1.1 Directories

A webserver must be PHP enabled for PHP scripts to run. The instructions below work for Napier, but, in general there can be differences between the setup of servers.

In general, you need two directories: "public_html" and a subdirectory of "public_html" called "php". The public_html and the php directory should both be world readable and executable. You may also need to change the permissions for your top level directory. The following commands create the directories and set the permissions. You should copy and paste the following commands at the Unix prompt. You need to do this only once. If you already have a public_html directory, skip the second line.

cd; chmod 711 .;
mkdir public_html; chmod 755 public_html;
cd public_html; mkdir php; chmod 755 php;

All html files should be in the public_html directory, all php files in the php directory. The php files must have an extension ".php". The URL for the html files is
http://www.student.soc.napier.ac.uk/~username/filename.html. The URL for PHP files is
http://www.student.soc.napier.ac.uk/~username/php/filename.php

1.2 Exercises

1) Save some simple html code such as

<html>
<head><title>Hello World</title></head> <body>
<h1>Greetings</h1>
</body></html>

as a file in your public_html directory on the webserver. The file permissions of this file should be -rw-r--r--. Type ls -l to check the file permissions. You can set the permissions with chmod 644 filename. Now, look at the file through your browser.

2) Now save the same html file as above in your php directory under the name greetings.php. The file permissions should be -rwxr-xr-x. You can set the file permissions with chmod 755 greetings.php. Look at the file through your browser.

2 Processing forms with PHP

Normal HTML:

browserserver
user requests
html document
server finds HTML file
and sends page back

PHP:

browserserver
user requests
a form
server finds the HTML form
and sends it back to user
user fills out form
PHP application executes
program and sends results
back to user

2.1 A sample form

<form action="http://www.student.soc.napier.ac.uk/~username/php/example.php" method="post">

<input type="radio" name="drink" value="tea" checked > Tea <br>
<input type="radio" name="drink" value="coffee" > Coffee <br>
<input type="radio" name="drink" value="hot chocolate" > Hot Chocolate <p>

<input type="submit" value="Place order">
</form>

2.2 Exercises

3) Include the form in an html document on the webserver (don't forget to change the URL of the form action so that it points to your php directory).

2.3 Source code of a form processing PHP file

<html>
<head><title> Tea is served</title> </head><body>
<hr><h1> Tea Room</h1><hr><p>
<?php
if ($_REQUEST['drink'] != "tea" and $_REQUEST['drink'] != "coffee" and
$_REQUEST['drink'] != "hot chocolate") {
echo "An error occurred.";
exit;
}
if ($_REQUEST['drink']) {
echo "You requested ", $_REQUEST['drink'];
}
?>
<p>Thank you for your visit. Please come again. <p><hr>
</body></html>

Note: in older or less secure installations of PHP, it is possible to use a variable $drink instead of $_REQUEST['drink']. This is a very insecure practise because in that way your script can't tell whether $drink is an internal variable of the script or whether it comes from a form. See the PHP manual for more information about register globals.

2.4 A PHP file that contains both the form and the reply

<html>
<head><title> Tea is served</title> </head><body>
<hr><h1> Tea Room</h1><hr><p>
<?php
if ($_REQUEST['drink'] != "tea" and $_REQUEST['drink'] != "coffee" and
$_REQUEST['drink'] != "hot chocolate" and $_REQUEST['drink']) {
echo "An error occurred.";
exit;
}
if ($_REQUEST['drink']) {
echo "You requested ", $_REQUEST['drink'];
}
?>
<p>Thank you for your visit. Please come again. <p><hr>
<form action="example.php" method="post">
<input type="radio" name="drink" value="tea" checked > Tea <br>
<input type="radio" name="drink" value="coffee" > Coffee <br>
<input type="radio" name="drink" value="hot chocolate" > Hot Chocolate <p>
<input type="submit" value="Place order">
</form>
</body></html>

2.5 Exercises

4) Save the PHP file, change permissions and check to see if it works via the browser and with the form from the last exercise. Change the form action method from "post" to "get" and observe how this changes the query string.

5) Add a checkbox to the form (such as "Do you want milk? Yes/No") and a text area where customers can type in what kind of cake they would like to order. Change your PHP script so that it includes these in its reply, such as "you requested tea with milk", "sorry we are out of chocolate cake". The checkbox and text area must have distinct names in the form.

3 On-line greeting cards

On-line greeting card services often involve several pages: An HTML page lets a user select an image for the greeting card. For example, the following HTML code, lets a user choose one out of four images:

Select a picture:
<p>
<A HREF="http://www.student.soc.napier.ac.uk/~username/php/greeting.php?image=1">
<img src="image1.jpg"></a><p>
<A HREF="http://www.student.soc.napier.ac.uk/~username/php/greeting.php?image=2">
<img src="image2.jpg"></a><p>
<A HREF="http://www.student.soc.napier.ac.uk/~username/php/greeting.php?image=3">
<img src="image3.jpg"></a><p>
<A HREF="http://www.student.soc.napier.ac.uk/~username/php/greeting.php?image=4">
<img src="image4.jpg"></a><p>

All four URLs link to the same PHP file ("greeting.php") which uses a parameter ("image") to distinguish between the four images. This PHP file should produce a form with textboxes for the recipient's email address, the recipient's name and the message.

Upon submitting this form a second PHP file is invoked, which sends an email to the recipient. Because sending email from a form can be a security risk, you should not attempt this before security has been discussed in the lecture.

3.1 Exercises

6) For the greeting card example, write a PHP script that prints "you have selected image ..." and the number of the image selected. Then the PHP script prints textboxes for the recipient's email address, the recipient's name and the message.

7) The greeting card example shows that parameters can be added to a URL (for example "greeting?image=3"). Try what happens if you enter parameter values other than 1, 2, 3 or 4. Add an if statement to your PHP script that prints "not an acceptable selection" if the image number is not 1, 2, 3 or 4.