Tutorial
HTTP and HTML Forms
Before start learning PHP or other server-side scripting languages, you must know how do the browser and server transmit information over the HTTP (HyperText Transfer Protocol) and how the form data are extracted.
When you typed a HTTP URL into the address bar, for example, http://www.example.com/index.html . The browser will send a request to www.example.com over your computer’s network. The request will contain many headers telling the browser’s information and which page to request. The request will look like this:
GET /index.html [The browser wants the page index.html] Host: www.example.com [The hostname on the address bar] User-Agent: Mozilla/10.0 Firefox 5.2.5 [Your browser's identifier] Accept: text/html [Your browser is looking for text/html (HTML) document] Cookie: AAA=BBB; CCC=DDD; [Your cookies]
Then the server will parse the request and respond with the content of the page.
HTTP/1.1 200 OK [200 OK means the request is successful] Date: Tue, 15 Nov 1994 08:12:31 GMT [Time on the server] Content-Type: text/html [The type of the document, text/html is the MIME type for HTML] [After one empty line, the content of the page is outputted] <html><head><title>Example Web page</title></head> [......]
Please note that the [bracketed text] are explanations I added.
There are many more HTTP headers, I’m not going to teach you all of them, you can read more at http://en.wikipedia.org/wiki/List_of_HTTP_headers.
When you submitted a HTML form, some additional information will be added to request headers. There are two (and some rare ones such as PUT and DELETE) types of HTTP requests, GET and POST. When you clicked “Search” on Google, you will send a GET request to Google’s server and you will be taken to a result page. You can bookmark the result page, and the search query will appear in the URL (look at the address bar: “http://www.google.com/search?hl=en&q=SEARCH QUERY STRING“), that means the search form’s values appeared in the URL.
POST request is different. The form values do not show up on the URL. Instead, they show up inside the headers. You cannot bookmark a form result of a POST form. Normally, GET requests are used for GETting something, such as searching. Side effects, such as registration, purchase, transaction are sent as POST requests. If you submitted a POST form and you tried to refresh the page, the browser will say “Re-submit form data?”. If you clicked Yes, you will re-purchase something, performed a transaction twice, or anything else.
The form’s method is determined by the <form>’s method attribute, and the form’s target is determined by the action attribute. Set action to “#” if the target of the form is the form itself. Here is an example registration form.
<!-- Starts a new HTML form. The method is POST because a registration is a side effect, and you don't bookmark a registration form result. --> <form action="register.php" method="POST"> <div> <!-- A text field, its name, its value will be sent to the server under the name of 'username'. so the server will access it like $_POST['username'], Request.post['username'] depending on the type of the server software. --> Username: <input type='text' name='username' value='' /><br /> <!-- A password field that does not show up what the user typed. (it will only show "*********") A password field acts like a text field. --> Password: <input type='password' name='password' /><br /> <!-- A radio button. the name will determine the radio button group. The value will determine the value to be sent when it was selected. The checked attribute tells the browser if it should be selected by default. --> Gender: <input type='radio' name='gender' value='male' checked='checked'> Male <input type='radio' name='gender' value='female'> Female<br /> <!-- Submit button submits the form (duh) --> <input type='submit' value='Submit' name='Submit' /> <!-- There are many other types of form controls, such as drop-down, image buttons, lists, they all have a name and value attribute. Please go back to the HTML tutorial you've read to learn more about other form controls. --> </div> </form>
The form values will be included in the request, and the server will read it and take action. It will either register you, or send you back and show an error message.
Here is a pseudocode that will show how the server will handle the form.
// Request.post is all values from a POST request.
// check if the submit button was clicked. (the button's name is 'Submit')
if (Request.post.has('Submit')) {
// validate form
if (!(Request.post.has('username') || Request.post.has('password') || Request.post.has('gender'))) {
output ('<p>You must fill ALL form fields correctly.</p>');
} else {
// register user
registerUser(Request.post['username'], Request.post['password'], Request.post['gender']);
output ('You are registered.')
