.2. Basic Class and Object Example

class Car {
  public $brand = "Toyota";

  public function drive() {
    echo "Driving a " . $this->brand;
  }
}

$myCar = new Car();
$myCar->drive(); // Driving a Toyota

⚡$this refers to the current object.

13.3. Constructor (__construct) 🧩

class User {
  public $name;

  function __construct($name) {
    $this->name = $name;
  }

  function greet() {
    return "Hello, " . $this->name;
  }
}

$user1 = new User("Ram");
echo $user1->greet(); // Hello, Ram

⚡ This is useful for setting initial values.

13.4. OOP Features in PHP

13.5. Inheritance in PHP

class Animal {
  public function sound() {
    return "Some sound";
  }
}

class Dog extends Animal {
  public function sound() {
    return "Bark";
  }
}

$dog = new Dog();
echo $dog->sound(); // Bark

⚡ Method overriding in action.

13.6. Access Modifiers

13.7. Static Methods and Properties

class MathHelper {
  public static $pi = 3.14159;

  public static function square($n) {
    return $n * $n;
  }
}

echo MathHelper::$pi; // 3.14159
echo MathHelper::square(5); // 25

⚡No need to create an object

13.8. Interfaces

interface Shape {
  public function getArea();
}

class Circle implements Shape {
  public function getArea() {
    return 3.14 * 5 * 5;
  }
}

⚡Interface defines what must be implemented, not how.

13.9. Abstract Classes

abstract class Payment {
  abstract public function process();
}

class PayPal extends Payment {
  public function process() {
    return "Processing via PayPal";
  }
}

⚡Cannot instantiate abstract class directly

14. PHP and MySQL – Database Basics

PHP and MySQL are like best friends in web development. Almost every dynamic website needs to store and retrieve data — and PHP connects seamlessly to MySQL using either MySQLi or PDO.

14.1 Connecting to a MySQL Database (MySQLi & PDO)

Using MySQLi (Object-Oriented):

$mysqli = new mysqli("localhost", "root", "password", "my_database");

if ($mysqli->connect_error) {
  die("Connection failed: " . $mysqli->connect_error);
}

Using PDO (PHP Data Objects):

try {
  $pdo = new PDO("mysql:host=localhost;dbname=my_database", "root", "password");
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
  die("Connection failed: " . $e->getMessage());
}

⚡Tip: Use PDO if you want to support multiple databases (MySQL, PostgreSQL, SQLite, etc.)

14.2 CRUD Operations – Create, Read, Update, Delete

14.2.1. Create (Insert)

MySQLi:

$sql = "INSERT INTO users (name, email) VALUES ('John Doe', '[email protected]')";
$mysqli->query($sql);

PDO:

$sql = "INSERT INTO users (name, email) VALUES ('John Doe', '[email protected]')";
$pdo->exec($sql);

14.2.2. Read (Select)

MySQLi:

$result = $mysqli->query("SELECT * FROM users");
while ($row = $result->fetch_assoc()) {
  echo $row["name"] . "<br>";
}

PDO:

$stmt = $pdo->query("SELECT * FROM users");
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
  echo $row["name"] . "<br>";
}

14.2.3. Update

$sql = "UPDATE users SET name='Jane' WHERE id=1";
$mysqli->query($sql); // MySQLi

$pdo->exec($sql);     // PDO

 14.2.4. Delete

$sql = "DELETE FROM users WHERE id=1";
$mysqli->query($sql); // MySQLi

$pdo->exec($sql);     // PDO

14.3 Prepared Statements – Protect from SQL Injection

They prevent attackers from injecting SQL via form inputs (e.g., login form or search box).

MySQLi Prepared Statement:

$stmt = $mysqli->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email); // "s" = string
$email = $_POST["email"];
$stmt->execute();
$result = $stmt->get_result();

PDO Prepared Statement:

$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->execute(['email' => $_POST["email"]]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

🔐 Always use prepared statements for user inputs (e.g., login, signup, comments).

15: Useful PHP Built-in Functions

PHP comes with a rich set of built-in functions that simplify everything from working with dates to sending HTTP requests. In this section, you’ll learn how to use some of the most commonly needed tools in real-world PHP development.

