Intro to php

Intro to PHP
A brief overview – Patrick Laverty

What is PHP?
 PHP (recursive acronym for "PHP:
Hypertext Preprocessor") is a widely-used
Open Source general-purpose scripting
language that is especially suited for Web
development and can be embedded into
HTML.
<? echo “HI!”; ?>

What is PHP?
Compared to others like:
 Java – Sun, compiled and interpreted (jsp)
 Perl – Open Source, scripting
 .NET – MS, opposite of Java
 ColdFusion – Now Adobe, the original
 Javascript – Netscape, client-side
 PHP – Open Source, server-side

How it works
 PHP is installed on web server
 Our web server is Apache (just an FYI)
 Server parses files based on extensions
 Returns plain HTML, no code

How To – The Basics
 Need to name files is a .php extension
Example: index.php, mypage.php
 Open and close tags: <? ?>
Was: <?php ?>
 Save file to server, view in a browser

Hello World
helloworld.php
<html>
<body>
<? echo “Hello World!”; ?>
</body>
</html>

Variables
Variables are like a cup
The same cup can hold
lots of different things
Same with variables

Variables
In PHP, you create a variable with a dollar
sign and some text.
Usually the text will be something descriptive
of what it is going to hold.
$name = “Patrick Laverty”;
$dept = “CIS”;
$campus_addr = “Box 1885”;

Variables
There are many different kinds of variables in
PHP
 Scalar
 Array
 Object

Scalar Variables
Hold single values
 String/text
 Numbers
$name = “Josiah”;
$dob = “1/1/23”;
$age = 84;
$waist_size = 36;

Array Variables
Hold multiple values
All in one step example:
$kids = Array(“Tom”,”Dick”,”Harry”);
Multiple steps example:
$kids = Array();
$kids[0] = “Tom”;
$kids[1] = “Dick”;
$kids[2] = “Harry”;
Individual array values are just a scalar

Array Variables
Associative Arrays – may be easier to find
stuff
$teams = Array(‘bos’=>’Red Sox’,
‘nyy’=>’Yankees’, ’bal’=>’Orioles’);
The two-step way works the same:
$teams = Array();
$teams[‘bos’] = ‘Red Sox’;

Object Variables
We’ll talk about these later.
We’re in no rush

Functions
Getting PHP to do some action for you
echo() or print()
phpinfo() (phpinfo.php)

Functions
Be lazy. It’s a good thing.
If you’re going to do the same action more
than once, write a function.
sayhello.php
function sayHello($toWhom)
{
echo “Hello $toWhom”;
}

Functions
Lots have already been written for you:
http://php.net/manual/en
If you know the function:
http://php.net/echo

A Basic Form
How we do things now: eform.cgi
<form method=“POST” action=
http://www.brown.edu/cgi-local/eform.cgi>
<input type=“text” name=“name”>
<input type=“text” name=“age”>
<input type=“submit”>
</form>

A Basic Form
How we do things with PHP:
basicform.html
<form method=“POST” action=“output.php”>
<input type=“text” name=“name”>
<input type=“text” name=“age”>
<input type=“submit”>
</form>

A Basic Form
Capturing the data in output.php
Variables:
 $_POST[‘name’]
 $_POST[‘age’]
Use phpinfo() to see variables

A Basic Form
Weave HTML and PHP
output.php
<html><body>
<?
$name = $_POST[‘name’];
$age = $_POST[‘age’];
echo “My name is $name and I am $age years old”;
?>
</body></html>

Data Validation
We’ll talk more about validating user input
later.

A Basic Form
Outputting to the screen is nice, but boring
We could email the results
Let’s store data in a database

Layers of a Database
 Server
 Database
 Tables
 Fields/Columns
 Records
 Data

How to Get a Database
 Use Microsoft Access
 Use Filemaker
 Request a MySQL Database
(http://brown.edu/db)

Request a MySQL Database
You will receive:
 Server name (it’s not localhost)
 Database name
 Username
 Password
 Link to phpMyAdmin

phpMyAdmin
 phpMyAdmin is a graphical view of your
database
 Very easy
Let’s take a look
(http://brown.edu/phpMyAdmin)

Connecting to DB from PHP
Create one connection script:
dbconn.php
<?
$conn = mysql_connect($server,$user,$pw);
mysql_select_db($db,$conn);
?>

