Web Servers and Server-side Scripting

Outline
• Introduction
• Web hosting
• Types of hosting
• Web deployment
• Apache server configuration
• Website securites
• Introduction PHP
• Scripting with PHP - Variables, Data Types, Functions, Forms
Web Server

• A web server is server software, that can satisfy client HTTP requests on the public World Wide
Web or also on private LANs and WANs.
• The primary function of a web server is to store, process and deliver web pages to clients.
• This primary function definition was good a few decades ago but nowadays it is better to use the
terms of Web contents and / or Web resources instead of Web Pages because it cover all kind of
contents that can be delivered to clients by web server.
• Examples of Web contents may be HTML files, XHTML files, image files, style sheets, scripts,
other types of generic files that may be downloaded by clients, etc…
• A user agent, commonly a web browser or web crawler, initiates communication by making a
request for a specific resource using HTTP and the server responds with the content of that
resource or an error message if unable to do so.
• Commonly used web servers,
• For PHP: Apache
• For ASP: IIS
• For JSP: Tomcat, Glassfish
Web hosting and Deployment

• Web hosting refers to the service that provides

individuals and organizations with the technology and
infrastructure needed to make their websites accessible
via the World Wide Web.

• It involves storing website files, data, and content on

servers connected to the internet, allowing users to
access the website using a web browser.
Importance of Web Hosting

• Online Presence
• Reliability and Uptime
• Performance and Speed
• Scalability and Flexibility
• Security and Data Protection
• Technical Support and Maintenance
Types of Web Hosting

• Shared hosting
• Virtual Private Server (VPS)
• Dedicated Hosting
• Cloud Hosting
Shared Hosting

• Definition: Shared hosting involves hosting multiple

websites on a single server. Resources such as CPU,
RAM, and disk space are shared among multiple users.
• Pros:
• Cost-effective: Shared hosting plans are usually affordable,
making them suitable for small websites and beginners.
• Easy to manage: Hosting provider takes care of server
maintenance and management tasks.
• Cons:
• Limited resources: Sharing resources with other websites can
lead to performance issues during traffic spikes.
• Security risks: Vulnerabilities in one website can affect others on
the same server.
Virtual Private Server (VPS)

• Definition: VPS hosting provides dedicated resources

within a virtualized environment. Each user has their
own isolated virtual server instance.
• Pros:
• Scalability: Users can scale resources (CPU, RAM, storage)
according to their needs.
• Improved performance: Guaranteed resources ensure consistent
performance even during peak traffic.
• Cons:
• Higher cost: VPS hosting is more expensive than shared hosting
but offers better performance and control.
• Technical expertise required: Users may need some technical
knowledge to manage and configure their VPS.
Dedicated Hosting

• Definition: Dedicated hosting provides an entire

physical server exclusively for one user. The user has
full control over server resources and configurations.
• Pros:
• High performance: Dedicated resources ensure optimal
performance and reliability for high-traffic websites and
applications.
• Complete control: Users have full administrative access to
customize server settings and install software.
• Cons:
• Expensive: Dedicated hosting is the most expensive option due
to exclusive use of server resources.
• Requires maintenance: Users are responsible for server
maintenance, security, and updates.
Cloud Hosting

• Definition: Cloud hosting utilizes a network of virtual

servers to host websites and applications. Resources
are dynamically allocated and distributed across
multiple servers.
• Pros:
• Scalability: Resources can be scaled up or down based on
demand, allowing for flexibility and cost efficiency.
• High availability: Redundant infrastructure ensures minimal
downtime and improved reliability.
• Cons:
• Potential for resource contention: Shared resources in the cloud
may lead to performance issues if not managed properly.
• Dependency on provider: Reliability and performance depend on
the cloud service provider's infrastructure and services.
What is Web Deployment?

• Web deployment refers to the process of making a

website accessible on the internet by uploading website
files and configuring server settings.
• Uploading Website Files to a Web Server
• Configuring Server Settings
• Testing and Verifying Website Functionality
• Making Website Live
Uploading Website Files to a
Web Server
Uploading Website Files to a
Web Server
• Step 1: Select a Web Hosting Provider: Choose a web
hosting provider that meets your website's needs in
terms of storage, bandwidth, and server capabilities.

