PHP and the Web: Session : 4

Predefined variables PHP provides a large number of predefined global variables to any script which it runs also called superglobal or autoglobal

PHP Superglobals $_SERVER $_GET $_POST $_COOKIE $_FILES $_ENV $_SESSION

$_SERVER $_SERVER stores several web server related variables which is very useful for various purposes.

$_SERVER echo $_SERVER[‘PHP_SELF’]; Returns the file name currently executing in webserver.

$_SERVER echo $_SERVER[‘PHP_SELF’]; Displays the server name echo $_SERVER[' REMOTE_ADDR' ] Displays the remote address of a client

$_SERVER … There are several information available in the $_SERVER array check manual for more…

$_POST and $_GET A web form’s POST and GET variables are stored in associated array $_POST and $_GET. like, $_GET[“varname”]; $_POST[“varname”];

GET Example <?php echo $_GET[“fname”]; eco $_GET[“addr”]; ?> Name: Addr:

Handling Form <?php if ( isset($_GET[“submit”] ) ) { echo $_GET[“fname”]; echo $_GET[“addr”]; } ?> Name: Addr:

Handling Form <?php if ( isset($_POST[“submit”] ) ) { echo $_POST[“fname”]; echo $_POST[“addr”]; } ?> Name: Addr:

Variable Function PHP has several variable function especially useful to validate, verify and manipulate the variable.

isset($var) isset returns TRUE if var exists; FALSE otherwise Example, $k=0; if(isset($t) ) echo “t is declared”; if( isset($t) ) echo “k is declared”;

empty($var) Determine whether a variable is empty Example, $var =0; if (empty($var)) { echo '$var is either 0, empty, or not set at all'; }empty

Checking variable type To check whether a variable is an array use, is_array($var) Example $var = array(23,45,23); If( is_array($var)) { echo “Array type”; }

Radio Button <? if(isset($_POST[“submit”]) ) { $opt = $_POST[“opt”]; echo “Your choice is $opt; } Apple Orange ?>

Checkbox <? if(isset($_GET[“submit”]) ) { $opt = $_GET[“opt”]; echo “Your choice is $opt; } Apple Orange ?>

Passing Array from Form

Getting values <? $rows = $_POST[“row”]; echo $row[0]; echo $rows[5]; foreach($rows as $r) { echo $r.” ”; } ?>

File Upload

File Upload Form

To be remembered A file upload form must content an encoding type. i.e

Restricting upload size PHP also requires that a hidden field be included before the file upload field. This should be called MAX_FILE_SIZE and should have a value representing the maximum size in bytes of the file that you are willing to accept.

Inside file upload When a file is successfully uploaded, it is given a unique name and stored in a temporary directory (/tmp on UNIX systems). The full path to this file becomes available to you in a global variable

Handling Uploaded Files PHP stores all the uploaded file information in the $_FILES autoglobal array. $_FILES['userfile']['name'] $_FILES['userfile']['type'] $_FILES['userfile']['size'] $_FILES['userfile']['tmp_name'] $_FILES['userfile']['error']

$_FILES['userfile']['name'] The original name of the file on the client machine.

$_FILES['userfile']['type'] The mime type of the file, if the browser provided this information. An example would be "image/gif"

$_FILES['userfile']['size'] The size, in bytes, of the uploaded file i.e $totsize = $_FILES[‘userfile’][‘size’]; echo ‘Total uplodaed file size’.$totsize;

$_FILES['userfile']['tmp_name'] The temporary filename of the file in which the uploaded file was stored on the server.

$_FILES['userfile']['error'] The error code associated with this file upload. ['error'] was added from PHP

Upload Example

A upload form Choose a file to upload:

upload.php <?php If( isset ($_POST[‘submit’) ) { $uploadFile = $_FILES['userfile']['name']; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile)) { print "File is valid, and was successfully uploaded. "; print “File type is : “. $_FILES[‘userfile’][‘type’]; } else { print "Possible file upload probs! Here's some debugging info:\n"; print_r($_FILES); } ?>

Some caution Always check file type after uploading the files. Always check the extension of the file. Always use MAX_FILE_SIZE restricting the file upload size

Session management

Session Management Session management is a mechanism to maintain state about a series of requests from the same user across some period of time. for example, to store each user items while they are shopping a site.

separate session? Since TCP/IP has its own session why we need a seprate session handling?

Because.. HTTP is a stateless protocol. It means in every transition the server immediately disconnect the connection. It present a problem when it comes to maintaining information about users visiting a Web site.

user session, how it works? There must be unique identifier number for each user store in storage device. When the user return back they must have this number (session id) to identify to the server. So server can retrieved user information store in the storage device.

Session in client The session variables can be stored in client side using Cookie

Session info can be stored in Cookies Hidden fields URL Web server process memory Files Database

Starting a Session A PHP session is started explicitly by session_start() session_start(); print($counter); $counter++; session_register("counter");

Inside session_start(..) PHP checks whether a valid session ID exist. If there is no session ID, PHP creates a new ID. If a valid ID exists, the frozen variables of that session are reactivated and introduced back to the global namespace. In next visit, Checks whether session is generated or not. If session id found then update the session timeout time.

session_start(..) Put session_start(..) at top of every php script so that the page will remain the part of the each session.

Registering a session variable Registering a session variable is done through the session_register() command All variables you want to preserve across page requests must be registered to the session library with the session_register() function

example session_start(); print($counter); $counter++; session_register("counter"); $bar = "This is a string"; $foo = "bar"; session_register($foo);

Ending a Session You can force a session end with the command session_destroy().

the $_SESSION superglobal the $_SESSION superglobal User $_SESSION to access the registered variables.