Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advance web Programming Chapter 3: MySQL Date: 28 April 2014 Advance web Programming Chapter 3: MySQL Date: 28 April 2014 Dr. Mogeeb A. A. Mosleh E-mail.

Published byDella Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "Advance web Programming Chapter 3: MySQL Date: 28 April 2014 Advance web Programming Chapter 3: MySQL Date: 28 April 2014 Dr. Mogeeb A. A. Mosleh E-mail."— Presentation transcript:

1 Advance web Programming Chapter 3: MySQL Date: 28 April 2014 Advance web Programming Chapter 3: MySQL Date: 28 April 2014 Dr. Mogeeb A. A. Mosleh E-mail : MogeebMosleh@Gmail.comMogeebMosleh@Gmail.com Lab Room : MM lab Tuesday (10.00-12.00 am)

2 Client/Server Environment Variables Environment variables –Provide information about execution environment Type of Web browser Type of server Details of HTTP connection –Stored as array in PHP $_ENV

3 PhP Form Handling Form processing –action property Where to send form data (In/Out) –method property The PHP superglobals $_GET and $_POST are used to collect form-data. Each element has unique name

4 Example PhP Form Handling

5 GET vs. POST –Both GET and POST create an array (e.g. array( key => value, key2 => value2, key3 => value3,...)). –This array holds key/value pairs, where keys are the names of the form controls and values are the input data from the user. –Both GET and POST are treated as $_GET and $_POST. –These are superglobals, which means that they are always accessible, regardless of scope - and you can access them from any function, class or file without having to do anything special. –$_GET is an array of variables passed to the current script via the URL parameters. –$_POST is an array of variables passed to the current script via the HTTP POST method

6 PhP Form Handling When use GET –Information sent from a form with the GET method is visible to everyone (all variable names and values are displayed in the URL). –GET also has limits on the amount of information to send (2000 characters). –GET may be used for sending non-sensitive data. When use POST –Information sent from a form with the POST method is invisible to others (all names/values are embedded within the body of the HTTP request). –has no limits on the amount of information to send. –Developers prefer POST for sending form data.

7 PHP Form Validation Proper validation of form data is important to protect your form from hackers and spammers. Check the input data weather user appropriate data or not. $_SERVER["PHP_SELF"] –The $_SERVER["PHP_SELF"] is a super global variable that returns the filename of the currently executing script. –$_SERVER["PHP_SELF"] sends the submitted form data to the page itself, instead of jumping to a different page. The htmlspecialchars() –The htmlspecialchars() function converts special characters to HTML entities. This means that it will replace HTML characters like with < and >. –This prevents attackers from exploiting the code by injecting HTML or Javascript code (Cross-site Scripting attacks) in forms. Big Note on PHP Form Security –The $_SERVER["PHP_SELF"] variable can be used by hackers! –If PHP_SELF is used in your page then a user can enter a slash (/) and then some Cross Site Scripting (XSS) commands to execute.

8 PHP Form Validation How To Avoid $_SERVER["PHP_SELF"] Exploits? $_SERVER["PHP_SELF"] exploits can be avoided by using the htmlspecialchars() function. "> Validate Form Data With PHP  The first thing we will do is to pass all variables through PHP's htmlspecialchars() function.  Strip unnecessary characters (extra space, tab, newline) from the user input data (with the PHP trim() function)  Remove backslashes (\) from the user input data (with the PHP stripslashes() function)  The next step is to create a function that will do all the checking for us.

9 PHP Form Validation Example: ">

10 PHP Forms - Required Fields

11 11 form.html (1 of 4) The action attribute of the form element indicates that when the user clicks Register, the form data will be posted to form.php.

12 12 form.html (2 of 4) A unique name (e.g., email ) is assigned to each of the form’s input fields. When Register is clicked, each field’s name and value are sent to the Web server.

13 form.html (3 of 4)

14 form.html (4 of 4)

15 15 Fig. 26.13 XHTML form for gathering user input.

