tu esd - siuestornar/courses/notes/cs234/tu-esd.pdf5 empty() + is_numeric() is a knock out empty()...
TRANSCRIPT
![Page 1: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/1.jpg)
TUESD
1
![Page 2: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/2.jpg)
Error Checking/Validation
2
![Page 3: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/3.jpg)
3
Expected1
Warnings2
Errors come in three flavors
Fatal3
Expected you anticipateWarnings are look outsFatal are sayonara!
![Page 4: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/4.jpg)
4
PHP error assistance
empty() is better suited for query strings unless numeric information is supplied
![Page 5: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/5.jpg)
5
empty() + is_numeric() is a knock out
empty() is better suited for string queries than isset() unless numeric information is transmitted
![Page 6: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/6.jpg)
6
error_reporting1
display_errors2
PHP error reporting
log_errors3
![Page 7: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/7.jpg)
7
Setting the error_reporting1
Constant Name Value Description
E_ALL 8191 Report all errors and warnings
E_ERROR 1 Report all fatal runtime errors
E_WARNING 2 Report all nonfatal runtime errors (that is, warnings)
0 No reporting
/* In code */ error_reporting(E_ALL);
/* In php.ini */ error_reporting = E_ALL
![Page 8: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/8.jpg)
8
Setting the display_errors2
/* In code */ ini_set('display_errors', '0');
/* In php.ini */ display_errors = Off
Decide whether to display errors or not
![Page 9: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/9.jpg)
9
Setting the log_errors3
/* In code */ ini_set('log_errors', '1'); ini_set('error_log', '/logs/myerr.log');
/* In php.ini */ log_errors = On error_log = /logs/myerr.log
Should errors be logged or not
Advisable to turn on error logging for production sites as well as development sites.
![Page 10: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/10.jpg)
10
log errors in code as well3
![Page 11: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/11.jpg)
11
PHP handles errors procedurally
![Page 12: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/12.jpg)
12
and object oriented
![Page 13: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/13.jpg)
13
exceptions can be rethrown
![Page 14: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/14.jpg)
14
Provide custom error/exception handlers
At the beginning of the script: set_exception_handler('my_exception_handler');
![Page 15: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/15.jpg)
15
Required1
Correct type/format2
Comparison3
Range check4
Custom5
Input validation options
![Page 16: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/16.jpg)
16
Notify the user accordingly
![Page 17: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/17.jpg)
17
Alerts should be avoided
Use these sparingly for critical errors Fine during debugging
![Page 18: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/18.jpg)
18
Offer textual hints
Textual hints work nicely
![Page 19: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/19.jpg)
19
Use tooltips and popups
Pop-ups and tooltips always desirable (js or jQ)
![Page 20: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/20.jpg)
20
Masks eliminate input ambiguity
Masks are not only for Mardi Gras
![Page 21: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/21.jpg)
21
Use the proper widget for the job
Offer appropriate widget rather than text field
![Page 22: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/22.jpg)
22
HTML5 offers simple validation
HTML: the lowest form
![Page 23: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/23.jpg)
23
JS performs pre-validation
function init() { var form = $('sampleForm'); form.onsubmit = validateForm; } $(function() { init(); } );
JS - prevalidation
![Page 24: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/24.jpg)
24
PHP is the validation
<?php /* turn on error reporting */ error_reporting(E_ALL); ini_set('display_errors','1'); ...
