PHP: Hypertext Preprocessor is a widely used, general-purpose scripting language that was originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document. As a general-purpose programming language, PHP code is processed by an interpreter application in command-line mode performing desired operating system operations and producing program output on its standard output channel. It may also function as a graphical application. PHP is available as a processor for most modern web servers and as a standalone interpreter on most operating systems and computing platforms.
PHP was originally created by Rasmus Lerdorf in 1995[1][2] and has been in continuous development ever since. The main implementation of PHP is now produced by the PHP Group and serves as the de facto standard for PHP as there is no formal specification.[3] PHP is free software released under the PHP License.
Friday, August 27, 2010
WHAT IS PHP
PHP originally stood for personal home page.[3] Its development began in 1994 when the Danish/Greenlandic programmer Rasmus Lerdorf initially created a set of Perl scripts he called 'Personal Home Page Tools' to maintain his personal homepage, including tasks such as displaying his résumé and recording how much traffic his page was receiving.[3][4][5]
He rewrote these scripts as C programming language Common Gateway Interface (CGI) binaries, extending them to add the ability to work with web forms and to communicate with databases and called this implementation 'Personal Home Page/Forms Interpreter' or PHP/FI. PHP/FI could be used to build simple, dynamic web applications. Lerdorf released PHP/FI as 'Personal Home Page Tools (PHP Tools) version 1.0' publicly on June 8, 1995, to accelerate bug location and improve the code.[6] This release already had the basic functionality that PHP has today. This included Perl-like variables, form handling, and the ability to embed HTML. The syntax was similar to Perl but was more limited and simpler, although less consistent.[3] A development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997.
Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism PHP: Hypertext Preprocessor.[3] Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend Engine in 1999.[7] They also founded Zend Technologies in Ramat Gan, Israel.[3]
On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released.[3] As of August 2008 this branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates be released.[8][9]
On July 13, 2004, PHP 5 was released, powered by the new Zend Engine II.[3] PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects (PDO) extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements.[10] In 2008 PHP 5 became the only stable version under development. Late static binding had been missing from PHP and was added in version 5.3.[11][12]
A new major version has been under development alongside PHP 5 for several years. This version was originally planned to be released as PHP 6 as a result of its significant changes, which included plans for full Unicode support. However, Unicode support took developers much longer to implement than originally thought, and the decision was made in March 2010[13] to move the project to a branch, with features still under development moved to a trunk.
Changes in the new code include the removal of register_globals,[14] magic quotes, and safe mode.[8][15] The reason for the removals was that register_globals had given way to security holes, and the use of magic quotes had an unpredictable nature, and was best avoided. Instead, to escape characters, magic quotes may be replaced with the addslashes() function, or more appropriately an escape mechanism specific to the database vendor itself like mysql_real_escape_string() for MySQL. Functions that will be removed in future versions and have been deprecated in PHP 5.3 will produce a warning if used.[16]
Many high-profile open-source projects ceased to support PHP 4 in new code as of February 5, 2008, because of the GoPHP5 initiative,[17] provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.[18][19]
PHP currently does not have native support for Unicode or multibyte strings; Unicode support is under development for a future version of PHP and will allow strings as well as class, method, and function names to contain non-ASCII characters.[20][21]
PHP interpreters are available on both 32-bit and 64-bit operating systems, but on Microsoft Windows the only official distribution is a 32-bit implementation, requiring Windows 32-bit compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform. As of PHP 5.3.0, experimental 64-bit versions are available for MS Windows.[22]
[edit] Licensing
PHP is free software released under the PHP License, which insists that:
• The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission.[23]
This makes it incompatible with the GNU General Public License (GPL) because restrictions exist regarding the use of the term PHP.[24]
[edit] Release history
[edit] Usage
PHP is a general-purpose scripting language that is especially suited to server-side web development where PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content. It can also be used for command-line scripting and client-side GUI applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems. It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.[31]
PHP primarily acts as a filter,[32] taking input from a file or stream containing text and/or PHP instructions and outputs another stream of data; most commonly the output will be HTML. Since PHP 4, the PHP parser compiles input to produce bytecode for processing by the Zend Engine, giving improved performance over its interpreter predecessor.[33]
Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting,[34] and it is similar to other server-side scripting languages that provide dynamic content from a web server to a client, such as Microsoft's Active Server Pages, Sun Microsystems' JavaServer Pages,[35] and mod_perl. PHP has also attracted the development of many frameworks that provide building blocks and a design structure to promote rapid application development (RAD). Some of these include CakePHP, Symfony, CodeIgniter, and Zend Framework, offering features similar to other web application frameworks.
The LAMP architecture has become popular in the web industry as a way of deploying web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python or Perl or some combination of the three. WAMP packages (Windows/ Apache/ MySQL / PHP) are also available.
As of April 2007, over 20 million Internet domains had web services hosted on servers with PHP installed and mod_php was recorded as the most popular Apache HTTP Server module.[36] Significant websites are written in PHP including the user-facing portion of Facebook,[37] Wikipedia (MediaWiki),[38] Digg,[39] Joomla, eZ Publish, WordPress,[40] Drupal [41] and Moodle.[42]
[edit] Security
The National Vulnerability Database maintains a list of vulnerabilities found in computer software. The overall proportion of PHP-related vulnerabilities on the database amounted to: 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, 35% in 2008, and 30% in 2009.[43] Most of these PHP-related vulnerabilities can be exploited remotely: they allow crackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.
These vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language itself or of its core libraries are not frequent (23 in 2008, about 1% of the total). [44][45] Recognizing that programmers cannot be trusted, some languages include taint checking to detect automatically the lack of input validation which induces many issues. Such a feature is being developed for PHP,[46] but its inclusion in a release has been rejected several times in the past.[47][48]
Hosting PHP applications on a server requires a careful and constant attention to deal with these security risks.[49] There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.[50]
[edit] Syntax
Main article: PHP syntax and semantics
PHP Test
echo "Hello World";
/* echo("Hello World"); works as well, although echo isn't a
function, but a language construct. In some cases, such
as when multiple parameters are passed to echo, parameters
cannot be enclosed in parentheses. */
?>
PHP code embedded within HTML code
PHP only parses code within its delimiters. Anything outside its delimiters is sent directly to the output and is not processed by PHP (although non-PHP text is still subject to control structures described within PHP code). The most common delimiters are to close PHP sections. delimiters are also available, as are the shortened forms as well as ASP-style short forms <% or <%= and %>. While short delimiters are used, they make script files less portable as their purpose can be disabled in the PHP configuration, and so they are discouraged.[51] The purpose of all these delimiters is to separate PHP code from non-PHP code, including HTML.[52]
The first form of delimiters, , in XHTML and other XML documents, creates correctly formed XML 'processing instructions'.[53] This means that the resulting mixture of PHP code and other markup in the server-side file is itself well-formed XML.
Variables are prefixed with a dollar symbol and a type does not need to be specified in advance. Unlike function and class names, variable names are case sensitive. Both double-quoted ("") and heredoc strings allow the ability to embed a variable's value into the string.[54] PHP treats newlines as whitespace in the manner of a free-form language (except when inside string quotes), and statements are terminated by a semicolon.[55] PHP has three types of comment syntax: /* */ marks block and inline comments; // as well as # are used for one-line comments.[56] The echo statement is one of several facilities PHP provides to output text (e.g. to a web browser).
In terms of keywords and language syntax, PHP is similar to most high level languages that follow the C style syntax. If conditions, for and while loops, and function returns are similar in syntax to languages such as C, C++, Java and Perl.
[edit] Data types
PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Unsigned integers are converted to signed values in certain situations; this behavior is different from other programming languages.[57] Integer variables can be assigned using decimal (positive and negative), octal, and hexadecimal notations. Floating point numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation.[58] PHP has a native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C++.[58] The null data type represents a variable that has no value. The only value in the null data type is NULL.[58] Variables of the "resource" type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension; examples include file, image, and database resources.[58] Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled.[58] PHP also supports strings, which can be used with single quotes, double quotes, or heredoc syntax.[59]
The Standard PHP Library (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.[60]
[edit] Functions
PHP has hundreds of base functions and thousands more via extensions. These functions are well documented on the PHP site; however, the built-in library has a wide variety of naming conventions and inconsistencies. PHP currently has no functions for thread programming, although it does support multiprocess programming on POSIX systems.[61]
[edit] 5.2 and earlier
Functions are not first-class functions and can only be referenced by their name, directly or dynamically by a variable containing the name of the function.[62] User-defined functions can be created at any time without being prototyped.[62] Functions can be defined inside code blocks, permitting a run-time decision as to whether or not a function should be defined. Function calls must use parentheses, with the exception of zero argument class constructor functions called with the PHP new operator, where parentheses are optional. PHP supports quasi-anonymous functions through the create_function() function, although they are not true anonymous functions because anonymous functions are nameless, but functions can only be referenced by name, or indirectly through a variable $function_name();, in PHP.[62]
[edit] 5.3 and newer
PHP gained support for closures. True anonymous functions are supported using the following syntax:
function getAdder($x) {
return function ($y) use ($x) {
return $x + $y;
};
}
$adder = getAdder(8);
echo $adder(2); // prints "10"
Here, the getAdder() function creates a closure using the parameter $x (the keyword "use" imports a variable from the lexical context), which takes an additional argument $y and returns it to the caller. Such a function is a first class object, that means, it can be stored, passed as a parameter to other functions, etc. For more details see Lambda functions and closures RFC.