15.1 Date & Time Functions

Get Current Date and Time:

echo date("Y-m-d H:i:s"); // Output: 2025-04-29 14:35:00

Convert String to Timestamp:

echo strtotime("next Monday"); // Output: Unix timestamp

Format a Timestamp:

echo date("l, d M Y", strtotime("2025-04-29")); // Output: Tuesday, 29 Apr 2025

Time Difference:

$start = strtotime("2025-04-01");
$end = strtotime("2025-04-10");
$diff = ($end - $start) / (60 * 60 * 24);
echo "Difference in days: $diff";

15.2 JSON Handling (Encode & Decode)

APIs, AJAX, and frontend-backend communication often rely on JSON.

Encode Array to JSON:

$data = ["name" => "John", "email" => "[email protected]"];
$json = json_encode($data);
echo $json;

Output: {"name":"John","email":"[email protected]"}

Decode JSON to PHP Array:

$json = '{"name":"John","email":"[email protected]"}';
$data = json_decode($json, true); // true for associative array
echo $data["email"]; // Output: [email protected]

🔒 Always validate JSON from external sources before decoding.

15.3 cURL – Making API Requests in PHP

cURL is a powerful way to send HTTP requests from PHP (e.g., fetch data from an API).

Basic GET Request:

$ch = curl_init("https://api.example.com/data");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
print_r($data);

POST Request Example:

$ch = curl_init("https://api.example.com/submit");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(["name" => "John"]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);

🔐 Use CURLOPT_HTTPHEADER to send tokens or content types.

15.4 Math Functions

Whether you’re working on e-commerce discounts or graphics, PHP math functions are useful.

16. PHP Email Handling – mail() Function and PHPMailer (SMTP)

Sending emails in PHP can be done using the built-in mail() function or the more powerful and reliable PHPMailer for SMTP-based emails.

16.1. Sending Simple Email with mail()

$to = "[email protected]";
$subject = "Welcome to our site!";
$message = "Thank you for registering.";
$headers = "From: [email protected]";

mail($to, $subject, $message, $headers);

Limitations:

• Might go to spam
• No authentication
• Not reliable on shared hosting
• Minimal formatting control

16.2. Use HTML in Emails

$headers  = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= "From: [email protected]";

$message = "<h1>Thank You!</h1><p>We appreciate your registration.</p>";

mail($to, $subject, $message, $headers);

16.3. Why Use PHPMailer or SMTP?

• Authentication support
• TLS/SSL encryption
• Supports attachments
• HTML email templates
• Reduced spam issues

16.4. Sending Email with PHPMailer (SMTP)

Step 1: Install via Composer

composer require phpmailer/phpmailer

Step 2: PHP Script Example

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'vendor/autoload.php';

$mail = new PHPMailer(true);

try {
  $mail->isSMTP();
  $mail->Host       = 'smtp.gmail.com';
  $mail->SMTPAuth   = true;
  $mail->Username   = '[email protected]';
  $mail->Password   = 'your_app_password'; // Use App Password, not Gmail login
  $mail->SMTPSecure = 'tls';
  $mail->Port       = 587;

  $mail->setFrom('[email protected]', 'Your Name');
  $mail->addAddress('[email protected]', 'User');

  $mail->isHTML(true);
  $mail->Subject = 'Here is the subject';
  $mail->Body    = '<b>This is the HTML message body</b>';
  $mail->AltBody = 'This is the plain text version';

  $mail->send();
  echo 'Message has been sent';
} catch (Exception $e) {
  echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}

16.5. Attach Files with PHPMailer

$mail->addAttachment('/path/to/file.pdf');  // Optional

17. Security Best Practices in PHP

Security is not optional when building real-world applications. Whether it's a login form, blog CMS, or an API, neglecting security can lead to data leaks, defacement, or worse.

This section will walk you through the must-know security techniques every PHP developer — beginner or professional — should follow.

17.1 SQL Injection Prevention

SQL Injection is one of the most common and dangerous attacks. It occurs when user inputs are directly inserted into SQL queries.

