… The form's action tells which php page to send its data for processing This can also be a full URL (Ex:"> … The form's action tells which php page to send its data for processing This can also be a full URL (Ex:">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 5 SERVER SIDE SCRIPTING

Published byClaire May Modified over 6 years ago

Similar presentations

Presentation on theme: "CHAPTER 5 SERVER SIDE SCRIPTING"— Presentation transcript:

1 CHAPTER 5 SERVER SIDE SCRIPTING
PART 3 OF 3 [Form Handling| Session & Cookies| Security Control] Madam Hazwani binti Rahmat

2 FORM HANDLING FORM| $_POST| $_GET Setting up a form for use with a PHP script is exactly the same as normal in HTML. All the elements for your form must be enclosed in the <form> tags. They are used as follows: <form action="process.php" method="post"> … </form> The form's action tells which php page to send its data for processing This can also be a full URL (Ex:

3 FORM HANDLING FORM| $_POST| $_GET <form action="process.php" method="post"> … </form> The method tells the form how to submit its data: POST will send the data in a data stream to php page when it is requested. GET will send the form data in the form of the url so it would appear after a question mark. Example :

4 FORM HANDLING FORM| $_POST| $_GET The predefined $_POST variable is used to collect values from a form sent with method="post". Example: <form action="welcome.php" method="post"> Name: <input type="text" name="fname"> Age: <input type="text" name="age"> <input type="submit"> </form> When the user clicks the "Submit" button, the URL will look like this:

5 FORM HANDLING Example:
FORM| $_POST| $_GET Example: <form action="welcome.php" method="post"> Name: <input type="text" name="fname"> Age: <input type="text" name="age"> <input type="submit"> </form> The "welcome.php" file can now use the $_POST variable to collect form data: Welcome <?php echo $_POST["fname"]; ?>!<br> You are <?php echo $_POST["age"]; ?> years old.

6 FORM HANDLING FORM| $_POST| $_GET The predefined $_GET variable is used to collect values from a form with method=“get”. Example: <form action=“welcome.php” method=“get"> Name: <input type="text" name="fname"> Age: <input type="text" name="age"> <input type="submit"> </form> When the user clicks the "Submit" button, the URL will look like this: The question mark "?" tells browser that the items are variables.

7 FORM HANDLING Example:
FORM| $_POST| $_GET Example: <form action="welcome.php" method=“get"> Name: <input type="text" name="fname"> Age: <input type="text" name="age"> <input type="submit"> </form> The "welcome.php" file can now use the $_GET variable to collect form data: Welcome <?php echo $_GET["fname"]; ?>!<br> You are <?php echo $_GET["age"]; ?> years old.

8 FORM HANDLING FORM| $_POST| $_GET The GET method is restricted to send up to 1024 characters only. Never use GET method if password or other sensitive information are to be sent to the server. GET CAN'T be used to send binary data, like images or word documents, to the server.

9 SESSION START SESSION | SET SESSION| DESTROY SESSION A PHP session solves allows storing user information on the server for later use (i.e. username, shopping items, etc). However, session information is temporary and will be deleted after the user has left the website. Session variables are available to all pages in one application. Before you can store user information in your PHP session, you must first start up the session using the session_start() function.

10 SESSION START SESSION | SET SESSION| DESTROY SESSION Note: The session_start() function must appear BEFORE the <html> tag: Example: <?php session_start(); ?> <html> <body> </body> </html> The code above will register the user's session with the server, allow you to start saving user information, and assign a UID for that user's session.

11 SESSION Session are stored and can be retrieved using $_SESSION.
START SESSION | SET SESSION| DESTROY SESSION Session are stored and can be retrieved using $_SESSION. Example: <?php // start a session session_start(); // store session data $_SESSION['views']=1; ?>

12 SESSION A PHP session can be destroyed by session_destroy() function.
START SESSION | SET SESSION| DESTROY SESSION A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. Example: <?php session_destroy(); ?>

13 COOKIES A cookie is often used to identify a user.
CREATE COOKIE| RETRIEVE COOKIE| DELETE COOKIE A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can create and retrieve cookie values.

