Part 4 - Server side Handling data with PHP Flashcards
An array that contains keys and values sent to the server on the end of the URL or by submitting a HTML form using the GET method.
describe the superglobal variable
$_GET
Basic syntax (arguments omitted):
define(name,value)
@param name (Required) Specifies the name of the constant
@param value (Required) Specifies the value of the constant.
describe the syntax and parameters of
define()
what are the syntax and parameters of
var_export()
Syntax:
var_export(variable,return);
@param variable (Required). Specifies the variable to check
@param return (Optional). If set to true, it returns the variable representation instead
of outputting it
describe the function
var_export()
a function that outputs or returns structured information about a variable.
describe the superglobal variable
$_GET
An array that contains keys and values sent to the server on the end of the URL or by submitting a HTML form using the GET method.
describe the function
define()
this function is used to define a constant
describe the syntax and parameters of
empty()
Syntax:
empty(variable);
@param variable (Required) Specifies the variable to check
function used for case insensitive comparison of two strings, returns 0 if the two strings match
describe the function
strcasecmp()
give 3 points that describe
Java
points on this include:
1.Open source
2.Object oriented
3.When used to serve dynamic web content a special web server is required such as Tomcat
describe the function
htmlspecialchars()
a function that converts some predefined characters to HTML entities.
describe the function
strcasecmp()
function used for case insensitive comparison of two strings, returns 0 if the two strings match
describe the
difference between declaring strings with single vs double quotes
Single quotes - these are interpreted exactly as written and so the text within the single quotes will always be unchanged
Double quotes - anything written within double quotes will be interpreted by PHP, this means if a variable name is included it will be evaluated and replaced by its value. Any other escape sequences will also be interpreted within double quotes
To implement this:
1.We set a flag in PHP files that will be requested by URL, the flag states that it is safe for files to run
a)This can be achieved setting a constant using define() function
2.Files that should only be executed via require or include will look for the flag, if it is not set then they will refuse to execute
a)This can be achieved by:
b)Checking if flag is set using the defined() function
c)If the flag is not set we terminate the script using the die() method
This ensures that users can only execute the scripts that we intend them to execute,
describe the implementation that would mitigate users executing the scripts that we will call using the require and include statements
this can be mitigated by cleaning text of any characters that could hold code before it is sent to the users browser.
we can accomplish this by using the function htmlspecialchars(). which replaces HTML characters with HTML entities
give one example of how a
Cross site scripting (XSS) attack can be mitigated
in PHP
when we access an array we should always check to see if it is empty.
the reason being because if we access an element that is not there then PHP will output a notice in the HTML. this should be hidden
when accessing an array what action should we perform first and why
these include:
1.Hypertext Preprocessor (PHP)
2.Active Server Pages.NET (ASP.NET)
3.Java
4.Python
5.Node.js
name 5
server side programming languages
Example:
$array = [];
if (!empty($array[‘id’])) {
Code if value exists;
} else {
Code if value does not exist;
}
give an example that checks if an array has content using an if…else statement
give an example that checks if an array has content using an if…else statement
Example:
$array = [];
if (!empty($array[‘id’])) {
Code if value exists;
} else {
Code if value does not exist;
}
using a for each loop write the syntax for extracting the key and value of the current element
syntax:
foreach ($array as $key => $value) {
Code to execute;
}
points on this include:
1.Open source
2.Object oriented
3.When used to serve dynamic web content a special web server is required such as Tomcat
give 3 points that describe
Java
sometimes known as a dictionary is an array with named keys and associated values for each key
describe an
Associative arrays
An array that contains data previously stored on the server in the current session
describe the superglobal variable
$_SESSION
how do we
declare a constant in PHP
this is accomplished by using the define() function
An array that contains keys and values sent to the server by submitting a HTML form using the POST method.
describe the superglobal variable
$_POST
this is an array that contains data about the server running the PHP script.
