The GET Method

The GET method sends the encoded user information appended to the page request. The page and the encoded
information are separated by the ? character.

http://www.test.com/index.htm?name1=value1&name2=value2

 The GET method produces a long string that appears in your server logs, in the browser's Location: box.
 The GET method is restricted to send upto 1024 characters only.
 Never use GET method if you have password or other sensitive information to be sent to the server.
 GET can't be used to send binary data, like images or word documents, to the server.
 The data sent by GET method can be accessed using QUERY_STRING environment variable.

 The PHP provides $_GET associative array to access all the sent information using GET method.

The POST Method

The POST method transfers information via HTTP headers. The information is encoded as described in case of
GET method and put into a header called QUERY_STRING.

 The POST method does not have any restriction on data size to be sent.

 The POST method can be used to send ASCII as well as binary data.

 The data sent by POST method goes through HTTP header so security depends on HTTP protocol. By
using Secure HTTP you can make sure that your information is secure.

 The PHP provides $_POST associative array to access all the sent information using POST method

Query String
 Query strings are a quick, convenient way to pass small amounts of data between browser requests.

 Common uses of query strings include remembering a user’s entered keywords when using a search
function, identifying which topic within a forum to display to the user, and specifying which post within a
blog to display.

 Query string data is very easy for the user to alter, because it ’ s visible and editable within the browser ’ s
address bar.

 Therefore, query strings should be used only in situations where sending incorrect data won ’ t compromise
security.

 For example, don ’ t use query strings for storing things such as user IDs (unless your script additionally
verifies that the users are who they say they are).

 You also need to make sure you don’t rely on query strings to authenticate users, because people often
send URLs to friends in emails or instant messaging applications.
 If your URL contains all the data needed to authenticate a user, and that user sends the URL to a friend,
then the friend can pretend to be them.

 When the form data is sent to the server, it is appended to the end of the URL as follows:

http://localhost/myscript.php?firstName=Fred & lastName=Bishop & ...

 In other words, the browser adds a query ( ? ) character to the end of the URL, then follows it with each of
the form fields as “name=value” pairs, with each pair separated by an ampersand ( & ).

 The query string is the part of the URL after the ? character.

Creating QueryString:

 The great thing about query strings is that they are not limited to form data.
 Because a query string is simply a string of characters stored in a URL, you can manually create a URL
containing a query string in your PHP script, then include the URL as a link within the displayed page or in
an email, for example.
 PHP even provides some built - in functions to make the process easier.
 Here’s a simple example that creates two variables, $firstName and $age , then creates a link in the
displayed page that contains a query string to store the variable values:

$firstName = “John”;
$age = “34”;
$queryString = “firstName=$firstName & amp;age=$age”;
echo ‘ < p > < a href=”moreinfo.php?’ . $queryString . ‘” > Findout more info onthis person < /a > < /p >’;

 This code generates the following markup:

< p > < a href= “ moreinfo.php?firstName=John & amp;age=34 “ > Find out more info on this person < /a
> < /p >
 If the user then clicks this link, moreinfo.php is run, and the query string data ( firstName=John & age=34 )
is passed to the moreinfo.php script.
 Data has been transmitted from one script execution to the next.
 Note that the ampersand ( & ) character needs to be encoded as & amp.
 The specifications for a query string allows only the following characters to be used within field names and
values: letters, numbers, and the symbols - , , . (period), ! , ~ , * , ‘ (single quote),( , and ) .
 So what do you do if you need to transmit other characters, such as spaces, curly braces, or ? characters?
 The answer is that you should use URL encoding .
 This is a scheme that encodes any reserved characters as hexadecimal numbers preceded by a percent ( % )
symbol, with the exception of space characters, which are encoded as plus ( + ) signs.
 (Characters that don’t need to be encoded, such as letters and numbers, are sent as they are.)
 As it happens, PHP gives you a function called urlencode() that can encode any string using URL
encoding. Simply pass it a string to encode, and it returns the encoded string.
 So you can use urlencode() to encode any data that may contain reserved characters.
 Here ’ s an example:
 $firstName = ”John”;
 $homePage = ”http://www.example.com/”;
 $favoriteSport = ”Ice Hockey”;
 $queryString = “firstName=” . urlencode( $firstName ) . “ & amp;homePage=” .

