Dbwebsites 3.1 Making Database backed Websites Session 3 Return of the Hypertext Putting it all together.

Slides:



Advertisements
Similar presentations
PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.
Advertisements

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Introduction to PHP MIS 3501, Fall 2014 Jeremy Shafer
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
PHP (2) – Functions, Arrays, Databases, and sessions.
Objectives Connect to MySQL from PHP
Javascript II Expressions and Data Types. 2 JavaScript Review programs executed by the web browser programs embedded in a web page using the script element.
Website Development & Management PHP Odds & Ends Instructor: John Seydel, Ph.D. CIT Fall
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.
SJSU CS157B Dr. Lee1  2004 Jenny Mitchell Two Useful Tools You Can’t Live Without by Jenny Mitchell SJSU CS157B Section PHP and MySQL.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
PHP Security.
1 Introduction to PHP. 2 What is this “PHP” thing? Official description: “PHP, which stands for "PHP: Hypertext Preprocessor" is a widely-used Open Source.
Web forms in PHP Forms Recap  Way of allowing user interaction  Allows users to input data that can then be processed by a program / stored in a back-end.
Application Development Description and exemplification of server-side scripting language for server connection, database selection, execution of SQL queries.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Advanced Web 2012 Lecture 4 Sean Costain PHP Sean Costain 2012 What is PHP? PHP is a widely-used general-purpose scripting language that is especially.
MySQL in PHP – Page 1 of 17CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: MySQL in PHP Reading: Williams &
INTERNET APPLICATION DEVELOPMENT For More visit:
MySQL + PHP.  Introduction Before you actually start building your database scripts, you must have a database to place information into and read it from.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
NMED 3850 A Advanced Online Design January 26, 2010 V. Mahadevan.
PHP TUTORIAL. HISTORY OF PHP  PHP as it's known today is actually the successor to a product named PHP/FI.  Created in 1994 by Rasmus Lerdorf, the very.
IST 210: PHP BASICS IST 210: Organization of Data IST210 1.
Dbwebsites 2.1 Making Database backed Websites Session 2 The SQL… Where do we put the data?
PHP meets MySQL.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
_______________________________________________________________________________________________________________ PHP Bible, 2 nd Edition1  Wiley and the.
Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.
15/10/20151 PHP & MySQL 'Slide materials are based on W3Schools PHP tutorial, 'PHP website 'MySQL website.
PHP MySQL Introduction. MySQL is the most popular open-source database system. What is MySQL? MySQL is a database. The data in MySQL is stored in database.
Creating Dynamic Web Pages Using PHP and MySQL CS 320.
1. Connecting database from PHP 2. Sending query 3. Fetching data 4. Persistent connections 5. Best practices.
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
Database Access with PHP and MySQL CS356 Examples from Web Database Applications, by Hugh E. Williams & David Lane, O'Reilly, 2002.
Variables and ConstantstMyn1 Variables and Constants PHP stands for: ”PHP: Hypertext Preprocessor”, and it is a server-side programming language. Special.
HTML, PHP, and MySQL: Putting It All Together. Making a Form Input tags Types: “text” “radio” “checkboxes” “submit”
CSC 2720 Building Web Applications Server-side Scripting with PHP.
CISC 3140 (CIS 20.2) Design & Implementation of Software Application II Instructor : M. Meyer Address: Course Page:
Creating PHPs to Insert, Update, and Delete Data CS 320.
PHP. What is PHP? PHP stands for PHP: Hypertext Preprocessor PHP is a server-side scripting language, like ASP PHP scripts are executed on the server.
Intro to PHP IST2101. Review: HTML & Tags 2IST210.
Fall 2004CSI University of Ottawa Introduction to PHP Basic principles and syntax.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP & MySQL.
Java server pages. A JSP file basically contains HTML, but with embedded JSP tags with snippets of Java code inside them. A JSP file basically contains.
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
David Lawrence 7/8/091Intro. to PHP -- David Lawrence.
IT ELECTIVE 2.  Web server Can refer to either the hardware (the computer) or the software (the computer application) that helps to deliver content that.
Creating a simple database This shows you how to set up a database using PHPMyAdmin (installed with WAMP)
Form Handling IDIA 618 Fall 2014 Bridget M. Blodgett.
Accessing mySQL relational database. MySQL database.  Today, we will attempt and open a connection to the MySQL server.  We need to specify the database.
Chapter 8 Manipulating MySQL Databases with PHP PHP Programming with MySQL 2 nd Edition.
CSC 405: Web Application Engineering II8.1 Web programming using PHP What have we learnt? What have we learnt? Underlying technologies of database supported.
Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.
IS2803 Developing Multimedia Applications for Business (Part 2) Lecture 2: Introduction to IS2803 Rob Gleasure
Dr. Abdullah Almutairi Spring PHP is a server scripting language, and a powerful tool for making dynamic and interactive Web pages. PHP is a widely-used,
IST 210: PHP Basics IST 210: Organization of Data IST2101.
Unit 4 Working with data. Form Element HTML forms are used to pass data to a server. A form can contain input elements like text fields, checkboxes, radio-buttons,
PHP and SQL Server: Connection IST 210: Organization of Data IST2101.
Tonga Institute of Higher Education IT 141: Information Systems
Introduction to Dynamic Web Programming
Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©
Intro to PHP & Variables
Cookies BIS1523 – Lecture 23.
Tonga Institute of Higher Education IT 141: Information Systems
Building Web Applications
Tonga Institute of Higher Education IT 141: Information Systems
HYPERTEXT PREPROCESSOR BY : UMA KAKKAR
Presentation transcript:

dbwebsites 3.1 Making Database backed Websites Session 3 Return of the Hypertext Putting it all together

dbwebsites 3.2 HTML Refresher A Web Page! A Web Page! Woo hoo. It works!

dbwebsites 3.3 How Does PHP work? With HTML all the webserver does when it gets a request is send back the appropriate file. A page written using PHP will be processed by the webserver before being sent. (Assuming PHP is installed on the server). PHP stands for PHP: HyperText Preprocessor. It’s a recursive acronym - typical hackish. PHP is a programming language that is embedded inside the HTML.

dbwebsites 3.4 A simple example PHP

dbwebsites 3.5 The tag PHP is added to a page using a special tag. It starts <?php It ends ?> Anything in-between is PHP. Some servers will allow you to use but this can cause problems if you move your site to a server which doesn’t allow this. It’s safest to always use

dbwebsites 3.6 Variables Since PHP is a real programming language (unlike HTML which is a markup language) it allows you to define variables. <?php $foo = 1; echo $foo; ?> Would output… 1

dbwebsites 3.7 Simple programming You can also perform calculations… <?php $a=2; $b=3; echo $a+$b; ?> Would output… 5

dbwebsites 3.8 Simple Data Types PHP, like SQL can work with a number of different data types. Strings $foo = "hello"; Numbers $foo = 4; $foo = ; Boolean $foo = True; //case insensitive Resource $foo = mysql_connect ("localhost","bar","wibble");

dbwebsites 3.9 Manipulating Strings $foo = "hello"; $bar = " world"; echo $foo.$bar; Would output… hello world Alternatively, this would do the same. $foo = "hello"; $foo.= " world"; echo $foo;

dbwebsites 3.10 Manipulating Numbers $foo = 14; $foo = $foo + 12; echo $foo; Would output… 26 You can use + - * / % = Note $foo = $bar = 14; is allowed. The expression $bar=14 evaluates to 14. So $foo ends up as 14.

dbwebsites 3.11 if else elseif What if you want to do different things depending on user input. if ($foo == "yes") { echo "Yes"; } elseif ($foo == "no") { echo "No"; } else { echo "Maybe"; } You can also use != = <>

dbwebsites 3.12 while There are also constructs to allow you to do something repeatedly, until a certain condition is met. $i=0; while ($i < 10) { print $i." \n"; $i++; }

dbwebsites 3.13 for Since doing something a set number of times is so common there is a shorthand for it. for ($i=0; $i < 10; $i++) { print $i." \n"; } This does the same as the previous example.

dbwebsites 3.14 The real power of PHP is in the functions that are available. It's functions which will let you connect to the database, or do many other esoteric things. A function is called like this… $pos = stripos("hello world","WORLD"); Functions Function nameParameters

dbwebsites 3.15 Functions PHP contains up to 115 packages*, each of which contain numerous functions you can use. * Depends which packages are installed on the webserver. 8 packages just deal with databases. We'll use the MySQL package later this session. You can also… , create images, create PDFs, use calendars, use mathematical functions, spell checkers, use string functions, etc.

