1 ch27 - common gateway interface (cgi) and perl outline –server-side processing –common gateway...

29
1 Ch27 - Common Gateway Interface (CGI) and Perl Outline Server-side processing Common Gateway Interface (CGI) Other server-side programming technologies • (Active Server Pages (ASP)) • Java Servlets and Java Server Pages (JSP) • PHP Hypertext Processor • Python – Perl • Simple Perl examples • Handling HTTP Requests – GET and POST • CGI Environment Variables • Viewing CGI Environment Variables in Perl • Using Perl DBI to Connect to a Database

Upload: damon-rudolph-norris

Post on 25-Dec-2015

229 views

Category:

Documents


1 download

TRANSCRIPT

1Ch27 - Common Gateway Interface (CGI)

and Perl

• Outline– Server-side processing – Common Gateway Interface (CGI)– Other server-side programming technologies

• (Active Server Pages (ASP))• Java Servlets and Java Server Pages (JSP)• PHP Hypertext Processor • Python

– Perl• Simple Perl examples• Handling HTTP Requests – GET and POST• CGI Environment Variables• Viewing CGI Environment Variables in Perl• Using Perl DBI to Connect to a Database

2

Web Programming Technologies

CLIENT SERVER

WebBrowser

HTML PagesWeb

Server

Content Authoring:

HTMLProtocols:

HTTP

Client Scripts:JavaScript

Client Programs:Java Applets

Server Scripts:Perl, ASP, PHP, JSP

Server Programs:Java Servlets

HTTP Request

HTML Page

Protocols:CGI

Server Side ProcessingClient Side Processing

HTTP Response

3

What is server-side processing?

• The use of programs on the server-side to process client input and produce client output– Generates custom responses for clients– Has access to server-side software that extend server functionality– Provides programmers greater flexibility– Contains greater programmatic capabilities than client-side equivalents

• There are several technologies that can be used to create server-side scripts – Common Gateway Interface (CGI)– Microsoft Active Server Pages (ASP) – HTML embedding VBScript– PHP Hypertext Processor (PHP)– Java Servlets and Java Server Pages (JSP)

• Common script languages– Perl, VBScript, Python, Java

4

Common Gateway Interface (CGI)

• A standard for how a web server interact and transfer information to an application program (called CGI script)– Application is responsible for generating some dynamic content

– Application can call database– Extend servers beyond simple HTML file serving

• CGI = Common Gateway Interface. – Common - supported by almost all web servers, can be used by many

platforms and programming languages such as Perl, C, C++, VBScript, etc

– Gateway - pathway between server and application programs– Interface - provides a well-defined way to call up its features

• CGI is Not…– a programming language

5

Client(Browser)

Web Server

1. SendsHTTP-request

6. SendsHTTP-response(HTML Page)

Environment variables

2. Sets data

CGI script

3. Calls script

4. Reads data

5. Returns output

CGI at work

• Read explicit data (form data) and implicit data (request headers) sent by client

• Generate the results and send explicit data (HTML) and implicit data (status code and response headers) back to client

InternetInternet

Database

HTML-Form

6

CGI Advantages and Disadvantages

• Advantages– Web server and language independence (such as C/C++ or Perl)– Wide acceptance. De facto standard (One of the earliest server-side

options). Many free example CGI scripts– Simple to use

• Disadvantages– Each request starts up a new process of the CGI script– Stateless protocol. Can’t retain information between requests– Communication to application must go through the web server

7

Java Servlets and Java Server Pages (JSP)

• Java servlet is like an applet that runs inside a web server, extending the servers functionality

– A web server must provide an API so Java servlets can be written

• JSP is part of the servlet API that allows Java to be embedded inside HTML

– Same concept as ASP

• Advantages of servlets and JSP

– When written in Java, servlets and JSP are plattform independent

– Wide support: from Netscape, Sun, Apache, Oracle, IBM

– Servlets and JSPs are compiled, loaded once at server startup, and service Web requests using separate lightweight threads

• Java Servlets and JSP are part of Java 2 Enterprise Edition (J2EE), a collection of enterprise APIs

8

PHP Hypertext Preprocessor

• PHP is a script language in Web programming, which is platform independent but used primarily on Linux Web servers– Initials come originally from the earliest version of the program, which was called

"Personal Home Page Tools“. Now acronym for PHP Hypertext Preprocessor

– PHP is free and offered under an open source license. The latest version is PHP4.

– Interpreter is freely available.

• An alternative and works similar to ASP technology– LAMP - Linux, Apache, MySQL and PHP. Four parts to build fast, robust Web

applications. PHP is a project of the Apache Software Foundation.

