Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Chapter 9Using Perl
for CGI Programming
9-2Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.1 The Common Gateway Interface
• Computation is required to support sophisticated web applications
• Computation can be done by the server or the client (browser) or both
• The Common Gateway Interface (CGI) is a protocol describing a standard way of providing server-side active web content• Under circumstances determined by the server, an HTTP request will
cause a program to run
• The output from the program will be the response returned to the client making the request
• Data from forms will be encoded in a request sent do the server• This data can be used by a CGI program
9-3Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.1 Other Approaches
• ASP.NET from Microsoft• Executable code embedded in web pages
• Java Servlets and Java Server Pages• Servlets are executable code in Java
• Java server pages (JSP) are executable code embedded in web pages
9-4Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.2 CGI Linkage
• There are several common ways a web server can use to determine if a web request should cause a CGI program to execute
• Usually, the determination is based on the target of the request• Certain directories can be designated as containing CGI programs
• Often cgi-bin is used
• Certain file extensions can be designated as signifying a CGI program• .pl usually identifies a Perl script
9-5Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.2 CGI Linkage
• A request for a CGI program to executed can be made with a simple link (<a> tag in HTML)• This method is limited
• Any data sent must be hard-coded into the link
• The usual way for invoking CGI programs is through the action attribute of a form• Data from the form is then encoded and sent with the request
9-6Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.2 CGI Program Action
• The CGI program generally creates the response by sending output to the standard output stream• Using print in Perl
• The CGI program will usually have to provide the content-type header• Content-type: text/html
• This will be the last line of the response headers and must be followed by a blank line
• The rest of the response is created by printing the HTML code desired to standard output
9-7Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.3 Query String Format
• Both GET and POST requests under HTTP can be used to carry form data from the browser to the server
• The data is formatted into a query string
• Each form of request includes the information in a different way• In a GET request, the query string is appended to the URL of the
request, with a question mark used to separate it from the first part of the URL
• In a POST request, the query string is sent as the data part of the request
• In both cases, the query string is formatted the same
9-8Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.3 Query String Format
• Each unit of data sent is encoded as
name = value• The name is usually the value of a name attribute of a form widget
• The value is the string representation of the widget value
• Several units are combined by separating them with ampersands, &
• Special characters in name and value are encoded• The code is a percent sign, %, followed by the hexadecimal code for the
character
• A space is encoded as %20
• Some browsers will encode spaces as +
9-9Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.3 Query String Access
• When the POST method is used, the query string can be read from standard input• The CONTENT_LENGTH environment variable tells how many characters
can be read
• When The GET method is used, the query string is given by the value of the environment variable QUERY_STRING
9-10Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.4 The CGI.pm Module
• Writing a CGI program from scratch is very tedious• Creating HTML requires numerous print statements
• Retrieving data from the query strings is tricky
• One of the reasons for Perl’s popularity for CGI programming is the powerful pattern matching facilities which greatly ease the task of parsing a query string
• The Perl module CGI.pm provides numerous functions to help with both of these problems
9-11Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.4 Shortcut Functions in CGI.pm
• Shortcut functions return string values containing HTML code• Note, the string must be printed out to actually become part of the
response
• Some functions take no arguments
print br;
puts the tag <br/> into the response
• Some functions can be given a single argument which becomes the content of the tag
print h1(“A Header”)
puts
<h1>A Header</h1>
into the response
9-12Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.4 Tag Attributes in Shortcut Functions
• Attributes for tags are provided as attribute/value pairs in the argument list of the shortcut function• The arguments are provided in the form of a literal hash
• Attribute names are preceded by a hyphen, -
print textarea(-name => "Description",
-rows => "2",
-cols => "35");
produces this in the response
<textarea name="Description" rows="2" cols="35">
</textarea>
9-13Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.4 Attributes and Content
• Attributes and content can both be provided to a shortcut by giving the attributes explicitly as a hash reference
print a({-href => "fruit.html"},
Press here for fruit descriptions");
produces this in the response
<a href="fruit.html"> Press here for fruit descriptions </a>
• If an array reference is provided for the content, a tag is created for each item, giving the tag all the specified attributes
9-14Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.4 More Shortcuts
• The head shortcut function provides a standard header
• The start_html function provides the beginning part of an HTML document, through the <body> start tag• The function takes one argument, the document title
9-15Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.4 Accessing Form Data
• The param function takes a name as an argument
• The function returns the value associated to the name, if any, in the request
9-16Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.4 A Complete Form Example
• The example includes an HTML page, popcorn.html, for placing an order
• Also it includes a Perl CGI program for processing the data, popcorn.cgi
• Note, to run this example, you must have a web server configured to run CGI programs, you cannot simply browse to the file on your local system
9-17Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.5 A Survey Example
• The survey example is keeps track of data from a simple survey
• There are three components• conelec.html presents the form and links
• conelec1.cgi processes a survey
• conelec2.cgi presents a summary of the results
9-18Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.5 Saving the Data
• A file is used to store a summary of the data
• The file is updated by conelec1.cgi after each survey is submitted• Care must be taken that two simultaneous requests do not interfere
with each other
• Both CGI programs will use the Perl flock function that will allow only one program at a time access to the file
• The file is accessed by coneclec2.cgi for each request for a summary
9-19Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.5 Table Shortcut Functions
• The Tr function will create a sequence of table rows from an argument that is a reference to a list• Tr is capitalized to distinguish it from the transliterate function tr
• Similarly, the th and td functions will produce a sequence of tags from a reference to a list
9-20Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.5 Table Example
• Note the period between the th and td function calls, this concatenates the results in order to make a single row
table({-border => "border"},caption("Sales Figures"),Tr(
[th(["Salesperson", "Mon", "Tues", “Wed", "Thu", "Fri"]),
th("Mary").td(\@marysales), th("Freddie").td(\@freddiesales),
th("Spot").td(\@spotsales),]
));
9-21Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.5 Table Example Results
9-22Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.6 Cookies
• HTTP is a stateless protocol, that is, the server treats each request as completely separate from any other
• This, however, makes some applications difficult• A shopping cart is an object that must be maintained across numerous
requests and responses
• The mechanism of cookies can be used to help maintain state by storing some information on the browser system
• A cookie is a key/value pair that is keyed to the domain of the server• This key/value pair is sent along with any request made by the browser
of the same server
• A cookie has a lifetime which specifies a time at which the cookie is deleted from the browser
9-23Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.6 Cookies and Security
• Cookies are only returned to the server that created them
• Cookies can be used to determine usage patterns that might not otherwise be ascertained by a server
• Browsers generally allow users to limit how cookies are used• Browsers usually allow users to remove all cookies currently stored by
the browser
• Systems that depend on cookies will fail if the browser refuses to store them
9-24Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
9.6 Cookie Functions
• The cookie function takes a hash with three keys for the name, value and expiration time of a cookie
• The cookie value produced by this function must be passed to the header function using the –cookie key
header(-cookie => $a_cookie)
• Calling the cookie function with no arguments produces a hash of all cookies from the current request
• The day_cookie.pl example illustrates using a cookie to store the last time the page was visited