UNIT 2

DATA TRANSFER AND STATE MANAGEMENT

1
 UNIT COVERS

 2.1 Introduction and needs - Web pages to communicate with PHP

 2.2 Data Validation: Client-side data validation, Server-side data validation, -Custom validation
 2.3 Dynamic web form control generation
 2.4 Data transfer between web pages - GET and POST methods, Hidden field, URL rewriting
 2.5 Cookie & Session Management
 2.6 Operation: create, store, retrieve, destroy and exception handling, State security: Regeneration and time management

2
 2.1 INTRODUCTION AND NEEDS - WEB PAGES TO COMMUNICATE WITH PHP

 Web Pages:

 A web page is a hypertext document on the WWW.

 Web pages are delivered by a web server to the user and displayed in a web browser.

 A website consists of many web pages linked together under a common domain name.

 Each webpage is linked with a unique URL; hence two pages cannot have the same URL.

 PHP is used to create webpages that can interact with databases, process user input, and generate dynamic

content.
3
 2.1 INTRODUCTION AND NEEDS - WEB PAGES TO COMMUNICATE WITH PHP

 Static and dynamic website:

 A website created using HTML is called a static website.

 A static website means that you’ll see the same content every time.

 Dynamic website changes its content and adjust to its users through various forms of interaction.

 Dynamic websites can be created using the PHP language.

 The user can interact with the website in complex ways.

 For example, you can purchase a product or write a message – all possible due to dynamic websites.
4
 All websites consist of a certain part of HTML code.
 2.1 INTRODUCTION AND NEEDS - WEB PAGES TO COMMUNICATE WITH PHP

 How PHP page works:

 Step 1 – Client send a page request to the web server

5
 2.1 INTRODUCTION AND NEEDS - WEB PAGES TO COMMUNICATE WITH PHP

 How PHP page works:

 Step 2 – Web server forwards that request to the PHP interpreter.

6
 2.1 INTRODUCTION AND NEEDS - WEB PAGES TO COMMUNICATE WITH PHP

 How PHP page works:

 Step 3 – Now PHP interpreter will take the data from Database and response it back to the Web server.

7
 2.1 INTRODUCTION AND NEEDS - WEB PAGES TO COMMUNICATE WITH PHP

 How PHP page works:

 Step 4 – At last Web server response to the client who has asked for the page request.

8
2.1 INTRODUCTION AND NEEDS - WEB PAGES TO COMMUNICATE WITH PHP

9
 HOW DOES PHP WORK WITH THE WEB SERVER AND BROWSER?

HOW DOES PHP WORK WITH THE WEB SERVER AND BROWSER?

 Step 1 The user enters `[Link] into their browser and taps/hits 'enter'.
 Step 2 After the user has tapped/hit 'enter', the browser sends the page request over the Internet to the web server.
 Step 3 The web server gets the request and analyzes the request information. Apache realizes that we didn't specify a
file, so it looks for a directory index and finds `[Link]`.
 Step 4 Since Apache knows to send files that end with the `.php` file extension to the PHP interpreter, it asks PHP to
execute the file.
 Step 5 In this step, PHP is executing the code contained in the `[Link]` file from the request. During this step, PHP
may interact with databases, the file system or make external API calls, amongst other things.
 Step 6 After PHP has finished executing the `[Link]` file, it sends the output back to Apache.
 Step 7 Apache receives the output from PHP and sends it back over the Internet to a user's web browser. This is called
the `web response`.
 Step 8 The user's web browser receives the response from the server, and renders the web page on a computer or 10

device.
 2.1 INTRODUCTION AND NEEDS - WEB PAGES TO COMMUNICATE WITH PHP

 Form:
 An HTML form is used to collect user [Link] user input is most often sent to a server for
processing.
 The Form is an HTML element that is used to create various forms like – Entry form, Signup
form, login form, etc.

11
GET AND POST METHODS

 There are two ways the browser client can send information to the web server.
 The GET Method
 The POST Method
 GET and POST are the methods to transfer data from one page to another page or on the same page but from
HTML form to PHP (or any other server-side language)

12
 GET METHOD
 GET: It is a method in which data is passed through the url (as variables) which is visible in the addressbar
of web-browser.

