If statements and validation. If statement In programming the if statement allows one to test certain conditions and respond differently depending on.

Slides:

Advertisements

Similar presentations

Introduction to JavaScript

Advertisements

DT228/3 Web Development WWW and Client server model.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

PHP Intro/Overview Squirrel Book pages Server-side Scripting Everything you need to know in one slide 1.Web server (with PHP “plug-in”) gets a.

Python and Web Programming

CIS101 Introduction to Computing Week 12 Spring 2004.

PHP Server-side Programming. PHP  PHP stands for PHP: Hypertext Preprocessor  PHP is interpreted  PHP code is embedded into HTML code  interpreter.

. If the PHP server is an server or is aware of which server is the server, then one can write code that s information. –For example,

DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.

Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

August Chapter 1 - Essential PHP spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science and Technology.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

Chapter 4 Handling User Input PHP Programming with MySQL 2nd Edition

JavaScript Form Validation

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP Form Handling.

Chapter 3 Using Validation Controls. What is a Validation Control? A control that validates the value in another control Renders as an HTML tag with an.

JavaScript, Fifth Edition Chapter 1 Introduction to JavaScript.

Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.

CSCI 6962: Server-side Design and Programming JDBC Database Programming.

INTERNET APPLICATION DEVELOPMENT For More visit:

Introduction to JavaScript + More on Interactive Forms.

A little PHP. Enter the simple HTML code seen below.

PHP meets MySQL.

Web Design and Development for E-Business By Jensen J. Zhao Copyright 2003 Prentice Hall, Inc. Web Design and Development for E-Business Jensen J. Zhao.

G053 - Lecture 16 Validating Forms Mr C Johnston ICT Teacher

TUTORIAL 10: PROGRAMMING WITH JAVASCRIPT Session 2: What is JavaScript?

Tutorial 10 Programming with JavaScript

NMD202 Web Scripting Week3. What we will cover today Includes Exercises PHP Forms Exercises Server side validation Exercises.

OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.

Database Access with PHP and MySQL CS356 Examples from Web Database Applications, by Hugh E. Williams & David Lane, O'Reilly, 2002.

Overview: 1. Discussion of the basic architecture of a web application. 2. Discussion of the relevance of using MySQL and PHP in a web application.

Variables and ConstantstMyn1 Variables and Constants PHP stands for: ”PHP: Hypertext Preprocessor”, and it is a server-side programming language. Special.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 14 Database Connectivity and Web Technologies.

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

CSD 340 (Blum)1 Starting JavaScript Homage to the Homage to the Square.

XP Tutorial 8 Adding Interactivity with ActionScript.

IT ELECTIVE 2.  Web server Can refer to either the hardware (the computer) or the software (the computer application) that helps to deliver content that.

CSD 340 (Blum)1 Starting JavaScript Homage to the Homage to the Square.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.

 Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side.

Unit 10 – JavaScript Validation Instructor: Brent Presley.

Class 1Intro to Databases Goals of this class Understand the architecture behind web database applications Gain a basic understanding of what relational.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.

Servers- Apache Tomcat Server Server-side scripts- Java Server Pages.

8 th Semester, Batch 2009 Department Of Computer Science SSUET.

1 CSC160 Chapter 1: Introduction to JavaScript Chapter 2: Placing JavaScript in an HTML File.

Javascript Basic Concepts Presentation By: Er. Sunny Chanday Lecturer CSE/IT RBIENT.

1 LM 6 Database Applications Dr. Lei Li. Learning Objectives Explain three components of a client-server system Describe differences between a 2-tiered.

DAY 20: ACCESS CHAPTERS 5, 6, 7 Larry Reaves October 28,

A little PHP. Enter the simple HTML code seen below.

Web Database Programming Using PHP

Group 18: Chris Hood Brett Poche

Data Types Variables are used in programs to store items of data e.g a name, a high score, an exam mark. The data stored in a variable is entered from.

Active Server Pages Computer Science 40S.

CHAPTER 5 SERVER SIDE SCRIPTING

Web Database Programming Using PHP

Address Verification Using SQL, TextPad and Web Link Validator.

Computer Security Fundamentals

BASIC PHP and MYSQL Edward S. Flores.

Conditions and Ifs BIS1523 – Lecture 8.

PHP: Security issues FdSc Module 109 Server side scripting and

WEB PROGRAMMING JavaScript.

Tiers vs. Layers.

Introduction to TouchDevelop

JavaScript is a scripting language designed for Web pages by Netscape.

An Introduction to JavaScript

Database Access with PHP and MySQL

Presentation transcript:

If statements and validation

If statement In programming the if statement allows one to test certain conditions and respond differently depending on the outcome of the test. –In our example the condition will be that the user actually entered some text. If it is true, one set of actions will be performed. If it is false, a different set of actions will be performed.

Two places to validate Since we are considering a client-server interaction, there are two locations in which the validation can occur – on the client and on the server. –Client-side validation should be seen mainly as not adding to internet traffic and not wasting the server’s time until the data is acceptable. –Server-side validation should be seen as maintaining data integrity (ensuring the data is of valid format) and security (making sure the user is not trying to access more than they should_

Server-side if Test if the user entered any text in the text field. If the text field was left blank print one message. The “else” handles the other case and prints the original Thank-you message. Notice when asking if two things are equal one uses two equal signs!

Result of invalid user data

Using elseif to ask another question

Another approach is to use a Boolean operator – in this case || the OR operator If it is true that either of the text fields was left blank then the first message will be printed out.

If the user includes HTML tags

Code to strip away any HTML (or PHP) in user’s data

Example: tag eliminated Eliminating tags that signal code may help with a problem known as “cross site scripting.”

The quote - slash quote problem

The stripslashes function

Result of stripslashes

Sometimes the slashes are a good thing If a user attempts to put in SQL (database query) code, this is known as “SQL Injection.” SQL Injection often uses quotes (single or double). The slash tells the system to interpret the quote as a data quote not as a SQL quote. In fact PHP has an addslashes function for this purpose

PHP addslashes function

Related function

Result with a space in the First Name field

The trim function

Reference PHP for the World Wide Web, Second edition, Larry Ullman