School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database

School of Computing and Information Systems CS 371 Web Application Programming Overview name SubmitCancel Internet client server clients sends name and to php script

School of Computing and Information Systems CS 371 Web Application Programming HTML Forms all forms must be surrounded by form tag controls are created using the tags: input (text, checkbox, radio, submit, image, reset, button, hidden, file) button textarea select (optgroup, option) specify php script in action attribute specify method as GET or POST

School of Computing and Information Systems CS 371 Web Application Programming Method: Post vs. Get Get data is appended to URL number of chars limited by browser user can see (and change) vars can be bookmarked Post data is sent via separate http message number of chars is unlimited cannot be bookmarked

School of Computing and Information Systems CS 371 Web Application Programming How PHP Receives Data: superglobals Get $_GET[‘nameFirst’] // value of html element with a name of ‘nameFirst’ sent using “GET” Post $_POST[‘age’] // value of html element with a name of ‘age’ sent using “POST” There are other ways but these are the most popular

School of Computing and Information Systems CS 371 Web Application Programming HTML Forms Variable Names and Values use name attribute of select and values of the options GVSU Calvin Hope MSU

School of Computing and Information Systems CS 371 Web Application Programming Using Form Data After the form is “submitted” the parameters are sent to the server which executes the PHP script The PHP script then has access to the variables using the superglobals $_GET or $_POST depending on the method Data can then be stored in a database or processed in some other way

School of Computing and Information Systems CS 371 Web Application Programming Cookies Cookies can be set and accessed on both the client (remember javascript?) and server side. Is it more important to access them through a client or server script? Can you generalize about what kind of data should be saved in cookies? What is more secure, cookies or storage on the server?

School of Computing and Information Systems CS 371 Web Application Programming Setting Cookies setcookie(name,value,expire,path,domain) expire is in seconds (60*60*24=1 day) path and domain are optional must be before the tag ex: setcookie(“id”,”123”,time()+3600);

School of Computing and Information Systems CS 371 Web Application Programming Using cookies isset(“id”) returns true if id is a cookie $_COOKIE(“id”) returns the value of the cookie “id” these can be used anywhere in document to delete a cookie use an expires less than current: setcookie(“id”,””,time()-3600)

School of Computing and Information Systems CS 371 Web Application Programming Keeping Track of Visitors web programming is essentially stateless when a script is called can it tell that the user is registered? that they completed steps 1 through n ? that this is the same customer who chose product z ? how to establish state? cookies?, clumsy hidden variables?, unwise for security

School of Computing and Information Systems CS 371 Web Application Programming Sessions Sessions are a built-in way to keep track of the activity of a user during a short period of time transparently generate and recognize session ids allow for variables that store data for the duration of the session default timeout is 24 minutes

School of Computing and Information Systems CS 371 Web Application Programming The Glue that Holds Sessions Together Use before the tag to both start and continue a session php stores the session id on the client (cookie…) when it sees the session_start(), if it can find a match on your computer it continues that session If there is no match, it creates a new session id and starts a new session

School of Computing and Information Systems CS 371 Web Application Programming Session Variables session variables are superglobals like $_GET, $_POST and $_cookie $_SESSION['userId']="1234"; if($_SESSION['shipMeth']=='UPS') … session variables are available until they are removed or the session is over - by default it lasts until user closes browser unset($_SESSION['id']); session_unset(); //removes all vars session_destroy();

School of Computing and Information Systems CS 371 Web Application Programming simple way to send mail($to,$subject,$msg,$headers); $to must be valid address $headers can be typical header data (from, etc)

School of Computing and Information Systems CS 371 Web Application Programming Long Term Storage Internet clie nt server database

School of Computing and Information Systems CS 371 Web Application Programming SQL You should refamiliarize yourself with create table alter table drop table data types in MySql select queries update and delete queries Ira should have ed you MySql password

School of Computing and Information Systems CS 371 Web Application Programming Using MySql from PHP many functions especially for mysql process is: connect to localhost switch to your database (use database) issue queries close database must encode password into connection string - why won't anyone see this?

School of Computing and Information Systems CS 371 Web Application Programming Connecting to Localhost it is possible to connect to a remote database but our EOS sites will connect to the EOS MySql server connect state- ment uses location, id and password. Important to verify that connection was made (die outputs message and terminates) $con = mysql_connect("cis.gvsu.edu","pete","abc"); if (!$con){ die('Could not connect: '.mysql_error()); }

School of Computing and Information Systems CS 371 Web Application Programming Using Database after connecting, you must set the database using mysql_select_db when finished use mysql_close $con = mysql_connect("cis.gvsu.edu","pete","abc"); if (!$con){ die('Could not connect: '.mysql_error()); } mysql_select_db("my_db", $con);... mysql_close($con);

School of Computing and Information Systems CS 371 Web Application Programming Queries mysql_query issues queries and returns result sets queries (like update and delete) that do not return results simply return true or false can use functions to find id (primary key) for inserts or affected rows for update/delete $result = mysql_query("SELECT * FROM cust"); while($row = mysql_fetch_array($result)){ echo $row['fName']. " ". $row['lName']; }

School of Computing and Information Systems CS 371 Web Application Programming php - DOM same basic concept as javaScript except don't have access to current document, so cannot modify html – so what more likely used for creating xml docs methods of a DOMDocument: $doc = new DOMDocument('1.0', 'iso '); $root = $doc->createElement('CS371'); $doc->appendChild($root);

School of Computing and Information Systems CS 371 Web Application Programming Desktop vs Web applications how do sessions allow web apps to be more like desktop apps (without direct connection)? what do forms represent? how do the different types of memory (cookies, session vars, files/db) relate to a desktop environment?

School of Computing and Information Systems CS 371 Web Application Programming REST constraints using javaScript & PHP client-server: separation of concern stateless – how does session vars fit? cacheble – responses must define themselves as cacheable or not – why? layered system – clients cannot tell if connected to end server or intermediary code on demand (javaScript) uniform interface – simplifies and decouples the architecture