Processing PHP Forms
Anuncio
Processing PHP Forms and Server‐side Validation
05/02/2015
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
Processing PHP Forms
- Server-side Validation -
3. Code
modularization
4. Validation
examples
Grupo de Ingeniería del Software y Bases de Datos
Departamento de Lenguajes y Sistemas Informáticos
© Diseño de Amador Durán Toro, 2011
Universidad de Sevilla
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
• Server-side validation and other tasks:
PHP
1. Introduction
2. Global variables:
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
PDO
1
Web client
8
2
7
4
3
Data
The variable
$_SERVER
Business Logic
The variable
$GLOBALS
•
Presentation
•
6
DBMS
5
4. Validation
examples
In today class
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
1
© Diseño de Amador Durán Toro, 2011
Web server
(with processing capability)
1
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
• Predefined variables
• General:
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
– $GLOBALS ≡ Global variables
– $_SERVER ≡ Information about the running server
and configuration
– $_SESSION ≡ Session data
3. Code
modularization
4. Validation
examples
• Form processing:
– $_FILES ≡ Information of the files sent by means
of a form
Introducción a la Ingeniería del Software y a los Sistemas de Información
2
© Diseño de Amador Durán Toro, 2011
– $_REQUEST ≡ Request data, usually sent by
means of a form
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
• Definition of $GLOBALS:
– It is an associative array containing references to
all the defined global variables
– The names of such global variables act as the
array keys
3. Code
modularization
– Global variables can be used in any PHP function
or tag
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
3
© Diseño de Amador Durán Toro, 2011
4. Validation
examples
2
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
1. Introduction
• The $_SERVER variable contains information
about the execution environment and server,
such as headers, paths, and script locations
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
4. Validation
examples
• It is an associative array, containing (among
others):
– 'PHP_SELF’: The relative path of the file (containing the script)
which is currently executing
– ‘SERVER_ADDR’: The IP address of the server under which the
current script is executing
– ‘SERVER_NAME’: The hostname of the server under which the
current script is executing
– ‘REQUEST_METHOD’: The type of request (i.e. 'GET', 'POST',…)
– ‘REMOTE_ADDR’: A string containing the IP address of the machine
that requested the current page
Introducción a la Ingeniería del Software
4
y a los Sistemas de Información
4
© Diseño de Amador Durán Toro, 2011
– ‘SERVER_PORT’: The port on the server host being used by the web
server for communication
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
1. Introduction
• The $_REQUEST variable contains the variable values
of the HTTP request. Such values are validated on the
server-side, as we will see later
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
4. Validation
examples
• It is an associative array that contains in turn all the
elements in $_GET, $_POST, and $_COOKIE
• A way to check whether a variable has been sent in
the current request may be:
<?
if (isset ($_REQUEST[‘X’]))
echo “‘X’ is $_REQUEST[‘X’]”;
else
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
5
© Diseño de Amador Durán Toro, 2011
echo “ ‘X’ has not been sent”.
?>
3
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
• To handle file uploads, we use the global $_FILES
variable
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
• It is another associative array whose keys are
the names of the file elements uploaded by
means of the form, and its associated values are
in turn arrays indexed by the following keys:
– name: the name of uploaded file as supplied by the browser
– type: the MIME type of the uploaded file (such as "image/gif“)
– size: the size of the uploaded file (in bytes)
3. Code
modularization
4. Validation
examples
– tmp_name: the location in which is stored the temporary file on the
server that holds the uploaded file
– error: an error code, that can be:
UPLOAD_ERR_OK (no
•
UPLOAD_ERR_INI_SIZE
•
UPLOAD_ERR_FORM_SIZE
error)
•
UPLOAD_ERR_PARTIAL
•
UPLOAD_ERR_NO_FILE
•
UPLOAD_ERR_NO_TMP_DIR
•
UPLOAD_ERR_CANT_WRITE
Introducción a la Ingeniería del Software y a los Sistemas de Información
6
© Diseño de Amador Durán Toro, 2011
•
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
• Example for processing $FILE:
<?
if (isset ($_FILES[‘the_name_file']) &&
($_FILES[‘the_name_file']['error'] == UPLOAD_ERR_OK)) {
$newPath = “.\\myPath\\”;
if (move_uploaded_file($_FILES[‘the_name_file']['tmp_name'], $newPath)) {
print(“File stored in $newPath“);
} else {
print (“File can not be stored in $newPath”);
3. Code
modularization
4. Validation
examples
}
} else {
print( “There was an error while uploading file:” .