– As with ASP, the PHP script is embedded within a Web page along with its HTML. Before the page is sent to a user that has requested it, the Web server calls PHP to interpret and perform the operations called for in the PHP script.

– An HTML page that includes a PHP script is typically given a file name suffix of ".php" ".php3," or ".phtml".

– Like ASP, PHP can be thought of as "dynamic HTML pages," since content will vary based on the results of interpreting the script.

9

Perl

• Perl (Practical Extraction Report Language) is an interpreted language (not compiled, like Java) which is ideally suited for CGI programming.– written by Larry Wall in 1987. Combines syntax from several UNIX utilities

and languages. – has also been adapted to non-UNIX platforms. ActivePerl, the standard

Perl implementation for Windows is freely available

• Perl is a text processing language that provides comprehensive string handling functions– designed to handle a variety of system administrator functions

• It is widely used to write Web server programs for such tasks as – automatically updating user accounts and newsgroup postings – processing removal requests– synchronizing databases and generating reports

10

Python

• An interpreted, object-oriented programming language developed by Guido van Rossum.

• Can be used to write:– CGI-scripts– ASP-scripts– Large-scale Internet search engines– Small administration scripts– GUI applications

• Python is very portable since Python interpreters are available for most operating system platforms.

• Although Python is copyrighted, the source code is freely available, and unlike GNU software, it can be commercially re-sold.

11

Perl - Simple Example

#!/usr/bin/perl#!/usr/bin/perl

$name=“Foo”;$name=“Foo”;

$friends=1;$friends=1; #I only have one friend#I only have one friend

#$friends=2;#$friends=2; #actually, I have 2 friends#actually, I have 2 friends

#$friends=“many;” #$friends=“many;” #I have too many friends#I have too many friends

if ($friends == 1)if ($friends == 1)

{{

print “$name, you are my best friend.”;print “$name, you are my best friend.”;

}}

The “shebang” construct (#!) indicates the path to the Perl interpreter on Unix systems.

Function print writes the string to the screen.

12

Data Types in Perl

Data type Format for variable names of this type

Description

Scalar $scalarname Can be a string, an integer number, a floating-point number or a reference.

Array @arrayname An ordered list of scalar variables that can be accessed using integer indices.

Hash %hashname An unordered set of scalar variables whose values are accessed using unique scalar values (i.e., strings) called keys.

Fig. 27.3 Perl data types.

13

Client-Server Interaction

• HTTP is a request-response protocol. Client sends request, server responds.

• HTTP Request (Client is sending request message to Server ):– When a client sends a request, it consists of three parts:

• Request line: (e.g. POST /im269/w7.html HTTP/1/1)– HTTP method type (GET or POST) – Resource name (URL) – Protocol/version

• Header: contains browser information (optional)• Message body: in POST method request information is stored here (optional)

• HTTP Response (Server is sending response message to Client):– The response sent by the server also consists of three parts:

• Response line: (server protocol and status code)• Header: specifies the type of output (content-type such as text/html, location such as

http://www.xxx.com, or no response such as 204 No Response)• Message body: (the actual data, such as sending back a Web page or a file to the user)

14

HTTP Response from a CGI script

• A CGI script that produces a HTTP response. CGI responds to the server via standard output

• Example CGI scripts:1. Return content to user

print (“Content-type: text/html”);print (““);print (“<HEAD>”);print (“<TITLE>CGI script output</TITLE>”);print (“</HEAD>”);print (“<BODY>”);print (“<H1>Output from a CGI script</H1>”);...

print (“</BODY>”); 2. Return a location to user

Location: http://www.xxx.com

3. Return no responseStatus: 204 No Response

15

GET and POST request methods

• Most common ways to send data from client to server:– GET request

• Retrieves appropriate resource from Web server• Form contents are appended as a querystring to the URL • Limits query to 1024 characters stored in request line• Browsers cache (save on disk) HTML pages

– Allows for quick reloading– Cache responses to get request– Do not cache responses to post request

– POST request• Updates contents of Web server (posting new messages to forum)• The data is sent as part the message body of the request. • Not part of URL and cannot be seen by user• Has no limit for length of query• Posts data to server-side form handler

– Note that the client don’t always need to send data to server to generate a response

16

Ways to call Server-Side Scripts

• The URL specifies a script called “program” to be executed Instead of an HTML file.

http://some.machine/cgi-bin/program.pl

– Sending data directly to a script (using the GET-method)http://www.google.com/search?hl=en&q=CGI

