-
Server client are processes, and shouldn't be associated with physical machines.
-
ports are 16bit integers.
-
Target port must be predetermined.
i.e target port is known beforehand
-
Browser only understands HTML, and server always returns a static page to the browser.
-
Server-Client == Request-Response system
-
HTML comment stays in the final output page response(php).
-
php = hypertext preprocessor
-
php engine ignores everything else apart from php code.
-
php doesn't distinguish between
" "
and' '
-
php is a loose type-setting language
-
variable declarations are prefixed by
$
-
arrays in php
- Indexed arrays
- Associative arrays
Index may not be an integer, use string as an index.
-
Declaring Arrays a.Indexed Arrays:
$array_name = array("value",...)
b.Associative Arrays:
$array_name = array("key"=>"value",...)
-
var_dump -> prints type of the variable.
-
types
is a data type in php but are internally handled. -
loops a)
for()
b)while()
c)foreach($arr as $key => $var)
Note : $key is optional, $arr and $key remain untouched, effectively the values used in foreach loop are just copies of $arr,$key``` -
.
concatenates two strings "abc"."xyz" = "abcxyz" -
types of equality or inequality a.
!=
: not equal b.==
: equal c.===
: equal and of same type -
Types of variables
- local
- global : syntax ::
global $varname
if $varname is a global variable - superglobal : accessible anywhere
-
How to make functions
function function_name(function parameters) { // function body }
function parameters can be initialized so
$x = 3
in the parameter list means that x is initialised to 3. else if function was called with another value of x then x is overwritten with that valueDEFAULT VALUES MUST BE TO THE EXTREME RIGHT
- Super Globals :
$_POST $_GET
All input variables are stored in these super globals as associative arrays
eg. $name was filled in by the user, i.e $name = xyz
$_POST['name'] = 'xyz'
-
We need a php engine to run the php scripts.
-
htdocs is considered the root directory by the server (XAMPP).
-
Initially the server tries to find two files :- a. index.html b. index.php else it opens the full directory listing.
-
$_POST and $_GET
are associative arrays. -
HTML is case sensitive but php is not.
-
Browser is dumb : it doesn't know whether the php output contains an HTML tag etc.
-
htmlentities() : it can stop C-SS attacks always use htmlentities() to sanitize user input. htmlspecialchars() == htmlentities().
-
isset() : if(!isset($_POST['submit'])) { die('can't open page like this'); }
-
trim() : removes the extreme spaces in the user input.
-
die() : kills the page instantaneously and shows the error message.
-
URL ENCODING : %20 : space
-
GET :-> data is copied in the URL as it is.
-
POST :-> you can see the form data in developer tools in the browser. BOTH POST and get are insecure.
-
Front-end checks are done for a innocent user, not for a hacker.
-
$_SERVER a. HTTP_USER_AGENT b. $HTTP_ACCEPT c. $REMOTE_ADDR d. $REMOTE_PORT
- == ''
-
header("aandolan.html") : TO redirect form to aandolan.html
-
$_REQUEST : union of the GET and POST.
- Once you successfully login inti the server then you are alloted a session id, which can be reused whenever you login again.
- session_start() :: server creates a cookie for the session. TO BE DONE whenever handling sessions.
- session variables are accessible accross webpages.
- session_destroy()
- include('path name of the file');
- include_once('path name of the file') :-> includes file only once, removes the redundancies.
- require('path name of the file')
- require_once('path name of the file') relative path : portable absolute path : not portable.
structered query language. It is a relational DBMS
- Data is stored in tables.
- COMMAND TYPES :- A. DDL B. DML C. TCL