328lab07-1-projected


CS 328 - Week 7 Labs - 1:00 pm lab - 2016-03-04

*   continuing with PHP intro -- and PHP and forms;

*   when a form is submitted whose action
    is a .php document,

    that PHP document has available to it the
    superglobal associative arrays
    $_GET or $_POST
    
    (depending on the value of the method
    attribute of the submitting form)

    where the keys in the array are the names in the
    name-value pairs from that form, and the value for
    each name key is that value for that form control
    at the time the form was submitted

*   remember: NEVER trust user-provided data!

    ...DECIDE (case-by-case) how you will
    deal with any potential attacks in it;

    *   several (of many) tools provided to help:
        (these are demo'd in looky.php)

        strip_tags - expects a string, returns that string
                     with any angle-bracket-style
                     tags removed
                     (removing markup)

        htmlspecialchars - expects a string, returns that string
	             with each special HTML character replaced with
	             its display-only-version

                     for example, '<' replaced with '&lt;';

        htmlentities - goes even farther than htmlspecialchars
	               and (from the PHP manual)
                       "convert[s] ALL applicable characters
		       to HTML entities"

                       (I'm assuming "HTML entities" are
		       <, >, &, etc.)

*   in many applications, especially where you are
    displaying user-provided input,
    it can be a good choice to use htmlspecialchars
    to sanitize it;

    for database storage? maybe strip_tags looks 
    like a good choice;

    ET CETERA -- THINK as you choose;

==========
*   ASIDE:
    isset() and array_key_exists()

    *   there's an attempt to demo these in show-checked.php

    *   PHP *does* have a NULL value --
        (the absence of an object)

    *   isset - 
        expects a variable (or expression) as its argument

        (from the PHP manual) -
        "Determine if a variable is set and is not NULL"

    *   array_key_exists - 
        expects 2 arguments, the potential key and
	the array to check

        (from the PHP manual) -
        "Checks if the given key or index exists in the
	array"

        *   interesting point:

	    "isset does not return TRUE for array keys
	    that correspond to a NULL value,
	    while array_key_exists does"

    *   SO: IF your goal is to see if an array key
        exists in an array,
	USE array_key_exists!!!

==========
*   PHP'S foreach loop:

    a way to loop over a collection (such as an array)
    and loop over all of its elements

    foreach ($collection as $temp_var)
    {
        statements that can use $temp_var;
    }

    *   demo'd in show-checked.php

==========
*   print_r -- FOR DEBUGGING ONLY!

    expects an (associative?) array,
    and prints its entire contents,
    indices AND values!
 
    (can't SANITIZE this -- that's why it is for debugging!!)

    *   demo'd in show-checked.php

==========
*   PHP has MANY libraries and goodies for connecting
    to databases!!!

    *WE* are using one called

    OCI - Oracle Call Interface

    ...because it works from PHP on nrs-projects
    for connecting to HSU's Oracle student database!!

    *   many of these have similar basic steps!!

*   basic steps:
    *   need to set up a CONNECTION STRING:

        $db_conn_str = "(DESCRIPTION = (ADDRESS = 
                            (PROTOCOL = TCP)
                            (HOST = cedar.humboldt.edu)
                            (PORT = 1521))
                            (CONNECT_DATA = (SID = STUDENT)))";

    *   then, try to use this connection string to
        log into Oracle:

	$conn = oci_connect($username, $password,
                            $db_conn_str);

        if (! $conn)
        {
            require_once("failure_footer.txt");
            exit;
        }

	...if get here, I connected!

    *   set up an Oracle statement, and execute it:

        $empl_query = "select hiredate, salary, commission ".
                      "from empl";
        $stmt = oci_parse($conn, $empl_query);

        oci_execute($stmt, OCI_DEFAULT);

    *   loop through the results:

        *   oci_fetch($stmt) gives you access to the next
	    row in the result (you must call it to
	    access the 1st row, also...)

            *   it returns FALSE if there IS no next row

        *   oci_result lets you grab the value from a particular
	    column in the current row
      
        while (oci_fetch($stmt))
        {
            $curr_empl_name = oci_result($stmt, "EMPL_LAST_NAME");
            $curr_hiredate = oci_result($stmt, "HIREDATE");
            $curr_salary = oci_result($stmt, "SALARY");
            $curr_commission = oci_result($stmt, "COMMISSION");

            if ($curr_commission === NULL)
            {
                 $curr_commission = "no commission";
            }
            ...
        }

    *   when done with a statement, FREE that statement!

        oci_free_statement($stmt);

        when done with your connection, CLOSE YOUR CONNECTION!!!

        oci_close($conn);

*   above in demo'd in try-oracle.php --

    LET ME KNOW a.s.a.p. if this example STOPS working...!
    (could be an Oracle-related problem, or an nrs-projects-related
    problem, for example...!)