Download presentation
Presentation is loading. Please wait.
1
Misc Odds and Ends CSCI 297 Scripting Languages
2
Today 1.Database Normalization 2.Data Backups 3.Tracking the User with Cookies 4.Short example of SQL Injection
3
Database Normalization Goal = each piece of information exists only once in the database creates storage efficiency more efficient to update duplicates can create inaccuracies o First Normal Form no repeating columns with same data types all columns contain single value primary key uniquely identifies each row o Second Normal Form rows do not duplicate information o Third Normal Form data not dependent on the primary key is moved to another table
4
Normalization Example Author1Author2TitleISBNPriceCustNameCustAddr MW Brown C. HurdGood Night Moon 123412.99Claire Dannelly 980 Eagle, Rock Hill… D. PilkeyCaptain Underpants 678924.50William Dannelly 980 Eagle, Rock Hill… MW Brown C. HurdGood Night Moon 123412.99Bob Smith 123 Main… ISBNAuthor 1234Marguerite Wise Brown 1234Clement Hurd 6789Dav Pilkey ISBNTitlePrice 1234Good Night Moon12.99 6789Captain Underpants24.50 First Order two columns w/ same data type Second Order two rows with same info
5
Backing Up Data Full Database Back Up big pain two possible options from the command line: mysqldump --opt --all-database > all.sql mysqlhotcopy database /path/for/backup Full Database Restore it's really long set of complicated steps If concerned about data corruption 1.lock the table(s) 2.copy the records to a copy of the table(s) 3.unlock the table(s) Transactions - updates can be temporary
6
Cookies Cookies - setting in PHP setcookie setcookie (name, value, expire, path, domain); name name of the cookie value example: "usrname" value the value of the cookie example = "Bob Smith" expire time of when the cookie expires if empty, then the cookie expires when the browser closes example : 24 hours from now = time()+24*60*60
7
Cookies Cookies - very simple example Problem : Script to either display the user name that is stored in a cookie or save the user name into a cookie Possible Conditions while running the script: 1.a cookie was already set isset ($_COOKIE[…]) 2.the cookie is being set with form data isset ($_POST[…]) 3.the cookie has not been set neither of the above is true
![Cookies Cookies - very simple example Problem : Script to either display the user name that is stored in a cookie or save the user name into a cookie Possible Conditions while running the script: 1.a cookie was already set isset ($_COOKIE[…]) 2.the cookie is being set with form data isset ($_POST[…]) 3.the cookie has not been set neither of the above is true](http://images.slideplayer.com/28/9303431/slides/slide_7.jpg "Cookies Cookies - very simple example Problem : Script to either display the user name that is stored in a cookie or save the user name into a cookie Possible Conditions while running the script: 1.a cookie was already set isset ($_COOKIE[…]) 2.the cookie is being set with form data isset ($_POST[…]) 3.the cookie has not been set neither of the above is true")
8
<?php // we have been here before and the cookie is set if (isset($_COOKIE["usrname"])) echo "Welcome ". $_COOKIE["usrname"]. " "; // script is setting the cookie, expires in two minutes else if (isset($_POST['usrname'])) { setcookie ("usrname", $_POST['usrname'], time()+120); echo "Setting the cookie "; } // first time visitor else { echo "Welcome first time visitor "; echo " "; echo "User Name: "; echo " "; } ?>
![< php // we have been here before and the cookie is set if (isset($_COOKIE[ usrname ])) echo Welcome .](http://images.slideplayer.com/28/9303431/slides/slide_8.jpg "$_COOKIE[ usrname ]. ; // script is setting the cookie, expires in two minutes else if (isset($_POST[ usrname ])) { setcookie ( usrname , $_POST[ usrname ], time()+120); echo Setting the cookie ; } // first time visitor else { echo Welcome first time visitor ; echo ; echo User Name: ; echo ; } >.")
9
Cookies Cookies - common error The setcookie() function must appear before the tag. This code is okay: else if (isset($_POST['usrname'])) { setcookie ("usrname", $_POST['usrname'],... echo "The cookie is set. "; } This code generates an error: else if (isset($_POST['usrname'])) { echo "Setting the cookie... "; setcookie ("usrname", $_POST['usrname'],... }
10
SQL Injection Example $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT 'id' FROM 'users' WHERE 'username' = '$username' AND 'password' = '$password';" $result = mysql_query ($query, $DBconn); if (mysql_num_rows($result) == 0) error : try again else user is okay
![SQL Injection Example $username = $_POST[ username ]; $password = $_POST[ password ]; $query = SELECT id FROM users WHERE username = $username AND password = $password ; $result = mysql_query ($query, $DBconn); if (mysql_num_rows($result) == 0) error : try again else user is okay](http://images.slideplayer.com/28/9303431/slides/slide_10.jpg "SQL Injection Example $username = $_POST[ username ]; $password = $_POST[ password ]; $query = SELECT id FROM users WHERE username = $username AND password = $password ; $result = mysql_query ($query, $DBconn); if (mysql_num_rows($result) == 0) error : try again else user is okay")
11
example continued… PHP String with SQL Command: SELECT 'id' FROM 'users' WHERE 'username' = '$username' AND 'password' = '$password'; What if the user enters: username ==> ' OR ''=' password ==> ' OR ''=' The resulting SQL Command: SELECT 'id' FROM 'users' WHERE 'username' = '' OR ''='' AND 'password' = '' OR ''='';
12
Other PHP topics Objects Exception Handling Authentication
Similar presentations