The goto flow control statement is used as follows:
function lock() {
$file = fopen('file.txt', 'r+');
retry:
if (!flock($file, LOCK_EX)) {
goto retry;
}
fwrite($file, 'Success!');
fclose($file);
return 0;
}
When lock() is called, PHP opens a file and tries to lock it. retry:, the target label, defines the point to which execution should return if flock() is unsuccessful and the goto retry; is called. goto is restricted and requires that the target label be in the same file and context.
[edit] Objects
Basic object-oriented programming functionality was added in PHP 3 and improved in PHP 4.[3] Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance.[63] In previous versions of PHP, objects were handled like value types.[63] The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and final classes as well as abstract methods and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with array syntax and objects implementing Iterator or IteratorAggregate can be used with the foreach language construct. There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.[64]
If the developer creates a copy of an object using the reserved word clone, the Zend engine will check if a __clone() method has been defined or not. If not, it will call a default __clone() which will copy the object's properties. If a __clone() method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports the properties of the source object, so that the programmer can start with a by-value replica of the source object and only override properties that need to be changed.[65]
Basic example of object-oriented programming as described above:
class Person {
public $first;
public $last;
public function __construct($f, $l) {
$this->first = $f;
$this->last = $l;
}
public function greeting() {
return "Hello, my name is {$this->first} {$this->last}.";
}
static public function staticGreeting($first, $last) {
return "Hello, my name is {$first} {$last}.";
}
}
$him = new Person('John', 'Smith');
$her = new Person('Sally', 'Davis');
echo $him->greeting(); // prints "Hello, my name is John Smith."
echo '
';
echo $her->greeting(); // prints "Hello, my name is Sally Davis."
echo '
';
echo Person::staticGreeting('Jane', 'Doe'); // prints "Hello, my name is Jane Doe."
[edit] Visibility of properties and methods
The visibility of PHP properties and methods refers to visibility in PHP. It is defined using the keywords "public," "private," and "protected." The default is public, if only var is used; "var" is a synonym for "public." Public declared items can be accessed everywhere. Protected limits access to inherited classes (and to the class that defines the item). Private limits visibility only to the class that defines the item.[66] Objects of the same type have access to each others private and protected members even though they are not the same instances. PHP's member visibility features have sometimes been described as "highly useful."[67] However, they have also sometimes been described as "at best irrelevant and at worst positively harmful."[68]
[edit] Speed optimization
PHP source code is compiled on-the-fly to an internal format that can be executed by the PHP engine.[69][70] In order to speed up execution time and not have to compile the PHP source code every time the webpage is accessed, PHP scripts can also be deployed in executable format using a PHP compiler.
Code optimizers aim to reduce the runtime of the compiled code by reducing its size and making other changes that can reduce the execution time with the goal of improving performance. The nature of the PHP compiler is such that there are often opportunities for code optimization,[71] and an example of a code optimizer is the eAccelerator PHP extension.[72]
Another approach for reducing overhead for high load PHP servers is using an opcode cache. Opcode caches work by caching the compiled form of a PHP script (opcodes) in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. An opcode cache, APC, will be built into an upcoming release of PHP.[73] Opcode caching is also available in Zend Server Community Edition.
[edit] Compilers
The PHP language was originally implemented using a PHP interpreter. Several compilers now exist, which decouple the PHP language from the interpreter:
• phc - a C++ based compiler for PHP, using the Zend run-time for maximum compatibility
• Roadsend - achieves native compilation by compiling to bigloo scheme, which in turn is compiled to C, then to machine code
• Raven - a rewrite of Roadsend PHP (rphp), based on LLVM and a new C++ runtime
• Phalanger - compiles source code written in the PHP scripting language into CIL byte-code
• Caucho Resin/Quercus - compiles PHP to Java bytecode
• HipHop - developed at Facebook and now available as open source, transforms the PHP Script into C++, then compiles it.
• php-to-scala - converts PHP to human-readable Scala source code, which the developer can compile to Java bytecode
Advantages of compilation include not only better execution speed, but also obfuscation, static analysis, and improved interoperability with code written in other languages.[74]
[edit] Resources
PHP includes free and open source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing FTP servers, many database servers, embedded SQL libraries such as embedded PostgreSQL, MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as those in the stdio family are available in the standard PHP build.[75]
PHP allows developers to write extensions in C to add functionality to the PHP language. These can then be compiled into PHP or loaded dynamically at runtime. Extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Some more unusual features include integration with Internet Relay Chat, dynamic generation of images and Adobe Flash content, and even speech synthesis. The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.[76]
[edit] Background of phpWebSite
PhpWebSite began with the release of version 0.7.0 on January 29, 2001 as a fork of Phpnuke.
PhpWebSite 0.8.x implemented broad changes to Phpnuke, including the ability to install modules.
A complete rewrite of the phpWebSite began in March 2002. The goals were to remove all Phpnuke code, increase modularity, and allow multiple installs to run off a single hub of code. The developers released the rewrite as phpWebsite 0.9.0 stable on February 2, 2003.
0.10.0 was released on November 24, 2005. It contained the same core as 0.9.x, but new default modules, themes, features and bug fixes. The final release in this series was 0.10.2, which was not compatible with php5. An unreleased version .11 fixed compatibility issues, but development on this series has ceased.
PhpWebSite 1.x (codename:Fallout) began development in 2003 with the core and core modules rewritten again for new functionality and ease-of-use issues. The first edition 1.0.0 has been available since November 2006. The current version is 1.6.3, released in June 2009.
[edit] Features of phpWebSite
PhpWebSite is programmed using the PHP scripting language and utilizes PHP Extension and Application Repository (or PEAR) libraries. Versions 0.7.x to 0.10.x require a MySQL database. PhpWebSite 1.x.x supports PostgreSQL as well. It was written to run under the Apache HTTP Server.
PhpWebSite is a content management system (CMS) which is often used by community groups and education users. Although offered to the public, its focus is serving Appalachian State University. Electronic Student Services (ESS), a department at Appalachian State, developed phpWebSite to make it easier for staff to build and update their web sites. ESS also wished to standardize the Student Development web presence and make sure it complied with the Web Accessibility Initiative (WAI).
PhpWebSite is a customizable, modular package; each component can be installed, updated, or modified by the phpWebSite administrator. PhpWebSite extends the customization to the user with selectable themes and HTML templates.
Although PhpWebSite modules cover functions like blogging, photo galleries, and bulletin boards, they often are not as feature-rich as dedicated web programs such as Word Press, Gallery Project, or phpBB. ESS focuses on the core library files in order to ease internal module development. Since many modules focus on university users, the content modules suffer in complexity.
For more information, see the Features page at http://phpwebsite.appstate.edu/.
[edit] Major Components
phpWebSite provides components in these general categories:
[edit] Content Creation and Management Tools
These features enable administrators and users to create, display, and maintain online-accessible content including text, documents, files, images, links, and more.
[edit] Content Organization Tools and Navigation Aids
These features enable administrators and users to organize, structure, and present content in a manageable way.
[edit] Communication Tools
These features enable administrators and users to communicate with each other (and the outside world) by means of numerous media, including internal messaging, email, data interchange, and more.
[edit] Configuration Tools and Administration Tools
These features enable administrators (and users who have been given the appropriate permissions) to configure and administer all aspects of a phpWebSite site.
phpWebsite utilizes a control panel approach to manage content and administer the system. Permissions are granular meaning general content contributors have no access to the administrative functions.
There is some work to be done prior to installing, but phpWebsite does checks for you to determine if your version of PHP meets the minimum requirements and whether certain features are enabled/disabled. Once you get past that initial screen, installing is nearly automatic. phpWebsite requires a backend database, most commonly used is MySQL.
[edit] Development Tools
These features enable administrators (and users who have been given the appropriate permissions) to develop modules for phpWebSite.
In addition, phpWebSite allows each user to choose from several different pre-defined visual styles/themes/skins. These themes are implemented using CSS and template files. Additional themes can be created by the phpWebSite administrator for branding or customizing the look of their website. This requires familiarity with CSS and templates. There are a number of themes to choose from and these can be previewed online. A large proportion of the themes are free to download and use. Commercial themes exist for purchase and commercial theme design services are also available.
[edit] Third Party Tools
A large number of third party modules exist for phpWebSite. These tools extend the capabilities of phpWebSite and because it uses an object-oriented framework the modules work together to build a customized CMS. These modules include tools across all major component categories and are constantly being updated and extended by the developer community. For more information, an extensive listing of third party modules can be found on the official phpWebSite web site.
He rewrote these scripts as C programming language Common Gateway Interface (CGI) binaries, extending them to add the ability to work with web forms and to communicate with databases and called this implementation 'Personal Home Page/Forms Interpreter' or PHP/FI. PHP/FI could be used to build simple, dynamic web applications. Lerdorf released PHP/FI as 'Personal Home Page Tools (PHP Tools) version 1.0' publicly on June 8, 1995, to accelerate bug location and improve the code.[6] This release already had the basic functionality that PHP has today. This included Perl-like variables, form handling, and the ability to embed HTML. The syntax was similar to Perl but was more limited and simpler, although less consistent.[3] A development team began to form and, after months of work and beta testing, officially released PHP/FI 2 in November 1997.
Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive initialism PHP: Hypertext Preprocessor.[3] Afterwards, public testing of PHP 3 began, and the official launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core, producing the Zend Engine in 1999.[7] They also founded Zend Technologies in Ramat Gan, Israel.[3]
On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released.[3] As of August 2008 this branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates be released.[8][9]
On July 13, 2004, PHP 5 was released, powered by the new Zend Engine II.[3] PHP 5 included new features such as improved support for object-oriented programming, the PHP Data Objects (PDO) extension (which defines a lightweight and consistent interface for accessing databases), and numerous performance enhancements.[10] In 2008 PHP 5 became the only stable version under development. Late static binding had been missing from PHP and was added in version 5.3.[11][12]
A new major version has been under development alongside PHP 5 for several years. This version was originally planned to be released as PHP 6 as a result of its significant changes, which included plans for full Unicode support. However, Unicode support took developers much longer to implement than originally thought, and the decision was made in March 2010[13] to move the project to a branch, with features still under development moved to a trunk.
Changes in the new code include the removal of register_globals,[14] magic quotes, and safe mode.[8][15] The reason for the removals was that register_globals had given way to security holes, and the use of magic quotes had an unpredictable nature, and was best avoided. Instead, to escape characters, magic quotes may be replaced with the addslashes() function, or more appropriately an escape mechanism specific to the database vendor itself like mysql_real_escape_string() for MySQL. Functions that will be removed in future versions and have been deprecated in PHP 5.3 will produce a warning if used.[16]
Many high-profile open-source projects ceased to support PHP 4 in new code as of February 5, 2008, because of the GoPHP5 initiative,[17] provided by a consortium of PHP developers promoting the transition from PHP 4 to PHP 5.[18][19]
PHP currently does not have native support for Unicode or multibyte strings; Unicode support is under development for a future version of PHP and will allow strings as well as class, method, and function names to contain non-ASCII characters.[20][21]
PHP interpreters are available on both 32-bit and 64-bit operating systems, but on Microsoft Windows the only official distribution is a 32-bit implementation, requiring Windows 32-bit compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform. As of PHP 5.3.0, experimental 64-bit versions are available for MS Windows.[22]
[edit] Licensing
PHP is free software released under the PHP License, which insists that:
• The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission.[23]
This makes it incompatible with the GNU General Public License (GPL) because restrictions exist regarding the use of the term PHP.[24]
[edit] Release history
[edit] Usage
PHP is a general-purpose scripting language that is especially suited to server-side web development where PHP generally runs on a web server. Any PHP code in a requested file is executed by the PHP runtime, usually to create dynamic web page content. It can also be used for command-line scripting and client-side GUI applications. PHP can be deployed on most web servers, many operating systems and platforms, and can be used with many relational database management systems. It is available free of charge, and the PHP Group provides the complete source code for users to build, customize and extend for their own use.[31]
PHP primarily acts as a filter,[32] taking input from a file or stream containing text and/or PHP instructions and outputs another stream of data; most commonly the output will be HTML. Since PHP 4, the PHP parser compiles input to produce bytecode for processing by the Zend Engine, giving improved performance over its interpreter predecessor.[33]
Originally designed to create dynamic web pages, PHP now focuses mainly on server-side scripting,[34] and it is similar to other server-side scripting languages that provide dynamic content from a web server to a client, such as Microsoft's Active Server Pages, Sun Microsystems' JavaServer Pages,[35] and mod_perl. PHP has also attracted the development of many frameworks that provide building blocks and a design structure to promote rapid application development (RAD). Some of these include CakePHP, Symfony, CodeIgniter, and Zend Framework, offering features similar to other web application frameworks.
The LAMP architecture has become popular in the web industry as a way of deploying web applications. PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL, although the P may also refer to Python or Perl or some combination of the three. WAMP packages (Windows/ Apache/ MySQL / PHP) are also available.
As of April 2007, over 20 million Internet domains had web services hosted on servers with PHP installed and mod_php was recorded as the most popular Apache HTTP Server module.[36] Significant websites are written in PHP including the user-facing portion of Facebook,[37] Wikipedia (MediaWiki),[38] Digg,[39] Joomla, eZ Publish, WordPress,[40] Drupal [41] and Moodle.[42]
[edit] Security
The National Vulnerability Database maintains a list of vulnerabilities found in computer software. The overall proportion of PHP-related vulnerabilities on the database amounted to: 20% in 2004, 28% in 2005, 43% in 2006, 36% in 2007, 35% in 2008, and 30% in 2009.[43] Most of these PHP-related vulnerabilities can be exploited remotely: they allow crackers to steal or destroy data from data sources linked to the webserver (such as an SQL database), send spam or contribute to DoS attacks using malware, which itself can be installed on the vulnerable servers.
These vulnerabilities are caused mostly by not following best practice programming rules: technical security flaws of the language itself or of its core libraries are not frequent (23 in 2008, about 1% of the total). [44][45] Recognizing that programmers cannot be trusted, some languages include taint checking to detect automatically the lack of input validation which induces many issues. Such a feature is being developed for PHP,[46] but its inclusion in a release has been rejected several times in the past.[47][48]
Hosting PHP applications on a server requires a careful and constant attention to deal with these security risks.[49] There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.[50]
[edit] Syntax
Main article: PHP syntax and semantics
echo "Hello World";
/* echo("Hello World"); works as well, although echo isn't a
function, but a language construct. In some cases, such
as when multiple parameters are passed to echo, parameters
cannot be enclosed in parentheses. */
?>
PHP code embedded within HTML code
PHP only parses code within its delimiters. Anything outside its delimiters is sent directly to the output and is not processed by PHP (although non-PHP text is still subject to control structures described within PHP code). The most common delimiters are to close PHP sections. delimiters are also available, as are the shortened forms as well as ASP-style short forms <% or <%= and %>. While short delimiters are used, they make script files less portable as their purpose can be disabled in the PHP configuration, and so they are discouraged.[51] The purpose of all these delimiters is to separate PHP code from non-PHP code, including HTML.[52]
The first form of delimiters, , in XHTML and other XML documents, creates correctly formed XML 'processing instructions'.[53] This means that the resulting mixture of PHP code and other markup in the server-side file is itself well-formed XML.
Variables are prefixed with a dollar symbol and a type does not need to be specified in advance. Unlike function and class names, variable names are case sensitive. Both double-quoted ("") and heredoc strings allow the ability to embed a variable's value into the string.[54] PHP treats newlines as whitespace in the manner of a free-form language (except when inside string quotes), and statements are terminated by a semicolon.[55] PHP has three types of comment syntax: /* */ marks block and inline comments; // as well as # are used for one-line comments.[56] The echo statement is one of several facilities PHP provides to output text (e.g. to a web browser).
In terms of keywords and language syntax, PHP is similar to most high level languages that follow the C style syntax. If conditions, for and while loops, and function returns are similar in syntax to languages such as C, C++, Java and Perl.
[edit] Data types
PHP stores whole numbers in a platform-dependent range. This range is typically that of 32-bit signed integers. Unsigned integers are converted to signed values in certain situations; this behavior is different from other programming languages.[57] Integer variables can be assigned using decimal (positive and negative), octal, and hexadecimal notations. Floating point numbers are also stored in a platform-specific range. They can be specified using floating point notation, or two forms of scientific notation.[58] PHP has a native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C++.[58] The null data type represents a variable that has no value. The only value in the null data type is NULL.[58] Variables of the "resource" type represent references to resources from external sources. These are typically created by functions from a particular extension, and can only be processed by functions from the same extension; examples include file, image, and database resources.[58] Arrays can contain elements of any type that PHP can handle, including resources, objects, and even other arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two can be intermingled.[58] PHP also supports strings, which can be used with single quotes, double quotes, or heredoc syntax.[59]
The Standard PHP Library (SPL) attempts to solve standard problems and implements efficient data access interfaces and classes.[60]
[edit] Functions
PHP has hundreds of base functions and thousands more via extensions. These functions are well documented on the PHP site; however, the built-in library has a wide variety of naming conventions and inconsistencies. PHP currently has no functions for thread programming, although it does support multiprocess programming on POSIX systems.[61]
[edit] 5.2 and earlier
Functions are not first-class functions and can only be referenced by their name, directly or dynamically by a variable containing the name of the function.[62] User-defined functions can be created at any time without being prototyped.[62] Functions can be defined inside code blocks, permitting a run-time decision as to whether or not a function should be defined. Function calls must use parentheses, with the exception of zero argument class constructor functions called with the PHP new operator, where parentheses are optional. PHP supports quasi-anonymous functions through the create_function() function, although they are not true anonymous functions because anonymous functions are nameless, but functions can only be referenced by name, or indirectly through a variable $function_name();, in PHP.[62]
[edit] 5.3 and newer
PHP gained support for closures. True anonymous functions are supported using the following syntax:
function getAdder($x) {
return function ($y) use ($x) {
return $x + $y;
};
}
$adder = getAdder(8);
echo $adder(2); // prints "10"
Here, the getAdder() function creates a closure using the parameter $x (the keyword "use" imports a variable from the lexical context), which takes an additional argument $y and returns it to the caller. Such a function is a first class object, that means, it can be stored, passed as a parameter to other functions, etc. For more details see Lambda functions and closures RFC.
The goto flow control statement is used as follows:
function lock() {
$file = fopen('file.txt', 'r+');
retry:
if (!flock($file, LOCK_EX)) {
goto retry;
}
fwrite($file, 'Success!');
fclose($file);
return 0;
}
When lock() is called, PHP opens a file and tries to lock it. retry:, the target label, defines the point to which execution should return if flock() is unsuccessful and the goto retry; is called. goto is restricted and requires that the target label be in the same file and context.