describe the superglobal variable
$_SERVER
we acieve this by using:
<?php code ?>
how is PHP code placed inside a PHP document
describe the syntax and parameters of
htmlspecialchars()
Basic syntax (arguments ommitted)
htmlspecialchars(string)
@param string the string to convert
describe the implementation that would mitigate users executing the scripts that we will call using the require and include statements
To implement this:
1.We set a flag in PHP files that will be requested by URL, the flag states that it is safe for files to run
a)This can be achieved setting a constant using define() function
2.Files that should only be executed via require or include will look for the flag, if it is not set then they will refuse to execute
a)This can be achieved by:
b)Checking if flag is set using the defined() function
c)If the flag is not set we terminate the script using the die() method
This ensures that users can only execute the scripts that we intend them to execute,
describe the function
basename()
this function returns the filename from a path.
describe the 5
values that are considered
falsey
these include:
1.integer 0 and float 0.0
2.the empty string “” and “0” (because it is equivalent to integer 0)
3.an empty array []
4.the null value
5.and of course, the boolean false
Syntax:
strcasecmp(string1,string2)
@param string1 (Required) Specifies the first string to compare
@param string2 (Required) Specifies the second string to compare
describe the syntax and parameters of
strcasecmp()
this function checks whether a variable/array is empty or not. This function returns false if the variable exists and is not empty, otherwise it returns true.
describe the function
empty()
how can we
remove an item from an array
this can be accomplished by using the unset() function
points on this include:
1.Used by youtube and dropbox
2.Usefull for processing large data sets and scientific and statistical data
3.SQLLite is a database that is included with python
give 3 points that describe
python
give one example of how a
Cross site scripting (XSS) attack can be mitigated
in PHP
this can be mitigated by cleaning text of any characters that could hold code before it is sent to the users browser.
we can accomplish this by using the function htmlspecialchars(). which replaces HTML characters with HTML entities
describe the superglobal variable
$_POST
An array that contains keys and values sent to the server by submitting a HTML form using the POST method.
what is the syntax of the PHP while loop
Syntax:
while (condition is true) {
code to be executed;
}
describe the syntax and parameters of
unset()
Syntax:
unset(variable, ….);
@param variable (Required). Specifies the variable or array value to unset
@param … (Optional) Another variable to unset
this function prints a message and terminates the current script.
describe the function
Die()
describe the 2 types of arrays that can be created
these include:
1.Lists - where an index number is automatically associated with a value
2.Dictianories (Associative array) - where we specify a key and a value for the element in the array
NOTE:
* each key of a dictionary must be unique
* The key of a dictionary can be an integer or string
write out the syntax for an
if…elseif…else block
Syntax:
if (condition) {
code to be executed if this condition is true;
} elseif (condition) {
code to be executed if first condition is false and this condition is true;
} else {
code to be executed if all conditions are false;
}
points on this include:
1.Provides a javascript runtime on the server
2.Efficient at handling large number of requests (scales better than PHP)
3.Allows both client and server side to be written in javascript
give 3 points that describe
node.js
behaviour:
1.Include - will include the code if the file can be found, but omit it otherwise and continue
2.Require - if the script being inserted is missing, PHP will stop execution and report an error.
describe the difference in behaviour of the statements
1. include
2. require
describe the function
phpinfo()
this function will output configuration information about PHP such as the version in use
give 3 points that describe
python
points on this include:
1.Used by youtube and dropbox
2.Usefull for processing large data sets and scientific and statistical data
3.SQLLite is a database that is included with python
describe the two methods for
creating an array
these include:
1.Using the array() function
2.Using the [] notation
these include:
- A constant’s value cannot be changed after it is set
- Constant names do not need a leading dollar sign ($)
- Constants can be accessed regardless of scope
- Constant values can only be strings and numbers
what are the
4 rules governing the declaration of constant
describe the superglobal variable
$_SERVER
this is an array that contains data about the server running the PHP script.
