CSE 134A Lecture Notes, April 4, 2001

CSE134A LECTURE NOTES

April 4, 2001

WELCOME

Today I'm handing out the first project description. Check the web site for updates. Important note: the HomeWorth site uses encryption, which is complicated to deal with using PHP. Until we fix this problem, you should work on the part of the project that uses Yahoo sites.

The discussion board is ready for use.

If you didn't get an account slip before, get one at the end of class today.

The first section will be on Friday at 4:40 in Warren lecture Hall, room 2005.

HOW PHP WORKS

The web server, for example, Apache, proceeds as follows:

Read HTTP request from browser.
Find requested page as a file on the server's file system.
Execute PHP commands in the page.
Send the modified page back to the client browser.

A PHP program (called a script) is executed on the web server computer, unlike Javascript, which is executed by the client browser.

PHP commands have access to information about the browser, the values of fields in a form on the browser, and can retrieve and/or update information in a database.

General applications: Responding to forms, displaying user-customized content, rotating content. Examples: Slashdot, bug tracking, shopping cart.

WRITING A PHP PAGE

Here's an example

<HTML>
<?php
print("<P>\nHello world from <EM>PHP</EM>.");
?>
</HTML>

The PHP code is inside <? ?> script tags, which are nested inside HTML. HTML stands for Hypertext Markup Language.
<P> is a markup command nested inside the PHP string. \nis an escape character for "new line."

You create this page as an ascii file using a text editor, then save it in your web directory with the name test.php for example. PHP has very forgiving syntax. print and echo are synonyms, and the parentheses are optional.

If you load test.php in your browser and do "view source" you see this:

<HTML>
<P>
Hello world from <EM>PHP</EM>.</HTML>

Notice where the new lines are and are not.

Variable names start with the dollar symbol. As in most scripting languages, e.g. awk and Perl, typing is dynamic. Variables are initialized to have the value zero or empty string depending on context.

FORMS IN HTML

Here's an example

<HTML>
<FORM>
     Please type your name here:
     <INPUT TYPE=TEXT NAME=username>
     <INPUT TYPE=SUBMIT VALUE="Submit data">
</FORM>
<P>
<?php
       print("You typed $username.\n");
?>
</HTML>

When you load this page the first time, you will see an empty input box, a Submit data button, and the text You typed . Then if you fill in Joe Smith and click the button, the page will be redisplayed with the text You typed Joe Smith.

When the page containing the form is submitted, each PHP variable with the same name as one of the NAME= fields in the form is initialized with the value placed in the form by the client.

Therefore, the printing after the form is always of what was entered before the last time the submit button was clicked. You must remember this when designing your PHP code, to avoid making the user confused.

PROCESSING FORMS

The URL sent to the server when the submission button is clicked is

http://ieng9.ucsd.edu/~cs134s/test.php?username=Joe+Smith

The browser packages the information typed into the form as name/value pairs in the URL. To avoid unprintable characters, there is a convention where blanks are changed to + symbols and other characters are also encoded in special ways. On the server, PHP reverses this encoding automatically before initializing variables with the right names.

Browsers consider URLs that include GET information to be the same as URLs that designate static web pages. So, the browser may cache the value of these URLs. This can be incorrect if the server wants to return different information in response to the same form input, for example because time has passed.

If you write <FORM METHOD="POST"> then the browser sends the field values to the server not as part of the URL, but as separate messages in the HTTP protocol. In this case the field values sent are not visible to the human user, and the web page returned by the server is never cached.

With GET-based forms, you can write a program that simulates a human filling out a form by concatenating information into a string that is a GET-type URL. Simulating a human with POST-based forms is more complicated; you need to understand the POST messages in the HTTP protocol.

You can make the result of submitting a form be a completely different web page by writing <FORM ACTION="process.php"> for example.

MAINTAINING STATE

HTTP is a stateless protocol. State is often called session information. The GET syntax makes it easy to transfer state information from one web page to another. Consider this example:

<A TARGET="_new" HREF="next.php?id=<?php echo urlencode($userid); ?>">

Clicking on this link will cause the next.php script to be executed on the server. The resulting HTML will then be displayed by the browser, in a brand-new window because of the TARGET="_new" part. The URL that is invoked is actually next.php?id=Joe+Smith. Thenext.phpscript doesn't know whether it is invoked by a real form or not. The PHP compiler is not smart enough to realize that the echo operation is within the context of a URL, so it doesn't know to apply URL encoding automatically.

If you write HREF="next.php?t=<?php echo time(); ?>" then caching in the browser will be avoided.

PHP SYNTAX ISSUES

Keep track of whether you are inside HTML tags, or PHP tags.

Single quote ' and double quote " are slightly different in strings. PHP can use both. HTML uses ".

// gives an end of line comment. /* and */ give multiline comments.

give multiline comments in HTML.