Sp Singh, profile picture
Uploaded bySp Singh
PPT, PDF272 views

Intro to php

This document provides an introduction to PHP, including: - PHP is an open source scripting language suited for web development that can be embedded into HTML. Code is placed between <?php ?> tags. - PHP files are processed by the web server, which returns plain HTML with no PHP code visible. Variables can store and pass different types of data between PHP sections. - Functions allow common or repetitive tasks to be reused. Popular PHP functions and a large library are available online. - Form data can be captured with PHP variables like $_POST then inserted into a MySQL database using SQL queries. The data is later retrieved and output dynamically. - Data validation is important for security. Functions like htmlentities() and mysql

Embed presentation

Downloaded 11 times
Intro to PHP A brief overview – Patrick Laverty
What is PHP?  PHP (recursive acronym for "PHP: Hypertext Preprocessor") is a widely-used Open Source general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. <? echo “HI!”; ?>
What is PHP? Compared to others like:  Java – Sun, compiled and interpreted (jsp)  Perl – Open Source, scripting  .NET – MS, opposite of Java  ColdFusion – Now Adobe, the original  Javascript – Netscape, client-side  PHP – Open Source, server-side
How it works  PHP is installed on web server  Our web server is Apache (just an FYI)  Server parses files based on extensions  Returns plain HTML, no code
How To – The Basics  Need to name files is a .php extension Example: index.php, mypage.php  Open and close tags: <? ?> Was: <?php ?>  Save file to server, view in a browser
Hello World helloworld.php <html> <body> <? echo “Hello World!”; ?> </body> </html>
Variables Variables are like a cup The same cup can hold lots of different things Same with variables
Variables In PHP, you create a variable with a dollar sign and some text. Usually the text will be something descriptive of what it is going to hold. $name = “Patrick Laverty”; $dept = “CIS”; $campus_addr = “Box 1885”;
Variables There are many different kinds of variables in PHP  Scalar  Array  Object
Scalar Variables Hold single values  String/text  Numbers $name = “Josiah”; $dob = “1/1/23”; $age = 84; $waist_size = 36;
Array Variables Hold multiple values All in one step example: $kids = Array(“Tom”,”Dick”,”Harry”); Multiple steps example: $kids = Array(); $kids[0] = “Tom”; $kids[1] = “Dick”; $kids[2] = “Harry”; Individual array values are just a scalar
Array Variables Associative Arrays – may be easier to find stuff $teams = Array(‘bos’=>’Red Sox’, ‘nyy’=>’Yankees’, ’bal’=>’Orioles’); The two-step way works the same: $teams = Array(); $teams[‘bos’] = ‘Red Sox’;
Object Variables We’ll talk about these later. We’re in no rush
Functions Getting PHP to do some action for you echo() or print() phpinfo() (phpinfo.php)
Functions Be lazy. It’s a good thing. If you’re going to do the same action more than once, write a function. sayhello.php function sayHello($toWhom) { echo “Hello $toWhom”; }
Functions Lots have already been written for you: http://php.net/manual/en If you know the function: http://php.net/echo
A Basic Form How we do things now: eform.cgi <form method=“POST” action= http://www.brown.edu/cgi-local/eform.cgi> <input type=“text” name=“name”> <input type=“text” name=“age”> <input type=“submit”> </form>
A Basic Form How we do things with PHP: basicform.html <form method=“POST” action=“output.php”> <input type=“text” name=“name”> <input type=“text” name=“age”> <input type=“submit”> </form>
A Basic Form Capturing the data in output.php Variables:  $_POST[‘name’]  $_POST[‘age’] Use phpinfo() to see variables
A Basic Form Weave HTML and PHP output.php <html><body> <? $name = $_POST[‘name’]; $age = $_POST[‘age’]; echo “My name is $name and I am $age years old”; ?> </body></html>
Data Validation We’ll talk more about validating user input later.
A Basic Form Outputting to the screen is nice, but boring We could email the results Let’s store data in a database
Layers of a Database  Server  Database  Tables  Fields/Columns  Records  Data
How to Get a Database  Use Microsoft Access  Use Filemaker  Request a MySQL Database (http://brown.edu/db)
Request a MySQL Database You will receive:  Server name (it’s not localhost)  Database name  Username  Password  Link to phpMyAdmin
phpMyAdmin  phpMyAdmin is a graphical view of your database  Very easy Let’s take a look (http://brown.edu/phpMyAdmin)