these include:
1.A variable name always begins with a dollar character ($) followed by a letter or underscore (never a number)
2.Allowed characters in a variable name are (a-b, 1-9, _)
3.Characters are case sensitive
4.PHP is dynamically typed so we do not need to declare the data type the variable will hold
what are the
4 rules that govern the declaration of variables
variations of this are:
1.extract only the value of the current element
2.Extract the key and value of the current element
describe the 2 variations of the PHP for each loop
describe the function
Die()
this function prints a message and terminates the current script.
how is PHP code placed inside a PHP document
we acieve this by using:
<?php code ?>
Basic Syntax (arguments ommitted):
basename(path)
@param path (Required) Specifies a file path
describe the syntax and paramers of
basename()
Syntax:
while (condition is true) {
code to be executed;
}
what is the syntax of the PHP while loop
name 5
server side programming languages
these include:
1.Hypertext Preprocessor (PHP)
2.Active Server Pages.NET (ASP.NET)
3.Java
4.Python
5.Node.js
what are the 3 methods for commenting in PHP
these include:
// This is a basic one-line PHP comment
/* This is a C-style PHP comment that can span multiple lines.
Note it must be closed */
# This is a “shell-style” PHP one-line comment.
NOTE: Most likely the first two comment styles are most likely to be encountered
describe the superglobal variable
$_FILES
An array that contains data about files uploaded using a special type of POST request.
what are the
4 rules governing the declaration of constant
these include:
- A constant’s value cannot be changed after it is set
- Constant names do not need a leading dollar sign ($)
- Constants can be accessed regardless of scope
- Constant values can only be strings and numbers
what is the
syntax for extracting data from an array
Syntax:
$arrayName[index/key]
within a double quoted string what are the 3 ways to include a variable
this can be achieved using any of the following:
1. $var
2. ${var}
3. {$var}
NOTE: for readability it might be preferrable to use method 3
describe the superglobal variable
$_SESSION
An array that contains data previously stored on the server in the current session
the data is sent within a HTTP request and then made available to PHP via its superglobal variables
how is the HTML form data made available to a PHP script upon submition
Syntax:
empty(variable);
@param variable (Required) Specifies the variable to check
describe the syntax and parameters of
empty()
using a for each loop write the syntax for
extracting only the value of the current element
syntax:
foreach ($array as $value) {
code to be executed;
}
this function is used to define a constant
describe the function
define()
these include:
1.integer 0 and float 0.0
2.the empty string “” and “0” (because it is equivalent to integer 0)
3.an empty array []
4.the null value
5.and of course, the boolean false
describe the 5
values that are considered
falsey
syntax:
foreach ($array as $value) {
code to be executed;
}
using a for each loop write the syntax for
extracting only the value of the current element
Basic syntax (arguments ommitted)
htmlspecialchars(string)
@param string the string to convert
describe the syntax and parameters of
htmlspecialchars()
this pattern of processing may be:
1.Generate a welcome page with a choice of tasks and send this to the user.
2.Receive back a request with data on the task to carry out. Generate a new page to respond to that request using data from the database. The full page itself never exists on the server. Only a collection of templates and data in the servers.
3.Repeat this second series of actions.
describe the pattern of processing that PHP might take when in a session with a user but the session is not user specific
define
Cross site scripting (XSS)
this is an attack that allows a user to inject there own scripts into a website. when the website is loaded there is potential that this script could be ran on an unsuspecting users browser
describe a typical use case for
Hypertext Preprocessor (PHP)
This is typically used where all or part of a web page must be dynamically created.
The data it uses to create the page will most likely be retrieved from one or more databases
a function that converts some predefined characters to HTML entities.
describe the function
htmlspecialchars()
when creating a condition in a while loop what type of tests are recommended
When programming loops it can be better to test a condition such as (<=, >=, <, >) rather than equality (==)
This is typically used where all or part of a web page must be dynamically created.
