PHP for Backend Web Applications

Posted on by

Web Applications

It is reasonable to consider any website, whose functionality is entirely carried out by the client machine, to be a webpage. Alternatively, any website which requires communication with the server, after requesting a new page to display, could be considered a web application. PHP is one programming language which can be used on a web server in order to support web application functionality.

How PHP Works

With regard to web applications, a PHP environment is installed after a web server environment has been configured on the system. This allows a web server to parse PHP, along with performing its other duties.

For example, getting an Apache web server to use PHP is possible because the creators of PHP made an apxs (Apache eXtenSion) compatible module for the language. The module is used during the server environment set-up, after Apache is installed and while the PHP environment is being installed. For this type of use-case, the PHP install relies on the installed Apache data already being present on the server.

 

NOTE: PHP is an interpreted language, it is a scripting language, so the PHP environment being referred to is the PHP interpreter. PHP does not have to be used with Apache for backend functionality with web applications, but that is a popular use.

 

PHP functionality, for web applications, includes CGI-type functionality and CLI-type functionality. CGI-type functionality has to do with a web server serving web pages. In this case, PHP is a Hypertext Preprocessor. The PHP script alters HTML markup before it is served to the client.

Another functionality is the CLI-type. This functionality allows the client to access information on the server, different from getting a new webpage to be displayed. An example would be a client web browser sending client-side data to the server for processing and then being given results to handle (on the modern Internet, Web 2.0+, almost all websites have web application functionality).

 

PHP as a CGI-type Script

In the following code sample, PHP is used to assist in creating some of the textual components of an HTML file.

When a server serves a file, if it is set up to parse PHP, then the PHP code is executed by the server, and the file’s data is altered, before it is sent out to the client – a sort of pre-processing (PHP: Hypertext Preprocessor).

In this example, the code between the PHP script tags ‘<?php’ and ‘?>’ potentially creates a raw HTML redirect header, depending on whether or not a certain session variable was set at the time of preprocessing.

In the code, this is done by first alerting the server that there may be an active session ‘session_start()’ and giving the script access to the PHP session variables. If a session variable “admin” has the value null (the value would be null if it didn’t exist, if it were not set in the current session) then the website being served would have an HTML header which redirects to ‘oops.html’. Otherwise, if that variable were not null, then the header would not be included.

The point of this snippet in the admin.php file is to ensure that a user cannot try to access this admin page by typing its URL into the browser. Another part of this project has a login page, which upon admin authentication, creates the necessary admin session for this page, and then redirects here. The login page creates the session by POST’ing to a CLI-type PHP script.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
<!-- FILE: admin.php

     DATE: 11/28/2017

     AUTHOR (Revision Table):

            Alexander DeForge:: initial document (11/28)

            Alexander DeForge :: implemented php to redirect if not arrived at from login page (index.html) (12/14)

            Alexander DeForge :: added onbeforeunload and logout button (12/15)

     PURPOSE: HTML markup for Admin View in HR webapp

-->

<!DOCTYPE html>

<head>

<?php

            // continue and close the admin session, if applicable, otherwise redirect to the error page

            session_start();

            if ($_SESSION["admin"] == null) {

                        session_destroy();

                        header("Location: [somewhere on my server]/oops.html");

                        exit();

            }

            session_destroy();

?>

<meta charset="UTF-8">

<title>Administrator View</title>

</head>

<body>

            <main role="main">

              <div class="container-fluid">

                        <div class="row">

                                    <div class="col-md-12, mx-auto">

.

.

.

 

NOTE: PHP code is not served by the web browser. ‘Inspecting source’ or similar web browser functionalities to analyze the code running on your client web browser will not show the PHP code used to preprocess that webpage.

 

PHP as a CLI-type Script

This CLI-type of PHP script is pure PHP and its functionality is not necessarily web specific. When used for web applications, it is in scripts like these that features such as interacting with a database on the server is accomplished.

In this example, the client sends search data, typed into its web browser by the user, to this script on the server. This script interacts with the server’s database and returns the results to the client’s web browser.

A jQuery POST statement, in a JavaScript file running on the client’s machine, POST’s client data to the search_handler.php file. Then the search_handler.php interacts with a MySQL database (via a PHP database object that was written using the mysqli API) and returns (echo’s) the results to the calling script. The jQuery POST statement is the calling script and handles these results in the form of a JavaScript callback function.

A JSON object of search terms is sent to the server and a JSON object of results is sent back to be displayed.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
<?php

/*

FILE: search_handler.php

DATE: 12/6/2017

REVISION TABLE:

Alexander DeForge :: capture POST data and parse into arrays (12/6)

Alexander DeForge :: implement employee and database classes

Alexander DeForge :: implemented functionality to search for employee names and id's based off of search criteria (12/14)

PURPOSE: handle POST data from admin.html via admin.js

and query database for basic data from matches,

the basic data includes a key which is used

to query the full data on that entry

*/

require_once("class.database.php");

require_once("class.employee.php");

$db = new database();

$emp = new employee();



$srch = $_POST;

$results = $emp->searchEmployees($db,$srch["names"],$srch["addresses"],$srch["phones"],$srch["salaries"],$srch["ptobalances"],$srch["demographics"],$srch["notes"]);

echo json_encode($results);

?>

 

NOTE: Anything a web browser runs is visible to that web browser and that user. Hard-coded filenames for files on the server (say, in a JavaScript file as the target for a POST) are visible even if their contents are not readily accessible.

Wrapping Up

PHP is a programming language which has modules that make it compatible with various web server applications (such as Apache). For web applications, the code that the server parses acts as instructions for how to pre-process the served HTML file. If the file is purely a script, however, it is executed, and then the server serves the results back to the client.

Leave a Reply

Your email address will not be published. Required fields are marked *