1. 2014.10.14 SLIDE 1IS 257 – Fall 2014 PHP introduction University of California, Berkeley School of Information IS 257: Database Management

2. 2014.10.14 SLIDE 2IS 257 – Fall 2014 Lecture Outline Review –Databases for Web Applications – Overview ColdFusion –DiveShop in ColdFusion PHP –DiveShop in PHP More on MySQL and SQL

3. 2014.10.14 SLIDE 3IS 257 – Fall 2014 Lecture Outline Review –Databases for Web Applications – Overview ColdFusion –DiveShop in ColdFusion PHP –DiveShop in PHP More on MySQL and SQL

4. 2014.10.14 SLIDE 4IS 257 – Fall 2014 Dynamic Web Applications 2 Server database CGI DBMS Web Server Internet Files Clients database

5. 2014.10.14 SLIDE 5IS 257 – Fall 2014 Server Interfaces Adapted from John P Ashenfelter, Choosing a Database for Your Web Site DatabaseWeb Server Web Application Server Web DB App HTML JavaScript DHTML CGI Web Server API ’ s ColdFusion PhP Perl Java ASP SQL ODBC Native DB interfaces JDBC Native DB Interfaces

6. 2014.10.14 SLIDE 6IS 257 – Fall 2014 Web Application Server Software ColdFusion PHP ASP JSP Django All of the are server-side scripting languages that embed code in HTML pages

7. 2014.10.14 SLIDE 7IS 257 – Fall 2014 Lecture Outline Review –Databases for Web Applications – Overview ColdFusion PHP –DiveShop in PHP Introduction to ORACLE and SQL-Plus

8. 2014.10.14 SLIDE 8IS 257 – Fall 2014 Web Application Server Software ColdFusion PHP ASP JSP Django All of the are server-side scripting languages that embed code in HTML pages

9. 2014.10.14 SLIDE 9 Coldfusion Coldfusion was one of the first server-side scripting languages and it is still available and used –Originally produced by a company called Allaire, it is now owned by Adobe and is in version 11 –It has always been a commercial product since the mid-1990’s IS 257 – Fall 2014

10. 2014.10.14 SLIDE 10IS 257 – Fall 2014 ColdFusion Developing WWW sites typically involved a lot of programming to build dynamic sites –e.g. Pages generated as a result of catalog searches, etc. ColdFusion was designed to permit the construction of dynamic web sites with only minor extensions to HTML through a DBMS interface

11. 2014.10.14 SLIDE 11IS 257 – Fall 2014 ColdFusion Started as CGI –Drawback, as previously discussed, is that the entire system is run for each cgi invocation Split into cooperating components –Windows service -- runs constantly –Server modules for 4 main Web Server API (glue that binds web server to ColdFusion service) {Apache, ISAPI, NSAPI, WSAPI} –Special CGI scripts for other servers

12. 2014.10.14 SLIDE 12IS 257 – Fall 2014 What ColdFusion is Good for Putting up databases onto the Web Handling dynamic databases (Frequent updates, etc) Making databases searchable and updateable by users The basic scripting elements are simple, and similar in style to other server-side scripting languages (but the syntax is often different)

13. 2014.10.14 SLIDE 13 Coldfusion The Coldfusion engine runs in parallel with the web server, and is passed any page in the web server directories that has the appropriate file name extension (.cfm) The engine processes any Coldfusion script on the web page and passes back an HTML page with the scripts replaced by the script result As a simple example… IS 257 – Fall 2014

14. 2014.10.14 SLIDE 14IS 257 – Fall 2014 Coldfusion Templates Assume we have a database named contents_of_my_shopping_cart.mdb -- single table called contents... –With attributes “Item”, “Date_of_item”, “Price” Create an HTML page (uses extension.cfm), before... SELECT * FROM contents ;

15. 2014.10.14 SLIDE 15IS 257 – Fall 2014 Coldfusion Templates cont. … the cfquery goes here… Contents of My Shopping Cart Contents of My Shopping Cart #Item# #Date_of_item# $#Price#

16. 2014.10.14 SLIDE 16IS 257 – Fall 2014 Templates cont. Contents of My Shopping Cart Bouncy Ball with Psychedelic Markings 12 December 1998 $0.25 Shiny Blue Widget 14 December 1998 $2.53 Large Orange Widget 14 December 1998 $3.75

17. 2014.10.14 SLIDE 17IS 257 – Fall 2014 CFIF and CFELSE Item: #Item#

18. 2014.10.14 SLIDE 18IS 257 – Fall 2014 More Templates INSERT INTO Employees(firstname, lastname, phoneext) VALUES( ‘ #firstname# ’, ‘ #lastname# ’, ‘ #phoneext# ’ ) Employee Added Employee #firstname# #lastname# added.

