Modified from Moseley ’s sli desWeb Applications Development. Lecture 4 Slide 1 Lecture 4: Server-side Languages Instructor: Dr. Mohammad Anwar Hossain.

Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 1Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 1

Lecture 4: Server-side Languages

Instructor: Dr. Mohammad Anwar Hossain


Learning OutcomesLearning OutcomesIn this chapter, you will learn about:

◦The market for server-side Web development solutions is a crowded one, these days! Perl, ASP, PHP, JSP, Cold Fusion and many more specialized choices abound.

◦The choice of a server-side programming language is a constant source of heated debate on the Internet today.

◦For making advanced dynamic web sites, you need some kind of server side scripting. Server side scripts are programs that are executed on the server, and can be used in many clients.

Modified from Moseley’s slides Web Applications Development. Lecture 4 Slide 3

Review

• Had a look at basic protocols – HTTP• Looked at static web pages – HTML• Experimented with dynamic client-side scripting - JavaScript• Studied methods of capturing and transforming data - XML


Today

Overview of the Server-side

• Client-server architecture • Static to dynamic - why we need it• Development history• Server-side languages now available• Servers


Web Pages LayersWeb Pages LayersWeb pages have 3 layers…Structural/Content Layer (XHTML)◦The meat and potatoes

Presentational Layer (CSS)◦How things look; garnishing the meat and

potatoes on a pretty plateBehavioral Layer (JavaScript and

DOM)◦How websites behave; the meat can jump

off the plate if you want it to.


Client-side LanguagesClient-side Languages

User-agent (web browser) requests a web page

http request

http response

• Web page (with JavaScript) is sent to PC

• JavaScript is executed on PC

• Can affect the Browser and the page itself


Client-sideClient-sideWhat kind of things can you do with JavaScript?

Validating Form information, ◦i.e., making sure all the fields are

complete before submitting data back to the server

Modifying a web page based on Mouse Events.◦Can turn a web page into a user

interface with interactive buttons and controls


Server-side LanguagesServer-side Languages

User-agent (web browser) requests a web page

http request

• Server detects PHP code in page, executes the code, and sends the output to the user

http response

• Web page (with PHP Output) sent to PC

• User never sees the PHP, only the output

• Cannot affect the browser or client PC


Internet

Laptop

Apple Mac

PC

Web Server

HTTP ClientsHTTP Server

HTTP Over Internet (TCP/IP)

HTTP Protocol


Server-side Programming

Skills that are often required:• CGI• PHP• ASP• Perl• Java Servlet, …

Web ClientWeb Server

Internet

Client-side Programming

Skills that are often required:• XHTML• Javascript• Java• Dreamweaver• Flash• SMIL, XML …

Database

Server side and Client side Programming


ServerBrowser

Request

ReplyFile

System

Static Web Model


ServerBrowserRequest

Reply

FileSystem

Dynamic Web Model - Server-Side Includes (SSI), Active Server Pages (ASP), Java Server Pages (JSP), PHP Hypertext Processor (PHP), Perl …

OtherPrograms


Static to dynamic, a case study


Static to dynamic, a case study

This is the story of a fictional news site and how it evolved over time.


Version 1.0 (Static only)

• HTML and images only

• Large collection of news articles

• Good navigation in header and in footer


Version 1.1 (Dynamic, using SSI)

• Navigation headers and footers have to change on every page

• Converted to using Server-Side Includes (SSI) to avoid having to update every file the next time this happens.


SSI definedSSI defined

Server Side Includes (SSI) are HTML comment tags which contain commands directed at the Web server. The server carries out these commands not the browser. Not all servers react to SSI commands the same.


How SSI worksHow SSI worksWhen the server parses a document

it searches through the page, looking for special commands that it recognizes.

When it finds a command like “input today’s date, or insert this code snippet, it acts on the command and rewrites your web page for you.


How SSI worksHow SSI worksIf you want your document to be

parsed, you need to name the file with an extension of .shtml.

When the server loads any document that ends with .shtml, it knows that is has to check for hidden SSI commands first.


Server-Side Includes (SSI)

• Web server reads the file as it sends it out to the user’s web browser

• Looks for SSI instructions in the file and executes them, replacing the instruction with the output from the command

• Allows for simple header and footer includes but no programming logic


<head> <title>Example of SSI</title> </head>  <h1> Example of SSI </h1> The layout of this page is fully controlled by a common file. There are no BODY, COLOR or TABLE tags in this page.  </html>

where layout_top.html has <body bgcolor="red"><table> <tr> <td valign="top"> side bar</td> <td valign="top">

and layout_bottom.html has </td> </tr></table>

ServerSideInclude(SSI)

Example


Version 1.2 (Dynamic, with CGI)

• HTML form with user submissions

• CGI program to process submissions, send them to the editors of the site.– Retrieve data from CGI environment– Send mail to editors– Send redirect to user's web browser


Common Gateway Interface Common Gateway Interface (CGI)(CGI)

CGI stands for Common Gateway InterfaceCGI is a standard programming interface

to Web servers that allows building dynamic and interactive Web sites

CGI is not a programming language. ◦It is just a set of standards (protocols)◦The standards specify how Web-applications

can be executed on the server-side


Common Gateway Interface Common Gateway Interface (CGI)(CGI)CGI can be implemented

◦ in an interpreted language such as PERL ◦ in a compiled language such as C

Any program can be converted to a CGI program ◦ It just has to follow the CGI rules

The rules define ◦ How programs get and sends data (i.e.,

communication protocol) ◦ How to make sure Web server knows that a

program is a CGI program.


CGICGI

A CGI program is ◦Stored on the server, ◦Executed on the server, ◦Executed in response to request from client.