14 setcookie(name, value, expire);
COOKIES CREATE COOKIE| RETRIEVE COOKIE| DELETE COOKIE The setcookie() function is used to set a cookie. Note: The setcookie() function must appear BEFORE the <html> tag. Syntax: setcookie(name, value, expire); where; Name - This sets the name of the cookie. Value -This sets the value of the named variable. Expiry -The time in seconds when the cookie will expire and be deleted.

15 setcookie(name, value, expire);
COOKIES CREATE COOKIE| RETRIEVE COOKIE| DELETE COOKIE Syntax setcookie(name, value, expire); Example: Create a cookie named "user" and assign the value "Alex Porter" to it. We also specify that the cookie should expire after one hour (60min*60secs): <?php setcookie("user", "Alex Porter", time()+3600); ?> <html>

16 setcookie(name, value, expire);
COOKIES CREATE COOKIE| RETRIEVE COOKIE| DELETE COOKIE Syntax setcookie(name, value, expire); Example: You can also set the expiration time of the cookie in another way. It may be easier than using seconds. <?php $expire=time()+60*60*24*30; setcookie("user", "Alex Porter", $expire); ?> <html> In the example above the expiration time is set to a month (60 sec * 60 min * 24 hours * 30 days).

17 setcookie(name, value, expire);
COOKIES CREATE COOKIE| RETRIEVE COOKIE| DELETE COOKIE Syntax setcookie(name, value, expire); Example: <?php //Calculate 60 days in the future //seconds * minutes * hours * days + current time $inTwoMonths = 60 * 60 * 24 * 60 + time(); setcookie('lastVisit', date("G:i-m/d/y"), $inTwoMonths); ?> In the example above the expiration time is set to 2 month (60 sec * 60 min * 24 hours * 60 days).

18 COOKIES The PHP $_COOKIE variable is used to retrieve a cookie value.
CREATE COOKIE| RETRIEVE COOKIE| DELETE COOKIE The PHP $_COOKIE variable is used to retrieve a cookie value.  In the example below, we retrieve the value of the cookie named "user" and display it on a page: <?php // Print a cookie echo $_COOKIE["user"]; ?>

19 COOKIES CREATE COOKIE| RETRIEVE COOKIE| DELETE COOKIE To delete a cookie, set the cookie with a date that has already expired. Example: <?php // set the expiration date to ONE HOUR AGO setcookie("user", "", time()-3600); ?>

20 BUILDING LOGIN PAGE A login page require:
Login form – take username and password as input Data table – to check registered username and password Action page – to verify username and password DATA TABLE RESULT LOGIN FORM ACTION PAGE

21 BUILDING LOGIN PAGE Login form – take username and password as input
LOGIN FORM| DATA TABLE | ACTION PAGE Login form – take username and password as input <form method="post" action="checkLogin.php"> <input type="text" name="matric“> <input type="password" name="password“> <input type="submit" name="button" value="Login"> </form>

22 BUILDING LOGIN PAGE LOGIN FORM| DATA TABLE | ACTION PAGE Data table – to check registered username and password

23 BUILDING LOGIN PAGE Action page – to verify username and password
LOGIN FORM| DATA TABLE | ACTION PAGE Action page – to verify username and password Action page requires: Database connection – to execute query Query – to pull out records from database Control statement – compare input data and query result – execute code based on given conditions

24 BUILDING LOGIN PAGE Database connection – to execute query
LOGIN FORM| DATA TABLE | ACTION PAGE Database connection – to execute query

25 BUILDING LOGIN PAGE Query – to pull out records from database
LOGIN FORM| DATA TABLE | ACTION PAGE Query – to pull out records from database

26 BUILDING LOGIN PAGE LOGIN FORM| DATA TABLE | ACTION PAGE Control Statement – compare input data and query result – execute code based on given conditions if (no matching record) { echo no record } else if(admin) Send to admin page Send to user page

27 BUILDING LOGIN PAGE LOGIN FORM| DATA TABLE | ACTION PAGE

28 BUILDING LOGIN PAGE LOGIN FORM| DATA TABLE | ACTION PAGE

29 INSERT NEW RECORD Data table – to hold new data
INSERT FORM| DATA TABLE | ACTION PAGE Data table – to hold new data

30 INSERT NEW RECORD INSERT FORM| DATA TABLE | ACTION PAGE
<form method="post" action="insertProcess.php"> <input type="text" name="matric”> <input type=“password" name=“password”> <input type="submit" name="button“ value="Insert"> </form>

