Lecture 4. Wednesday, January 27, 2016

Similar documents
Lecture 3: Web Servers / PHP and Apache. CS 383 Web Development II Monday, January 29, 2018

Lecture 6: More Arrays & HTML Forms. CS 383 Web Development II Monday, February 12, 2018

Security issues. Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith

Lecture 5. Monday, February 1, 2016

PHP and MySQL for Dynamic Web Sites. Intro Ed Crowley

CSC Web Programming. Introduction to JavaScript

PHP. Interactive Web Systems

BEGINNER PHP Table of Contents

Web Application Development (WAD) V th Sem BBAITM(Unit-1) By: Binit Patel

Module 10A Lecture - 20 What is a function? Why use functions Example: power (base, n)

B. V. Patel Institute of BMC & IT 2014

CS1 Lecture 3 Jan. 22, 2018

CSE : Python Programming

WEB SECURITY: WEB BACKGROUND

Student, Perfect Final Exam May 25, 2006 ID: Exam No CS-081/Vickery Page 1 of 6

Lecture 05 I/O statements Printf, Scanf Simple statements, Compound statements

Variables and literals

What is PHP? [1] Figure 1 [1]

Lecture 10: Working with Files. CS 383 Web Development II Monday, March 12, 2018

CS1 Lecture 3 Jan. 18, 2019

An overview of Java, Data types and variables

Lecture 18: Server Configuration & Miscellanea. Monday, April 23, 2018

c122mar413.notebook March 06, 2013

COMP519 Practical 5 JavaScript (1)

CS 220: Introduction to Parallel Computing. Beginning C. Lecture 2

(Refer Slide Time: 01:40)

Server side basics CS380

CONTENTS: What Is Programming? How a Computer Works Programming Languages Java Basics. COMP-202 Unit 1: Introduction

Some things to watch out for when using PHP and Javascript when building websites

AN INTRODUCTION PROGRAMMING. Simon Long

Let's Look Back. We talked about how to create a form in HTML. Forms are one way to interact with users

JavaScript. Like PHP, JavaScript is a modern programming language that is derived from the syntax at C.

age = 23 age = age + 1 data types Integers Floating-point numbers Strings Booleans loosely typed age = In my 20s

Programming. Dr Ben Dudson University of York

welcome to BOILERCAMP HOW TO WEB DEV

COMP519 Practical 15 PHP (1)

Fundamentals of Structured Programming

PHP 5 Introduction. What You Should Already Know. What is PHP? What is a PHP File? What Can PHP Do? Why PHP?

Mount Saint Mary College, Newburgh, NY Internet Programming III - CIT310

Getting started with C++ (Part 2)

C++ Data Types. 1 Simple C++ Data Types 2. 3 Numeric Types Integers (whole numbers) Decimal Numbers... 5

PHP. MIT 6.470, IAP 2010 Yafim Landa

The PHP language. Teaching you everything about PHP? Not exactly Goal: teach you how to interact with a database via web

Intro. Scheme Basics. scm> 5 5. scm>

Week - 01 Lecture - 04 Downloading and installing Python

Structured Programming Using C++ Lecture 2 : Introduction to the C++ Language. Dr. Amal Khalifa. Lecture Contents:

Algorithms and Programming I. Lecture#12 Spring 2015

CpSc 1011 Lab 5 Conditional Statements, Loops, ASCII code, and Redirecting Input Characters and Hurricanes

The Dynamic Typing Interlude

CpSc 1111 Lab 4 Part a Flow Control, Branching, and Formatting

COMP284 Scripting Languages Lecture 9: PHP (Part 1) Handouts

COMP284 Scripting Languages Lecture 14: JavaScript (Part 1) Handouts

printf( Please enter another number: ); scanf( %d, &num2);

VARIABLES AND TYPES CITS1001

Intro to Programming. Unit 7. What is Programming? What is Programming? Intro to Programming

CPS122 Lecture: From Python to Java

These are notes for the third lecture; if statements and loops.

Web Engineering (Lecture 08) WAMP

Software. Programming Languages. Types of Software. Types of Languages. Types of Programming. Software does something

JQuery and Javascript

If Statements, For Loops, Functions

Client Side JavaScript and AJAX

Data Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi.

