PHP Digging Deeper Martin Kruli by Martin Kruli
PHP – Digging Deeper Martin Kruliš by Martin Kruliš (v 1. 1) 17. 12. 2015 1
HTTP Wrapper - Revision � HTTP Request Wrapper ◦ Data are automatically prepared in superglobal arrays �$_GET – parameters from request URL �$_POST – parameters posted in HTTP body (form data) �$_FILES – records about uploaded files �$_SERVER – server settings and request headers �$_ENV – environment variables � HTTP Response ◦ Script output is the response (echo …) ◦ Headers can be modified by functions – e. g. , header('header-line'); by Martin Kruliš (v 1. 1) 17. 12. 2015 2
HTTP Wrapper - Revision � Example <form action="? op=update& id=42" method="POST"> <input name="name" type="text"> <input name="surname" type="text"> <input name="age" type="text"> <input type="submit" value="Save"> </form> $_GET $_POST 'op' => 'update' 'id' => '42' 'name' => 'Martin' 'surname' => 'Kruliš' 'age' => '19' by Martin Kruliš (v 1. 1) 17. 12. 2015 3
HTTP Wrapper � Request Information ◦ Decoded to the $_SERVER array �REQUEST_METHOD – used method (“GET”or “POST”) �SERVER_PROTOCOL – protocol version (“HTTP/1. 1”) �REQUEST_URI – request part of URL (“/index. php”) �REMOTE_ADDR – clients IP address �HTTP_ACCEPT – MIME types that the client accepts �HTTP_ACCEPT_LANGUAGE – desired translation �HTTP_ACCEPT_ENCODING – desired encodings �HTTP_ACCEPT_CHARSET – desired charsets �+ more info about the server and the client’s browser phpinfo() by Martin Kruliš (v 1. 1) 17. 12. 2015 4
HTTP Wrapper � File Uploads ◦ In form as <input type="file" name=. . . /> �Provide safe way to browse disk files ◦ HTTP wrapper handles the file �Stores it in temporary location �Provide related info in $_FILES[name] �'tmp_name' – path to the file in temp directory �'error' – error code (e. g. , UPLOAD_ERR_OK) �'name', 'type', 'size', … ◦ File exists only as long as the script runs Example 1 �is_uploaded_file() – verification �move_uploaded_file() – a safe way to move files by Martin Kruliš (v 1. 1) 17. 12. 2015 5
HTTP Issues � Redirect Mechanism in HTTP ◦ 3 xx response code � 301 Moved Permanently � 302 Found (originally named Moved Temporarily) � 303 See Other ◦ Additional header 'Location' has the new URL ◦ Browser must try to load the new URL ◦ Loops in redirections are detected � Creating Redirect in PHP ◦ header("Location: my-new-url"); ◦ Automatically changes the response code (to 302) by Martin Kruliš (v 1. 1) 17. 12. 2015 6
HTTP Issues � Problem with POST Request (a submitted form) Refresh Client (Browser) add/change something script Again!!! Web Server Response (a HTML page) by Martin Kruliš (v 1. 1) 17. 12. 2015 7
HTTP Issues � Redirect (303 See Other) after POST Request add/change something Redirect (new URL) Client (Browser) Refresh Redirects to a new URL (without updating history) GET (new URL) Web Server read-only HTML Page Example 2 by Martin Kruliš (v 1. 1) 17. 12. 2015 8
Redirect and AJAX � Redirecting Asynchronous HTTP Requests ◦ Works transparently – i. e. , in the same way as all HTTP requests handled by the browser ◦ Typically unnecessary after POST requests �A script should not be re-executed after reload, thus it can receive the updated HTML immediately ◦ Uncertain semantics �Is the redirect meant for the AJAX result or should the whole page load a new URL? ◦ Efficiency �AJAX typically optimizes network utilization – additional redirect may be suboptimal by Martin Kruliš (v 1. 1) 17. 12. 2015 9
