Web Technology – BCA 3rd Semester

Unit-5: Introduction to advanced server side issues

Syllabus:

Database connection

1. Create MySQL Database at the Localhost

2. Create Database
3. Create a Folder in htdocs
4. Create Database Connection File In PHP
5. Create new php file to check your database connection
6. Run it

Create Database
Now return to the homepage of PHPMyAdmin. Click the New button to create a new database.

Teksan Gharti, Page 1

 Web Technology – BCA 3rd Semester

Create a Folder in htdocs

Now, locate the folder where you installed XAMPP and open the htdocs folder. Create a
new folder inside c:/xampp/htdocs/ and name it “firstdb” we will place web files in this folder.
Why we have created a folder in htdocs? XAMPP uses folders in htdocs to execute and run your
PHP sites.

Create Database Connection File In PHP

Create a new PHP file and name it dbconn.php and save it.

dbonn.php
<?php
$servername="localhost";
$hostusername="root";
$hostpassword="";
$db="csit5db";

$conn=mysqli_connect($servername,$hostusername,$hostpassword,$db);

if(!$conn)
{
die("erroe in connection".mysqli_connect_error());
}
else
{
echo"database connected <br>";
}
?>

Teksan Gharti, Page 2

 Web Technology – BCA 3rd Semester

Making form

mystudent.php

<html>
<head>
</head>
<body>
<form action="myvalidate.php" method="post">
<label>student id:</label><input type="number" name="id" value="student name">
<br><br>
<label>student name:</label><input type="text" name="name" value="student name">
<br><br>
<label>Roll no:</label><input type="number" name="rollno" value="student rollno">
<br><br>
<label>subject:</label><input type="text" name="subject" value="subject">
<br><br>
<label>Mark:</label><input type="number" name="mark" value="student mark">
<br><br>

<input type="submit" name="submit" value="submit">

</form>
</body>
</html>

For Form Validation

myvalidate.php

<html>
<head></head>
<body>
<?php
include"dbconn.php";
if($_POST['submit'])
{
if(empty($_POST['id'])||empty($_POST['name'])||empty($_POST['rollno'])||
empty($_POST['subject'])||empty($_POST['mark']))
{
echo"fill all the fields <br>";
}

Teksan Gharti, Page 3

 Web Technology – BCA 3rd Semester

else
{
include"dbconn.php";
$id=$_POST['id'];
$s_name=$_POST['name'];
$s_rollno=$_POST['rollno'];
$sub=$_POST['subject'];
$marks=$_POST['mark'];

$insertq="INSERT INTO student1(id,name,rollno,subject,mark) VALUES('

$id','$s_name','$s_rollno','$sub','$marks')";

$connect_query=mysqli_query($conn,$insertq);
if($connect_query)
{
echo"data inserted";
header("location:display.php");
}
else
{
echo"not inserted";
}
}

}
else
{
echo"submission error";
}
?>
</body>
</html>

Teksan Gharti, Page 4

 Web Technology – BCA 3rd Semester

Displaying Database information in PHP

display.php

<?php
include"dbconn.php";
$display_query="SELECT * FROM student1";
$display_exec=mysqli_query($conn,$display_query);

if($display_exec)
{
$record=mysqli_num_rows($display_exec);
// echo"<br>$record";
echo"<table>";
echo"<tr>";
echo"<th>student id</th>";
echo"<th>name</th>";
echo"<th>rollno</th>";
echo"<th>subject</th>";
echo"<th>mark</th>";
echo"</tr>";

while($row=mysqli_fetch_assoc($display_exec))
{
$id=$row['id'];
$name=$row['name'];
$rollno=$row['rollno'];
$subject=$row['subject'];
$mark=$row['mark'];
echo"<tr>";
echo"<td>$id</td>";
echo"<td>$name</td>";
echo"<td>$rollno</td>";
echo"<td>$subject</td>";
echo"<td>$mark</td>";
echo"<td><a href='mydelete.php'/>delete</td>";
echo"<td><a href='myupdate.php'/>update</td>";
echo"</tr>";

echo"</table>";
}
?>

Teksan Gharti, Page 5

 Web Technology – BCA 3rd Semester

Delete information in from database/table

mydelete.php
<html>
<head>
<?php
if($_POST['submit'])
{
include"dbconn.php";
$id=$_POST['id'];
$delete_q="DELETE FROM student1 where id='$id'";
$delete_query=mysqli_query($conn,$delete_q);
if($delete_query)
{
echo"data deleted";
header("location:display.php");
}
else
{
echo"data not deleted";
}