The data it uses to create the page will most likely be retrieved from one or more databases
describe a typical use case for
Hypertext Preprocessor (PHP)
these include:
// This is a basic one-line PHP comment
/* This is a C-style PHP comment that can span multiple lines.
Note it must be closed */
# This is a “shell-style” PHP one-line comment.
NOTE: Most likely the first two comment styles are most likely to be encountered
what are the 3 methods for commenting in PHP
Syntax:
var_export(variable,return);
@param variable (Required). Specifies the variable to check
@param return (Optional). If set to true, it returns the variable representation instead
of outputting it
what are the syntax and parameters of
var_export()
give 3 points about
superglobal variables
points include:
1.These are built in variables of PHP
2.They can be accessed from any scope
3.Each of these is an array, so can be iterated over using a for each loop or looking for a specific item using its key
Syntax:
Die(message)
@param message (Required) A message or status number to print before terminating the script. A status number will not be written to the output, just used as the exit status.
describe the syntax and paramers of
die()
describe the superglobal variable
$_COOKIE
An array that contains cookies sent to the server that were previously set by the same server.
describe an
Associative arrays
sometimes known as a dictionary is an array with named keys and associated values for each key
what are the
4 rules that govern the declaration of variables
these include:
1.A variable name always begins with a dollar character ($) followed by a letter or underscore (never a number)
2.Allowed characters in a variable name are (a-b, 1-9, _)
3.Characters are case sensitive
4.PHP is dynamically typed so we do not need to declare the data type the variable will hold
Syntax:
unset(variable, ….);
@param variable (Required). Specifies the variable or array value to unset
@param … (Optional) Another variable to unset
describe the syntax and parameters of
unset()
these include:
1. $_SERVER
2. $_GET
3. $_POST
4. $_FILES
5. $_COOKIE
6. $_SESSION
name 6
important superglobal variables
this is accomplished by using the define() function
how do we
declare a constant in PHP
when accessing an array what action should we perform first and why
when we access an array we should always check to see if it is empty.
the reason being because if we access an element that is not there then PHP will output a notice in the HTML. this should be hidden
these include
1.Loose comparison (==) - will only check that two values are the same
2.Strict comparison (===) - will check that both the type and value are the same
describe the 2
methods of comparison
the reason for this is because it is possible for a user to send any data to the server
why should incoming data to a server always be cleaned on the server
Single quotes - these are interpreted exactly as written and so the text within the single quotes will always be unchanged
Double quotes - anything written within double quotes will be interpreted by PHP, this means if a variable name is included it will be evaluated and replaced by its value. Any other escape sequences will also be interpreted within double quotes
describe the
difference between declaring strings with single vs double quotes
describe the 2 variations of the PHP for each loop
variations of this are:
1.extract only the value of the current element
2.Extract the key and value of the current element
this function returns the filename from a path.
describe the function
basename()
describe the function
empty()
this function checks whether a variable/array is empty or not. This function returns false if the variable exists and is not empty, otherwise it returns true.
describe the pattern of processing that PHP might take when in a session with a specific user
this pattern of processing might be:
1. Generate a welcome page with forms for the user to sign in.
2. Receive the sign in, validate the data, and authenticate the user.
3. Receive data back from the user, validate the data. Identify the user from the session
4. continue step 3 untill user signs out or there is inactivity
NOTE: at steps 2 and 3 we may have further processing including accessing a database and creating unique pages for the user
how do we perform a
not operation
this is achieved using the exclamation mark (!)