16 Form Processing and Business Logic Business logic –Confirm that valid information was entered –extract function Creates variables corresponding to each key-value pair in array Easily retrieve all values sent to PHP page –Regular expressions very helpful –Do checks on client side where possible JavaScript Conserves server resources Ending a script –die function Remember to close all HTML tags

17 17 form.php (1 of 4) Function ereg is called to determine whether the phone number entered by the user is valid. The expression \( matches the opening parentheses of a phone number. We access the phone field’s value from form.html by using variable $phone. The parentheses in the expression must be followed by three digits ( [0-9]{3} ), a closing parenthesis, three digits, a literal hyphen and four additional digits.

18 18 form.php (2 of 4) Function die terminates script execution

19 19 form.php (3 of 4)

20 20 form.php (4 of 4)

21 Form Processing and Business Logic Obtaining user input through forms.

22 Verifying a Username and Password Private website –Only accessible to certain individuals –Encrypt username and password data when sending, storing and retrieving for increased security Implementing password checking –Login information stored in file fopen function Read, write, append modes –Store data using fputs \n newline character –Close files when done fclose function

23 23 26.6 Verifying a Username and Password Implementing password checking, cont. –Trim newline character chop function –Split string into substrings given a certain delimiter split function –If username/password match list, allow access

24 password.html (1 of 4)

25 password.html (2 of 4) Form data is posted to password.php.

26 password.html (3 of 4)

27 Verifying a Username and Password XHTML form for obtaining a username and password.

28 28 password.php (1 of 7) Variable names, when preceded by the logical negation operator ( ! ), return true if they are empty or set to 0. This checks if a user has submitted a form without specifying a username or password. Function fieldsBlank is called if the user has submitted an incomplete form to notify the user that all form fields must be completed. Function isset tests whether the user has pressed the New User button, indicating that a new user must be added. To add a new user, we open the file password.txt in append mode and assign the file handle that is returned to variable $file.

29 29 password.php (2 of 7) Print an error message and terminate script execution if the file cannot be opened. Function fputs writes the name and password to the text file.. Function userAdded is called to print a message to the user to indicate that the username and password were added to the file.

30 30 password.php (3 of 7) Before entering the while loop, variable $userVerified is set to 0. The while loop executes as long as the there are more lines in the file to read and variable $userVerified is still 0 or empty. Function fgets reads a line from the text file. The result is assigned to variable $line. Function chop removes the newline character from the end of the line. Function split is called to separate the string at the specified delimiter (in this case, a comma). The resulting array is stored in array $field. The username entered by the user is tested against the one returned in the text file (stored in the first element of the array). If they match, variable $userVerified is set to 1. Function checkPassword is called to verify the user’s password. Variable $PASSWORD and array $field are passed to the function. If function checkPassword returns true, function accessGranted is called to notify the client that permission has been granted. Otherwise, function wrongPassword is called.

31 31 password.php (4 of 7) After the while loop has executed, function fclose is called to close the file. If variable $userVerified has not been set to a value other than 0, function accessDenied is called to notify the client that access has been denied. Function checkPassword compares the user’s password to the password in the file. If they match, true is returned, whereas false is returned if they do not.

32 32 password.php (5 of 7) Function userAdded prints a message to the client indicating that the user has been added. Function accessGranted prints a message to the client indicating that permission has been granted.

33 33 password.php (6 of 7) Function wrongPassword prints a message to the client indicating that the password is invalid. Function accessDenied prints a message to the client indicating that access has been denied.

34 34 password.php (7 of 7) Function fieldsBlank prints a message to the client indicating that all form fields have not been completed.

35 35 26.6 Verifying a Username and Password Fig. 26.16 Verifying a username and password.

36 36 password.txt (1 of 1)

37 PHP Database ODBC ODBC is an Application Programming Interface (API) that allows you to connect to a data source (e.g. an MS Access database). Create an ODBC Connection With an ODBC connection, you can connect to any database, on any computer in your network, as long as an ODBC connection is available. Here is how to create an ODBC connection to a MS Access Database: 1.Open the Administrative Tools icon in your Control Panel. 2.Double-click on the Data Sources (ODBC) icon inside. 3.Choose the System DSN tab. 4.Click on Add in the System DSN tab. 5.Select the Microsoft Access Driver. Click Finish. 6.In the next screen, click Select to locate the database. 7.Give the database a Data Source Name (DSN). 8.Click OK.