?>

</head>
<body>
<form action="" method="post">
<h2>enter all the info what you want to delete</h2>
<label>enter the id of student</label>
<input type="text" name="id">
<br><br>
<input type="submit" name="submit" value="submit">

</form>
</body>
</html>

Teksan Gharti, Page 6

 Web Technology – BCA 3rd Semester

Update information in database/table

myupdate.php
<html>
<head>
<?php
if(empty($_POST['id'])||empty($_POST['name'])||empty($_POST['rollno'])||
empty($_POST['subject'])||empty($_POST['mark']))
{
echo"fill all the fields <br>";
}
else
{
include"dbconn.php";
$id=$_POST['id'];
$s_name=$_POST['name'];
$s_rollno=$_POST['rollno'];
$sub=$_POST['subject'];
$marks=$_POST['mark'];

$update_query="UPDATE student1 SET name='$s_name',rollno='$s_rollno',

subject='$sub',mark='$marks' WHERE id='$id'";

$update_q=mysqli_query($conn, $update_query);
if($update_q)
{
echo"updated";
header("location:display.php");

}
else
{
echo"not updated";
}
}

?>
</head>
<body>
<form action="" method="post">
<label>student id:</label><input type="number" name="id" value="student name">
<br><br>
<label>student name:</label><input type="text" name="name" value="student name">
<br><br>
<label>Roll no:</label><input type="number" name="rollno" value="student rollno">
<br><br>

Teksan Gharti, Page 7

 Web Technology – BCA 3rd Semester

<label>subject:</label><input type="text" name="subject" value="subject">

<br><br>
<label>Mark:</label><input type="number" name="mark" value="student mark">
<br><br>

<input type="submit" name="submit" value="submit">

</form>
</body>
</html>

Authentication and Authorization:

User authentication is a process of validating users with some keys, tokens, or any other
credentials. If the user gives correct credentials then the authentication process will be
successful.

After successful authentication, the users will be allowed to the system as authenticated
users. This is called authorization.

Take a example, user authentication login system, it has a login panel to let users enter
their login details. It requests users to enter their username and password to authenticate. By
submitting these login credentials, it will be posted to a PHP page.

In PHP it verifies the entered detail with the registered users’ database. It shows how to
prepare the database query and execute it to check and verify the user’s data with the database.
Once a match is found, the user will be considered authenticated and authorized. After successful
login, the authenticated user will be allowed to enter into the application.

There are Three Authentication Schemas for IIS:

1. Anonymous Access
2. Authentication by IP Address or Domain
3. Integrated Windows Authentication

Anonymous Access:
Anonymous Access is one of three authentication schemes for Microsoft Internet
Information Services (IIS). Anonymous access allows anonymous users to gain access to Web
content hosted on the IIS server by using the anonymous user account.

Anonymous access is usually reserved for low-security public Web sites, where the identity of
the individual visiting the site is not important. By enabling anonymous access to the site,
distrusted users from the Internet can access content on the site.

You can enable or disable the anonymous access in ISS server.

Teksan Gharti, Page 8

 Web Technology – BCA 3rd Semester

Authentication by IP Address and Domain:

In IIS 7, all IP addresses, computers, and domains can access your site by default. To enhance
security, you can restrict access to your site by creating a deny rule for all IP addresses, a specific
IP address, a range of IP addresses, or a specific domain. IP address restrictions apply only to
IPv4 addresses.

