Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 405: Web Application Engineering II8.1 Web programming using PHP What have we learnt? What have we learnt? Underlying technologies of database supported.

Published bySibyl Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "CSC 405: Web Application Engineering II8.1 Web programming using PHP What have we learnt? What have we learnt? Underlying technologies of database supported."— Presentation transcript:

1 CSC 405: Web Application Engineering II8.1 Web programming using PHP What have we learnt? What have we learnt? Underlying technologies of database supported web sites Underlying technologies of database supported web sites Constructing database supported web sites Constructing database supported web sites Accessing the MySQL database from PHP scripts Accessing the MySQL database from PHP scripts Example: A mailing list Example: A mailing list auto_increment in MySQL auto_increment in MySQL

2 CSC 405: Web Application Engineering II8.2 What have we learnt? Overview: A PHP file: <html> Hello World Hello World Hello "; Hello "; echo " WORLD "; echo " WORLD ";?> </html>

3 CSC 405: Web Application Engineering II8.3 Until now: Variables, numbers, strings and arrays Variables, numbers, strings and arrays Computations Computations if-constructs and loops if-constructs and loops Functions and code reuse Functions and code reuse Entering user data using forms Entering user data using forms Validating user data using regular expressions Validating user data using regular expressions

4 CSC 405: Web Application Engineering II8.4 General client-server database architechture Clients can potentially run on different Clients can potentially run on different physical machines Database processes run on the same Database processes run on the same physical machine One database process is established for One database process is established for each client connection Database processes are maintained by a Database processes are maintained by a database daemon

5 CSC 405: Web Application Engineering II8.5 CGI-scripts and database access (CGI = Common Gateway Interface) Pros of CGI-scripts All major web servers support CGI-scripts All major web servers support CGI-scripts All programming languages can be used to construct CGI-scripts All programming languages can be used to construct CGI-scripts Cons of CGI-scripts The CGI-program is started as a new operating system process each time a request arrives The CGI-program is started as a new operating system process each time a request arrives Additionally, a new database server process is started for each request Additionally, a new database server process is started for each request The CGI-program must be authorised by the newly created database server process The CGI-program must be authorised by the newly created database server process It takes some time to close the CGI-program It takes some time to close the CGI-program

6 CSC 405: Web Application Engineering II8.6 Two strategies for connecting the web server and database Slow database connection using CGI: Fast database connection using fixed connections:

7 CSC 405: Web Application Engineering II8.7 Web servers with fixed database connections and scripting Pros: Fast startup of interpreted program Fast startup of interpreted program Fast access to existing database connections Fast access to existing database connectionsCons: Tightly connected to a specific web server—possibly non-portable Tightly connected to a specific web server—possibly non-portable

8 CSC 405: Web Application Engineering II8.8 Java Applets Pros: Fast execution on the client (browser), at the expense of longer downloading time Fast execution on the client (browser), at the expense of longer downloading time Potential for good usability Potential for good usabilityCons: Safety problems—an additional open port to the database Safety problems—an additional open port to the database Licensing problems—as a port for database connection must be open, typically the license paid is Licensing problems—as a port for database connection must be open, typically the license paid is proportional to the number of concurrent users proportional to the number of concurrent users Potentially many database connections and many running database servers—when can one assume that a Potentially many database connections and many running database servers—when can one assume that a database connection is no longer needed? database connection is no longer needed? Is not supported or enabled on all browsers, and is problematic with PDAs Is not supported or enabled on all browsers, and is problematic with PDAs

9 CSC 405: Web Application Engineering II8.9 Safety A hacker attack on data requires the following: 1. A connection to the database servers IP address 2. Password to the database server or 1. A connection to the server’s IP address 2. A root password (by hacking the machine) or... To prevent attacks: Move the database server behind a firewall and Move the database server behind a firewall and allow only connections to the web server Move the web server behind a firewall and Move the web server behind a firewall and allow only connections via port 80 allow only connections via port 80

10 CSC 405: Web Application Engineering II8.10 Constructing database supported web sites We construct a database supported web site using the following steps: Step 1: Constructing a data model Which information should be stored and how should it be represented? Which information should be stored and how should it be represented? This is the hard part!!! This is the hard part!!! Step 2: Developing data transactions How do we insert data into the database? How do we insert data into the database? How do we extract data from the database? How do we extract data from the database? Step 3: Constructing web-forms for implementing data transactions The user interface is HTML code (forms) The user interface is HTML code (forms) Step 4: Constructing PHP-files for implementing data transactions SQL (Structured Query Language) is used for the actual data transactions SQL (Structured Query Language) is used for the actual data transactions This is the easy part! This is the easy part! Note: The more time you spend on Step 3, the easier Step 4 becomes!