why should incoming data to a server always be cleaned on the server
the reason for this is because it is possible for a user to send any data to the server
how is the HTML form data made available to a PHP script upon submition
the data is sent within a HTTP request and then made available to PHP via its superglobal variables
this can be achieved using any of the following:
1. $var
2. ${var}
3. {$var}
NOTE: for readability it might be preferrable to use method 3
within a double quoted string what are the 3 ways to include a variable
these include:
1.Using the array() function
2.Using the [] notation
describe the two methods for
creating an array
how can we dynamically include a seperate PHP file into our current PHP file
this can be accomplished using the statements
1. include
2. require
Syntax:
$arrayName[index/key] = newValue;
what is the syntax for
updating a value in an array
When programming loops it can be better to test a condition such as (<=, >=, <, >) rather than equality (==)
when creating a condition in a while loop what type of tests are recommended
this pattern of processing might be:
1. Generate a welcome page with forms for the user to sign in.
2. Receive the sign in, validate the data, and authenticate the user.
3. Receive data back from the user, validate the data. Identify the user from the session
4. continue step 3 untill user signs out or there is inactivity
NOTE: at steps 2 and 3 we may have further processing including accessing a database and creating unique pages for the user
describe the pattern of processing that PHP might take when in a session with a specific user
Syntax:
$arrayName[index/key]
what is the
syntax for extracting data from an array
describe the syntax and paramers of
basename()
Basic Syntax (arguments ommitted):
basename(path)
@param path (Required) Specifies a file path
describe the 2
methods of comparison
these include
1.Loose comparison (==) - will only check that two values are the same
2.Strict comparison (===) - will check that both the type and value are the same
when implementing the server side of a web application name 5 items that would be required
for this we require:
1.infrastructure - Dedicated hardware or cloud infrastructure
2.operating system - that can interact with the hardware and run software on top of
3.Web server software - that can handle incoming and outgoing messages to the internet and interact with other server software
4.server side programming language - to handle buisness logic and data processing
5.Database software and associated hardware - so that data can be stored and retrieved
a function that outputs or returns structured information about a variable.
describe the function
var_export()
function used to unset/destroy variable and array values
describe the function
unset()
describe the syntax and paramers of
die()
Syntax:
Die(message)
@param message (Required) A message or status number to print before terminating the script. A status number will not be written to the output, just used as the exit status.
these include:
1.Lists - where an index number is automatically associated with a value
2.Dictianories (Associative array) - where we specify a key and a value for the element in the array
NOTE:
* each key of a dictionary must be unique
* The key of a dictionary can be an integer or string
describe the 2 types of arrays that can be created
how is string concatenation performed
this is achieved using dot notation
example:
<?php $mystring1 = 'The Cat'; $mystring2 = 'on the mat'; $mystring3 = 'got the cream'; $mystring4 = $mystring1 . ' ' . $mystring3; echo "<p>$mystring4</p>"; //Output: <p>The Cat got the cream</p> ?>
this can be accomplished by using the unset() function
how can we
remove an item from an array
describe the difference in behaviour of the statements
1. include
2. require
behaviour:
1.Include - will include the code if the file can be found, but omit it otherwise and continue
2.Require - if the script being inserted is missing, PHP will stop execution and report an error.
the risk of having these is that a user could potentially find there URL and execute them.
NOTE: these scripts could potentially give data away that we did not intend
what is the risk of having seperate PHP files that we will use via include and require
points include:
1.These are built in variables of PHP
2.They can be accessed from any scope
3.Each of these is an array, so can be iterated over using a for each loop or looking for a specific item using its key
give 3 points about
superglobal variables
describe the function
unset()
function used to unset/destroy variable and array values
what is the risk of having seperate PHP files that we will use via include and require
the risk of having these is that a user could potentially find there URL and execute them.
