Server-Side Scripting with PHP

advertisement
CSC 2720
Building Web Applications
Server-side Scripting with PHP
Overview of Server-Side Scripting
Web Client
HTTP
Request
1
2
3
HTTP
Response
5
Web
Server
Static Content
(HTML, Images, etc.)
Runtime environments
for server side scripts
(PHP, Perl, JSP, etc.)
4
PHP
Scripts
Perl
Scripts
JSP
Scripts
Overview of Server-Side Scripting
1. Web client sends a HTTP request to a server
 A HTTP request consists of
 A request method: GET, POST, HEAD, PUT, etc. (GET and
POST are the two most common used methods)
 A URI that identifies the requested resource
 Header fields
 A body (which can be empty)
2. Web server determines how to retrieve the requested
resource.
 In the web server configuration file, one can specify how a particular
kind of resources is to be handled. For examples,




Files with .php extension  To be handled by the PHP module
Files with .html, .jpg, .gif extensions  To be retrieve directly
Files in folder /xxx/yyy/  To be treated as CGI scripts
…
Overview of Server-Side Scripting
3. Runtime environment
 A runtime environment typically has the following
capabilities
 Interpreting/executing the server-side scripts
 Maintaining sessions
 Parsing incoming HTTP request and generating outgoing HTTP
response
 Caching generated output, frequently-used scripts, etc.
 Different scripting languages may require different runtime
environments
4. The requested script is processed by the corresponding
runtime environment and the generated output is placed in
the body of a HTTP response.
5. The HTTP response is sent to the web client.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<html>
<head>
<title>Basic PHP Page</title>
</head>
PHP Script is embedded within
<body>
<?php … ?> in a text file .
<?php
echo "Hello World!";
?>
- Typically store in a file with the
extension .php
<hr>
- Usually inter-weaving with HTML
codes
<?php echo "How are you?"; ?>
</body>
</html>
A PHP Script that output "Hello World".
PHP Tutorials (The Basics)
http://www.w3schools.com/PHP/default.asp
 Output
 Variables
 Strings
 Operators
 Named Constants
 Single vs. Double Quotation marks
 Arrays
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
…
<form action="form1.php" method="POST">
Name: <input type="text" name="name" /><br/>
<input type="submit" />
</form>
<hr />
<?php
// If the user reaches this page by submitting
// the name through the above form.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!empty($_POST['name']))
echo "Hello! " . $_POST['name'];
else
echo "Please enter a name";
}
?>
<br />
…
form1.php: Retrieving and displaying form data
Retrieving Form Data
 PHP made available the form data embeded in a
HTTP request through several supergobal arrays:
 $_POST
 Contains form data sent via the POST method
 $_GET
 Contains form data sent via the GET method
 $_REQUEST
 Union of $_GET, $_POST, and $_COOKIE
 Convenient to use but not secure (why?)
Other Superglobal Arrays
 $_FILES
 Contains data sent via the HTTP POST file upload
 $_COOKIE
 Contains cookies embedded in the HTTP header
 $_SESSION
 Stores data within a script's session
 $_ENV
 Contains data provided by the environment
 $_SERVER
 Contains data set by the web server (e.g., server's name, version,
etc.)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
…
<form action="form2.php" method="GET">
<select name="list1[]" multiple="true" size="3">
<option value="Value 1">List Item #1</option>
<option value="Value 2">List Item #2</option>
<option value="Value 3">List Item #3</option>
</select>
<input type="submit" />
</form>
<hr />
<?php
if (is_array($_GET['list1'])) {
foreach ($_GET['list1'] as $value)
echo $value . "<br />";
}
?>
…
form2.php: Retrieving multiple data from a list or check boxes
Checking for Omitted Input
 If a text field, password field, or text area is blank,
an empty string is assumed to be its value.
 i.e., the corresponding variable name will still appear in
the query string as
name1=&name2=
 If a user does not
 Click a button
 Select any item from a selectable list
 Check a radio button or check box
the corresponding variable is not returned
 i.e., the corresponding variable name won't appear in the
query string.
Checking for Omitted Input
 isset($var) is false if and only if $var is NULL.
 i.e., either $var does not exist or is never assigned a
value.
 Use this function to check if a form variable exists
 Use this function to check if a check box, radio button,
button, or a selectable list has a value
 empty($var) is true if $var is 0, empty string,
NULL, or FALSE.
 Use this function to check if a text field, password field,
or text area has a value that is not an empty string.
Checking the data type of a variable
 is_array($var) is true if and only if $var is an
array.
 is_numeric($var) is true if $var is a
numerical-type variable or a string containing a
valid numeric value.
 Use this function to check if a value entered in a form is
a number or not.
 Other type validating functions:
 is_bool(), is_float(), is_int(),
is_null(), is_resource(), is_scalar(),
is_string()
Making Sticky Form
 A sticky form is simply a standard HTML form that
remembers how you filled it out.
 Text field example:
<input type="text" name="city" size="20"
value="<?php echo $_POST['city']; ?>" />
 Selectable list example:
echo '<select name="year">';
for ($y = 2008; $y <= 2018; $y++) {
echo "<option value=\"$y\";
if ($year == $y)
Can you give an
echo ' selected="selected"';
example when you
echo ">$y</option>\n";
should use a sticky
}
form?
echo '</select>';
Using External Files
 include() and require()
 Insert the content of a file into the script that calls the function.
 e.g.,
include('header.ihtml');
include('C:/php/abc/file.php');
 Can be used to include header, menu, footer of a web site.
 When include() fails, it output a warning message but the script
will continue to run.
 When require() fails, it output a warning message and the script
is halted.
 include_once() and require_once()
 Only include/insert the content of a file once per request.
 Usually used to include PHP library codes.
Forwarding the request to another PHP file
1
2
3
4
5
6
7
8
9
10
11
12
<?php
// User has not yet logged in
if (…) {
// Show the login page instead
include("login.php");
exit();
// Return immediately
}
// Otherwise proceed with displaying the file content
?>
<html>
…
</html>
 Anything output before calling include() will remain in
the output.
 The URL shown in the web client will be the URL of the
above file and not the URL of login.php.
Download