WebEngineering

Predefined (or standard library) functions are those functions which are already defined like the println() and the random(), whereas the userdefined functions are the functions those are created individually by the programmer in the program and will be called later and used. PHP has more than 1000 built-in functions.

Every function has a name including parameters in brackets. Important: Function names are NOT case-sensitive.

Consider, that local variables inside a function are only known in that specific context (context dependent).

• Local variables: only available inside a function.
• Global variables: instantiated outside of a function.
• Super-global variables: usually system variables, which are globally available.

The include statement takes all the text/code/markup that exists in the specified file and copies it into the file that uses the include statement. Including files is very useful when you want to include the same PHP, HTML, or text on multiple pages of a website. It is possible to insert the content of one PHP file into another PHP file (before the server executes it), with the include or require statement. Including files saves a lot of work. It is an adequate way of separation: This means that you can create a standard header, footer, or menu file for all your web pages. Then, when the header needs to be updated, you can only update the header include file.
However, there is one big difference between include and require:

When a file is included with the include statement and PHP cannot find it, the script will continue to execute. When a file is included with the require statement, and PHP cannot find it, the script execution dies after the require statement returned a fatal error.

A session is a way to store information to be used across multiple pages. Unlike a cookie, the information is not stored on the user’s computer. On the internet, there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn't maintain state. Session variables solve this problem by storing user information to be used across multiple pages (e.g. username, favorite color, etc). By default, session variables last until the user closes the browser. Session variables hold information about one single user, and are available to all pages in one application.

lueg noche

It is often the case that PHP applications are working directly with MySQL out of the box using MySQLi extension (the "i" stands for improved). Earlier versions of PHP used the MySQL extension. However, this extension was deprecated in 2012.

PHP 5 and later can work with a relational database using PDO (PHP Data Objects). PDO will work on 12 different database systems, whereas MySQLi will only work with MySQL databases.

The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver that implements the PDO interface can expose database-specific features as regular extension functions. PDO provides a data-access abstraction layer, which means that, regardless of which database you're using, you use the same functions to issue queries and fetch data.

The standard functionality is MySQLi. It is often the case that PHP applications are working directly with MySQL out of the box using MySQLi extension (“i” stands for improved). Earlier versions of PHP used the MySQL extension. However, this extension was deprecated in 2012.

PDO is an acronym for PHP Data Objects. PDO is a lean, consistent way to access databases. This means developers can write portable code much easier. PDO is not an abstraction layer like PearDB. PDO is a more like a data access layer which uses a unified API (Application Programming Interface).

PDO is what I concern your Swiss Army Knife in regards to database interactions. As mentioned here already, the advantages are enormous:

• Object Oriented
• Bind parameters in statements (security)
• Allows for prepared statements and rollback functionality (consistency)
• Throws catcheable exceptions for better error handling (quality)
• One API for a multitude of RDBMS brands

?????????????????????????????????

The usual solution is to move the password out of source-code into a configuration file (conf.env). Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.

The usual solution is to move the password out of source-code into a configuration file (conf.env). Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.

Directly hash passwords with the newest php hash function “password_hash(“abcd”, Password_Default). To verify passwords you can use the built in function “password_verify()”. To make sure that the password is always safely hashed, you need to check if it needs a rehash “password_needs_rehash”. PHP always updates the password hashing to make it more secure. Passwords should NEVER be stored anywhere unhashed ($_Session).

??

Use $this to refer to the current object. Use self to refer to the current class. In other words, use $this->member for non-static members, use self::$member for static members.

First you need to make sure that the class is known to the php file. For this you need to use “USE(databaseClass)”. To make use of the static functions you can just write “databaseClass->connect ()” For all nonstatic functions you need to create an object an use “databaseObject->read()”;

A constructor is a special function which is automatically called when an object is created. Classes which have a constructor method call this method on each newly-created object. The purpose of a constructor is it to put the object in a valid state, to allocate all the variables with the respective values etc.
Constructor overloading per se is not supported by PHP – unlike by Java for example. However, there are opportunities to do it. The best way to do this is with an optional param:

A destructor is basically the opposite of a constructor. It gives the object an opportunity to prepare to be killed. This could mean manual cleanup, state persistence, etc. For example, a Model may want to save all of its current properties back into the database. Or, a Database object itself might want to close the socket it is using to communicate to a database server. There are no arguments possible for destructors.
A destructor is called when an object is about to be freed from memory. Typically, it contains cleanup code (e.g. closing of file descriptors the object is holding). They are rare in PHP because PHP cleans all the resources held by the script when the script execution ends.

Create, retrieve, update and delete (CRUD) refers to the four major functions implemented in database applications. 
The CRUD functions are the user interfaces to databases, as they permit users to create, view, modify and alter data. CRUD works on entities in databases and manipulates these entities. Any simple database table enforces CRUD constraints.

For instance, we have a simple student database table which

• adds (creates) new student details,
• accesses (retrieves) existing student details,
• modifies (updates) existing student data such as subjects,
• and deletes (deletes) student details when students leave the school.

