Q1.

Both functions include() and required() are used to handle external PHP files, only
difference is error handling. If include() fails, it gives warning but keeps executing the
script. If required() fails, it throws error and stops executing the script. Also, required()
is used when the file is important.

Q2.

Session is a mechanism that allows data such as username, cart items, etc to be stored
information of users on website and across on all pages. session_start() is used in PHP
to start a session and assigns unique session ID that is stored on client side. Session
stores data as long as it is running once you close the application; session is
terminated, and all data is lost.

Q3.

Error handling is important in PHP:

• E_NOTICE: It indicates non-critical error. These are more of suggestions rather

than a typical error, but this does not interrupt script execution.
• E_WARNING: It indicates more issue than a notice. It throws a warning and
alters the developers but does not halt the script execution.
• E_ERROR: It indicates fatal error that will prevent script from running. These
errors are more of when attempting to use undefined functions.
• try-catch: It will catch exception and handle without halting the script. It can be
used when testing the code or when in secure and critical code block.

Q4.

$_SERVER super global is a variable that holds information like header, path and script
location. It can provide data like, for example:

• $_SERVER[‘HTTP_USER_AGENT’] – Browser information

• $_SERVER[‘REQUEST_METHOD’] – GET, POST
• $_SERVER[‘SERVER_NAME’] – Server hostname

Q5.

Prepared statements separate the query, and the data sent to database. This is
important as that data may interfere with the query if not handled properly. It prevents
malicious input from being treated as executable SQL file. For eg:

$ data = 1;

$query = “SELECT * FROM users WHERE id=$ data”;

This will be treated as : SELECT * FROM users WHERE id = 1;

In this way malicious queries can also be injected. For eg:

$ data = 1; DROP TABLE users;

$query = “SELECT * FROM users WHERE id= data”

This will be treated as: SELECT * FROM users WHERE id =1; DROP TABLE users;

This can destroy our database. To prevent this we use prepared statements by using
placeholders or by setting params. For eg:

$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");

This make sures that input is treated as only data, not as part of the SQL queries.

Q6.

PHP:

<?php

$servername = "localhost";

$username = "root";

$password = "";

$connection = new mysqli($servername, $username, $password);

if ($connection->connect_error) {

die("Connection failed: " . $connection->connect_error);

echo "Connected successfully<br>";

$sql = "SELECT * FROM user.user";

$result = mysqli_query($connection, $sql);

if (mysqli_num_rows($result) > 0) {

while ($row = mysqli_fetch_assoc($result)) {

 echo "User ID: " . $row["id"] . " - Name: " . $row["firstName"] . " " . $row["lastName"] .
"<br>";

} else {

echo "No users found.";

$connection->close();

?>

Q7.
1.

2.
 3.
Html:

<!DOCTYPE html>

<html lang="en">

<head>

<meta charset="UTF-8">

<meta name="viewport" content="width=device-width, initial-scale=1.0">

<title>User</title>

</head>

<body>

<form action="index.php" method="post">

<table>

<tr>

<td>Name:</td>

<td><input type="text" name="name" id="name" required

placeholder="Enter Your Name"></td>

</tr>

<tr>
 <td>Age:</td>

<td><input type="number" name="age" id="age" required ></td>

</tr>

<tr>

<td>Mobile Number</td>

<td><input type="number" name="mobileNumber" id="mobileNumber"

required placeholder="XXX-XXX-XXXX"></td>

</tr>

<tr>

<td>Gender:</td>

<td>

<input type="radio" name="gender" id="male" value="m">Male

<input type="radio" name="gender" id="female" value="f">Female

</td>

</tr>

<tr>

<td>Email:</td>

<td><input type="email" name="email" id="email" required

placeholder="[email protected]"></td>

</tr>

<tr>

<td><button type="submit">Submit</button></td>

</tr>

</table>

</form>

</body>

</html>

PHP:

<?php
$servername = "localhost";

$username = "root";

$password = "";

$dbname = "test";

$connection = new mysqli($servername, $username, $password, $dbname);

if ($connection->connect_error) {

die("Connection failed: " . $connection->connect_error);

echo "Connected successfully<br>";

$name = $_POST['name'];

$age = $_POST['age'];

$mobileNumber = $_POST['mobileNumber'];

$gender = $_POST['gender'];

$email = $_POST['email'];

if (!empty($name) && !empty($age) && !empty($mobileNumber) && !empty($gender) &&

!empty($email)) {

$stmt = $connection->prepare("INSERT INTO form (name, age, mobileNumber,

gender, email) VALUES (?, ?, ?, ?, ?)");

$stmt->bind_param("sisss", $name, $age, $mobileNumber, $gender, $email);

if ($stmt->execute()) {

echo "Data inserted successfully!";

} else {

echo "Error: " . $stmt->error;

 }

$stmt->close();

} else {

echo "Please fill in all the fields.";

$connection->close();

?>

Q8.

1. Ignore the error, as it is occurring because it’s trying to get the name from form
before we’ve submitted.
 2.

3.
PHP:
<!DOCTYPE html>

<html lang="en">

<head>

<meta charset="UTF-8">

<meta name="viewport" content="width=device-width, initial-scale=1.0">

<title>Document</title>
</head>

<body>

<form action="#" method="post">

<h1>Q8</h1>

<input type="text" name="name"><br>

<button type="submit" name="submit">Submit</button>

</form>

<?php

function sanitizeOutput($name){

return htmlspecialchars($name);

$userInput = $_POST['name'];

echo sanitizeOutput($userInput);

?>

</body>

</html>

Q9.
 1.

2.
PHP:
Q10.

PHP:
<?php

$data = [

["Name" => "Rushi", "Age" => 21],

["Name" => "Yaju", "Age" => 23],

["Name" => "Jemsi", "Age" => 19]

];

echo "<table border='1'><tr>";

echo "<tr><th>Name</th><th>Age</th></tr>";

foreach ($data as $row) {

echo "<tr>";

foreach ($row as $i) {

echo "<td>$i</td>";

echo "</tr>";
}

echo "</table>";

?>