11 CSC 405: Web Application Engineering II8.11 Example: A mailing list Using the mailing list system, we must be able to create a list of names and emails for distributing emails. The same common list is maintained by all people using the system. The only information stored are the names and email addresses. Step 1: The data model CREATE TABLE maillist ( email varchar(100) not null, name varchar(100) not null ); We assume that no two persons use the same email address, i.e., it is unique. We insist that the name as well as the email address are present.

12 CSC 405: Web Application Engineering II8.12 Example: A mailing list—continued Step 3: Constructing web forms and site maps The boxes in the diagram represent states where HTML code is displayed in a browser The boxes in the diagram represent states where HTML code is displayed in a browser Unlabelled arrows represent links to a new HTML page, possibly generated by a PHP script Unlabelled arrows represent links to a new HTML page, possibly generated by a PHP script Labelled arrows represent transactions that update the database by running a PHP script Labelled arrows represent transactions that update the database by running a PHP script

13 CSC 405: Web Application Engineering II8.13 Example: A mailing list—continued Step 3: Constructing web forms: maillist_add.html: Step 3: Constructing web forms: maillist_add.html:<HTML> Add Yourself to Mailing List Add Yourself to Mailing List Email: Email: Name: Name: webmaster@my.com webmaster@my.com </BODY></HTML>Note: The file maillist_add.php is the form action The file maillist_add.php is the form action The form contains two fields called email and name The form contains two fields called email and name

14 CSC 405: Web Application Engineering II8.14 Example: A mailing list—continued Step 4: Constructing PHP filer The file maillist.php—displaying email addresses: Mailing list members Mailing list members <? // Establish database connection $db = mysql_connect("mysql.itu.dk", "W2_panic", "***"); mysql_select_db("W2_F2004_panic", $db); // Extract rows from the table $rows = mysql_query("SELECT email, name FROM maillist"); // Iterate through the rows while ( $row = mysql_fetch_row($rows) ) { // Display a single row echo " $row[1] "; } ?> Add Yourself Add Yourself webmaster@my.com webmaster@my.com </BODY></HTML>

15 CSC 405: Web Application Engineering II8.15 Example: A mailing list—continued The file maillist_add.php—adding an email address: <? // Establish database connection $db = mysql_connect("mysql.itu.dk", "W2_panic", "***"); mysql_select_db("W2_F2004_panic", $db); // Insert data into the database mysql_query("INSERT INTO maillist (email, name) VALUES (’$email’, ’$name’)"); VALUES (’$email’, ’$name’)"); header("Location: maillist.php"); // Jump to maillist.php header("Location: maillist.php"); // Jump to maillist.php?>Note: By calling the function header with location maillist.php, information is sent to the browser (via HTTP) informing it to request the file maillist.php from the server. By calling the function header with location maillist.php, information is sent to the browser (via HTTP) informing it to request the file maillist.php from the server. As this happens rapidly—and without user interaction—the result is that the updated mailing list is displayed for the user. As this happens rapidly—and without user interaction—the result is that the updated mailing list is displayed for the user. Are there any inconveniencies or defects in the scripts above? Are there any inconveniencies or defects in the scripts above?

16 CSC 405: Web Application Engineering II8.16 Using an include file for establishing a connection—mydb.php By using an include file, we avoid writing password information in all files: Error in PHP script $msg "; Error in PHP script $msg ";exit();} // function for establishing connection to the database function mydb_connect() {$dbhost = "mysql.itu.dk"; $user = "W2_panic"; $database = "W2_F2004_panic"; $passwd = "***"; $db = mysql_connect($dbhost, $user, $passwd); if ( $db == 0 ) { error ("Connection to database on ’$dbhost’ failed"); } if ( mysql_select_db($database, $db) == 0 ) { error ("Failed to select database ’$user’"); if ( mysql_select_db($database, $db) == 0 ) { error ("Failed to select database ’$user’"); } }?> }?> Note: We check the return values from mysql_connect and mysql_select_db

17 CSC 405: Web Application Engineering II8.17 Extending the mailing list example Let us extend our mailing list example so that it is possible to remove names from the list We consider the four steps again: Step 1: The data model is unchanged (table maillist) Step 2: The following data transaction is added: Deleting email and corresponding name Deleting email and corresponding name DELETE FROM maillist WHERE email = ’gates@microsoft.com’;

18 CSC 405: Web Application Engineering II8.18 Extending the mailing list example—continued Step 3: Constructing a site map: The file maillist2_del.php deletes a row from the table The file maillist2_del.php deletes a row from the table This file expects a form variable email, transferred in a link in the file maillist2.php: maillist2_del.php?email=gates@microsoft.com This file expects a form variable email, transferred in a link in the file maillist2.php: maillist2_del.php?email=gates@microsoft.com

