PHP (Session 2) INFO 257 Supplement.

Slides:

Advertisements

Similar presentations

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.

Advertisements

Widhy Hayuhardhika NP, S.Kom. Overview of database structure Connecting to MySQL database Selecting the database to use Using the require_once statement.

PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.

PHP and MySQL Database. Connecting to MySQL Note: you need to make sure that you have MySQL software properly installed on your computer before you attempt.

Web Database Programming Connecting Database to Web.

Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io

Application Development Description and exemplification of server-side scripting language for server connection, database selection, execution of SQL queries.

Introduction to PHP and Server Side Technology. Slide 2 PHP History Created in 1995 PHP 5.0 is the current version It’s been around since 2004.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

© Yanbu University College YANBU UNIVERSITY COLLEGE Management Science Department © Yanbu University College Module 6:WEB SERVER AND SERVER SIDE SCRPTING,

1Computer Sciences Department Princess Nourah bint Abdulrahman University.

Create an online booking system (login/registration)

1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.

Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.

Introduction to MySQL Lab no. 10 Advance Database Management System.

PHP MySQL Introduction. MySQL is the most popular open-source database system. What is MySQL? MySQL is a database. The data in MySQL is stored in database.

School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.

Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.

SYST Web Technologies SYST Web Technologies Databases & MySQL.

PHP with MySQL 1.

Website Development with PHP and MySQL Saving Data.

Prof Frankl, Spring 2008CS Polytechnic University 1 Overview of Web database applications with PHP.

CHAPTER 9 PHP AND MYSQL. A POSSIBLE SITE CONFIGURATION Application Folder index.php includes (folder)header.phpfooter.phpstyle.cssmodel (folder)mysqli_connect.php.

HTML, PHP, and MySQL: Putting It All Together. Making a Form Input tags Types: “text” “radio” “checkboxes” “submit”

Creating PHPs to Insert, Update, and Delete Data CS 320.

XHTML & Forms. PHP and the WWW PHP and HTML forms – Forms are the main way users can interact with your PHP scrip Typical usage of the form tag in HTML.

2010/11 : [1]PHP with MySQLBuilding Web Applications using MySQL and PHP (W1) PHP with MySQL.

NMD202 Web Scripting Week5. What we will cover today PHP & MySQL Displaying Dynamic Pages Exercises Modifying Data PHP Exercises Assignment 1.

Form Handling IDIA 618 Fall 2014 Bridget M. Blodgett.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

CHAPTER 10 PHP MySQL Database

>> PHP: MySQL & CRUD. R ecall Database Tables Records is composed of Operations (CRUD) Create Retrieve Update Delete DBMS Access Control MySQL phpMyAdmin.

Since you’ll need a place for the user to enter a search query. Every form must have these basic components: – The submission type defined with the method.

CSC 2720 Building Web Applications Accessing MySQL from PHP.

Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.

PHP Security Ryan Dunn Jason Pack. Outline PHP Overview PHP Overview Common Security Issues Common Security Issues Advanced Security Issues Advanced Security.

INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.

13 – PHP MySQL Connection Informatics Department Parahyangan Catholic University.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Web Systems & Technologies

Web Database Programming Using PHP

PHP WORKSHOP (Session 2)

CHAPTER 5 SERVER SIDE SCRIPTING

PHP (Session 1) INFO 257 Supplement.

Introduction to Dynamic Web Programming

CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr

How to Write Web Forms By Mimi Opkins.

CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr

Web Database Programming Using PHP

PHP Functions Besides the built-in PHP functions, we can create our own functions. A function is a block of statements that can be used repeatedly in.

Server-Side Application and Data Management IT IS 3105 (FALL 2009)

Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©

Introduction to Web programming

PHP Overview PHP: Hypertext Preprocessor Server-Side Scripting

ISC440: Web Programming 2 Server-side Scripting PHP 3

Web Systems Development (CSC-215)

MySQL Web Application Connecting to a MySQL database

Web DB Programming: PHP

Web Programming Language

PHP: Combo box FdSc Module 109 Server side scripting and

Tutorial 6 PHP & MySQL Li Xu

MySQL Web Application Connecting to a MySQL database

PHP Forms and Databases.

Introduction to Web programming

PHP Programming Using Cloud 9 IDE.

PHP By Prof. B.A.Khivsara Note: The material to prepare this presentation has been taken from internet and are generated only for students reference and.

SQL Injection Attack.

Presentation transcript:

PHP (Session 2) INFO 257 Supplement

Outline PHP Classes (Brief Overview) Accessing MySQL via the mysqli class

Classes and OOP (Basic Conceptual Overview) Define the blueprint of your own class (object) Instantiate instances of your object and use them in your program Class Definition (Blueprint) $ben = new dog; $sunny = new dog; class dog{ //properties //methods } $sugar = new dog;

Defining Classes class dog { //Properties public $name; public $breed; //Methods public function bark(){ echo $this->name . “ barked… Woof!”; } //Constructor (optional) public __construct($nameOfDog){ $this->name = $nameOfDog;

Working with Classes $sugar = new dog(“Sugar”); //pass “Sugar” to constructor $sugar->breed = “German Shepherd”; //set breed property equal to “German Shepherd” echo $sugar->name . “ is a “ . $sugar->breed; >>Sugar is a German Shepherd $sugar->bark(); //call the “bark” method >>sugar barked… Woof!

