Course

: Web Database
Effective Period : September 2015

Web Database
Web database implementation

Web database implementation

Acknowledgement
These slides have been adapted from:
Prigmore, Martyn. 2008. An Introduction to
Databases with Web Application. Pearson
Canada. ISBN:978-0-321-26359-9
Chapter 4

Outline
Web database implementation using HTML
Web database implementation using php

Bina Nusantara University

 Web database implementation using HTML

HTML forms are the obvious
way to gather data from the
end user and pass it to the
web server for processing. An
HTML form can have a
number of controls. Figure 1
shows a very simple HTML
form, displayed in the Firefox
web browser.

Illustrating the use of HTML forms and the HTTP GET method.
(a) A simple HTML form to gather data and submit it for
5
processing

To begin with, a simple

stub program is often
written to allow the
HTML form to
be tested without the
need to connect to the
DBMS. This stub
program accepts the
data from the HTML
form, then simply
generates an
appropriate message. Illustrating the use of HTML forms and the HTTP GET
Figure 2 shows a typical
method. (b) The response from the web server when
the Submit Query button is clicked on
stub program response.

The SurnameSearch.html file.

In XHTML1.1, all tags must be written with lower-case letters,

so using the tags
<HTML> ... </HTML> to delimit (that is, mark the start and
end of) the html element is not valid XHTML1.1.
Every html element contains two other elements. The
head element starts in line 4 with the <head> start tag
and ends in line 7 with the </head> end tag. The body
element starts in line 8 with the <body> start tag and
ends in line 27 with the
</body> end tag.
These three elements html, head and body define
the basic structure of any HTML document.
These three elements html, head and body define
the basic structure of any HTML document.
8

In XHTML all elements must have an end tag. Strictly

speaking, the correct form for the meta tag in line 5 is:
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8"> </meta>

However, requiring web authors to type end tags for empty

elements goes against human nature, so the W3C included
the shortened form in the XHTML specification:
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8" />

 Web database implementation using php

The script begins with a

section of PHP code,
between the <?php in
line 1 and the ?>in line
19.

First draft of a PHP

script to accept data
from the
SurnameSearch.html
form.

10

When a PHP script

accepts data from an
HTML form, there is no
guarantee that the
data entered is the sort
of data the PHP script
expects
Two unfortunate web pages generated by
SearchStub.php. (a) The web page generated
when the user leaves the surname box blank

A more serious problem occurs when the user deliberately sets

out to hack a web application. Next Figure shows what
happens when the user enters the text:
<script>alert("Ha!");</script>

Two unfortunate web pages generated by SearchStub.php. (b)

The result of malicious data entered into an HTML form

The statement shown in Figure Below is intended to

highlight the structure of the PHP if ... else ... statement.
Neither the condition, nor the statements in the two code
blocks are valid PHP. It isnt possible just to write English
sentences as the PHP application server will not understand
them.

The PHP if statement

First comes the data type of the value returned by the

function, then
the functions name. The parameters are presented as a
comma separated list enclosed in parentheses.

PHP function description

Figure Below shows the HTML form that gathers marks for an
individual
student. Notice that each assignment has a maximum mark.
In the example
shown, the assignment is marked out of 80 rather than 100.
This means that the PHP script should convert the mark into
a percentage before saving it in the database.

The HTML form used to enter a students mark into the assessment system

PHP provides a range of facilities to allow web database

developers to retrieve data from a database and merge this
dynamic content with static content on a web page
Figure Below shows the architecture of a typical web database
application.

A three-tier web database application

There are six steps to querying a database from a PHP script:

1.
2.
3.
4.
5.
6.

Open a connection to the DBMS

Specify which database to use
Pass a database query to the DBMS and capture the result set
Fetch the rows from the result set for processing
For each row, display the data retrieved
Close the connection to the DBMS.

The PHP foreach statement

The web page generated by Version 1.0 of SurnameSearch.php

Using a PHP while statement to loop through an SQL result

set always follows this pattern:
1 fetch the first row from the result set into a variable
2 while this variable actually holds a row of data:
(a) display the data
(b) fetch the next row from the result set.

The PHP while statement

The keyword for is followed by three expressions, in parentheses.

The first declares a loop counter, which is a variable that
indicates the number of times the code block has been executed.
\
The second indicates when to stop typically, this states that
the loop counter must be less than a fixed value.
The third indicates how much to increase the loop counter by
when the
code block has been executed, which usually is 1.

The PHP for statement