[edit] Objects
Basic object-oriented programming functionality was added in PHP 3 and improved in PHP 4.[3] Object handling was completely rewritten for PHP 5, expanding the feature set and enhancing performance.[63] In previous versions of PHP, objects were handled like value types.[63] The drawback of this method was that the whole object was copied when a variable was assigned or passed as a parameter to a method. In the new approach, objects are referenced by handle, and not by value. PHP 5 introduced private and protected member variables and methods, along with abstract classes and final classes as well as abstract methods and final methods. It also introduced a standard way of declaring constructors and destructors, similar to that of other object-oriented languages such as C++, and a standard exception handling model. Furthermore, PHP 5 added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be used with array syntax and objects implementing Iterator or IteratorAggregate can be used with the foreach language construct. There is no virtual table feature in the engine, so static variables are bound with a name instead of a reference at compile time.[64]
If the developer creates a copy of an object using the reserved word clone, the Zend engine will check if a __clone() method has been defined or not. If not, it will call a default __clone() which will copy the object's properties. If a __clone() method is defined, then it will be responsible for setting the necessary properties in the created object. For convenience, the engine will supply a function that imports the properties of the source object, so that the programmer can start with a by-value replica of the source object and only override properties that need to be changed.[65]
Basic example of object-oriented programming as described above:
class Person {
public $first;
public $last;
public function __construct($f, $l) {
$this->first = $f;
$this->last = $l;
}
public function greeting() {
return "Hello, my name is {$this->first} {$this->last}.";
}
static public function staticGreeting($first, $last) {
return "Hello, my name is {$first} {$last}.";
}
}
$him = new Person('John', 'Smith');
$her = new Person('Sally', 'Davis');
echo $him->greeting(); // prints "Hello, my name is John Smith."
echo '
';
echo $her->greeting(); // prints "Hello, my name is Sally Davis."
echo '
';
echo Person::staticGreeting('Jane', 'Doe'); // prints "Hello, my name is Jane Doe."
[edit] Visibility of properties and methods
The visibility of PHP properties and methods refers to visibility in PHP. It is defined using the keywords "public," "private," and "protected." The default is public, if only var is used; "var" is a synonym for "public." Public declared items can be accessed everywhere. Protected limits access to inherited classes (and to the class that defines the item). Private limits visibility only to the class that defines the item.[66] Objects of the same type have access to each others private and protected members even though they are not the same instances. PHP's member visibility features have sometimes been described as "highly useful."[67] However, they have also sometimes been described as "at best irrelevant and at worst positively harmful."[68]
[edit] Speed optimization
PHP source code is compiled on-the-fly to an internal format that can be executed by the PHP engine.[69][70] In order to speed up execution time and not have to compile the PHP source code every time the webpage is accessed, PHP scripts can also be deployed in executable format using a PHP compiler.
Code optimizers aim to reduce the runtime of the compiled code by reducing its size and making other changes that can reduce the execution time with the goal of improving performance. The nature of the PHP compiler is such that there are often opportunities for code optimization,[71] and an example of a code optimizer is the eAccelerator PHP extension.[72]
Another approach for reducing overhead for high load PHP servers is using an opcode cache. Opcode caches work by caching the compiled form of a PHP script (opcodes) in shared memory to avoid the overhead of parsing and compiling the code every time the script runs. An opcode cache, APC, will be built into an upcoming release of PHP.[73] Opcode caching is also available in Zend Server Community Edition.
[edit] Compilers
The PHP language was originally implemented using a PHP interpreter. Several compilers now exist, which decouple the PHP language from the interpreter:
• phc - a C++ based compiler for PHP, using the Zend run-time for maximum compatibility
• Roadsend - achieves native compilation by compiling to bigloo scheme, which in turn is compiled to C, then to machine code
• Raven - a rewrite of Roadsend PHP (rphp), based on LLVM and a new C++ runtime
• Phalanger - compiles source code written in the PHP scripting language into CIL byte-code
• Caucho Resin/Quercus - compiles PHP to Java bytecode
• HipHop - developed at Facebook and now available as open source, transforms the PHP Script into C++, then compiles it.
• php-to-scala - converts PHP to human-readable Scala source code, which the developer can compile to Java bytecode
Advantages of compilation include not only better execution speed, but also obfuscation, static analysis, and improved interoperability with code written in other languages.[74]
[edit] Resources
PHP includes free and open source libraries with the core build. PHP is a fundamentally Internet-aware system with modules built in for accessing FTP servers, many database servers, embedded SQL libraries such as embedded PostgreSQL, MySQL and SQLite, LDAP servers, and others. Many functions familiar to C programmers such as those in the stdio family are available in the standard PHP build.[75]
PHP allows developers to write extensions in C to add functionality to the PHP language. These can then be compiled into PHP or loaded dynamically at runtime. Extensions have been written to add support for the Windows API, process management on Unix-like operating systems, multibyte strings (Unicode), cURL, and several popular compression formats. Some more unusual features include integration with Internet Relay Chat, dynamic generation of images and Adobe Flash content, and even speech synthesis. The PHP Extension Community Library (PECL) project is a repository for extensions to the PHP language.[76]
[edit] Background of phpWebSite
PhpWebSite began with the release of version 0.7.0 on January 29, 2001 as a fork of Phpnuke.
PhpWebSite 0.8.x implemented broad changes to Phpnuke, including the ability to install modules.
A complete rewrite of the phpWebSite began in March 2002. The goals were to remove all Phpnuke code, increase modularity, and allow multiple installs to run off a single hub of code. The developers released the rewrite as phpWebsite 0.9.0 stable on February 2, 2003.
0.10.0 was released on November 24, 2005. It contained the same core as 0.9.x, but new default modules, themes, features and bug fixes. The final release in this series was 0.10.2, which was not compatible with php5. An unreleased version .11 fixed compatibility issues, but development on this series has ceased.
PhpWebSite 1.x (codename:Fallout) began development in 2003 with the core and core modules rewritten again for new functionality and ease-of-use issues. The first edition 1.0.0 has been available since November 2006. The current version is 1.6.3, released in June 2009.
[edit] Features of phpWebSite
PhpWebSite is programmed using the PHP scripting language and utilizes PHP Extension and Application Repository (or PEAR) libraries. Versions 0.7.x to 0.10.x require a MySQL database. PhpWebSite 1.x.x supports PostgreSQL as well. It was written to run under the Apache HTTP Server.
PhpWebSite is a content management system (CMS) which is often used by community groups and education users. Although offered to the public, its focus is serving Appalachian State University. Electronic Student Services (ESS), a department at Appalachian State, developed phpWebSite to make it easier for staff to build and update their web sites. ESS also wished to standardize the Student Development web presence and make sure it complied with the Web Accessibility Initiative (WAI).
PhpWebSite is a customizable, modular package; each component can be installed, updated, or modified by the phpWebSite administrator. PhpWebSite extends the customization to the user with selectable themes and HTML templates.
Although PhpWebSite modules cover functions like blogging, photo galleries, and bulletin boards, they often are not as feature-rich as dedicated web programs such as Word Press, Gallery Project, or phpBB. ESS focuses on the core library files in order to ease internal module development. Since many modules focus on university users, the content modules suffer in complexity.
For more information, see the Features page at http://phpwebsite.appstate.edu/.
[edit] Major Components
phpWebSite provides components in these general categories:
[edit] Content Creation and Management Tools
These features enable administrators and users to create, display, and maintain online-accessible content including text, documents, files, images, links, and more.
[edit] Content Organization Tools and Navigation Aids
These features enable administrators and users to organize, structure, and present content in a manageable way.
[edit] Communication Tools
These features enable administrators and users to communicate with each other (and the outside world) by means of numerous media, including internal messaging, email, data interchange, and more.
[edit] Configuration Tools and Administration Tools
These features enable administrators (and users who have been given the appropriate permissions) to configure and administer all aspects of a phpWebSite site.
phpWebsite utilizes a control panel approach to manage content and administer the system. Permissions are granular meaning general content contributors have no access to the administrative functions.
There is some work to be done prior to installing, but phpWebsite does checks for you to determine if your version of PHP meets the minimum requirements and whether certain features are enabled/disabled. Once you get past that initial screen, installing is nearly automatic. phpWebsite requires a backend database, most commonly used is MySQL.
[edit] Development Tools
These features enable administrators (and users who have been given the appropriate permissions) to develop modules for phpWebSite.
In addition, phpWebSite allows each user to choose from several different pre-defined visual styles/themes/skins. These themes are implemented using CSS and template files. Additional themes can be created by the phpWebSite administrator for branding or customizing the look of their website. This requires familiarity with CSS and templates. There are a number of themes to choose from and these can be previewed online. A large proportion of the themes are free to download and use. Commercial themes exist for purchase and commercial theme design services are also available.
[edit] Third Party Tools
A large number of third party modules exist for phpWebSite. These tools extend the capabilities of phpWebSite and because it uses an object-oriented framework the modules work together to build a customized CMS. These modules include tools across all major component categories and are constantly being updated and extended by the developer community. For more information, an extensive listing of third party modules can be found on the official phpWebSite web site.