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

CIT 590 Homework 5 HTML Resumes

A function is a named piece of code that performs a specific task. Sometimes functions are called methods, procedures, or subroutines (like in LC-3).

CMSC 201 Computer Science I for Majors

CPS122 Lecture: From Python to Java last revised January 4, Objectives:

Such JavaScript Very Wow

Learning vrealize Orchestrator in action V M U G L A B

C Syntax Out: 15 September, 1995

Creating the Data Layer

JavaScript Functions, Objects and Array

User Interaction: jquery

Python Working with files. May 4, 2017

AN OVERVIEW OF C. CSE 130: Introduction to Programming in C Stony Brook University

USQ/CSC2406 Web Publishing

JavaScript: The Basics

CSC201, SECTION 002, Fall 2000: Homework Assignment #1

Wednesday. Wednesday, September 17, CS 1251 Page 1


CIS 3308 Logon Homework

Introduction to Programming in C Department of Computer Science and Engineering. Lecture No. #29 Arrays in C

Lecture 2. COMP1406/1006 (the Java course) Fall M. Jason Hinek Carleton University

Programming language components

Web Scraping with Python

CpSc 1111 Lab 4 Formatting and Flow Control

CS 1803 Pair Homework 3 Calculator Pair Fun Due: Wednesday, September 15th, before 6 PM Out of 100 points

How to approach a computational problem

Two s Complement Review. Two s Complement Review. Agenda. Agenda 6/21/2011

Python Programming Exercises 1

A programmer can create Internet application software without understanding the underlying network technology or communication protocols.

URLs and web servers. Server side basics. URLs and web servers (cont.) URLs and web servers (cont.) Usually when you type a URL in your browser:

Lecture 13: MySQL and PHP. Monday, March 26, 2018

Floating-point lab deadline moved until Wednesday Today: characters, strings, scanf Characters, strings, scanf questions clicker questions

What is Standard APEX? TOOLBOX FLAT DESIGN CARTOON PEOPLE

Manju Muralidharan Priya. CS4PM Web Aesthetics and Development WEEK 11

CS558 Programming Languages

Lecture 7: Dates/Times & Sessions. CS 383 Web Development II Wednesday, February 14, 2018

Welcome! COMP s1. Programming Fundamentals

Transcription:

Lecture 4 Wednesday, January 27, 2016

PHP through Apache Last week, we talked about building command line scripts This week, we will transition to building scripts that will run through the web server, Apache, that will be viewable in a browser 1

Differences in Input As mentioned last week, the biggest difference between the two interfaces for programming is how we receive input and provide output While different, providing input will (mostly) be different due to the fact that we need to wrap everything in HTML code to properly display it in a browser window For input, think about our command line applications and how we received input 2

Differences in Input Command Line Input Method Command line arguments ($argv) Standard input (STDIN) Equivalent in Web Browser Query strings ($_GET) Forms ($_POST) 3

Note about Forms with $_GET and $_POST Note that we can send forms over $_GET instead of $_POST However, it is not ideal because all data in $_GET is sent through the URL: o Generally has a limit of about 2048 characters in a URL, limiting how much data can be sent over a form o Sensitive data (such as a password) would be captured in the URL, and thus, appear in the user s browser history 4

$_GET and Query Strings The syntax of a URL is: http://host.domain/file.php?querystring The query string consists of data, in the form variable=value Multiple piece of data can be strung together with & 5

$_GET and Query Strings Suppose you had the URL: http://cs383.mathcs.wilkes.edu/myfile.php?newsid=1 8&theme=2 Our variables are newsid (18) and theme (2) If we were to add print_r($_get); the output would be: Array( [newsid] => 18 [theme] => 2 ) We can access these with $_GET["newsid"] and $_GET["theme"] 6

Register Globals You may see a solution on the Internet to a problem that suggests you turn on register globals in the INI settings of PHP Register globals means, if you had the URL http://cs383.mathcs.wilkes.edu/script.php?userid=10, then you could access the variable in the query string directly with $userid rather than $_GET["userid"] DON T TURN IT ON 7

