Download - Parameter Passing & Session Tracking in PHP
Passing parameters & Session Tracking in PHP
Prof. Ami Tusharkant ChoksiAssistant Professor, Computer Engg. Dept.,
C.K.Pithawalla College of Engg. & Tech., Surat, Gujarat State, India.
What is Parameter Passing & Session Tracking?
-> Values of the text typed in user form is passed to other HTML and/or server side script is called parameter passing.
-> A session refers to all the connections that a single client might make to a server in the course of viewing any pages associated with a given application.[1]
-> Maintenance of user's state during session(e.g.login to logout) is called a Session Tracking.
Ways
Visible form parameters Hidden form parameters Cookies Session URL Rewriting
Parameter Passing with <Form>
Methods of passing parameters with <form>
GET (smaller data i.e.1024 bytes) POST(bigger data, as well as file upload)
PHP uses predefined variables $_GET['varname'] $_POST['varname']
Predefined Variables[2]
PHP provides a large number of predefined variables represent everything from external variables to built-in environment variables, last error messages to last retrieved headers to all scripts.
Superglobals — Superglobals are built-in variables that are always available in all scopes
$GLOBALS — References all variables available in global scope
$_SERVER — Server and execution environment information
$_SERVER — Server and execution environment information
$_GET — HTTP GET variables
$_POST — HTTP POST variables
$_FILES — HTTP File Upload variables
List of predefined variables [2]...
$_REQUEST — HTTP Request variables $_SESSION — Session variables $_ENV — Environment variables $_COOKIE — HTTP Cookies $php_errormsg — The previous error message $HTTP_RAW_POST_DATA — Raw POST data $http_response_header — HTTP response headers $argc — The number of arguments passed to script $argv — Array of arguments passed to script
The values of Predefined Variables
Values of predefined variables can be seen with
<?php
phpinfo()
?>
File Upload
• Writing client's file on the server is called File Upload.
• In HTML code following is must be added: • <form method="post" enctype="multipart/form-data"
action="upload.php">
FileName <input type="file" name="userfile">
• Above code will display Browse/Choose button on the browser page with which one can select a file.
File Upload HTML page in Browser
Required Configuration in /etc/php.ini File
;file_uploads must be On
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not specified).
upload_tmp_dir =/tmp
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M
Retrieval of File at Server#/uploads must be having o+rwx permission$uploaddir = "/uploads/";$uploadfile = $uploaddir .
basename($_POST["filename"]);if (move_uploaded_file($_FILES["filename"]
["tmp_name"], $uploadfile)) { echo "File is valid, and was successfully
uploaded.\n";} else { echo "Possible file upload attack!\n";}
Session Tracking is done with
As HTTP is stateless protocol Session Tracking must be maintained by programmers with following ways:
Hidden form parameters Cookies Session URL Rewriting
Hidden Parameter Passing
Parameter is passed from 1 page to other which is not visible from user.
<input type=hidden name=”username” value=”amichoksi”>
Can be retrieved in PHP by $_GET[“username”] $_POST[“username”]
Cookies [2]
Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users.
Set Cookie bool setcookie ( string $name string $value , int $expire=0 ,
string $path , string $domain , bool $secure=false , bool $httponly=false)
setcookie(“username”,”ami”,time()+300);
Read Cookie $_COOKIE['name']
Session [2]
A way to preserve certain data across subsequent accesses.
Session Functions [2]session_cache_expire — Return current cache expiresession_cache_limiter — Get and/or set the current cache limitersession_commit — Alias of session_write_closesession_decode — Decodes session data from a stringsession_destroy — Destroys all data registered to a sessionsession_encode — Encodes the current session data as a stringsession_get_cookie_params — Get the session cookie parameterssession_id — Get and/or set the current session idsession_is_registered — Find out whether a global variable is registered in a sessionsession_module_name — Get and/or set the current session module
session_name — Get and/or set the current session namesession_regenerate_id — Update the current session id with a newly generated onesession_register — Register one or more global variables with the current sessionsession_save_path — Get and/or set the current session save pathsession_set_cookie_params — Set the session cookie parameterssession_set_save_handler — Sets user-level session storage functionssession_start — Initialize session datasession_unregister — Unregister a global variable from the current sessionsession_unset — Free all session variablessession_write_close — Write session data and end session
Examples• File: Page1.php
• <?php
session_start();
echo 'Welcome to page #1';
$_SESSION['favcolor'] = 'green';
$_SESSION['animal'] = 'cat';
$_SESSION['time'] = time();
session_set_cookie_params(10,"/","sun.com",true, false);
?>
Example...• Filename Page2.php
session_start();
echo 'Welcome to page #2<br />';
echo $_SESSION['favcolor']; // green
echo $_SESSION['animal']; // cat
echo date('Y m d H:i:s', $_SESSION['time']);?>
• session_unset ();//releasing session data
• Echo $_SESSION['time'];//no output
URL Re-Writing• The Apache server’s mod_rewrite module
gives the ability to transparently redirect one URL to another by modifying URL (i.e. re-writing), without the user’s knowledge.
• Used in situations:-– Pass some information to other page
– redirecting old URLs to new addresses
Or - cleaning up the ‘dirty’ URLs coming from a poor
publishing system
Required Configuration and Examples
• Following line must be uncommented available in /etc/httpd/conf/httpd.conf file
LoadModule rewrite_module modules/mod_rewrite.so
• URL Rewriting examples
– http://localhost/ami/123
– http://localhost/~ami/UrlRewrite.php?name=amichoksi
Retrieval of URL Rewriting Data
• <?php
if(isset($_SERVER['PATH_INFO'])){
echo $_SERVER['PATH_INFO'];}
else if(isset($_GET['username'])) {
echo $_GET['username'];
}
?>
References
1.http://livedocs.adobe.com/coldfusion/6.1/htmldocs/shared28.htm
2.http://in.php.net/manual/en/