PHP always performed
![Page 25: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/25.jpg)
25
<?php /* File: esd-validationForm.php */ ?>
<!DOCTYPE html><html><head> <title>Testing Validation with js and php </title> <style> .controls span { color: red; } </style></head><body>
<!-- Present form with controls to validate --><form method="POST" class="form-horizontal" id="sampleForm"> <fieldset> <legend>Form with Validations</legend>
![Page 26: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/26.jpg)
26
<div class="control-group" id="controlCountry"> <label class="control-label" for="country">Country</label> <div class="controls"> <!-- Show a dropdown box --> <select id="country" name="country" class="input-xlarge"> <option value="0">Choose a country</option> <option value="1">Canada</option> <option value="2">France</option> <option value="3">Germany</option> <option value="4">United States</option> </select> <span class="help-inline" id="errorCountry"> </span> </div> </div>
![Page 27: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/27.jpg)
27
<!-- email field --> <div class="control-group" id="controlEmail"> <label class="control-label" for="email"> Email</label> <div class="controls"> <input id="email" name="email" type="text" placeholder="enter an email" class="input-xlarge" required> <span class="help-inline" id="errorEmail"> </span> </div> </div>
![Page 28: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/28.jpg)
28
<!-- password field --> <div class="control-group" id="controlPassword"> <label class="control-label" for="password">Password</label> <div class="controls"> <input id="password" name="password" type="password" placeholder="enter at least eight characters" class="input-xlarge" required> <span class="help-inline" id="errorPassword"></span> </div> </div>
![Page 29: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/29.jpg)
29
<!-- submit button --> <div class="control-group"> <label class="control-label" for="singlebutton"></label> <div class="controls"> <button id="singlebutton" name="singlebutton" class="btn btn-primary">Register </button> </div> </div> </fieldset></form> <?php include 'esd-inc.validationJS.php'; ?></body></html>
![Page 30: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/30.jpg)
30
<?php /* File: esc-inc.validationJS.php */ ?>
<script src="../js/jquery-1.11.0.js"></script><script> /* sets up event handlers */ function init() { var country = $('#country'); var email = $('#email'); var password = $('#password'); var sampleForm = $('#sampleForm'); // we will reference these repeatedly sampleForm.on('submit', function(e) { validateForm(e); } ); country.on('change', resetMessages); email.on('change', resetMessages); password.on('change', resetMessages); }// end init()
![Page 31: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/31.jpg)
31
/* perform the validation checks */ function validateForm(e) { var hasError = false; // check country if ( country.selectedIndex <= 0 ) { addErrorMessage('Country', 'Select a country'); hasError = true; } // check email var emailReg = /(.+)@([^\.].*)\.([a-z]{2,})/; if (! emailReg.test(email.value)) { addErrorMessage('Email', 'Enter a valid email'); hasError = true; }
![Page 32: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/32.jpg)
32
// check password var passReg = /^\w{8,16}$/; if (! passReg.test(password.value)) { addErrorMessage('Password', 'Enter a password between 8-15 characters'); hasError = true; }
// if any error occurs then cancel submit; due // to browser irregularities this has to be // done in two ways if (! hasError) return true; else { if (e.preventDefault) { e.preventDefault();} else { e.returnValue = false; } return false; } }// end validateForm()
![Page 33: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/33.jpg)
33
function addErrorMessage(id, msg) { // get relevant span and div elements var spanId = 'error' + id; var span = $('#' + spanId); var divId = 'control' + id; var div = $('#' + divId); // add error message to error <span> element if (span) span.html(msg); // add error class to surrounding <div> if (div) div.className = div.className + " error"; }// end addErrorMessage()
![Page 34: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/34.jpg)
34
/* Clear the error messages for the * specified element */ function clearErrorMessage(id) { // get relevant span and div elements var spanId = 'error' + id; var span = $('#' + spanId); var divId = 'control' + id; var div = $('#' + divId); // clear error message and set class // to error span and div elements if (span) span.html(""); if (div) div.className = "control-group"; }// end clearErrorMessage()
![Page 35: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/35.jpg)
35
/* Clears error states if content changes */ function resetMessages() { if (country.selectedIndex > 0) { clearErrorMessage('Country'); } if (email.value.length > 0) { clearErrorMessage('Email'); } if (password.value.length > 0) { clearErrorMessage('Password'); } }// end resetMessage() // set up validation handlers when page is // downloaded and ready $(function() { init(); });</script>
![Page 36: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/36.jpg)
esd-validationForm.php
36
![Page 37: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/37.jpg)
esd-validationForm.php
37
![Page 38: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/38.jpg)
esd-class.validationResult.php
