Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 1 Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 1 Lecture 4: Server-side Languages Instructor: Dr. Mohammad Anwar Hossain
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 1Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 1
Lecture 4: Server-side Languages
Instructor: Dr. Mohammad Anwar Hossain
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 2Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 2
Learning OutcomesLearning OutcomesIn this chapter, you will learn about:
◦The market for server-side Web development solutions is a crowded one, these days! Perl, ASP, PHP, JSP, Cold Fusion and many more specialized choices abound.
◦The choice of a server-side programming language is a constant source of heated debate on the Internet today.
◦For making advanced dynamic web sites, you need some kind of server side scripting. Server side scripts are programs that are executed on the server, and can be used in many clients.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 3
Review
• Had a look at basic protocols – HTTP• Looked at static web pages – HTML• Experimented with dynamic client-side scripting - JavaScript• Studied methods of capturing and transforming data - XML
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 4
Today
Overview of the Server-side
• Client-server architecture • Static to dynamic - why we need it• Development history• Server-side languages now available• Servers
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 5Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 5
Web Pages LayersWeb Pages LayersWeb pages have 3 layers…Structural/Content Layer (XHTML)◦The meat and potatoes
Presentational Layer (CSS)◦How things look; garnishing the meat and
potatoes on a pretty plateBehavioral Layer (JavaScript and
DOM)◦How websites behave; the meat can jump
off the plate if you want it to.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 6Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 6
Client-side LanguagesClient-side Languages
User-agent (web browser) requests a web page
http request
http response
• Web page (with JavaScript) is sent to PC
• JavaScript is executed on PC
• Can affect the Browser and the page itself
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 7Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 7
Client-sideClient-sideWhat kind of things can you do with JavaScript?
Validating Form information, ◦i.e., making sure all the fields are
complete before submitting data back to the server
Modifying a web page based on Mouse Events.◦Can turn a web page into a user
interface with interactive buttons and controls
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 8Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 8
Server-side LanguagesServer-side Languages
User-agent (web browser) requests a web page
http request
• Server detects PHP code in page, executes the code, and sends the output to the user
http response
• Web page (with PHP Output) sent to PC
• User never sees the PHP, only the output
• Cannot affect the browser or client PC
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 9
Internet
Laptop
Apple Mac
PC
Web Server
HTTP ClientsHTTP Server
HTTP Over Internet (TCP/IP)
HTTP Protocol
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 10
Server-side Programming
Skills that are often required:• CGI• PHP• ASP• Perl• Java Servlet, …
Web ClientWeb Server
Internet
Client-side Programming
Skills that are often required:• XHTML• Javascript• Java• Dreamweaver• Flash• SMIL, XML …
Database
Server side and Client side Programming
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 11
ServerBrowser
Request
ReplyFile
System
Static Web Model
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 12
ServerBrowserRequest
Reply
FileSystem
Dynamic Web Model - Server-Side Includes (SSI), Active Server Pages (ASP), Java Server Pages (JSP), PHP Hypertext Processor (PHP), Perl …
OtherPrograms
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 13
Static to dynamic, a case study
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 14
Static to dynamic, a case study
This is the story of a fictional news site and how it evolved over time.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 15
Version 1.0 (Static only)
• HTML and images only
• Large collection of news articles
• Good navigation in header and in footer
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 16
Version 1.1 (Dynamic, using SSI)
• Navigation headers and footers have to change on every page
• Converted to using Server-Side Includes (SSI) to avoid having to update every file the next time this happens.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 17Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 17
SSI definedSSI defined
Server Side Includes (SSI) are HTML comment tags which contain commands directed at the Web server. The server carries out these commands not the browser. Not all servers react to SSI commands the same.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 18Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 18
How SSI worksHow SSI worksWhen the server parses a document
it searches through the page, looking for special commands that it recognizes.