Connecting to DB from PHP Create one connection script: dbconn.php <? $conn = mysql_connect($server,$user,$pw); mysql_select_db($db,$conn); ?>
Connecting to DB from PHP Remember, “Be Lazy!” At the top of each file that needs the DB: <? require(“dbconn.php”); ?>
Database Table Table named ‘info’ has two fields, name and age Use a SQL INSERT statement: $sql = “INSERT INTO info (name,age) values (‘$name’, ‘$age’)”;
Database Table Send it to the Database: mysql_query($sql,$conn);
The Whole Picture dbinsert.php <? require(“dbconn.php”); $name = $_POST[‘name’]; $age = $_POST[‘age’]; $sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);” mysql_query($sql,$conn); ?> <html><body> Thank you, your name and age were received. </body></html>
The Whole Picture - Fancier fancydbinsert.php <? require(“dbconn.php”); $name = $_POST[‘name’]; $age = $_POST[‘age’]; $sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);” $success = mysql_query($sql,$conn); ?> <html><body> <? if($success) { echo “Thank you, your name and age were received.”; } else { echo “Sorry, your info wasn’t received, please contact …”; } ?> </body></html>
Getting the Info Back  Read it in phpMyAdmin  Create an output page (Just like that little survey you filled out)
Create an Output Page  Connect to the Server  Do a query of the data  Programmatically write the data to a page  View the page in a browser  Let’s see how to do it
Connect to the Server First, include our connection script: <? require(“dbconn.php”); ?>
Do a Query of the Data This time we use SELECT $sql = “SELECT name, age FROM info”; Or if you have many fields and want to be LAZY! $sql = “SELECT * from info”;
Programmatically Write the Data Here’s the only hard part: <table border=“1”> <? $result = mysql_query($sql, $conn); while($table = mysql_fetch_object($result)) { echo “<tr><td>”; echo $table->name; echo “</td><td>”; echo $table->age; echo “</td></tr>”; } ?> </table>
Putting it All Together statuspage.php <? require(“dbconn.php”); $sql = “SELECT * FROM info”; $result = mysql_query($sql, $conn); ?> <html><body> <table border=“1”> <? while($table = mysql_fetch_object($result)) { echo “<tr><td>”; echo $table->name; echo “</td><td>”; echo $table->age; echo “</td></tr>”; } ?> <table> </body></html>
I Hate Objects! If you don’t like using mysql_fetch_object:  mysql_fetch_array($result)  mysql_fetch_assoc($result)
mysql_fetch_array() Access the columns by numbers: while($array = mysql_fetch_array($result)) { echo $array[0]; echo $array[1]; }
mysql_fetch_assoc() Access the columns by column names: while($array = mysql_fetch_assoc($result)) { echo $array[‘name’]; echo $array[‘age’]; }
One Helpful Function nl2br() – Line breaks in a form are not respected This function will turn a newline (nl) character into (2) an html <br> (br) tag.
Data Validation  Very Important!  Without it, your site and all others can be hacked!  PHP makes it easier
Data Validation  Cut down on XSS with htmlentities()  Cut down on SQL-injection with mysql_real_escape_string()  Check that you’re getting what you expect  Check that you’re getting the length you expect  Don’t trust JavaScript
Data Validation  Cross site scripting vulnerability  Allows a user to input scripts  Allows a user to input links to malicious sites  Allows a user to steal a session/cookie/password The htmlentities() function turns entities into its harmless entity number. A ‘ is turned into &#39;
Data Validation  SQL-injection vulnerability  Allows a user to directly access your database  Allows a user to get access to other accounts  Allows a user to read data you don’t want read Prevention can be as simple as escaping quotes with mysql_real_escape_string to all user input $clean_user = mysql_real_escape_string($_POST[‘username’]);
Data Validation  Get what you expect to get  Don’t change it, give error message Example: (validinsert.php) Age, should be less than 110, and numeric. Reject anything else if(strlen($age)>3){ //error message } if(!is_int($age)){ //error message } if($age>110 || $age<18){ //error message }
Data Validation Get the length you expect <input type=“text” name=“username” maxlength=“8”> Make sure the username is no longer than 8 if(strlen($username)>8)){ //error message }
Data Validation  Don’t trust JavaScript  Do client side AND server side validation
Slide #50 I think that’s enough webpublishers@listserv.brown.edu Next topic – to be announced for early May