• Invoking can also be done through a link. A hypertext reference can refer to:– An exutable script

<a href=http://domain_name/cgi-bin/scriptname>

– An exutable script with arguments (using the GET-method)– <a href=http://domain_name/cgi-bin/scriptname?arg1+arg2>

– An Active Server Page<a href=http://domain_name/catalog.asp>

• It is much easier provide user input from an HTML form:<FORM ACTION=“http:// http://www.google.com/search”>

Input elements go here</FORM>

17

Encoding User Input from Forms

• HTML-forms are used to provide input to CGI scripts. The <FORM> tag requires two arguments:– ACTION

– the URL representing the script which is to receive the form information– METHOD

– either GET or POST– represents the way in which the information will get passed to the script

• Using METHOD=“GET”. 1. FORM elements’ names are paired with their contents ie.

<input type=“text” size=“9” maxlength=“9” name=“zip”>User inputs 10003, then zip=10003

2. All such name/value pairs are joined together with an ‘&’3. The entire input data string is URL encoded ie.

name=Jane+Doe&address=35+W%27+4th+St%27&zip=10003

– On the server end the data is placed in the environment variable QUERY_STRING

18

Three ways to pass data to CGI scripts

1. Environment variables (When the GET method is used in an HTML form)– Data is encoded as part of the URL– Portions of the URL are assigned to the environment variables QUERY_STRING,

PATH_INFO, and SCRIPT_NAME:http://www.usc.edu/cgi-bin/scriptname/extrapath/afile?input_data

• QUERY_STRING is assigned input_data• PATH_INFO is assigned extrapath/afile• SCRIPT_NAME is assigned cgi-bin/scriptname

2. Standard input (When the POST method is used)– The data is given in the message body of the HTTP request

– Web server forwards message body to the script via the standard input stream

3. Command–line arguments– For example, to pass arg1 and arg2 to a script:

<a href=http://domain/cgi-bin/copy?arg1+arg2>

19

CGI Environment Variables

• CGI environment variables are used to pass information about the context of execution. These variables are global, and accessible to all running programs• Programs -> programs

• Variables are text strings (name and value pairs) • Can be classified into two major categories

– Nonrequest specific– Request specific

• Nonrequest-specific environment variables– These variables are set for all requests

• SERVER_SOFTWARE The name and version of the information server software answering the request

• SERVER_NAME The server's hostname, DNS alias, or IP address• GATEWAY_INTERFACE The revision of the CGI specification to which this

server complies.

20

Request-specific environment variables (1)

• These variables are set depending on the request being fulfilled by the CGI script: – SERVER_PROTOCOL The name and revision of the information protocol this

request came in with. Format: protocol/revision – SERVER_PORT The port number to which the request was sent. – REQUEST_METHOD The method with which the request was made. For HTTP,

this is "GET", "POST", etc. – PATH_INFO The extra path information, as given by the client. E.g.

http://www.usc.edu/cgi-bin/scriptname/extrapath/afile?input_data

– PATH_TRANSLATED the PATH_INFO path translated into an absolute document path on the local system, which takes the path and does any virtual-to-physical mapping to it.

– SCRIPT_NAME A the path and the name of the script being executed, as referenced in the URL.

– QUERY_STRING The information which follows the ? that referenced this script.

21

Request-specific environment variables (2)

– REMOTE_HOST The Internet domain name making the request. – REMOTE_ADDR The IP address of the remote host making the request.– AUTH_TYPE If the server supports user authentication, and the script is

protects, this is the protocol-specific authentication method used to validate the user.

– REMOTE_USER the username that server and script have authenticated.– REMOTE_IDENT the remote user name retrieved by the server using

inetd identification (RFC 931), – CONTENT_TYPE For queries which have attached information, such as

POST-method, this is the MIME-content type of the data.– CONTENT_LENGTH The length of the content as given by the client.

22

Perl script to display CGI environment variables

#!/usr/bin/perl

2 # Fig. 27.11: fig27_11.pl

3 # Program to display CGI environment variables.

4

5 use CGI qw( :standard );

6

7 $dtd =

8 "-//W3C//DTD XHTML 1.0 Transitional//EN\"

9 \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";

10

11 print( header() );

12

13 print( start_html( { dtd => $dtd,

14 title => "Environment Variables..." } ) );

15

The use statement instructs Perl programs to include the contents (e.g., functions) of predefined packages called modules. The import tag :standard imports a predefined set of standard functions.

The start_html function prints the document type definition for this document, as well as several opening XHTML tags (<html>, <head>, <title>, etc., up to the opening <body> tag).

