Download (CGI) and Perl

Ch27 - Common Gateway Interface (CGI) and
Perl
• Outline
– Server-side processing
– Common Gateway Interface (CGI)
– Other server-side programming technologies
• (Active Server Pages (ASP))
• Java Servlets and Java Server Pages (JSP)
• PHP Hypertext Processor
• Python
– Perl
• Simple Perl examples
• Handling HTTP Requests – GET and POST
• CGI Environment Variables
• Viewing CGI Environment Variables in Perl
• Using Perl DBI to Connect to a Database
1
2
Web Programming Technologies
Content
Authoring:
HTML
Protocols:
HTTP
Server Side Processing
Client Side Processing
HTTP Request
Web
Server
Web
Browser
CLIENT
SERVER
HTTP Response
HTML Page
Client Scripts:
JavaScript
Client Programs:
Java Applets
HTML Pages
Protocols:
CGI
Server Scripts:
Perl, ASP,
PHP, JSP
Server Programs:
Java Servlets
3
What is server-side processing?
• The use of programs on the server-side to process client input
and produce client output
–
–
–
–
Generates custom responses for clients
Has access to server-side software that extend server functionality
Provides programmers greater flexibility
Contains greater programmatic capabilities than client-side equivalents
• There are several technologies that can be used to create serverside scripts
–
–
–
–
Common Gateway Interface (CGI)
Microsoft Active Server Pages (ASP) – HTML embedding VBScript
PHP Hypertext Processor (PHP)
Java Servlets and Java Server Pages (JSP)
• Common script languages
– Perl, VBScript, Python, Java
4
Common Gateway Interface (CGI)
• A standard for how a web server interact and transfer information
to an application program (called CGI script)
– Application is responsible for generating some dynamic content
– Application can call database
– Extend servers beyond simple HTML file serving
• CGI = Common Gateway Interface.
– Common - supported by almost all web servers, can be used by many
platforms and programming languages such as Perl, C, C++, VBScript,
etc
– Gateway - pathway between server and application programs
– Interface - provides a well-defined way to call up its features
• CGI is Not…
– a programming language
5
CGI at work
• Read explicit data (form data) and implicit data (request headers) sent
by client
2. Sets data
HTMLForm
1. Sends
HTTP-request
4. Reads data
Internet
Web Server
Client
(Browser)
6. Sends
HTTP-response
(HTML Page)
Environment
variables
3. Calls
script
CGI script
5. Returns
output
• Generate the results and send explicit data (HTML)
and implicit data (status code and response headers)
back to client
Database
6
CGI Advantages and Disadvantages
• Advantages
– Web server and language independence (such as C/C++ or Perl)
– Wide acceptance. De facto standard (One of the earliest server-side
options). Many free example CGI scripts
– Simple to use
• Disadvantages
– Each request starts up a new process of the CGI script
– Stateless protocol. Can’t retain information between requests
– Communication to application must go through the web server
7
Java Servlets and Java Server Pages (JSP)
• Java servlet is like an applet that runs inside a web server,
extending the servers functionality
– A web server must provide an API so Java servlets can be written
• JSP is part of the servlet API that allows Java to be embedded
inside HTML
– Same concept as ASP
• Advantages of servlets and JSP
– When written in Java, servlets and JSP are plattform independent
– Wide support: from Netscape, Sun, Apache, Oracle, IBM
– Servlets and JSPs are compiled, loaded once at server startup, and
service Web requests using separate lightweight threads
• Java Servlets and JSP are part of Java 2 Enterprise Edition
(J2EE), a collection of enterprise APIs
8
PHP Hypertext Preprocessor
• PHP is a script language in Web programming, which is platform
independent but used primarily on Linux Web servers
– Initials come originally from the earliest version of the program, which was called
"Personal Home Page Tools“. Now acronym for PHP Hypertext Preprocessor
– PHP is free and offered under an open source license. The latest version is PHP4.
– Interpreter is freely available.
• An alternative and works similar to ASP technology
– LAMP - Linux, Apache, MySQL and PHP. Four parts to build fast, robust Web
applications. PHP is a project of the Apache Software Foundation.
– As with ASP, the PHP script is embedded within a Web page along with its HTML.
Before the page is sent to a user that has requested it, the Web server calls PHP
to interpret and perform the operations called for in the PHP script.
– An HTML page that includes a PHP script is typically given a file name suffix of
".php" ".php3," or ".phtml".
– Like ASP, PHP can be thought of as "dynamic HTML pages," since content will
vary based on the results of interpreting the script.
