Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Parameter Passing & Session Tracking in PHP


Published on

Parameter passing, File Upload, Session, Cookie, Url Rewriting in PHP

Published in: Technology
  • Be the first to comment

Parameter Passing & Session Tracking in PHP

  1. 1. Passing parameters & Session Tracking in PHP Prof. Ami Tusharkant Choksi Assistant Professor, Computer Engg. Dept., C.K.Pithawalla College of Engg. & Tech., Surat, Gujarat State, India.
  2. 2. What is Parameter Passing & Session Tracking? -> Values of the text typed in user form is passed to other HTML and/or server side script is called parameter passing . -> A session refers to all the connections that a single client might make to a server in the course of viewing any pages associated with a given application.[1] -> Maintenance of user's state during session(e.g.login to logout) is called a Session Tracking .
  3. 3. Ways <ul><li>Visible form parameters </li></ul><ul><li>Hidden form parameters </li></ul><ul><li>Cookies </li></ul><ul><li>Session </li></ul><ul><li>URL Rewriting </li></ul>
  4. 4. Parameter Passing with <Form> <ul><li>Methods of passing parameters with <form> </li></ul><ul><ul><li>GET (smaller data i.e.1024 bytes) </li></ul></ul><ul><ul><li>POST(bigger data, as well as file upload) </li></ul></ul><ul><li>PHP uses predefined variables </li></ul><ul><ul><li>$_GET['varname'] </li></ul></ul><ul><ul><li>$_POST['varname'] </li></ul></ul>
  5. 5. Predefined Variables[2] <ul><li>PHP provides a large number of predefined variables represent everything from external variables to built-in environment variables, last error messages to last retrieved headers to all scripts. </li></ul><ul><li>Superglobals — Superglobals are built-in variables that are always available in all scopes </li></ul><ul><li>$GLOBALS — References all variables available in global scope </li></ul><ul><li>$_SERVER — Server and execution environment information </li></ul><ul><li>$_SERVER — Server and execution environment information </li></ul><ul><li>$_GET — HTTP GET variables </li></ul><ul><li>$_POST — HTTP POST variables </li></ul><ul><li>$_FILES — HTTP File Upload variables </li></ul>
  6. 6. List of predefined variables [2]... <ul><li>$_REQUEST — HTTP Request variables </li></ul><ul><li>$_SESSION — Session variables </li></ul><ul><li>$_ENV — Environment variables </li></ul><ul><li>$_COOKIE — HTTP Cookies </li></ul><ul><li>$php_errormsg — The previous error message </li></ul><ul><li>$HTTP_RAW_POST_DATA — Raw POST data </li></ul><ul><li>$http_response_header — HTTP response headers </li></ul><ul><li>$argc — The number of arguments passed to script </li></ul><ul><li>$argv — Array of arguments passed to script </li></ul>
  7. 7. The values of Predefined Variables <ul><li>Values of predefined variables can be seen with </li></ul><ul><li><?php </li></ul><ul><li>phpinfo() </li></ul><ul><li>?> </li></ul>
  8. 8. File Upload <ul><li>Writing client's file on the server is called File Upload. </li></ul><ul><li>In HTML code following is must be added: </li></ul><ul><li><form method=&quot;post&quot; enctype=&quot;multipart/form-data&quot; action=&quot;upload.php&quot;> </li></ul><ul><li>FileName <input type=&quot;file&quot; name=&quot;userfile&quot;> </li></ul><ul><li>Above code will display Browse/Choose button on the browser page with which one can select a file. </li></ul>
  9. 9. File Upload HTML page in Browser
  10. 10. Required Configuration in /etc/php.ini File <ul><li>;file_uploads must be On </li></ul><ul><li>file_uploads = On </li></ul><ul><li>; Temporary directory for HTTP uploaded files (will use system default if not specified). </li></ul><ul><li>upload_tmp_dir =/tmp </li></ul><ul><li>; Maximum allowed size for uploaded files. </li></ul><ul><li>upload_max_filesize = 2M </li></ul>
  11. 11. Retrieval of File at Server #/uploads must be having o+rwx permission $uploaddir = &quot;/uploads/&quot;; $uploadfile = $uploaddir . basename($_POST[&quot;filename&quot;]); if (move_uploaded_file($_FILES[&quot;filename&quot;][&quot;tmp_name&quot;], $uploadfile)) { echo &quot;File is valid, and was successfully uploaded. &quot;; } else { echo &quot;Possible file upload attack! &quot;; }
