WWW programming

1
WWW programming

• A course on www programming
• Jyrki Nummenmaa

2
Prerequisites

• Programming skills
• SQL database basics including database
  programming
• WWW technique basics
• Html
• Css
• Some understanding of usability issues would be a
  big bonus
• Some general understanding on software
  engineering

3
Course goals

• Learn the basic ideas and techniques for building
  www applications
• Learn the principals for creating maintainable
  www applications
• Architecture
• Selection of techniques
• How to use the techniques

4
Browser and server interaction

• User runs a web browser on a client computer
• A server computer runs a web server
• The user client sends requests in HTML
• An URL with parameters
• The server serves HTML pages as replies
• The browser reads the HTML and displays it
• HTML rendering may vary browser by browser

DATABASE SERVER
5
Implications to web applications

• Communication is asynchronic
• The server generally reacts to browser requests
• Does not push information to the browser
• The server does not know if the browser is alive
• The user interface and the layout must be
  implemented using web technologies
• The communication by default is not secure
• To secure, you may use e.g. https

6
Web applications?

• Basic html is static
• In practice, there is a need to generate web
  pages dynamically e.g. from database content
• There is also a need to process user input
• All this requires a program to execute
• The web server by default serves static html
  pages
• It may also execute programs to create pages
  dynamically
• For this, it may need additional installations.
  We may talk about them later at the course but
  not at this moment.
• The installations are different for different
  languages.

7
MVC

• Model
• Often uses a database.
• Could include basic rules about the domain.
• View
• User interface
• Typical implementation is graphical (GUI,
  graphical user interface)
• Controller
• Understands user interface requests.
• Uses the model to fulfill them.

8
MVC triad
MVC is an MVC variant developed at Nokia. Slide
by Ari Jaaksi.
9
MVC application in action
From a slide by Ari Jaaksi.
10
Working together
Slide by Ari Jaaksi.
11
MVC in web applications

• We use the MVC model as a basis for architectural
  and technical considerations.
• Typical web applications access a database, which
  is the most important part of the Model.
• In practice the databases are SQL databases.
• The View is implemented using many different
  technologies
• Javascript and Java applets may execute within
  the browser.
• Html view part may be generated and output by
  programming languages directly.
• XML specifications are also used (e.g. Java
  Server Pages)
• The Control part is typically programmed with
  some programming language suitable for web
  applications.

12
PHP language

• PHP, Hypertext Preprocessor
• Documentation http//www.php.net
• Can be used for other things, but is primarily
  used for web applications.
• Typically, needs an additional installation for
  the web server (e.g. Apache, IIS)
• The departmental server have this.
• If a browser requests a page whose name ends with
  .php, it is executed using a PHP preprocessor.

13
PHP preprocessing

• In a .php file, the php code is withinlt?php
  and?gt
• What is not php code, is sent to the browser as
  it is.
• What is php code, is executed and not sent to the
  browser.
• If the php code outputs something, that something
  (all of the output) is sent to the browser in
  place of the php code.
• If there are errors, error messages are included
  in the output.
• Errors in php syntax interrupt the execution.

14
PHP Basics

• We will learn them from examples.
• For details, check up the documentation.
• I include the examples as .txt and as .php
• You may execute the .php
• You may have a look at the .txt
• We start with basic php to study the techniques.
• These are just technical examples.
• Later we improve the implementational aspects.
• See http//fi.php.net/manual/en/langref.php for
  basic language reference.

15
Data from HTML forms

• HTML forms may include variables, in which the
  user may provide values using the browser.
• The browser sends the variables to the server.
• The variables may be encoded in two possible
  ways
• GET
• Encoded in the URL (address)
• POST
• Encoded in the message body sent to the server
• See examples.

16
Important form attributes

• method
• post or get, as will be discussed
• action
• Name of the page to which the data is submitted
• input
• See examples and/or an html manual
• ltinput typesubmit valueSubmitgt

17
GET

• Coded in the URI
• Only guaranteed for ASCII characters
• Refresh-button typically re-executes the request
  without warning
• GET should only be used for retrieving
  information.
• If the page makes changes, they may be
  re-executed
• E.g. Ordering another laptop from the computer
  store...
• The variables are visible in the browser address
  line
• Typically there is a size limitation for URI in
  the browser.

18
POST

• Coded in the message body.
• Typically at refresh, the browser gives a
  warning.
• Data encoding based on enctype attribute
• application/x-www-form-urlencoded
• Default, see below when not to use it.
• multipart/form-data
• Binary data
• Non-ASCII data
• Files
• For content type details, seehttp//www.w3.org/TR
  /html401/interact/forms.htmlform-content-type

19
GET or POST?

• Use GET when
• There is little data.
• The page request does not imply database changes
  / transactions.
• There is only ASCII data.
• There are no files in the input (apparently then
  also we may have a lot of data).
• It is ok to show the variables in the URI (note
  that in POST they are in the message body,
  though, and not hidden).
• Otherwise, use POST.

20
Retrieving the variable values

• There are several ways to retrieve the variable
  values.
• _POST array contains the POST data variables
• _GET array contains the GET data variables.
• _REQUEST can be used to access all variable
  values
• GET, POST and Cookies (more about Cookies later)
• Import_request_variables function
• If the PHP server has the register_globals
  directive on, then the server will create global
  variables from html variables for your PHP
  program.
• See examples of all types.

21
import_request_variables

• import_request_variables ( string types , string
  prefix)
• types is a string of characters P (post), G (get)
  and C (cookie, other characters will be ignored)
  and shows the order in which variables are
  considered.
• E.g. if types gp then get variables are
  imported first and thereafter post variables will
  overwrite them, if they have same names. This is
  probably a better default than pg.
• prefix is used to prefix the resulting variable
  names, e.g. if prefix myvar_ and variable x
  is imported, the resulting name is myvar_x
• On turvallisempaa käyttää prefix-määrettä, koska
  www-ohjelmaa vastaan voidaan yrittää hyökätä
  esim. asettamalla URIssa muuttujanarvoja
  toiveena, että näitä käytetään epäonnisesti
  ohjelmassa.

22
register_globals

• Earlier it was standard for the PHP installations
  to have the register_globals on.
• In that case global PHP variables are created
  from the HTML variables.

23
Html conversion

• Some characters have a special meaning in html.
• If you use user input directly as output in your
  html page, you may want to be sure that these
  characters do not mess up your page.
• You may use htmlspecialchars() to change the most
  commont ones.
• See PHP documentation.
• You may use htmlentities() to change them all.
• See PHP documentation.
• More on data validation in the next lecture