9
Perl
• Perl (Practical Extraction Report Language) is an interpreted
language (not compiled, like Java) which is ideally suited for CGI
programming.
– written by Larry Wall in 1987. Combines syntax from several UNIX utilities
and languages.
– has also been adapted to non-UNIX platforms. ActivePerl, the standard
Perl implementation for Windows is freely available
• Perl is a text processing language that provides comprehensive
string handling functions
– designed to handle a variety of system administrator functions
• It is widely used to write Web server programs for such tasks as
– automatically updating user accounts and newsgroup postings
– processing removal requests
– synchronizing databases and generating reports
10
Python
• An interpreted, object-oriented programming language
developed by Guido van Rossum.
• Can be used to write:
–
–
–
–
–
CGI-scripts
ASP-scripts
Large-scale Internet search engines
Small administration scripts
GUI applications
• Python is very portable since Python interpreters are available
for most operating system platforms.
• Although Python is copyrighted, the source code is freely
available, and unlike GNU software, it can be commercially resold.
11
Perl - Simple Example
#!/usr/bin/perl
$name=“Foo”;
$friends=1;
#$friends=2;
#$friends=“many;”
if ($friends == 1)
{
print “$name, you
}
The “shebang” construct (#!)
indicates the path to the Perl
interpreter on Unix systems.
#I only have one friend
#actually, I have 2 friends
#I have too many friends
are my best friend.”;
Function print writes the string to
the screen.
12
Data Types in Perl
Scalar
Fo rma t fo r
va ria b le na m es
o f this typ e
$scalarname
Array
@arrayname
Hash
%hashname
Da ta typ e
Fig. 27.3
Perl d a ta typ es.
Desc rip tio n
Can be a string, an integer number, a
floating-point number or a reference.
An ordered list of scalar variables that can
be accessed using integer indices.
An unordered set of scalar variables
whose values are accessed using unique
scalar values (i.e., strings) called keys.
13
Client-Server Interaction
• HTTP is a request-response protocol. Client sends request, server
responds.
• HTTP Request (Client is sending request message to Server ):
–
When a client sends a request, it consists of three parts:
• Request line: (e.g. POST /im269/w7.html HTTP/1/1)
– HTTP method type (GET or POST)
– Resource name (URL)
– Protocol/version
• Header: contains browser information (optional)
• Message body: in POST method request information is stored here (optional)
• HTTP Response (Server is sending response message to Client):
– The response sent by the server also consists of three parts:
• Response line: (server protocol and status code)
• Header: specifies the type of output (content-type such as text/html, location such as
http://www.xxx.com, or no response such as 204 No Response)
• Message body: (the actual data, such as sending back a Web page or a file to the
user)
14
HTTP Response from a CGI script
• A CGI script that produces a HTTP response. CGI responds to the
server via standard output
• Example CGI scripts:
1. Return content to user
print
print
print
print
print
print
print
...
print
(“Content-type: text/html”);
(““);
(“<HEAD>”);
(“<TITLE>CGI script output</TITLE>”);
(“</HEAD>”);
(“<BODY>”);
(“<H1>Output from a CGI script</H1>”);
(“</BODY>”);
2. Return a location to user
Location: http://www.xxx.com
3. Return no response
Status: 204 No Response
15
GET and POST request methods
• Most common ways to send data from client to server:
– GET request
•
•
•
•
Retrieves appropriate resource from Web server
Form contents are appended as a querystring to the URL
Limits query to 1024 characters stored in request line
Browsers cache (save on disk) HTML pages
– Allows for quick reloading
– Cache responses to get request
– Do not cache responses to post request
– POST request
•
•
•
•
•
Updates contents of Web server (posting new messages to forum)
The data is sent as part the message body of the request.
Not part of URL and cannot be seen by user
Has no limit for length of query
Posts data to server-side form handler
– Note that the client don’t always need to send data to server to generate a
response
16
Ways to call Server-Side Scripts
•
The URL specifies a script called “program” to be executed Instead of an HTML
file.
http://some.machine/cgi-bin/program.pl
– Sending data directly to a script (using the GET-method)
http://www.google.com/search?hl=en&q=CGI
•
Invoking can also be done through a link. A hypertext reference can refer to:
– An exutable script
<a href=http://domain_name/cgi-bin/scriptname>
– An exutable script with arguments (using the GET-method)
– <a href=http://domain_name/cgi-bin/scriptname?arg1+arg2>
– An Active Server Page
<a href=http://domain_name/catalog.asp>
•
It is much easier provide user input from an HTML form:
<FORM ACTION=“http:// http://www.google.com/search”>
Input elements go here
</FORM>
17
Encoding User Input from Forms
•
HTML-forms are used to provide input to CGI scripts. The
<FORM> tag requires two arguments:
–
–
•
ACTION
– the URL representing the script which is to receive the form information
METHOD
– either GET or POST
– represents the way in which the information will get passed to the script
Using METHOD=“GET”.
