Content text Unit 5 Introduction to Advanced Server Side Issues - PHP.pdf
Introduction to Advanced Server Side Issues - PHP Advanced Server Side Issues Form validation How do we validate form data? The way least we should do is pass all variables through PHP’s html special chars() function. This function will replace HTML class like < and > to their HTML version alt, >, etc. Example This is much safer now and prevents possible attackers from exploiting out code by injecting HTML or JavaScript code. If we know exactly what kind of data to expect, we can make further steps to ensure the user has entered what we want. Let’s do two more things. 1. Strip unnecessary characters from the data. 2. If quotes are escaped with a slash (\), remove that. Instead of writing the same code over and over again, we can create a function that will do all the checking for us. Note the check_input function at bottom. What it does is takes the data passed to the function, strips, unwanted characters. Required and Optional Field In the previous examples, the scripts worked fine if you didn’t enter any data. However, many times you want to make input fields required. Let’s edit check_input function from previous. if($problem. && strlen($data) == 0){ die($problem) } Return $data } Validate Email Address There is no way to be 100% sure an email is actually working unless we send an email there. What we usually do is check if the email syntax is valid. Here is a simple way to check if data entered into field named “email” is an email address without any unnecessary complication and fancy regular expressions. $email = htmlspecialchars(%_POST[‘email’]); if(!preg_match(“/([\w\-] + \@[\w\-] +)/”, $email) { die(“Email address not valid”); } Validate URL address If we have an input field named “website”, we can check for a valid URL like, $url = htmlspecialchars($_POST[‘website’]); if(!preg_match(“/∧(http?:W + ]\w\-] + \ [\w\-] +) /; $(m)) { die(“URL address not valid”); } Digit 0-9 only if(preg_match(“/\D/”, $age)) { die(“Please enter numbers only for age.”); } Letters a-z and A-Z only if(preg_match(“/[∧„a-z A-Z]/”, $text)) { die(“Please enter letters only!”]; } Anything but whitespace if(Preg_match(“/\S/”, $text)) { die(“don’t enter any space”); }
Database Connectivity in PHP Database connectivity in PHP In php, we use database to store our details. When we create a new database, we must specify the first arguments to the mysqli object(servername, Username and password). Create Connection Create Database $sql = “CREATE DATABASE myDB”; if(mysql_query($con, $sql)){ Echo “Database Created”; } else{ Echo “Error”.mysql_error($con); } Create Table The CREATE TABLE statement is used to create a table in mysql. We will create a table named “MyGuests” with 5 columns: “id”, “firstname”, “lastname”. “email” nd “reg_date”. CREATE TABLE MyGuests( id INT(6) UNSIGNED AUTO_INCREMENT.PRIMARY KEY, firstname VARCHAR(20) NOT NULL, lasrtname VARCHAR(20) NOT NULL, email VARCHAR(50), reg_date TIMESTAMP ) In PHP: // create connection first. Then, // sql to create table $sql = “CREATE TABLE MyGuests( id INT(6) UNSIGNED AUTO_INCREMENT.PRIMARY KEY, firstname VARCHAR(20) NOT NULL, lastname VARCHAR(20) NOT NULL, email VARCHAR(50), reg_date TIMESTAMP)”;