520 likes | 532 Views
<User Interface functional Design>. <PHP and Form Data>. <PHP and Form Data>. <Variables in PHP>. A variable is a place on which to stire data for manipulation within a PHP script.All variable names must be preceded with a $ sign and you are required to
E N D
<User Interface functional Design> <PHP and Form Data> EE-AA-Element 3Ver: 1.0
<PHP and Form Data> EE-AA-Element 3Ver: 1.0
<Variables in PHP> A variable is a place on which to stire data for manipulation within a PHP script.All variable names must be preceded with a $ sign and you are required to terminate each statement with a semi-colon. All variable names are case sensitive. Therefore $my_name and $MY_Name are two different variables. PHP is very liberal about variables and their types. You are not required to declare variables or to state their type explicitly. To create a new variable all that is required is to assign it a value using the = operator. EE-AA-Element 3Ver: 1.0
<Variables in PHP> • A valid variable name starts with a letter or underscore, followed by any number of letters, numbers, or underscores. • Note: For our purposes here, a letter is a-z, A-Z, and the ASCII characters from 127 through 255 (0x7f-0xff). EE-AA-Element 3Ver: 1.0
<Variables in PHP> Data types that are supported include • Strings – text specified inside single or double quotes • Integers – numbers without decimal places, • Floating points – numbers with decimal places, • Boolean – a truth value, TRUE or FALSE If dealing with forms you must remember that their values are always passed as strings. If you want to multiply an integer value by a form variable you will need to make sure that you converted the latter to a number first. EE-AA-Element 3Ver: 1.0
<Variables in PHP> • A variable may hold a value of any type. There is no compile- or runtime type checking on variables. You can replace a variable's value with another of a different type. • PHP supports the standard arithmetic operators + - * / %. Strings are enclosed in single or double quotation marks, it doesn’t matter which so long as you start and end with the same style of quotation marks. If you wish to use a double quote character inside a double quoted string you need to precede it with a \. • There is no explicit syntax for declaring variables in PHP. The first time the value of a variable is set, the variable is created. In other words, setting a variable functions as a declaration. EE-AA-Element 3Ver: 1.0
A variable whose value has not been set behaves like the NULL value: • if ($uninitialized_variable === NULL) • { • echo "Yes!"; • } • Yes EE-AA-Element 3Ver: 1.0
Variable Scope • The scope of a variable, which is controlled by the location of the variable's declaration, determines those parts of the program that can access it. There are four types of variable scope in PHP: • Local: Can only be used by the function in which they are declared. • Global: Can be accessed by any function. Must be explicitly declared. • Static: retains its value between calls to a function but is visible only within that function, • and function parameters. EE-AA-Element 3Ver: 1.0
PHP AND GET • Some server programming platforms require us to use collections of some sort to obtain values from form elements. PHP uses either GET or POST to achieve this. • When we use the get method for a form the information in that form is appended to the URL to which the users web browser is directed in the forms action attribute. That is the names of form fields and the values that those fields contain are encoded and added to the URL as key/value pairs. EE-AA-Element 3Ver: 1.0
A very simple example form. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/ loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="Author" content="jon stephens" /> <title>What's Your Favorite Cheese, Please?</title> </head> <body bgcolor="#FFFFFF" text="#000000"> EE-AA-Element 3Ver: 1.0
<h3>Please enter your name and favorite cheese:</h3> <form method="GET" action="processform.php"> <p>Name (first and last): <input type="text" name="cust_name" /></p> <p>Favorite cheese: <select name="cheese"> <option selected>[choose one]</option> <option value="Mozzarella">Mozzarella</option> <option value="Provalone">Provalone</option> <option value="Parmesan">Parmesan</option> <option value="Camembert">Camembert</option> </select></p> <p><input type="submit" name="submit" value="Submit" /> <input type="reset" value="Reset" /></p> </form> </body> </html> EE-AA-Element 3Ver: 1.0
Display EE-AA-Element 3Ver: 1.0
When a user “user1” using the domain “myplace” enters a name and preferred kind of cheese into the corresponding fields and clicks the submit button, here is what will be see in the browsers location window when the nxt page loads. http://myplace/processform.php?cust_name=user1&cheese=Camembert&submit=Submit Note that the Reset buttons value didn’t get sent along with the rest of the data and it doesn’t appear as part of the query string. EE-AA-Element 3Ver: 1.0