23

Perl script to display CGI environment variables, cont.

16 print( "<table style = \"border: 0; padding: 2;17 font-weight: bold\">" );18 19 print( Tr( th( "Variable Name" ),20 th( "Value" ) ) );21 22 print( Tr( td( hr() ), td( hr() ) ) );23 24 foreach $variable ( sort( keys( %ENV ) ) ) {25 26 print( Tr( td( { style => "background-color: #11bbff" }, 27 $variable ),28 td( { style => "font-size: 12pt" }, 29 $ENV{ $variable } ) ) );30 31 print( Tr( td( hr() ), td( hr() ) ) );32 }33 34 print( "</table>" );35 print( end_html() );

The %ENV hash is a built-in table in Perl that contains the names and values of all the environment variables. Function keys returns an unordered array containing all the keys in the %ENV hash. sort orders the array of keys alphabetically. The foreach loop iterates sequentially through the array returned by sort, repeatedly assigning the current key’s value to scalar $variable.

Hash values are accessed using the syntax $hashName{ keyName }. In this example, each key in hash %ENV is the name of an environment variable name (e.g., HTTP_HOST).

Function end_html returns the closing tags for the page (</body> and </html>).

24

Program Output

25

Introduction to DBI

• Databases part of distributed applications– Divides work across multiple computers

• Retrieves result set and displays results

• Driver– Helps programs access databases – Each database can have different syntax – Each database requires its own driver

• Interface– Provides uniform access to all database systems

• Database interface– Programmatic library for accessing relational database

26

Perl Database Interface

• Perl DBI– Enables users to access relational databases from Perl programs– Database independent– Most widely used interface in Perl– Uses handles (Fig. 22.29)

• Object-oriented interfaces

• Driver handles, database handles, statement handles

– Each connection into the database is identified by a handle whose methods are called by Perl scripts

27

MySQL

• Pronounced “My Ess Que Ell”

• Robust and scalable RDBMS

• Multiuser, multithreaded server– Performs multiple commands concurrently

• Uses SQL to interact with data

• Supports various programming languages– C, C++, Java, Python, Perl, PHP, etc

• Supports various operating systems– Windows, Linux and Unix

• Access multiple databases with single query

28Fig27_19.pl1 #!/usr/bin/perl2 # Fig. 27.19: fig27_19.pl

3 # CGI program that generates a list of authors.4 5 use CGI qw( :standard );6 use DBI;7 use DBD::mysql;8 9 $dtd =10 "-//W3C//DTD XHTML 1.0 Transitional//EN\"11 \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";12 13 print( header() );14 15 print( start_html( { dtd => $dtd,16 title => "Authors" } ) );17 18 # connect to "books" database, no password needed19 $databaseHandle = DBI->connect( "DBI:mysql:books", 20 "root", "", { RaiseError => 1 } );21 22 # retrieve the names and IDs of all authors23 $query = "SELECT FirstName, LastName, AuthorID 24 FROM Authors ORDER BY LastName";25 26 # prepare the query for execution, then execute it27 # a prepared query can be executed multiple times28 $statementHandle = $databaseHandle->prepare( $query );29 $statementHandle->execute();30 31 print( h2( "Choose an author:" ) );32 33 print( start_form( { action => 'fig27_20.pl' } ) );34 35 print( "<select name = \"author\">\n" );

The Perl DBI module and the MySQL driver, DBD::mysql are required.

Connect to the database by calling DBI method connect. If the connection succeeds, function connect returns a database handle that is assigned to $databaseHandle.

The database handle is used to prepare the query (using the method prepare). This method prepares the database driver for a statement, which can be executed multiple times.

Method execute executes the query.

29Fig27_19.pl36 37 # drop-down list contains the author and ID number38 # fetchrow_array returns a single row from the result39 while ( @row = $statementHandle->fetchrow_array() ) {40 print( "<option>" );41 print( "$row[ 2 ]. $row[ 1 ], $row[ 0 ]" );42 print( "</option>" );43 }44 45 print( "</select>\n" );46 47 print( submit( { value => 'Get Info' } ) );48 print( end_form(), end_html() );49 50 # close the statement and database handles51 $databaseHandle->disconnect();52 $statementHandle->finish();

Method fetchrow_array accesses the results of the query. Each call to this function returns the next set of data in the resulting table until there are no data sets left. Each row is returned as an array and assigned to @row.

Each value is printed as a list option.

Close the database connection (using method disconnect), and specify that the query is finished by calling method finish

Program Output