• Step 2: Access Server Space: Obtain access credentials

(e.g., FTP username and password) to connect to the
web server where your website will be hosted.

• Step 3: Transfer Website Files: Use FTP (File Transfer

Protocol) or a web-based file manager provided by the
hosting provider to upload your website files (HTML,
CSS, JavaScript, images, etc.) to the server.
Configuring Server Settings

• Step 4: Domain Configuration: If you have a domain

name, configure domain settings to point to the web
server's IP address. This typically involves updating DNS
(Domain Name System) records.

• Step 5: Server Configuration: Configure server settings

such as directory structure, file permissions, security
measures, and server software (e.g., Apache, Nginx).

• Step 6: Database Setup (if applicable): If your website

requires a database (e.g., MySQL, PostgreSQL), set up
the database and configure connection settings in your
website's configuration files.
Testing and Verifying Website
Functionality
• Step 7: Testing Environment: Create a staging
environment or use a testing server to test website
functionality before making it live.

• Step 8: Browser Testing: Test the website on different

web browsers (e.g., Chrome, Firefox, Safari, Edge) and
devices (desktop, mobile, tablet) to ensure compatibility
and responsiveness.

• Step 9: Functionality Testing: Verify that all website

features, links, forms, and interactive elements are
working correctly.
Making Website Live

• Step 10: Final Checks: Double-check all configurations,

settings, and files to ensure everything is in place and
functioning as expected.
• Step 11: Go Live: Once testing is complete and you are
satisfied with the website's performance, make the
website live by updating DNS records to point to the
web server and removing any maintenance or "under
construction" pages.
• Step 12: Monitor and Maintain: Continuously monitor
website performance, security, and functionality after
deployment.
• Implement regular backups, security updates, and
performance optimizations to keep the website running
smoothly.
Apache web server

• The Apache HTTP Server ("httpd") was launched in 1995 and it has
been the most popular web server on the Internet since April 1996.
• We can download and install apache web server separately from
http://httpd.apache.org/download.cgi
• We can also download Apache web server with bundle like XAMPP,
WAMP or LAMP.
• XAMPP is the most popular PHP development environment consist of Apache,
MariaDB, PHP, Perl and many other packages.
• WAMP is popular PHP development environment for Windows OS.
• LAMP is popular PHP development environment for Linux based OS.
• We are going to use XAMPP bundle as it has installable versions of
Windows as well as Linux.
• We can download XAMPP and install XAMPP from
https://www.apachefriends.org/index.html
Installing XAMPP

• Step 01: Download XAMPP installable from

https://www.apachefriends.org/index.html
Installing XAMPP (Cont.)

• Step 02: start the installation by double clicking on the downloaded

package
• *Note: you might get this warning before installation begins, which
suggest that UAC policy may restrict XAMPP to perform some
functions if we install it in C drive.
• Press OK in this warning, as we are not going to install XAMPP on C
drive.
• After some screen you will get below screen, change the destination
to other then C Drive.
• After changing the destination of installation, just follow the default
installation process.
Installing XAMPP (Cont.)
Configuring Server (Apache)

• Sometimes we need to change the server configuration in some specific conditions