When it finds a command like “input today’s date, or insert this code snippet, it acts on the command and rewrites your web page for you.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 19Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 19
How SSI worksHow SSI worksIf you want your document to be
parsed, you need to name the file with an extension of .shtml.
When the server loads any document that ends with .shtml, it knows that is has to check for hidden SSI commands first.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 20
Server-Side Includes (SSI)
• Web server reads the file as it sends it out to the user’s web browser
• Looks for SSI instructions in the file and executes them, replacing the instruction with the output from the command
• Allows for simple header and footer includes but no programming logic
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 21
<head> <title>Example of SSI</title> </head> <!--#include file="layout_top.html"--> <h1> Example of SSI </h1> The layout of this page is fully controlled by a common file. There are no BODY, COLOR or TABLE tags in this page. <!--#include file="layout_bottom.html"--> </html>
where layout_top.html has <body bgcolor="red"><table> <tr> <td valign="top"> side bar</td> <td valign="top">
and layout_bottom.html has </td> </tr></table>
ServerSideInclude(SSI)
Example
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 22
Version 1.2 (Dynamic, with CGI)
• HTML form with user submissions
• CGI program to process submissions, send them to the editors of the site.– Retrieve data from CGI environment– Send mail to editors– Send redirect to user's web browser
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 23Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 23
Common Gateway Interface Common Gateway Interface (CGI)(CGI)
CGI stands for Common Gateway InterfaceCGI is a standard programming interface
to Web servers that allows building dynamic and interactive Web sites
CGI is not a programming language. ◦It is just a set of standards (protocols)◦The standards specify how Web-applications
can be executed on the server-side
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 24Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 24
Common Gateway Interface Common Gateway Interface (CGI)(CGI)CGI can be implemented
◦ in an interpreted language such as PERL ◦ in a compiled language such as C
Any program can be converted to a CGI program ◦ It just has to follow the CGI rules
The rules define ◦ How programs get and sends data (i.e.,
communication protocol) ◦ How to make sure Web server knows that a
program is a CGI program.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 25Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 25
CGICGI
A CGI program is ◦Stored on the server, ◦Executed on the server, ◦Executed in response to request from client.
By running a CGI program, rather than delivering a static HTML page, the server can:◦Put dynamic and updated information on web
page (e.g., weather forecast, stocks price, product availability, etc…).
◦Respond appropriately to user input.◦Store user data on server-side in a file or DB.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 26
Dynamic PagesDynamic Pages
Run CGI program………print $result
Return dynamically generated HTML file
Request service
<HEADER><BODY
</BODY>
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 27
Version 1.3 (User login, sessions)
• Optional user login ability added to site
• Session management required
• Some pages in web site have to detect if the user is logged in and behave differently
• Server-side scripting used, session management abilities built in
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 28Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 28
HTTP State and SessionHTTP State and Session
What is a session?◦ A serial of consecutive and related requests from and
responses to a single client, in a certain duration and scope
What is state?◦ State is the information to describe or identify a session at a
certain point of time◦ Stateful: each request/response can maintain its state at
different points of times Phone calls are stateful
◦ Stateless: each request/response cannot maintain its state at different points of times HTTP protocol is stateless, i.e., HTTP itself does not provide
mechanisms to maintain state information for each request/response. In other words, HTTP does not remember.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 29Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 29
ApplicationsApplications
Where is session/state needed?◦User sign-in status◦A transaction involving multiple steps
(requests/responses), such as shopping (cart) multi-page survey or multi-page test auto insurance quote
◦User preferences, personalization, customization
◦…
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 30
Version 2.0
• Version 1.3 used 3 different technologies. (SSI, CGI program, server-side scripting)
• Everything can be done by one technology, server-side scripting.
• Converting the SSI pages (every page) to server-side scripting increases flexibility for additional features.
• PHP
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 31
Why use server-side scripting?
• Written for the Web• Libraries, APIs, interfaces for Web applications• Web page output is the focus, code is the
exception• Easy to pick up and start using immediately• As fast or faster than CGI programs and more
secure.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 32
Which server-side language is best?
