Chapter 9 Using Perl for CGI Programming Copyright

Chapter 9 Using Perl for CGI Programming Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley

9. 1 The Common Gateway Interface • Computation is required to support sophisticated web applications • Computation can be done by the server or the client (browser) or both • The Common Gateway Interface (CGI) is a protocol describing a standard way of providing server-side active web content • Under circumstances determined by the server, an HTTP request will cause a program to run • The output from the program will be the response returned to the client making the request • Data from forms will be encoded in a request sent do the server • This data can be used by a CGI program Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -2

9. 1 Other Approaches • ASP. NET from Microsoft • Executable code embedded in web pages • Java Servlets and Java Server Pages • Servlets are executable code in Java • Java server pages (JSP) are executable code embedded in web pages Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -3

9. 2 CGI Linkage • There are several common ways a web server can use to determine if a web request should cause a CGI program to execute • Usually, the determination is based on the target of the request • Certain directories can be designated as containing CGI programs • Often cgi-bin is used • Certain file extensions can be designated as signifying a CGI program • . pl usually identifies a Perl script • AT RU: Perl programs must be put in the cgi-bin directory and a cgiwrap syntax is used for their URL The cgi-bin directory should be created inside (below) the public_html directory in your RU account. /jcdavis/public_html/cgi-bin/firstperl. pl Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -4

9. 2 CGI Linkage • A request for a CGI program to executed can be made with a simple link (<a> tag in HTML) • This method is limited • Any data sent must be hard-coded into the link • At RU: The URL to use to call a perl program using an anchor tag in an html document would be: <a href="http: //www. radford. edu/ cgi-bin/cgiwrap? user=jcdavis &script=reply. pl"> Click here to run reply. pl</a> • The usual way for invoking CGI programs is through the action attribute of a form • Data from the form is then encoded and sent with the request Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -5

9. 2 CGI Program Action • The CGI program generally creates the response by sending output to the standard output stream • Using print in Perl • The CGI program will usually have to provide the content-type header • Content-type: text/html • This will be the last line of the response headers and must be followed by a blank line • The rest of the response is created by printing the HTML code desired to standard output Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -6

Print HTML Doc. #!/usr/local/gnu/bin/perl -# reply. pl – a CGI program that # returns a greeting to the user print "Content-type: text/html nn", "<html> <head> n", "<title> reply. pl example </title>", " </head> n", "<body> n", "<h 1> Greetings from your Web server!", " </h 1> n </body> </html> n"; • reply. html reply. pl Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -7

9. 3 Query String Format • Both GET and POST requests under HTTP can be used to carry form data from the browser to the server • The data is formatted into a query string • Each form of request includes the information in a different way • In a GET request, the query string is appended to the URL of the request, with a question mark used to separate it from the first part of the URL • In a POST request, the query string is sent as the data part of the request • In both cases, the query string is formatted the same Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -8

9. 3 Query String Format • Each unit of data sent is encoded as name = value • The name is usually the value of a name attribute of a form widget • The value is the string representation of the widget value • Several units are combined by separating them with ampersands, & • Special characters in name and value are encoded • The code is a percent sign, %, followed by the hexadecimal code for the character • A space is encoded as %20 • Some browsers will encode spaces as + Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -9

9. 3 Query String Access • When the POST method is used, the query string can be read from standard input • The CONTENT_LENGTH environment variable tells how many characters can be read • When The GET method is used, the query string is given by the value of the environment variable QUERY_STRING Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -10

9. 4 The CGI. pm Module • Writing a CGI program from scratch is very tedious • Creating HTML requires numerous print statements • Retrieving data from the query strings is tricky • One of the reasons for Perl’s popularity for CGI programming is the powerful pattern matching facilities which greatly ease the task of parsing a query string • The Perl module CGI. pm provides numerous functions to help with both of these problems Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -11

9. 4 Shortcut Functions in CGI. pm • Shortcut functions return string values containing HTML code • Note, the string must be printed out to actually become part of the response • Some functions take no arguments print br; puts the tag <br/> into the response • Some functions can be given a single argument which becomes the content of the tag print h 1(“A Header”) puts <h 1>A Header</h 1> into the response Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -12