❌ Vulnerable Example:

// DO NOT USE
$sql = "SELECT * FROM users WHERE email = '" . $_POST['email'] . "'";

➡ Safe With Prepared Statements (PDO):

$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->execute(['email' => $_POST['email']]);

➡ Safe With MySQLi :

$stmt = $mysqli->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $_POST['email']);
$stmt->execute();

⚡Rule: Never trust user input. Always use prepared statements.

17.2 Cross-Site Scripting (XSS) Protection

XSS allows attackers to inject malicious JavaScript into your pages, often via comment forms, search inputs, etc.

❌ Vulnerable Code:

echo $_GET['username'];

➡ Sanitize Output with htmlspecialchars() :

echo htmlspecialchars($_GET['username'], ENT_QUOTES, 'UTF-8');

➡ Escape Data Before Displaying in HTML:

<input type="text" value="<?php echo htmlspecialchars($value); ?>">

Use frameworks (like Laravel or Twig) that auto-escape HTML output by default.

17.3 Password Hashing & Verification

Plain text passwords? NEVER. PHP provides secure and modern password hashing tools.

➡ Hash Password Before Storing:

$hash = password_hash("userpassword", PASSWORD_DEFAULT);

PASSWORD_DEFAULT uses bcrypt (secure and recommended).

➡ Verify Password on Login:

if (password_verify($_POST['password'], $hashFromDatabase)) {
    echo "Login successful!";
}

⚡password_hash() automatically generates a salt, so don’t use md5() or sha1() — they are insecure and outdated.

17.4 HTTPS and Session Management

Even if your site uses secure code, if data is transmitted over HTTP, it’s vulnerable to man-in-the-middle attacks.

➡ Always Use HTTPS:

• Get a free SSL from Let's Encrypt
• Redirect all traffic to https:// using .htaccess or server config

➡ Secure Sessions:

session_start();

// Regenerate session ID to prevent session fixation
session_regenerate_id(true);

// Set secure session cookie parameters
session_set_cookie_params([
    'lifetime' => 0,
    'secure' => true, // Only over HTTPS
    'httponly' => true, // JavaScript can't access
    'samesite' => 'Strict'
]);

🔐 Combine this with login checks and access controls.

18. PHP Tips and Tricks for Professionals

For developers stepping into production-level PHP development, performance, scalability, and clean code structure become top priorities. This section is crafted with professional developers in mind — offering battle-tested tips and tools that elevate your PHP game.

18.1 Performance Optimization in PHP

Fast code = happy users. Here are practical ways to make your PHP run faster:

➡ Use Output Buffering:

ob_start();
// Your HTML/PHP here
ob_end_flush();

Improves performance by reducing I/O operations and allowing compression.

➡ Avoid Repeated Database Queries:

// Instead of multiple queries in a loop:
$results = $pdo->query("SELECT * FROM users")->fetchAll();

Tip: Use joins and in-memory caching wherever possible.

➡ Use isset() Instead of array_key_exists() :

// Faster
if (isset($array['key'])) {}

// Slower
if (array_key_exists('key', $array)) {}

➡ Use Native PHP Functions:

Native functions are highly optimized C code. For example:

$sum = array_sum($numbers); // Faster than manual loops

18.2 Composer Usage – PHP Dependency Manager

Composer is the de facto standard for managing packages/libraries in PHP.

➡ Initialize Composer in a Project:

composer init

➡ Install a Package (e.g., Guzzle HTTP client):

composer require guzzlehttp/guzzle

➡ Load Composer’s Autoloader in Your PHP:

require 'vendor/autoload.php';

use GuzzleHttp\Client;
$client = new Client();

💼 Composer is used in frameworks like Laravel, Symfony, and in most modern PHP projects.

18.3 Autoloading in PHP

Autoloading helps load classes automatically, instead of manually including files.

➡ PSR-4 Autoloading via Composer:

In composer.json:

"autoload": {
    "psr-4": {
        "App\\": "src/"
    }
}

Then run:

composer dump-autoload

Now your file src/Controller/HomeController.php can be auto-loaded using:

use App\Controller\HomeController;

No more manual require statements — keeps code clean and modular.

18.4 Namespaces – Avoid Class Conflicts

Namespaces help avoid conflicts when multiple libraries have classes with the same name.