dbwebsites 3.16 Arrays You can also have arrays. An array is a data structure which can store many pieces of data. Each datum* is stored in a element of the array. $array = Array(); $array[0] = "foo"; $array[1] = "bar"; $arr = Array("foo", "bar"); $foo = Array("foo" => "bar"); echo $foo["foo"];

dbwebsites 3.17 Getting data from a Form PHP automatically creates a few arrays which contain various pieces of data. For getting data from a form the two that matter are $_GET $_POST Each element from a form will become an entry in one or other or these arrays.

dbwebsites 3.18 Getting data from a Form You entered into the text field.

dbwebsites 3.19 Connecting to the Database The mysql_connect function takes three parameters. First the machine which the DMBS is on. Second the database username, and lastly the database users The mysql_select_db function just takes one parameter, the name of the or die("Failed to connect to database: ".mysql_error()); mysql_error returns any errors from the database

dbwebsites 3.20 Performing a Query on the DB Get the names and dates of birth of all the actors in the actor table. The SQL for this is select name, DATE_FORMAT(dob, \"%d %b %Y\") as dob from actors; The DATE_FORMAT part gets the database to output the date as 17 Jul 1935 rather than it's native

dbwebsites 3.21 Performing a Query on the DB The PHP then looks like this… $query = "select name, DATE_FORMAT(dob, \"%d %b %Y\") as dob from actors"; $result = mysql_query($query); The first line just sets up a variable which contains the query. The second line runs the query on the database. Now all we need to do is read the result.

dbwebsites 3.22 Performing a Query on the DB For this we use the mysql_fetch_array function. It returns either an array containing the result, or FALSE if there are no more results. while ($line = mysql_fetch_array($result)) { $name=$line["name"]; $dob=$line["dob"]; print $name." - ".$dob." \n"; }

dbwebsites 3.23 Inserting data into the DB All SQL commands are known as queries, regardless of whether you're extracting data or not. So to insert data you just use a query. $query = "insert into actors (name, dob) values (\"$name\", \"$year- $month-$date\")"; $result = mysql_query($query); With queries that don't return data, (ie aren't really queries) mysql_query returns True on success and False on failure.

dbwebsites 3.24 Idempotent & Replay What happens when you add data to a database, and then reload the page. It gets added again! This is known as a replay, or when done malevolently a replay attack. The solution is to make your pages idempotent. (for the mathematically inclined) Put simply something is idempotent if doing it repeatedly has the same effect as doing it once.

dbwebsites 3.25 Idempotent & Replay There are many strategies you could use to enforce idempotency. A simple one would be to check to see if the name and date of birth was already in the database before attempting to add it. If it was, then just don't add it. There are more general solutions but they are typically more complex. For example – using nonces.

dbwebsites 3.26 Errors You'll make mistakes unless you're super-human. PHP will output errors into your webpage to tell you what's gone wrong. These vary in how meaningful they are. To prevent errors from being reported at the start of a line. This is useful for errors such as bad passwords in the database connect function. A text editor which tells you line numbers is useful for finding what PHP is talking about.

dbwebsites 3.27 Including other PHP files One major time saver is making common PHP files which can then be referenced by all the pages on a site. For example, all the navigation and design of a site can be in a couple of PHP files which you include in all pages. Then if you want to change the site design you only have one or two files to edit, rather than every page on the site.

dbwebsites 3.28 Including other PHP files As you get more familiar with PHP you'll find yourself doing the same sorts of things over and over. Often these functions can be put into scripts which you can include when needed rather than rewriting every time. Eventually you'll have a toolkit which makes building sites much faster. include "foo.php"; include_once "foo.php"; require_once "bar.php";

dbwebsites 3.29 Basic Security Anyone can write a HTML page which sends data to your script. If they have seen the code for your pages then they may be able to get your script to do things that may damage your data. Work assuming that all the code of your pages can be seen by anyone. Most security breaches are committed by insiders or ex-insiders. Security through obscurity is essentially no security at all.

dbwebsites 3.30 Basic Security PHP has a number of server configurations which can increase security. It's good to get in the habit of writing PHP on a locked down server. By including PHP scripts from somewhere which is not in the publicly accessible webspace an attacker cannot see those scripts even if there is a breach in the PHP configuration.

dbwebsites 3.31 Basic Security Lastly, if you don't do any checking on your incoming variables it's sometimes possible for a user to input values which case unexpected behaviour. For example, what happens if an actors name includes a " character? There are String functions which can take care of these problems.

dbwebsites 3.32 Text Editors

dbwebsites 3.33 Questions? Presentation online at… tech/howitworks/dbwebsites/