We now want to look at how PHP handles things on the receiving end. Lets look at the source for processform.php. PHP can be mixed in with the HTML or other code used in a web page. It is often marked as such with the <?php and ?> delimiters. These indicate the beginning and end of the PHP scripting code. EE-AA-Element 3Ver: 1.0
processform.php <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="Author" content="jon stephens" /> <title>What's Your Favorite Cheese, Please?</title> </head> <body bgcolor="#FFFFFF" text="#000000"> <p>Name of Customer: <b><?php echo $cust_name; ></b></p> <p>Preferred Cheese: <b><?php echo $cheese; ?></b></p> </body> </html> EE-AA-Element 3Ver: 1.0
PHP and POST • When a form is submitted to a PHP script, the information from that form is automatically made available to the script. There are many ways to access this information, for example: <form action="foo.php" method="post"> Name: <input type="text" name="username"><br> Email: <input type="text" name="email"><br> <input type="submit" name="submit" value="Submit me!"></form> EE-AA-Element 3Ver: 1.0
Accessing data from a simple POST HTML form <?php // Available since PHP 4.1.0 print $_POST['username']; print $_REQUEST['username']; import_request_variables('p', 'p_'); print $p_username; // Available since PHP 3. print $HTTP_POST_VARS['username']; // Available if the PHP directive egister_globals = on. As of // PHP 4.2.0 the default value of register_globals = off. // Using/relying on this method is not preferred. print $username; ?> EE-AA-Element 3Ver: 1.0
Preserving state in PHP EE-AA-Element 3Ver: 1.0
Preserving state in PHP • PHP transparently supports HTTP cookies. Cookies are a mechanism for storing data in the remote browser. They allow you to track or identify return users. You can set cookies using the setcookie() function. Setcookie() must be called before any output is sent to the browser. • Any cookies sent to you from the client will automatically be turned into a PHP variable just like GET and POST method data, depending on the register_globals and variables_order configuration variables. EE-AA-Element 3Ver: 1.0
Maintaining State • HTTP is a stateless protocol, which means that once a web server completes a client's request for a web page, the connection between the two goes away. There is no way for a server to recognize that a sequence of requests all originate from the same client. • State is useful, though. You can't build a shopping-cart application, for example, if you can't keep track of a sequence of requests from a single user. You need to know when a user puts a item in his cart, when he adds items, when he removes them, and what's in the cart when he decides to check out. EE-AA-Element 3Ver: 1.0
Maintaining State • Programmers have come up with many tricks to keep track of state information between requests (also known as session tracking ). One such technique is to use hidden form fields to pass around information. PHP treats hidden form fields just like normal form fields. Using hidden form fields, you can pass around the entire contents of a shopping cart. However, a more common technique is to assign each user a unique identifier and pass the ID around using a single hidden form field. EE-AA-Element 3Ver: 1.0
Maintaining State Another technique is URL rewriting, where every local URL on which the user might click is dynamically modified to include extra information. This extra information is often specified as a parameter in the URL. For example, if you assign every user a unique ID, you might include that ID in all URLs. If you make sure to dynamically modify all local links to include a user ID, you can now keep track of individual users in your application. URL rewriting works for all dynamically generated documents, not just forms, but actually performing the rewriting can be tedious. EE-AA-Element 3Ver: 1.0
Maintaining State A third technique for maintaining state is to use cookies. A cookie is a bit of information that the server can give to a client. On every subsequent request the client will give that information back to the server, thus identifying itself. Cookies are useful for retaining information through repeated visits by a browser, but they're not without their own problems. The main problem is that some browsers don't support cookies, and even with browsers that do, the user can disable cookies. So any application that uses cookies for state maintenance needs to use another technique as a fallback mechanism. EE-AA-Element 3Ver: 1.0