like,
• Port is occupied
• To add/load modules
• To change max upload size
• To change root directory
• We can configure Apache server using httpd.conf file located at xampp/apache/conf
folder.
• We can configure some parameters of the server using php.ini file located at
xampp/php folder.
• Important settings in httpd.conf file are,
• Changing port number for apache : to change the port number for apache go to httpd.conf file and change
Listen:80 to any other available port number, we can also change port for https using httpd-ssl.conf file.
• Loading/Unloading Modules in apache : to load/unload modules in apache we can go to httpd.conf and
remove/add the comment code(#) from the module we want to load/unload.
• Changing Root Directory: to change root directory we can change DocumentRoot and <Directory> tag to point
new directory.
Configuring Server (Apache)
(Cont.)
• Important settings in php.ini file are,
• upload_max_filesize setting is for the maximum allowed size for uploaded files in
the scripts.
• post_max_size setting is for the maximum allowed size of POST data that PHP
will accept.
• error_reporting = E_ALL & ~E_NOTICE setting has default values as E_ALL and
~E_NOTICE which shows all errors except notices.
• max_execution_time = 30, Maximum execution time is set to seconds for any
script to limit the time in production servers.
• mysql.default_host = hostname setting is done to connect to MySQL with default
server if no other server host is mentioned.
• mysql.default_user = username setting is done to connect MySQL with default
username, if no other name is mentioned.
• mysql.default_password = password setting is done to connect MySQL with
default password if no other password is mentioned.
Common Security Threats

• Website security threats are malicious activities or

vulnerabilities that can compromise the integrity,
confidentiality, or availability of a website or web
application.
• Examples of Common Threats:
• DDoS (Distributed Denial of Service) attacks
• SQL injection
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• Brute force attacks
• Malware and phishing attacks
Securing Web Applications

• Importance of Web Application Security:

• Protecting against common threats requires implementing
security measures at the application level.
• Strategies for Securing Web Applications:
• Input validation: Validate and sanitize user input to prevent
injection attacks (e.g., SQL injection, XSS).
• Parameterized queries: Use parameterized queries to prevent
SQL injection by separating SQL logic from user input.
• Implementing secure coding practices: Follow security best
practices such as principle of least privilege, secure session
management, and proper error handling.
HTTPS Setup and SSL/TLS
Certificates
• HTTPS (Hypertext Transfer Protocol Secure) ensures
secure communication between web browsers and
servers by encrypting data transmission.
• SSL/TLS certificates are used to establish the identity of
a website and enable secure connections.
• Steps for HTTPS Setup:
• Obtain an SSL/TLS certificate from a trusted Certificate Authority
(CA).
• Install the certificate on the web server.
• Configure the web server to use HTTPS by enabling SSL/TLS and
specifying certificate files.
• Redirect HTTP traffic to HTTPS using server-side redirects.
Regular Security Updates and
Patches
• Regular security updates and patches are essential for
maintaining a secure website.
• Importance of Regular Updates:
• Address known vulnerabilities: Updates often include fixes for
security vulnerabilities discovered in software.
• Protect against exploits: Failure to apply updates promptly can
leave websites vulnerable to exploitation by attackers.
• Best Practices for Security Updates:
• Keep software up to date: Update web server software, content
management systems (CMS), plugins, and third-party libraries
regularly.
• Monitor security advisories: Stay informed about security
vulnerabilities and patches released by software vendors and
security communities.
• Implement automated update mechanisms: Use tools and scripts to
automate the process of checking for and applying security
updates.
Introduction to PHP
PHP Introduction

• PHP is a recursive acronym for “PHP: Hypertext Preprocessor”.

• It is a widely-used open source general-purpose scripting language that
is especially suited for web development and can be embedded into
HTML.
PHP Introduction

• PHP is a server-side scripting language

• PHP scripts are executed on the server
• PHP supports many databases (MySQL, Informix, Oracle, Sybase, Solid,
PostgreSQL, Generic ODBC, etc.)
• PHP is open source software
• PHP is free to download and use
PHP Introduction

• PHP runs on different platforms (Windows, Linux, Unix, etc.)

• PHP is compatible with almost all servers used today (Apache, IIS, etc.)
• PHP is FREE to download from the official PHP resource: www.php.net
• PHP is easy to learn and runs efficiently on the server side
PHP Introduction

•Instead of lots of commands to output HTML (as seen in C or Perl), PHP

pages contain HTML with embedded code that does "something”.

•The PHP code is enclosed in special start and end processing instructions
<?php and ?> that allow you to jump into and out of "PHP mode."
PHP Introduction
PHP Introduction

• PHP code is executed on the server, generating HTML which is then

sent to the client. The client would receive the results of running that
script, but would not know what the underlying code was.
PHP Introduction
PHP Hello World
PHP Hello World

•It renders as HTML that looks like this:

PHP Hello World

•This program is extremely simple and you really did not need to use
PHP to create a page like this. All it does is display: Hello World using the
PHP echo() statement.

