Web Systems Development (CSC-215)

Slides:



Advertisements
Similar presentations
PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.
Advertisements

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.
Multiple Tiers in Action
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
1 Foundations of Software Design Lecture 27: Java Database Programming Marti Hearst Fall 2002.
Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide
PHP-MySQL By Jonathan Foss. PHP and MySQL Server Web Browser Apache PHP file PHP MySQL Client Recall the PHP architecture PHP can communicate with a MySQL.
Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
MySQL + PHP.  Introduction Before you actually start building your database scripts, you must have a database to place information into and read it from.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
1 Data Bound Controls II Chapter Objectives You will be able to Use a Data Source control to get data from a SQL database and make it available.
Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.
15/10/20151 PHP & MySQL 'Slide materials are based on W3Schools PHP tutorial, 'PHP website 'MySQL website.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
Chapter 6 PHP Interacts with Mysql Database. Introduction In PHP, there is no consolidated interface. Instead, a set of library functions are provided.
MySQL Databases & PHP Integration Using PHP to write data to, and retrieve data from, a MySQL database.
SYST Web Technologies SYST Web Technologies Databases & MySQL.
PHP and MySQL CS How Web Site Architectures Work  User’s browser sends HTTP request.  The request may be a form where the action is to call PHP.
PHP Part 2.
1. Connecting database from PHP 2. Sending query 3. Fetching data 4. Persistent connections 5. Best practices.
CHAPTER 7 Form & PHP. Introduction All of the following examples in this section will require two web pages. The first page retrieves information posted.
Creating PHPs to Insert, Update, and Delete Data CS 320.
SQL Injection Jason Dunn. SQL Overview Structured Query Language For use with Databases Purpose is to retrieve information Main Statements Select Insert.
2010/11 : [1]PHP with MySQLBuilding Web Applications using MySQL and PHP (W1) PHP with MySQL.
Security Considerations Steve Perry
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
13 – PHP MySQL Connection Informatics Department Parahyangan Catholic University.
PHP and SQL Server: Connection IST 210: Organization of Data IST2101.
COM621: Advanced Interactive Web Development Lecture 10 PHP and MySQL.
PHP AND SQL SERVER: CONNECTION IST 210: Organization of Data IST210 1.
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.
PHP using MySQL Database for Web Development (part II)
Web Database Programming Using PHP
PHP (Session 2) INFO 257 Supplement.
Group 18: Chris Hood Brett Poche
Databases.
IST 220 – Intro to Databases
Introduction to Dynamic Web Programming
CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr
Example – SQL Injection
Web Database Programming Using PHP
Unix System Administration
Session 4 PHP & MySQL.
Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©
Web Design and Development
Database application MySQL Database and PhpMyAdmin
Introduction to Web programming
Arrays and files BIS1523 – Lecture 15.
Website Development Basics with PHP MySQL
PHP Overview PHP: Hypertext Preprocessor Server-Side Scripting
ISC440: Web Programming 2 Server-side Scripting PHP 3
Web Systems Development (CSC-215)
Web Systems Development (CSC-215)
PHP: Security issues FdSc Module 109 Server side scripting and
MySQL Web Application Connecting to a MySQL database
Web DB Programming: PHP
Server-Side Processing II
Tutorial 6 PHP & MySQL Li Xu
MySQL Web Application Connecting to a MySQL database
PHP Forms and Databases.
Database Access with PHP and MySQL
Introduction to Web programming
Unit – II Part III Scripting Essentials PHP and MySQL Form Handling
Presentation transcript:

Web Systems Development (CSC-215) Lecture 7: Working with Databases

localhost/phpMyAdmin

phpMyAdmin on Remote Host

Set up sample database

Set up sample database

Add sample entry

Confirmation of entry

Confirmation of entry

Process Connect to MySQL Select the database to use Build a query string Perform the query Retrieve results and output to a web page Repeat 3-5 until all desired data has been retrieved Disconnect from MySQL

Standard (Deprecated) vs. MySQLi If you’re looking up tutorials, make sure to use MySQLi as covered in the lecture The textbook includes deprecated version of the same code as well for reference

Creating a Login File

Connecting to MySQL Server

Building and executing a query

Fetch Result

fetch_array() Can return 3 types of arrays MYSQLI_NUM MYSQLI_ASSOC Numeric, columns appear in the array in the order defined in the table MYSQLI_ASSOC Associative, each key refers to a column (by name) MYSQLI_BOTH Associative and numeric array

Example

Make connection

Deleting a record

Inserting a record

Create input form

Get all entries

Display all entries

Close

Sanitize

End of example

SQL Injection User verification code

Preventing SQL Injection Normal usage

Preventing SQL Injection Entry for user field

Deletion Example

PHP’s Magic Quotes Feature Automatically adds back slash to characters like single and double quotes Bypass and use mysql_real_escape_string()

Solution Disable special characters by prepending slashes using real_escape_string()

Preventing HTML Injection Example of maliciously inserted code, via, e.g., a form that displays its input XSS: Cross-Site Scripting

Use htmlentities() to convert

Embedding PHP in HTML

Document head

Setting up table

Set up calculation

Class Activity Set up a script that is similar to the Fibonacci one but instead of Fibonacci numbers, calculate the sum to n for each number S0 = 0 S1 = 0 + 1 = 1 S2 = 0 + 1 + 2 = 3 S4 = 0 + 1 + 2 + 3 = 6 S5 = 0 + 1 + 2 + 3 + 4 = 10 Print only two columns, Sn and the sum Set different colors for alternating rows

Lecture content adapted from chapter 10 of Learning PHP, MySQL, JavaScript, CSS & HTML5.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.