$_FILES[‘the_name_file']['error'] );
?>
Introducción a la Ingeniería del Software
7
y a los Sistemas de Información
IISSI
7
© Diseño de Amador Durán Toro, 2011
}
4
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
• HTTP is designed as a stateless protocol, what is a
problem for web application development
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
4. Validation
examples
• Session support in PHP consists of a way to preserve
certain data across subsequent accesses
• Modern server-side script languages (such as PHP)
have a good support for session handling on HTTP,
so that:
– Detecting whether a pair of requests belongs to the same session
• This support is provided from PHP 4.0
Introducción a la Ingeniería del Software y a los Sistemas de Información
8
© Diseño de Amador Durán Toro, 2011
– The capability for storing information associated to a session and
recovering it afterwards
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
• By default, PHP uses cookies (for storing
temporary data in the user web browser) in
order to maintain a session:
– A common problem is caused because of cookies being
disabled in the web browser (typically for security reasons)
• If cookies are disabled, PHP makes use of
hidden variables instead
4. Validation
examples
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
9
© Diseño de Amador Durán Toro, 2011
• PHP functions for session handling abstract
away such programming details
5
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
4. Validation
examples
• In PHP, each session is identified by a 32characters string (sessionID):
– So that that each user being concurrently logged
is given a different sessionID
• By default, PHP stores the session data in a
temporary file (in /tmp directory):
– A different file for each session
Introducción a la Ingeniería del Software y a los Sistemas de Información
10
© Diseño de Amador Durán Toro, 2011
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
• The $_SESSION variable contains the data
concerning to a session
1. Introduction
2. Global variables:
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
4. Validation
examples
• It is an associative array, that allows to store
and retrieve the session data:
<? session_start();
session_start(); ?>
?>
<?
…
…
<?
<?
?>
?>
$_SESSION[‘user`]=$_REQUEST[‘user’];
$_SESSION[‘usuario’]=$_REQUEST[‘usuario’];
$_SESSION[‘passwd`]=$_REQUEST[‘passwd’];
$_SESSION[‘passwd’]=$_REQUEST[‘passwd’];
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
11
© Diseño de Amador Durán Toro, 2011
•
6
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
• Functions for handling PHP sessions:
– session_start: Initializes a session and allows to store
variables in $_SESSION
– session_destroy: Destroys all data saved in the session
– session_encode: Encodes the data of the current session
as a string
4. Validation
examples
– session_decode: Decodes the session data from a string
current session id
Introducción a la Ingeniería del Software y a los Sistemas de Información
12
© Diseño de Amador Durán Toro, 2011
– session_id: Gets the 32 characters containing the
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
• Modularization to process the form data:
1. Introduction
$_SESSION data
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
4. Validation
examples
no
errors?
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
13
© Diseño de Amador Durán Toro, 2011
yes
7
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
<?
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
if (isset ($_SESSION[“errors”]))
$errors=$_SESSION["errors"]; Two elements in $_SESSION
to store:
?>
• Form data
…
• Errors (validation results)
<div id="div_errors">
<?
if (isset($errors)){
foreach($errors as $error){
print("<div class='error'>");
print("$error");
Errors are shown in that case
print("</div>");
In case of active session, the
}
form must recover the data
}
stored in the session, or show
?>
the default values instead
</div>
….
<div id="div_name">
<label for=“name">Name:</label>
<input id=“name" name=“name"
value= “<? echo $form[‘name‘]; ?>” />
</div>
…
3. Code
modularization
4. Validation
examples
Introducción a la Ingeniería del Software y a los Sistemas de Información
14
© Diseño de Amador Durán Toro, 2011
// The session is either initialized or recovered
session_start();
if (!isset($_SESSION[“form”]) ) {
// Default values in case of first access (no session)
$form[“name"]=“default_name”;
$form[“address"]=“default_address“;
$_SESSION[“form”] = $form;
}
else
$form=$_SESSION["form"];
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
Processing PHP Forms – Server-side Validation
• In case of no active session, it means someone or
something is trying to access this PHP by-passing the form
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
<?
