Embed Size (px)
Citation preview
Creating Databases
Uploading Files. Reading & writing files.Homework: Starting planning ‘original’
project.
Uploading files using php
• What if you have an application, such as origami store, video portal, etc., and you want to provide a way for users to upload files to the server?– Users may be other people in same organization.– Now, users are not that trustworthy OR skilled, so
need to put in checks!!!– Some php installations may not allow this at all.• CTS was reluctant. Why?
Example
• http://socialsoftware.purchase.edu/jeanine.meyer/fileupload1.html– HTML does much of the work for us: a special type
of input plus special attributes in the form tag.
• This invokes fileupload2.php and stores image files under a certain size in the subfolder uploads
fileupload1.html<html><head><title>Get file name </title></head><body>Upload image file:<form action="fileupload2.php" method="post"enctype="multipart/form-data"><label for="file">Filename:</label><input type="file" name="ufile" id="file" size="100"/><br /><input type="submit" name="submit" value="Submit" /></form></body></html>
fileupload2.php
• My code displays more information that you would want in a production system!!!
• You would want the checking.• Information on the uploaded files are in a php
variable calls $_FILES. The uploaded files are in a temporary directory. My code moves it into a subfolder of the folder of the current script.CTS may have made special permissions for this to work.
<?phpecho "Script path is $basename <br/>";echo "File type is " . $_FILES["ufile"]["type"] . "<br/>";echo "File size is " . $_FILES["ufile"]["size"]. "<br/>" ;if ((($_FILES["ufile"]["type"] == "image/gif")|| ($_FILES["ufile"]["type"] == "image/jpeg")|| ($_FILES["ufile"]["type"] == "image/pjpeg"))&& ($_FILES["ufile"]["size"] < 20000000)) {
if ($_FILES["ufile"]["error"] > 0) { echo "Return Code: " . $_FILES["ufile"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["ufile"]["name"] . "<br />"; echo "Type: " . $_FILES["ufile"]["type"] . "<br />"; echo "Size: " . ($_FILES["ufile"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["ufile"]["tmp_name"] . "<br />"; if (file_exists($_FILES["ufile"]["name"])) { echo $_FILES["ufile"]["name"] . " already exists. "; } else {
$target = "uploads/" . $_FILES["ufile"]["name"] ;echo "The length of $target is " . strlen($target) . "<br/>";
move_uploaded_file($_FILES["ufile"]["tmp_name"],$target); echo "Stored as: " . $target; } } }else { echo "Invalid file"; }?>
Files
• Before there were databases, there were simple files.• What about using a file for data?• Example application: top best scores. Only keep top 5
scores.• My demonstration application: • http://socialsoftware.purchase.edu/jeanine.meyer/bestsco
res.html• [Simply] requests a player name and a score. Adds to file if
big enough. • Uses @fclose to mask error.
• Note: closes file and may or may not re-open. Script displays more than appropriate for production version.
bestscores.html<!DOCTYPE html><html><head><title>Input new scores</title></head><body><form action="bestscores.php">Player <input type="text" name="player" /> <br/>Score <input type="number" name="score" /> <br/><input type="submit" value="ENTER"/></form></body></html>
Note
• The score input is a piece of text.• Some browsers may check that that text
represents a number, but it is still text.• My script will create a scores.txt file if one
does not already exist in the subfolder uploads.
• My script has debugging messages that should be removed for a production system.
strategy• Open [connection to] file for reading.• Read in the whole file (5 records) into an array variable
$data. Close the connection to the file.• Each record is name,score
– Use explode to get the two different things.– Convert the score to a number– Produce an array $scores of numbers.
• Compare intval($newscore) to elements in $scores.– Find the first one smaller than the proposed new score.
Manipulate $data by inserting a record holding “$newname,$newscore\n”
• Open [connection to] file for writing. For php, writing means erasing whole file and then re-writing it.