  12. 12. Session Tracking is done with <ul><li>As HTTP is stateless protocol Session Tracking must be maintained by programmers with following ways: </li></ul><ul><li>Hidden form parameters </li></ul><ul><li>Cookies </li></ul><ul><li>Session </li></ul><ul><li>URL Rewriting </li></ul>
  13. 13. Hidden Parameter Passing <ul><li>Parameter is passed from 1 page to other which is not visible from user. </li></ul><ul><li><input type=hidden name=”username” value=”amichoksi”> </li></ul><ul><li>Can be retrieved in PHP by </li></ul><ul><ul><li>$_GET[“username”] </li></ul></ul><ul><ul><li>$_POST[“username”] </li></ul></ul>
  14. 14. Cookies [2] <ul><li>Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users. </li></ul><ul><li>Set Cookie </li></ul><ul><ul><li>bool setcookie ( string $name string $value , int $expire=0 , string $path , string $domain , bool $secure=false , bool $httponly=false) </li></ul></ul><ul><ul><li>setcookie(“username”,”ami”,time()+300); </li></ul></ul><ul><li>Read Cookie </li></ul><ul><ul><li>$_COOKIE['name'] </li></ul></ul>
  15. 15. Session [2] <ul><li>A way to preserve certain data across subsequent accesses. </li></ul>
  16. 16. Session Functions [2] session_cache_expire — Return current cache expire session_cache_limiter — Get and/or set the current cache limiter session_commit — Alias of session_write_close session_decode — Decodes session data from a string session_destroy — Destroys all data registered to a session session_encode — Encodes the current session data as a string session_get_cookie_params — Get the session cookie parameters session_id — Get and/or set the current session id session_is_registered — Find out whether a global variable is registered in a session session_module_name — Get and/or set the current session module session_name — Get and/or set the current session name session_regenerate_id — Update the current session id with a newly generated one session_register — Register one or more global variables with the current session session_save_path — Get and/or set the current session save path session_set_cookie_params — Set the session cookie parameters session_set_save_handler — Sets user-level session storage functions session_start — Initialize session data session_unregister — Unregister a global variable from the current session session_unset — Free all session variables session_write_close — Write session data and end session
  17. 17. Examples <ul><li>File: Page1.php </li></ul><ul><li><?php </li></ul><ul><li>session_start(); </li></ul><ul><li>echo 'Welcome to page #1'; </li></ul><ul><li>$_SESSION['favcolor'] = 'green'; </li></ul><ul><li>$_SESSION['animal'] = 'cat'; </li></ul><ul><li>$_SESSION['time'] = time(); </li></ul><ul><li>session_set_cookie_params(10,&quot;/&quot;,&quot;;,true, false); </li></ul><ul><li>?> </li></ul>
  18. 18. Example... <ul><li>Filename Page2.php </li></ul><ul><li>session_start(); </li></ul><ul><li>echo 'Welcome to page #2<br />'; </li></ul><ul><li>echo $_SESSION['favcolor']; // green </li></ul><ul><li>echo $_SESSION['animal']; // cat </li></ul><ul><li>echo date('Y m d H:i:s', $_SESSION['time']);?> </li></ul><ul><li>session_unset ();//releasing session data </li></ul><ul><li>Echo $_SESSION['time'];//no output </li></ul>
  19. 19. URL Re-Writing <ul><li>The Apache server’s mod_rewrite module gives the ability to transparently redirect one URL to another by modifying URL (i.e. re-writing), without the user’s knowledge. </li></ul><ul><li>Used in situations:- </li></ul><ul><ul><li>Pass some information to other page </li></ul></ul><ul><ul><li>redirecting old URLs to new addresses </li></ul></ul><ul><li>Or </li></ul><ul><li>- cleaning up the ‘dirty’ URLs coming from a poor </li></ul><ul><li>publishing system </li></ul>
  20. 20. Required Configuration and Examples <ul><li>Following line must be uncommented available in /etc/httpd/conf/httpd.conf file </li></ul><ul><li>LoadModule rewrite_module modules/ </li></ul><ul><li>URL Rewriting examples </li></ul><ul><ul><li>http://localhost/ami/123 </li></ul></ul><ul><ul><li>http://localhost/~ami/UrlRewrite.php?name=amichoksi </li></ul></ul>
  21. 21. Retrieval of URL Rewriting Data <ul><li><?php </li></ul><ul><li>if(isset($_SERVER['PATH_INFO'])){ </li></ul><ul><li>echo $_SERVER['PATH_INFO'];} </li></ul><ul><li>else if(isset($_GET['username'])) { </li></ul><ul><li>echo $_GET['username']; </li></ul><ul><li>} </li></ul><ul><li>?> </li></ul>
  22. 22. References <ul><li> </li></ul><ul><li> </li></ul>