WebEngineering

Validation should happen as early as possible, in fact it is the first thing that should happen. Form validation can happen on the client using JavaScript, however, JavaScript can be disabled.

Access token: a secret that the client obtains upon successfully completing the authentication process.
add one level of indirection for authentication -- instead of having to authenticate with username and password for each protected resource, the user authenticates that way once (within a session of limited duration), obtains a time-limited token in return, and uses that token for further authentication during the session.
Advantages are many -- e.g., the user could pass the token, once they've obtained it, on to some other automated system which they're willing to trust for a limited time and a limited set of resources, but would not be willing to trust with their username and password (i.e., with every resource they're allowed to access, forevermore or at least until they change their password).

API stands for “Application Programming Interface”. An API is a set of functions used by information systems to access services and data from other information systems. So, in simple words, an API is a software intermediary that allows two applications to talk to each other.

The most popular technology is REST, which stands for “Representational State Transfer”. REST is a simple way of sending and receiving data between client and server and it doesn’t have very many standards defined. You can send and receive data s JSO, XML or even plain text. It’s light weighted compared to SOAP.
The 2^nd popular technology is SOAP, which stands for “Simple Object Access Protocol”. SOAP is a method of transferring messages, or small amounts of information, over the internet. SOAP messages are formatted in XML and are typicaly sent using HTTP.
The use of REST is often preferred over the more heavyweight SOAP (Simple Object Access Protocol) style because REST does not leverage as much bandwidth, which makes it a better fit for use over the Internet. The SOAP approach requires writing or using a provided server program (to serve data) and a client program (to request data).

The hypertext transfer protocol (HTTP) is designed to enable communications between clients and servers. HTTP works as a request-response protocol between a client and a server. A web browser may be the client, and an application on a computer that hosts a web site may be the server. Two commonly used methods for a request-response between a client and server are: GET and POST. GET requests data from a specified resource. POST submits data to be processed to a specified resource.

GET requests data from a specified resource. POST submits data to be processed to a specified resource.

• - POST (CRUD: create): Create a new resource.
• - GET (CRUD: read): Read a specific resource (by an identifier) or a collection of resources.
• - PUT (CRUD: update): Update a specific resource (by an identifier) or a collection of resources.
• - DELETE (CRUD: delete): Remove/delete a specific resource by an identifier.

A web service is a function that can be accessed by other programs over the web (Http). To clarify a bit, when you create a website in PHP that outputs HTML its target is the browser and by extension the human being reading the page in the browser. A web service is not targeted at humans but rather at other programs.
So, your PHP site that generates a random integer could be a web service if it outputs the integer in a format that may be consumed by another program. It might be in an XML format or another format, as long as other programs can understand the output.

REST stands for Representational State Transfer and it is based on the hypermedia architecture style. REST constraints are uniform, stateless, cacheable, client-server, layered system. The concept is based on resources, which will be addressed using ID’s. REST uses a limited range of standard methods. Resources are interlinked with other resources and every resource can have different representations. REST is a stateless communication.

Der Zweck von REST liegt schwerpunktmäßig auf der Maschine-zu-Maschine-Kommunikation. REST stellt eine einfache Alternative zu ähnlichen Verfahren wie SOAP und WSDL und dem verwandten Verfahren RPC dar. Anders als bei vielen verwandten Architekturen kodiert REST keine Methodeninformation in den URI, da der URI Ort und Namen der Ressource angibt, nicht aber die Funktionalität, die der Web-Dienst zu der Ressource anbietet. Der Vorteil von REST liegt darin, dass im WWW bereits ein Großteil der für REST nötigen Infrastruktur (z. B. Web- und Application-Server, HTTP-fähige Clients, HTML- und XML-Parser, Sicherheitsmechanismen) vorhanden ist, und viele Web-Dienste per se REST-konform sind. Eine Ressource kann dabei über verschiedene Medientypen dargestellt werden, auch Repräsentation der Ressource genannt.