• Write out $data items as records.
bestscores.php<html> <head><title>Best scores </title> </head> <body><?php$newname = $_GET['player'];$newscore = $_GET['score'];$filen = "uploads/scores.txt";$open = fopen($filen,"r");print ("<br/> Just tried to open file to add $newname and $newscore.<br/> ");print ("returned handler is $open <br/>");if ($open) { $data = file($filen); fclose($open); //file closed for ($i=0;$i<count($data);$i++) {
$item = explode(",",$data[$i]); $score = intval($item[1]); $scores[] = $score; print ("current score: $i ".$item[0]." ".$item[1]." <br/>"); }
for($i=0;$i<count($scores);$i++) {if (intval($newscore)>$scores[$i]) {
$olddata = $data[$i];$data[$i] = "$newname,$newscore\n";for ($j=$i+1;$j<count($scores);$j++) {
$nextone = $data[$j]; $data[$j] = $olddata; $olddata = $nextone;} // $j forbreak; //leave $i for loop
} // if newscore better
} // $i loop
print ("now will write out new data array. <hr>"); for($i=0;$i<count($scores);$i++) {
print($data[$i]."<br/>");
} // now close the file which was open for reading @fclose($open); print ("<br/>Trying to open $filen for writing
<br/>"); $open = fopen($filen,"w");
if ($open) { print("writing out to file <br/>");
for($i=0;$i<count($scores);$i++) { fwrite($open,$data[$i]); }
fclose($open); } else {
print ("<br/> Unable to write updated file. The returned handler value was $open. <br/>");
} } // file opened successfully for initial read
else { // need to create file@fclose($open); //may not be necessary since file wasn't opened.print ("scores file doesn't exist yet<br/>");$open = fopen($filen,"w");
if ($open) { $setsize = 5; //keep 5 top scores fwrite($open,"$newname,$newscore\n"); for ($i=1;$i<$setsize;$i++) {
fwrite($open,"X,0\n"); } @fclose($open);
} else {
print ("couldn't create scores file."); }} //needed to create scores file?> </body> </html>
Application• Store results of a "test" with one file / person• file name based on "code"– Presented as input type=password, but more just
identifier
• If person takes test more than once, add on to the file.– This can produce many files!
• http://socialsoftware.purchase.edu/jeanine.meyer/testquiz.html
testquiz.htmlfunction check() {var oksofar = true;if (!((document.f.a1.value.length>0) &&
(document.f.a2.value.length>0) && (document.f.a3.value.length))){
alert("please submit answer for each question"); oksofar = false;}if (document.f.code.value.length<3){ alert ("The identifying code must be at least 3 characters
long"); oksofar = false;}if (oksofar) { return true;}else { return false; }}
body of testquiz<body>Sample quiz<hr/><form name="f" action="storeanswers.php" onsubmit="return
check();" method="POST">Identifying code: <input type="password" name="code"/> <br/>Answer 1: <input type="text" name="a1"> <br/>Answer 2: <input type="text" name="a2"> <br/>Answer 3: <input type="text" name="a3"> <br/><input type="submit" value="Submit answers"/></form></body>
from storeanswers.php<?php$code = $_POST['code'];$a1 = $_POST['a1'];$a2 = $_POST['a2'];$a3 = $_POST['a3'];$nowp= new DateTime();$now = $nowp->format('Y-m-d H:i:s');$answers = "$code $now answers are 1= $a1 2= $a1 3= $a3 ".PHP_EOL;$filen ="uploads/answers" . $code . ".txt" ;$open=fopen($filen,"a");if ($open) { fwrite($open,$answers);
fclose($open); print "Answers stored "; }
else { print "Problem with storing answers"; }?>
sample output: done twice, producing 2 lines
• jmm 2013-04-06 19:54:54 answers are 1= 23 2= 23 3= 4
• jmm 2013-04-06 19:55:09 answers are 1= 20 2= 20 3= 6
More on files
• Create a subfolder in the folder/directory where you php file is: call it uploads.
• Consult with CTS to confirm you can do this.– May need their help to set permissions
Why use files
• Very simple structure
OR• more complex or just different from tables– Perhaps with links (pointers) such as family or
corporate tree– ?
Refrain on 3 tier
• Some divide the html tier into content versus style, with CSS holding the style. This is the interaction tier.– Note: Flash and other languages (Processing, Java, ??) also
do more function
• Middle tier, php, do 'business logic', other function.• Information tier, MySQL, holds information! – Serves multiple functions. Implemented (possibly) by
different groups in an enterprise.