The commands corresponding to these operations in SQL are INSERT, SELECT, UPDATE and DELETE.

CRUD is actually just an acronym the four basic functions of the persistence layer.

The most efficient way to accomplish CRUD in

• SQL is through stored procedures.
• PHP through prepared statements.

DAO (Data Access Objects) is actually a J2EE (Java 2 Enterprise Edition) pattern. It can easily be implemented in PHP and helps greatly in separating database access from the rest of your code. The DAOs form a thin layer. The DAO layer can be 'stacked' which helps for instance if you want to add DB caching later when tuning your application.
A DAO typically implements the following methods:

• Create
• Read
• Update
• Delete

The DAO is basically the object you use to query your data source within your application. Rather than sprinkling SQL queries throughout your code, it allows you to encapsulate everything related to accessing your database within a single class. That way, if you ever change databases or need to tweak a query, you can do it in one place that's easy to find. Think of it like a filing cabinet that keeps all your papers from floating all over your desk.

A design pattern that helps to access the the db without changing the code

Business services is a general term that describes work that supports a business but does not produce a tangible commodity. Information technology (IT) is an important business service that supports many other business services such as procurement, shipping and finance.

PHP is weakly typed, which means that it will automatically convert data of an incorrect type into the expected type. This feature very often masks errors by the developer or injections of unexpected data, leading to vulnerabilities.
The comparison operator ‘==’ returns true if the content of two variables is the same. The comparison operator ‘===’ returns only true if the content and the type of two variable is the same. This can prevent errors which one may have to debug desperately for hours.

Injection means tricking an application into including unintended commands in the data sent to an interpreter. Interpreters take strings and interpret them as commands. SQL injections are still quite common even though it is very simple to avoid. The impact is usually severe. The entire database can usually be read or modified. SQL injections principally occur when a company does not protect itself against it (in form of updates and following general security rules).

1. Use dropdowns and checkboxes
2. Use parameterized/prepared PDO queries resp statements

XSS is a client-side code vulnerability which allow users to inject code on the website and infect it with that code to get things back from other users visiting the website. It can be used to get cookies, session tokens and other information. It can be seriously dangerous for web applications which have a lot of data and many users.

Always validate input, and sanitize it if necessary. Also: Use safe escaping schemes.

A template engine is software that processes a template file and replaces specific placeholders with current content, similar to a form.
PHP itself is already designed that you can mix PHP language constructs with other textual output such as HTML.
However, especially for PHP there are a very large number of engines.

can give additional functionalities to websites. As an example, you can assign values in that class with the __set() method and increase security with declaring the noHTML() function as to avoid html injections.

Input Validation is the correct testing for of any input that is supplied by something else. All applications require some type of user input. User input could come from a variety of sources, an end-user, another application, a malicious user, or any number of other sources. A malicious user is not going to announce that he/she is here to attack your software. This stands to reason that all input should be checked and validated, because you do not know exactly who or what is giving you input to process. Applications and software should check all input entered by a user, but this is not the only time that input should be checked.

Validation should happen as early as possible, in fact it is the first thing that should happen. Form validation can happen on the client using JavaScript, however, JavaScript can be disabled.

Access token: a secret that the client obtains upon successfully completing the authentication process.
add one level of indirection for authentication -- instead of having to authenticate with username and password for each protected resource, the user authenticates that way once (within a session of limited duration), obtains a time-limited token in return, and uses that token for further authentication during the session.
Advantages are many -- e.g., the user could pass the token, once they've obtained it, on to some other automated system which they're willing to trust for a limited time and a limited set of resources, but would not be willing to trust with their username and password (i.e., with every resource they're allowed to access, forevermore or at least until they change their password).

API stands for “Application Programming Interface”. An API is a set of functions used by information systems to access services and data from other information systems. So, in simple words, an API is a software intermediary that allows two applications to talk to each other.

The most popular technology is REST, which stands for “Representational State Transfer”. REST is a simple way of sending and receiving data between client and server and it doesn’t have very many standards defined. You can send and receive data s JSO, XML or even plain text. It’s light weighted compared to SOAP.
The 2^nd popular technology is SOAP, which stands for “Simple Object Access Protocol”. SOAP is a method of transferring messages, or small amounts of information, over the internet. SOAP messages are formatted in XML and are typicaly sent using HTTP.
The use of REST is often preferred over the more heavyweight SOAP (Simple Object Access Protocol) style because REST does not leverage as much bandwidth, which makes it a better fit for use over the Internet. The SOAP approach requires writing or using a provided server program (to serve data) and a client program (to request data).

The hypertext transfer protocol (HTTP) is designed to enable communications between clients and servers. HTTP works as a request-response protocol between a client and a server. A web browser may be the client, and an application on a computer that hosts a web site may be the server. Two commonly used methods for a request-response between a client and server are: GET and POST. GET requests data from a specified resource. POST submits data to be processed to a specified resource.