SlideShare a Scribd company logo
Intro to PHP
A brief overview – Patrick Laverty
What is PHP?
 PHP (recursive acronym for "PHP:
Hypertext Preprocessor") is a widely-used
Open Source general-purpose scripting
language that is especially suited for Web
development and can be embedded into
HTML.
<? echo “HI!”; ?>
What is PHP?
Compared to others like:
 Java – Sun, compiled and interpreted (jsp)
 Perl – Open Source, scripting
 .NET – MS, opposite of Java
 ColdFusion – Now Adobe, the original
 Javascript – Netscape, client-side
 PHP – Open Source, server-side
How it works
 PHP is installed on web server
 Our web server is Apache (just an FYI)
 Server parses files based on extensions
 Returns plain HTML, no code
How To – The Basics
 Need to name files is a .php extension
Example: index.php, mypage.php
 Open and close tags: <? ?>
Was: <?php ?>
 Save file to server, view in a browser
Hello World
helloworld.php
<html>
<body>
<? echo “Hello World!”; ?>
</body>
</html>
Variables
Variables are like a cup
The same cup can hold
lots of different things
Same with variables
Variables
In PHP, you create a variable with a dollar
sign and some text.
Usually the text will be something descriptive
of what it is going to hold.
$name = “Patrick Laverty”;
$dept = “CIS”;
$campus_addr = “Box 1885”;
Variables
There are many different kinds of variables in
PHP
 Scalar
 Array
 Object
Scalar Variables
Hold single values
 String/text
 Numbers
$name = “Josiah”;
$dob = “1/1/23”;
$age = 84;
$waist_size = 36;
Array Variables
Hold multiple values
All in one step example:
$kids = Array(“Tom”,”Dick”,”Harry”);
Multiple steps example:
$kids = Array();
$kids[0] = “Tom”;
$kids[1] = “Dick”;
$kids[2] = “Harry”;
Individual array values are just a scalar
Array Variables
Associative Arrays – may be easier to find
stuff
$teams = Array(‘bos’=>’Red Sox’,
‘nyy’=>’Yankees’, ’bal’=>’Orioles’);
The two-step way works the same:
$teams = Array();
$teams[‘bos’] = ‘Red Sox’;
Object Variables
We’ll talk about these later.
We’re in no rush
Functions
Getting PHP to do some action for you
echo() or print()
phpinfo() (phpinfo.php)
Functions
Be lazy. It’s a good thing.
If you’re going to do the same action more
than once, write a function.
sayhello.php
function sayHello($toWhom)
{
echo “Hello $toWhom”;
}
Functions
Lots have already been written for you:
http://php.net/manual/en
If you know the function:
http://php.net/echo
A Basic Form
How we do things now: eform.cgi
<form method=“POST” action=
http://www.brown.edu/cgi-local/eform.cgi>
<input type=“text” name=“name”>
<input type=“text” name=“age”>
<input type=“submit”>
</form>
A Basic Form
How we do things with PHP:
basicform.html
<form method=“POST” action=“output.php”>
<input type=“text” name=“name”>
<input type=“text” name=“age”>
<input type=“submit”>
</form>
A Basic Form
Capturing the data in output.php
Variables:
 $_POST[‘name’]
 $_POST[‘age’]
Use phpinfo() to see variables
A Basic Form
Weave HTML and PHP
output.php
<html><body>
<?
$name = $_POST[‘name’];
$age = $_POST[‘age’];
echo “My name is $name and I am $age years old”;
?>
</body></html>
Data Validation
We’ll talk more about validating user input
later.
A Basic Form
Outputting to the screen is nice, but boring
We could email the results
Let’s store data in a database
Layers of a Database
 Server
 Database
 Tables
 Fields/Columns
 Records
 Data
How to Get a Database
 Use Microsoft Access
 Use Filemaker
 Request a MySQL Database
(http://brown.edu/db)
Request a MySQL Database
You will receive:
 Server name (it’s not localhost)
 Database name
 Username
 Password
 Link to phpMyAdmin
phpMyAdmin
 phpMyAdmin is a graphical view of your
database
 Very easy
Let’s take a look
(http://brown.edu/phpMyAdmin)
Connecting to DB from PHP
Create one connection script:
dbconn.php
<?
$conn = mysql_connect($server,$user,$pw);
mysql_select_db($db,$conn);
?>
Connecting to DB from PHP
Remember, “Be Lazy!”
At the top of each file that needs the DB:
<? require(“dbconn.php”); ?>
Database Table
Table named ‘info’ has two fields, name and age
Use a SQL INSERT statement:
$sql =