Redirect and AJAX � Example – Replacing Redirect with AJAX ◦ Let us have a data table, where each item has a delete button that triggers AJAX POST request ◦ Trivial solution �After successful request, JS triggers reload of the page �Optionally the POST may send an URL (for location. href) ◦ Slightly more optimized solution �After successful request, JS triggers reload of affected components (table) via separate AJAX GET request ◦ Optimized solution �The POST response sends a HTML fragment or (better yet) a difference update for the data table by Martin Kruliš (v 1. 1) 17. 12. 2015 10
HTTP Issues � Cookies ◦ A way to deal with stateless nature of the HTTP ◦ Key-value pairs (of strings) stored in the web browser �Set by special HTTP response header �Automatically re-sent in headers with every request �Each page (domain) has it own set of cookies ◦ Cookies in PHP �Cookies sent by browser are loaded to $_COOKIE[] �Cookies are set/modified/removed by setcookie() �The function modifies HTTP response headers Example 3 by Martin Kruliš (v 1. 1) 17. 12. 2015 11
Strings � Functions ◦ PHP have a huge arsenal of string functions �strlen(), substr(), trim(), split(), join(), … ◦ Libs for charset manipulation �Multibyte string lib �Iconv lib �Recode ◦ Functions for encoding (to URL, HTML, SQL, …) �urlencode(), urldecode() �htmlspecialchars(), htmlspecialchars_decode() �mysqli_real_escape_string() by Martin Kruliš (v 1. 1) 17. 12. 2015 12
Strings � Regular Expressions ◦ String search patterns based on regular automata �Used for pattern matching, replacement, splitting, … ◦ POSIX syntax �Same syntax as in unix tools (grep, sed, …) �Deprecated as of PHP 5. 3 ◦ Perl (PCRE) syntax �Similar to POSIX syntax, but with more features �Separate set of functions in PHP ◦ Regular expression evaluation is implemented in C �May be faster than implementing string parsing in PHP by Martin Kruliš (v 1. 1) 17. 12. 2015 13
Databases � My. SQL ◦ Original mysql API is deprecated (as of PHP 5. 5) ◦ My. SQL Improved (mysqli) API �Dual object/procedural interface �Procedural interface is similar to original (deprecated) API �Advanced connectivity features �Persistent connections, compression, encryption �Directly supports transactions ◦ My. SQL Native Driver (mysqlnd) extension �More direct access to My. SQL server �Additional features (e. g. , asynchronous queries) by Martin Kruliš (v 1. 1) 17. 12. 2015 14
Databases � My. SQLi Procedural API ◦ Establishing connection with My. SQL server $mysqli = mysqli_connect("server", "login", "password", "db_name"); ◦ Performing queries $res = mysqli_query($mysqli, "SQL …"); ◦ Terminating connection mysqli_close($mysqli); ◦ My. SQL statement wrapper functions mysqli_stmt_init($mysqli); mysqli_stmt_*(…) by Martin Kruliš (v 1. 1) 17. 12. 2015 15
Databases � My. SQL Results ◦ mysqli_query() result depends on the query type �On failure always returns false ◦ Modification queries return true on success ◦ Data queries (SELECT, …) return mysqli_result obj �mysqli_fetch_assoc($res) �mysqli_fetch_obj($res) �mysqli_fetch_all($res, $format) �mysqli_fetch_fields($res) �mysqli_num_rows($res) �mysqli_free_result($res) Example 4 by Martin Kruliš (v 1. 1) 17. 12. 2015 16
Frameworks � Zend Framework ◦ Developed by open community, supported by Zend ◦ Large and robust, based on MVC architecture �Build as independent modules (database, sessions, …) � Nette ◦ Popular PHP framework with Czech community ◦ Simple, easy to learn and use ◦ Modern approach (OO design, MVC, supports AJAX) � Dibi ◦ Database abstraction layer for PHP by Martin Kruliš (v 1. 1) 17. 12. 2015 17
Discussion by Martin Kruliš (v 1. 1) 17. 12. 2015 18
- Slides: 18