Misc Odds and EndsCSCI 297 Scripting Languages

Today

1. Database Normalization

2. Data Backups

3. Tracking the User with Cookies

4. Short example of SQL Injection

Database Normalization Goal = each piece of information exists only

once in the database• creates storage efficiency• more efficient to update• duplicates can create inaccuracies

o First Normal Form• no repeating columns with same data types• all columns contain single value• primary key uniquely identifies each row

o Second Normal Form• rows do not duplicate information

o Third Normal Form• data not dependent on the primary key is moved to another table

Normalization ExampleAuthor1 Author2 Title ISBN Price CustName CustAddr

MW Brown

C. Hurd Good Night Moon

1234 12.99 Claire Dannelly

980 Eagle, Rock Hill…

D. Pilkey Captain Underpants

6789 24.50 William Dannelly

980 Eagle, Rock Hill…

MW Brown

C. Hurd Good Night Moon

1234 12.99 Bob Smith 123 Main…

ISBN Author

1234 Marguerite Wise Brown

1234 Clement Hurd

6789 Dav Pilkey

ISBN Title Price

1234 Good Night Moon 12.99

6789 Captain Underpants 24.50

First Ordertwo columns w/ same data type

Second Ordertwo rows with

same info

Backing Up Data• Full Database Back Up• big pain• two possible options from the command line:• mysqldump --opt --all-database > all.sql• mysqlhotcopy database /path/for/backup

• Full Database Restore• it's really long set of complicated steps

• If concerned about data corruption1. lock the table(s)2. copy the records to a copy of the table(s)3. unlock the table(s)

• Transactions - updates can be temporary

Cookies - setting in PHP

setcookie (name, value, expire, path, domain);

• name• name of the cookie value• example: "usrname"

• value• the value of the cookie• example = "Bob Smith"

• expire • time of when the cookie expires• if empty, then the cookie expires when the browser closes• example : 24 hours from now = time()+24*60*60

Cookies - very simple example

• Problem : • Script to either display the user name that is stored in a cookie or

save the user name into a cookie

• Possible Conditions while running the script:1. a cookie was already set• isset ($_COOKIE[…])

2. the cookie is being set with form data• isset ($_POST[…])

3. the cookie has not been set• neither of the above is true

<?php

// we have been here before and the cookie is setif (isset($_COOKIE["usrname"])) echo "Welcome " . $_COOKIE["usrname"] . "<P>";

// script is setting the cookie, expires in two minuteselse if (isset($_POST['usrname'])) { setcookie ("usrname", $_POST['usrname'], time()+120); echo "Setting the cookie<P>"; }

// first time visitorelse { echo "Welcome first time visitor<P>"; echo "<form action='cooktest1.php' method='Post'>"; echo "User Name: <input type='text' name='usrname'><br>"; echo "<input type=submit value='Save Name'<P>"; echo "</form>"; }?>

Cookies - common error

• The setcookie() function must appear before the <html> tag.

• This code is okay:else if (isset($_POST['usrname'])) { setcookie ("usrname", $_POST['usrname'], ... echo "The cookie is set.<P>"; }

• This code generates an error:else if (isset($_POST['usrname'])) { echo "Setting the cookie...<P>"; setcookie ("usrname", $_POST['usrname'], ... }

SQL Injection Example$username = $_POST['username'];$password = $_POST['password'];

$query = "SELECT 'id' FROM 'users' WHERE 'username' = '$username' AND 'password' = '$password';"$result = mysql_query ($query, $DBconn); if (mysql_num_rows($result) == 0) error : try againelse user is okay

example continued…

PHP String with SQL Command:SELECT 'id' FROM 'users' WHERE'username' = '$username' AND 'password' = '$password';

What if the user enters:username ==> ' OR ''='password ==> ' OR ''='

The resulting SQL Command:SELECT 'id' FROM 'users' WHERE'username' = '' OR ''='' AND 'password' = '' OR ''='';

Other PHP topics

•Objects

• Exception Handling

•Authentication