Mysqli Class The mysqli class is the main class you can use to: Set up a connection to the MySQL database Send SQL queries to the MySQL database (CRUD Operations) Read results (if any) from the query Check for any error connecting to or executing SQL queries on a MySQL database

Connecting to DB with Mysqli //Instantiate mysqli object & create connection $db = new mysqli(“localhost”, “username”, “password”, “database_name”); //Check for any errors connecting If($db->connect_errorno){ //There was an error connecting to the database. Put code here on what you would like to about it like… echo “Error: ” . $db->connect_error; }

Querying the DB via Mysqli (Single Query) //Construct some query (it’s just a string) $query_noresult = “INSERT INTO …”; $query_result = ‘’SELECT * FROM DIVECUST”; 2 Types of Queries No Result Queries INSERT, DELETE, CREATE, etc… Result Queries SELECT PHP MySQL PHP MySQL

No Result Queries If($db->query($query_noresult) === TRUE){ //Your query worked, yay } Note about INSERT SQL queries You can use $db->insert_id; to retrieve the AUTO_INCREMENT ID generated for an inserted record. You do NOT need to run a separate query to get that ID value.

Result Queries Returns a mysqli_result object if($result = $db->query($query_result)){ echo $result->num_rows; while($row = $result->fetch-array()){ echo $row[0] . “ ” . $row[‘Name’]; } $result->free(); Column or Attribute name returned from query Free up the result from memory

Result Modes $db->query($query_result, MYSQLI_STORE_RESULT) You can return results in 2 ways (result modes) $db->query($query_result, MYSQLI_STORE_RESULT) Return entire results to memory Can use $result->data_seek(index) to jump to different rows in your result set (i.e. after you loop through the results, do $result->data_seek(0); to go to starting point to loop again) Default (this is the executed mode if you don’t specify a “result mode”) $db->query($query_result, MYSQLI_USE_RESULT) MySQL “spoon feeds” the rows to server running PHP each time a fetches a row Useful if expecting a large dataset (too large to put in memory of PHP server) Must free results in order to run another query ($result->free();)

Closing Connections When you are done using the database, make sure to close the connection… $db->close();

Demo Time DEMO Team team_id name mascot color TeamPlayer team_id player_id Player player_id fname lname pic localhost/sports/teams.php

Passing Variables to PHP (POST) Your form html or php file The process.php file that will process the request (which could be the same as the posting file) <form method=“post” action=“process.php”> <input type=“text” name=“fname”/> <input type=“text” name=“lname” /> <input type=“submit” value=“Submit”/> </form> <?php $var1 = $_POST[‘fname’]; $var2 = $_POST[‘lname’]; ?> Click Submit POST Request HTTP POST Request to process.php fname=Arian lname=Shams

Passing Variable to PHP (GET) www.site.com/index.php?query=ischool&lang=en Start of query string key=value pairs Separator <?php $var1 = $_GET[‘query’]; $var2 = $_GET[‘lang’]; ?> Note- certain characters cannot be put in the URL (such as space character). You will to “URL Encode” those special characters. For example, a space character will show up as a %20 in the URL query string.

Security (SQL Injection and XSS) A malicious user can submit (POST or GET) SQL Code  SQL Injection Attack, or HTML tags that could be anything from a form to a <script> tag  XSS Attack. HTTP POST Request fname=Arian lname=SQL Code In your PHP… $query = “INSERT INTO table (fname, lname)”; $query .= “VALUES (‘{$_POST[‘fname’]}’, ‘{$_POST[‘lname’]}’);”

Preventing SQL Injection & XSS To prevent this, you have to sanitize your input variables and make sure you output safe HTML //Sanitize  SQL Injection $sanitized_variable = $db->real_escape_string($_POST[‘lname’]); //Output Safe HTML  XSS echo htmlspecialchars($row[‘lname’]); You can try to sanitize for HTML tags by using strip_tags($_POST[]) before you input the value into the database. Just make sure that is what you want to do…

Additional Security Tip Don’t type out the username and password when instantiating mysqli. Instead, create a special PHP file that defines certain constants outside the root of your website which you can then include and use in your PHP code. define(SQL_PASSWORD, “mypassword”);

Demo Time DEMO Constant Definitions constants.php Use of $_GET localhost/sports/team.php?id=1 Regular Posting localhost/sports/players.php Use of $_POST and INSERT localhost/sports/addPlayer-process.php Multiselect/Array Posting localhost/sports/editRoster.php?id=1 Use of $_POST arrays localhost/sports/editRoster-process.php Deleting localhost/sports/deletePlayer-process.php?id=1

Additional Notes about POSTing If a checkbox input is not checked, that variable will NOT be passed in the POST (or GET) Use isset() to see if a variable exists: isset($_POST[]); POSTing an array of variables to PHP (such as a multiselect) requires you to append brackets to the name of the input type. <select multiple=“multiple” name=“mylist[]”>…

Next Time You Choose the Topic! Email me with PHP and/or database topics you would like to review and I will select the questions that seems like it would benefit the class the most. I will take the first 15 minutes to review the first two sessions but then after that the floor is open to the topics you choose.