“INSERT INTO
info (name,age)
values (‘$name’, ‘$age’)”;
Database Table
Send it to the Database:
mysql_query($sql,$conn);
The Whole Picture
dbinsert.php
<? require(“dbconn.php”);
$name = $_POST[‘name’];
$age = $_POST[‘age’];
$sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);”
mysql_query($sql,$conn);
?>
<html><body>
Thank you, your name and age were received.
</body></html>
The Whole Picture - Fancier
fancydbinsert.php
<? require(“dbconn.php”);
$name = $_POST[‘name’];
$age = $_POST[‘age’];
$sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);”
$success = mysql_query($sql,$conn);
?>
<html><body>
<? if($success)
{ echo “Thank you, your name and age were received.”; }
else
{ echo “Sorry, your info wasn’t received, please contact …”; }
?>
</body></html>
Getting the Info Back
 Read it in phpMyAdmin
 Create an output page
(Just like that little survey you filled out)
Create an Output Page
 Connect to the Server
 Do a query of the data
 Programmatically write the data to a page
 View the page in a browser
 Let’s see how to do it
Connect to the Server
First, include our connection script:
<? require(“dbconn.php”); ?>
Do a Query of the Data
This time we use SELECT
$sql = “SELECT name, age FROM info”;
Or if you have many fields and want to be LAZY!
$sql = “SELECT * from info”;
Programmatically Write the Data
Here’s the only hard part:
<table border=“1”>
<? $result = mysql_query($sql, $conn);
while($table = mysql_fetch_object($result))
{
echo “<tr><td>”;
echo $table->name;
echo “</td><td>”;
echo $table->age;
echo “</td></tr>”;
}
?>
</table>
Putting it All Together
statuspage.php
<? require(“dbconn.php”);
$sql = “SELECT * FROM info”;
$result = mysql_query($sql, $conn);
?>
<html><body>
<table border=“1”>
<? while($table = mysql_fetch_object($result))
{ echo “<tr><td>”;
echo $table->name;
echo “</td><td>”;
echo $table->age;
echo “</td></tr>”;
}
?>
<table>
</body></html>
I Hate Objects!
If you don’t like using mysql_fetch_object:
 mysql_fetch_array($result)
 mysql_fetch_assoc($result)
mysql_fetch_array()
Access the columns by numbers:
while($array = mysql_fetch_array($result))
{
echo $array[0];
echo $array[1];
}
mysql_fetch_assoc()
Access the columns by column names:
while($array = mysql_fetch_assoc($result))
{
echo $array[‘name’];
echo $array[‘age’];
}
One Helpful Function
nl2br() – Line breaks in a form are not
respected
This function will turn a newline (nl) character
into (2) an html <br> (br) tag.
Data Validation
 Very Important!
 Without it, your site and all others can be
hacked!
 PHP makes it easier
Data Validation
 Cut down on XSS with htmlentities()
 Cut down on SQL-injection with
mysql_real_escape_string()
 Check that you’re getting what you expect
 Check that you’re getting the length you
expect
 Don’t trust JavaScript
Data Validation
 Cross site scripting vulnerability
 Allows a user to input scripts
 Allows a user to input links to malicious sites
 Allows a user to steal a
session/cookie/password
The htmlentities() function turns entities into
its harmless entity number.
A ‘ is turned into &#39;
Data Validation
 SQL-injection vulnerability
 Allows a user to directly access your database
 Allows a user to get access to other accounts
 Allows a user to read data you don’t want read
Prevention can be as simple as escaping quotes
with mysql_real_escape_string to all user input
$clean_user =
mysql_real_escape_string($_POST[‘username’]);
Data Validation
 Get what you expect to get
 Don’t change it, give error message
Example: (validinsert.php)
Age, should be less than 110, and numeric. Reject
anything else
if(strlen($age)>3){ //error message }
if(!is_int($age)){ //error message }
if($age>110 || $age<18){ //error message }
Data Validation
Get the length you expect
<input type=“text” name=“username” maxlength=“8”>
Make sure the username is no longer than 8
if(strlen($username)>8)){ //error message }
Data Validation
 Don’t trust JavaScript
 Do client side AND server side validation
Slide #50
I think that’s enough
webpublishers@listserv.brown.edu
Next topic – to be announced for early May