NOTE: these scripts could potentially give data away that we did not intend
give 3 points that describe
node.js
points on this include:
1.Provides a javascript runtime on the server
2.Efficient at handling large number of requests (scales better than PHP)
3.Allows both client and server side to be written in javascript
this is an attack that allows a user to inject there own scripts into a website. when the website is loaded there is potential that this script could be ran on an unsuspecting users browser
define
Cross site scripting (XSS)
in 4 steps describe a Cross site scripting (XSS) that
1. injects code via the comments
2. creates an alert when visitors view the website
Example:
1.A script tag with an alert is placed inside a comments section
2.The comment gets saved as is in the database
3.When new visitors view the comments the script tag will be pulled from the database and dynamically inserted into the html and sent to the user
4.The users browser sees the script tag in the HTML and runs the alert
NOTE: within the script tags could be any kind of malicious code
this can be accomplished using the statements
1. include
2. require
how can we dynamically include a seperate PHP file into our current PHP file
for this we require:
1.infrastructure - Dedicated hardware or cloud infrastructure
2.operating system - that can interact with the hardware and run software on top of
3.Web server software - that can handle incoming and outgoing messages to the internet and interact with other server software
4.server side programming language - to handle buisness logic and data processing
5.Database software and associated hardware - so that data can be stored and retrieved
when implementing the server side of a web application name 5 items that would be required
describe the pattern of processing that PHP might take when in a session with a user but the session is not user specific
this pattern of processing may be:
1.Generate a welcome page with a choice of tasks and send this to the user.
2.Receive back a request with data on the task to carry out. Generate a new page to respond to that request using data from the database. The full page itself never exists on the server. Only a collection of templates and data in the servers.
3.Repeat this second series of actions.
this is achieved using dot notation
example:
<?php $mystring1 = 'The Cat'; $mystring2 = 'on the mat'; $mystring3 = 'got the cream'; $mystring4 = $mystring1 . ' ' . $mystring3; echo "<p>$mystring4</p>"; //Output: <p>The Cat got the cream</p> ?>
how is string concatenation performed
points on this include:
1.Open source and freely available
2.General purpose
3.but especially suited to web development because PHP can be easily embedded within HTML and can also dynamically create HTML
4.Commonly installed on apache server running linux
5.Can be installed on linux, windows and macOS
give 5 points that describe
Hypertext Preprocessor (PHP)
Syntax:
if (condition) {
code to be executed if this condition is true;
} elseif (condition) {
code to be executed if first condition is false and this condition is true;
} else {
code to be executed if all conditions are false;
}
write out the syntax for an
if…elseif…else block
what is the syntax for
updating a value in an array
Syntax:
$arrayName[index/key] = newValue;
An array that contains data about files uploaded using a special type of POST request.
describe the superglobal variable
$_FILES
give 5 points that describe
Hypertext Preprocessor (PHP)
points on this include:
1.Open source and freely available
2.General purpose
3.but especially suited to web development because PHP can be easily embedded within HTML and can also dynamically create HTML
4.Commonly installed on apache server running linux
5.Can be installed on linux, windows and macOS
An array that contains cookies sent to the server that were previously set by the same server.
describe the superglobal variable
$_COOKIE
this function will output configuration information about PHP such as the version in use
describe the function
phpinfo()
this is achieved using the exclamation mark (!)
how do we perform a
not operation
syntax:
foreach ($array as $key => $value) {
Code to execute;
}
using a for each loop write the syntax for extracting the key and value of the current element
name 6
important superglobal variables
these include:
1. $_SERVER
2. $_GET
3. $_POST
4. $_FILES
5. $_COOKIE
6. $_SESSION
describe the syntax and parameters of
define()
Basic syntax (arguments omitted):
define(name,value)
@param name (Required) Specifies the name of the constant
@param value (Required) Specifies the value of the constant.
Example:
1.A script tag with an alert is placed inside a comments section
2.The comment gets saved as is in the database
3.When new visitors view the comments the script tag will be pulled from the database and dynamically inserted into the html and sent to the user
4.The users browser sees the script tag in the HTML and runs the alert
NOTE: within the script tags could be any kind of malicious code
in 4 steps describe a Cross site scripting (XSS) that
1. injects code via the comments
2. creates an alert when visitors view the website
describe the syntax and parameters of
strcasecmp()
Syntax:
strcasecmp(string1,string2)
@param string1 (Required) Specifies the first string to compare
@param string2 (Required) Specifies the second string to compare