19 CSC 405: Web Application Engineering II8.19 Extending the mailing list example—continued Step 4: Constructing PHP files The file maillist2.php: Mailing list members (version 2) Mailing list members (version 2) <? include("mydb.php"); // Include utilities <? include("mydb.php"); // Include utilities mydb_connect(); // Connect to the database mydb_connect(); // Connect to the database // Extract rows from the table // Extract rows from the table $rows = mysql_query("SELECT email, name FROM maillist"); $rows = mysql_query("SELECT email, name FROM maillist"); // Iterate through the rows // Iterate through the rows while ( $row = mysql_fetch_row($rows) ) { while ( $row = mysql_fetch_row($rows) ) { // Display a single row // Display a single row echo " $row[1] echo " $row[1] -- delete "; -- delete ";}?> Add Yourself Add Yourself webmaster@my.com webmaster@my.com </HTML>

20 CSC 405: Web Application Engineering II8.20 Extending the mailing list example—continued The file maillist2_del.php: <? include("mydb.php"); // Include utilities include("mydb.php"); // Include utilities // Check form variables if ( ereg("[a-zA-Z][a-zA-Z.0-9-]*@[a-zA-Z.0-9-]+", $email) == 0 ) { error("Go back and enter an email!"); } mydb_connect(); // Connect to the database // Delete a row mysql_query("DELETE FROM maillist WHERE email = ’$email’"); // Jump to the main page header("Location: maillist2.php"); ?> Note: We check that the form variable email is a valid email address Next time: We consider among other things how to send email to the email addresses

21 CSC 405: Web Application Engineering II8.21 Generating unique ID numbers in MySQL In MySQL you can use auto_increment to generate fresh ID numbers automatically when inserting new rows into a table Example: CREATE TABLE Users (id int auto_increment primary key, name varchar(100) not null); name varchar(100) not null); INSERT INTO Users (name) VALUES (’Martin Elsman’); INSERT INTO Users (name) VALUES (’Niels Hallenberg’); Other database systems provide similar functionality In PHP, to get the ID generated for an AUTO_INCREMENT column by an INSERT query, you use the mysql_insert_id function: <? // Insert a new row mysql_query("INSERT INTO Users (name) VALUES (’Martin Elsman’)"); // Get the auto_increment id column echo "Martin Elsman got ID number ".mysql_insert_id(); ?>

22 CSC 405: Web Application Engineering II8.22 Exercise Constructing a commentary service Constructing a commentary service Add a functionality allowing the readers of your web pages to comment them... Add a functionality allowing the readers of your web pages to comment them...

Download ppt "CSC 405: Web Application Engineering II8.1 Web programming using PHP What have we learnt? What have we learnt? Underlying technologies of database supported."

Similar presentations

PHP: Date() Function The PHP date() function formats a timestamp to a more readable date and time.

PHP: Date() Function The PHP date() function formats a timestamp to a more readable date and time.
PHP II Interacting with Database Data. The whole idea of a database-driven website is to enable the content of the site to reside in a database, and to.

PHP II Interacting with Database Data. The whole idea of a database-driven website is to enable the content of the site to reside in a database, and to.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Tutorial 6 Creating a Web Form

Tutorial 6 Creating a Web Form
Web Database Programming Connecting Database to Web.

Web Database Programming Connecting Database to Web.
Computer Monitoring System for EE Faculty By Yaroslav Ross And Denis Zakrevsky Supervisor: Viktor Kulikov.

Computer Monitoring System for EE Faculty By Yaroslav Ross And Denis Zakrevsky Supervisor: Viktor Kulikov.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
1 Chapter 12 Working With Access 2000 on the Internet.

1 Chapter 12 Working With Access 2000 on the Internet.
Objectives Connect to MySQL from PHP

Objectives Connect to MySQL from PHP
Multiple Tiers in Action

Multiple Tiers in Action
Website Development & Management PHP Odds & Ends Instructor: John Seydel, Ph.D. CIT 3353 -- Fall 2006 www.clt.astate.edu/jseydel/mis3353.

Website Development & Management PHP Odds & Ends Instructor: John Seydel, Ph.D. CIT Fall
Intermediate PHP & MySQL

Intermediate PHP & MySQL
PHP Scripts HTML Forms Two-tier Software Architecture PHP Tools.

PHP Scripts HTML Forms Two-tier Software Architecture PHP Tools.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Creating Web Page Forms

Creating Web Page Forms
1 CS428 Web Engineering Lecture 23 MySQL Basics (PHP - VI)

1 CS428 Web Engineering Lecture 23 MySQL Basics (PHP - VI)
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io

Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
Application Development Description and exemplification of server-side scripting language for server connection, database selection, execution of SQL queries.

Application Development Description and exemplification of server-side scripting language for server connection, database selection, execution of SQL queries.
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.

Similar presentations

Ads by Google