More Related Content

What's hot (20)

PDF
PHP 5.3 Overview
jsmith92
 
PPT
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
webhostingguy
 
PPTX
Php hacku
Tom Praison Praison
 
TXT
My shell
Ahmed Salah
 
PDF
Php tips-and-tricks4128
PrinceGuru MS
 
PPTX
Php functions
JIGAR MAKHIJA
 
PDF
News of the Symfony2 World
Fabien Potencier
 
KEY
Intermediate PHP
Bradley Holt
 
PPT
Introducation to php for beginners
musrath mohammad
 
PDF
07 Introduction to PHP #burningkeyboards
Denis Ristic
 
PPS
Php security3895
PrinceGuru MS
 
PDF
SPL: The Missing Link in Development
jsmith92
 
PPT
Php mysql
Alebachew Zewdu
 
KEY
Fatc
Wade Arnold
 
PPT
Php with my sql
husnara mohammad
 
PPT
Introduction to PHP
prabhatjon
 
PDF
Symfony2 - WebExpo 2010
Fabien Potencier
 
PDF
PhpBB meets Symfony2
Fabien Potencier
 
PPT
Class 6 - PHP Web Programming
Ahmed Swilam
 
PDF
Web Development Course: PHP lecture 1
Gheyath M. Othman
 
PHP 5.3 Overview
jsmith92
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
webhostingguy
 
My shell
Ahmed Salah
 
Php tips-and-tricks4128
PrinceGuru MS
 
Php functions
JIGAR MAKHIJA
 
News of the Symfony2 World
Fabien Potencier
 
Intermediate PHP
Bradley Holt
 
Introducation to php for beginners
musrath mohammad
 
07 Introduction to PHP #burningkeyboards
Denis Ristic
 
Php security3895
PrinceGuru MS
 
SPL: The Missing Link in Development
jsmith92
 
Php mysql
Alebachew Zewdu
 
Php with my sql
husnara mohammad
 
Introduction to PHP
prabhatjon
 
Symfony2 - WebExpo 2010
Fabien Potencier
 
PhpBB meets Symfony2
Fabien Potencier
 
Class 6 - PHP Web Programming
Ahmed Swilam
 
Web Development Course: PHP lecture 1
Gheyath M. Othman
 

Viewers also liked (20)

