Strings

A string is text. In PHP, strings hold names, emails, URLs, messages, HTML, JSON fragments, file paths, SQL fragments, log lines, and many other pieces of application data.

Working with strings is not only joining words together. In real PHP code, you trim input, check whether text contains something, replace text, format output, and escape text before putting it into HTML.

Quotes And Interpolation

Single-quoted strings are simple. Double-quoted strings can interpolate variables.

<?php

$name = 'Amo';

echo 'Hello, $name' . "\n";
echo "Hello, {$name}\n";

// Prints:
// Hello, $name
// Hello, Amo

Use braces in interpolated strings when they make the variable boundary clearer.

Concatenation

PHP uses . to join strings.

<?php

$firstName = 'Ada';
$lastName = 'Lovelace';

$fullName = $firstName . ' ' . $lastName;

echo $fullName . "\n";

// Prints:
// Ada Lovelace

Concatenation is common when building labels, log messages, file names, and small bits of output.

Trimming And Normalising Input

User input often contains extra spaces.

<?php

$rawName = '  Grace Hopper  ';
$name = trim($rawName);

echo $name . "\n";

// Prints:
// Grace Hopper

Trim before checking whether a required string is empty. A string containing only spaces should usually count as empty input.

Searching And Replacing

Use str_contains() when you only need to know whether one string contains another.

<?php

$email = 'amo@example.com';

if (str_contains($email, '@')) {
    echo "Looks like an email address\n";
}

// Prints:
// Looks like an email address

This is not full email validation, but it shows a common string check.

Use str_replace() for simple replacements.

<?php

$template = 'Hello, {{name}}';
$message = str_replace('{{name}}', 'Mina', $template);

echo $message . "\n";

// Prints:
// Hello, Mina

For complex patterns, later lessons cover regular expressions.

Length And Multibyte Text

strlen() counts bytes, not user-visible characters.

<?php

echo strlen('PHP') . "\n";

// Prints:
// 3

For plain ASCII text, that is fine. For names, messages, and international text, multibyte functions such as mb_strlen() are often the right tool if the extension is available. The dedicated standard-library track covers multibyte strings in more detail.

Escaping For HTML

When a string goes into HTML, escape it for HTML output. This is different from trimming or validation.

<?php

$name = '<script>alert(1)</script>';

$safeName = htmlspecialchars($name, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');

echo "<p>Hello, {$safeName}</p>\n";

// Prints:
// <p>Hello, &lt;script&gt;alert(1)&lt;/script&gt;</p>

Escaping belongs at output time because the correct escaping depends on where the string is going. HTML, JSON, SQL, shell commands, URLs, and logs have different rules.

Common Mistakes

Do not use + to join strings in PHP. Use ..

Do not treat trimming as security. Trimming cleans whitespace; escaping protects an output context.

Do not assume strlen() means "number of characters" for all languages.

Do not echo user-controlled strings into HTML without htmlspecialchars().

What You Should Be Able To Do

After this lesson, you should be able to:

• choose between single and double quotes;
• join strings with .;
• trim input before checking it;
• check and replace simple substrings;
• understand the byte-count limitation of strlen();
• escape strings safely for HTML output.