 <a href="[Link]?var1=<value>&&var2=<value>"> Link </a>

 Value can be retrieved in get as given below..

 <variable> = $_GET["<name of variable>"];

13
 GET METHOD

The GET method sends the encoded user information appended to the page request. The page and the encoded
information are separated by the ?character.

ü The GET method produces a long string that appears in your server logs, in the browser's Location: box.

ü The GET method is restricted to send up to 1024 characters only.

ü Never use GET method if you have password or other sensitive information to be sent to the server.

ü GET can't be used to send binary data, like images or word documents, to the server.

ü The data sent by GET method can be accessed using QUERY_STRING environment variable.

ü The PHP provides $_GET associative array to access all the sent information using GET method.
14
POST METHOD

 POST: It is a method in which data is passed though packets which are not visible to the user on web-browser.
So, it is much safer to use POST instead of GET.
 <variable> = $_POST["<name of variable>"];

15
POST METHOD

 The POST method transfers information via HTTP headers.

 The information is encoded as described in case of GET method and put into a header called
QUERY_STRING.

 The POST method does not have any restriction on data size to be sent.

 The POST method can be used to send ASCII as well as binary data.

 The data sent by POST method goes through HTTP header so security depends on HTTP protocol.
By using Secure HTTP you can make sure that your information is secure.
16
 The PHP provides $_POST associative array to access all the sent information using POST method.
ACCESS DATA

 Access submitted data in the relevant array for the submission type, using the
input name as a key.

<form action=“path/to/submit/page”
method=“get”>
<input type=“text” name=“email”>
</form>

$email = $_GET[‘email’];

17
DIFFERENCE BETWEEN GET AND POST
 GET:

 data is passed through the url

 Ex: xyz. com/?user=123
 data length is limited
 Data is visible
 Easy for sending short queries
 Post :
 Data is passed internally to the server
 Data length is unlimited
 Data sent is not visible
18
 Easy for sending passwords, lengthy paragraphs, etc
FORMS: HOW THEY WORK

 We need to know..

1. How forms work.

2. How to write forms in XHTML.

3. How to access the data in PHP.

19
HOW FORMS WORK

User requests a particular URL

XHTML Page supplied with Form

User fills in form and submits.

Another URL is requested and the
Form data is sent to this page either in
URL or as a separate piece of data.
User
Web Server
XHTML Response

20
XHTML FORM

 The form is enclosed in form tags..

<form action=“path/to/submit/page”
method=“get”>
<!–- form contents -->
</form>

21
FORM TAGS

 action=“…” is the page that the form should submit its data to.
 method=“…” is the method by which the form data is submitted. The option are either get or
post. If the method is get the data is passed in the url string, if the method is post it is passed as a
separate file.

22
 INPUT

 INPUT attributes
ü type: the kind of user input control
ü name: the name of the control
 This gets passed through to the handling code
 In PHP: $_POST[‘name’]
ü value: initial value of the control
ü size: initial width of the control
 in pixels, except for text and password controls
ü maxlength: for text/password, maximum number of characters allowed
ü checked: for radio/checkbox, specifies that button is on
ü src: for image types, specifies location of image used to decorate input button
23
SPECIAL BUTTONS

 submit: the submit button.

 Causes input to be sent to the server for processing
 reset: the reset button.
 Causes all input fields to be reset to their initial values

 File upload
 file: creates a file upload control

24
INPUT CONTROL TYPES

 text:
 password:
 checkbox:
 radio:
 button
 hidden:

25
FORM FIELDS: TEXT INPUT

 Use a text input within form tags for a single line freeform text input.

<label for=“fn">First Name</label>

<input type="text"
name="firstname"
id=“fn"
size="20"/>
26
FORM TAGS

 name=“…” is the name of the [Link] will use this name in PHP to access the data.
 id=“…” is label reference string – this should be the same as that referenced in the
<label> tag.
 size=“…” is the length of the displayed text box (number of characters).

27
FORM FIELDS: PASSWORD INPUT

 Use a starred text input for passwords.

<label for=“pw">Password</label>
<input type=“password"
name=“passwd"
id=“pw"
size="20"/>
28
FORM FIELDS: TEXT INPUT

 If you need more than 1 line to enter data, use a textarea.