PPTX
Array in php
Ashok Kumar
 
PDF
JQuery-Tutorial
tutorialsruby
 
PDF
Using mySQL in PHP
Mike Crabb
 
PPT
Financial intelligent for start ups
jubril
 
PPTX
Fcp lecture 01
educationfront
 
PDF
Presentation & Pitching tips
ABrandNewYou
 
PPT
Microsoft excel beginner
denstar ricardo silalahi
 
PPTX
Why Learn PHP Programming?
XtreemHeights
 
PPTX
How to Use Publicity to Grow Your Startup
Joy Schoffler
 
PDF
Intro to PHP for Beginners
mtlgirlgeeks
 
PPT
Computer Programming- Lecture 10
Dr. Md. Shohel Sayeed
 
PPTX
Excel training for beginners
Parul Sharan
 
PDF
phpTutorial1
tutorialsruby
 
PPTX
Beating the decline of the Facebook Organic Reach - KRDS singapore
KRDS
 
PPT
Computer Programming- Lecture 9
Dr. Md. Shohel Sayeed
 
PPTX
How to present your business plan to investors
The Hatch
 
PPTX
Comp 107chp 1
Bala Ganesh
 
PPTX
Comp 107 cep ii
Bala Ganesh
 
PPTX
9 Tips For Building An Internal Social Media Team
Ogilvy Consulting
 
PPT
Excel for beginners class 1
Carlstadt Public Library
 
Array in php
Ashok Kumar
 
JQuery-Tutorial
tutorialsruby
 
Using mySQL in PHP
Mike Crabb
 
Financial intelligent for start ups
jubril
 
Fcp lecture 01
educationfront
 
Presentation & Pitching tips
ABrandNewYou
 
Microsoft excel beginner
denstar ricardo silalahi
 
Why Learn PHP Programming?
XtreemHeights
 
How to Use Publicity to Grow Your Startup
Joy Schoffler
 
Intro to PHP for Beginners
mtlgirlgeeks
 
Computer Programming- Lecture 10
Dr. Md. Shohel Sayeed
 
Excel training for beginners
Parul Sharan
 
phpTutorial1
tutorialsruby
 
Beating the decline of the Facebook Organic Reach - KRDS singapore
KRDS
 
Computer Programming- Lecture 9
Dr. Md. Shohel Sayeed
 
How to present your business plan to investors
The Hatch
 
Comp 107chp 1
Bala Ganesh
 
Comp 107 cep ii
Bala Ganesh
 
9 Tips For Building An Internal Social Media Team
Ogilvy Consulting
 
Excel for beginners class 1
Carlstadt Public Library
 
Ad

Similar to Intro to php (20)

PDF
Php summary
Michelle Darling
 
PPTX
Quick beginner to Lower-Advanced guide/tutorial in PHP
Sanju Sony Kurian
 
ODP
PHP BASIC PRESENTATION
krutitrivedi
 
PDF
php-mysql-tutorial-part-3
tutorialsruby
 
PDF
php-mysql-tutorial-part-3
tutorialsruby
 
PDF
&lt;b>PHP&lt;/b>/MySQL &lt;b>Tutorial&lt;/b> webmonkey/programming/
tutorialsruby
 
PDF
&lt;img src="../i/r_14.png" />
tutorialsruby
 
PDF
Web app development_php_07
Hassen Poreya
 
PPTX
Working with data.pptx
SherinRappai
 
PDF
SULTHAN's - PHP MySQL programs
SULTHAN BASHA
 
PPT
PHP MySQL
Md. Sirajus Salayhin
 
PPTX
Learn PHP Lacture2
ADARSH BHATT
 
PPTX
Ch1(introduction to php)
Chhom Karath
 
PPT
Php basic for vit university
Mandakini Kumari
 
PPT
Introduction To PHP
Shweta A
 
PDF
Lecture14-Introduction to PHP-coding.pdf
IotenergyWater
 
PDF
Phpbasics
PrinceGuru MS
 
PPTX
Amp and higher computing science
Charlie Love
 
PPTX
BITM3730 10-25.pptx
MattMarino13
 
Php summary
Michelle Darling
 
Quick beginner to Lower-Advanced guide/tutorial in PHP
Sanju Sony Kurian
 
PHP BASIC PRESENTATION
krutitrivedi
 
php-mysql-tutorial-part-3
tutorialsruby
 
php-mysql-tutorial-part-3
tutorialsruby
 
&lt;b>PHP&lt;/b>/MySQL &lt;b>Tutorial&lt;/b> webmonkey/programming/
tutorialsruby
 
&lt;img src="../i/r_14.png" />
tutorialsruby
 
Web app development_php_07
Hassen Poreya
 
Working with data.pptx
SherinRappai
 
SULTHAN's - PHP MySQL programs
SULTHAN BASHA
 
Learn PHP Lacture2
ADARSH BHATT
 
Ch1(introduction to php)
Chhom Karath
 
Php basic for vit university
Mandakini Kumari
 
Introduction To PHP
Shweta A
 
Lecture14-Introduction to PHP-coding.pdf
IotenergyWater
 
Phpbasics
PrinceGuru MS
 
Amp and higher computing science
Charlie Love
 
BITM3730 10-25.pptx
MattMarino13
 
Ad

Recently uploaded (20)

PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PPTX
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
July Patch Tuesday
Ivanti
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
July Patch Tuesday
Ivanti
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 

Intro to php

  • 1. Intro to PHP A brief overview – Patrick Laverty
  • 2. What is PHP?  PHP (recursive acronym for "PHP: Hypertext Preprocessor") is a widely-used Open Source general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. <? echo “HI!”; ?>
  • 3. What is PHP? Compared to others like:  Java – Sun, compiled and interpreted (jsp)  Perl – Open Source, scripting  .NET – MS, opposite of Java  ColdFusion – Now Adobe, the original  Javascript – Netscape, client-side  PHP – Open Source, server-side
  • 4. How it works  PHP is installed on web server  Our web server is Apache (just an FYI)  Server parses files based on extensions  Returns plain HTML, no code
  • 5. How To – The Basics  Need to name files is a .php extension Example: index.php, mypage.php  Open and close tags: <? ?> Was: <?php ?>  Save file to server, view in a browser
  • 6. Hello World helloworld.php <html> <body> <? echo “Hello World!”; ?> </body> </html>
  • 7. Variables Variables are like a cup The same cup can hold lots of different things Same with variables
  • 8. Variables In PHP, you create a variable with a dollar sign and some text. Usually the text will be something descriptive of what it is going to hold. $name = “Patrick Laverty”; $dept = “CIS”; $campus_addr = “Box 1885”;
  • 9. Variables There are many different kinds of variables in PHP  Scalar  Array  Object
  • 10. Scalar Variables Hold single values  String/text  Numbers $name = “Josiah”; $dob = “1/1/23”; $age = 84; $waist_size = 36;
  • 11. Array Variables Hold multiple values All in one step example: $kids = Array(“Tom”,”Dick”,”Harry”); Multiple steps example: $kids = Array(); $kids[0] = “Tom”; $kids[1] = “Dick”; $kids[2] = “Harry”; Individual array values are just a scalar
  • 12. Array Variables Associative Arrays – may be easier to find stuff $teams = Array(‘bos’=>’Red Sox’, ‘nyy’=>’Yankees’, ’bal’=>’Orioles’); The two-step way works the same: $teams = Array(); $teams[‘bos’] = ‘Red Sox’;
  • 13. Object Variables We’ll talk about these later. We’re in no rush
  • 14. Functions Getting PHP to do some action for you echo() or print() phpinfo() (phpinfo.php)
  • 15. Functions Be lazy. It’s a good thing. If you’re going to do the same action more than once, write a function. sayhello.php function sayHello($toWhom) { echo “Hello $toWhom”; }
  • 16. Functions Lots have already been written for you: http://php.net/manual/en If you know the function: http://php.net/echo
  • 17. A Basic Form How we do things now: eform.cgi <form method=“POST” action= http://www.brown.edu/cgi-local/eform.cgi> <input type=“text” name=“name”> <input type=“text” name=“age”> <input type=“submit”> </form>
  • 18. A Basic Form How we do things with PHP: basicform.html <form method=“POST” action=“output.php”> <input type=“text” name=“name”> <input type=“text” name=“age”> <input type=“submit”> </form>
  • 19. A Basic Form Capturing the data in output.php Variables:  $_POST[‘name’]  $_POST[‘age’] Use phpinfo() to see variables
  • 20. A Basic Form Weave HTML and PHP output.php <html><body> <? $name = $_POST[‘name’]; $age = $_POST[‘age’]; echo “My name is $name and I am $age years old”; ?> </body></html>
  • 21. Data Validation We’ll talk more about validating user input later.
  • 22. A Basic Form Outputting to the screen is nice, but boring We could email the results Let’s store data in a database
  • 23. Layers of a Database  Server  Database  Tables  Fields/Columns  Records  Data
  • 24. How to Get a Database  Use Microsoft Access  Use Filemaker  Request a MySQL Database (http://brown.edu/db)
  • 25. Request a MySQL Database You will receive:  Server name (it’s not localhost)  Database name  Username  Password  Link to phpMyAdmin
  • 26. phpMyAdmin  phpMyAdmin is a graphical view of your database  Very easy Let’s take a look (http://brown.edu/phpMyAdmin)
  • 27. Connecting to DB from PHP Create one connection script: dbconn.php <? $conn = mysql_connect($server,$user,$pw); mysql_select_db($db,$conn); ?>
  • 28. Connecting to DB from PHP Remember, “Be Lazy!” At the top of each file that needs the DB: <? require(“dbconn.php”); ?>
  • 29. Database Table Table named ‘info’ has two fields, name and age Use a SQL INSERT statement: $sql = “INSERT INTO info (name,age) values (‘$name’, ‘$age’)”;