WHAT IS ASP AND ASP.NET
History
After the release of Internet Information Services 4.0 in 1997, Microsoft began researching possibilities for a new web application model that would solve common complaints about ASP, especially with regard to separation of presentation and content and being able to write "clean" code.[1] Mark Anders, a manager on the IIS team, and Scott Guthrie, who had joined Microsoft in 1997 after graduating from Duke University, were tasked with determining what that model would look like. The initial design was developed over the course of two months by Anders and Guthrie, and Guthrie coded the initial prototypes during the Christmas holidays in 1997.[2]
Scott Guthrie (Microsoft Developer Division VP) in 2007
The initial prototype was called "XSP"; Guthrie explained in a 2007 interview that, "People would always ask what the X stood for. At the time it really didn't stand for anything. XML started with that; XSLT started with that. Everything cool seemed to start with an X, so that's what we originally named it."[1] The initial prototype of XSP was done using Java,[3] but it was soon decided to build the new platform on top of the Common Language Runtime (CLR), as it offered an object-oriented programming environment, garbage collection and other features that were seen as desirable features that Microsoft's Component Object Model platform didn't support. Guthrie described this decision as a "huge risk", as the success of their new web development platform would be tied to the success of the CLR, which, like XSP, was still in the early stages of development, so much so that the XSP team was the first team at Microsoft to target the CLR.
With the move to the Common Language Runtime, XSP was re-implemented in C# (known internally as "Project Cool" but kept secret from the public), and the name changed to ASP+, as by this point the new platform was seen as being the successor to Active Server Pages, and the intention was to provide an easy migration path for ASP developers.[4]
Mark Anders first demonstrated ASP+ at the ASP Connections conference in Phoenix, Arizona on May 2, 2000. Demonstrations to the wide public and initial beta release of ASP+ (and the rest of the .NET Framework) came at the 2000 Professional Developers Conference on July 11, 2000 in Orlando, Florida. During Bill Gates' keynote presentation, Fujitsu demonstrated ASP+ being used in conjunction with COBOL,[5] and support for a variety of other languages was announced, including Microsoft's new Visual Basic .NET and C# languages, as well as Python and Perl support by way of interoperability tools created by ActiveState.[6]
Once the ".NET" branding was decided on in the second half of 2000, it was decided to rename ASP+ to ASP.NET. Mark Anders explained on an appearance on The MSDN Show that year that, "The .NET initiative is really about a number of factors, it's about delivering software as a service, it's about XML and web services and really enhancing the Internet in terms of what it can do ... we really wanted to bring its name more in line with the rest of the platform pieces that make up the .NET framework."[4]
After four years of development, and a series of beta releases in 2000 and 2001, ASP.NET 1.0 was released on January 5, 2002 as part of version 1.0 of the .NET Framework. Even prior to the release, dozens of books had been written about ASP.NET,[7] and Microsoft promoted it heavily as part of their platform for web services. Guthrie became the product unit manager for ASP.NET, and development continued apace, with version 1.1 being released on April 24, 2003 as a part of Windows Server 2003. This release focused on improving ASP.NET's support for mobile devices.
[edit] Characteristics
[edit] Pages
.NET pages, known officially as "web forms", are the main building block for application development.[8] Web forms are contained in files with an ".aspx" extension; these files typically contain static (X)HTML markup, as well as markup defining server-side Web Controls and User Controls where the developers place all the required static and dynamic content for the web page. Additionally, dynamic code which runs on the server can be placed in a page within a block <% -- dynamic code -- %> which is similar to other web development technologies such as PHP, JSP, and ASP, but this practice is generally discouraged except for the purposes of data binding since it requires more calls when rendering the page.[citation needed]
Note that this sample uses code "inline", as opposed to code-behind.
<%@ Page Language="C#" %>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Sample page
[edit] Code-behind model
Microsoft recommends dealing with dynamic program code by using the code-behind model, which places this code in a separate file or in a specially designated script tag. Code-behind files typically have names like MyPage.aspx.cs or MyPage.aspx.vb while the page file is MyPage.aspx (same filename as the page file (ASPX), but with the final extension denoting the page language). This practice is automatic in Microsoft Visual Studio and other IDEs. When using this style of programming, the developer writes code to respond to different events, like the page being loaded, or a control being clicked, rather than a procedural walk through the document.
ASP.NET's code-behind model marks a departure from Classic ASP in that it encourages developers to build applications with separation of presentation and content in mind. In theory, this would allow a web designer, for example, to focus on the design markup with less potential for disturbing the programming code that drives it. This is similar to the separation of the controller from the view in model-view-controller frameworks.
[edit] Example
<%@ Page Language="C#" CodeFile="SampleCodeBehind.aspx.cs" Inherits="Website.SampleCodeBehind"
AutoEventWireup="true" %>
The above tag is placed at the beginning of the ASPX file. The CodeFile property of the @ Page directive specifies the file (.cs or .vb) acting as the code-behind while the Inherits property specifies the Class the Page derives from. In this example, the @ Page directive is included in SampleCodeBehind.aspx, then SampleCodeBehind.aspx.cs acts as the code-behind for this page:
using System;
namespace Website
{
public partial class SampleCodeBehind : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write("Hello, world");
}
}
}
In this case, the Page_Load() method is called every time the ASPX page is requested. The programmer can implement event handlers at several stages of the page execution process to perform processing.
[edit] User controls
User controls are encapsulations of sections of pages which are registered and used as controls in ASP.NET. User controls are created as ASCX markup files. These files usually contain static (X)HTML markup, as well as markup defining server-side web controls where the developers place all the required static and dynamic content. A user control is compiled when its containing page is requested and is stored in memory for subsequent requests. User controls have their own events which are handled during the life of ASP.NET requests. An event bubbling mechanism provides the ability to pass an event fired by a user control up to its containing page. Unlike an ASP.NET page, a user control cannot be requested independently; one of its containing pages is requested instead.
[edit] Custom controls
Programmers can also build custom controls for ASP.NET applications. Unlike user controls, these controls don't have an ASCX markup file, having all their code compiled into a DLL file. Such custom controls can be used across multiple web applications and Visual Studio projects (which is not allowed with user controls). By using a Register directive, the control is loaded from the DLL.
[edit] Rendering technique
ASP.NET uses a visited composites rendering technique. During compilation, the template (.aspx) file is compiled into initialization code which builds a control tree (the composite) representing the original template. Literal text goes into instances of the Literal control class, and server controls are represented by instances of a specific control class. The initialization code is combined with user-written code (usually by the assembly of multiple partial classes) and results in a class specific for the page. The page doubles as the root of the control tree.
Actual requests for the page are processed through a number of steps. First, during the initialization steps, an instance of the page class is created and the initialization code is executed. This produces the initial control tree which is now typically manipulated by the methods of the page in the following steps. As each node in the tree is a control represented as an instance of a class, the code may change the tree structure as well as manipulate the properties/methods of the individual nodes. Finally, during the rendering step a visitor is used to visit every node in the tree, asking each node to render itself using the methods of the visitor. The resulting HTML output is sent to the client.
After the request has been processed, the instance of the page class is discarded and with it the entire control tree. This is a source of confusion among novice ASP.NET programmers who rely on class instance members that are lost with every page request/response cycle.
[edit] State management
ASP.NET applications are hosted by a web server and are accessed using the stateless HTTP protocol. As such, if an application uses stateful interaction, it has to implement state management on its own. ASP.NET provides various functions for state management. Conceptually, Microsoft treats "state" as GUI state. Problems may arise if an application needs to keep track of "data state"; for example, a finite state machine which may be in a transient state between requests (lazy evaluation) or which takes a long time to initialize.
[edit] Application state
Application state is held by a collection of shared user-defined variables. These are set and initialized when the Application_OnStart event fires on the loading of the first instance of the application and are available until the last instance exits. Application state variables are accessed using the Applications collection, which provides a wrapper for the application state variables. Application state variables are identified by name.[9]
[edit] Session state
Server-side session state is held by a collection of user-defined session variables that are persisted during a user session. These variables, accessed using the Session collection, are unique to each session instance. The variables can be set to be automatically destroyed after a defined time of inactivity even if the session does not end. Client-side user session is maintained by either a cookie or by encoding the session ID in the URL itself.[9]
ASP.NET supports three modes of persistence for session variables:[9]
In-Process Mode
The session variables are maintained within the ASP.NET process. This is the fastest way; however, in this mode the variables are destroyed when the ASP.NET process is recycled or shut down.
ASPState Mode
ASP.NET runs a separate Windows service that maintains the state variables. Because state management happens outside the ASP.NET process, and because the ASP.NET engine accesses data using .NET Remoting, ASPState is slower than In-Process. This mode allows an ASP.NET application to be load-balanced and scaled across multiple servers. Because the state management service runs independently of ASP.NET, the session variables can persist across ASP.NET process shutdowns. However, since session state server runs as a single instance, it is still a single point of failure for session state. The session-state service cannot be load-balanced, and there are restrictions on types that can be stored in a session variable.
SqlServer Mode
State variables are stored in a database, allowing session variables to be persisted across ASP.NET process shutdowns. The main advantage of this mode is that it allows the application to balance load on a server cluster, sharing sessions between servers. This is the slowest method of session state management in ASP.NET.
[edit] View state
View state refers to the page-level state management mechanism, utilized by the HTML pages emitted by ASP.NET applications to maintain the state of the web form controls and widgets. The state of the controls is encoded and sent to the server at every form submission in a hidden field known as __VIEWSTATE. The server sends back the variable so that when the page is re-rendered, the controls render at their last state. At the server side, the application may change the viewstate, if the processing requires a change of state of any control. The states of individual controls are decoded at the server, and are available for use in ASP.NET pages using the ViewState collection.[10] [11]
The main use for this is to preserve form information across postbacks. View state is turned on by default and normally serializes the data in every control on the page regardless of whether it is actually used during a postback. This behavior can (and should) be modified, however, as View state can be disabled on a per-control, per-page, or server-wide basis.