More Related Content

PPT
Intro to PHP
bySandy Smith
 
PPTX
Phphacku iitd
bySorabh Jain
 
PPTX
PHP for hacks
byTom Praison Praison
 
KEY
Using PHP
byMark Casias
 
PPT
Php mysql
byManish Jain
 
ODP
Sa
bysahul azzez m.i
 
PPT
PHP POWERPOINT SLIDES
byIsmail Mukiibi
 
PPT
Php Lecture Notes
bySanthiya Grace
 
Intro to PHP
bySandy Smith
 
Phphacku iitd
bySorabh Jain
 
PHP for hacks
byTom Praison Praison
 
Using PHP
byMark Casias
 
Php mysql
byManish Jain
 
Sa
bysahul azzez m.i
 
PHP POWERPOINT SLIDES
byIsmail Mukiibi
 
Php Lecture Notes
bySanthiya Grace
 

What's hot

PDF
PHP 5.3 Overview
byjsmith92
 
PPT
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
bywebhostingguy
 
PPTX
Php hacku
byTom Praison Praison
 
TXT
My shell
byAhmed Salah
 
PDF
Php tips-and-tricks4128
byPrinceGuru MS
 
PPTX
Php functions
byJIGAR MAKHIJA
 
PDF
News of the Symfony2 World
byFabien Potencier
 
KEY
Intermediate PHP
byBradley Holt
 
PPT
Introducation to php for beginners
bymusrath mohammad
 
PDF
07 Introduction to PHP #burningkeyboards
byDenis Ristic
 
PPS
Php security3895
byPrinceGuru MS
 
PDF
SPL: The Missing Link in Development
byjsmith92
 
PPT
Php mysql
byAlebachew Zewdu
 
KEY
Fatc
byWade Arnold
 
PPT
Php with my sql
byhusnara mohammad
 
PPT
Introduction to PHP
byprabhatjon
 
PDF
Symfony2 - WebExpo 2010
byFabien Potencier
 
PDF
PhpBB meets Symfony2
byFabien Potencier
 
PPT
Class 6 - PHP Web Programming
byAhmed Swilam
 
PDF
Web Development Course: PHP lecture 1
byGheyath M. Othman
 
PHP 5.3 Overview
byjsmith92
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
bywebhostingguy
 