38 PHP Database ODBC Connecting to an ODBC The odbc_connect() function is used to connect to an ODBC data source. The function takes four parameters: the data source name, username, password, and an optional cursor type. The odbc_exec() function is used to execute an SQL statement. Retrieving Records The odbc_fetch_row() function is used to return records from the result-set. This function returns true if it is able to return rows, otherwise false. Retrieving Fields from a Record The odbc_result() function is used to read fields from a record. This function takes two parameters: the ODBC result identifier and a field number or name.

39 PHP Database ODBC

40 How to Create Login Page in PHP/MySQL Creating Database and user table

41

Download ppt "Advance web Programming Chapter 3: MySQL Date: 28 April 2014 Advance web Programming Chapter 3: MySQL Date: 28 April 2014 Dr. Mogeeb A. A. Mosleh E-mail."

Similar presentations

PHP Form and File Handling

PHP Form and File Handling
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.
Slide 1 of 40 PHP Form Handling The PHP superglobals $_GET and $_POST are used to collect form-data. EX: Name: E-mail: CENG 449 Lecture 11.

Slide 1 of 40 PHP Form Handling The PHP superglobals $_GET and $_POST are used to collect form-data. EX: Name: CENG 449 Lecture 11.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Tutorial 14 Working with Forms and Regular Expressions.

Tutorial 14 Working with Forms and Regular Expressions.
Dr. Qusai Abuein1 Internet & WWW How to program Chap.(26) PHP (Personal Home Page)

Dr. Qusai Abuein1 Internet & WWW How to program Chap.(26) PHP (Personal Home Page)
 2004 Prentice Hall, Inc. All rights reserved. Chapter 25 – Perl and CGI (Common Gateway Interface) Outline 25.1 Introduction 25.2 Perl 25.3 String Processing.

 2004 Prentice Hall, Inc. All rights reserved. Chapter 25 – Perl and CGI (Common Gateway Interface) Outline 25.1 Introduction 25.2 Perl 25.3 String Processing.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
CST 200 - JavaScript Validating Form Data with JavaScript.

CST JavaScript Validating Form Data with JavaScript.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io

Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
XP Tutorial 14 New Perspectives on HTML, XHTML, and DHTML, Comprehensive 1 Working with Forms and Regular Expressions Validating a Web Form with JavaScript.

XP Tutorial 14 New Perspectives on HTML, XHTML, and DHTML, Comprehensive 1 Working with Forms and Regular Expressions Validating a Web Form with JavaScript.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
MS3304: Week 4 PHP & HTML Forms. Overview HTML Forms elements refresher Sending data to a script via an HTML form –The post vs. get methods –Name value.

MS3304: Week 4 PHP & HTML Forms. Overview HTML Forms elements refresher Sending data to a script via an HTML form –The post vs. get methods –Name value.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
 2003 Prentice Hall, Inc. All rights reserved. 1 Chapter 26 - PHP Outline 26.1 Introduction 26.2 PHP 26.3 String Processing and Regular Expressions 26.4.

 2003 Prentice Hall, Inc. All rights reserved. 1 Chapter 26 - PHP Outline 26.1 Introduction 26.2 PHP 26.3 String Processing and Regular Expressions 26.4.
Web forms in PHP Forms Recap  Way of allowing user interaction  Allows users to input data that can then be processed by a program / stored in a back-end.

Web forms in PHP Forms Recap  Way of allowing user interaction  Allows users to input data that can then be processed by a program / stored in a back-end.
Chapter 4 Handling User Input PHP Programming with MySQL 2nd Edition

Chapter 4 Handling User Input PHP Programming with MySQL 2nd Edition
1 Chapter 6 – Creating Web Forms and Validating User Input spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information.

1 Chapter 6 – Creating Web Forms and Validating User Input spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP Form Handling.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting PHP Form Handling.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Similar presentations

Ads by Google