Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
PHP: Further Skills 02 By Trevor Adams Topics covered Persistence Basic Persistence What is it? Why do we need it? Hidden form fields Query strings Cookies Sessions Persistence – What is it? Broadly, it is a any mechanism that allows values from one page activity to be available on the next Persistence – State Management So why do we need it? HTTP has no way of tracking a user’s visit to a web site HTTP simply responds to requests for resources Web applications demand more functionality than simple, static web pages can provide Data driven web sites often provide access to relatively sensitive data Persistence – form fields Hidden form fields provide a simple way to maintain application state Simple to use HTML Generated by PHP statements <input type=“hidden” name=“action” value=“do” id=“action” /> Provides a useful way of processing data differently from one form. E.g. Editing and Adding a record can use the same form The action required can be determined from a hidden field named action The script that catches the post can query action and act appropriately Persistence – Form fields Form fields have their disadvantages Have to be managed by the programmer Can be laborious on many forms Data has to be obfuscated if sensitive This is not ideal Remember – HTML is plain text Have to be sent to the server each round trip Persistence – Query Strings Query allow the passing of variables through the URL Multiple variables are declared using the ampersand (&) character E.g. http://example.web/product.php?id=1001 E.g. /product.php?id=1001&order=asc Values can be accessed using the $_GET array This is used similar to the $_POST array E.g. from above example <?php echo $_GET[“id”]; ?> // prints 1001 Persistence – Query Strings Query strings are perfect for bookmarks They are part of the URL Can be given as direct links Query strings can persist through basic HTML elements E.g. Hyperlinks (<a>) Persistence – Query Strings Query strings are not ideal in every situation All variables are visible in the URL Useless for sensitive data Some applications specific a 256 character URL limit (including the page) Easy target for unscrupulous people Useless for large input, such as web mail Persistence – Basic Summary We can create persistent applications using skills we have already covered Hidden form elements Work just like other form elements They do not render on screen Query strings Append key=value pairs to a URL Accessible as $_GET array Visible in the URL Persistence – Cookie time! Quick (perhaps dirty) way of persisting data using the client Can store data between visits to a site Stored as basic text files on the client machine Cookie data is sent to the server with each page request (providing the cookie is valid) Persistence - Cookies Cookies have a bad reputation In general people do not trust cookies Over used Abused Often they do not know they are needed for the cool things they enjoy on a web site Possible poor use of cookies include: Tracking and reporting browsing habits Reporting products of interest to other web sites Many others Persistence - Cookies Cookies should be used for the “Bells and Whistles” of a web site A web site should generally (try to at least) not rely on cookies to be completely functional For example, storing the user’s visual style preference If the cookie is not accepted, the site will still work Persistence - Cookies PHP allows the programmer to set cookies This function takes up to 6 parameters The setcookie() function Name – required Value – required Expire – time in seconds that the cookie expires Path – path that the cookie is valid for (/tja1) Domain – domain that is valid (e.g. example.web) Secure – whether it requires HTTPS or not setcookie(“cssfile”, “style.css”, time()+1800); Persistence – Cookie expiration The PHP time() function returns the current time measured in the number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT). time() + 1800 will expire the cookie in 30 minutes Try <?php echo time(); ?> 60 seconds * 30 = 1800 We shall cover time and date functions in lab session Persistence - Cookies Cookies are available on the subsequent page request from when they are set They are accessible via $_COOKIES array The cookie name is the array key Adding values directly to the cookie array will not create a cookie Must use set cookie function for this Persistence - Cookies Calls to setcookie() must be called before any out put is sent to the browser Cookies are sent in the HTTP header <?php echo “Hello!”; setcookie(“style”, “myfile.css”, time()+1800); ?> Results in an error Output includes any data, including plain HTML that comes before the setcookie() call Do not store arrays in cookie variables They require special manipulation Stick to basic types, textual/numeric Persistence – Cookie Summary Cookies are great for the ‘nice’ features Do not rely on them Not even in closed environments They are stored on the client Not stored securely Sent with each page request Can be transmitted securely Persistence - Sessions Sessions are stored on the server Exist for the time a user starts to use your application to the time they finish Or you programmatically end the session (logout) Sessions are very simple to use PHP4 has built in functionality for sessions Sessions – in use Call the function session_start(); before any output is sent to the browser $_SESSION array is used to store session variables Adding values to $_SESSION will automatically persist those values at the server side Sessions – in use <?php ?> Subsequent page access <?php session_start(); $_SESSION[“uname”] = “tja1”; Session_start(); Echo $_SESSION[“uname”]; // prints “tja1” ?> Sessions – Why use them? Store more complex data, such as arrays, easily Data is never involved in a round trip In some ways, more secure Although has security issues of a different nature Well out of the scope of this module Sessions - Summary Persistence data Maintained on the server Needs to be initialised before output Allows the programmer to implement complex application functionality Probably the best choice to facilitate logins Topics covered - summary Basic Persistence Query Strings Hidden form elements Cookies Client side storage Sent on every page request Not secure Access using $_COOKIES Sessions Server side variable storage Accessed using $_SESSIONS Avoids the client side storage Still suffers from server side attacks Resources Use the PHP web site Search for time Search for session_start Search for setcookie