Developers need to be wary of storing sensitive or private information in the View state of a page or control, as the base64 string containing the view state data can easily be de-serialized. By default, View state does not encrypt the __VIEWSTATE value. Encryption can be enabled on a server-wide (and server-specific) basis, allowing for a certain level of security to be maintained.[12]
[edit] Server-side caching
ASP.NET offers a "Cache" object that is shared across the application and can also be used to store various objects. The "Cache" object holds the data only for a specified amount of time and is automatically cleaned after the session time-limit elapses.
[edit] Other
Other means of state management that are supported by ASP.NET are cookies, caching, and using the query string.
[edit] Template engine
When first released, ASP.NET lacked a template engine. Because the .NET framework is object-oriented and allows for inheritance, many developers would define a new base class that inherits from "System.Web.UI.Page", write methods there that render HTML, and then make the pages in their application inherit from this new class. While this allows for common elements to be reused across a site, it adds complexity and mixes source code with markup. Furthermore, this method can only be visually tested by running the application - not while designing it. Other developers have used include files and other tricks to avoid having to implement the same navigation and other elements in every page.
ASP.NET 2.0 introduced the concept of "master pages", which allow for template-based page development. A web application can have one or more master pages, which, beginning with ASP.NET 3.5, can be nested.[13] Master templates have place-holder controls, called ContentPlaceHolders to denote where the dynamic content goes, as well as HTML and JavaScript shared across child pages.
Child pages use those ContentPlaceHolder controls, which must be mapped to the place-holder of the master page that the content page is populating. The rest of the page is defined by the shared parts of the master page, much like a mail merge in a word processor. All markup and server controls in the content page must be placed within the ContentPlaceHolder control.
When a request is made for a content page, ASP.NET merges the output of the content page with the output of the master page, and sends the output to the user.
After the release of Internet Information Services 4.0 in 1997, Microsoft began researching possibilities for a new web application model that would solve common complaints about ASP, especially with regard to separation of presentation and content and being able to write "clean" code.[1] Mark Anders, a manager on the IIS team, and Scott Guthrie, who had joined Microsoft in 1997 after graduating from Duke University, were tasked with determining what that model would look like. The initial design was developed over the course of two months by Anders and Guthrie, and Guthrie coded the initial prototypes during the Christmas holidays in 1997.[2]
Scott Guthrie (Microsoft Developer Division VP) in 2007
The initial prototype was called "XSP"; Guthrie explained in a 2007 interview that, "People would always ask what the X stood for. At the time it really didn't stand for anything. XML started with that; XSLT started with that. Everything cool seemed to start with an X, so that's what we originally named it."[1] The initial prototype of XSP was done using Java,[3] but it was soon decided to build the new platform on top of the Common Language Runtime (CLR), as it offered an object-oriented programming environment, garbage collection and other features that were seen as desirable features that Microsoft's Component Object Model platform didn't support. Guthrie described this decision as a "huge risk", as the success of their new web development platform would be tied to the success of the CLR, which, like XSP, was still in the early stages of development, so much so that the XSP team was the first team at Microsoft to target the CLR.
With the move to the Common Language Runtime, XSP was re-implemented in C# (known internally as "Project Cool" but kept secret from the public), and the name changed to ASP+, as by this point the new platform was seen as being the successor to Active Server Pages, and the intention was to provide an easy migration path for ASP developers.[4]
Mark Anders first demonstrated ASP+ at the ASP Connections conference in Phoenix, Arizona on May 2, 2000. Demonstrations to the wide public and initial beta release of ASP+ (and the rest of the .NET Framework) came at the 2000 Professional Developers Conference on July 11, 2000 in Orlando, Florida. During Bill Gates' keynote presentation, Fujitsu demonstrated ASP+ being used in conjunction with COBOL,[5] and support for a variety of other languages was announced, including Microsoft's new Visual Basic .NET and C# languages, as well as Python and Perl support by way of interoperability tools created by ActiveState.[6]
Once the ".NET" branding was decided on in the second half of 2000, it was decided to rename ASP+ to ASP.NET. Mark Anders explained on an appearance on The MSDN Show that year that, "The .NET initiative is really about a number of factors, it's about delivering software as a service, it's about XML and web services and really enhancing the Internet in terms of what it can do ... we really wanted to bring its name more in line with the rest of the platform pieces that make up the .NET framework."[4]
After four years of development, and a series of beta releases in 2000 and 2001, ASP.NET 1.0 was released on January 5, 2002 as part of version 1.0 of the .NET Framework. Even prior to the release, dozens of books had been written about ASP.NET,[7] and Microsoft promoted it heavily as part of their platform for web services. Guthrie became the product unit manager for ASP.NET, and development continued apace, with version 1.1 being released on April 24, 2003 as a part of Windows Server 2003. This release focused on improving ASP.NET's support for mobile devices.
[edit] Characteristics
[edit] Pages
.NET pages, known officially as "web forms", are the main building block for application development.[8] Web forms are contained in files with an ".aspx" extension; these files typically contain static (X)HTML markup, as well as markup defining server-side Web Controls and User Controls where the developers place all the required static and dynamic content for the web page. Additionally, dynamic code which runs on the server can be placed in a page within a block <% -- dynamic code -- %> which is similar to other web development technologies such as PHP, JSP, and ASP, but this practice is generally discouraged except for the purposes of data binding since it requires more calls when rendering the page.[citation needed]
Note that this sample uses code "inline", as opposed to code-behind.
<%@ Page Language="C#" %>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
[edit] Code-behind model
Microsoft recommends dealing with dynamic program code by using the code-behind model, which places this code in a separate file or in a specially designated script tag. Code-behind files typically have names like MyPage.aspx.cs or MyPage.aspx.vb while the page file is MyPage.aspx (same filename as the page file (ASPX), but with the final extension denoting the page language). This practice is automatic in Microsoft Visual Studio and other IDEs. When using this style of programming, the developer writes code to respond to different events, like the page being loaded, or a control being clicked, rather than a procedural walk through the document.
ASP.NET's code-behind model marks a departure from Classic ASP in that it encourages developers to build applications with separation of presentation and content in mind. In theory, this would allow a web designer, for example, to focus on the design markup with less potential for disturbing the programming code that drives it. This is similar to the separation of the controller from the view in model-view-controller frameworks.
[edit] Example
<%@ Page Language="C#" CodeFile="SampleCodeBehind.aspx.cs" Inherits="Website.SampleCodeBehind"
AutoEventWireup="true" %>
The above tag is placed at the beginning of the ASPX file. The CodeFile property of the @ Page directive specifies the file (.cs or .vb) acting as the code-behind while the Inherits property specifies the Class the Page derives from. In this example, the @ Page directive is included in SampleCodeBehind.aspx, then SampleCodeBehind.aspx.cs acts as the code-behind for this page:
using System;
namespace Website
{
public partial class SampleCodeBehind : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Write("Hello, world");
}
}
}
In this case, the Page_Load() method is called every time the ASPX page is requested. The programmer can implement event handlers at several stages of the page execution process to perform processing.
[edit] User controls
User controls are encapsulations of sections of pages which are registered and used as controls in ASP.NET. User controls are created as ASCX markup files. These files usually contain static (X)HTML markup, as well as markup defining server-side web controls where the developers place all the required static and dynamic content. A user control is compiled when its containing page is requested and is stored in memory for subsequent requests. User controls have their own events which are handled during the life of ASP.NET requests. An event bubbling mechanism provides the ability to pass an event fired by a user control up to its containing page. Unlike an ASP.NET page, a user control cannot be requested independently; one of its containing pages is requested instead.
[edit] Custom controls
Programmers can also build custom controls for ASP.NET applications. Unlike user controls, these controls don't have an ASCX markup file, having all their code compiled into a DLL file. Such custom controls can be used across multiple web applications and Visual Studio projects (which is not allowed with user controls). By using a Register directive, the control is loaded from the DLL.
[edit] Rendering technique
ASP.NET uses a visited composites rendering technique. During compilation, the template (.aspx) file is compiled into initialization code which builds a control tree (the composite) representing the original template. Literal text goes into instances of the Literal control class, and server controls are represented by instances of a specific control class. The initialization code is combined with user-written code (usually by the assembly of multiple partial classes) and results in a class specific for the page. The page doubles as the root of the control tree.
Actual requests for the page are processed through a number of steps. First, during the initialization steps, an instance of the page class is created and the initialization code is executed. This produces the initial control tree which is now typically manipulated by the methods of the page in the following steps. As each node in the tree is a control represented as an instance of a class, the code may change the tree structure as well as manipulate the properties/methods of the individual nodes. Finally, during the rendering step a visitor is used to visit every node in the tree, asking each node to render itself using the methods of the visitor. The resulting HTML output is sent to the client.
After the request has been processed, the instance of the page class is discarded and with it the entire control tree. This is a source of confusion among novice ASP.NET programmers who rely on class instance members that are lost with every page request/response cycle.
[edit] State management
ASP.NET applications are hosted by a web server and are accessed using the stateless HTTP protocol. As such, if an application uses stateful interaction, it has to implement state management on its own. ASP.NET provides various functions for state management. Conceptually, Microsoft treats "state" as GUI state. Problems may arise if an application needs to keep track of "data state"; for example, a finite state machine which may be in a transient state between requests (lazy evaluation) or which takes a long time to initialize.
