CSC 405: Web Application Engineering II8.1 Web programming using PHP What have we learnt? What have we learnt? Underlying technologies of database supported.

Slides:



Advertisements
Similar presentations
PHP: Date() Function The PHP date() function formats a timestamp to a more readable date and time.
Advertisements

PHP II Interacting with Database Data. The whole idea of a database-driven website is to enable the content of the site to reside in a database, and to.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Tutorial 6 Creating a Web Form
Web Database Programming Connecting Database to Web.
Computer Monitoring System for EE Faculty By Yaroslav Ross And Denis Zakrevsky Supervisor: Viktor Kulikov.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
1 Chapter 12 Working With Access 2000 on the Internet.
Objectives Connect to MySQL from PHP
Multiple Tiers in Action
Website Development & Management PHP Odds & Ends Instructor: John Seydel, Ph.D. CIT Fall
Intermediate PHP & MySQL
PHP Scripts HTML Forms Two-tier Software Architecture PHP Tools.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Creating Web Page Forms
1 CS428 Web Engineering Lecture 23 MySQL Basics (PHP - VI)
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
Application Development Description and exemplification of server-side scripting language for server connection, database selection, execution of SQL queries.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
INTERNET APPLICATION DEVELOPMENT For More visit:
Chapter 33 CGI Technology for Dynamic Web Documents There are two alternative forms of retrieving web documents. Instead of retrieving static HTML documents,
Server-side Scripting Powering the webs favourite services.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
Mark Dixon Page 1 23 – Web applications: Writing data to Databases using PhP.
Multifarious Project Team Members Alberto Dominguez Nirmit Gang Jimmy Garcia Javier Handal.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
_______________________________________________________________________________________________________________ PHP Bible, 2 nd Edition1  Wiley and the.
15/10/20151 PHP & MySQL 'Slide materials are based on W3Schools PHP tutorial, 'PHP website 'MySQL website.
Introduction to MySQL Lab no. 10 Advance Database Management System.
PHP MySQL Introduction. MySQL is the most popular open-source database system. What is MySQL? MySQL is a database. The data in MySQL is stored in database.
Creating Dynamic Web Pages Using PHP and MySQL CS 320.
School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
SYST Web Technologies SYST Web Technologies Databases & MySQL.
1. Connecting database from PHP 2. Sending query 3. Fetching data 4. Persistent connections 5. Best practices.
CSC 405: Web Application And Engineering II9.1 Web programming using PHP What have we learnt? What have we learnt? Sending s using PHP Sending s.
(Chapter 10 continued) Our examples feature MySQL as the database engine. It's open source and free. It's fully featured. And it's platform independent.
Internet Information Systems Writing to Databases and Amending Data.
Chapter 6 Server-side Programming: Java Servlets
HTML, PHP, and MySQL: Putting It All Together. Making a Form Input tags Types: “text” “radio” “checkboxes” “submit”
CSC 2720 Building Web Applications Server-side Scripting with PHP.
CISC 3140 (CIS 20.2) Design & Implementation of Software Application II Instructor : M. Meyer Address: Course Page:
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP & MySQL.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
1 Theory, Practice & Methodology of Relational Database Design and Programming Copyright © Ellis Cohen Implementing The Middle Tier These slides.
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
NMD202 Web Scripting Week5. What we will cover today PHP & MySQL Displaying Dynamic Pages Exercises Modifying Data PHP Exercises Assignment 1.
Creating a simple database This shows you how to set up a database using PHPMyAdmin (installed with WAMP)
Chapter 10 Database Management. Data and Information How are data and information related? p Fig Next processing data stored on disk Step.
Chapter 8 Manipulating MySQL Databases with PHP PHP Programming with MySQL 2 nd Edition.
CSC 405: Web Application Engineering II9.1 Web programming using PHP What have we learnt? What have we learnt? Sending s using PHP Sending s.
CSC 405: Web Application Engineering II6.1 Database Programming with SQL What have we learnt? What have we learnt? Four site categories Four site categories.
CSC 405: Web Application Engineering II Web programmering using PHP What have we learnt? What have we learnt? Cookies Cookies Sessions Sessions User Tracking.
CSC 405: Web Application Engineering II Course Preliminaries Course Objectives Course Objectives Students’ Learning Outcomes Students’ Learning Outcomes.
CP476 Internet Computing Perl CGI and MySql 1 Relational Databases –A database is a collection of data organized to allow relatively easy access for retrievals,
CSC 405: Web Application Engineering II10.1 Web programming using PHP What have we learnt? What have we learnt? Dates in PHP Dates in PHP – Various date.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Introduction to MySQL  Working with MySQL and MySQL Workbench.
Storing Images Connect to the server using the correct username and password. $conn = mysql_connect(“yourserver”, “joeuser”, “yourpass”); Create the database.
Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©
PHP / MySQL Introduction
ISC440: Web Programming 2 Server-side Scripting PHP 3
Tutorial 6 PHP & MySQL Li Xu
MySQL Web Application Connecting to a MySQL database
Presentation transcript:

CSC 405: Web Application Engineering II8.1 Web programming using PHP What have we learnt? What have we learnt? Underlying technologies of database supported web sites Underlying technologies of database supported web sites Constructing database supported web sites Constructing database supported web sites Accessing the MySQL database from PHP scripts Accessing the MySQL database from PHP scripts Example: A mailing list Example: A mailing list auto_increment in MySQL auto_increment in MySQL

CSC 405: Web Application Engineering II8.2 What have we learnt? Overview: A PHP file: <html> Hello World Hello World Hello "; Hello "; echo " WORLD "; echo " WORLD ";?> </html>

CSC 405: Web Application Engineering II8.3 Until now: Variables, numbers, strings and arrays Variables, numbers, strings and arrays Computations Computations if-constructs and loops if-constructs and loops Functions and code reuse Functions and code reuse Entering user data using forms Entering user data using forms Validating user data using regular expressions Validating user data using regular expressions

CSC 405: Web Application Engineering II8.4 General client-server database architechture Clients can potentially run on different Clients can potentially run on different physical machines Database processes run on the same Database processes run on the same physical machine One database process is established for One database process is established for each client connection Database processes are maintained by a Database processes are maintained by a database daemon

CSC 405: Web Application Engineering II8.5 CGI-scripts and database access (CGI = Common Gateway Interface) Pros of CGI-scripts All major web servers support CGI-scripts All major web servers support CGI-scripts All programming languages can be used to construct CGI-scripts All programming languages can be used to construct CGI-scripts Cons of CGI-scripts The CGI-program is started as a new operating system process each time a request arrives The CGI-program is started as a new operating system process each time a request arrives Additionally, a new database server process is started for each request Additionally, a new database server process is started for each request The CGI-program must be authorised by the newly created database server process The CGI-program must be authorised by the newly created database server process It takes some time to close the CGI-program It takes some time to close the CGI-program

CSC 405: Web Application Engineering II8.6 Two strategies for connecting the web server and database Slow database connection using CGI: Fast database connection using fixed connections:

CSC 405: Web Application Engineering II8.7 Web servers with fixed database connections and scripting Pros: Fast startup of interpreted program Fast startup of interpreted program Fast access to existing database connections Fast access to existing database connectionsCons: Tightly connected to a specific web server—possibly non-portable Tightly connected to a specific web server—possibly non-portable

CSC 405: Web Application Engineering II8.8 Java Applets Pros: Fast execution on the client (browser), at the expense of longer downloading time Fast execution on the client (browser), at the expense of longer downloading time Potential for good usability Potential for good usabilityCons: Safety problems—an additional open port to the database Safety problems—an additional open port to the database Licensing problems—as a port for database connection must be open, typically the license paid is Licensing problems—as a port for database connection must be open, typically the license paid is proportional to the number of concurrent users proportional to the number of concurrent users Potentially many database connections and many running database servers—when can one assume that a Potentially many database connections and many running database servers—when can one assume that a database connection is no longer needed? database connection is no longer needed? Is not supported or enabled on all browsers, and is problematic with PDAs Is not supported or enabled on all browsers, and is problematic with PDAs