Maintaining State • The best way to maintain state with PHP is to use the built-in session-tracking system. This system lets you create persistent variables that are accessible from different pages of your application, as well as in different visits to the site by the same user. Behind the scenes, PHP's session-tracking mechanism uses cookies (or URLs) to elegantly solve most problems that require state, taking care of all the details for you. EE-AA-Element 3Ver: 1.0
Cookies • A cookie is basically a text file stored on the client computer that can contain up to 4000 characters. • They can be opened with any text editor so you should encrypt sensitive information. • They are used to retain user preferences, shopping cart selections and other pieces of data. • In PHP cookies are created using the setcookie() function. It must be the first thing to appear before any PHP code as a cookie is part of the header information. EE-AA-Element 3Ver: 1.0
Some parameters of setcookie( ) name This sets the name for the cookie. You can have multiple cookies with different names and attributes. The name must not contain whitespace or semicolons value This sets the value of the named variable and is the content that you actually want to store. The total size of a cookie to 4 KB, so while there's no specific limit on the size of a cookie value, it probably can't be much larger than 3.5 KB. expire This specifies a future time at which the cookie will become inaccessible. EE-AA-Element 3Ver: 1.0
Some parameters of setcookie( ) path This specifies the directories for which the cookie is valid. For example, if /store/front/cart.php sets a cookie and doesn't specify a path, the cookie will be sent back to the server for all pages whose URL path starts with /store/front/. domain The browser will return the cookie only for URLs within this domain. The default is the server hostname. secure The browser will transmit the cookie only over https connections. The default is false, meaning that it's okay to send the cookie over insecure connections. EE-AA-Element 3Ver: 1.0
$_COOKIE array • When a browser sends a cookie back to the server, you can access that cookie through the $_COOKIE array. • The key is the cookie name, and the value is the cookie's value field. • Not all clients support or accept cookies, and even if the client does support cookies, the user may have turned them off. Furthermore, the cookie specification says that no cookie can exceed 4 KB in size, only 20 cookies are allowed per domain, and a total of 300 cookies can be stored on the client side. Some browsers may have higher limits, but you can't rely on that. EE-AA-Element 3Ver: 1.0
Expiration of cookies • Finally, you have no control over when browsers actually expire cookies—if they are at capacity and need to add a new cookie, they may discard a cookie that has not yet expired. • You should also be careful of setting cookies to expire quickly. Expiration times rely on the client's clock being as accurate as yours. Many people do not have their system clocks set accurately, so you can't rely on rapid expirations. • Despite these limitations, cookies are very useful for retaining information through repeated visits by a browser. EE-AA-Element 3Ver: 1.0
Sessions • Another way to make data accessible across the various pages of an entire website is to use a session. • PHP has built-in support for sessions, handling all the cookie manipulation for you to provide persistent variables that are accessible from different pages and across multiple visits to the site. • Sessions allow you to easily create multipage forms (such as shopping carts), save user authentication information from page to page, and store persistent user preferences on a site. EE-AA-Element 3Ver: 1.0
Sessions. • A session creates a file in a temporary directory on the server where registered session variables and their values can be stored. This data will be available to all pages on the site during that visit. • Each first-time visitor is issued a unique session ID. By default, the session ID is stored in a cookie called PHPSESSID. If the user's browser does not support cookies or has cookies turned off, the session ID is propagated in URLs within the web site. • The location of the temporary file is determined by the setting in the php.ini file. EE-AA-Element 3Ver: 1.0
Every session has a data store associated with it. You can register variables to be loaded from the data store when each page starts and saved back to the data store when the page ends. • Registered variables persist between pages, and changes to variables made on one page are visible from others. • For example, an "add this to your shopping cart" link can take the user to a page that adds an item to a registered array of items in the cart. This registered array can then be used on another page to display the contents of the cart. EE-AA-Element 3Ver: 1.0
Session basics • To enable sessions for a page, call session_start( ) before any of the document has been generated. • This assigns a new session ID if it has to, possibly creating a cookie to be sent to the browser, and loads any persistent variables from the store. • You can register a variable with the session by passing the name of the variable to session_register( ) EE-AA-Element 3Ver: 1.0
