Another CGI

Python

Another CGI

Strings• Single and double quotes interchangeable• Triple quotes (""") allow multi-line literal quoting• Escaping of \n, %, etc by default• Prefix r can be used for regexps, r'[a-z].*'• Any variable can be converted to a string with str(v). Can go back with int(s), float(s)

• Strings operations:– Concatenation with +, repeating with *– Length with len()– Substrings with []. Interesting index options.

– Special boolean operator in

String Methods

• count

• find

• isdigit

• upper, lower

• rjust, ljust

• strip

• replace

Tuples and Lists

• Tuples store a set of elements. Syntax:– foo = ("Korn", "Jeff")

• Lists also store elements but unlike tuples can be modified (thus cheaper). Syntax:– foo = ["Korn", "Jeff"]– foo[1] = "Jeffrey"

• List operations:– append, extend, +, *, len, index, in, pop, sort,

reverse, join, etc.

• Be careful about references!

Dictionary

• Dictionaries are associative arrays (arrays indexed by string or number). Values can be any object.

• Syntax:– student = {'name' : 'Guido', 'score': 95 }

• Operations:– has_key, keys, values, len, get, copy, update

• Example:print student['name']

Statements• Standard if, then, else

• While loops

if person == 'Korn': status = 'teacher'elif person == 'Cano' status = 'yankee'else: status = 'unknown'print person, status

while n <= 20: s.append(' ') n += 2 if magic: break

a, b = 0, 1while b < 100: print b a, b = b, a + b

for loops

• Similar to shell:

• To do c-style loops, use special function range:

• Also: xrange

for val in ["foo", "bar", "baz"]: print "Hello %s" % val

for val in range(5, 20, 2): print val# prints 5, 7, 9 ... 19

Exceptions

• Run-time errors are possible with Python, but they can be caught with try-except:

• You can also use: raise, finally

try: n = float(inputstring) m = n * 2except ValueError, msg: print msg# will print: invalid literal for float(): foo

Functions• Defined with def:

• Types not needed

• Arguments can have defaults:

• Variables in functions are local– global changes this

• return used to return values

def my_func(foo, bar): print foo + bar

def my_func(foo, bar=12): print foo + barmy_func(3)15my_func(3, bar=3)

Modules

• Python modules are libraries of reusable code with specific functionalities

• Standard modules are distributed with Python to do a variety of things.

• Modules names are unique, but functions in modules don't conflict with other modules.

• Modules can have sub-modules.

Using Modules

• Include modules in your program with use, e.g. import math incorporates the math module

import mathprint math.log(4906, 2)12.0

print math.sqrt(100)10

Important modules• sys

– sys.argv, sys.path, sys.platform, sys.exit, sys.stdin, sys.stderr, sys.stdout

• os– os.getcwd, os.environ, os.chdir, os.listdir,

os.mkdir, os.rmdir, os.remove, os.system, os.popen, os.getpid

• os.path– os.path.abspath, os.path.dirname,

os.path.basename, os.path.join, os.path.split, os.isfile, os.isdir

HTTP

• Protocol for the Web• Client-server model

– Client (user agent) is typically web browser (e.g. Firefox)

– Server is web server (e.g. Apache)

• Client request a resource identified by URLs– e.g. http://cs.nyu.edu/csweb/index.html

Apache HTTP Server

• Open source HTTP (Web) server

• Most popular web server since 1996

• The “A” in LAMP

• Part of Apache Software Foundation– Other projects: Ant, Hadoop, Tomcat,

SpamAssassin, …

HTTP Transactions• HTTP request to web server

GET /v40images/nyu.gif HTTP/1.1Host: www.nyu.edu

• HTTP response to web clientHTTP/1.1 200 OKContent-type: image/gifContent-length: 3210

HTML Example

<html><head><title>Some Document</title></head><body><h2>Some Topics</h2>This is an HTML document<p>This is another paragraph</body></html>

HTML

• File format that describes a webpage

• Can be written by hand, or generated by a program

• A good way to generate a HTML file is by writing a shell or Perl script

Gateways

• Interface between resource and a web server

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture. Web Server resourceGatewayHTTP

CGI

• Common Gateway Interface - a standard interface for running helper applications to generate dynamic contents– Specify the encoding of data passed to programs

• Allow HTML documents to be created on the fly• Transparent to clients

– Client sends regular HTTP request– Web server receives HTTP request, runs CGI program,

and sends contents back in HTTP responses

• CGI programs can be written in any language

How CGI Works

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

Web Server

ScriptDocument

HTTP request

HTTP responsespawn process

Forms

• HTML forms are used to collect user input• Data sent via HTTP request• Server launches CGI script to process data