Php hacku
byTom Praison Praison
 
My shell
byAhmed Salah
 
Php tips-and-tricks4128
byPrinceGuru MS
 
Php functions
byJIGAR MAKHIJA
 
News of the Symfony2 World
byFabien Potencier
 
Intermediate PHP
byBradley Holt
 
Introducation to php for beginners
bymusrath mohammad
 
07 Introduction to PHP #burningkeyboards
byDenis Ristic
 
Php security3895
byPrinceGuru MS
 
SPL: The Missing Link in Development
byjsmith92
 
Php mysql
byAlebachew Zewdu
 
Fatc
byWade Arnold
 
Php with my sql
byhusnara mohammad
 
Introduction to PHP
byprabhatjon
 
Symfony2 - WebExpo 2010
byFabien Potencier
 
PhpBB meets Symfony2
byFabien Potencier
 
Class 6 - PHP Web Programming
byAhmed Swilam
 
Web Development Course: PHP lecture 1
byGheyath M. Othman
 

Viewers also liked

PPTX
Array in php
byAshok Kumar
 
PDF
JQuery-Tutorial
bytutorialsruby
 
PDF
Using mySQL in PHP
byMike Crabb
 
PPT
Financial intelligent for start ups
byjubril
 
PPTX
Fcp lecture 01
byeducationfront
 
PDF
Presentation & Pitching tips
byABrandNewYou
 
PPT
Microsoft excel beginner
bydenstar ricardo silalahi
 
PPTX
Why Learn PHP Programming?
byXtreemHeights
 
PPTX
How to Use Publicity to Grow Your Startup
byJoy Schoffler
 
PDF
Intro to PHP for Beginners
bymtlgirlgeeks
 
PPT
Computer Programming- Lecture 10
byDr. Md. Shohel Sayeed
 
PPTX
Excel training for beginners
byParul Sharan
 
PDF
phpTutorial1
bytutorialsruby
 
PPTX
Beating the decline of the Facebook Organic Reach - KRDS singapore
byKRDS
 
PPT
Computer Programming- Lecture 9
byDr. Md. Shohel Sayeed
 
PPTX
How to present your business plan to investors
byThe Hatch
 
PPTX
Comp 107chp 1
byBala Ganesh
 
PPTX
Comp 107 cep ii
byBala Ganesh
 
PPTX
9 Tips For Building An Internal Social Media Team
byOgilvy Consulting
 
PPT
Excel for beginners class 1
byCarlstadt Public Library
 
Array in php
byAshok Kumar
 
JQuery-Tutorial
bytutorialsruby
 
Using mySQL in PHP
byMike Crabb
 
Financial intelligent for start ups
byjubril
 
Fcp lecture 01
byeducationfront
 
Presentation & Pitching tips
byABrandNewYou
 
Microsoft excel beginner
bydenstar ricardo silalahi
 
Why Learn PHP Programming?
byXtreemHeights
 
How to Use Publicity to Grow Your Startup
byJoy Schoffler
 
Intro to PHP for Beginners
bymtlgirlgeeks
 
Computer Programming- Lecture 10
byDr. Md. Shohel Sayeed
 
Excel training for beginners
byParul Sharan
 
phpTutorial1
bytutorialsruby
 
Beating the decline of the Facebook Organic Reach - KRDS singapore
byKRDS
 
Computer Programming- Lecture 9
byDr. Md. Shohel Sayeed
 
How to present your business plan to investors
byThe Hatch
 
Comp 107chp 1
byBala Ganesh
 
Comp 107 cep ii
byBala Ganesh
 
9 Tips For Building An Internal Social Media Team
byOgilvy Consulting
 
Excel for beginners class 1
byCarlstadt Public Library
 

Similar to Intro to php

PDF
Php summary
byMichelle Darling
 
PPTX
Quick beginner to Lower-Advanced guide/tutorial in PHP
bySanju Sony Kurian
 
ODP
PHP BASIC PRESENTATION
bykrutitrivedi
 
PPT
Php Tutorial
byDr. Ramkumar Lakshminarayanan
 
PDF
php-mysql-tutorial-part-3
bytutorialsruby
 
PDF
php-mysql-tutorial-part-3
bytutorialsruby
 
PDF
&lt;b>PHP&lt;/b>/MySQL &lt;b>Tutorial&lt;/b> webmonkey/programming/
bytutorialsruby
 
PDF
&lt;img src="../i/r_14.png" />
bytutorialsruby
 
PDF
Web app development_php_07
byHassen Poreya
 
PPTX
Working with data.pptx
bySherinRappai
 
PDF
SULTHAN's - PHP MySQL programs
bySULTHAN BASHA
 
PPT
PHP MySQL
byMd. Sirajus Salayhin
 
PPTX
Learn PHP Lacture2
byADARSH BHATT
 
PPTX
Ch1(introduction to php)
byChhom Karath
 
PPT
Php basic for vit university
byMandakini Kumari
 
PPT
Introduction To PHP
byShweta A
 
PDF
Lecture14-Introduction to PHP-coding.pdf
byIotenergyWater
 
PDF
Phpbasics
byPrinceGuru MS
 
PPTX
Amp and higher computing science
byCharlie Love
 
PPTX
BITM3730 10-25.pptx
byMattMarino13
 
Php summary
byMichelle Darling
 
Quick beginner to Lower-Advanced guide/tutorial in PHP
bySanju Sony Kurian
 
PHP BASIC PRESENTATION
bykrutitrivedi
 
Php Tutorial
byDr. Ramkumar Lakshminarayanan
 
php-mysql-tutorial-part-3
bytutorialsruby
 
php-mysql-tutorial-part-3
bytutorialsruby
 
&lt;b>PHP&lt;/b>/MySQL &lt;b>Tutorial&lt;/b> webmonkey/programming/
bytutorialsruby
 
&lt;img src="../i/r_14.png" />
bytutorialsruby
 
Web app development_php_07
byHassen Poreya
 
Working with data.pptx
bySherinRappai
 
SULTHAN's - PHP MySQL programs
bySULTHAN BASHA
 
PHP MySQL
byMd. Sirajus Salayhin
 
Learn PHP Lacture2
byADARSH BHATT
 
Ch1(introduction to php)
byChhom Karath
 
Php basic for vit university
byMandakini Kumari
 
Introduction To PHP
byShweta A
 
Lecture14-Introduction to PHP-coding.pdf
byIotenergyWater
 
Phpbasics
byPrinceGuru MS
 
Amp and higher computing science
byCharlie Love
 
BITM3730 10-25.pptx
byMattMarino13
 

Recently uploaded

PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PDF
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
PPTX
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PDF
How Much Does It Cost To Build Software
bycollinmishell2
 
PDF
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
How Much Does It Cost To Build Software
bycollinmishell2
 
