1 Common Gateway Interface CGI and Perl Outline

1 Common Gateway Interface (CGI) and Perl • Outline – Server-side processing – Common Gateway Interface (CGI) – Other server-side programming technologies • (Active Server Pages (ASP)) • Java Servlets and Java Server Pages (JSP) • PHP Hypertext Processor • Python – Perl • Simple Perl examples • Handling HTTP Requests – GET and POST • CGI Environment Variables • Viewing CGI Environment Variables in Perl • Using Perl DBI to Connect to a Database

2 Web Programming Technologies Content Authoring: HTML Protocols: HTTP Server Side Processing Client Side Processing HTTP Request Web Server Web Browser CLIENT SERVER HTTP Response HTML Page Client Scripts: Java. Script Client Programs: Java Applets HTML Pages Protocols: CGI Server Scripts: Perl, ASP, PHP, JSP Server Programs: Java Servlets

3 Common Gateway Interface (CGI) • A standard for how a web server interact and transfer information to an application program (called CGI script) – Application is responsible for generating some dynamic content – Application call database – Extend servers beyond simple HTML file serving • CGI = Common Gateway Interface. – Common - supported by almost all web servers, can be used by many platforms and programming languages such as Perl, C, C++, VBScript, etc – Gateway - pathway between server and application programs – Interface - provides a well-defined way to call up its features • CGI is Not… – a programming language

4 CGI at work • Read explicit data (form data) and implicit data (request headers) sent by client 2. Sets data HTMLForm Client (Browser) 1. Sends HTTP-request Internet 6. Sends HTTP-response (HTML Page) Environment variables 4. Reads data Web Server 3. Calls script CGI script 5. Returns output • Generate the results and send explicit data (HTML) and implicit data (status code and response headers) back to client Database

5 CGI Advantages and Disadvantages • Advantages – Web server and language independence (such as C/C++ or Perl) – Wide acceptance. De facto standard (One of the earliest server-side options). Many free example CGI scripts – Simple to use • Disadvantages – Each request starts up a new process of the CGI script – Stateless protocol. Can’t retain information between requests – Communication to application must go through the web server

6 Perl • Perl (Practical Extraction Report Language) is an interpreted language (not compiled, like Java) which is ideally suited for CGI programming. – written by Larry Wall in 1987. Combines syntax from several UNIX utilities and languages. – has also been adapted to non-UNIX platforms. Active. Perl, the standard Perl implementation for Windows is freely available • Perl is a text processing language that provides comprehensive string handling functions – designed to handle a variety of system administrator functions • It is widely used to write Web server programs for such tasks as – automatically updating user accounts and newsgroup postings – processing removal requests – synchronizing databases and generating reports

7 Python • An interpreted, object-oriented programming language developed by Guido van Rossum. • Can be used to write: – – – CGI-scripts ASP-scripts Large-scale Internet search engines Small administration scripts GUI applications • Python is very portable since Python interpreters are available for most operating system platforms. • Although Python is copyrighted, the source code is freely available, and unlike GNU software, it can be commercially resold.

8 Perl - Simple Example #!/usr/bin/perl $name=“Foo”; $friends=1; #$friends=2; #$friends=“many; ” if ($friends == 1) { print “$name, you } The “shebang” construct (#!) indicates the path to the Perl interpreter on Unix systems. #I only have one friend #actually, I have 2 friends #I have too many friends are my best friend. ”; Function print writes the string to the screen.

9 Data Types in Perl

10 Client-Server Interaction • HTTP is a request-response protocol. Client sends request, server responds. • HTTP Request (Client is sending request message to Server ): – When a client sends a request, it consists of three parts: • Request line: (e. g. POST /im 269/w 7. html HTTP/1/1) – HTTP method type (GET or POST) – Resource name (URL) – Protocol/version • Header: contains browser information (optional) • Message body: in POST method request information is stored here (optional) • HTTP Response (Server is sending response message to Client): – The response sent by the server also consists of three parts: • Response line: (server protocol and status code) • Header: specifies the type of output (content-type such as text/html, location such as http: //www. xxx. com, or no response such as 204 No Response) • Message body: (the actual data, such as sending back a Web page or a file to the user)

11 HTTP Response from a CGI script • A CGI script that produces a HTTP response. CGI responds to the server via standard output • Example CGI scripts: 1. Return content to user print print. . . print (“Content-type: text/html”); (““); (“<HEAD>”); (“<TITLE>CGI script output</TITLE>”); (“</HEAD>”); (“<BODY>”); (“<H 1>Output from a CGI script</H 1>”); (“</BODY>”); 2. Return a location to user Location: http: //www. xxx. com 3. Return no response Status: 204 No Response