}
}
Cookies are used to store information to the browser (and they will be read by the server). On Google.com, you can click “Preferences” to change the search preferences, then, the preferences will be saved to your browser (only if cookies are enabled in your browser). The cookies are passed to the server by the Cookie HTTP header and the server will send the Set-Cookie HTTP header to tell the browser to set the cookie. Cookies can expire, determined by the expiry date when the cookie was set.
When you log in to a website, what keeps you logged in? Cookies. The server tells the browser to set the cookie containing the login information or session identifier to keep you logged in. On most login-enabled sites, there is a “Remember Me” option. Most of the sites will make the cookie never expire if you choose “Remember Me”.
More about Spambots
I killed one spambot, it spammed on other blogs, and they didn’t realize it was a spam.
That type of blog spambot does not say gibberish, in fact, they say polite and positive stuff such as:
- “Greetings, Nice blog! I want to see more. Bye!“
- “I’m going to bookmark it! Bye! Have A Nice Day!“
- “Joe liked your blog, so he linked to your blog, please link to us please! Goodbye!“
They are not real, they are made-up.
The suspected spam are highlighted in bold. You don’t see any links in the comment, but look at the link target in the username, and that spambot seems like a returning visitor, and it keep having different link in its username. Also, spambots change its IP, the weird thing is: it doesn’t change its username.
The main weakness of spambot is Google, you Google the phrase of spam comments and you can see identical phrases are showing on other blogs.
Some spam can be funny:
- “hello , my name is Richard and I know you get a lot of spammy comments ,
I can help you with this problem . I know a lot of spammers and I will ask them not to post on your site. It will reduce the volume of spam by 30-50% .In return Id like to ask you to put a link to my site on the index page of your site. The link will be small and your visitors will hardly notice it , its just done for higher rankings in search engines. Contact me icq 454528835 or write me tedirectory(at)yahoo.com , i will give you my site url and you will give me yours if you are interested. thank you”
Most spambots do not mention “spam”, but this one does.
The lowercase ‘h’ (and other words that are marked italic) makes it look like a human-posted comment. - “This comment was posted automatically using Blog Comment Poster. Check out its site to learn more and start building backlinks to your websites today.”
How stupid and unprofessional. EPIC FAIL.
They are real comments, I found them in http://justaddwater.dk/2007/09/06/spam-commenters-are-wasting-brainpower/
In conclusion, that type of spambots confuse newbies but cannot escape from pros.
They are designed to:
- Bypass spam filter, because it does not contain links in comment
- Make blog owner happy, so it won’t get deleted.
- If search engine was not affected, blog users will.
- Dynamic IP address.
- Funny.
However, they have the following flaws:
- Same username over and over again.
- Same phrase on different blogs, so you can Google the spam pharse to see if it is spam.
- Almost every spambots do not say “I’m not a spambot!”.
- They do not reply to comments.
- They are stupid.
- On a political blog, they go off topic.
- They don’t talk about spam, except that one I mentioned.
- Epic fail at some spam comments.
Anti-spam software, Akismet can help to prevent that type of spam, however, some people reported there are false positives and false negatives, some people said a reputation system is better (“if the link target is good/bad, then …”).
Spambots cannot be blocked 100%, but if you take at least a little action, you can block 99% of spam.
Basic Linux BASH Scripting Tutorial
If you are using Linux, are you frustrated about the terminal? You copied and pasted commands from other forums, and it may or may not work, however, it is important to learn how to script.
I’m not teaching you how to fix your computer, I’m teaching you the syntax of BASH.
A command will be some strings seperated by spaces such as this:
$ echo "Hello, world!"
(please note, don’t type the $ before the command, it just the input prompt sign like [user@host]$)
This will run the program echo with string Hello, world! (without the quotes) as the first command line argument. The quotes will not be part of the command line argument, because it is a token.
What is a command line argument? It is a string that passed to a program to tell the program what you are doing. The command echo takes infinity amount of arguments and print them separated by spaces.