•Think of this as a normal HTML file which happens to have a set of

special tags available to you that do a lot of interesting things.
 PHP Comments

•In PHP, we use // to make a single-line

comment or /* and */ to make a large
comment block.
 PHP Variables

• Variables in a program are used to store some values or data that can be
used later in a program.
• The variables are also like containers that store character values, numeric
values, memory addresses, and strings.
• PHP has its own way of declaring and storing variables.
• There are a few rules, that need to be followed and facts that need to be
kept in mind while dealing with variables in PHP.
 PHP Variables

• A variable can have long descriptive names (like $factorial,

$even_nos) or short names (like $n or $f or $x)
• A variable name can only contain alphanumeric characters and
underscores (i.e., ‘a-z’, ‘A-Z’, ‘0-9, and ‘_’) in their name. Even it
cannot start with a number.
• A constant is used as a variable for a simple value that cannot be
changed. It is also case-sensitive.
• Assignment of variables is done with the assignment operator,
“equal to (=)”. The variable names are on the left of equal and the
expression or values are to the right of the assignment operator ‘=’.
 PHP Variables

• One must keep in mind that variable names in PHP names must
start with a letter or underscore and no numbers.

• PHP is a loosely typed language, and we do not require to declare

the data types of variables, rather PHP assumes it automatically by
analysing the values.

• The same happens while conversion. No variables are declared

before they are used. It automatically converts types from one type
to another whenever required.

• PHP variables are case-sensitive, i.e., $sum and $SUM are treated
differently.
Data types used by PHP to
declare or construct variables:

•Integers
•Doubles
•NULL
•Strings
•Booleans
•Arrays
•Objects
•Resources
Example

<?php

$num = 20;

// function to demonstrate use of global variable

function global_var()
{
// we have to use global keyword before
// the variable $num to access within
// the function
global $num;

echo "Variable num inside function : $num \n";

}

global_var();

echo "Variable num outside function : $num \n";

?>
 Variable Scopes

• Scope of a variable is defined as its extent in a program within

which it can be accessed, i.e. the scope of a variable is the
portion of the program within which it is visible or can be
accessed. Depending on the scopes, PHP has three variable
scopes.

• Local variables: The variables declared within a function are

called local variables to that function and have their scope
only in that particular function. In simple words, it cannot be
accessed outside that function. Any declaration of a variable
outside the function with the same name as that of the one
within the function is a completely different variable. We will
learn about functions in detail in later articles. For now,
consider a function as a block of statements.
Variable Scopes
 Variable Scopes

Global variables: The variables declared outside a function are

called global variables. These variables can be accessed directly
outside a function. To get access within a function we need to
use the “global” keyword before the variable to refer to the
global variable.
Static variable:

Static variable: It is the characteristic of PHP to delete the

variable, once it completes its execution and the memory is
freed. But sometimes we need to store the variables even after
the completion of function execution. To do this we use the
static keywords and the variables are then called static variables.
PHP associates a data type depending on the value for the
variable.
PHP Functions

PHP function is a piece of code that can be reused many times. It

can take input as argument list and return value. There are
thousands of built-in functions in PHP.

In PHP, we can define Conditional function, Function within

Function and Recursive function also

Advantage of PHP Functions

Code Reusability: PHP functions are defined only once and can
be invoked many times, like in other programming languages.
Less Code: It saves a lot of code because you don't need to write
the logic many times. By the use of function, you can write the
logic only once and reuse it.
 PHP Functions

PHP User-defined Functions

We can declare and call user-defined functions easily. Let's see
the syntax to declare user-defined functions.