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 

Intro to php

  • 1.
    Intro to PHP Abrief overview – Patrick Laverty
  • 2.
    What is PHP? PHP (recursive acronym for "PHP: Hypertext Preprocessor") is a widely-used Open Source general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. <? echo “HI!”; ?>
  • 3.
    What is PHP? Comparedto others like:  Java – Sun, compiled and interpreted (jsp)  Perl – Open Source, scripting  .NET – MS, opposite of Java  ColdFusion – Now Adobe, the original  Javascript – Netscape, client-side  PHP – Open Source, server-side
  • 4.
    How it works PHP is installed on web server  Our web server is Apache (just an FYI)  Server parses files based on extensions  Returns plain HTML, no code
  • 5.
    How To –The Basics  Need to name files is a .php extension Example: index.php, mypage.php  Open and close tags: <? ?> Was: <?php ?>  Save file to server, view in a browser
  • 6.
    Hello World helloworld.php <html> <body> <? echo“Hello World!”; ?> </body> </html>
  • 7.
    Variables Variables are likea cup The same cup can hold lots of different things Same with variables
  • 8.
    Variables In PHP, youcreate a variable with a dollar sign and some text. Usually the text will be something descriptive of what it is going to hold. $name = “Patrick Laverty”; $dept = “CIS”; $campus_addr = “Box 1885”;
  • 9.
    Variables There are manydifferent kinds of variables in PHP  Scalar  Array  Object
  • 10.
    Scalar Variables Hold singlevalues  String/text  Numbers $name = “Josiah”; $dob = “1/1/23”; $age = 84; $waist_size = 36;
  • 11.
    Array Variables Hold multiplevalues All in one step example: $kids = Array(“Tom”,”Dick”,”Harry”); Multiple steps example: $kids = Array(); $kids[0] = “Tom”; $kids[1] = “Dick”; $kids[2] = “Harry”; Individual array values are just a scalar
  • 12.
    Array Variables Associative Arrays– may be easier to find stuff $teams = Array(‘bos’=>’Red Sox’, ‘nyy’=>’Yankees’, ’bal’=>’Orioles’); The two-step way works the same: $teams = Array(); $teams[‘bos’] = ‘Red Sox’;
  • 13.
    Object Variables We’ll talkabout these later. We’re in no rush
  • 14.
    Functions Getting PHP todo some action for you echo() or print() phpinfo() (phpinfo.php)
  • 15.
    Functions Be lazy. It’sa good thing. If you’re going to do the same action more than once, write a function. sayhello.php function sayHello($toWhom) { echo “Hello $toWhom”; }
  • 16.
    Functions Lots have alreadybeen written for you: http://php.net/manual/en If you know the function: http://php.net/echo
  • 17.
    A Basic Form Howwe do things now: eform.cgi <form method=“POST” action= http://www.brown.edu/cgi-local/eform.cgi> <input type=“text” name=“name”> <input type=“text” name=“age”> <input type=“submit”> </form>
  • 18.
    A Basic Form Howwe do things with PHP: basicform.html <form method=“POST” action=“output.php”> <input type=“text” name=“name”> <input type=“text” name=“age”> <input type=“submit”> </form>
  • 19.
    A Basic Form Capturingthe data in output.php Variables:  $_POST[‘name’]  $_POST[‘age’] Use phpinfo() to see variables
  • 20.
    A Basic Form WeaveHTML and PHP output.php <html><body> <? $name = $_POST[‘name’]; $age = $_POST[‘age’]; echo “My name is $name and I am $age years old”; ?> </body></html>
  • 21.
    Data Validation We’ll talkmore about validating user input later.
  • 22.
    A Basic Form Outputtingto the screen is nice, but boring We could email the results Let’s store data in a database
  • 23.
    Layers of aDatabase  Server  Database  Tables  Fields/Columns  Records  Data
  • 24.
    How to Geta Database  Use Microsoft Access  Use Filemaker  Request a MySQL Database (http://brown.edu/db)
  • 25.
    Request a MySQLDatabase You will receive:  Server name (it’s not localhost)  Database name  Username  Password  Link to phpMyAdmin
  • 26.
    phpMyAdmin  phpMyAdmin isa graphical view of your database  Very easy Let’s take a look (http://brown.edu/phpMyAdmin)
  • 27.
    Connecting to DBfrom PHP Create one connection script: dbconn.php <? $conn = mysql_connect($server,$user,$pw); mysql_select_db($db,$conn); ?>
  • 28.
    Connecting to DBfrom PHP Remember, “Be Lazy!” At the top of each file that needs the DB: <? require(“dbconn.php”); ?>
  • 29.