1. Introduction
2. Global variables:
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
• To assign the data which
has been sent
• To validate such data
• In case of error, go back
to the form
• Otherwise, go to the page
of success
4. Validation
examples
$errors = validate($form);
if ( count ($errors) > 0 ) {
$_SESSION["errors"] = $errors;
Header("Location: form.php");
}
else Header("Location: success.php");
}
else Header("Location: form.php”);
function validate($form) {
if (empty($form[“name"]) {
$errors[] = “Name is empty";
}
• To validate the data which
has been sent from the form,
to check whether they have
been given acceptable values
...
return $errors;
}
?>
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
15
© Diseño de Amador Durán Toro, 2011
•
session_start();
if (isset($_SESSION["form"]) ){
$form[“name"]=$_REQUEST[“name"];
$form [“address"]=$_REQUEST[“address"];
$_SESSION["form"]=$form;
8
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
• Validation in PHP: Strings
<?
if (isset($_REQUEST ["name"]) && strlen($_REQUEST [“name"])>$X)
{
…
}else {
…
}
?>
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
•
More complex validations:
<?
if (isset($_REQUEST [“domain"])){
if (substrrlen($_REQUEST [“domain"],-5)=“us.es”){
…
}else {
…
}else {
…
Syntactic
}
?>
3. Code
modularization
4. Validation
examples
•
validation
Email validation:
http://code.iamcal.com/php/rfc822/rfc822.phps
•
Bank account validation:
http://en.wikipedia.org/wiki/Luhn
Introducción a la Ingeniería del Software y a los Sistemas de Información
16
© Diseño de Amador Durán Toro, 2011
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
• Validation in PHP: Numbers
• Check that is a number:
<?
if (isset($_REQUEST [“phone"]) && is_numeric($_REQUEST [“phone"])){
…
}else {
…
}
?>
• Check that is an integer:
3. Code
modularization
4. Validation
examples
$bInt = is_int( $X); // if it is an integer
$bPositive = ctype_digit($X); // If it is a positive integer
$bInt = ($X == strval(intval($X))); // if it is an integer, either positive or negative
$bDec = ($X == strval(floatval($X))); // if it is a decimal number
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
17
© Diseño de Amador Durán Toro, 2011
• Check that is a decimal number:
9
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
4. Validation
examples
• Validation in PHP: Dates
• Having a day, month and year in a separated
way:
$isValidDate = checkdate($month, $day,$year);
• Having a string for the date:
<?
$date1 = "11/15/1999“;
$date2 = "12/10/2000";
list ($month1, $day1, $year1) = explode ("/", $date1);
list ($month2, $day2, $year2) = explode ("/", $date2);
$timestamp1 = mktime (0, 0, 0, $month1, $day1, $year1);
$timestamp2 = mktime (0, 0, 0, $month2, $day2, $year2);
$diff = ($timestamp1 > $timestamp2) ?
($timestamp1 - $timestamp2) : ($timestamp2 - $timestamp1);
print(“Date difference";
print(date ("Y“, $diff) – 1970);
print(" year, " . (date ("m", $diff) - 1);
print(“ month y " . (date ("d", $diff) - 1);
print(" days.";
?>
Introducción a la Ingeniería del Software y a los Sistemas de Información
18
© Diseño de Amador Durán Toro, 2011
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
Processing PHP Forms – Server-side Validation
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
• Validation in PHP: Instants
• PHP offers the strtotime function which tries to
infer the datetime format from a string and return
the corresponding timestamp
<?
$birthdate = “2 November 1976 01:50am";
$birthdate_instant = strtotime ($birthdate);
print(“You have an age of “);
print( number_format (time() - $birthdate_instant));
print( " seconds “);
3. Code
modularization
4. Validation
examples
?>
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
19
© Diseño de Amador Durán Toro, 2011
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
10
Processing PHP Forms and Server‐side Validation
05/02/2015
Processing PHP Forms – Server-side Validation
Escuela Técnica Superior
de Ingeniería Informática
Departamento de Lenguajes
y Sistemas Informáticos
• Comments, suggestions, …
1. Introduction
2. Global variables:
•
The variable
$GLOBALS
•
The variable
$_SERVER
•
The variable
$_REQUEST
•
The variable
$_FILES
•
The variable
$_SESSION
3. Code
modularization
Introducción a la Ingeniería del Software y a los Sistemas de Información
IISSI
20
© Diseño de Amador Durán Toro, 2011
4. Validation
examples
11