9. 4 Tag Attributes in Shortcut Functions • Attributes for tags are provided as attribute/value pairs in the argument list of the shortcut function • The arguments are provided in the form of a literal hash • Attribute names are preceded by a hyphen, - print textarea(-name => "Description", -rows => "2", -cols => "35"); produces this in the response <textarea name="Description" rows="2" cols="35"> </textarea> Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -13

9. 4 Attributes and Content • Attributes and content can both be provided to a shortcut by giving the attributes explicitly as a hash reference print a({-href => "fruit. html"}, Press here for fruit descriptions"); produces this in the response <a href="fruit. html"> Press here for fruit descriptions </a> • If an array reference is provided for the content, a tag is created for each item, giving the tag all the specified attributes Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -14

9. 4 More Shortcuts • The head shortcut function provides a standard header • The start_html function provides the beginning part of an HTML document, through the <body> start tag • The function takes one argument, the document title Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -15

9. 4 Accessing Form Data • The param function takes a name as an argument • The function returns the value associated to the name, if any, in the request Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -16

9. 4 A Complete Form Example • The example includes an HTML page, popcorn. html, for placing an order • At RU: method=“post” • Also it includes a Perl CGI program for processing the data, popcorn. pl • Note, to run this example, you must have a web server configured to run CGI programs, you cannot simply browse to the file on your local system Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -17

9. 5 A Survey Example • The survey example is keeps track of data from a simple survey • There are three components • conelec. html presents the form and links • conelec 1. pl processes a survey • conelec 2. pl presents a summary of the results Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -18

9. 5 Saving the Data • A file is used to store a summary of the data • The file is updated by conelec 1. pl after each survey is submitted • Care must be taken that two simultaneous requests do not interfere with each other • Both CGI programs will use the Perl flock function that will allow only one program at a time access to the file • The file is accessed by coneclec 2. pl for each request for a summary Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -19

9. 5 Table Shortcut Functions • The Tr function will create a sequence of table rows from an argument that is a reference to a list • Tr is capitalized to distinguish it from the transliterate function tr • Similarly, the th and td functions will produce a sequence of tags from a reference to a list Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -20

9. 5 Table Example table({-border => "border"}, caption("Sales Figures"), Tr( [th(["Salesperson", "Mon", "Tues", “Wed", "Thu", "Fri"]), th("Mary"). td(@marysales), th("Freddie"). td(@freddiesales), th("Spot"). td(@spotsales), ] ) ); • Note the period between the th and td function calls, this concatenates the results in order to make a single row Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -21

9. 5 Table Example Results Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -22

9. 6 Cookies • HTTP is a stateless protocol, that is, the server treats each request as completely separate from any other • This, however, makes some applications difficult • A shopping cart is an object that must be maintained across numerous requests and responses • The mechanism of cookies can be used to help maintain state by storing some information on the browser system • A cookie is a key/value pair that is keyed to the domain of the server • This key/value pair is sent along with any request made by the browser of the same server • A cookie has a lifetime which specifies a time at which the cookie is deleted from the browser Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -23

9. 6 Cookies and Security • Cookies are only returned to the server that created them • Cookies can be used to determine usage patterns that might not otherwise be ascertained by a server • Browsers generally allow users to limit how cookies are used • Browsers usually allow users to remove all cookies currently stored by the browser • Systems that depend on cookies will fail if the browser refuses to store them Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -24

9. 6 Cookie Functions • The cookie function takes a hash with three keys for the name, value and expiration time of a cookie • The cookie value produced by this function must be passed to the header function using the –cookie key header(-cookie => $a_cookie) • Calling the cookie function with no arguments produces a hash of all cookies from the current request • The day_cookie. pl example illustrates using a cookie to store the last time the page was visited day_cookie. pl code Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -25

Perl Errors • It can be difficult to debug perl programs, because error messages are not returned to the browser • You can include the following to see the error messages. • simpleinput. html simpleerror. pl Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 9 -26