12 GET and POST request methods • Most common ways to send data from client to server: – GET request • • Retrieves appropriate resource from Web server Form contents are appended as a querystring to the URL Limits query to 1024 characters stored in request line Browsers cache (save on disk) HTML pages – Allows for quick reloading – Cache responses to get request – Do not cache responses to post request – POST request • • • Updates contents of Web server (posting new messages to forum) The data is sent as part the message body of the request. Not part of URL and cannot be seen by user Has no limit for length of query Posts data to server-side form handler – Note that the client don’t always need to send data to server to generate a response

13 Ways to call Server-Side Scripts • The URL specifies a script called “program” to be executed Instead of an HTML file. http: //some. machine/cgi-bin/program. pl – Sending data directly to a script (using the GET-method) http: //www. google. com/search? hl=en&q=CGI • Invoking can also be done through a link. A hypertext reference can refer to: – An exutable script <a href=http: //domain_name/cgi-bin/scriptname> – An exutable script with arguments (using the GET-method) – <a href=http: //domain_name/cgi-bin/scriptname? arg 1+arg 2> – An Active Server Page <a href=http: //domain_name/catalog. asp> • It is much easier provide user input from an HTML form: <FORM ACTION=“http: //www. google. com/search”> Input elements go here </FORM>

14 Encoding User Input from Forms • HTML-forms are used to provide input to CGI scripts. The <FORM> tag requires two arguments: – – • ACTION – the URL representing the script which is to receive the form information METHOD – either GET or POST – represents the way in which the information will get passed to the script Using METHOD=“GET”. 1. FORM elements’ names are paired with their contents ie. <input type=“text” size=“ 9” maxlength=“ 9” name=“zip”> User inputs 10003, then zip=10003 2. All such name/value pairs are joined together with an ‘&’ 3. The entire input data string is URL encoded ie. name=Jane+Doe&address=35+W%27+4 th+St%27&zip=10003 – On the server end the data is placed in the environment variable QUERY_STRING

15 Three ways to pass data to CGI scripts 1. Environment variables (When the GET method is used in an HTML form) – – Data is encoded as part of the URL Portions of the URL are assigned to the environment variables QUERY_STRING, PATH_INFO, and SCRIPT_NAME: http: //www. usc. edu/cgi-bin/scriptname/extrapath/afile? input_data • QUERY_STRING is assigned input_data • PATH_INFO is assigned extrapath/afile • SCRIPT_NAME is assigned cgi-bin/scriptname 2. Standard input (When the POST method is used) – – The data is given in the message body of the HTTP request Web server forwards message body to the script via the standard input stream 3. Command–line arguments – For example, to pass arg 1 and arg 2 to a script: <a href=http: //domain/cgi-bin/copy? arg 1+arg 2>

16 CGI Environment Variables • CGI environment variables are used to pass information about the context of execution. These variables are global, and accessible to all running programs • Programs -> programs • Variables are text strings (name and value pairs) • Can be classified into two major categories – Nonrequest specific – Request specific • Nonrequest-specific environment variables – These variables are set for all requests • SERVER_SOFTWARE The name and version of the information server software answering the request • SERVER_NAME The server's hostname, DNS alias, or IP address • GATEWAY_INTERFACE The revision of the CGI specification to which this server complies.

17 Request-specific environment variables (1) • These variables are set depending on the request being fulfilled by the CGI script: – SERVER_PROTOCOL The name and revision of the information protocol this request came in with. Format: protocol/revision – SERVER_PORT The port number to which the request was sent. – REQUEST_METHOD The method with which the request was made. For HTTP, this is "GET", "POST", etc. – PATH_INFO The extra path information, as given by the client. E. g. http: //www. usc. edu/cgi-bin/scriptname/extrapath/afile? input_data – PATH_TRANSLATED the PATH_INFO path translated into an absolute document path on the local system, which takes the path and does any virtual-to-physical mapping to it. – SCRIPT_NAME A the path and the name of the script being executed, as referenced in the URL. – QUERY_STRING The information which follows the ? that referenced this script.

18 Request-specific environment variables (2) – REMOTE_HOST The Internet domain name making the request. – REMOTE_ADDR The IP address of the remote host making the request. – AUTH_TYPE If the server supports user authentication, and the script is protects, this is the protocol-specific authentication method used to validate the user. – REMOTE_USER the username that server and script have authenticated. – REMOTE_IDENT the remote user name retrieved by the server using inetd identification (RFC 931), – CONTENT_TYPE For queries which have attached information, such as POST-method, this is the MIME-content type of the data. – CONTENT_LENGTH The length of the content as given by the client.

