Transcript ww2.cs.fsu.edu

PHP
Forms and Databases
Forms with PHP
● Form data is sent to the server when the user
clicks “Submit”.
● The server can then use this data for various
purposes (this is not validation).
● The PHP superglobals $_GET and $_POST
are used to collect form-data.
GET vs. POST
● Both GET and POST create an array (e.g. array( key =>
value, key2 => value2, key3 => value3, ...)). This array holds
key/value pairs, where keys are the names of the form
controls and values are the input data from the user.
● $_GET is an array of variables passed to the current script
via the URL parameters.
● $_POST is an array of variables passed to the current script
via the HTTP POST method.
GET
● Information sent from a form with the GET method is
visible to everyone (all variable names and values
are displayed in the URL).
● GET also has limits on the amount of information to
send. The limitation is about 2000 characters.
However, because the variables are displayed in the
URL, it is possible to bookmark the page. This can be
useful in some cases.
● GET may be used for sending non-sensitive data.
● GET should NEVER be used for sending passwords or
other sensitive information!
POST
● Information sent from a form with the POST method
is invisible to others (all names/values are
embedded within the body of the HTTP request) and
has no limits on the amount of information to send.
● Moreover POST supports advanced functionality such
as support for multi-part binary input while uploading
files to server.
● However, because the variables are not displayed in
the URL, it is not possible to bookmark the page.
● Developers prefer POST for sending form data.
Validation
● PHP can be used to perform form validation
as well.
● However, this validation is performed on the
server, which might waste time and server
resources.
● JavaScript is always preferred for client side
validation.
Database Interaction with
PHP
PHP 5 and later can work with a MySQL database using:
● MySQLi extension (the "i" stands for improved)
● PDO (PHP Data Objects)
Earlier versions of PHP used the MySQL extension.
However, this extension was deprecated in 2012.
MySQL vs PDO
● Both MySQLi and PDO have their advantages:
● PDO will work on 12 different database systems, where as
MySQLi will only work with MySQL databases.
● So, if you have to switch your project to use another
database, PDO makes the process easy. You only have to
change the connection string and a few queries. With
MySQLi, you will need to rewrite the entire code - queries
included.
● Both are object-oriented, but MySQLi also offers a
procedural API.
● Both support Prepared Statements. Prepared Statements
protect from SQL injection, and are very important for web
PHP with MySQL
The following procedure has to be used to PHP/
MySQL interaction.
● Open a connection.
● Run SQL statements and process the returns
(repeat how many ever times).
● Close the connection.