Syntax
function functionname()
{
//code to be executed
}
 PHP Functions

PHP Functions Example

File: function1.php

<?php
function sayHello(){
echo "Hello PHP Function";
}
sayHello();//calling function
?>

Output:
Hello PHP Function
 PHP Function Arguments

• We can pass the information in PHP function through

arguments which is separated by comma.
• PHP supports Call by Value (default), Call by Reference,
Default argument values and Variable-length argument list.
 PHP Function Arguments

File: functionarg.php
<?php
function sayHello($name){
echo "Hello $name<br/>";
}
sayHello("Sonoo");
sayHello("Vimal");
sayHello("John");
?>

Output:
Hello Sonoo Hello Vimal Hello John
 PHP Function Arguments

Let's see the example to pass two argument in PHP

function.
File: functionarg2.php
<?php
function sayHello($name,$age){
echo "Hello $name, you are $age years old<br/>";
}
sayHello("Sonoo",27);
sayHello("Vimal",29);
sayHello("John",23);
?>
Output:
Hello Sonoo, you are 27 years old
Hello Vimal, you are 29 years old
Hello John, you are 23 years old
 PHP Call By Reference

• Value passed to the function doesn't modify the actual value

by default (call by value). But we can do so by passing value
as a reference.
• By default, value passed to the function is call by value. To
pass value as a reference, you need to use ampersand (&)
symbol before the argument name.
 PHP Call By Reference
<?php
function adder(&$str2)
{
$str2 .= 'Call By Reference';
}
$str = 'Hello ';
adder($str);
echo $str;
?>

Output
Hello Call By Reference
PHP Function: Default Argument
Value
We can specify a default argument value in function. While
calling PHP function if you don't specify any argument, it will
take the default argument. Let's see a simple example of using
default argument value in PHP function.
File: functiondefaultarg.php
<?php
function sayHello($name="Sonoo"){
echo "Hello $name<br/>";
}
sayHello("Rajesh");
sayHello();//passing no value
sayHello("John");
?>
Output:
Hello Rajesh
Hello Sonoo
Hello John
PHP Function: Returning Value
Let's see an example of PHP function that returns value.

File: functiondefaultarg.php
<?php
function cube($n){
return $n*$n*$n;
}
echo "Cube of 3 is: ".cube(3);
?>
Output:
Cube of 3 is: 27
PHP Form Handling
The PHP superglobals $_GET and $_POST are used to collect form-data.
PHP - A Simple HTML Form
The example below displays a simple HTML form with two input fields and
a submit button:

Example:
Introduction to PHP form processing
To create a form, you use the <form> element as follows:
<form action="form.php" method="post"> </form>

The <form> element has two important attributes:

•action: specifies the URL that processes the form submission. In this example,
the form.php will process the form.

•method: specifies the HTTP method for submitting the form. The most
commonly used form methods are POST and GET. In this example, the form
method is post.
Introduction to PHP form processing

• The form method is case-insensitive. It means that you can use either
post or POST. If you don’t specify the method attribute, the form
element will use the get method by default.
• Typically, a form has one or more input elements including text,
password, checkbox, radio button, select, file upload, etc. The input
elements are often called form fields.
• An input element has the following important attributes name,
type, and value. The name attribute will be used for accessing the
value in PHP.
• HTTP POST method

• If a form uses the POST method, the web browser will

include the form data in the HTTP request’s body. After
submitting the form, you can access the form data via the
associative array $_POST in PHP.
• For example, if a form has an input element with the name
email, you can access the email value in PHP via the
$_POST['email']. If the form doesn’t have an email input,
the $_POST won’t have any element with the key 'email'.
• HTTP POST method
HTTP GET or POST

HTTP GET or POST

In general, you should use the GET method when the form only
retrieves data from the server. For example, a search form that
allows users to search for information should use the GET
method.
When you have a form that causes a change in the server, you
should use the POST method. For example, a form that allows
users to subscribe to a newsletter should use the POST method.
PHP form example
The following index.php contains a form that allows users to
subscribe to a newsletter:
HTTP GET or POST
TEXT BOOK
1. Steven Holzner, “The Complete
Reference PHP”, Tata McGraw Hill
Pvt.Ltd., 2008.

BOOK FOR REFERENCE

1. Leon Atkinson, “Core PHP
Programming”, Pearson Education,
2004.
THANK YOU