For example, if you have a site on an intranet server that is connected to the Internet, you can
prevent Internet users from accessing your intranet site by allowing access only to members of
your intranet, and explicitly denying access to outside users.

Integrated Windows Authentication:

Integrated Windows authentication enables users to log in with their Windows credentials, using
Kerberos or NTLM authentication protocols. The client sends credentials in the Authorization
header. Windows authentication is best suited for an intranet environment.
To create an application that uses Integrated Windows authentication, select the "Intranet
Application" template in the MVC 4 project wizard. This project template puts the following
setting in the Web.config file:

<system.web>
<authentication mode="Windows" />

Teksan Gharti, Page 9

 Web Technology – BCA 3rd Semester

</system.web>

On the client side, Integrated Windows authentication works with any browser that supports
the Negotiate authentication scheme, which includes most major browsers. For .NET client
applications, the HttpClient class supports Windows authentication:

HttpClientHandler handler = new HttpClientHandler()

{
UseDefaultCredentials = true
};
HttpClient client = new HttpClient(handler);

Cookies:
See in Unit-4

File Handling
When we develop a web application using PHP, quite often we need to work with external
files, like reading data from a file or maybe writing user data into file etc. File handling is needed
for any application. For some tasks to be done file needs to be processed. File handling in PHP is
similar as file handling is done by using any programming language like C.

PHP File System allows us to create file, read file line by line, read file character by character,
write file, append file, delete file and close file.

So it's important to know how files are handled while working on any web application.

PHP has many functions to work with normal files. Those functions are:

 Create a File: fopen()

 Open a File: fopen()
 Read a File: fread()
 Write to a File: fwrite()
 Append to a File: fwrite()
 Close a File: fclose()
 Delete a File: unlink()

Teksan Gharti, Page 10

 Web Technology – BCA 3rd Semester

Create a File:
To create a file we use fopen() function as:

<?php
$file = fopen("myfil.tx",'');
if($file)
{
echo "file created successfully";
}
else
{
echo "file can not be created";
}
?>

Open File:
PHP fopen() function is used to open a file. First parameter of fopen() contains name of the
file which is to be opened and second parameter tells about mode in which file needs to be
opened. Actually we open file to read, write, or append the data inside the file.

Files can be opened in any of the following modes:

<?php
Teksan Gharti, Page 11
 Web Technology – BCA 3rd Semester

$file = fopen("myfil.txt",'w');
if($file)
{
echo "file open successfully";
}
else
{
echo "file can not be opened";
}
?>

File Read:
After file is opened using fopen() the contents of data are read using fread(). It takes two
arguments. One is file pointer and another is file size in bytes.

<?php
$file = fopen("myfile.txt",'r');
$size = filesize("myfile.txt");
$data = fread($file,$size);
echo $data;
?>

File Write:
New file can be created or text can be appended to an existing file using fwrite() function.
Arguments for fwrite() function are file pointer and text that is to written to file. It can contain
optional third argument where length of text to written is specified.

<?php
$file = fopen("myfile.txt",'w');
$txt = "hello this is write mode";
fwrite($file,$txt);
echo "Data is written in file successfully";
?>
Close a file:
File is closed using fclose() function. Its argument is file which needs to be closed. This
function is called every time when file handling work is done.

<?php
$file = fopen("myfile.txt",'r');
// clossing a file
fclose($file);
echo "File is successfully closed";
?>

Teksan Gharti, Page 12

 Web Technology – BCA 3rd Semester

Delete a file:
The PHP unlink() function is used to delete file.

<?php
unlink("myfil.txt");
echo "file is deleted successfully";
?>

Form Handling in PHP:

When we develop a website or a web application, we often have to create forms to take
input from users, like a Login form or a Registration form.

Creating a form on the webpage is accomplished using HTML, while PHP serves as a transport
for those values from the webpage to the server and then in further processing those values.

PHP provides two superglobals $_GET and $_POST for collecting form-data for processing.

Understanding How HTML Form Works

Let's create a simple HTML form and try to understand how it works, what are the different
attributes available in the <form> tag and what are they used for.