38
<?php/* Represents the results of a validation */class ValidationResult { private $value; // user input value to be validated private $cssClassName; // css class name for display private $errorMessage; // error message to be displayed private $isValid = true; // was the value valid // constructor public function __construct($cssClassName, $value, $errorMessage, $isValid) { $this->cssClassName = $cssClassName; $this->value = $value; $this->errorMessage = $errorMessage; $this->isValid = $isValid; } // accessors public function getCssClassName() { return $this->cssClassName; } public function getValue() { return $this->value; } public function getErrorMessage() { return $this->errorMessage; } public function isValid() { return $this->isValid; }
![Page 39: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/39.jpg)
esd-class.validationResult.php
39
/* Static method used to check a querystring * parameter and return a ValidationResult */ static public function checkParameter($queryName, $pattern, $errMsg) { $error = ""; $errClass = ""; $value = ""; $isValid = true; // first check if the parameter doesn't exist // or is empty if (empty($_POST[$queryName])) { $error = $errMsg; $errClass = "error"; $isValid = false; }
![Page 40: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/40.jpg)
esd-class.validationResult.php
40
else { // now compare it against a regular expression $value = $_POST[$queryName]; if ( !preg_match($pattern, $value) ) { $error = $errMsg; $errClass = "error"; $isValid = false; } } return new ValidationResult($errClass, $value, $error, $isValid); }}
![Page 41: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/41.jpg)
esd-inc.validationFormPHP.php
41
<?php // turn on error reporting to help // potential debugging error_reporting(E_ALL); ini_set('display_errors','1'); include_once('esd-class.ValidationResult.php'); // create default validation results $emailValid = new ValidationResult("", "", "", true); $passValid = new ValidationResult("", "", "", true); $countryValid = new ValidationResult("", "", "", true);
![Page 42: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/42.jpg)
esd-inc.validationFormPHP.php
42
// if GET then just display form // if POST then user has submitted data, we need // to validate it if ($_SERVER["REQUEST_METHOD"] == "POST") { $emailValid = ValidationResult::checkParameter("email", '/(.+)@([^\.].*)\.([a-z]{2,})/', 'Enter a valid email [PHP]'); $passValid = ValidationResult::checkParameter("password", '/^\w{8,16}$/', 'Enter a password between 8-15 characters [PHP]'); $countryValid = ValidationResult::checkParameter("country", '/[1-4]/', 'Choose a country [PHP]');
![Page 43: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/43.jpg)
esd-inc.validationFormPHP.php
43
// if no validation errors redirect to // another page if ($emailValid->isValid() && $passValid->isValid() && $countryValid->isValid() ) { header( 'Location: #' ); } }
![Page 44: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/44.jpg)
esd-validationFormPHP.php
44
<?php include ('esd-inc.validationFormPHP.php'); ?><!DOCTYPE html><html><head> <title>PHP Form Validation</title> <style> .error { color: red; } </style></head><body><form method="POST" action="<?php echo $_SERVER["PHP_SELF"];?>" class="form-horizontal" id="sampleForm" > <fieldset> <legend>Form with Validations</legend> <!-- Country select list --> <div class="control-group <?php echo $countryValid->getCssClassName(); ?>" id="controlCountry">
![Page 45: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/45.jpg)
esd-validationFormPHP.php
45
<label class="control-label" for="country">Country</label> <div class="controls"> <select id="country" name="country" class="input-xlarge"> <option value="0" <?php if($countryValid->getValue()==0) echo "selected";?>> Choose a country</option> <option value="1" <?php if($countryValid->getValue()==1) echo "selected";?>> Canada</option> <option value="2" <?php if($countryValid->getValue()==2) echo"selected"; ?>> France</option>
![Page 46: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/46.jpg)
esd-validationFormPHP.php
46
<option value="3" <?php if($countryValid->getValue()==3)echo "selected"; ?>> Germany</option> <option value="4" <?php if($countryValid->getValue()==4)echo "selected"; ?>> United States</option> </select> <span class="help-inline" id="errorCountry"> <?php echo $countryValid->getErrorMessage(); ?></span> </div> </div> <!-- Email text box --> <div class="control-group <?php echo $emailValid->getCssClassName(); ?>" id="controlEmail"> <label class="control-label" for="email">Email</label>
![Page 47: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/47.jpg)
esd-validationFormPHP.php
47
<div class="controls"> <input id="email" name="email" type="text" value="<?php echo $emailValid->getValue(); ?>" placeholder="enter an email" class="input-xlarge" required> <span class="help-inline" id="errorEmail"> <?php echo $emailValid->getErrorMessage(); ?></span> </div></div> <!-- Password text box --> <div class="control-group <?php echo $passValid->getCssClassName(); ?>" id="controlPassword"> <label class="control-label" for="password">Password</label> <div class="controls"> <input id="password" name="password" type="password" placeholder="enter at least eight characters" class="input-xlarge" required>
![Page 48: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/48.jpg)
esd-validationFormPHP.php
