PHP MySql POST GET Cookies Session - Bits and information

I always feel its easier to remember details if we learn it as differences between two objects. So I want to blog the basic differences between cookies and session, POST and GET method. And bits and pieces of information about UNION,UNION ALL and some more. This post has so many random information. Let me know if you find something wrong or different.

Three ways to move information across web pages:

1. links: a link with href set to destination page.
   
2. Forms: set action to point to target, method of how server should process information sent, encoding type optional. Both 1 and 2 requires user action like a click.
   
3. Without any user action, user header in PHP to move to another page. header("Location: page.php");
   

Cookies:

• Cookies are stored at the client's computer.
• Once stored at client comp by an application, it can be accessed by any web page of that application.
• It contains variable = value pairs of information.
• Cookies are more useful for applications that has no database.
• Cookies will be available from the next page and not in the current page where it was set.
• In PHP, setcookie('variable','value'); sets the cookie and if you don't mention time, this cookie will expire when user exits the application.
• On setting the cookie, it gets stored in one of many built in arrays of PHP called $_COOKIE. For accessing your cookie variable just refer the array with the variable name like $_COOKIE['variable']
• If we want our cookie to be present even after user exits application then we have to mention the expiration time while we set the cookie. We can use two functions along with setcookie() - time and mktime. time() - returns the current time, we have to add the seconds for which the cookie needs to be alive. eg. setcookie('var','val',time()+3600) - to set cookie alive for 1 hour(60*60 seconds). mktime() - returns date and time and the order of arguments passed is hr,min,sec,mon,day, year. eg. setcookie('var','val',mktime(3,0,0,5,6,2010)); - to make it expire by 3am of May 6th 2010.
  
• To remove cookies, use the same setcookie without any values passed. eg. setcookie('var'); setcookie('var','');
  
• setcookie limitation: It has to be before any output is sent to the client browser. This limitation is with both session and cookie.
  

Session:

• Session details are stored in a file at the server side. In Unix and Linux systems, in \tmp folder and in Windows folder called sessiondata. We can change the location of where the file is stored by chaning session.save_path value in php.ini.
  
• Session ID - long nonsense number for every client which cannot be guessed or forged. In PHP, system variable is used for session ID - PHPSESSID.
• Session ID is passed to every page to access the session details. There are three ways to pass them. 1. If cookies turned on, use the cookies. 2. For links, use the URL. 3. Use hidden variables for form with POST method.
• Session variable is got and stored in $_SESSION built in array(similar to $_COOKIE array in cookies). They are accessed same way as in cookies.
• For session to work we need to enable, track_vars while installing PHP.(default its turned on from PHP 4.0).
• If cookie is turned off at the client side, trans_sid should be enabled to transfer session id. To enable that use session.use_trans_sid = 1 in php.ini.
  
• Start a session: session_start() - If sessionID is found, then load $_SESSION with variables and their values. If no ID is found, then it is first time so create a new session and set PHPSESSID.
• Save a session variable: $_SESSION['var'] = 'val';
• Close a session: session_destroy() - destroys the session details.
• session_id() - returns the PHPSESSID value - current session id.
• unset($_SESSION) - unset the session details in the current page.
• Limitation: session has to be set before any output is sent to the client browser.
  

We know that POST and GET are ways of indicating how the server should process the information sent by the form.

POST:

• Sends information in 2 steps. 1. browser contacts form processing server specified in action. 2. Once contact has been established, send data to server in separate transmission.
• On server side: 1. read parameters from a standard location. 2. After read, decode parameters before application use form variables.
• To get post variables from earlier form use built in array $_POST.
  

GET:

• In a single transmission, data is sent to the server. Data is appended by the browser to action URL.
• This is the default method if not specified otherwise.
  
• On server side, gets information passed at the end of the URL.

POST or GET what to use?

• GET: best transmission performance(single transmission) and apt for small forms with short/few fields.
• POST: Apt for forms with many/long text fields.
• If inexperienced with server programming use GET to avoid extra steps of processing- read/decode as in POST.
• For security purpose, use POST to avoid the information you transmit to be available in open for hackers to track. POST has security holes too but atleast it has encoding when transmitting.
• To invoke server processing outside form tag, eg in a tag, use GET because it lets us use form-like parameters as part of URL.
  

ENCTYPE field in FORM tag:

• Two types of enctype options available. 1. Multipart and 2. Text/plain
• Multipart: forms with file selection fields for upload by user.
• text/plain: used along with mailto in action attr of form tag. While sending forms to email server rather than a server.
• The default encoding type: Internet media type Application/x-www-form-urlencode.

UNION and UNION ALL:

• Union all - combines rows from multiple row sources into one result set. It includes duplicates.
• Union - does the same thing as union all but excludes duplicates, result would be sorted here without duplicates.

Polymorphism in OO langauges:

• Ability of 2 or more objects belonging to different classes to respond to exactly same message in different class specific ways.