Register Global This creates a HUGE security risk Suppose your script had a variable that had $userid in it, which kept track of who was logged in Somebody could add?userid=3to the end of a URL, and if your script is not explicitly checking for somebody to add their own query strings, it could allow them to take over the account of whoever had the userid 3 8

Validating Input Because PHP is flexible in that the explicit variable definitions are neither necessary nor allowed, this makes checking input somewhat complicated Suppose we had the URL http://cs383.mathcs.wilkes.edu/script.php?x= (some value for x) We want to make sure the value supplied for x in the query string is an integer How do we do this? 9

Validating Input First, note that, even if this value came from a form or a link we put on the page, we cannot assume that the input is valid Why not? Even if we use Javascript on a form to validate input is good, somebody can create their own form that submits to submit.php anyway, surpassing the Javascript validation 10

Validating Input First, we need to verify that a value for x was actually supplied in the query string We can do this with the function isset($var), which verifies that the variable provided was initialized somewhere Example: isset($_get["x"]) 11

Validating Input Now, we need to verify that the integer is a value If you look in the PHP documentation, you can see that it looks like we have a few functions that can do this... But we actually don t These functions will not do what we really want them to 12

Validating Input One function you will find is is_int($var) However, this checks if the type, as it is stored, is an int, not if the actual value is an int Note that we don t call the part of the URL we are extracting these variables from a query integer, but it is in fact a query string Examples: o o is_int(4) => true is_int("4") => false Since the latter is how the variable would appear from a query string, this function will not work 13

Validating Input Next, you may come across the function intval($var) This converts strings into integers However, it essentially takes a string and strips out all numeric characters Examples: o intval("4") => 4 o Intval("4.6") => 46 Since the latter would just simply take a floating point and remove the decimal to completely change our input, this function will not work 14

Validating Input We have the function, is_numeric($var), which will tell us if something is a numeric value Examples: o is_numeric(4) => true o is_numeric("4") => true o is_numeric("4.6") => true This gets us almost there, but it will still return true for floating points 15

Validating Input Workaround: Cast the variable as an integer, and compare it to the original if they re equal, it must be an integer: is_numeric($var) && $var == (int)$var So, putting this all together, to verify that a variable x is provided in a query string, and it is an integer, our code would be: if(isset($_get["x"]) && is_numeric($_get["x"]) && $_GET["x"] == (int)$_get["x"]) { // is an int } else { // is not an int } 16

Validating Input Why does this work? Unlike other languages, the following WILL evaluate to true: 0.2 == "0.2" Although the previous functions would have found a distinction between 0.2 and "0.2" PHP otherwise does not 17

Validating Input It may be tempting to avoid adding $_GET["x"]so many times to put in your code, first: $x = $_GET["x"]; However, the code will no longer work You have now set $x 18

Newlines If you ran the following code in a command line script called print.php: <?php print "Hello"; print "World";?> The output would be: dilbert > php print.php HelloWorlddilbert > 19

Newlines If you ran the following code in a command line script called print.php: <?php print "Hello\n"; print "World\n";?> The output would be: dilbert > php print.php Hello World dilbert > 20

Newlines If you ran the following code in a web script called print.php: <?php print "Hello"; print "World";?> The output would be: HelloWorld And the HTML source code would look like: HelloWorld 21

Newlines If you ran the following code in a web script called print.php: <?php print "<p>hello</p>"; print "<p>world</p>";?> The output would be: Hello World And the HTML source code would look like: HelloWorld 22

Newlines If you ran the following code in a web script called print.php: <?php print "Hello\n"; print "World\n";?> The output would be: HelloWorld And the HTML source code would look like: Hello World 23

Newlines If you ran the following code in a web script called print.php: <?php print "<p>hello</p>\n"; print "<p>world</p>\n";?> The output would be: Hello World And the HTML source code would look like: Hello World 24

Newlines In command line scripts, \n is needed to add newlines, while <p></p> tags are needed in web scripts \n is needed in web scripts to clean up the code the source code of our scripts to make it readable Otherwise, if something in one of our PHP scripts is not properly working for the design, it would be difficult to debug the HTML because it would appear on one giant line 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback