introduction to SCRIPTING, DATABASES, SYSTEM ARCHITECTURE RECAPITULATION OF PHP Claus Brabrand ((( brabrand@itu.dk ))) Associate Professor, Ph.D. ((( Programming, Logic, and Semantics ))) IT University of Copenhagen Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011
Agenda 1) RECAPITULATION ( of PHP ) 2) EXERCISE (NIM) ( all of PHP ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 2 ] Oct 14, 2011
Message from IT dept. Please use SFTP instead of FTP:...it combines SSH (secure protocol) with FTP (File Transfer Protocol) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 3 ] Oct 14, 2011
Another Message from IT dept. NB: Hacking!: "Insecure PHP scripts" have been exploited! " Vi har inden for de sidste par uger haft to halvgrimme sager hvor nogle PHP scripts fra DSDS kurset er blevet udnyttet af hackere. Begge sager har involveret studerende fra tidligere semestre [...] Vi er nødt til at opfordre til, at der afsættes lidt af undervisningstiden til yderligere fokus på sikkerhed i PHP og meget gerne hvis I ville bede de studerende om at undlade at udvikle visse typer scripts. Det drejer sig især om opstramning af sikkerheden på scripts der tillader upload og mail. " Attacks exploited lack of validation! So, please make sure you validate your input! Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 4 ] Oct 14, 2011
Intended Learning Outcomes After the course, you are expected to be able to : 1) plan and develop medium sized web applications using the scripting language, PHP; 2) design small MySQL databases; 3) construct PHP scripts that interact with databases using SQL; 4) describe the techniques behind DB-driven web applications; 5) describe the fundamental system architectural considerations behind web applications so as to be able to communicate and collaborate with programmers and technologists. Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 5 ] Oct 14, 2011
On Assignments Requirement for the exam: You need 10 out of 11 approved! Submit A[1-5]: (by October 28) Approved A[1-5]: (by November 04) Future deadlines: TAs available for help today! (Fridays at 08:29) Your assignment status?: (Talk to your TA!) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 6 ] Oct 14, 2011
Web Service Architecture SQL Server PHP Client(s) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 7 ] Oct 14, 2011
PHP Web Services e" e" form input e" Web! Service! client www server Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 8 ] Oct 14, 2011
PHP PHP is a programming language made specifically for web service programming PHP code runs on the server (i.e., not on your computer) Programming model of PHP: with special PHP tags (<?php?>) that are evaluated and generate (dynamic) PHP PHP static dynamic dynamic Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 9 ] Oct 14, 2011
Simple PHP Example <html> <body> <?php $time = date("h:i:s") ; echo Time is <b>$time</b> ;?> </body> Time is 08:29:59 </html> PHP code is written in <?php?> tags inside regular Each PHP command ends with ; (semicolon) echo is a command that prints the argument (in this case it will print Time is 08:29:59 ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 10 ] Oct 14, 2011 PHP static dynamic
...and with Multiple PHP tags <html> <body> <?php $time = date("h:i:s");?> Time is:<b> <?php echo $time ;?> </b> </body> Time is 08:29:59 </html> PHP code is written in <?php?> tags inside regular Each PHP command ends with ; (semicolon) echo is a command that prints the argument (in this case it will print Time is 08:29:59 ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 11 ] Oct 14, 2011 PHP PHP static dynamic dynamic
Form Submission 1) The user fills out the form and clicks submit (which sends the data back to the server) 2) The server runs a web service (PHP program) that processes the data and constructs an reply 3) The server sends back the dynamically constructed document (that may depend on the data!): 42 e A B submit e client http request (url) (+data) dynamic html response www server program (e.g., PHP script) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 12 ] Oct 14, 2011
Validation of (X) Static vs Dynamic Validation PHP PHP static dynamic dynamic Validate: e input e VALID?!? client dynamic html www server PHP program Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 13 ] Oct 14, 2011
What do u need to work with? 1) forms / input fields? 2) variables? 3) operations? 4) if / while / for? 5) functions? 6) arrays? 7) validation / regexps? ) combinations of 1-7)? Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 14 ] Oct 14, 2011
Simple Web Service Example ( The BMI Service ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011
The BMI Web Service () This form submits to the PHP script <html> <body> <h1>bmi calculator</h1> <form action="http://www.itu.dk/people/brabrand/dsds/bmi.php"> Enter your height: <input type="text" name="height" /><br/> Enter your weight: <input type="text" name="weight" /><p/> <input type="submit" value="compute" /> </body> </html> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 16 ] Oct 14, 2011
<html> <body> <?php BMI with validation! $h = $_REQUEST['height'] ; $w = $_REQUEST['weight'] ; $regexp_number = '[0-9]+' ; if ( preg_match('/^'. $regexp_number. '$/', $h) ) { echo "Height: $h cm.<br/>" ; echo "Weight: $w kg.<p/>" ; $bmi = $w / (($h / 100) * ($h / 100)) ; echo "Your BMI is: <b>$bmi</b> " ; if ( $bmi < 20.0 ) { echo "which is too low!" ; } elseif ( $bmi > 25.0 ) { echo "which is too high!" ; } else { echo "which is normal." ; } } else { echo "Height was not a number!" ; }?> </body> </html> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 17 ] Oct 14, 2011
EXERCISE ( Game of NIM ) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011
<?php function echo_form( $sticks, $turn ) { // function to echo form nicely echo "<form action=''> <input type='hidden' name='turn' value='$turn' /> <input type='hidden' name='sticks' value='$sticks' /> There are <b>$sticks</b> stick(s) left.<p/> <b>player $turn</b>, how many sticks do u wanna take (1-3)? <input type='text' name='take' size='1' maxlength='1'/> <p/> <input type='submit' value='take!' /> </form>" ; } ( http://www.itu.dk/people/brabrand/dsds/nim.php ) if (! isset( $_REQUEST['take'] ) ) { // set up game echo "<h1>welcome to the Game of NIM</h1>" ; $turn = 1; // player one always starts $sticks = rand( 10, 15 ) ; // initially (randomly 10-15x) #sticks } else { $turn = 3 - $_REQUEST['turn'] ; // switch players (clever: 1 <--> 2) $sticks = $_REQUEST['sticks'] - $_REQUEST['take'] ; // update #sticks } // if there is only one last stick left, current player looses! if ( $sticks == 1 ) { echo "There is (only) <b>one</b> (last) stick left!" ; echo "<p/>" ; echo "<h3>player $turn loses!</h3>" ; } else { // game still on echo_form( $sticks, $turn ) ; }?> Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 19 ] Oct 14, 2011
NIM EXERCISES (pick "relevant") 1) Go through the program (NIM web service): 1a) Read through program 1b) Explain it to one another 2) Change input fields (from type='text' to...): 2a) type='radio' 2b) type='submit' 2c) <select>... </select> 3) Add input validation (using type='text' input): 3a) ensure only 1-3 is entered as #sticks (regexp) 3b) ensure #sticks taken isn't more than what remain (PHP) 4) Add player names: 4a) either: " à PHP" or "single page PHP" 4b) ensure info is submitted every time (hint: type='hidden') 5) Add a computer player: 5a) turn player2 into a computer player 5b) make player2 play using a 'winning strategy' for NIM :-) Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 20 ] Oct 14, 2011
Any questions? Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE Oct 14, 2011
Control Structures Control Structures: Statements (or Expr s) that affect flow of control : if-else: [syntax] if ( COND ) { STM 1 } else { STM 2 } true COND STM 1 false STM 2 [semantics] If the condition (COND) evaluates to true, statement (STM 1 ) is executed, otherwise statement (STM 2 ) is executed. confluence if: [syntax] if ( COND ) { STM } true STM COND false [semantics] If the condition (COND) evaluates to true, the given statement (STM) is executed, otherwise not. confluence Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 22 ] Oct 14, 2011
Control Structures (cont d) while: [syntax] [semantics] for: [syntax] [semantics] while ( COND ) { STM } If the condition (COND) evaluates to false, the given statement (STM) is skipped. Otherwise (if the condition was true), the statement (STM) is executed and afterwards the condition is evaluated again. If it is still true, STM is executed again... This continues until the condition evaluates to false. for (INIT; COND; INCR) { STM } Equivalent to: { INIT; while ( COND ) { STM AFTER; } } true COND STM INIT true STM INCR COND confluence confluence false false Claus Brabrand, ITU, Denmark SCRIPTING, DATABASES, & SYSTEM ARCHITECTURE [ 23 ] Oct 14, 2011