PHP Digging Deeper Martin Kruli by Martin Kruli

PHP – Digging Deeper Martin Kruliš by Martin Kruliš (v 1. 2) 6. 12. 2017 1

HTTP Wrapper - Revision � HTTP Request Wrapper ◦ Data are automatically prepared in superglobal arrays �$_GET – parameters from request URL �$_POST – parameters posted in HTTP body (form data) �$_FILES – records about uploaded files �$_SERVER – server settings and request headers �$_ENV – environment variables � HTTP Response ◦ Script output is the response (echo …) ◦ Headers can be modified by functions – e. g. , header('header-line'); by Martin Kruliš (v 1. 2) 6. 12. 2017 2

HTTP Wrapper - Revision � Example <form action="? op=update& id=42" method="POST"> <input name="name" type="text"> <input name="surname" type="text"> <input name="age" type="number"> <input type="submit" value="Save"> </form> $_GET $_POST 'op' => 'update' 'id' => '42' 'name' => 'Martin' 'surname' => 'Kruliš' 'age' => '19' Example 1 by Martin Kruliš (v 1. 2) 6. 12. 2017 3

HTTP Wrapper � Request Information ◦ Decoded to the $_SERVER array �REQUEST_METHOD – used method (“GET” or “POST”) �SERVER_PROTOCOL – protocol version (“HTTP/1. 1”) �REQUEST_URI – request part of URL (“/index. php”) �REMOTE_ADDR – clients IP address �HTTP_ACCEPT – MIME types that the client accepts �HTTP_ACCEPT_LANGUAGE – desired translation �HTTP_ACCEPT_ENCODING – desired encodings �HTTP_ACCEPT_CHARSET – desired charsets �+ more info about the server and the client’s browser phpinfo() by Martin Kruliš (v 1. 2) 6. 12. 2017 4

HTTP Wrapper � File Uploads ◦ In form as <input type="file" name=. . . /> �Provide safe way to browse disk files ◦ HTTP wrapper handles the file �Stores it in temporary location �Provide related info in $_FILES[name] �'tmp_name' – path to the file in temp directory �'error' – error code (e. g. , UPLOAD_ERR_OK) �'name', 'type', 'size', … ◦ File exists only as long as the script runs Example 2 �is_uploaded_file() – verification �move_uploaded_file() – a safe way to move files by Martin Kruliš (v 1. 2) 6. 12. 2017 5

HTTP Issues � Problem with POST Request (a submitted form) Refresh Client (Browser) add/change something script Again!!! Web Server Response (a HTML page) by Martin Kruliš (v 1. 2) 6. 12. 2017 6

HTTP Issues � Redirect Mechanism in HTTP ◦ 3 xx response code � 301 Moved Permanently � 302 Found (originally named Moved Temporarily) � 303 See Other ◦ Additional header 'Location' has the new URL ◦ Browser must try to load the new URL ◦ Loops in redirections are detected � Creating Redirect in PHP ◦ header("Location: my-new-url"); ◦ Automatically changes the response code (to 302) by Martin Kruliš (v 1. 2) 6. 12. 2017 7

HTTP Issues � Redirect (303 See Other) after POST Request (action. php) action. php add/change something Redirect (to index. php) Client (Browser) Refresh Redirects to a new URL (without updating history) GET (index. php) Web Server index. php generate HTML (only reads DB) HTML Page Example 3 by Martin Kruliš (v 1. 2) 6. 12. 2017 8

Redirect and AJAX � Redirecting Asynchronous HTTP Requests ◦ Works transparently – i. e. , in the same way as all HTTP requests handled by the browser ◦ Typically unnecessary after POST requests �A script should not be re-executed after reload, thus it can receive the updated HTML immediately ◦ Uncertain semantics �Is the redirect meant for the AJAX result or should the whole page load a new URL? ◦ Efficiency �AJAX typically optimizes network utilization – additional redirect may be suboptimal by Martin Kruliš (v 1. 2) 6. 12. 2017 9

Redirect and AJAX � Example – Replacing Redirect with AJAX ◦ Let us have a data table, where each item has a delete button that triggers AJAX POST request ◦ Trivial solution �After successful request, JS triggers reload of the page �Optionally the req. may send an URL (for location. href) ◦ Slightly more optimized solution �After successful request, JS triggers reload of affected components (table) via separate AJAX GET request ◦ Optimized solution �The POST response sends a HTML fragment or (better yet) a difference update for the data table by Martin Kruliš (v 1. 2) 6. 12. 2017 10

HTTP Issues � Cookies ◦ A way to deal with stateless nature of the HTTP ◦ Key-value pairs (of strings) stored in the web browser �Set by special HTTP response header �Automatically re-sent in headers with every request �Each page (domain) has it own set of cookies ◦ Cookies in PHP �Cookies are set/modified/removed by setcookie() �The function modifies HTTP response headers �Cookies sent by browser are loaded to $_COOKIE[] Example 4 by Martin Kruliš (v 1. 2) 6. 12. 2017 11

Databases � My. SQL ◦ Original mysql API is deprecated (as of PHP 5. 5) ◦ My. SQL Improved (mysqli) API �Dual object/procedural interface �Procedural interface is similar to original (deprecated) API �Advanced connectivity features �Persistent connections, compression, encryption �Directly supports transactions ◦ My. SQL Native Driver (mysqlnd) extension �More direct access to My. SQL server �Additional features (e. g. , asynchronous queries) by Martin Kruliš (v 1. 2) 6. 12. 2017 12

Databases � My. SQLi Procedural API ◦ Establishing connection with My. SQL server $mysqli = mysqli_connect("server", "login", "password", "db_name"); ◦ Performing queries $res = mysqli_query($mysqli, "SQL …"); ◦ Terminating connection mysqli_close($mysqli); ◦ Safe way to include strings in SQL query mysqli_real_escape_string($mysqli, $str); by Martin Kruliš (v 1. 2) 6. 12. 2017 13

Databases � My. SQL Results ◦ mysqli_query() result depends on the query type �On failure always returns false ◦ Modification queries return true on success ◦ Data queries (SELECT, …) return mysqli_result obj �mysqli_fetch_assoc($res) �mysqli_fetch_obj($res) �mysqli_fetch_all($res, $format) �mysqli_fetch_fields($res) �mysqli_num_rows($res) �mysqli_free_result($res) by Martin Kruliš (v 1. 2) 6. 12. 2017 14

Databases � My. SQLi Prepared Statements Placeholders ? can be used for bound variables ◦ Prepare new My. SQL statement $stmt = mysqli_stmt_init($mysqli); mysqli_stmt_prepare($stmt, "SELECT. . . "); ◦ Binding parameters (by positional placeholders) mysqli_stmt_bind_param($stmt, $types, $var 1, …) �Types string – one char ~ one parameter ◦ Execute and get result object mysqli_stmt_execute($stmt); $res = mysqli_stmt_get_result($stmt); by Martin Kruliš (v 1. 2) Example 5 6. 12. 2017 15

Frameworks � PHP ◦ ◦ ◦ ◦ ◦ Frameworks Symfony – one of the most popular Laravel – one of the most popular Slim - microframework Zend – one of the oldest Nette – Czech developer and comunity Code. Igniter Yii 2 Phalcon Cake. PHP … by Martin Kruliš (v 1. 2) 6. 12. 2017 16

Discussion by Martin Kruliš (v 1. 2) 6. 12. 2017 17