<label for="desc">Description</label>
<textarea name=“description”
id=“desc“
rows=“10” cols=“30”>
Default text goes here…
</textarea>
29
FORM FIELDS: TEXT AREA

 name=“…” is the name of the [Link] will use this name in PHP to access the data.
 id=“…” is label reference string – this should be the same as that referenced in the
<label> tag.
 rows=“…” cols=“..” is the size of the displayed text box.

30
FORM FIELDS: DROP DOWN

<label for="tn">Where do you live?</label>

<select name="town" id="tn">
<option value="swindon">Swindon</option>
<option value="london”
selected="selected">London</option>
<option value=“bristol">Bristol</option>
</select>

31
FORM FIELDS: DROP DOWN

 name=“…” is the name of the field.

 id=“…” is label reference string.

 <option value=“…” is the actual data sent back to PHP if the option is selected.
 <option>…</option> is the value displayed to the user.
 selected=“selected” this option is selected by default.

32
FORM FIELDS: RADIO BUTTONS

<input type="radio“ name="age“ id="u30“

checked=“checked”
value="Under30" />
<label for="u30">Under 30</label>
<br />
<input type="radio“ name="age“ id="thirty40"
value="30to40" />
<label for="thirty40">30 to 40</label>
33
FORM FIELDS: RADIO BUTTONS

 name=“…” is the name of the field. All radio boxes with the same name are grouped
with only one selectable at a time.
 id=“…” is label reference string.
 value=“…” is the actual data sent back to PHP if the option is selected.
 checked=“checked” this option is selected by default.

34
FORM FIELDS: CHECK BOXES

What colours do you like?<br />

<input type="checkbox"
name="colour[]"
id="r"
checked="checked"
value="red" />
<label for="r">Red</label>
<br />
<input type="checkbox"
name="colour[]"
id="b"
value="blue" />
<label for="b">Blue</label>
35
FORM FIELDS: CHECK BOXES

 name=“…” is the name of the field. Multiple checkboxes can be selected,

so if the button are given the same name, they will overwrite previous
values. The exception is if the name is given with square brackets – an
array is returned to PHP.
 id=“…” is label reference string.
 value=“…” is the actual data sent back to PHP if the option is
selected.
 checked=“checked” this option is selected by default.

36
HIDDEN FIELDS

<input type="hidden"
name="hidden_value"
value="My Hidden Value" />

 name=“…” is the name of the field.

 value=“…” is the actual data sent back to PHP.

37
SUBMIT BUTTON..

 A submit button for the form can be created with the code:

<input type="submit"
name="submit"
value="Submit" />

38
FIELDSET

 In XHTML 1.0, all inputs must be grouped within the form into fieldsets. These represent logical
divisions through larger forms. For short forms, all inputs are contained in a single fieldset.
<form>
<fieldset>
<input … />
<input … />
</fieldset>
<fieldset>
<input … />
<input … />
</fieldset>
</form>
39
A WARNING..

NEVER TRUST USER INPUT

 Always check what has been input.
 Validation can be undertaken using Regular expressions or in-built PHP functions.

40
IS IT SUBMITTED?

 We also need to check before accessing data to see if the data is submitted, use isset() function.

if (isset($_POST[‘username’])) {
// perform validation
}

41
 VALIDATION

 How to determine if first time

Can check if the $_POST[] array is empty
– Will be empty first time through
– if (empty($_POST)) { create initial form }
– if (!empty($_POST)) { validate input }

htmlspecialchar(string ) : Convert special characters to HTML entities.

stripslashes() : Un-quotes a quoted string
42

trim(): Remove unwanted space.

 FILTER_VAR()
 filter_var(string , FILTER_VALIDATE_OPTION)
 FILTER_VALIDATE_BOOLEAN
 FILTER_VALIDATE_DOMAIN
 FILTER_VALIDATE_EMAIL
 FILTER_VALIDATE_FLOAT
 FILTER_VALIDATE_INT
 FILTER_VALIDATE_IP
 FILTER_VALIDATE_MAC
 FILTER_VALIDATE_REGEXP
 FILTER_VALIDATE_URL

43