1 / 25

PHP: Further Skills 02

PHP: Further Skills 02. By Trevor Adams. Topics covered. Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies Sessions. Persistence – What is it?.

helaine
Download Presentation

PHP: Further Skills 02

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PHP: Further Skills 02 By Trevor Adams

  2. Topics covered • Persistence • What is it? • Why do we need it? • Basic Persistence • Hidden form fields • Query strings • Cookies • Sessions

  3. Persistence – What is it? • Broadly, it is a any mechanism that allows values from one page activity to be available on the next

  4. Persistence – State Management • So why do we need it? • HTTP has no way of tracking a user’s visit to a web site • HTTP simply responds to requests for resources • Web applications demand more functionality than simple, static web pages can provide • Data driven web sites often provide access to relatively sensitive data

  5. Persistence – form fields • Hidden form fields provide a simple way to maintain application state • Simple to use HTML • Generated by PHP statements • <input type=“hidden” name=“action” value=“do” id=“action” /> • Provides a useful way of processing data differently from one form. E.g. • Editing and Adding a record can use the same form • The action required can be determined from a hidden field named action • The script that catches the post can query action and act appropriately

  6. Persistence – Form fields • Form fields have their disadvantages • Have to be managed by the programmer • Can be laborious on many forms • Data has to be obfuscated if sensitive • This is not ideal • Remember – HTML is plain text • Have to be sent to the server each round trip

  7. Persistence – Query Strings • Query allow the passing of variables through the URL • E.g. http://example.web/product.php?id=1001 • Multiple variables are declared using the ampersand (&) character • E.g. /product.php?id=1001&order=asc • Values can be accessed using the $_GET array • This is used similar to the $_POST array • E.g. from above example • <?php echo $_GET[“id”]; ?> • // prints 1001

  8. Persistence – Query Strings • Query strings are perfect for bookmarks • They are part of the URL • Can be given as direct links • Query strings can persist through basic HTML elements • E.g. Hyperlinks (<a>)

  9. Persistence – Query Strings • Query strings are not ideal in every situation • All variables are visible in the URL • Useless for sensitive data • Some applications specific a 256 character URL limit (including the page) • Easy target for unscrupulous people • Useless for large input, such as web mail

  10. Persistence – Basic Summary • We can create persistent applications using skills we have already covered • Hidden form elements • Work just like other form elements • They do not render on screen • Query strings • Append key=value pairs to a URL • Accessible as $_GET array • Visible in the URL

  11. Persistence – Cookie time! • Quick (perhaps dirty) way of persisting data using the client • Can store data between visits to a site • Stored as basic text files on the client machine • Cookie data is sent to the server with each page request (providing the cookie is valid)

  12. Persistence - Cookies • Cookies have a bad reputation • Over used • Abused • In general people do not trust cookies • Often they do not know they are needed for the cool things they enjoy on a web site • Possible poor use of cookies include: • Tracking and reporting browsing habits • Reporting products of interest to other web sites • Many others

  13. Persistence - Cookies • Cookies should be used for the “Bells and Whistles” of a web site • A web site should generally (try to at least) not rely on cookies to be completely functional • For example, storing the user’s visual style preference • If the cookie is not accepted, the site will still work

  14. Persistence - Cookies • PHP allows the programmer to set cookies • The setcookie() function • This function takes up to 6 parameters • Name – required • Value – required • Expire – time in seconds that the cookie expires • Path – path that the cookie is valid for (/tja1) • Domain – domain that is valid (e.g. example.web) • Secure – whether it requires HTTPS or not • setcookie(“cssfile”, “style.css”, time()+1800);

  15. Persistence – Cookie expiration • The PHP time() function returns the current time measured in the number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT). • Try <?php echo time(); ?> • time() + 1800 will expire the cookie in 30 minutes • 60 seconds * 30 = 1800 • We shall cover time and date functions in lab session

  16. Persistence - Cookies • Cookies are available on the subsequent page request from when they are set • They are accessible via $_COOKIES array • The cookie name is the array key • Adding values directly to the cookie array will not create a cookie • Must use set cookie function for this

  17. Persistence - Cookies • Calls to setcookie() must be called before any out put is sent to the browser • Cookies are sent in the HTTP header • <?php echo “Hello!”; • setcookie(“style”, “myfile.css”, time()+1800); ?> • Results in an error • Output includes any data, including plain HTML that comes before the setcookie() call • Do not store arrays in cookie variables • They require special manipulation • Stick to basic types, textual/numeric

  18. Persistence – Cookie Summary • Cookies are great for the ‘nice’ features • Do not rely on them • Not even in closed environments • They are stored on the client • Not stored securely • Sent with each page request • Can be transmitted securely

  19. Persistence - Sessions • Sessions are stored on the server • Exist for the time a user starts to use your application to the time they finish • Or you programmatically end the session (logout) • Sessions are very simple to use • PHP4 has built in functionality for sessions

  20. Sessions – in use • Call the function session_start(); before any output is sent to the browser • $_SESSION array is used to store session variables • Adding values to $_SESSION will automatically persist those values at the server side

  21. Sessions – in use • <?php • session_start(); • $_SESSION[“uname”] = “tja1”; • ?> • Subsequent page access • <?php • Session_start(); • Echo $_SESSION[“uname”]; • // prints “tja1” • ?>

  22. Sessions – Why use them? • Store more complex data, such as arrays, easily • Data is never involved in a round trip • In some ways, more secure • Although has security issues of a different nature • Well out of the scope of this module

  23. Sessions - Summary • Persistence data • Maintained on the server • Needs to be initialised before output • Allows the programmer to implement complex application functionality • Probably the best choice to facilitate logins

  24. Topics covered - summary • Basic Persistence • Query Strings • Hidden form elements • Cookies • Client side storage • Sent on every page request • Not secure • Access using $_COOKIES • Sessions • Server side variable storage • Accessed using $_SESSIONS • Avoids the client side storage • Still suffers from server side attacks

  25. Resources • Use the PHP web site • Search for time • Search for session_start • Search for setcookie

More Related