Lab3

Lab 3 - PHP

Objectives:

Write php scripts
Access psql db through php script

Take a look and try each of the following PHP scripts. (The text of the scripts are provided in text files).

Simple example which demonstrates that several PHP scripts can be embedded in a single web page and shows how to do output from PHP: hello.php hello.txt
This script demonstrates comments, iteration, and selection in PHP: loop.php loop.txt
A pure HTML form passes scalars to a PHP processing script: form.html form.txt process.txt
A script demonstrates passing values within an array: form2.php form2.txt process2.txt
Script which will aid in debugging: globals.php globals.txt and an example of how it is used suexec2.php suexec2.txt

Assignment:

Write a pair of web pages with embedded PHP scripts. The first PHP script should generate a form which allows the user to input 10 numbers. When the form's submit button is pressed, the 10 numbers should be sent to the second PHP script as an array. The second script should display the largest number in the array and the average of the 10 numbers.
Design a form which implements a two or three question multiple choice test (Use radio boxes to select answers --- see The Bare Bones Guide to HTML. The user should input their name in a text box at the top of the form. Write a PHP script to grade the test, greet the user by name, and print the number of correct answers. Use arrays to pass the selected answers to the PHP script and to hold the list of correct answers. Hint: your radio box tags will need to be similar to:
```
<input type=radio name='ans[0]' value='A'>

Notice how the array used to pass the answers from the form to the processing script is indexed.
```

HTTP is a stateless protocol. So, how can we retain state (persistence)? We will use sessions.

HTTP GET: parameters passed as part of URL:

	http://phoenix.goucher.edu/process.php?name=jill

Accessed through _GET associative array in PHP:

	$name = $_GET["name"];

example:  Session ID (SID) passed as GET parameter:

	echo "<A href=\"http://phoenix.goucher.edu/process.php?"
     		. SID . "\">";

HTTP POST: parameters passed into script via stdin and accessed through _POST associative array.

Sessions:

Sessions exist until browser is closed or PHP garbage collector removes the session data file.

Establishing a session and writing session variables:

	session_start();

	$_SESSION["username"] = $username;
	$_SESSION["password"] = $password;

Checking to see if a session variable already exists:

	if (isset($_SESSION["username"])
   		$username = $_SESSION["username"];
	else
   		$_SESSION["username"] = $username;

Deleting a session variable (enhanced security):

	unset($_SESSION["username"]);

Example: Counting Page Accesses

This demonstrates a simple script which counts how many times the user has accessed pages on a website. It maintains four session variables (on for each page on the site). Note that the SID and the current selected page (whichPage) are passed as GET parameter.

pageCount.php pageCount.txt

PHP and PostgreSQL Connectivity

Processing model:

Establish connection, receive handle.
Send SQL query, receive results "array."
Process results array.
Free results array.
Repeat as needed.
Close connection.

Establishing a connection:
```
$handle = pg_connect("dbname=databaseName user=userName password=pwd");
```
Be sure to check handle status to see that the connection was made. Handles are needed since script could have multiple DB connections open.

Sending a query:

$result = pg_exec($handle, "query string");

Check result status!

Determining the size of a result: pg_numrows($result), pg_numfields($result).
Accessing the result:
```
$item = pg_result($result, $row, $field);
$item = pg_result($result, $row, "fieldName");
```
$row and $field are 0-based numeric indices. fieldName is an associative array-style index.

Freeing a result, closing a connection:

pg_freeresult($result);
pg_close($handle);

Example Code:

Things to note for each file:

login.html:
1. Form tag: method and action.
2. Input tags: types and names.
authenticate.php:
1. Debugging notes.
2. Retrieval of username, password. Associative array.
3. Database connection and error checking.
4. Sending a query and error checking.
5. Accessing query results. Associative array.
  Why the check on pg_numrows()?
6. Establishing the session and saving session variables.
7. Passing SID back to the server as a GET parameter.
  SID will be empty when we resume the session.
8. Freeing the result and closing the database.
query.php:
1. Retrieving session variables.
2. Iterating through the result.

Assignment:

In ~jillz/cs325/db on phoenix you'll find the three files: login.html, authenticate.php, and query.php. Copy them to your public_html directory and verify that you can access the registration database via the files you just copied.
Modify the files so that you can access any database on the system. You'll need to do the following:
1. Note that the files, as is, use two levels of authentication. For this extension, the second level is unnecessary. Eliminate it.
2. You'll need to add a field to the login form so the user can specify the database to which you will connect. You'll need to make use of this information in the pg_connect() call and store it as an additional session variable.
3. Fix-up anything else necessary to generalize these files.
Instead of returning a table, INSERT, DELETE, and UPDATE return the number of tuples affected. Modify query.php to reflect this. Refer to the description of stristr in the online PHP documentation.