[edit] Application state
Application state is held by a collection of shared user-defined variables. These are set and initialized when the Application_OnStart event fires on the loading of the first instance of the application and are available until the last instance exits. Application state variables are accessed using the Applications collection, which provides a wrapper for the application state variables. Application state variables are identified by name.[9]
[edit] Session state
Server-side session state is held by a collection of user-defined session variables that are persisted during a user session. These variables, accessed using the Session collection, are unique to each session instance. The variables can be set to be automatically destroyed after a defined time of inactivity even if the session does not end. Client-side user session is maintained by either a cookie or by encoding the session ID in the URL itself.[9]
ASP.NET supports three modes of persistence for session variables:[9]
In-Process Mode
The session variables are maintained within the ASP.NET process. This is the fastest way; however, in this mode the variables are destroyed when the ASP.NET process is recycled or shut down.
ASPState Mode
ASP.NET runs a separate Windows service that maintains the state variables. Because state management happens outside the ASP.NET process, and because the ASP.NET engine accesses data using .NET Remoting, ASPState is slower than In-Process. This mode allows an ASP.NET application to be load-balanced and scaled across multiple servers. Because the state management service runs independently of ASP.NET, the session variables can persist across ASP.NET process shutdowns. However, since session state server runs as a single instance, it is still a single point of failure for session state. The session-state service cannot be load-balanced, and there are restrictions on types that can be stored in a session variable.
SqlServer Mode
State variables are stored in a database, allowing session variables to be persisted across ASP.NET process shutdowns. The main advantage of this mode is that it allows the application to balance load on a server cluster, sharing sessions between servers. This is the slowest method of session state management in ASP.NET.
[edit] View state
View state refers to the page-level state management mechanism, utilized by the HTML pages emitted by ASP.NET applications to maintain the state of the web form controls and widgets. The state of the controls is encoded and sent to the server at every form submission in a hidden field known as __VIEWSTATE. The server sends back the variable so that when the page is re-rendered, the controls render at their last state. At the server side, the application may change the viewstate, if the processing requires a change of state of any control. The states of individual controls are decoded at the server, and are available for use in ASP.NET pages using the ViewState collection.[10] [11]
The main use for this is to preserve form information across postbacks. View state is turned on by default and normally serializes the data in every control on the page regardless of whether it is actually used during a postback. This behavior can (and should) be modified, however, as View state can be disabled on a per-control, per-page, or server-wide basis.
Developers need to be wary of storing sensitive or private information in the View state of a page or control, as the base64 string containing the view state data can easily be de-serialized. By default, View state does not encrypt the __VIEWSTATE value. Encryption can be enabled on a server-wide (and server-specific) basis, allowing for a certain level of security to be maintained.[12]
[edit] Server-side caching
ASP.NET offers a "Cache" object that is shared across the application and can also be used to store various objects. The "Cache" object holds the data only for a specified amount of time and is automatically cleaned after the session time-limit elapses.
[edit] Other
Other means of state management that are supported by ASP.NET are cookies, caching, and using the query string.
[edit] Template engine
When first released, ASP.NET lacked a template engine. Because the .NET framework is object-oriented and allows for inheritance, many developers would define a new base class that inherits from "System.Web.UI.Page", write methods there that render HTML, and then make the pages in their application inherit from this new class. While this allows for common elements to be reused across a site, it adds complexity and mixes source code with markup. Furthermore, this method can only be visually tested by running the application - not while designing it. Other developers have used include files and other tricks to avoid having to implement the same navigation and other elements in every page.
ASP.NET 2.0 introduced the concept of "master pages", which allow for template-based page development. A web application can have one or more master pages, which, beginning with ASP.NET 3.5, can be nested.[13] Master templates have place-holder controls, called ContentPlaceHolders to denote where the dynamic content goes, as well as HTML and JavaScript shared across child pages.
Child pages use those ContentPlaceHolder controls, which must be mapped to the place-holder of the master page that the content page is populating. The rest of the page is defined by the shared parts of the master page, much like a mail merge in a word processor. All markup and server controls in the content page must be placed within the ContentPlaceHolder control.
When a request is made for a content page, ASP.NET merges the output of the content page with the output of the master page, and sends the output to the user.
Wednesday, November 11, 2009
What You Need to Get Started
What You Need to Get Started
Once the CodeCharge Studio setup is complete you are almost ready to start generating and viewing dynamic database driven web pages. To use CodeCharge Studio to produce web applications you will need the following:
Database
CodeCharge Studio works in concert with a database, which should be put in place before creating an application with CodeCharge Studio. If you have a Windows web server, the database is usually MS Access or MS SQL. If your production web server is hosted on Linux, Sun, or another UNIX flavor, then you will most likely use the popular and free database-MySQL. Although MySQL can be accessed remotely you can also install it locally on your Windows computer for testing your programs.
Test Web Server
The test web server is usually installed on the same desktop computer as CodeCharge Studio. It is used to test web pages during the web application development process. For example, when you create a new page go to Live Page to see how it works; CodeCharge Studio will generate and open the web page. You can use an externally hosted web server for testing but it's much quicker to generate programs to your local hard drive and then have a local web server run them.
Obtaining a web server is quite easy since many Windows operating system come with free IIS, while PWS (Personal Web Server) is also freely available for Windows 95, 98 and Me. Refer to "Web Servers" for more information.
Note: Some organizations also use a staging web server that allows end-users or customers to perform the final testing before approving the launch of the site. This also gives developers the ability to continue making changes and testing on the test web server. A staging web server is especially useful if there is already an existing live web site that you don't want to replace until your customer or users approve the new web site.
Production or Live Web Server
This is the main web server where you will publish your final application.
In some cases this can be the same server as the test Web Server; in most cases you'd have a separate, externally hosted Web server that is publicly accessible. There are various web hosting companies that offer Windows-based web hosting from anywhere between $10 and $50 (or more for advanced needs).
Scripting Engine
Scripting Engines, such as ASP or PHP, are usually pre-installed on most systems that have a web server. If you use a web hosting service it consists of a web server and one or more scripting engines. Check with your web hosting provider to obtain the list of supported web technologies or refer to "Choosing Web Technology" if you need help making this decision.
Once the CodeCharge Studio setup is complete you are almost ready to start generating and viewing dynamic database driven web pages. To use CodeCharge Studio to produce web applications you will need the following:
Database
CodeCharge Studio works in concert with a database, which should be put in place before creating an application with CodeCharge Studio. If you have a Windows web server, the database is usually MS Access or MS SQL. If your production web server is hosted on Linux, Sun, or another UNIX flavor, then you will most likely use the popular and free database-MySQL. Although MySQL can be accessed remotely you can also install it locally on your Windows computer for testing your programs.
Test Web Server
The test web server is usually installed on the same desktop computer as CodeCharge Studio. It is used to test web pages during the web application development process. For example, when you create a new page go to Live Page to see how it works; CodeCharge Studio will generate and open the web page. You can use an externally hosted web server for testing but it's much quicker to generate programs to your local hard drive and then have a local web server run them.
Obtaining a web server is quite easy since many Windows operating system come with free IIS, while PWS (Personal Web Server) is also freely available for Windows 95, 98 and Me. Refer to "Web Servers" for more information.
Note: Some organizations also use a staging web server that allows end-users or customers to perform the final testing before approving the launch of the site. This also gives developers the ability to continue making changes and testing on the test web server. A staging web server is especially useful if there is already an existing live web site that you don't want to replace until your customer or users approve the new web site.
Production or Live Web Server
This is the main web server where you will publish your final application.
In some cases this can be the same server as the test Web Server; in most cases you'd have a separate, externally hosted Web server that is publicly accessible. There are various web hosting companies that offer Windows-based web hosting from anywhere between $10 and $50 (or more for advanced needs).
Scripting Engine
Scripting Engines, such as ASP or PHP, are usually pre-installed on most systems that have a web server. If you use a web hosting service it consists of a web server and one or more scripting engines. Check with your web hosting provider to obtain the list of supported web technologies or refer to "Choosing Web Technology" if you need help making this decision.
Choosing Web Technology
Choosing Web Technology
Making technology choices is one of the most difficult and critical decisions facing any organizations. After the web application is built future developments may require that the application to be converted to another programming language or integrated with software that utilizes a different technology. CodeCharge Studio makes it easier to convert a web application created with it from one language to another.
Technology decisions are often based on the available budget, the operating system preference and available database. Here we describe how these factors influence your decision. Note that the following subsections are meant for informative purposes to those who are new to web development and do not yet have a technology preference. The final decision is up to you and you should always perform proper research before making long-term decisions.
Cost
If you're looking for the most inexpensive solution then you've probably heard that Linux with the Apache web server, MySQL database, and PHP scripting engine can be obtained and installed for free. This is also the technology of choice for many small web sites, though it is also used with large web projects, such as parts of the Yahoo web site. Some flavors of Java for Linux can also be obtained at no cost, as well as PERL.
Another popular alternative is Windows with IIS and MS Access running ASP or .NET programs. This environment can be installed at a cost below $500, but at some point you could outgrow MS Access as it is a limited database sufficient for a small number of users. The CodeCharge community Website, http://www.gotocode.com successfully used MS Access for over a year. However, we found that the server occasionally crashed when more than 10 users submitted information at exactly the same time. Thus the recommended alternative for Windows users is to use MS SQL database, although this brings the cost of the system to over $1,000 and even much more if you plan on implementing a scalable, multi-server solution. If you're willing to spend the extra money then you can also consider obtaining ColdFusion or Java for either Linux or Windows.
