1 / 36

Web Interfaces and Database Integration: Design, Development, and Security

Explore the design and development aspects of web interfaces to databases, including dynamic document generation, user customization, and the importance of URLs. Learn about client-side scripting, security considerations, and the role of HTTP in web communication.

rogan-reid
Download Presentation

Web Interfaces and Database Integration: Design, Development, and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Based Interfaces Application Design and Development Introduction to PHP

  2. Application Design and Development

  3. Application Design and Development • User Interfaces and Tools • Web Interfaces to Databases • Web Fundamentals

  4. User Interfaces and Tools • Most database users do not use a query language like SQL. • Forms • Graphical user interfaces • Report generators • Many interfaces are Web-based • Back-end (Web server) uses such technologies as • Java servlets • Java Server Pages (JSP) • Active Server Pages (ASP)

  5. The World Wide Web • The Web is a distributed information system based on hypertext. • Most Web documents are hypertext documents formatted via the HyperText Markup Language (HTML) • HTML documents contain • text along with font specifications, and other formatting instructions • hypertext links to other documents, which can be associated with regions of the text. • forms, enabling users to enter data which can then be sent back to the Web server

  6. A formatted report

  7. Web Interfaces to Databases Why interface databases to the Web? • Web browsers have become the de-facto standard user interface to databases • Enable large numbers of users to access databases from anywhere • Avoid the need for downloading/installing specialized code, while providing a good graphical user interface • Examples: banks, airline and rental car reservations, university course registration and grading, an so on.

  8. Web Interfaces to Database (Cont.) • Dynamic generation of documents • Limitations of static HTML documents • Cannot customize fixed Web documents for individual users. • Problematic to update Web documents, especially if multiple Web documents replicate data. • Solution: Generate Web documents dynamically from data stored in a database. • Can tailor the display based on user information stored in the database. • E.g. tailored ads, tailored weather and local news, … • Displayed information is up-to-date, unlike the static Web pages • E.g. stock market information, ..

  9. Uniform Resources Locators • In the Web, functionality of pointers is provided by Uniform Resource Locators (URLs). • URL example: http://www.bell-labs.com/topics/book/db-book • The first part indicates how the document is to be accessed • “http” indicates that the document is to be accessed using the Hyper Text Transfer Protocol. • The second part gives the unique name of a machine on the Internet. • The rest of the URL identifies the document within the machine. • The local identification can be: • The path name of a file on the machine, or • An identifier (path name) of a program, plus arguments to be passed to the program • E.g. http://www.google.com/search?q=silberschatz

  10. HTML and HTTP • HTML provides formatting, hypertext link, and image display features. • HTML also provides input features • Select from a set of options • Pop-up menus, radio buttons, check lists • Enter values • Text boxes • Filled in input sent back to the server, to be acted upon by an executable at the server • HyperText Transfer Protocol (HTTP) used for communication with the Web server

  11. Sample HTML Source Text <html> <body> <table border cols = 3> <tr> <td> A-101 </td> <td> Downtown </td> <td> 500 </td> </tr> …</table><center> The <i>account</i> relation </center> <form action=“BankQuery” method=get> Select account/loan and enter number <br> <select name=“type”> <option value=“account” selected> Account <option> value=“Loan”> Loan</select> <input type=text size=5 name=“number”> <input type=submit value=“submit”></form> </body> </html>

  12. Display of Sample HTML Source

  13. Client Side Scripting and Applets • Browsers can fetch certain scripts (client-side scripts) or programs along with documents, and execute them in “safe mode” at the client site • Javascript • Macromedia Flash and Shockwave for animation/games • VRML • Applets • Client-side scripts/programs allow documents to be active • E.g., animation by executing programs at the local site • E.g. ensure that values entered by users satisfy some correctness checks • Permit flexible interaction with the user. • Executing programs at the client site speeds up interaction by avoiding many round trips to server

  14. Client Side Scripting and Security • Security mechanisms needed to ensure that malicious scripts do not cause damage to the client machine • Easy for limited capability scripting languages, harder for general purpose programming languages like Java • E.g. Java’s security system ensures that the Java applet code does not make any system calls directly • Disallows dangerous actions such as file writes • Notifies the user about potentially dangerous actions, and allows the option to abort the program or to continue execution.

  15. Client-Server vs Web Servers SERVER (where the DATABASE is stored) Question: TO GRANT or NOT? Request or Add Data from Server Codes are executed from the client side. client client client client

  16. Client-Server vs Web Servers WEB SERVER (where the DATABASE and the CODE is stored/executed) Question: What do you want?? Clients access the programs thru a web-site client client client client

  17. Web Servers • A Web server can easily serve as a front end to a variety of information services. • The document name in a URL may identify an executable program, that, when run, generates a HTML document. • When a HTTP server receives a request for such a document, it executes the program, and sends back the HTML document that is generated. • The Web client can pass extra arguments with the name of the document. • To install a new service on the Web, one simply needs to create and install an executable that provides that service. • The Web browser provides a graphical user interface to the information service. • Common Gateway Interface (CGI): a standard interface between web and application server

  18. Three-Tier Web Architecture

  19. Two-Tier Web Architecture • Multiple levels of indirection have overheads • Alternative: two-tier architecture

  20. PHP Story A widely used script based language which enables static html pages turn to dynamic.

  21. The PHP Story • Widely used general-purpose scripting language • Suited for web development and can be embedded into HTML

  22. Goal • Allow web developers to write dynamically generated web pages quickly. • It is possible to incorporate sophisticated business logic into otherwise static web sites.

  23. PHP added to HTML • Typically, PHP code is embedded inside a regular HTML document, and is recognized and executed by the web server when the document is requested thru the browser.

  24. Running Where? • The program is executed on the server side and not the client. • Thus, if errors occur, the programmer may debug from the server side… and the client side doesn’t do anything at all…

  25. PHP Variables What is in a name?

  26. Writing Statements • Echo <html> execute: <?php echo "this is my site"; echo '<br>'; echo 'This is my site'; ?> </html> [sample1]

  27. Variables To assign a value to a variable, use the assignment operator, the equality (=) symbol. <? $x = 5; $y = 6; $addxy = $x + $y; ?>

  28. Writing Statements + Variable <html> execute: <?php $x = 5; $y = 6; $addxy = $x + $y; echo "$x + $y = $addxy"; // 5 + 6 = 11 echo '<br>'; echo '$x + $y = $addxy'; // $x + $y = $addxy ?> </html> [sample2]

  29. Data Types

  30. Detecting a Data Type • gettype ( ) function • Use this function to detect data types. • Example: • <?php • $age=55; $temp=85.54; $auth=true; $name=‘Harry’; • echo gettype($age); //returns ‘integer’ • echo gettype($temp); //returns ‘double’ • echo gettype($auth); //returns ‘boolean’ • echo gettype($name); //returns ‘string’ • ?> [sample4]

  31. NOTE!!! • String values enclosed in double quotes are automatically parsed for variable names; if variable names are found, they are automatically replaced with the appropriate value <?php $identity = ‘James Bond’; $car = ‘BMW’; $sentence = “$identity drives a $car”; echo $sentence; //the sentence would contain string “James Bond drives a BMW” $sentence = ‘$identity drives a $car’; echo $sentence; //the sentence would contain string ‘$identity drives a $car’

  32. <?php $identity = ‘James Bond’; $car = ‘BMW’; $sentence = “$identity drives a $car”; echo $sentence; //the sentence would contain string “James Bond drives a BMW” $sentence = ‘$identity drives a $car’; echo $sentence; //the sentence would contain string ‘$identity drives a $car’ ?> [sample3]

  33. NOTE!!! • Note that if your string contains quotes, carriage returns or backslashes, its necessary to escape these special characters with a backslash. The following example illustrates: <?php $statement = ‘It’s hot outside’; //bad!!! $statement = ‘It\’s hot outside’; // ok!!! ?>

  34. Null • The Null is a special data type; it means that a variable has no value. • A Null is typically seen when a variable is initialized but not yet assigned a value, or when a variable has been de-initialized with the unset() function.

  35. Nyull <?php echo gettype($me); //returns NULL $me= ‘Paulo’; //assigns $me a Value echo gettype($me); //returns STRING unset($me); //de-initialize variable echo gettype($me); //returns NULL ?>

  36. end

More Related