➡ Define a Namespace:

namespace App\Models;

class User {
    // ...
}

➡ Use a Namespaced Class:

use App\Models\User;

$user = new User();

➡ Avoiding Conflicts in Big Projects:

Use namespaces like:

CompanyName\Module\Feature

A must for enterprise-level applications or when using multiple libraries.

18.5 Debugging Tools – Stop Guessing, Start Profiling

Manual echo/var_dump can only take you so far. Use professional tools:

➡ Xdebug – Powerful Debugging & Profiling

• Step debugging (with breakpoints)
• Stack tracing
• Memory usage profiling

Install via:

pecl install xdebug

Then configure php.ini:

zend_extension="xdebug.so"
xdebug.mode=debug

Works seamlessly with VS Code or PhpStorm.

➡ Alternatives:

• Laravel Telescope (for Laravel)
• Whoops: A great error handler for dev environments.
• PHP Debug Bar

19. PHP 8.x Features (Latest Additions)

PHP 8 introduced several powerful features that improve readability, developer productivity, and performance. Whether you're maintaining legacy code or writing fresh applications, understanding these additions is a must for modern PHP development.

Let's break down the key enhancements you should start using today.

19.1 Named Arguments

Named arguments allow passing arguments to functions by specifying the parameter name, improving code clarity and flexibility.

Example:

function greet($name, $greeting = "Hello") {
    return "$greeting, $name!";
}

// Traditional
echo greet("Alice", "Hi");

// PHP 8 Named Argument
echo greet(name: "Alice", greeting: "Hi");

⚡Especially useful when functions have many optional parameters.

19.2 Match Expression (Better Than Switch)

The match expression is a more concise and safer alternative to switch.

Example:

$statusCode = 404;

echo match ($statusCode) {
    200 => 'OK',
    404 => 'Not Found',
    500 => 'Server Error',
    default => 'Unknown',
};

Why It’s Better:

• Returns a value (no break needed)
• Strict comparison (===)
• More concise and readable

19.3 Attributes (Native Annotations)

PHP 8 introduces attributes (like annotations in other languages) that let you attach metadata to classes, functions, and properties.

Example:

#[Route('/users', methods: ['GET'])]
function getUsers() {
    // ...
}

Define custom attributes:

#[Attribute]
class Route {
    public function __construct(public string $path, public array $methods = []) {}
}

⚡Used heavily in frameworks for routing, validation, and ORM mapping (like Symfony, Laravel, Doctrine).

19.4 Nullsafe Operator (?->)

No more nested if checks just to avoid null errors. The nullsafe operator helps safely access chained properties/methods.

Example:

// Without nullsafe operator
if ($user !== null && $user->profile !== null) {
    echo $user->profile->bio;
}

// With nullsafe operator
echo $user?->profile?->bio;

⚡Cleaner, less error-prone code — especially in APIs, auth systems, or complex data structures.

19.5 Just-In-Time Compilation (JIT)

PHP 8 introduced JIT compilation, which can improve performance by compiling parts of your PHP code to machine code at runtime.

➡ What It Means:

• Better performance for CPU-heavy tasks (math, loops)
• Less noticeable benefit for traditional web apps (I/O-bound)

➡ Enable JIT (in php.ini):

opcache.enable=1
opcache.jit_buffer_size=100M
opcache.jit=tracing

➡ When You’ll See Gains:

Use JIT when you process data-heavy tasks like video rendering, complex calculations, etc.

Conclusion: The Only PHP Cheat Sheet You'll Ever Need

This comprehensive PHP Cheat Sheet for beginners and professionals is designed to guide you through every major PHP concept — from variables and arrays to databases, security, Composer, and PHP 8.x features — you now have a practical, go-to reference to support your development workflow.

This guide isn’t just theory — it’s packed with real-world examples and tips that you can apply immediately. Think of it as your personal PHP handbook — always ready when you need a refresher, a best practice, or a quick code snippet.

➡ If you found this guide helpful, don’t forget to bookmark it for future reference, share it with your friends, and leave a comment below with your thoughts or questions. Your feedback helps improve the resource for everyone.