31 INSERT NEW RECORD Query– to insert records into database
INSERT FORM| DATA TABLE | ACTION PAGE Query– to insert records into database Action page requires: Database connection – to execute query Query – ensure PK entity integrity Control statement – to insert records into database – execute code based on given conditions

32 INSERT NEW RECORD Query – ensure PK entity integrity
INSERT FORM| DATA TABLE | ACTION PAGE Query – ensure PK entity integrity

33 INSERT NEW RECORD Control statement – to insert records into database
INSERT FORM| DATA TABLE | ACTION PAGE Control statement – to insert records into database – execute code based on given conditions if (record match) { echo duplicate exist } else Insert new record Send to user page

34 INSERT NEW RECORD INSERT FORM| DATA TABLE | ACTION PAGE

35 INSERT NEW RECORD INSERT FORM| DATA TABLE | ACTION PAGE

36 SEARCH PAGE <form method="post" action="<? $_PHP_SELF ?>?view=yes"> <select name="year“> <option value="2013">2013</option> <option value="2012">2012</option> </select> <select name="grade“> <option value="A">A</option> <option value="B">B</option> <input type="submit" name="button“ value="Search“> </form>

37 SECURITY CONTROL Clean up all user input
One of the most common exploits are the result of unintended user input. User input by URL, forms and cookies has to get cleaned up from any exploitable input before doing anything with it.  Check each value to make sure it is something expected and assign it to a local variable for use. Ex: use of PHP functions such as mysql_real_escape_string(), intval(), eregi_replace() etc.

38 SECURITY CONTROL Hide your errors
It's never a good idea to show the world your errors. Not only does it make you look bad, it also might give malicious users another clue to help them break your site. You should always have display_errors disabled in a production environment, but continue logging errors with log_errors for your own information.

39 SECURITY CONTROL PHP: Header forwards
A header forward, WITHOUT a exit() or die() could continue to load the page if the browser (or an exploiter) continues to load the page. Example: if($noaccess){ header('Location: noaccess.php'); exit(); } echo "Welcome in the admin section";

Download ppt "CHAPTER 5 SERVER SIDE SCRIPTING"

Similar presentations

PHP: Date() Function The PHP date() function formats a timestamp to a more readable date and time.

PHP: Date() Function The PHP date() function formats a timestamp to a more readable date and time.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Website Development Registering Users – Introducing Cookies.

Website Development Registering Users – Introducing Cookies.
PHP Forms. I. Using PHP with HTML Forms A very common application of PHP is to have an HTML form gather information from a website's visitor and then.

PHP Forms. I. Using PHP with HTML Forms A very common application of PHP is to have an HTML form gather information from a website's visitor and then.
Outline Overview about Web Page HTML Form Creation FORM Input INPUT control types GET & POST PHP File Upload PHP Include Files Headers Cookie Sessions.

Outline Overview about Web Page HTML Form Creation FORM Input INPUT control types GET & POST PHP File Upload PHP Include Files Headers Cookie Sessions.
Uploading Files. Why? By giving a user the option to upload a file you are creating an interactive page You can enable users have a greater web experience.

Uploading Files. Why? By giving a user the option to upload a file you are creating an interactive page You can enable users have a greater web experience.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
Advance Database Management Systems Lab no. 5 PHP Web Pages.

Advance Database Management Systems Lab no. 5 PHP Web Pages.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
PHP Forms and User Input The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input.

PHP Forms and User Input The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input.
INTERNET APPLICATION DEVELOPMENT For More visit:

INTERNET APPLICATION DEVELOPMENT For More visit:
1Computer Sciences Department Princess Nourah bint Abdulrahman University.

1Computer Sciences Department Princess Nourah bint Abdulrahman University.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
PHP Tutorial - Anas Jaghoub Chapter 2 Control Structures.

PHP Tutorial - Anas Jaghoub Chapter 2 Control Structures.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.

Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
PHP2. PHP Form Handling The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input. Name: Age:

PHP2. PHP Form Handling The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input. Name: Age:
11 1 Cookies CGI/Perl Programming By Diane Zak. 11 2 Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.

11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
CSC 2720 Building Web Applications Server-side Scripting with PHP.

CSC 2720 Building Web Applications Server-side Scripting with PHP.

Similar presentations

Ads by Google