CSC 405: Web Application Engineering II8.9 Safety A hacker attack on data requires the following: 1. A connection to the database servers IP address 2. Password to the database server or 1. A connection to the server’s IP address 2. A root password (by hacking the machine) or... To prevent attacks: Move the database server behind a firewall and Move the database server behind a firewall and allow only connections to the web server Move the web server behind a firewall and Move the web server behind a firewall and allow only connections via port 80 allow only connections via port 80

CSC 405: Web Application Engineering II8.10 Constructing database supported web sites We construct a database supported web site using the following steps: Step 1: Constructing a data model Which information should be stored and how should it be represented? Which information should be stored and how should it be represented? This is the hard part!!! This is the hard part!!! Step 2: Developing data transactions How do we insert data into the database? How do we insert data into the database? How do we extract data from the database? How do we extract data from the database? Step 3: Constructing web-forms for implementing data transactions The user interface is HTML code (forms) The user interface is HTML code (forms) Step 4: Constructing PHP-files for implementing data transactions SQL (Structured Query Language) is used for the actual data transactions SQL (Structured Query Language) is used for the actual data transactions This is the easy part! This is the easy part! Note: The more time you spend on Step 3, the easier Step 4 becomes!

CSC 405: Web Application Engineering II8.11 Example: A mailing list Using the mailing list system, we must be able to create a list of names and s for distributing s. The same common list is maintained by all people using the system. The only information stored are the names and addresses. Step 1: The data model CREATE TABLE maillist ( varchar(100) not null, name varchar(100) not null ); We assume that no two persons use the same address, i.e., it is unique. We insist that the name as well as the address are present.

CSC 405: Web Application Engineering II8.12 Example: A mailing list—continued Step 3: Constructing web forms and site maps The boxes in the diagram represent states where HTML code is displayed in a browser The boxes in the diagram represent states where HTML code is displayed in a browser Unlabelled arrows represent links to a new HTML page, possibly generated by a PHP script Unlabelled arrows represent links to a new HTML page, possibly generated by a PHP script Labelled arrows represent transactions that update the database by running a PHP script Labelled arrows represent transactions that update the database by running a PHP script

CSC 405: Web Application Engineering II8.13 Example: A mailing list—continued Step 3: Constructing web forms: maillist_add.html: Step 3: Constructing web forms: maillist_add.html:<HTML> Add Yourself to Mailing List Add Yourself to Mailing List Name: Name: </BODY></HTML>Note: The file maillist_add.php is the form action The file maillist_add.php is the form action The form contains two fields called and name The form contains two fields called and name

CSC 405: Web Application Engineering II8.14 Example: A mailing list—continued Step 4: Constructing PHP filer The file maillist.php—displaying addresses: Mailing list members Mailing list members <? // Establish database connection $db = mysql_connect("mysql.itu.dk", "W2_panic", "***"); mysql_select_db("W2_F2004_panic", $db); // Extract rows from the table $rows = mysql_query("SELECT , name FROM maillist"); // Iterate through the rows while ( $row = mysql_fetch_row($rows) ) { // Display a single row echo " $row[1] "; } ?> Add Yourself Add Yourself </BODY></HTML>

CSC 405: Web Application Engineering II8.15 Example: A mailing list—continued The file maillist_add.php—adding an address: <? // Establish database connection $db = mysql_connect("mysql.itu.dk", "W2_panic", "***"); mysql_select_db("W2_F2004_panic", $db); // Insert data into the database mysql_query("INSERT INTO maillist ( , name) VALUES (’$ ’, ’$name’)"); VALUES (’$ ’, ’$name’)"); header("Location: maillist.php"); // Jump to maillist.php header("Location: maillist.php"); // Jump to maillist.php?>Note: By calling the function header with location maillist.php, information is sent to the browser (via HTTP) informing it to request the file maillist.php from the server. By calling the function header with location maillist.php, information is sent to the browser (via HTTP) informing it to request the file maillist.php from the server. As this happens rapidly—and without user interaction—the result is that the updated mailing list is displayed for the user. As this happens rapidly—and without user interaction—the result is that the updated mailing list is displayed for the user. Are there any inconveniencies or defects in the scripts above? Are there any inconveniencies or defects in the scripts above?