 urlencode( $homePage ) . “ & amp;favoriteSport=” . urlencode( $favoriteSport );

  echo ‘ < p > < a href=”moreinfo.php?’ . $queryString . ‘” > Find out more info on this person < /a > < /p >
’;
 In fact, PHP makes it even easier to create a query string
 This function take an associative array of field names and values and returns the entire query string.

What is a Session?
 A session is a way to store information (in variables) to be used across multiple pages.

 Unlike a cookie, the information is not stored on the users computer.

 A PHP session stores data on the server rather than user's computer.

 In a session based environment, every user is identified through a unique number called session identifier
or SID.

 This unique session ID is used to link each user with their own information on the server like emails, posts,
etc.
 A session is a global variable stored on the server.
 Each session is assigned a unique id which is used to retrieve stored values.
 Whenever a session is created, a cookie containing the unique session id is stored on the user’s computer
and returned with every request to the server.  If the client browser does not support cookies, the unique
php session id is displayed in the URL
 Sessions have the capacity to store relatively large data compared to cookies.
 The session values are automatically deleted when the browser is closed. If you want to store the values
permanently, then you should store them in the database.
 Just like the $_COOKIE array variable, session variables are stored in the $_SESSION array variable. Just
like cookies, the session must be started before any HTML tags.sss

Why and when to use Sessions?

 You want to store important information such as the user id more securely on the server where malicious
users cannot temper with them.
 You want to pass values from one page to another.
 You want the alternative to cookies on browsers that do not support cookies.
 You want to store global variables in an efficient and more secure way compared to passing them in the
URL
 You are developing an application such as a shopping cart that has to temporary store information with a
capacity larger than 4KB.

Creating a Session
  In order to  create a session, you must first call the PHP session_start() function and then store your values
in the $_SESSION array variable.
 It returns existing session if session is created already.
 If session is not available, it creates and returns new session
 The session_start() function first checks to see if a session already exists by looking for the presence of a
session ID.
 If it finds one, i.e. if the session is already started, it sets up the session variables and if doesn't, it starts a
new session by creating a new session ID.
 We must call the session_start() function at the beginning of the page i.e. before any output generated by
your script in the browser, much like you do while setting the cookies with setcookie() function.

<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
// Set session variables
$_SESSION["favcolor"] = "green";
$_SESSION["favanimal"] = "cat";
echo "Session variables are set.";
?>

</body>
</html>

Storing and Accessing Session Data

 You can store all your session data as key-value pairs in the $_SESSION[] superglobal array.
 The stored data can be accessed during lifetime of a session.
 Consider the following script, which creates a new session and registers two session variables.
 <?php
// Starting session
session_start();

// Storing session data

$_SESSION["firstname"] = "Peter";
$_SESSION["lastname"] = "Parker";
?>

 To access the session data we set on our previous example from any other page on the same web domain —
 simply recreate the session by calling session_start() and then pass the corresponding key to the $_SESSION
associative array.
 <?php
// Starting session
session_start();

// Accessing session data

echo 'Hi, ' . $_SESSION["firstname"] . ' ' . $_SESSION["lastname"];
?>
Destroying Session Variables
 The session_destroy() function is used to destroy the whole Php session variables.
 If you want to destroy only a session single item, you use the unset() function.
 The code below illustrates how to use both methods.
<?php

session_destroy(); //destroy entire session

?>
<?php

unset($_SESSION['product']); //destroy product session item

?>

  Session_destroy removes all the session data including cookies associated with the session.

Unset only frees the individual session variables.

