Advanced Commercial Web Site Design: ServerSide Scripting

1
Advanced Commercial Web Site Design Server-Side
Scripting

• Session 6 Interacting with web pages (GET POST)

2
Outline

• Form processing in PHP
• GET method
• Arguments
• POST method
• Advantages / Disadvantages

3
HTTP a stateless protocol

• The HTTP protocol is text based protocol which
  follows the request/response model
• Each of the requests is totally independent from
  any other request
• Hence stateless
• Many types of the applications need to maintain
  the state between requests
• The sequence of the requests is important as well
  as what the previous state was

4
An example HTTP Request

• GET /index.html HTTP/1.1
• Host www.shef.ac.uk80
• User-Agent Mozilla/5.0 (X11 U Linux i686
  en-US rv1.1) Gecko/20020913
• Accept text/xml,application/xml,application/xhtml
  xml,text/htmltext/plain,video/x-mng,image/png,im
  age/jpeg,image/gif,text/css,/
• Accept-Language gl, es-esq0.66, en-gb
• Accept-Encoding gzip, deflate, compress
• Accept-Charset ISO-8859-15, utf-8
• extra lines

5
An example HTTP response

• HTTP/1.1 200 OK
• Date Thu, 17 Oct 2002 123131 GMT
• Server Apache/1.3.26 (Unix) Debian GNU/Linux
  mod_gzip/1.3.19.1a
• Last-Modified Thu, 10 Oct 2002 115120 GMT
• Accept-Ranges bytes
• Content-Length 3633
• Connection close
• Content-Type text/html charsetiso-8859-1

6
Maintaining the state

• In order to maintain the state, there are two
  methodologies (two techniques) which are
  complementary in a way.
• Maintain the state at the server side
• Every downloaded page includes the state of the
  application, which is sent back to the server
  along with the newly submitted information.
• Maintain the state at the client side
• The state is maintained at the client side, by
  storing a piece of information at the client side
  which is sent to the server with every request,
  and modified when the response arrives.

How to transfer the information?
7
GET method

• It passes information (arguments) from one web
  page to the web server through the URI1 query
  string.
• How it works?
• GET appends the pair (varName, value) to the URL
  specified in the ACTION attribute of the HTML
  Form.
• A special character (?) is used to concatenate
  the original URL and the appended pairs of
  information.
• The full query string is then sent to the
  processing agent, the server/client side
  application that will process the information in
  this case a PHP script.

1. Uniform Resource Indicator. Also known as URL
(Uniform Resource Locator).
8
Example on GET method

• Assume a HTML file with a simple form like the
  following
• And the corresponding PHP script (get1.php) with
  the following code

ltbodygt ltform action"http//till.co.uk/cw3/user_x
/get1.php" method"GET"gt ltpgtFirst name ltinput
type"text" size12 name"FirstName"gt ltpgtltinput
type"submit"gt lt/formgt lt/bodygt
ltbodygt lt?php print("Your first name is
_GETFirstName!") ?gt lt/bodygt
9
The URL query string

• After typing a name (i.e. Mary) and pressing
  the button Submit Query, the information of the
  form is passed to the processing agent the
  script get1.php, in the following format
• http//till.co.uk/cw3/user_x/get1.php?FirstnameMa
  ry
• The URL specified in the ACTION attribute
• A question mark (?)
• The arguments name (FirstName), an equal sign
  () and its valueoptionally
• An () is used as a delimiter between multiple
  information pairs
• http//till.co.uk/cw3/user_x/get2.php?age25fnam
  emarylnamejohnson

10
GET on the server side

• The PHP script has direct access to the arguments
  of the GET method, i.e. the argument FirstName.
• It maps to a PHP variable, retrieving its value
  from the _GET array
• GET argument PHP variable
• FirstName ? _GETFirstName

11
Exercise 6.1 Bank Details GET

• Create a HTML Form asking the bank details of a
  customer.
• The customers first and last name (two text
  fields)
• The card number (one text field)
• The branch short code (one text field)
• The expiry date two text fields, one for the
  month (mm) and one for the year (yyyy), 2 and 4
  characters respectively.

12
Exercise 6.1 Bank Details GET (cont.)

• Create a PHP script that will gather this
  information
• First checking that the month and year have
  logical valuesMonth 1-12, Year 1901- 2020
• If either of these numbers is incorrect, an error
  message should be displayed at the corresponding
  column (see below)
• And will present the details in a table with
  adequate headers.
• First row will be the headers. Second row will
  have the following
• The first column will contain the whole name, in
  the form (LastName, FirstName)
• The second column will contain the branch short
  code
• The third column will contain the card number
• The fourth column will contain the expiry date,
  in the form (mm / yyyy)

13
Exercise 6.1 Bank Details GET(cont.)
14
Exercise 6.1 Bank Details GET (cont.)
15
POST method

• It passes information (arguments) from one
  web-page to another by including it in the body
  of the form. Nothing is visible to the URI1
  string.
• Advantages
• Security The information entered by the user is
  not shown to the query string or the server logs.
• Capacity The amount of data that can be
  transferred by POST is larger than in GET method.
• Disadvantages
• Bookmarks The results cannot be stored as
  bookmarks since the URL is always the same.
• Firewall Some strict firewalls tend to strip the
  body of the forms and the included information is
  lost.

1. Uniform Resource Indicator. Also known as URL
(Uniform Resource Locator)
16
Example on POST method

• Assume a HTML file with a simple form like the
  following
• And the corresponding PHP script with the
  following code

ltbodygt ltform action" http//till.co.uk/cw3/user_
x/post.php " methodPOST"gt ltpgtFirst name
ltinput type"text" size12 name"FirstName"gt ltpgt
ltinput type"submit"gt lt/formgt lt/bodygt
ltbodygt lt?php print("Your first name is
_POSTFirstName!") ?gt lt/bodygt
17
POST on the server side

• The PHP script has direct access to the arguments
  of the POST method, i.e. the argument LastName.
• It maps to a PHP variable, retrieving its value
  from the _POST array
• GET argument PHP variable
• LastName ? _POSTLastName
• GET and POST variables can also be retrieved from
  the _REQUEST array
• _REQUESTLastName

18
Use of GET POST methods

• When to use GET methodWhen we need to pull
  information out of the storage
• Site navigation
• Searching
• When to use POST methodWhen we need to put
  information to the back-end storage (i.e. upload
  files) and be secure
• Add information to a database
• Authentication/Authorization