19. 2014.10.14 SLIDE 19IS 257 – Fall 2014 CFML ColdFusion Markup Language Read data from and update data to databases and tables Create dynamic data-driven pages Perform conditional processing Populate forms with live data Process form submissions Generate and retrieve email messages Perform HTTP and FTP function Perform credit card verification and authorization Read and write client-side cookies

20. 2014.10.14 SLIDE 20IS 257 – Fall 2014 Requirements Unix or Windows systems Install as SuperUser Databases must be defined via “data source names (DSNs) by administrator

21. 2014.10.14 SLIDE 21IS 257 – Fall 2014 Requirements and Set Up Field names should be devoid of spaces. Use the underscore character, like new_items instead of "new items." Use key fields. Greatly reduces search time. Check permissions on the individual tables in your database and make sure that they have read-access for the username your Web server uses to log in. If your fields include large blocks of text, you'll want to include basic HTML coding within the text itself, including boldface, italics, and paragraph markers.

22. 2014.10.14 SLIDE 22IS 257 – Fall 2014 Lecture Outline Review –Databases for Web Applications – Overview ColdFusion PHP –DiveShop in PHP More on ORACLE and SQL-Plus

23. 2014.10.14 SLIDE 23IS 257 – Fall 2014 PHP PHP is an Open Source Software project with many programmers working on the code. –Commonly paired with MySQL, another OSS project –Free –Both Windows and Unix support Estimated that more than 250,000 web sites use PHP as an Apache Module.

24. 2014.10.14 SLIDE 24IS 257 – Fall 2014 PHP Syntax Similar to “C” or Java (note lines end with “;”) Includes most programming structures (Loops, functions, Arrays, etc.) Loads HTML form variables so that they are addressable by name <?php $myvar = “ Hello World ” ; echo $myvar ; ?>

25. 2014.10.14 SLIDE 25IS 257 – Fall 2014 Combined with MySQL DBMS interface appears as a set of functions: <?php mysql_connect(“localhost”, “usename”, “password”); mysql_select_db(“mydb”); $result = mysql_query(“SELECT * FROM employees”); while ($r = mysql_fetch_array($result,MYSQL_ASSOC)) { printf(" %s",$r[”LAST_NAME"]); printf(”, %s ",$r[”FIRST_NAME"]); } ?>

26. 2014.10.14 SLIDE 26 Making the PW External Problem: the database and PW are in the source… IS 257 – Fall 2014 <?php mysql_connect(“localhost”, “usename”, “password”); mysql_select_db(“mydb”); $result = mysql_query(“SELECT * FROM employees”); while ($r = mysql_fetch_array($result,MYSQL_ASSOC)) { printf(" %s",$r[”LAST_NAME"]); printf(”, %s ",$r[”FIRST_NAME"]); } ?>

27. 2014.10.14 SLIDE 27 Making the PW External IS 257 – Fall 2014 <?php include 'msqlini.php'; mysql_connect($host,$user,$pw) or die("Could not connect: ". mysql_error()); mysql_select_db(“mydb”); $result = mysql_query(“SELECT * FROM employees”); while ($r = mysql_fetch_array($result,MYSQL_ASSOC)) { printf(" %s",$r[”LAST_NAME"]); printf(”, %s ",$r[”FIRST_NAME"]); } ?>

28. 2014.10.14 SLIDE 28 Making the PW External <?php $inifile = "/home/ray/.mysql_settings_harbinger.ini"; /* Access required data for database access from isolated file */ if (!$settings = parse_ini_file($inifile, TRUE)) throw new exception('Unable to open '. $file. '.'); $host = $settings['database']['host']; $dbname = $settings['database']['dbname']; $user = $settings['database']['username']; $pw = $settings['database']['password']; ?> IS 257 – Fall 2014 msqlini.php

29. 2014.10.14 SLIDE 29 Making the PW External.mysql_settings_harbinger.ini [database] driver = mysql host = localhost dbname = ray username = ray password = whatever_your_pw_is port=3306 IS 257 – Fall 2014

30. 2014.10.14 SLIDE 30 More protection… For data input and passing parameters you will also need to use parameterized or “prepared” SQL statements to avoid the possibility of SQL Injection attacks: IS 257 – Fall 2014

31. 2014.10.14 SLIDE 31 Mysqli – an enhanced interface IS 257 – Fall 2014 include 'msqlini.php’; $mysqli = new mysqli($host,$user,$pw,$dbname); if ($mysqli->connect_error) { echo "Failed to connect to MySQL: (". $mysqli->connect_errno. ") ". $mysqli->connect_error;} $cust_id = $_GET["cust_id"]; $cust_id = mysql_real_escape_string($cust_id); /* start first prepared statement */ $stmt = $mysqli->stmt_init(); if ($stmt->prepare("SELECT * FROM DIVECUST where Customer_No= ? ")) { if (!$stmt->bind_param("i", $cid)) { echo "Binding parameters failed: (". $stmt->errno. ") ". $stmt->error; } $cid = $cust_id; if (!$stmt->execute()) { echo "Execute failed: (". $stmt->errno. ") ". $stmt->error; } $stmt->bind_result($custid,$name,$street,$city,$state,$zip,$country,$phone, $contact);