• Simply a question of what is best for your environment and what you need to be able to do with the language
• Comparative speed is irrelevant– Design of application the largest factor– Database or storage system speed next biggest
factor
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 33
Picking a language: Criteria
• Availability– A stable platform (server) to run it on– People who can write and maintain programs
using it
• Interoperability with other applications
• Security – Security reputation of the language, especially
with respect to applications or servers dealing with sensitive data
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 34
CGI servicing programsISAPI servicing programs(Internet Server API, programs which integrate with web server and therefore faster)
JavaScriptVBScript
Server-side Includes (SSI)Common Gateway Interface (CGI)Active Server Pages (ASPs)PHPJava Server Pages (JSPs)Perl
Web / Database Technologies
Client-side Processing
Server-side Processing
Compiled Programs
Server-side Scripts
Client-side Scripts
Downloading and running compiled programs on client
AppletsActiveX
Choices Server/Client Sides - overview
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 35
ServerBrowserRequest
Reply
FileSystem
Dynamic Web Model – Common Gateway Interface (CGI)(Security Problems?)
CGIProgram
OtherPrograms
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 36Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 36
PHP StrengthsPHP Strengths
High performance - see benchmarks at
http://www.zend.com Interfaces to different database systems Low cost Various packages include Apache, PHP
and MySQL for many OSEase of learning and use Portability
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 37
PHP 4 Architecture
Language parser = self-contained component called The Zend Engine.PHP function modules, now called PHP extensions, are also basically self-contained.Web server abstraction layer called SAPI that greatly simplifies the task of adding native support for new Web servers.
PHP 4's architecture:Top border of the figure represents the programmer's interface (meaning all except for the Web server):
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 38
Server Choice - Web Servers
• Use such protocols as HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol) and SMTP (Simple Mail Transfer Protocol)
• The Web Server, using HTTP, accepts HTTP requests from Web Browsers (Internet Explorer, Netscape, Opera etc.) and returns the requested HTML pages, images, embedded Java applets etc
• This can be enhanced by a number of server-side (running on the Web Server) technologies.
• These include CGI scripts, server-side includes, SSL security, Java servlets, ASP etc.
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 39
Web Servers
• Although a Web Server may be considered a network server, it has unique web networking features:– Handles permissions– Executes programs– Keeps track of directories and files– Communicates with client computers
• A server may be a powerful PC, a minicomputer or even a mainframe.
• Many Web Servers run on the UNIX operating system (60%), although a fair number use Microsoft’s NT OS (40%) – ZD Net Tech InfoBase
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 40
Apache Web Server
• The leading UNIX web server (therefore most common to be found on the Internet)
• It is a high performance HTTPD (HTTP daemon) server – A daemon is a background process in UNIX which implements the server-side of a protocol
• HTTPD is the program you would run on a UNIX platform to start the web server
• Apache Web Server - developed by the Apache Group. UNIX and Windows).
• Tools, languages and modules available; SSL (port 443)• Versions 1.3 and 2.0• http://www.apache.org
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 41
Microsoft IIS
• IIS = Internet Information Server• Extends Windows NT Server to Intranet and Internet • Works closely with NT Services, Security and Monitoring• Adds – WWW Service, Gopher, FTP, Internet Service Manager (admin tools),
Internet Database Connector (IDC), Secure Socket Layer (SSL)• IIS 2.0 is part of NT 4.0, IIS 5 is part of Windows 2000• http://www.microsoft.com/ntserver/Basics/WebServices/• Provides full Intranet and Internet capabilities, from publishing information to
access to data stored in databases• Supports CGI (Common Gateway Interface) – although with poor memory
management
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 42
Summary
• Architectures and protocols• Static serving to dynamic• Case history of an application• Server-side languages reviewed• Which server? http://www.w3.org/Servers.html
Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 43
Next
• Introduction to PHP