session_start( ) The session_start( ) function loads registered variables into the associative array $HTTP_SESSION_VARS. The keys are the variables' names (e.g., $HTTP_SESSION_VARS['hits']). The location of the temporary file is determined by the setting in the php.ini file. If register_globals is enabled in the php.ini file, the variables are also set directly. Because the array and the variable both reference the same value, setting the value of one also changes the value of the other. EE-AA-Element 3Ver: 1.0
You can unregister a variable from a session, which removes it from the data store, by calling session_unregister( ). The session_is_registered( ) function returns true if the given variable is registered. If you're curious, the session_id( ) function returns the current session ID. • To end a session, call session_destroy( ). This removes the data store for the current session, but it doesn't remove the cookie from the browser cache. This means that, on subsequent visits to sessions-enabled pages, the user will have the same session ID she had before the call to session_destroy( ), but none of the data. EE-AA-Element 3Ver: 1.0
Setting preferences with sessions <?php $colors = array('black' => '#000000', 'white' => '#ffffff', 'red' => '#ff0000', 'blue' => '#0000ff'); session_start( ); session_register('bg'); session_register('fg'); $bg_name = $_POST['background']; $fg_name = $_POST['foreground']; $bg = $colors[$bg_name]; $fg = $colors[$fg_name]; ?> EE-AA-Element 3Ver: 1.0
Combining Cookies and Sessions • Using a combination of cookies and your own session handler, you can preserve state across visits. Any state that should be forgotten when a user leaves the site, such as which page the user is on, can be left up to PHP's built-in sessions. Any state that should persist between user visits, such as a unique user ID, can be stored in a cookie. With the user's ID, you can retrieve the user's more permanent state, such as display preferences, mailing address, and so on, from a permanent store, such as a database. EE-AA-Element 3Ver: 1.0
Form Validation EE-AA-Element 3Ver: 1.0
Common mistakes made by users • essential fields blank, • enter numbers in fields expected to receive letters only, • use characters that will that can cause errors • enter incorrect data. EE-AA-Element 3Ver: 1.0
Validation types • Interactive validation with field-by-field errors • Interactive validation with batch errors – • Post-validation with field-by-field errors – • Post-validation with batch errors EE-AA-Element 3Ver: 1.0
Client side validation • Occurs at the client browser before a request is sent to the server • Main programming language used Javascript EE-AA-Element 3Ver: 1.0
Client side validation advantages • is usually faster for the user • saves bandwidth • and cuts down on server load • user errors can be found and indicated in real time • generating error-specific pop-up dialogs EE-AA-Element 3Ver: 1.0
Client side validation disadvantages 1.user can easily disable JavaScript 2.browser may not support client-side scripting no client-side validation will be executed EE-AA-Element 3Ver: 1.0
Server side validation • Can't easily be altered by users- no access • May use PHP ASP ASP.net Coldfusion JSP • Vital for database integrity and safety EE-AA-Element 3Ver: 1.0
Server side validation Disadvantages • May cause bandwidth problems • User may drop out – bad internet connection. • Increased Server load EE-AA-Element 3Ver: 1.0
Client side validation • Browser compatibility • Form validation text inputs • Email validation • Value validation • Digit validation • Empty validation • Form validation non text inputs • List boxes • Radio Buttons • Checkboxes EE-AA-Element 3Ver: 1.0
Server side validation – issues • Empty and Incorrectly Formatted Fields: • Security Issues • Creation of a Form handler. • Regular expression for data input EE-AA-Element 3Ver: 1.0
Server side validation – Security • Posting offensive words • Using very long strings • HTML tags to interfere with page layout • Posting JavaScript code • Posting server-side code EE-AA-Element 3Ver: 1.0
Server side validation – Regular expressions • POSIX • PCRE • May also be used client side • Literals • Metacharacters-beyond literal- multiple occurrences • Classes - multiple matching • Matching patterns • ereg() is case-sensitive Strings • eregi is case-insensitive. Strings EE-AA-Element 3Ver: 1.0
Recommended reading • Usable forms for the Web Chapter 6 Glasshaus 2002 ISBN 1-904151-09-4 • PHP and MySQL for Dynamic Web Sites: Peachpit press 2003 0-321-18648-6Visual QuickPro Guide LUllman • Web Database Applications with PHP & MySQL D Lane, H. E. Williams EE-AA-Element 3Ver: 1.0