CSC 405: Web Application Engineering II8.16 Using an include file for establishing a connection—mydb.php By using an include file, we avoid writing password information in all files: Error in PHP script $msg "; Error in PHP script $msg ";exit();} // function for establishing connection to the database function mydb_connect() {$dbhost = "mysql.itu.dk"; $user = "W2_panic"; $database = "W2_F2004_panic"; $passwd = "***"; $db = mysql_connect($dbhost, $user, $passwd); if ( $db == 0 ) { error ("Connection to database on ’$dbhost’ failed"); } if ( mysql_select_db($database, $db) == 0 ) { error ("Failed to select database ’$user’"); if ( mysql_select_db($database, $db) == 0 ) { error ("Failed to select database ’$user’"); } }?> }?> Note: We check the return values from mysql_connect and mysql_select_db

CSC 405: Web Application Engineering II8.17 Extending the mailing list example Let us extend our mailing list example so that it is possible to remove names from the list We consider the four steps again: Step 1: The data model is unchanged (table maillist) Step 2: The following data transaction is added: Deleting and corresponding name Deleting and corresponding name DELETE FROM maillist WHERE =

CSC 405: Web Application Engineering II8.18 Extending the mailing list example—continued Step 3: Constructing a site map: The file maillist2_del.php deletes a row from the table The file maillist2_del.php deletes a row from the table This file expects a form variable , transferred in a link in the file maillist2.php: This file expects a form variable , transferred in a link in the file maillist2.php:

CSC 405: Web Application Engineering II8.19 Extending the mailing list example—continued Step 4: Constructing PHP files The file maillist2.php: Mailing list members (version 2) Mailing list members (version 2) <? include("mydb.php"); // Include utilities <? include("mydb.php"); // Include utilities mydb_connect(); // Connect to the database mydb_connect(); // Connect to the database // Extract rows from the table // Extract rows from the table $rows = mysql_query("SELECT , name FROM maillist"); $rows = mysql_query("SELECT , name FROM maillist"); // Iterate through the rows // Iterate through the rows while ( $row = mysql_fetch_row($rows) ) { while ( $row = mysql_fetch_row($rows) ) { // Display a single row // Display a single row echo " $row[1] echo " $row[1] -- delete "; -- delete ";}?> Add Yourself Add Yourself </HTML>

CSC 405: Web Application Engineering II8.20 Extending the mailing list example—continued The file maillist2_del.php: <? include("mydb.php"); // Include utilities include("mydb.php"); // Include utilities // Check form variables if ( $ ) == 0 ) { error("Go back and enter an !"); } mydb_connect(); // Connect to the database // Delete a row mysql_query("DELETE FROM maillist WHERE = ’$ ’"); // Jump to the main page header("Location: maillist2.php"); ?> Note: We check that the form variable is a valid address Next time: We consider among other things how to send to the addresses

CSC 405: Web Application Engineering II8.21 Generating unique ID numbers in MySQL In MySQL you can use auto_increment to generate fresh ID numbers automatically when inserting new rows into a table Example: CREATE TABLE Users (id int auto_increment primary key, name varchar(100) not null); name varchar(100) not null); INSERT INTO Users (name) VALUES (’Martin Elsman’); INSERT INTO Users (name) VALUES (’Niels Hallenberg’); Other database systems provide similar functionality In PHP, to get the ID generated for an AUTO_INCREMENT column by an INSERT query, you use the mysql_insert_id function: <? // Insert a new row mysql_query("INSERT INTO Users (name) VALUES (’Martin Elsman’)"); // Get the auto_increment id column echo "Martin Elsman got ID number ".mysql_insert_id(); ?>

CSC 405: Web Application Engineering II8.22 Exercise Constructing a commentary service Constructing a commentary service Add a functionality allowing the readers of your web pages to comment them... Add a functionality allowing the readers of your web pages to comment them...