P

Ml1 6.470, lA 2010

?aflm Landa (landa[mlL.edu)
LAM
We'll use Llnux, Apache, MySCL, and P for
Lhls course
1here are alLernaLlves
Wlndows wlLh llS and AS
!ava wlLh 1omcaL
CLher daLabase sysLems llke osLgreSCL, or non-
SCL daLabases
Why P?
A very slmple and sLralghLforward synLax
P ls really well documenLed: hLLp://php.neL/
1ype Lhe name of a funcLlon you wanL Lo look up aL Lhe end of Lhe
u8L, and you'll be senL dlrecLly Lo Lhe relevanL help page, for example:
hLLp://php.neL/[son_encode
1lghL lnLegraLlon wlLh MySCL (and loLs of oLher daLabase sysLems)
Well esLabllshed and creaLed speclflcally for Lhe web
used by lacebook, Wlklpedla, ?ou1ube, ulgg, and plenLy of oLhers
uoes loLs of cool Lhlngs llke encrypLlon, lmage manlpulaLlon, emall,
flle upload, and so on wlLh ease
Cb[ecL orlenLed as of P3: hLLp://php.neL/manual/en/
language.oop3.php
ConvenlenL Lype sysLem for Lhe web
WhaL uoes P uo?
CeneraLes pages LhaL Lhe user can see
8eLrleves any lnformaLlon from Lhe daLabase or
from oLher sources
ulsplays an P1ML page wlLh !"#$%&' ')#*+#*
WrlLes daLa back Lo Lhe daLabase or performs
oLher operaLlons
CeneraLes daLa for your A!Ax requesLs
8egular P1ML pages can change only Lhrough
Lhe use of !avascrlpL
very superflclal (wlLhouL Lhe use of A!Ax)
P1ML can be rendered dynamlcally uslng P
1he page can change dependlng on Lhe Llme of
day, Lhe conLenLs of Lhe daLabase, Lhe user's
lnpuL, eLc.
We already know how Lo make P1ML pages
LhaL show sLaLlc conLenL
1o add dynamlc conLenL, we can slmply
+%,+! -.- ')!+ /&*0&# $# .123 4$5+ 67&#5
$ 74+'&$8 *$5
1hls embedded code ls execuLed on Lhe server
before lL ls senL Lo Lhe cllenL and looks llke
regular P1ML Lo Lhe cllenL
Language SynLax
hLLp://6.470.scrlpLs.mlL.edu/2009/
uouble quoLes vs. slngle quoLes
lf $var ls seL Lo 6.470"
echo This is $var wlll ouLpuL !"#$ #$ &'()*
echo This is $var wlll ouLpuL !"#$ #$ +,-.
AssoclaLlve arrays
$var [foo] = hello, world;
foreach ($var as $key => $value) {
$var ls an (assoclaLlve) array
Makes $key (a key) and $value (Lhe value sLored aL LhaL key)
avallable on each loop lLeraLlon
=== does a comparlson wlLh Lype
hLLp://www.php.neL/manual/en/langref.php
Superglobals
P has several speclal varlables LhaL are global
everywhere
All of Lhese are assoclaLlve arrays
$_SL8vL8 - server and execuLlon envlronmenL lnformaLlon
$_SL8vL8['P_SLLl'] ls useful for Lhe form acLlon aLLrlbuLe
$_CL1 - varlables passed Lhrough Lhe u8L
hLLp://some.server.com/lndex.php?4$9$%:;$86+
$_CS1 - varlables passed Lhrough Lhe P11 CS1 meLhod
$_8LCuLS1 - boLh CL1 and CS1 comblned
$_llLLS - flles uploaded Lhrough P11 CS1
$_CCCklL - conLenLs of P11 cookles
$_SLSSlCn - an assoclaLlve array of sesslon varlables
Lrror Pandllng
1o debug your code, lnserL Lhe followlng Lwo
llnes aL Lhe beglnnlng of your scrlpL:
ini_set('display_errors',1);
error_reporting(E_ALL);