Another tier?
or is the 3 tier terminology insufficient• Organizations use code and content
developed and maintained by others.– Web services– cloud computing– content such as Google maps– ???
Extra credit opportunity to report / comment.
php to php• Alternative to cookies or data passed via query
strings are Sessions.• The sessions may be passed via the HTTP headers– Extra credit opportunity: research and do posting on php
Sessions• Access and set using $_SESSION.• This, like $_COOKIE, etc. is an associative array:
accessed using names not indices.– NOTE: the shopping cart in my store application is stored
as a Session variable and is itself an associative array.
• <?php• session_start();• if (!isset($_SESSION["cart"])) {• $_SESSION['cart']=array();• $_SESSION['items'] = 0;• $_SESSION['totalprice']=0.00;• $cart = array();• }• else {• //print ("cart already started ");• $cart = $_SESSION['cart'];• }• ?>
<html><head><title>Shopping Cart</title><?require("displaycartfunction.php");?></head><body><?phprequire("opendbo.php");?><h1>Shopping cart</h1> <p><?if (isset($_GET['productid'])) { $p_id = $_GET['productid']; $quantity=$_GET['quantity']; $cart[$p_id] = $quantity; $_SESSION['cart'] = $cart; }
displaycart();?><hr><a href="submitorder.php"> Checkout (submit
order)! </a> <a href="orderproduct.php"> More shopping!
</a></body> </html>
displaycart• Function stored in file displaycartfunction.• Assumes that connection has been made and session
started.• Makes use of the foreach construction for
associative arrays.– Since associative arrays don't use index values 0 to length
of array, what is the code to examine each element?• Answer: foreach($aa as $key=>$qty) { }
assuming $aa is the associative array and $key and $qty are variables used in the loop for the keys and values
– Makes use of number_format($totalprice,2) to produce dollars and cents
<?php//assumes that opendbo called, and session
started //when call is made.function displaycart() { global $cart, $DBname, $link, $totalprice; print ("<table border=1>"); print ("<tr><td> Product ID </td> <td> Product Name
</td><td> Quantity </td> <td> Total cost </td> </tr>"); $items = 0; //note session variable items not used $totalprice = 0.00; $cart = $_SESSION['cart'];
foreach (@$cart as $pid => $qty) { $items += $qty; //print(" the pid is ".$pid . " and the qty is ". $qty); $query="Select * from catalog where id='$pid'"; //print("query is $query"); $result = mysql_db_query($DBname, $query, $link); $item_price = mysql_result($result,0,"cost"); $item_name = mysql_result($result,0,"p_name"); $item_total_price = $item_price * $qty; $totalprice += $item_total_price; $item_total_pricef = number_format($item_total_price,2); print ("<tr><td> $pid </td> <td> $item_name </td><td> $qty
</td> <td> $item_total_pricef </td> </td> "); }
$totalpricef = "$" . number_format($totalprice,2);
print("<tr> <td> TOTALS </td> <td> </td> <td> $items items</td><td> $totalpricef </td></tr> </table>");
$_SESSION['items']=$items; $_SESSION['totalprice']=$totalprice;}?>
Project assignment• Design and develop your own database php project– work individually and then gather team to determine
general idea• Make posting to moodle with idea and names of people on team• YOU MAY WORK BY YOURSELF or in small group. From more,
more is expected.– Develop database design (ER diagram) and Data flow
diagram• Presentations on 4/20
– Complete project• Presentations on 5/11
Minimal requirements• At least 2 tables and at least 2 SQL statements• make use of at least one of– localStorage– file(s)– file uploading– sending email
• At least 2 types of agents. For example: setup and production use.
• Error handling (form input validation)
Classwork / homework• More postings (mainly from those people who have
n’t done it) on security, passwords, normalization, and other topics).
• Think about ‘original / from scratch’ project. Think about your teams.– Maybe smaller?– It is okay to ‘double-dip’; for example, build on project
done for another class or you anticipate doing by adding a database.
• Make proposal to moodle forum– Topic, names of people on team
Planning presentation
• Tell what your project is• Show ER diagram– Definition of the tables
• Show DFD– Definition of the tasks and the agents (aka users)
and the data stores (database, maybe tables, maybe localStorage)
• If you have it, perhaps a formThis is a presentation of plans!!!!!!