    Database Table Table named‘info’ has two fields, name and age Use a SQL INSERT statement: $sql = “INSERT INTO info (name,age) values (‘$name’, ‘$age’)”;
  • 30.
    Database Table Send itto the Database: mysql_query($sql,$conn);
  • 31.
    The Whole Picture dbinsert.php <?require(“dbconn.php”); $name = $_POST[‘name’]; $age = $_POST[‘age’]; $sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);” mysql_query($sql,$conn); ?> <html><body> Thank you, your name and age were received. </body></html>
  • 32.
    The Whole Picture- Fancier fancydbinsert.php <? require(“dbconn.php”); $name = $_POST[‘name’]; $age = $_POST[‘age’]; $sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);” $success = mysql_query($sql,$conn); ?> <html><body> <? if($success) { echo “Thank you, your name and age were received.”; } else { echo “Sorry, your info wasn’t received, please contact …”; } ?> </body></html>
  • 33.
    Getting the InfoBack  Read it in phpMyAdmin  Create an output page (Just like that little survey you filled out)
  • 34.
    Create an OutputPage  Connect to the Server  Do a query of the data  Programmatically write the data to a page  View the page in a browser  Let’s see how to do it
  • 35.
    Connect to theServer First, include our connection script: <? require(“dbconn.php”); ?>
  • 36.
    Do a Queryof the Data This time we use SELECT $sql = “SELECT name, age FROM info”; Or if you have many fields and want to be LAZY! $sql = “SELECT * from info”;
  • 37.
    Programmatically Write theData Here’s the only hard part: <table border=“1”> <? $result = mysql_query($sql, $conn); while($table = mysql_fetch_object($result)) { echo “<tr><td>”; echo $table->name; echo “</td><td>”; echo $table->age; echo “</td></tr>”; } ?> </table>
  • 38.
    Putting it AllTogether statuspage.php <? require(“dbconn.php”); $sql = “SELECT * FROM info”; $result = mysql_query($sql, $conn); ?> <html><body> <table border=“1”> <? while($table = mysql_fetch_object($result)) { echo “<tr><td>”; echo $table->name; echo “</td><td>”; echo $table->age; echo “</td></tr>”; } ?> <table> </body></html>
  • 39.
    I Hate Objects! Ifyou don’t like using mysql_fetch_object:  mysql_fetch_array($result)  mysql_fetch_assoc($result)
  • 40.
    mysql_fetch_array() Access the columnsby numbers: while($array = mysql_fetch_array($result)) { echo $array[0]; echo $array[1]; }
  • 41.
    mysql_fetch_assoc() Access the columnsby column names: while($array = mysql_fetch_assoc($result)) { echo $array[‘name’]; echo $array[‘age’]; }
  • 42.
    One Helpful Function nl2br()– Line breaks in a form are not respected This function will turn a newline (nl) character into (2) an html <br> (br) tag.
  • 43.
    Data Validation  VeryImportant!  Without it, your site and all others can be hacked!  PHP makes it easier
  • 44.
    Data Validation  Cutdown on XSS with htmlentities()  Cut down on SQL-injection with mysql_real_escape_string()  Check that you’re getting what you expect  Check that you’re getting the length you expect  Don’t trust JavaScript
  • 45.
    Data Validation  Crosssite scripting vulnerability  Allows a user to input scripts  Allows a user to input links to malicious sites  Allows a user to steal a session/cookie/password The htmlentities() function turns entities into its harmless entity number. A ‘ is turned into &#39;
  • 46.
    Data Validation  SQL-injectionvulnerability  Allows a user to directly access your database  Allows a user to get access to other accounts  Allows a user to read data you don’t want read Prevention can be as simple as escaping quotes with mysql_real_escape_string to all user input $clean_user = mysql_real_escape_string($_POST[‘username’]);
  • 47.
    Data Validation  Getwhat you expect to get  Don’t change it, give error message Example: (validinsert.php) Age, should be less than 110, and numeric. Reject anything else if(strlen($age)>3){ //error message } if(!is_int($age)){ //error message } if($age>110 || $age<18){ //error message }
  • 48.
    Data Validation Get thelength you expect <input type=“text” name=“username” maxlength=“8”> Make sure the username is no longer than 8 if(strlen($username)>8)){ //error message }
  • 49.
    Data Validation  Don’ttrust JavaScript  Do client side AND server side validation
  • 50.
    Slide #50 I thinkthat’s enough webpublishers@listserv.brown.edu Next topic – to be announced for early May