Connecting to DB from PHP
Remember, “Be Lazy!”
At the top of each file that needs the DB:
<? require(“dbconn.php”); ?>

Database Table
Table named ‘info’ has two fields, name and age
Use a SQL INSERT statement:
$sql =
“INSERT INTO
info (name,age)
values (‘$name’, ‘$age’)”;

Database Table
Send it to the Database:
mysql_query($sql,$conn);

The Whole Picture
dbinsert.php
<? require(“dbconn.php”);
$sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);”
mysql_query($sql,$conn);
?>
<html><body>
Thank you, your name and age were received.
</body></html>

The Whole Picture - Fancier
fancydbinsert.php
$sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);”
$success = mysql_query($sql,$conn);
?>
<html><body>
<? if($success)
{ echo “Thank you, your name and age were received.”; }
else
{ echo “Sorry, your info wasn’t received, please contact …”; }
?>
</body></html>

Getting the Info Back
 Read it in phpMyAdmin
 Create an output page
(Just like that little survey you filled out)

Create an Output Page
 Connect to the Server
 Do a query of the data
 Programmatically write the data to a page
 View the page in a browser
 Let’s see how to do it

Connect to the Server
First, include our connection script:
<? require(“dbconn.php”); ?>

Do a Query of the Data
This time we use SELECT
$sql = “SELECT name, age FROM info”;
Or if you have many fields and want to be LAZY!
$sql = “SELECT * from info”;

Programmatically Write the Data
Here’s the only hard part:
<table border=“1”>
<? $result = mysql_query($sql, $conn);
while($table = mysql_fetch_object($result))
{
echo “<tr><td>”;
echo $table->name;
echo “</td><td>”;
echo $table->age;
echo “</td></tr>”;
}
?>
</table>

Putting it All Together
statuspage.php
$sql = “SELECT * FROM info”;
$result = mysql_query($sql, $conn);
?>
<html><body>
<table border=“1”>
<? while($table = mysql_fetch_object($result))
{ echo “<tr><td>”;
echo $table->name;
echo “</td><td>”;
echo $table->age;
echo “</td></tr>”;
}
?>
<table>
</body></html>

I Hate Objects!
If you don’t like using mysql_fetch_object:
 mysql_fetch_array($result)
 mysql_fetch_assoc($result)

mysql_fetch_array()
Access the columns by numbers:
while($array = mysql_fetch_array($result))
{
echo $array[0];
echo $array[1];
}

mysql_fetch_assoc()
Access the columns by column names:
while($array = mysql_fetch_assoc($result))
{
echo $array[‘name’];
echo $array[‘age’];
}

One Helpful Function
nl2br() – Line breaks in a form are not
respected
This function will turn a newline (nl) character
into (2) an html <br> (br) tag.

Data Validation
 Very Important!
 Without it, your site and all others can be
hacked!
 PHP makes it easier

Data Validation
 Cut down on XSS with htmlentities()
 Cut down on SQL-injection with
mysql_real_escape_string()
 Check that you’re getting what you expect
 Check that you’re getting the length you
expect
 Don’t trust JavaScript

Data Validation
 Cross site scripting vulnerability
 Allows a user to input scripts
 Allows a user to input links to malicious sites
 Allows a user to steal a
session/cookie/password
The htmlentities() function turns entities into
its harmless entity number.
A ‘ is turned into '

Data Validation
 SQL-injection vulnerability
 Allows a user to directly access your database
 Allows a user to get access to other accounts
 Allows a user to read data you don’t want read
Prevention can be as simple as escaping quotes
with mysql_real_escape_string to all user input
$clean_user =
mysql_real_escape_string($_POST[‘username’]);

Data Validation
 Get what you expect to get
 Don’t change it, give error message
Example: (validinsert.php)
Age, should be less than 110, and numeric. Reject
anything else
if(strlen($age)>3){ //error message }
if(!is_int($age)){ //error message }
if($age>110 || $age<18){ //error message }

Data Validation
Get the length you expect
<input type=“text” name=“username” maxlength=“8”>
Make sure the username is no longer than 8
if(strlen($username)>8)){ //error message }

Data Validation
 Don’t trust JavaScript
 Do client side AND server side validation

Slide #50
I think that’s enough
webpublishers@listserv.brown.edu
Next topic – to be announced for early May

Intro to php

Recommended

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Intro to php (20)

Recently uploaded (20)

Intro to php