Sessions
Sessions are similar to Cookies in many respects
Used to track user activity and personalise interactions
However:
Cookies are becoming unreliable
They store information on client without permission
Modern browser privacy/security settings can block
cookies
PHP Session variables store data on the server
Connected to clients browser via the server and a Session ID
Almost flawless in operation and invisible to the user
2
Sessions
Setting Session variables is simple
Imagine we have received $name via a HTML form
We can store this information for use in other pages
It is essential that if we are using sessions, the first
thing we do is call:
session_start()
<?php
session_start();
extract($_POST);
$_SESSION[‘name’] = $name;
?>
3
Sessions
Now, on another page we can see if a session exists
If one does then we can welcome the visitor
<?php
session_start();
if($_SESSION[‘name’]){
print “Hi”.$_SESSION[‘name’].“. A session is
registered”;
}else{
print “There is no session registered…”;
}
?>
• The condition for the ‘if’ statement is true if the session
variable name exists.
• If it isn’t then we can take another course of action.
4
Sessions
Sessions end when a user closes a browser.
We can also terminate sessions to facilitate a logout
by a user.
Note that even though we are destroying this session,
we still have to call session_start() first.
<?php
session_start();
session_destroy();
?>
5
Redirecting a Browser
We can use the header() function to redirect a browser to a
different page.
For example, to redirect a browser to a page called login.php
we would use
header('Location: login.php');
This function is useful for returning a user to a login page if e.g.
they have entered an incorrect password, or an appropriate
session or cookie is not set
6
Architecture
Request Page Read File
Web Browser Web Server Page with
PHP
Send code
HTML page
Pass PHP page
and server variables
Generate
HTML (GET
page attributes, Server settings, etc.)
PHP
Interpreter
Interact with MySQL
Database
MySQL
Limittations of MySQL
Does not support transactions. Cancelling groups of actions
should be implemented by the developer.
Does not support referential integrity. Needs to be done
programmatically
Does not support nested selections. There are ways to overcome
this but they are not very efficient.
But in general it’s a reliable database.
MySQL management
The tool that you would mostly use is MySQLAdmin. A
Web frond end for database management.
You would use it for setting up databases, creating database
users.
During development, you would use it for testing queries
before importing them into your code.
You would use it for debugging the results of your
application (did the insert command work alright?)
MySQL Interaction
The interaction with MySQL server
consists of the following steps:
Connect to MySQL server.
This requires a username and a password.
Select the active database.
Perform SQL queries and retrieve results.
PHP Support for MySQL
Connection
$link = mysql_connect(“localhost”, “dbuser”, “dbpass”);
If ($link == false)
die(“Could not connect: “. mysql_error());
Database selection
$link = mysql_select_db(“myDatabase”, $link);
If ($link == false)
die(“Could not select database: “.
mysql_error());
PHP Support for MySQL
Perform a query
$query = “INSERT INTO contacts (name, email) VALUES
(‘Chris’, ‘
[email protected]’)”;
$res = mysql_query($query, $link);
If ($res == false)
echo “Could not perform insert: “. mysql_error();
else {
$userID = mysql_insert_id($link);
echo “New user id: $userID”;
}
MySQL retrieving results
$query = “SELECT * FROM contacts”;
$res = mysql_query($query, $link);
while ($record = mysql_fetch_assoc($res))
{
echo “Name: “.$record[‘name’].”, email: “.
$record[‘email’].”<br/>”;
}
mysql_free_results($res);
MySQL retrieving results
There are a number of ways for retrieving the results of
a query. The most commonly used are:
mysql_fetch_assoc(): returns an associative array
where the keys are the record field names.
mysql_fetch_object(): returns a record as an object.
There are object attributes for each record field.
MySQL & PHP: Things to remember
Usually you would get the data that you put in your
database from the user. Make sure that the data will
not break your SQL queries.
mysql_real_escape_string(): a useful function for
escaping characters before using a string in an
SQL query.
Suggested reading
Online Php Manual
http://www.php.net/manual/en/index.php
Online MySQL Manual
http://dev.mysql.com/doc/
AJAX Rich Internet Applications and Web Development
for Programmers: Chapter 18 and 19.