  • 30. Database Table Send it to the Database: mysql_query($sql,$conn);
  • 31. The Whole Picture dbinsert.php <? require(“dbconn.php”); $name = $_POST[‘name’]; $age = $_POST[‘age’]; $sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);” mysql_query($sql,$conn); ?> <html><body> Thank you, your name and age were received. </body></html>
  • 32. The Whole Picture - Fancier fancydbinsert.php <? require(“dbconn.php”); $name = $_POST[‘name’]; $age = $_POST[‘age’]; $sql = “INSERT into info (name,age) values(‘$name’, ‘$age’);” $success = mysql_query($sql,$conn); ?> <html><body> <? if($success) { echo “Thank you, your name and age were received.”; } else { echo “Sorry, your info wasn’t received, please contact …”; } ?> </body></html>
  • 33. Getting the Info Back  Read it in phpMyAdmin  Create an output page (Just like that little survey you filled out)
  • 34. Create an Output Page  Connect to the Server  Do a query of the data  Programmatically write the data to a page  View the page in a browser  Let’s see how to do it
  • 35. Connect to the Server First, include our connection script: <? require(“dbconn.php”); ?>
  • 36. Do a Query of the Data This time we use SELECT $sql = “SELECT name, age FROM info”; Or if you have many fields and want to be LAZY! $sql = “SELECT * from info”;
  • 37. Programmatically Write the Data Here’s the only hard part: <table border=“1”> <? $result = mysql_query($sql, $conn); while($table = mysql_fetch_object($result)) { echo “<tr><td>”; echo $table->name; echo “</td><td>”; echo $table->age; echo “</td></tr>”; } ?> </table>
  • 38. Putting it All Together statuspage.php <? require(“dbconn.php”); $sql = “SELECT * FROM info”; $result = mysql_query($sql, $conn); ?> <html><body> <table border=“1”> <? while($table = mysql_fetch_object($result)) { echo “<tr><td>”; echo $table->name; echo “</td><td>”; echo $table->age; echo “</td></tr>”; } ?> <table> </body></html>
  • 39. I Hate Objects! If you don’t like using mysql_fetch_object:  mysql_fetch_array($result)  mysql_fetch_assoc($result)
  • 40. mysql_fetch_array() Access the columns by numbers: while($array = mysql_fetch_array($result)) { echo $array[0]; echo $array[1]; }
  • 41. mysql_fetch_assoc() Access the columns by column names: while($array = mysql_fetch_assoc($result)) { echo $array[‘name’]; echo $array[‘age’]; }
  • 42. One Helpful Function nl2br() – Line breaks in a form are not respected This function will turn a newline (nl) character into (2) an html <br> (br) tag.
  • 43. Data Validation  Very Important!  Without it, your site and all others can be hacked!  PHP makes it easier
  • 44. Data Validation  Cut down on XSS with htmlentities()  Cut down on SQL-injection with mysql_real_escape_string()  Check that you’re getting what you expect  Check that you’re getting the length you expect  Don’t trust JavaScript
  • 45. Data Validation  Cross site scripting vulnerability  Allows a user to input scripts  Allows a user to input links to malicious sites  Allows a user to steal a session/cookie/password The htmlentities() function turns entities into its harmless entity number. A ‘ is turned into &#39;
  • 46. Data Validation  SQL-injection vulnerability  Allows a user to directly access your database  Allows a user to get access to other accounts  Allows a user to read data you don’t want read Prevention can be as simple as escaping quotes with mysql_real_escape_string to all user input $clean_user = mysql_real_escape_string($_POST[‘username’]);
  • 47. Data Validation  Get what you expect to get  Don’t change it, give error message Example: (validinsert.php) Age, should be less than 110, and numeric. Reject anything else if(strlen($age)>3){ //error message } if(!is_int($age)){ //error message } if($age>110 || $age<18){ //error message }
  • 48. Data Validation Get the length you expect <input type=“text” name=“username” maxlength=“8”> Make sure the username is no longer than 8 if(strlen($username)>8)){ //error message }
  • 49. Data Validation  Don’t trust JavaScript  Do client side AND server side validation
  • 50. Slide #50 I think that’s enough [email protected] Next topic – to be announced for early May