JSON is a data-interchange format. It is very lightweight. While it is easy for humans to read and write, it is also easy for machines to parse and generate. It is based on a subset of the JavaScript programming language and it is a text format that is completely language independent. JSON is an ideal data-interchange language.
JSON is built on two structures:
- A collection of name/value pairs (in other languages realized as an object)
- An ordered list of values (in other languages realized as an array)

Usually, the requester tells the responder which format will be accepted when sending the HTTP request. However, in the response, the header contains the content-type of the data.

Client --> URL / Method / Header / Body  --> Server

Server --> Status Code / Header / Body --> Client

There is the HTTP status code which is sent with the reply on the request. E.g. 200 (success), 201 (created), 404 (not found), 401 (unauthorized)

For the authentication the client is providing its identity to the server. This can be done with the credentials: an API key or an API username and password. This information is sent within the header with a base64 -encoded string: as username:password. The API key is needed for the token authentication. It is a cryptic string (Sendgrid Key). The authorization is managed by the API itself.

AJAX stands for ‘Asynchronous JavaScript and XML. AJAX is not a programming language, AJAX just uses a combination of a browser built-in XMLHttpRequest object (to request data from a web server) and JavaScript and HTML DOM (to display or use the data). AJAX is a misleading name; AJAX applications might use XML to transport data, but it is essentially common to transport data as plain text or JSON element.
AJAX allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes. This means that it is possible to update parts of a web page, without reloading the whole page. Classic web pages, (which do not use AJAX) must reload the entire page if the content should change. Examples of applications using AJAX: Google Maps, Gmail, Youtube, and Facebook tabs.

jQuery is a lightweight, "write less, do more", JavaScript library.

The purpose of jQuery is to make it much easier to use JavaScript on your website.

jQuery takes a lot of common tasks that require many lines of JavaScript code to accomplish, and wraps them into methods that you can call with a single line of code.

jQuery also simplifies a lot of the complicated things from JavaScript, like AJAX calls and DOM manipulation.

The jQuery library contains the following features:

• HTML/DOM manipulation
• CSS manipulation
• HTML event methods
• Effects and animations
• AJAX
• Utilities

In addition, jQuery has plugins for almost any task out there. The main benefit is that you have to write less code. Furthermore, you can use plugins that accomplish tasks that you would have to code yourself.

The World Wide Web (WWW). It is an information space in which the items of interest, referred to as resources, are identified by global identifiers called Uniform Resource Identifiers (URI). Core specifications for web technologies:

• Uniform Resource Locator (URL)
• Hypertext Transfer Protocol (HTTP)
• Hypertext Markup Language (HTML)

HTTP is the most important service on the internet.

A client initiates a connection to a server with a request. This is sent via HTTP to a server. The server provides the resources. After that request, the server sends a response to the client. This response is in form of data, images, videos, music respectively.
In real world: the client connects to the server using TCP/IP protocol. The client sends then a request via HTTP to the server, e.g. in form of an URL. The server prepares the response, establishes the connection again and sends the response.
A request contains a method – the mostly used ones are GET and POST, where GET tells the server to send data and POST tells the server to store data in a database for example – a URL, the header that includes the host-server to which we are sending the request, the type of file that is accepted (“text/html”, “image”, etc.), the language accepted etc., as well as the body which contains data.
A response message contains the status code which tells the client whether the request succeeded or failed or whatever, e.g. the famous 404: file not found. Furthermore, it contains the header which provides a lot of data, e.g. the date, content-language etc. Finally, there’s the body that contains the data itself.

Static HTML websites are provided from the server. They are static, meaning that there is no dynamic content that changes. Static webpages are not very often found anymore these days. However, most of the websites accessed in the “darknet” via TOR-Browser still are static, due to security and speed.
Dynamic websites on the other hand contain information that changes, depending on the viewer, the time of the day, the time zone, the viewer's native language, and other factors.

In contrast to static Web pages, the content in dynamic web pages will be generated instantly when the user requests it. Examples: daily weather reports, stock quotes, vacant seats on flights, answers to queries to search engines, directories, catalogues. The Web server executes a program that fetches the requested data from databases (database server) and generates an HTML file. Finally, the web server sends the HTML data to the Web browser.