<html>
<body>
<form action="welcome.php" method="POST">
Name: <input type="text" name="name"> <br/>
Email: <input type="text" name="email"> <br/>
<input type="submit" value= "Submit" >
</form>
</body>
</html>

In the code above, we have used the <form> tag to create an HTML form, with input fields for
Name and Email along with submit button to submit the form data.

In the <form> tag, we have two attributes, action and method, do you know what they are for?

 action: Using this attribute, we can specify the name of the php file which will collect
and handle the form data. In the example above, we have provided name of a Php file as
welcome.php form data will send to this php file and handled.
 method: This attribute specify the means of sending the form data, whether it will be
submitted via POST method or GET method. In above example we use POST method.

Below we have the same form with method as GET,

Teksan Gharti, Page 13

 Web Technology – BCA 3rd Semester

<html>
<body>
<form action="welcome.php" method="GET">
Name: <input type="text" name="name"> <br/>
Email: <input type="text" name="email"> <br/>
<input type="submit" value="Submit">
</form>
</body>
</html>

The first step to process the form-data is to fetch the data using POST or GET superglobals, once
you have the data, you can do anything with it, display it on your webpage, save the data into
database, perform validations etc.

GET vs. POST Method:

Now, you must be wondering, which one should we use? Well, both GET and POST are used for
the same purpose but they work differently.

Teksan Gharti, Page 14

 Web Technology – BCA 3rd Semester

When a user submits a form, the values from the input fields are stored in an array,
like array(key1=>value1, key2=>value2,...) and then passed on to the destination (php file)
specified in the action attribute of the <form> tag.

Using GET method:

In case of GET method, form data is submitted as URL parameters, i.e. all the values entered in
the form fields by the user are sent to the action script, appended in the URL.

Let's take a simple example to understand, below we have a simple HTML form,

<html>
<body>
<form action="welcome.php" method="GET">
Name: <input type="text" name="name"> <br/>
Age: <input type="text" name="age"> <br/>
<input type="submit" value="Submit">
</form>
</body>
</html>

We have two input fields in above form, one is name and the other one is age. When we click on
submit, we will be redirected to the following URL, welcome.php?name=Prakash&age=25,
with the form data appended to the URL.

Sending the form data as URL parameters proves out useful at times as you can easily bookmark
links with form data, but for appending parameters in a URL there is a limit of 2000 characters,
hence for forms with large number of fields, it is not suggested, as some data might get lost or
the form submission may lead to error.

The php file welcome.php look like:

<?php
/* name attribute of the input field goes inside the square brackets of $_GET superglobal
*/
$name = $_GET["name"];
$age = $_GET["age"];
echo "Your name is ". $name . " and you are ". $age . " years old".
?>
Output:
Your name is Prakash and you are 25 years old.

Teksan Gharti, Page 15

 Web Technology – BCA 3rd Semester

As the form data is visible to everyone because it sent as URL parameters, hence we should not
use GET method for a form with sensitive data, like passwords etc.

Using POST method:

When we use the POST method, the array of key-value pair (the form data), coming from
the HTML form are sent as part of the HTTP request, hence they are invisible to the user.

Also, there is no character limit for the information/data being transmitted. POST method
also supports multipart form data upload which is used for file upload.

We would recommend, that you use the POST method while working on any PHP web
application/project.

Let's take a simple example to understand, below we have a simple HTML form,

<html>
<body>
<form action="welcome.php" method="POST">
Name: <input type="text" name="name"> <br/>
Age: <input type="text" name="age"> <br/>
<input type="submit" value="Submit">
</form>
</body>
</html>

The php file welcome.php look like:

<?php
/* name attribute of the input field goes inside the square brackets of $_POST
superglobal */
$name = $_POST["name"];
$age = $_POST["age"];
echo "Your name is ". $name . " and you are ". $age . " years old".
?>

Output:
Your name is Prakash and you are 25 years old

Teksan Gharti, Page 16

 Web Technology – BCA 3rd Semester

End of Unit -5

Teksan Gharti, Page 17