32. 2014.10.14 SLIDE 32IS 257 – Fall 2014 Diveshop PHP Examples on Harbinger… Example source on class web site

33. 2014.10.14 SLIDE 33IS 257 – Fall 2014 ASP – Active Server Pages Another server-side scripting language From Microsoft using Visual Basic as the Language model (VBScript), though Javascript (actually MS Jscript) is also supported Works with Microsoft IIS and gives access to ODBC databases Most commonly used for Access or MS SQL Server

34. 2014.10.14 SLIDE 34IS 257 – Fall 2014 ASP Syntax <% SQL="SELECT last, first FROM employees ORDER BY last" set conn = server.createobject("ADODB.Connection") conn.open “ employee" set people=conn.execute(SQL) %> <% do while not people.eof set resultline=people(0) & “, “ & people(1) & “ ” Response.Write(resultline) people.movenext loop%>

35. 2014.10.14 SLIDE 35IS 257 – Fall 2014 Lecture Outline Review –Databases for Web Applications – Overview ColdFusion –DiveShop in ColdFusion PHP –DiveShop in PHP More on MySQL and SQL

36. 2014.10.14 SLIDE 36IS 257 – Fall 2014 Today More on SQL for data manipulation and modification

37. 2014.10.14 SLIDE 37IS 257 – Fall 2014 SELECT Syntax: –SELECT [DISTINCT] attr1, attr2,…, attr3 as label, function(xxx), calculation, attr5, attr6 FROM relname1 r1, relname2 r2,… rel3 r3 WHERE condition1 {AND | OR} condition2 ORDER BY attr1 [DESC], attr3 [DESC]

38. 2014.10.14 SLIDE 38IS 257 – Fall 2014 SELECT Conditions = equal to a particular value >= greater than or equal to a particular value > greater than a particular value <= less than or equal to a particular value <> or != not equal to a particular value LIKE ‘%wom_n%’ (Note different wild card from Access) opt1 SOUNDS LIKE opt2 IN (‘opt1’, ‘opt2’,…,’optn’) BETWEEN opt1 AND opt2 IS NULL or IS NOT NULL

39. 2014.10.14 SLIDE 39IS 257 – Fall 2014 Aggregate (group by) Functions COUNT(dataitem) COUNT(DISTINCT expr) AVG(numbercolumn) SUM(numbercolumn) MAX(numbercolumn) MIN(numbercolumn) STDDEV(numbercolumn) VARIANCE(numbercolumn) and other variants of these…

40. 2014.10.14 SLIDE 40IS 257 – Fall 2014 Numeric Functions ABS(n) ACOS(n) ASIN(n) ATAN(n) ATAN2(n, m) CEIL(n) COS(n) COSH(n) CONV(n, f- base,t-base) COT(n) ROUND(n) SIGN(n) SIN(n) SINH(n) SQRT(n) TAN(n) TANH(n) TRUNCATE( n,m) DEGREES(n) EXP(n) FLOOR(n) LN(n) LOG(n,b) MOD(n) PI() POWER(n,p)

41. 2014.10.14 SLIDE 41IS 257 – Fall 2014 Character Functions returning character values CHAR(n,…) CONCAT(str1,str2,…) LOWER(char) LPAD(char, n,char2), RPAD(char, n,char2) LTRIM(char, n, cset), RTRIM(char, n, cset) REPLACE(char, srch, repl) SOUNDEX(char) SUBSTR(char, m, n) UPPER(char)

42. 2014.10.14 SLIDE 42IS 257 – Fall 2014 Character Function returning numeric values ASCII(char) INSTR(char1, char2) LENGTH(char) BIT_LENGTH(str) CHAR_LENGTH(str) LOCATE(substr,str) LOCATE(substr,str,po s) and many other variants.

43. 2014.10.14 SLIDE 43IS 257 – Fall 2014 Date functions ADDDATE(dt, INTERVAL expr unit) or ADDDATE(dt, days) ADDTIME(dttm, time) LAST_DAY(dt) MONTH(dt) – YEAR(dt) – DAY(dt) MONTHNAME(dt) NOW() NEW_TIME(d, z1, z2) -- PST, AST, etc. NEXT_DAY(d, dayname) STR_TO_DATE(str,format) SYSDATE()

44. 2014.10.14 SLIDE 44IS 257 – Fall 2014 Assignment 3 Assignment 3 is some additional (and occasionally more complex) searches to be run on the Diveshop database These should be run via the command line (via login to ischool.berkeley.edu) Assignment 3 is posted on the class web site Walkthrough online version Due Thursday, Oct. 24th