• Library A library is simply a collection of functions wrapped up into a package that can be imported into a code project and re-used. (e.g. JQuery)

• Framework Frame Work is a formatted structure, which may have both your code and library file. this describes a given structure of "how" you should present your code. (e.g. Laravel, Angular)

The key difference between a library and a framework is the “Inversion of Control”. When you call a method from a library, you are in control. But with a framework, the control is inverted; the framework calls you. The framework is more about the structure. Frameworks control the flow of your applications, libraries do not.

The CI (corporate identity) must often be considered. The marketing provides the guidelines, images, color schemes or logos for this process. However, the topic of images and logos is an aspect of web design that should not be underestimated. Images and logos can be provided in a wide variety of formats, sizes, or dimensions. In the web area, especially JPG, PNG, or SVG are used. Color schemes are usually implemented using CSS. Also, fonts should be selected carefully since this contributes to the website’s 1^st impression, furthermore, a convenient font makes it easier to read a text.
A design of a website is also often responsive. This means, that a website adapts to different devices and screen sizes. In the past, web designers were developing different layouts for different screen sizes. Nowadays, this goes a lot easier. Responsive websites are often realized by a template or a CSS framework such as Bootstrap.
Wireframing is a term used in web-design. Wireframes are simplistic drafts of how a website should look like. Based on the wireframes, the prototype is developed which actually resembles the final website.

Predefined (or standard library) functions are those functions which are already defined like the println() and the random(), whereas the userdefined functions are the functions those are created individually by the programmer in the program and will be called later and used. PHP has more than 1000 built-in functions.

Every function has a name including parameters in brackets. Important: Function names are NOT case-sensitive.

Consider, that local variables inside a function are only known in that specific context (context dependent).

• Local variables: only available inside a function.
• Global variables: instantiated outside of a function.
• Super-global variables: usually system variables, which are globally available.

The include statement takes all the text/code/markup that exists in the specified file and copies it into the file that uses the include statement. Including files is very useful when you want to include the same PHP, HTML, or text on multiple pages of a website. It is possible to insert the content of one PHP file into another PHP file (before the server executes it), with the include or require statement. Including files saves a lot of work. It is an adequate way of separation: This means that you can create a standard header, footer, or menu file for all your web pages. Then, when the header needs to be updated, you can only update the header include file.
However, there is one big difference between include and require:

When a file is included with the include statement and PHP cannot find it, the script will continue to execute. When a file is included with the require statement, and PHP cannot find it, the script execution dies after the require statement returned a fatal error.

A session is a way to store information to be used across multiple pages. Unlike a cookie, the information is not stored on the user’s computer. On the internet, there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn't maintain state. Session variables solve this problem by storing user information to be used across multiple pages (e.g. username, favorite color, etc). By default, session variables last until the user closes the browser. Session variables hold information about one single user, and are available to all pages in one application.

lueg noche

It is often the case that PHP applications are working directly with MySQL out of the box using MySQLi extension (the "i" stands for improved). Earlier versions of PHP used the MySQL extension. However, this extension was deprecated in 2012.

PHP 5 and later can work with a relational database using PDO (PHP Data Objects). PDO will work on 12 different database systems, whereas MySQLi will only work with MySQL databases.

The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver that implements the PDO interface can expose database-specific features as regular extension functions. PDO provides a data-access abstraction layer, which means that, regardless of which database you're using, you use the same functions to issue queries and fetch data.

The standard functionality is MySQLi. It is often the case that PHP applications are working directly with MySQL out of the box using MySQLi extension (“i” stands for improved). Earlier versions of PHP used the MySQL extension. However, this extension was deprecated in 2012.

PDO is an acronym for PHP Data Objects. PDO is a lean, consistent way to access databases. This means developers can write portable code much easier. PDO is not an abstraction layer like PearDB. PDO is a more like a data access layer which uses a unified API (Application Programming Interface).

PDO is what I concern your Swiss Army Knife in regards to database interactions. As mentioned here already, the advantages are enormous:

• Object Oriented
• Bind parameters in statements (security)
• Allows for prepared statements and rollback functionality (consistency)
• Throws catcheable exceptions for better error handling (quality)
• One API for a multitude of RDBMS brands