<form method=POST action=“http://cs.nyu.edu/~unixtool/cgi-bin/search.cgi”>

Enter your query: <input type=text name=Search><input type=submit></form>

Input Types

• Text Field<input type=text name=zipcode>

• Radio Buttons<input type=radio name=size value=“S”> Small<input type=radio name=size value=“M”> Medium<input type=radio name=size value=“L”> Large

• Checkboxes<input type=checkbox name=extras value=“lettuce”> Lettuce<input type=checkbox name=extras value=“tomato”> Tomato

• Text Area<textarea name=address cols=50 rows=4>…</textarea>

Submit Button

• Submits the form for processing by the CGI script specified in the form tag

<input type=submit value=“Submit Order”>

HTTP Methods

• Determine how form data are sent to web server

• Two methods:– GET

• Form variables stored in URL

– POST• Form variables sent as content of HTTP request

Encoding Form Values

• Browser sends form variable as name-value pairs– name1=value1&name2=value2&name3=value3

• Names are defined in form elements– <input type=text name=ssn maxlength=9>

• Special characters are replaced with %## (2-digit hex number), spaces replaced with +– e.g. “10/20 Wed” is encoded as “10%2F20+Wed”

GET/POST examples

GET:

GET /cgi-bin/myscript.pl?name=Bill%20Gates&company=Microsoft HTTP/1.1

HOST: www.cs.nyu.edu

POST:

POST /cgi-bin/myscript.pl HTTP/1.1

HOST: www.cs.nyu.edu

…other headers…

name=Bill%20Gates&company=Microsoft

GET or POST?

• GET method for– Retrieving information, e.g. from a database– A “safe” method - no action taken other than retrieval– Embedding data in URL without form element

• POST method for– Forms with many fields or long fields– Sending data for updating database, posting to bulletin

board, etc.

• GET requests may be cached by clients browsers or proxies, but not POST requests

Parsing Form Input

• Method stored in HTTP_METHOD• GET: Data encoded into QUERY_STRING• POST: Data in standard input (from body of

request)• Most scripts parse input into an associative

array– Parse it yourself, or– Use available libraries (e.g. Perl CGI module)

CGI Environment Variables• DOCUMENT_ROOT• HTTP_HOST• HTTP_REFERER• HTTP_USER_AGENT• HTTP_COOKIE• REMOTE_ADDR• REMOTE_HOST• REMOTE_USER• REQUEST_METHOD• SERVER_NAME• SERVER_PORT

Example: Comment Form

Part 1: HTML Form<html><center><H1>Anonymous Comment Submission</H1></center>Please enter your comment below which willbe sent anonymously to <tt>kornj@cs.nyu.edu</tt>.If you want to be extra cautious, access thispage through <a href="http://www.anonymizer.com">Anonymizer</a>.<p><form action=cgi-bin/comment.cgi method=post><textarea name=comment rows=20 cols=80></textarea><input type=submit value="Submit Comment"></form></html>

Part 2: CGI Script (ksh)#!/home/unixtool/bin/ksh

. cgi-lib.ksh # Read special functions to help parseReadParsePrintHeader

print -r -- "${Cgi.comment}" | /bin/mailx -s "COMMENT" kornj

print "<H2>You submitted the comment</H2>"print "<pre>"print -r -- "${Cgi.comment}"print "</pre>"

Example: Find words in Dictionary

<form action=dict.cgi>Regular expression: <input type=“text” name=re value=".*"><input type=submit></form>

Example: CGI Script (ksh)

#!/home/unixtool/bin/ksh

PATH=$PATH:.. cgi-lib.kshReadParsePrintHeader

print "<H1> Words matching <tt>${Cgi.re}</tt> in the dictionary </H1>\n";print "<OL>"grep "${Cgi.re}" /usr/dict/words | while read worddo print "<LI> $word"doneprint "</OL>"

Debugging

• Debugging can be tricky, since error messages don't always print well as HTML

• One method: run interactively

$ QUERY_STRING='birthday=10/15/03'$ ./birthday.cgiContent-type: text/html

<html>Your birthday is <tt>10/15/02</tt>.</html>

A Python CGI Script#!/usr/bin/pythonimport cgiimport cgitb

cgitb.enable()form = cgi.FieldStorage()

bday = form['birthday'].value

# Print headerprint 'Content-Type: text/html'print

# Your HTML bodyprint "Your birthday is %s.\n" % bday

Debugging Python CGI Scripts

• Debugging CGI script is tricky - error messages don’t always come up on your browser

• Run script with test data$ python cgiScript prod=“MacBook” price=“1800”Content-Type: text/html

<html>…</html>

CGI Benefits

• Simple

• Language independent

• UNIX tools are good for this because– Work well with text– Integrate programs well– Easy to prototype– No compilation (CGI scripts)