PHP Digging Deeper Martin Kruli by Martin Kruli

PHP – Digging Deeper Martin Kruliš by Martin Kruliš (v 1. 0) 16. 9. 2020 1

HTTP Issues � Request Information ◦ Decoded to the $_SERVER array �REQUEST_METHOD – used method (“GET”or “POST”) �SERVER_PROTOCOL – protocol version (“HTTP/1. 1”) �REQUEST_URI – request part of URL (“/index. php”) �REMOTE_ADDR – clients IP address �HTTP_ACCEPT – MIME types that the client accepts �HTTP_ACCEPT_LANGUAGE – desired translation �HTTP_ACCEPT_ENCODING – desired encodings �HTTP_ACCEPT_CHARSET – desired charsets �+ more info about the server and the client’s browser phpinfo() by Martin Kruliš (v 1. 0) 16. 9. 2020 2

HTTP Issues � File Uploads ◦ In form as <input type="file" name=. . . /> �Provide safe way to browse disk files ◦ HTTP wrapper handles the file �Stores it in temporary location �Provide related info in $_FILES[name] �'tmp_name' – path to the file in temp directory �'error' – error code (e. g. , UPLOAD_ERR_OK) �'name', 'type', 'size', … ◦ File exists only as long as the script runs Example 1 �is_uploaded_file() – verification �move_uploaded_file() – a safe way to move files by Martin Kruliš (v 1. 0) 16. 9. 2020 3

HTTP Issues � Redirect Mechanism in HTTP ◦ 3 xx response code � 301 Moved Permanently � 302 Found (originally named Moved Temporarily) � 303 See Other ◦ Additional header 'Location' has the new URL ◦ Browser must try to load the new URL ◦ Loops in redirections are detected � Creating Redirect in PHP ◦ header("Location: my-new-url"); ◦ Automatically changes the response code (to 302) by Martin Kruliš (v 1. 0) 16. 9. 2020 4

HTTP Issues � Problem with POST Request (a submitted form) Refresh Client (Browser) add/change something script Again!!! Web Server Response (a HTML page) by Martin Kruliš (v 1. 0) 16. 9. 2020 5

HTTP Issues � Redirect (303 See Other) after POST Request add/change something Redirect (new URL) Client (Browser) Refresh Redirects to a new URL (without updating history) GET (new URL) Web Server read-only HTML Page Example 2 by Martin Kruliš (v 1. 0) 16. 9. 2020 6

HTTP Issues � Cookies ◦ A way to deal with stateless nature of HTTP ◦ Key-value pairs (of strings) stored in web browser �Set by special HTTP response header �Automatically re-sent in headers with every request �Each page (domain) has it own set of cookies ◦ Cookies in PHP �Cookies sent by browser are loaded to $_COOKIE[] �Cookies are set/modified/removed by setcookie() �The function modifies HTTP response headers Example 3 by Martin Kruliš (v 1. 0) 16. 9. 2020 7

Strings � Functions ◦ PHP have a huge arsenal of string functions �strlen(), substr(), trim(), split(), join(), … ◦ Libs for charset manipulation �Multibyte string lib �Iconv lib �Recode ◦ Functions for encoding (to URL, HTML, SQL, …) �urlencode(), urldecode() �htmlspecialchars(), htmlspecialchars_decode() �mysqli_real_escape_string() by Martin Kruliš (v 1. 0) 16. 9. 2020 8

Strings � Regular Expressions ◦ String search patterns based on regular automata �Used for pattern matching, replacement, splitting, … ◦ POSIX syntax �Same syntax as in unix tools (grep, sed, …) �Deprecates as of PHP 5. 3 ◦ Perl (PCRE) syntax �Similar to POSIX syntax, but with more features �Separate set of functions in PHP ◦ Regular expression evaluation is implemented in C �Faster than implementing string parsing in PHP by Martin Kruliš (v 1. 0) 16. 9. 2020 9

Databases � My. SQL ◦ Original mysql API is deprecated (as of PHP 5. 5) ◦ My. SQL Improved (mysqli) API �Dual object/procedural interface �Procedural interface is similar to original (deprecated) API �Advanced connectivity features �Persistent connections, compression, encryption �Directly supports transactions ◦ My. SQL Native Driver (mysqlnd) extension �More direct access to My. SQL server �Additional features (e. g. , asynchronous queries) by Martin Kruliš (v 1. 0) 16. 9. 2020 10

Databases � My. SQLi Procedural API ◦ Establishing connection with My. SQL server $mysqli = mysqli_connect("server", "login", "password", "db_name"); ◦ Performing queries $res = mysqli_query($mysqli, "SQL …"); ◦ Terminating connection mysqli_close($mysqli); ◦ My. SQL statement wrapper functions mysqli_stmt_init($mysqli); mysqli_stmt_*(…) by Martin Kruliš (v 1. 0) 16. 9. 2020 11

Databases � My. SQL Results ◦ mysqli_query() result depends on the query type �On failure always returns false ◦ Modification queries return true on success ◦ Data queries (SELECT, …) return mysqli_result obj �mysqli_fetch_assoc($res) �mysqli_fetch_obj($res) �mysqli_fetch_all($res, $format) �mysqli_fetch_fields($res) �mysqli_num_rows($res) �mysqli_free_result($res) Example 5 by Martin Kruliš (v 1. 0) 16. 9. 2020 12

Frameworks � Zend Framework ◦ Developed by open community, supported by Zend ◦ Large and robust, based on MVC architecture �Build as independent modules (database, sessions, …) � Nette ◦ Popular PHP framework with Czech community ◦ Simple, easy to learn and use ◦ Modern approach (OO design, MVC, supports AJAX) � Dibi ◦ Database abstraction layer for PHP by Martin Kruliš (v 1. 0) 16. 9. 2020 13

Discussion by Martin Kruliš (v 1. 0) 16. 9. 2020 14