A348/A548 Mastering the World-Wide Web (4/3 cr.)

Lab Notes Eight: Review of PHP.

In covering PHP we have mentioned the following aspects.

Variables have names, like in Perl, and these names are always prefixed by the dollar sign ($).

So here's a simple PHP file:

<html>
  <head>
    <title>PHP variables</title>
  </head>
<body bgcolor=white>

  <? $i = 3; ?>

  <p> I have set <code>$i</code> to the value of <?=$i?>. </p> 

  <? $i += 2; ?>

  <p> Now I added 2 to it, so it has become <?=$i?>. </p>

  </body>
</html>

Here's how it works.

Here's the source code, again.

What would be the basic Perl CGI script that does the same thing?

Perhaps something like this:

#!/usr/bin/perl

print "Content-type: text/html\n\n<html><body bgcolor=white>";

$i = 3; 

print "<p>I have set <code>\$i</code> to the value of $i.</p>";  

$i += 2; 

print "<p> Now I added 2 to it, so it has become $i. </p> "; 

print "</body></html>";

Here's this script in action.

Here's the CGI.pm version of it.

#!/usr/bin/perl

use CGI;

$query = new CGI; 

print $query->header; 

print $query->start_html(-bgcolor=>'white'); 

$i = 3; 

print qq{ 
  <p> I have set <code>\$i</code> to the value of $i. </p>
}; 

$i += 2;

print qq{ 
  <p> Now I have added 2 to it, so it has become $i.</p>
}; 

print $query->end_html;

Here it is in action.

Hashtables are used in Perl, and they are also used in PHP.

Here's some code in Perl,

%prices = ("Tires"       => 100,
           "Oil"         =>  10, 
           "Spark Plugs" =>  4); 

$prices{"Tires"} -= 90; 

foreach $key (keys %prices) {
  print $key, " --> ", $price{$key}, "<p>"; 
}

and here's how we would do the same thing in PHP.

Here's the code:

<html><body bgcolor=white>

<? $prices = array("Tires"       => 100, 
                   "Oil"         =>  10, 
                   "Spark Plugs" =>   4); 

   $prices["Tires"] -= 10;  
 
   while ($element = each ($prices)) {

     echo $element["key"] . " --> " . 
          $element["value"] . "<br>"; 

   }

 ?> 

</body></html>

To do it twice, though, is a bit tricky.

Here's the source code for that. (Note we reset the array).

Now a word about sessions.

HTTP is connectionless, and keeping state with CGI requires

either sending (storing) state information on the client side, or
managing state on the server side (with additional overhead)

PHP provides the ability to manage state on the server side.

Here's a typical script.

Here's the source code.

Here's the source code again:

<? session_start();
   if (session_is_registered("acc")) { 
     if ($fun == "add") $acc += $arg; 
     else if ($fun == "sub") $acc -= $arg; 
   } else {
     $acc = 0; 
     session_register("acc"); 
   } 
 ?>

<html>
  <head>
    <title>Sessions Examples</title>
  </head>
  <body bgcolor=white>
    <form method="POST" action="<? echo $SCRIPT_NAME; ?>"> 

      The current value of the accumulator is: <? echo $acc ?> <p> 

      <table cellpadding=2>
        <tr> 
          <td> Amount: </td> 
          <td> <input type="text" name="arg" size=4> </td> 
          <td> Function: </td> 
          <td> <select name="fun"> 
                 <option value="non"> Click Me! 
                 <option value="add"> Deposit
                 <option value="sub"> Withdraw   
               </select> 
          </td> 
        </tr> 
      </table> 
       
      <p> Enter the amount, select a function, then press 
       
      <input type="submit" value="Proceed"> <p> 
       
    </form>
  </body>
</html>

The code in brown shows how values in the form fields can be retrieved. That's important, but not the central part of this example. Here's what gets created on /tmp if I work with this calculator a bit (which is what the example wants to bring forth):

burrowww.cs.indiana.edu% ls -ld /tmp/sess_05e56a5ed8be5e3a0ef771d9fb582df9
-rw-------   1 dgerman  faculty        10 Oct 17 14:44 /tmp/sess_05e56a5ed8be5e3a0ef771d9fb582df9
burrowww.cs.indiana.edu% cat /tmp/sess_05e56a5ed8be5e3a0ef771d9fb582df9
acc|i:122;burrowww.cs.indiana.edu% 
burrowww.cs.indiana.edu%

My accumulator was 122 at the time I printed the file.

The name of the file contains the random session ID (in blue).

The contents of the file contains the server-side state (environment).

That is in red.

Note that for every browser that calls, a session ID is created.

The session ID is sent to the browser, and kept in a cookie, there.

(Other ways of storing the session ID on the browser are possible, too).

A file with the ownership of the server will then be created on the server.

Where will it be created?

Your config file (php.ini) determines that, and here's the line in it.

ifx.nullformat = 0

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored.
session.save_path = /tmp

; Whether to use cookies.
session.use_cookies = 1


; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

To summarize:

session_start()
checks to see if an ID is submitted by the browser with the request, and if that ID is already available on the server.
if it's not,
a new one will be generated, and will be sent to the browser. This is the beginning of a new session. The browser has to keep it and submit it with every new request.
if an ID matches what the server has
then we know who we are talking to, so we refer to the corresponding file in the session.save_path directory.
session_register(varName)
is used to associate variable names with values. These are stored under the appropriate session ID file on the server side (see my example above). They are retrieved from that file during subsequent calls in the same session (that is, for the same session ID).
session_is_registered(varName)
is used to check if a variable is registered already or not (that is, if it's stored on the server side in the file for this session ID).
session_unregister(varName)
is used to delete a variable from the file on the server associated with the session in which this instruction is run.
session_destroy()
deletes the session, that is, the file.

That's the basic idea behind sessions.

Experiments done Monday-Tuesday with

Barry (Yinggang) Li,
Jeff Magliola,

and the servers of

Jeff Cannon and
Natalia Minibayeva

indicate that Internet Explorer and Netscape may store sessions ID somewhat differently.

We need to further investigate that, later.

We will cover cookies when we look at Javascript.

At that time we will look at cookies from three points of view:

JavaScript (client-side programming)
server-side programs that keep state on the client

In this last category we will have both Perl and PHP.

What do you need to turn in in the next lab?

Well, here now is your...

A348/A548 LAB ASSIGNMENT EIGHT

As an UNDERGRADUATE

Modify your php.ini file to store session files in your account.

Choose /u/username/apache/apache_1.3.20/phpsessions for the new location.

Don't forget to create this folder first.

As a GRADUATE

Read your php.ini file and document (other) interesting findings.

Write a report, call it Lab Seven Findings and post it.

CREATIVITY option

Answer the following questions (in writing).

Does it matter (does it make any difference) in the calculator program above if we encode the request method in the form as GET, as opposed to POST?
Check any resources you have and determine how could one set, or influence the duration of time a session ID is valid (its life span). If the browser does not allow or support cookies, is session support lost?

Post these as well, call the document Lab Seven Extra Credit Questions.

Last updated on Oct 18, 2001, by Adrian German for A348/A548