48
<span class="help-inline" id="errorPassword"> <?php echo $passValid->getErrorMessage(); ?></span> </div></div> <!-- Submit button --> <div class="control-group"> <label class="control-label" for="singlebutton"></label> <div class="controls"> <button id="singlebutton" name="singlebutton" class="btn btn-primary"> Register</button> </div></div> </fieldset></form></body></html>
![Page 49: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/49.jpg)
esd-validationFormPHP.php
49
![Page 50: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/50.jpg)
esd-validationFormPHP.php
50
![Page 51: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/51.jpg)
Managing State
51
![Page 52: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/52.jpg)
52
HTTP1
PHP2
State is managed in two places
![Page 53: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/53.jpg)
53
Use a query string to pass information1
links and method="GET" do the same thing
![Page 54: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/54.jpg)
54
or client-side cookies1
Browser
name=value name=value
name=value name=value
cookies are associated with
domains not pages
![Page 55: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/55.jpg)
55
4k size limit
stored number is limited
session: expire with session
persistent: have expiration date
can be turned off
Cookies have limitations
![Page 56: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/56.jpg)
esd-cookies.php
56
<?php $name="Monkey"; $value="Coco"; $expires = time() + 5; /* Must be the first thing written. */ setcookie($name, $value, $expires);
/* To prevent js access (HttpOnly) use this */ setcookie($name, $value, $expires, null, null, null, true);
?> <!DOCTYPE html><html><meta charset="utf-8"><title>Using cookies</title>
![Page 57: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/57.jpg)
esd-cookies.php
57
<body> <h1>This page is using cookies. Yum!</h1> <br> Refresh the page and you will see. <br></body><?php /* Always check if the cookie is set first. */ if (isset($_COOKIE['Monkey'])) { echo "The value stored in Monkey is {$_COOKIE['Monkey']}"; }?> </html>
![Page 58: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/58.jpg)
<?php?>
58
![Page 59: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/59.jpg)
<?php?>
59
![Page 60: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/60.jpg)
60
Cookies can increase traffic loads1
amazon.com
cookies transmitted with images, css, scripts etc
images-amazon.com
this sites does not use cookies
![Page 61: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/61.jpg)
61
Use sessions on the server2
Each browser session has its own session state
the state is stored as a serialized object
its then unserialized and loaded into
Sessions are ideal for shopping carts
Sessions can store any type of object
![Page 62: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/62.jpg)
62
One session per user
There are more sessions on disk than in memory
![Page 63: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/63.jpg)
63
Use session_start() first thing
session_start() must be called first
![Page 64: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/64.jpg)
64
Session expires so check
![Page 65: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/65.jpg)
65
Know how sessions really work
HTTP is still the underlying protocol used
being stateless, some form of identification is needed
PHP sessionID: 32-byte string
a sessionID is used
transmitted via a cookie
![Page 66: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/66.jpg)
66
Sessions still need cookies
if cookies are disabled, then configure php.ini to send sessionID through the url
![Page 67: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/67.jpg)
67
On a new session...
WS
an empty dictionary like collection is created
![Page 68: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/68.jpg)
68
...on completion it is saved...
WS
the session is saved in the state provider
Session state provider
User session A
Memory
User session A
![Page 69: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/69.jpg)
69
...and on recall it is retrieved
WS
the session is retrieved from the state provider
Session state provider
User session A
Memory
User session A
![Page 70: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/70.jpg)
70
State provider options available
Memory: session must be served by same ws session lost if server restarts limited on shared hosts
File: session can be served by any ws session reconstructed if server restarts less efficient than memory provider
![Page 71: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/71.jpg)
71
HTML5 Web Storage
meant to replace cookies
uses JS-only API
managed by the browser
not transmitted with each request/response
not limited to 4K size (< 5MB recommended)
two objects available: localStorage and sessionStorage
![Page 72: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/72.jpg)
72
Two ways to write to storage
can use either .setItem or .property
localStorage is persistent
![Page 73: TU ESD - SIUEstornar/courses/notes/cs234/tu-ESD.pdf5 empty() + is_numeric() is a knock out empty() is better suited for string queries than isset() unless numeric information is transmitted](https://reader034.vdocument.in/reader034/viewer/2022050415/5f8ba9231720e419527ba32e/html5/thumbnails/73.jpg)
73
and two ways to read from it
can use either .getItem or .property