Lxample: llrsL dynamlc conLenL
uemo: hLLp://landa.scrlpLs.mlL.edu/6.470/
examples/example1/lndex.php
Code: hLLp://landa.scrlpLs.mlL.edu/6.470/
examples/example1/code.hLml
Lxample: Superglobals
uemo: hLLp://landa.scrlpLs.mlL.edu/6.470/
examples/example2/lndex.php
Code: hLLp://landa.scrlpLs.mlL.edu/6.470/
examples/example2/code.hLml
lnpuL
We can geL lnpuL from varlous sources
CL1 and CS1 requesL varlables, from Lhe user
lncludes lnpuL from forms
Access uslng $_CL1, $_CS1, or $_8LCuLS1 superglobal
assoclaLlve arrays
llle uploads from Lhe user
Changlng daLa ln Lhe daLabase
CLher webslLes and Als
1wlLLer, Coogle, lacebook, and so on
Worklng WlLh MySCL
uL Lhe daLabase connecLlon code ln a
separaLe flle (daLabase.php)
include_once database.php
$sql = mysql_query($query)
$query ls Lhe MySCL query sLrlng (llke SLLLC1 *
l8CM commenLs")
8eLurns a ./$01.2/ and sLores lL ln $sql
?ou can sLep over Lhe rows ln Lhe resource one by
one by wrlLlng
$row = mysql_fetch_object($sql) or
$row = mysql_fetch_array($sql)
CfLen used ln a whlle loop
while($row = mysql_fetch_array($sql)) {
Loops unLll all of Lhe rows have been examlned
See commenLs.php ln leedback example
Sesslon ManagemenL (Logglng ln)
Sesslons allow you Lo sLore daLa LhaL perslsLs
beLween P pages
1hls means LhaL we can creaLe an accounL sysLem
SLore Lhe user's accounL daLa ln sesslons
uslng $_SLSSlCn superglobal
MusL call session_start() aL Lhe
beglnnlng of each page Lo use sesslons
Lxample: leedback
hLLp://landa.scrlpLs.mlL.edu/6.470/feedback/
lndex.php
1oplcs
Sesslons
Ml1 cerLlflcaLes
Worklng wlLh MySCL
$_CS1
Lxample: CuLpuLLlng !SCn
hLLp://landa.scrlpLs.mlL.edu/6.470/feedback/
commenLs.php?llmlL=10
useful for feedlng daLa Lo A!Ax calls
1oplcs
use a llmlL uslng $_GET [limit]
Lnabllng !SCn uslng php.lnl
Lrror reporLlng
ulsplays all of Lhe commenLs ln Lhe daLabase ln !SCn
formaL
Lxamlne Lhe !SCn ouLpuL uslng
hLLp://[sonformaLLer.curlousconcepL.com/
uaLe and 1lme luncLlons
1he easlesL Lhlng Lo do ls Lo converL everyLhlng lnLo and work wlLh
seconds slnce !anuary 1, 1970
date($format [, $timestamp])
formaLs Lhe LlmesLamp (used Lo dlsplay Lhe daLe ln a human
readable formaL)
time() geLs Lhe currenL Llme measured ln seconds slnce !anuary
1, 1970
strtotime($time [, $now]) converLs a sLrlng llke nexL
Monday" lnLo seconds slnce !anuary 1, 1970
use MySCL's funcLlons FROM_UNIXTIME and
UNIX_TIMESTAMP Lo converL beLween P and MySCL daLe
formaLs
hLLp://us.php.neL/manual/en/ref.daLeLlme.php
lnpuL lllLerlng
lL's usually besL noL Lo LrusL exLernal daLa
Can lnvoke varlous vulnerablllLles, P1ML code, and
oLher Lhlngs LhaL you may noL wanL
As a flrsL llne of defense you should
strip_tags($input) Lo remove P1ML Lags
addslashes($input) before wrlLlng daLa Lo Lhe
daLabase and stripslashes($input) afLer
reLrlevlng lL back
mysql_real_escape_string($input) for
SCL querles
More abouL Lhls Lomorrow