Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 9 Using Perl for CGI Programming.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley

Chapter 9Using Perl

for CGI Programming

9-2Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley

9.1 The Common Gateway Interface

• Computation is required to support sophisticated web applications

• Computation can be done by the server or the client (browser) or both

• The Common Gateway Interface (CGI) is a protocol describing a standard way of providing server-side active web content• Under circumstances determined by the server, an HTTP request will

cause a program to run

• The output from the program will be the response returned to the client making the request

• Data from forms will be encoded in a request sent do the server• This data can be used by a CGI program


9.1 Other Approaches

• ASP.NET from Microsoft• Executable code embedded in web pages

• Java Servlets and Java Server Pages• Servlets are executable code in Java

• Java server pages (JSP) are executable code embedded in web pages


9.2 CGI Linkage

• There are several common ways a web server can use to determine if a web request should cause a CGI program to execute

• Usually, the determination is based on the target of the request• Certain directories can be designated as containing CGI programs

• Often cgi-bin is used

• Certain file extensions can be designated as signifying a CGI program• .pl usually identifies a Perl script


9.2 CGI Linkage

• A request for a CGI program to executed can be made with a simple link (<a> tag in HTML)• This method is limited

• Any data sent must be hard-coded into the link

• The usual way for invoking CGI programs is through the action attribute of a form• Data from the form is then encoded and sent with the request


9.2 CGI Program Action

• The CGI program generally creates the response by sending output to the standard output stream• Using print in Perl

• The CGI program will usually have to provide the content-type header• Content-type: text/html

• This will be the last line of the response headers and must be followed by a blank line

• The rest of the response is created by printing the HTML code desired to standard output


9.3 Query String Format

• Both GET and POST requests under HTTP can be used to carry form data from the browser to the server

• The data is formatted into a query string

• Each form of request includes the information in a different way• In a GET request, the query string is appended to the URL of the

request, with a question mark used to separate it from the first part of the URL

• In a POST request, the query string is sent as the data part of the request

• In both cases, the query string is formatted the same


9.3 Query String Format

• Each unit of data sent is encoded as

name = value• The name is usually the value of a name attribute of a form widget

• The value is the string representation of the widget value

• Several units are combined by separating them with ampersands, &

• Special characters in name and value are encoded• The code is a percent sign, %, followed by the hexadecimal code for the

character

• A space is encoded as %20

• Some browsers will encode spaces as +


9.3 Query String Access

• When the POST method is used, the query string can be read from standard input• The CONTENT_LENGTH environment variable tells how many characters

can be read

• When The GET method is used, the query string is given by the value of the environment variable QUERY_STRING


9.4 The CGI.pm Module

• Writing a CGI program from scratch is very tedious• Creating HTML requires numerous print statements

• Retrieving data from the query strings is tricky

• One of the reasons for Perl’s popularity for CGI programming is the powerful pattern matching facilities which greatly ease the task of parsing a query string

• The Perl module CGI.pm provides numerous functions to help with both of these problems


9.4 Shortcut Functions in CGI.pm

• Shortcut functions return string values containing HTML code• Note, the string must be printed out to actually become part of the

response

• Some functions take no arguments

print br;

puts the tag <br/> into the response

• Some functions can be given a single argument which becomes the content of the tag

print h1(“A Header”)

puts

<h1>A Header</h1>

into the response


9.4 Tag Attributes in Shortcut Functions

• Attributes for tags are provided as attribute/value pairs in the argument list of the shortcut function• The arguments are provided in the form of a literal hash

• Attribute names are preceded by a hyphen, -

print textarea(-name => "Description",

-rows => "2",

-cols => "35");

produces this in the response

<textarea name="Description" rows="2" cols="35">

</textarea>


9.4 Attributes and Content

• Attributes and content can both be provided to a shortcut by giving the attributes explicitly as a hash reference

print a({-href => "fruit.html"},

Press here for fruit descriptions");

produces this in the response

<a href="fruit.html"> Press here for fruit descriptions </a>

• If an array reference is provided for the content, a tag is created for each item, giving the tag all the specified attributes


9.4 More Shortcuts

• The head shortcut function provides a standard header

• The start_html function provides the beginning part of an HTML document, through the <body> start tag• The function takes one argument, the document title


9.4 Accessing Form Data

• The param function takes a name as an argument

• The function returns the value associated to the name, if any, in the request


9.4 A Complete Form Example

• The example includes an HTML page, popcorn.html, for placing an order

• Also it includes a Perl CGI program for processing the data, popcorn.cgi

• Note, to run this example, you must have a web server configured to run CGI programs, you cannot simply browse to the file on your local system


9.5 A Survey Example

• The survey example is keeps track of data from a simple survey

• There are three components• conelec.html presents the form and links

• conelec1.cgi processes a survey

• conelec2.cgi presents a summary of the results


9.5 Saving the Data

• A file is used to store a summary of the data

• The file is updated by conelec1.cgi after each survey is submitted• Care must be taken that two simultaneous requests do not interfere

with each other

• Both CGI programs will use the Perl flock function that will allow only one program at a time access to the file

• The file is accessed by coneclec2.cgi for each request for a summary


9.5 Table Shortcut Functions

• The Tr function will create a sequence of table rows from an argument that is a reference to a list• Tr is capitalized to distinguish it from the transliterate function tr

• Similarly, the th and td functions will produce a sequence of tags from a reference to a list


9.5 Table Example

• Note the period between the th and td function calls, this concatenates the results in order to make a single row

table({-border => "border"},caption("Sales Figures"),Tr(

[th(["Salesperson", "Mon", "Tues", “Wed", "Thu", "Fri"]),

th("Mary").td(\@marysales), th("Freddie").td(\@freddiesales),

th("Spot").td(\@spotsales),]

));


9.5 Table Example Results


9.6 Cookies

• HTTP is a stateless protocol, that is, the server treats each request as completely separate from any other

• This, however, makes some applications difficult• A shopping cart is an object that must be maintained across numerous

requests and responses

• The mechanism of cookies can be used to help maintain state by storing some information on the browser system

• A cookie is a key/value pair that is keyed to the domain of the server• This key/value pair is sent along with any request made by the browser

of the same server

• A cookie has a lifetime which specifies a time at which the cookie is deleted from the browser


9.6 Cookies and Security

• Cookies are only returned to the server that created them

• Cookies can be used to determine usage patterns that might not otherwise be ascertained by a server

• Browsers generally allow users to limit how cookies are used• Browsers usually allow users to remove all cookies currently stored by

the browser

• Systems that depend on cookies will fail if the browser refuses to store them


9.6 Cookie Functions

• The cookie function takes a hash with three keys for the name, value and expiration time of a cookie

• The cookie value produced by this function must be passed to the header function using the –cookie key

header(-cookie => $a_cookie)

• Calling the cookie function with no arguments produces a hash of all cookies from the current request

• The day_cookie.pl example illustrates using a cookie to store the last time the page was visited

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 9 Using Perl for CGI Programming.

Documents

pearson education

string slide

pearson addisonwesley

cgi program slide

request slide

request data

cgi programming slide

response slide