CSC 2720 Building Web Applications Server-side Scripting with PHP Overview of Server-Side Scripting Web Client HTTP Request 1 2 3 HTTP Response 5 Web Server Static Content (HTML, Images, etc.) Runtime environments for server side scripts (PHP, Perl, JSP, etc.) 4 PHP Scripts Perl Scripts JSP Scripts Overview of Server-Side Scripting 1. Web client sends a HTTP request to a server A HTTP request consists of A request method: GET, POST, HEAD, PUT, etc. (GET and POST are the two most common used methods) A URI that identifies the requested resource Header fields A body (which can be empty) 2. Web server determines how to retrieve the requested resource. In the web server configuration file, one can specify how a particular kind of resources is to be handled. For examples, Files with .php extension To be handled by the PHP module Files with .html, .jpg, .gif extensions To be retrieve directly Files in folder /xxx/yyy/ To be treated as CGI scripts … Overview of Server-Side Scripting 3. Runtime environment A runtime environment typically has the following capabilities Interpreting/executing the server-side scripts Maintaining sessions Parsing incoming HTTP request and generating outgoing HTTP response Caching generated output, frequently-used scripts, etc. Different scripting languages may require different runtime environments 4. The requested script is processed by the corresponding runtime environment and the generated output is placed in the body of a HTTP response. 5. The HTTP response is sent to the web client. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 <html> <head> <title>Basic PHP Page</title> </head> PHP Script is embedded within <body> <?php … ?> in a text file . <?php echo "Hello World!"; ?> - Typically store in a file with the extension .php <hr> - Usually inter-weaving with HTML codes <?php echo "How are you?"; ?> </body> </html> A PHP Script that output "Hello World". PHP Tutorials (The Basics) http://www.w3schools.com/PHP/default.asp Output Variables Strings Operators Named Constants Single vs. Double Quotation marks Arrays 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 … <form action="form1.php" method="POST"> Name: <input type="text" name="name" /><br/> <input type="submit" /> </form> <hr /> <?php // If the user reaches this page by submitting // the name through the above form. if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!empty($_POST['name'])) echo "Hello! " . $_POST['name']; else echo "Please enter a name"; } ?> <br /> … form1.php: Retrieving and displaying form data Retrieving Form Data PHP made available the form data embeded in a HTTP request through several supergobal arrays: $_POST Contains form data sent via the POST method $_GET Contains form data sent via the GET method $_REQUEST Union of $_GET, $_POST, and $_COOKIE Convenient to use but not secure (why?) Other Superglobal Arrays $_FILES Contains data sent via the HTTP POST file upload $_COOKIE Contains cookies embedded in the HTTP header $_SESSION Stores data within a script's session $_ENV Contains data provided by the environment $_SERVER Contains data set by the web server (e.g., server's name, version, etc.) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 … <form action="form2.php" method="GET"> <select name="list1[]" multiple="true" size="3"> <option value="Value 1">List Item #1</option> <option value="Value 2">List Item #2</option> <option value="Value 3">List Item #3</option> </select> <input type="submit" /> </form> <hr /> <?php if (is_array($_GET['list1'])) { foreach ($_GET['list1'] as $value) echo $value . "<br />"; } ?> … form2.php: Retrieving multiple data from a list or check boxes Checking for Omitted Input If a text field, password field, or text area is blank, an empty string is assumed to be its value. i.e., the corresponding variable name will still appear in the query string as name1=&name2= If a user does not Click a button Select any item from a selectable list Check a radio button or check box the corresponding variable is not returned i.e., the corresponding variable name won't appear in the query string. Checking for Omitted Input isset($var) is false if and only if $var is NULL. i.e., either $var does not exist or is never assigned a value. Use this function to check if a form variable exists Use this function to check if a check box, radio button, button, or a selectable list has a value empty($var) is true if $var is 0, empty string, NULL, or FALSE. Use this function to check if a text field, password field, or text area has a value that is not an empty string. Checking the data type of a variable is_array($var) is true if and only if $var is an array. is_numeric($var) is true if $var is a numerical-type variable or a string containing a valid numeric value. Use this function to check if a value entered in a form is a number or not. Other type validating functions: is_bool(), is_float(), is_int(), is_null(), is_resource(), is_scalar(), is_string() Making Sticky Form A sticky form is simply a standard HTML form that remembers how you filled it out. Text field example: <input type="text" name="city" size="20" value="<?php echo $_POST['city']; ?>" /> Selectable list example: echo '<select name="year">'; for ($y = 2008; $y <= 2018; $y++) { echo "<option value=\"$y\"; if ($year == $y) Can you give an echo ' selected="selected"'; example when you echo ">$y</option>\n"; should use a sticky } form? echo '</select>'; Using External Files include() and require() Insert the content of a file into the script that calls the function. e.g., include('header.ihtml'); include('C:/php/abc/file.php'); Can be used to include header, menu, footer of a web site. When include() fails, it output a warning message but the script will continue to run. When require() fails, it output a warning message and the script is halted. include_once() and require_once() Only include/insert the content of a file once per request. Usually used to include PHP library codes. Forwarding the request to another PHP file 1 2 3 4 5 6 7 8 9 10 11 12 <?php // User has not yet logged in if (…) { // Show the login page instead include("login.php"); exit(); // Return immediately } // Otherwise proceed with displaying the file content ?> <html> … </html> Anything output before calling include() will remain in the output. The URL shown in the web client will be the URL of the above file and not the URL of login.php.