If you do not require to have your own dedicated server, then you can easily find many web hosting companies that offer both Linux and Windows Web hosting plans for anywhere between $10 and $50, or more, for advanced needs. The price usually covers support for a variety of technologies, including PHP, Java, PERL, and ColdFusion for the Linux platform as well as ASP, .NET, Java, and ColdFusion for the Windows platform.
Operating System Preference
If you love the Linux operating system or your management requires the use of Linux for web hosting then you are most likely to use the Apache web server and a MySQL database running PHP, Java, or ColdFusion applications. Choose PHP if you're new to the web and do not have specific requirements. Otherwise, if you need to make a long-term decision, then it is important that you research all available technologies.
If you prefer the Windows operating system, or Windows is your organization's standard, then you'll most likely use it with the IIS web server and MS SQL database running ASP or .NET (C# or VB) programs. Choose ASP if you need a technology that is easy to understand and learn, but keep in mind that Microsoft's current focus is on .NET technologies, thus you should strongly consider using it sooner rather than later. It is also possible that ASP will be slowly phased out and not available in future versions of Windows. If you're already familiar with any object-oriented technologies, then .NET is probably the best choice for you anyway. C# is derived from C++, while VB.NET is derived from Visual Basic but adapted to support object-oriented programming constructs similar to C#.
Database
If you already have an existing database and want to create a web interface for it, then your technology decision may be related to the type of database. For example, if you use a Windows compatible database, such MS Access or MS SQL, you should probably consider using the ASP or .NET technology on a Windows-hosted IIS server.
If your existing database is MySQL, then you are probably already familiar with Linux and you may want to consider using it with PHP. If you do not have a database yet, then you should first become familiar with the database concepts and create your database for use with CodeCharge Studio. Choose MS Access if a visual interface and ease of use is important to you, or choose MySQL if you need better scalability and don't mind learning a little bit of SQ
Making technology choices is one of the most difficult and critical decisions facing any organizations. After the web application is built future developments may require that the application to be converted to another programming language or integrated with software that utilizes a different technology. CodeCharge Studio makes it easier to convert a web application created with it from one language to another.
Technology decisions are often based on the available budget, the operating system preference and available database. Here we describe how these factors influence your decision. Note that the following subsections are meant for informative purposes to those who are new to web development and do not yet have a technology preference. The final decision is up to you and you should always perform proper research before making long-term decisions.
Cost
If you're looking for the most inexpensive solution then you've probably heard that Linux with the Apache web server, MySQL database, and PHP scripting engine can be obtained and installed for free. This is also the technology of choice for many small web sites, though it is also used with large web projects, such as parts of the Yahoo web site. Some flavors of Java for Linux can also be obtained at no cost, as well as PERL.
Another popular alternative is Windows with IIS and MS Access running ASP or .NET programs. This environment can be installed at a cost below $500, but at some point you could outgrow MS Access as it is a limited database sufficient for a small number of users. The CodeCharge community Website, http://www.gotocode.com successfully used MS Access for over a year. However, we found that the server occasionally crashed when more than 10 users submitted information at exactly the same time. Thus the recommended alternative for Windows users is to use MS SQL database, although this brings the cost of the system to over $1,000 and even much more if you plan on implementing a scalable, multi-server solution. If you're willing to spend the extra money then you can also consider obtaining ColdFusion or Java for either Linux or Windows.
If you do not require to have your own dedicated server, then you can easily find many web hosting companies that offer both Linux and Windows Web hosting plans for anywhere between $10 and $50, or more, for advanced needs. The price usually covers support for a variety of technologies, including PHP, Java, PERL, and ColdFusion for the Linux platform as well as ASP, .NET, Java, and ColdFusion for the Windows platform.
Operating System Preference
If you love the Linux operating system or your management requires the use of Linux for web hosting then you are most likely to use the Apache web server and a MySQL database running PHP, Java, or ColdFusion applications. Choose PHP if you're new to the web and do not have specific requirements. Otherwise, if you need to make a long-term decision, then it is important that you research all available technologies.
If you prefer the Windows operating system, or Windows is your organization's standard, then you'll most likely use it with the IIS web server and MS SQL database running ASP or .NET (C# or VB) programs. Choose ASP if you need a technology that is easy to understand and learn, but keep in mind that Microsoft's current focus is on .NET technologies, thus you should strongly consider using it sooner rather than later. It is also possible that ASP will be slowly phased out and not available in future versions of Windows. If you're already familiar with any object-oriented technologies, then .NET is probably the best choice for you anyway. C# is derived from C++, while VB.NET is derived from Visual Basic but adapted to support object-oriented programming constructs similar to C#.
Database
If you already have an existing database and want to create a web interface for it, then your technology decision may be related to the type of database. For example, if you use a Windows compatible database, such MS Access or MS SQL, you should probably consider using the ASP or .NET technology on a Windows-hosted IIS server.
If your existing database is MySQL, then you are probably already familiar with Linux and you may want to consider using it with PHP. If you do not have a database yet, then you should first become familiar with the database concepts and create your database for use with CodeCharge Studio. Choose MS Access if a visual interface and ease of use is important to you, or choose MySQL if you need better scalability and don't mind learning a little bit of SQ
Architecture of Web Applications
Architecture of Web Applications
In general, web applications use the client/server architecture (i.e., two-tier) where the browser acts as a thin client. The three-tier architecture is becoming more popular and even necessary when implementing enterprise systems that require better scalability.
Application Servers
An application server is the middle tier in the three-tier architecture. Application servers process the business logic on the Web server and communicate between the web browser and the database or another system.
Web Services
Web Services are programs that do not output information to the screen or Web browser but instead send the output to other programs in the form of XML. They do not take input from users via the keyboard, but rather read the information sent to them by other Web services in XML format. Web services allow programs to exchange information across the internet and run remote applications as part of a local software system.
Cookies
Cookies are small amounts of data sent by a program to the browser and stored on the user's machine to be retrieved later. They are usually used to recognize users who come back to visit the same Website after several hours, days or months.
Session Variables
Session variables are similar to standard local variables, but are used to store information that can be retrieved by other pages during the course of a user session. Session variables usually store information in a special session file on the server. You would usually create a session variable to store the ID of users when they log in. In fact, the action of logging in often consists of creating a session variable by the server program.
Application Variables
Application variables are also available to all pages in one Web application. They can be accessed by all users, not just the current session. They are cleared when the server is restarted.
GET and POST methods
When you create Web pages that contain data entry fields, the fields should appear between the tags which make up a form. The form tag has additional attributes, one of them being Method="GET" or Method="POST". This method indicates how the information entered on the form should be submitted to the server when the user clicks the "Submit" button. The "POST" method causes the information to be sent via a data stream, invisible to the user. If "GET" method is used, the browser will redirect the page to a new URL, which will be constructed from the base URL (also specified by a form parameter), followed by a question sign (?) and all form information separated by an ampersand sign (&).
For example, if a form asks the user to provide the first name and the last name, after submitting the form, the user would be redirected to a URL like this one: http://www.mysite.com/page1.asp?first_name=James&last_name=Bond.
Users can manually emulate form submission by entering a URL into their browser that contains information similar to the one submitted via a form. The server program that is being executed should accept and process only the information that it uses. ________________________________________
In general, web applications use the client/server architecture (i.e., two-tier) where the browser acts as a thin client. The three-tier architecture is becoming more popular and even necessary when implementing enterprise systems that require better scalability.
Application Servers
An application server is the middle tier in the three-tier architecture. Application servers process the business logic on the Web server and communicate between the web browser and the database or another system.
Web Services
Web Services are programs that do not output information to the screen or Web browser but instead send the output to other programs in the form of XML. They do not take input from users via the keyboard, but rather read the information sent to them by other Web services in XML format. Web services allow programs to exchange information across the internet and run remote applications as part of a local software system.
Cookies
Cookies are small amounts of data sent by a program to the browser and stored on the user's machine to be retrieved later. They are usually used to recognize users who come back to visit the same Website after several hours, days or months.
Session Variables
Session variables are similar to standard local variables, but are used to store information that can be retrieved by other pages during the course of a user session. Session variables usually store information in a special session file on the server. You would usually create a session variable to store the ID of users when they log in. In fact, the action of logging in often consists of creating a session variable by the server program.
Application Variables
Application variables are also available to all pages in one Web application. They can be accessed by all users, not just the current session. They are cleared when the server is restarted.
GET and POST methods
When you create Web pages that contain data entry fields, the fields should appear between the tags which make up a form. The form tag has additional attributes, one of them being Method="GET" or Method="POST". This method indicates how the information entered on the form should be submitted to the server when the user clicks the "Submit" button. The "POST" method causes the information to be sent via a data stream, invisible to the user. If "GET" method is used, the browser will redirect the page to a new URL, which will be constructed from the base URL (also specified by a form parameter), followed by a question sign (?) and all form information separated by an ampersand sign (&).
For example, if a form asks the user to provide the first name and the last name, after submitting the form, the user would be redirected to a URL like this one: http://www.mysite.com/page1.asp?first_name=James&last_name=Bond.
Users can manually emulate form submission by entering a URL into their browser that contains information similar to the one submitted via a form. The server program that is being executed should accept and process only the information that it uses. ________________________________________
Subscribe to:
Posts (Atom)