Upload
gregory-todd
View
214
Download
1
Embed Size (px)
DESCRIPTION
Database Normalization Goal = each piece of information exists only once in the database creates storage efficiency more efficient to update duplicates can create inaccuracies o First Normal Form no repeating columns with same data types all columns contain single value primary key uniquely identifies each row o Second Normal Form rows do not duplicate information o Third Normal Form data not dependent on the primary key is moved to another table
Citation preview
Misc Odds and EndsCSCI 297 Scripting Languages
Today
1. Database Normalization
2. Data Backups
3. Tracking the User with Cookies
4. Short example of SQL Injection
Database Normalization Goal = each piece of information exists only
once in the database• creates storage efficiency• more efficient to update• duplicates can create inaccuracies
o First Normal Form• no repeating columns with same data types• all columns contain single value• primary key uniquely identifies each row
o Second Normal Form• rows do not duplicate information
o Third Normal Form• data not dependent on the primary key is moved to another table
Normalization ExampleAuthor1 Author2 Title ISBN Price CustName CustAddr
MW Brown
C. Hurd Good Night Moon
1234 12.99 Claire Dannelly
980 Eagle, Rock Hill…
D. Pilkey Captain Underpants
6789 24.50 William Dannelly
980 Eagle, Rock Hill…
MW Brown
C. Hurd Good Night Moon
1234 12.99 Bob Smith 123 Main…
ISBN Author
1234 Marguerite Wise Brown
1234 Clement Hurd
6789 Dav Pilkey
ISBN Title Price
1234 Good Night Moon 12.99
6789 Captain Underpants 24.50
First Ordertwo columns w/ same data type
Second Ordertwo rows with
same info
Backing Up Data• Full Database Back Up• big pain• two possible options from the command line:• mysqldump --opt --all-database > all.sql• mysqlhotcopy database /path/for/backup
• Full Database Restore• it's really long set of complicated steps
• If concerned about data corruption1. lock the table(s)2. copy the records to a copy of the table(s)3. unlock the table(s)
• Transactions - updates can be temporary
Cookies - setting in PHP
setcookie (name, value, expire, path, domain);
• name• name of the cookie value• example: "usrname"
• value• the value of the cookie• example = "Bob Smith"
• expire • time of when the cookie expires• if empty, then the cookie expires when the browser closes• example : 24 hours from now = time()+24*60*60
Cookies - very simple example
• Problem : • Script to either display the user name that is stored in a cookie or
save the user name into a cookie
• Possible Conditions while running the script:1. a cookie was already set• isset ($_COOKIE[…])
2. the cookie is being set with form data• isset ($_POST[…])
3. the cookie has not been set• neither of the above is true
<?php
// we have been here before and the cookie is setif (isset($_COOKIE["usrname"])) echo "Welcome " . $_COOKIE["usrname"] . "<P>";
// script is setting the cookie, expires in two minuteselse if (isset($_POST['usrname'])) { setcookie ("usrname", $_POST['usrname'], time()+120); echo "Setting the cookie<P>"; }
// first time visitorelse { echo "Welcome first time visitor<P>"; echo "<form action='cooktest1.php' method='Post'>"; echo "User Name: <input type='text' name='usrname'><br>"; echo "<input type=submit value='Save Name'<P>"; echo "</form>"; }?>
Cookies - common error
• The setcookie() function must appear before the <html> tag.
• This code is okay:else if (isset($_POST['usrname'])) { setcookie ("usrname", $_POST['usrname'], ... echo "The cookie is set.<P>"; }
• This code generates an error:else if (isset($_POST['usrname'])) { echo "Setting the cookie...<P>"; setcookie ("usrname", $_POST['usrname'], ... }
SQL Injection Example$username = $_POST['username'];$password = $_POST['password'];
$query = "SELECT 'id' FROM 'users' WHERE 'username' = '$username' AND 'password' = '$password';"$result = mysql_query ($query, $DBconn); if (mysql_num_rows($result) == 0) error : try againelse user is okay
example continued…
PHP String with SQL Command:SELECT 'id' FROM 'users' WHERE'username' = '$username' AND 'password' = '$password';
What if the user enters:username ==> ' OR ''='password ==> ' OR ''='
The resulting SQL Command:SELECT 'id' FROM 'users' WHERE'username' = '' OR ''='' AND 'password' = '' OR ''='';
Other PHP topics
•Objects
• Exception Handling
•Authentication