1. FORM elements’ names are paired with their contents ie.
<input type=“text” size=“9” maxlength=“9” name=“zip”>
User inputs 10003, then zip=10003
2. All such name/value pairs are joined together with an ‘&’
3. The entire input data string is URL encoded ie.
name=Jane+Doe&address=35+W%27+4th+St%27&zip=10003
–
On the server end the data is placed in the environment variable
QUERY_STRING
18
Three ways to pass data to CGI scripts
1. Environment variables (When the GET method is used in an HTML form)
–
–
Data is encoded as part of the URL
Portions of the URL are assigned to the environment variables QUERY_STRING,
PATH_INFO, and SCRIPT_NAME:
http://www.usc.edu/cgi-bin/scriptname/extrapath/afile?input_data
•
QUERY_STRING is assigned input_data
•
PATH_INFO is assigned extrapath/afile
•
SCRIPT_NAME is assigned cgi-bin/scriptname
2. Standard input (When the POST method is used)
–
–
The data is given in the message body of the HTTP request
Web server forwards message body to the script via the standard input stream
3. Command–line arguments
–
For example, to pass arg1 and arg2 to a script:
<a href=http://domain/cgi-bin/copy?arg1+arg2>
19
CGI Environment Variables
• CGI environment variables are used to pass information about
the context of execution. These variables are global, and
accessible to all running programs
• Programs -> programs
• Variables are text strings (name and value pairs)
• Can be classified into two major categories
– Nonrequest specific
– Request specific
• Nonrequest-specific environment variables
– These variables are set for all requests
• SERVER_SOFTWARE The name and version of the information server
software answering the request
• SERVER_NAME The server's hostname, DNS alias, or IP address
• GATEWAY_INTERFACE The revision of the CGI specification to which this
server complies.
20
Request-specific environment variables (1)
• These variables are set depending on the request being fulfilled
by the CGI script:
– SERVER_PROTOCOL The name and revision of the information protocol this
request came in with. Format: protocol/revision
– SERVER_PORT The port number to which the request was sent.
– REQUEST_METHOD The method with which the request was made. For HTTP,
this is "GET", "POST", etc.
– PATH_INFO The extra path information, as given by the client. E.g.
http://www.usc.edu/cgi-bin/scriptname/extrapath/afile?input_data
– PATH_TRANSLATED the PATH_INFO path translated into an absolute document
path on the local system, which takes the path and does any virtual-to-physical
mapping to it.
– SCRIPT_NAME A the path and the name of the script being executed, as
referenced in the URL.
– QUERY_STRING The information which follows the ? that referenced this script.
21
Request-specific environment variables (2)
– REMOTE_HOST The Internet domain name making the request.
– REMOTE_ADDR The IP address of the remote host making the request.
– AUTH_TYPE If the server supports user authentication, and the script is
protects, this is the protocol-specific authentication method used to
validate the user.
– REMOTE_USER the username that server and script have authenticated.
– REMOTE_IDENT the remote user name retrieved by the server using
inetd identification (RFC 931),
– CONTENT_TYPE For queries which have attached information, such as
POST-method, this is the MIME-content type of the data.
– CONTENT_LENGTH The length of the content as given by the client.
22
Perl script to display CGI environment variables
#!/usr/bin/perl
The use statement instructs Perl programs to
2
# Fig. 27.11: fig27_11.pl
include the contents (e.g., functions) of predefined
3
# Program to display CGI environment variables.
packages called modules. The import tag
4
:standard imports a predefined set of standard
5
use CGI qw( :standard );
functions.
6
7
$dtd =
8
"-//W3C//DTD XHTML 1.0 Transitional//EN\"
9
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";
10
The start_html function prints the document type definition for
11
print( header() );
this document, as well as several opening XHTML tags (<html>,
12
<head>, <title>, etc., up to the opening <body> tag).
13
print( start_html( { dtd => $dtd,
14
title => "Environment Variables..." } ) );
15
23
Perl script to display CGI environment variables, cont.