Other data remains intact

State and Stateless Webpage

 The stateful and stateless models of software application behavior define how a user’s web browser
communicates with a web server.
 In the earliest years of the Web, sites tended to be stateless.
 Pages were static, not varying from user to user.
 Later, websites included the stateful model, which delivered pages with information unique to each user.
 Stateful web applications are essential for modern e-commerce such as online retailers and banks, but
require sophisticated programming to work effectively

Stateless Model

 In the pure form of the stateless model, a client program makes a request to an application server, which sends
data back to the client.
 The server treats all client connections equally and saves no information from prior requests or sessions.
 A website that serves up a simple static web page is a good example of the stateless model.
 The server receives requests for pages it hosts and sends the page data to requesting browsers, much like a
short-order cook making meals for diners.

Stateful Model
 When an application operates in a stateful mode, the server keeps track of who users are and what they do from
one screen to the next.
 Preserving the state of users’ actions is fundamental to having a meaningful, continuous session.
 It typically begins with a login with user ID and password, establishing a beginning state to the session.
 As a user navigates through the site, the state may change.
 The server maintains the state of the user’s information throughout the session until logout.

Creating Data Base

 MySQL implements a database as a directory that contains all files which correspond to tables in the database.
 To create a new database in MySQL, you use the CREATE DATABASE statement with the following syntax:

 1 CREATE DATABASE [IF NOT EXISTS] database_name

 2 [CHARACTER SET charset_name]
 3 [COLLATE collation_name]

 First, you specify the database_name following the CREATE DATABASE clause.
 The database name must be unique within the MySQL server instance.
 If you try to create a database with a name that already exists, MySQL issues an error.
 Second, to avoid an error in case you accidentally c\reate a database that already exists, you can specify the IF NOT
EXISTS option.
 In this case, MySQL does not issue an error but terminates the CREATE DATABASE statement instead.
 Third, you can specify the character set and collation for the new database at creation time.
 If you omit the CHARACTER SET and COLLATE clauses, MySQL uses the default character set and collation for the new
database

Creating a new database using mysql program

 To create a new database via the mysql program, you use the following steps:
 First, log in to the MySQL Server using the root user

1 >mysql -u root -p
2 Enter password: ********

 Type the password for the root user and press Enter.
 Next, to display the existing database in the server to make sure that you are not creating a new database that
already exists, you use the SHOW DATABASES command as follows:

1 mysql> SHOW DATABASES;

2  
3 +--------------------+
4 | Database           |
5 +--------------------+
6 | classicmodels      |
7 | information_schema |
8 | mysql              |
9 | performance_schema |
10 | sys                |
11 +--------------------+
12 5 rows in set (0.00 sec)

 MySQL returns five existing databases in the current server.

 Then, issue the CREATE DATABASE command with the database e.g., testdb and press Enter:

1 mysql> CREATE DATABASE testdb;

2 Query OK, 1 row affected (0.12 sec)

 After that, if you want to review the created database, you can use the SHOW CREATE DATABASE command:

1 mysql> SHOW CREATE DATABASE testdb;

MySQL CREATE TABLE syntax

 To create a new table within a database, you use the MySQL CREATE TABLE  statement. The CREATE
TABLE statement is one of the most complex statements in MySQL.
 The following illustrates the syntax of the simplified version of the CREATE TABLE  statement:
 CREATE TABLE table_name(column1 type (size),
 column2 type (size),
 column3 type (size),
 ….
 Column n type (size));

 Let’s examine the syntax in greater detail.
 First, you specify the name of the table that you want to create after the CREATE TABLE  clause.
 The table name must be unique within a database.
 The IF NOT EXISTS is an optional clause that allows you to check if the table that you are creating already
exists in the database
 . If this is the case, MySQL will ignore the whole statement and will not create any new table.
 It is highly recommended that you use IF NOT EXISTS in every CREATE TABLE statement to avoid an error
of creating a new table that already exists.
 Second, you specify a list of columns for the table, columns are separated by commas.
 Example:-
 mysql > CREATE TABLE fruit (
 id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
 name VARCHAR(30) NOT NULL,
 color VARCHAR(30) NOT NULL,
 PRIMARY KEY (id)
 );