You don’t need quotes to enclose command line arguments if they are words such as hello, but you may need to if it contains operators such as brackets, semicolons, or other signs.
You can define variables in BASH, the variable will disappear after the end of the session unless you export it. To define a variable, put an identifier on the left side and the value on the right side.
$ A="A string"
There should be no whitespaces between the equal sign.
After you defined a variable, you can reference it by using the dollar sign($).
$ echo $A
It outputs “A string”.
Double quotes can interpolate variables, it means you can use dollar sign in double-quoted strings like this:
$ echo "The value is $A"
If you want to display a literal dollar sign, use single quotes or escape sequence. The character for escape sequence is backslash().
$ echo "This is a dollar sign: $"
or
echo 'This is a dollar sign: $'
If you want to display backslash, simply use double backslash like “\” in double-quoted string or you don’t need it at all for “=” or other invalid escapes. You can use backslashes to escape unquoted strings such as spaces.
$ cd /media/AAA/Program Files/
There is a backslash before the space, so it will not be separated into 2 arguments.
By the way, the cd command changes the working directory.
Most commands has help feature, add a –help after command to see help message.
Some useful commands includes ls, grep and cat. ls and dir lists all entries in the working directory, cat prints content of a file(or from standard input), grep takes a regular expression and an optional filename, and it outputs lines that matches the regular expression.
An example use of grep will be like this:
$ grep 03-01 log.txt 2009-03-01 5:00: ............. 2009-03-01 6:13: ........... 2009-03-01 9:12: ........
The first argument of grep is the regular expression of be matches, the second one is the filename of input file, it is optional, if there is no input file, the program will ask you to input and repeats your input if that string has a match. An example of grep session is like this:
$ grep file ABCDEFG filename filename test a
To end the program, type Ctrl+D to insert End-of-File(EOF) or Ctrl+Z to terminate.
However, you can input and output from a different stream, that is called redirection.
$ php test.php | grep "1 + 1" 1 + 1 = 2 15 - 1 + 1 = 15 35 / 1 + 1 = 36
That command may be hard to understand, that is where redirection is used.
To understand redirection, you must understand the input and output streams.
A program opens three streams, standard input (stdin), standard output (stdout), and standard error (stderr).
When standard input is being read, the terminal will pause and ask you to input, you can type something with keyboard and press Enter. Standard input is normally be read, not written.
Standard output and standard error are two output streams, when they are written, new text will be shown to the terminal. stderr is used for error messages, and some programs highlights stderr red or they ignore stderr completely.
Program can open/close other streams such as file streams.
You can see the diagram in http://en.wikipedia.org/wiki/File:Stdstreams-notitle.svg .
Let’s go back to that command:
$ php test.php | grep "1 + 1"
The output of command php will be redirected as input of command grep.
The < and > operator controls input and output with files. > operator redirects and appends output to a file. For example, the following command line appends output of command ls to filename output.txt.
$ ls > output.txt
The >> operator will overwrite the file.
$ ls >> output.txt
The < operator puts a file’s content as input of a file.
The following command finds all TODO from file test.c
$ grep TODO < test.c
Of course, you can use cat and vertical pipe.
$ cat test.c | grep TODO
Many C/C++ programmers do that to find TODO, FIXME, XXX markers.
I will put some more complex and useful command here.
$ cat file.js | js | grep 180 | less
First, it puts contents of file.js as input to command js (a JavaScript interpreter), then put the output of that command to grep 180, and put output of grep to command less (shows scrollable text viewer).
$ ls | grep .php
Find all .php files in the working directory.
cat file.txt | grep ERROR
Finds string ERROR in file file.txt and output it.
That’s all for today. For more info about redirection, visit http://en.wikipedia.org/wiki/Redirection_(computing).
My Sites
Other Blogs
Twitter Updates
Tags
Recent Comments
- Pinoytech on Chrome OS Leaked
- Acchan on PHP Flaws
- admin on Finished Moving
- Calvin on Finished Moving
- admin on Colony
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Oct | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
Categories
Creative Commons License