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
print( "<table style = \"border: 0; padding: 2;
font-weight: bold\">" );
print( Tr( th( "Variable Name" ),
th( "Value" ) ) );
print( Tr( td( hr() ), td( hr() ) ) );
foreach $variable ( sort( keys( %ENV ) ) ) {
The %ENV hash is a built-in table in Perl that contains the names
and values of all the environment variables. Function keys
returns an unordered array containing all the keys in the %ENV
hash. sort orders the array of keys alphabetically. The foreach
loop iterates sequentially through the array returned by sort,
repeatedly assigning the current key’s value to scalar $variable.
print( Tr( td( { style => "background-color: #11bbff" },
$variable ),
td( { style => "font-size: 12pt" },
Hash values are accessed using the syntax $hashName{
$ENV{ $variable } ) ) );
keyName }. In this example, each key in hash %ENV is
print( Tr( td( hr() ), td( hr() ) ) );
}
print( "</table>" );
print( end_html() );
the name of an environment variable name (e.g.,
HTTP_HOST).
Function end_html returns the closing tags for the page
(</body> and </html>).
24
Program Output
25
Introduction to DBI
• Databases part of distributed applications
– Divides work across multiple computers
• Retrieves result set and displays results
• Driver
– Helps programs access databases
– Each database can have different syntax
– Each database requires its own driver
• Interface
– Provides uniform access to all database systems
• Database interface
– Programmatic library for accessing relational database
26
Perl Database Interface
• Perl DBI
–
–
–
–
Enables users to access relational databases from Perl programs
Database independent
Most widely used interface in Perl
Uses handles (Fig. 22.29)
• Object-oriented interfaces
• Driver handles, database handles, statement handles
– Each connection into the database is identified by a handle whose
methods are called by Perl scripts
Da ta Ob jec t Ha nd les Desc rip tio n
Driver Handles
Encapsulates the driver for the database; rarely used in a Perl script.
Database Handles
Encapsulates a specific connection to a database; can send SQL
statements to a database.
Statement Handles
Encapsulates specific SQL statements and the results returned from
them.
Fig. 22.29
Da ta o b jec t ha nd les fo r Perl DBI.
27
MySQL
• Pronounced “My Ess Que Ell”
• Robust and scalable RDBMS
• Multiuser, multithreaded server
– Performs multiple commands concurrently
• Uses SQL to interact with data
• Supports various programming languages
– C, C++, Java, Python, Perl, PHP, etc
• Supports various operating systems
– Windows, Linux and Unix
• Access multiple databases with single query
Fig27_19.pl
1
2
#!/usr/bin/perl
# Fig. 27.19: fig27_19.pl
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#
28
CGI program that generates a list of authors.
use CGI qw( :standard );
use DBI;
use DBD::mysql;
The Perl DBI module and the MySQL
driver, DBD::mysql are required.
$dtd =
"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";
print( header() );
print( start_html( { dtd => $dtd,
title => "Authors" } ) );
# connect to "books" database, no password needed
$databaseHandle = DBI->connect( "DBI:mysql:books",
"root", "", { RaiseError => 1 } );
# retrieve the names and IDs of all authors
$query = "SELECT FirstName, LastName, AuthorID
FROM Authors ORDER BY LastName";
# prepare the query for execution, then execute it
# a prepared query can be executed multiple times
$statementHandle = $databaseHandle->prepare( $query );
$statementHandle->execute();
print( h2( "Choose an author:" ) );
print( start_form( { action => 'fig27_20.pl' } ) );
print( "<select name = \"author\">\n" );
Connect to the database by calling DBI
method connect. If the connection
succeeds, function connect returns a
database handle that is assigned to
$databaseHandle.
The database handle is used to prepare the
query (using the method prepare). This
method prepares the database driver for a
statement, which can be executed multiple
times.
Method execute executes the query.
Fig27_19.pl
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# drop-down list contains the author and ID number
# fetchrow_array returns a single row from the result
while ( @row = $statementHandle->fetchrow_array() ) {
print( "<option>" );
print( "$row[ 2 ]. $row[ 1 ], $row[ 0 ]" );
print( "</option>" );
}
Method
fetchrow_array
accesses the results of the query.
Each call to this function returns the
next set of data in the resulting table
until there are no data sets left. Each
row is returned as an array and
assigned to @row.
print( "</select>\n" );
print( submit( { value => 'Get Info' } ) );
print( end_form(), end_html() );
# close the statement and database handles
$databaseHandle->disconnect();
$statementHandle->finish();
Program Output
Each value is printed as a list option.
Close the database connection (using method
disconnect), and specify that the query is
finished by calling method finish
29