By running a CGI program, rather than delivering a static HTML page, the server can:◦Put dynamic and updated information on web

page (e.g., weather forecast, stocks price, product availability, etc…).

◦Respond appropriately to user input.◦Store user data on server-side in a file or DB.


Dynamic PagesDynamic Pages

Run CGI program………print $result

Return dynamically generated HTML file

Request service

<HEADER><BODY

</BODY>


Version 1.3 (User login, sessions)

• Optional user login ability added to site

• Session management required

• Some pages in web site have to detect if the user is logged in and behave differently

• Server-side scripting used, session management abilities built in


HTTP State and SessionHTTP State and Session

What is a session?◦ A serial of consecutive and related requests from and

responses to a single client, in a certain duration and scope

What is state?◦ State is the information to describe or identify a session at a

certain point of time◦ Stateful: each request/response can maintain its state at

different points of times Phone calls are stateful

◦ Stateless: each request/response cannot maintain its state at different points of times HTTP protocol is stateless, i.e., HTTP itself does not provide

mechanisms to maintain state information for each request/response. In other words, HTTP does not remember.


ApplicationsApplications

Where is session/state needed?◦User sign-in status◦A transaction involving multiple steps

(requests/responses), such as shopping (cart) multi-page survey or multi-page test auto insurance quote

◦User preferences, personalization, customization

◦…


Version 2.0

• Version 1.3 used 3 different technologies. (SSI, CGI program, server-side scripting)

• Everything can be done by one technology, server-side scripting.

• Converting the SSI pages (every page) to server-side scripting increases flexibility for additional features.

• PHP


Why use server-side scripting?

• Written for the Web• Libraries, APIs, interfaces for Web applications• Web page output is the focus, code is the

exception• Easy to pick up and start using immediately• As fast or faster than CGI programs and more

secure.


Which server-side language is best?

• Simply a question of what is best for your environment and what you need to be able to do with the language

• Comparative speed is irrelevant– Design of application the largest factor– Database or storage system speed next biggest

factor


Picking a language: Criteria

• Availability– A stable platform (server) to run it on– People who can write and maintain programs

using it

• Interoperability with other applications

• Security – Security reputation of the language, especially

with respect to applications or servers dealing with sensitive data


CGI servicing programsISAPI servicing programs(Internet Server API, programs which integrate with web server and therefore faster)

JavaScriptVBScript

Server-side Includes (SSI)Common Gateway Interface (CGI)Active Server Pages (ASPs)PHPJava Server Pages (JSPs)Perl

Web / Database Technologies

Client-side Processing

Server-side Processing

Compiled Programs

Server-side Scripts

Client-side Scripts

Downloading and running compiled programs on client

AppletsActiveX

Choices Server/Client Sides - overview


ServerBrowserRequest

Reply

FileSystem

Dynamic Web Model – Common Gateway Interface (CGI)(Security Problems?)

CGIProgram

OtherPrograms


PHP StrengthsPHP Strengths

High performance - see benchmarks at

http://www.zend.com Interfaces to different database systems Low cost Various packages include Apache, PHP

and MySQL for many OSEase of learning and use Portability


PHP 4 Architecture

Language parser = self-contained component called The Zend Engine.PHP function modules, now called PHP extensions, are also basically self-contained.Web server abstraction layer called SAPI that greatly simplifies the task of adding native support for new Web servers.

PHP 4's architecture:Top border of the figure represents the programmer's interface (meaning all except for the Web server):


Server Choice - Web Servers

• Use such protocols as HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol) and SMTP (Simple Mail Transfer Protocol)

• The Web Server, using HTTP, accepts HTTP requests from Web Browsers (Internet Explorer, Netscape, Opera etc.) and returns the requested HTML pages, images, embedded Java applets etc

• This can be enhanced by a number of server-side (running on the Web Server) technologies.

• These include CGI scripts, server-side includes, SSL security, Java servlets, ASP etc.


Web Servers

• Although a Web Server may be considered a network server, it has unique web networking features:– Handles permissions– Executes programs– Keeps track of directories and files– Communicates with client computers

• A server may be a powerful PC, a minicomputer or even a mainframe.

• Many Web Servers run on the UNIX operating system (60%), although a fair number use Microsoft’s NT OS (40%) – ZD Net Tech InfoBase


Apache Web Server

• The leading UNIX web server (therefore most common to be found on the Internet)

• It is a high performance HTTPD (HTTP daemon) server – A daemon is a background process in UNIX which implements the server-side of a protocol

• HTTPD is the program you would run on a UNIX platform to start the web server

• Apache Web Server - developed by the Apache Group. UNIX and Windows).

• Tools, languages and modules available; SSL (port 443)• Versions 1.3 and 2.0• http://www.apache.org


Microsoft IIS

• IIS = Internet Information Server• Extends Windows NT Server to Intranet and Internet • Works closely with NT Services, Security and Monitoring• Adds – WWW Service, Gopher, FTP, Internet Service Manager (admin tools),

Internet Database Connector (IDC), Secure Socket Layer (SSL)• IIS 2.0 is part of NT 4.0, IIS 5 is part of Windows 2000• http://www.microsoft.com/ntserver/Basics/WebServices/• Provides full Intranet and Internet capabilities, from publishing information to

access to data stored in databases• Supports CGI (Common Gateway Interface) – although with poor memory

management


Summary

• Architectures and protocols• Static serving to dynamic• Case history of an application• Server-side languages reviewed• Which server? http://www.w3.org/Servers.html


Next

• Introduction to PHP

Modified from Moseley ’s sli desWeb Applications Development. Lecture 4 Slide 1 Lecture 4: Server-side Languages Instructor: Dr. Mohammad Anwar Hossain.

Documents