19 Perl script to display CGI environment variables #!/usr/bin/perl The use statement instructs Perl programs to 2 # Fig. 27. 11: fig 27_11. pl include the contents (e. g. , functions) of predefined 3 # Program to display CGI environment variables. packages called modules. The import tag 4 : standard imports a predefined set of standard 5 use CGI qw( : standard ); functions. 6 7 $dtd = 8 "-//W 3 C//DTD XHTML 1. 0 Transitional//EN" 9 "http: //www. w 3. org/TR/xhtml 1/DTD/xhtml 1 -transitional. dtd"; 10 The start_html function prints the document type definition for 11 print( header() ); this document, as well as several opening XHTML tags (<html>, 12 <head>, <title>, etc. , up to the opening <body> tag). 13 print( start_html( { dtd => $dtd, 14 title => "Environment Variables. . . " } ) ); 15

20 Perl script to display CGI environment variables, cont. 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 print( "<table style = "border: 0; padding: 2; font-weight: bold">" ); print( Tr( th( "Variable Name" ), th( "Value" ) ) ); print( Tr( td( hr() ), td( hr() ) ) ); foreach $variable ( sort( keys( %ENV ) ) ) { The %ENV hash is a built-in table in Perl that contains the names and values of all the environment variables. Function keys returns an unordered array containing all the keys in the %ENV hash. sort orders the array of keys alphabetically. The foreach loop iterates sequentially through the array returned by sort, repeatedly assigning the current key’s value to scalar $variable. print( Tr( td( { style => "background-color: #11 bbff" }, $variable ), td( { style => "font-size: 12 pt" }, Hash values are accessed using the syntax $hash. Name{ $ENV{ $variable } ) ) ); key. Name }. In this example, each key in hash %ENV is print( Tr( td( hr() ), td( hr() ) ) ); } print( "</table>" ); print( end_html() ); the name of an environment variable name (e. g. , HTTP_HOST). Function end_html returns the closing tags for the page (</body> and </html>).

21 Program Output

22 Introduction to DBI • Databases part of distributed applications – Divides work across multiple computers • Retrieves result set and displays results • Driver – Helps programs access databases – Each database can have different syntax – Each database requires its own driver • Interface – Provides uniform access to all database systems • Database interface – Programmatic library for accessing relational database

23 Perl Database Interface • Perl DBI – – Enables users to access relational databases from Perl programs Database independent Most widely used interface in Perl Uses handles (Fig. 22. 29) • Object-oriented interfaces • Driver handles, database handles, statement handles – Each connection into the database is identified by a handle whose methods are called by Perl scripts

24 My. SQL • Pronounced “My Ess Que Ell” • Robust and scalable RDBMS • Multiuser, multithreaded server – Performs multiple commands concurrently • Uses SQL to interact with data • Supports various programming languages – C, C++, Java, Python, Perl, PHP, etc • Supports various operating systems – Windows, Linux and Unix • Access multiple databases with single query

1 2 #!/usr/bin/perl # Fig. 27. 19: fig 27_19. pl 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 # Fig 27_19. pl 25 CGI program that generates a list of authors. use CGI qw( : standard ); use DBI; use DBD: : mysql; The Perl DBI module and the My. SQL driver, DBD: : mysql are required. $dtd = "-//W 3 C//DTD XHTML 1. 0 Transitional//EN" "http: //www. w 3. org/TR/xhtml 1/DTD/xhtml 1 -transitional. dtd"; print( header() ); print( start_html( { dtd => $dtd, title => "Authors" } ) ); # connect to "books" database, no password needed $database. Handle = DBI->connect( "DBI: mysql: books", "root", "", { Raise. Error => 1 } ); # retrieve the names and IDs of all authors $query = "SELECT First. Name, Last. Name, Author. ID FROM Authors ORDER BY Last. Name"; # prepare the query for execution, then execute it # a prepared query can be executed multiple times $statement. Handle = $database. Handle->prepare( $query ); $statement. Handle->execute(); print( h 2( "Choose an author: " ) ); print( start_form( { action => 'fig 27_20. pl' } ) ); print( "<select name = "author">n" ); Connect to the database by calling DBI method connect. If the connection succeeds, function connect returns a database handle that is assigned to $database. Handle. The database handle is used to prepare the query (using the method prepare). This method prepares the database driver for a statement, which can be executed multiple times. Method executes the query.

36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 Fig 27_19. pl # drop-down list contains the author and ID number # fetchrow_array returns a single row from the result while ( @row = $statement. Handle->fetchrow_array() ) { print( "<option>" ); print( "$row[ 2 ]. $row[ 1 ], $row[ 0 ]" ); print( "</option>" ); } Method fetchrow_array accesses the results of the query. Each call to this function returns the next set of data in the resulting table until there are no data sets left. Each row is returned as an array and assigned to @row. print( "</select>n" ); print( submit( { value => 'Get Info' } ) ); print( end_form(), end_html() ); # close the statement and database handles $database. Handle->disconnect(); $statement. Handle->finish(); Program Output Each value is printed as a list option. Close the database connection (using method disconnect), and specify that the query is finished by calling method finish 26