Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D

Comp2513Comp2513

Forms and CGI Server Forms and CGI Server ApplicationsApplications

Daniel L. Silver, Ph.D.Daniel L. Silver, Ph.D.

2002 Daniel L. Silver 2

ObjectivesObjectives

To discuss HTML Forms and CGI ScriptsTo discuss HTML Forms and CGI Scripts To introduce the concept of server To introduce the concept of server

applications and discuss their use as a part applications and discuss their use as a part of an E-Commerce infrastructureof an E-Commerce infrastructure

References: Ch. 2 Sharma (p.38-41),References: Ch. 2 Sharma (p.38-41),DDEA p.115-124 DDEA p.115-124


OutlineOutline HTML FormsHTML Forms HTTP GET and POST MethodsHTTP GET and POST Methods CGI ServerApplicationsCGI ServerApplications Drawbacks of CGIDrawbacks of CGI Forms and JavascriptForms and Javascript CookiesCookies


HTML FormsHTML Forms Forms are part of an HTML documentForms are part of an HTML document

<FORM ACTION =‘someApplication’><FORM ACTION =‘someApplication’>.. input elements like text fields, radio buttons, etc .... input elements like text fields, radio buttons, etc .... one or more submit buttons .... one or more submit buttons ..

</FORM></FORM> Simple form example: Simple form example: greet_shell2.htmlgreet_shell2.html User enters data, selects optionsUser enters data, selects options User sends request by clicking on a submit buttonUser sends request by clicking on a submit button Data is processed by Javascript or sent back to client Data is processed by Javascript or sent back to client

for processing using a CGI scriptfor processing using a CGI script The results returned to the browser as HTMLThe results returned to the browser as HTML


CGI – Common Gateway InterfaceCGI – Common Gateway Interface

CGI is a standard for HTTP client to server CGI is a standard for HTTP client to server application communications that defines: application communications that defines: – How a client can request to run an application How a client can request to run an application

on a server and use specified input dataon a server and use specified input data– How the data is passed to the server applicationHow the data is passed to the server application– How the server application can pass the How the server application can pass the

response back to the clientresponse back to the client CGI is NOT a programming langaugeCGI is NOT a programming langauge


Forms and CGI: ExamplesForms and CGI: Examples

A barebones CGI request for execution of a sever A barebones CGI request for execution of a sever

applicationapplication: : Hello_time.htmlHello_time.html Passing parameters to a program on a server via Passing parameters to a program on a server via

the CGI protocol: the CGI protocol: greet_shell.htmlgreet_shell.html

Combining forms and CGI: Combining forms and CGI: greet_shell2.htmlgreet_shell2.html


How is User Data Passed How is User Data Passed to the Server?to the Server?

Either GET or POST HTTP method is usedEither GET or POST HTTP method is used See the forms tutorialSee the forms tutorial The default and the one used in the previous The default and the one used in the previous

example is GETexample is GET Recall … the HTTP Request HeaderRecall … the HTTP Request Header

GET /demo/Hello.html HTTP 1.0GET /demo/Hello.html HTTP 1.0Accept: text/plainAccept: text/plainAccept: text/htmlAccept: text/htmlUser-Agent: Mozilla/2.0User-Agent: Mozilla/2.0<CR/LF><CR/LF>



With the GET method, the browser With the GET method, the browser appends a “?” to the URL followed by the appends a “?” to the URL followed by the user entered FORM data. So you see:user entered FORM data. So you see:http://eagle.acadiau.ca/demo/cgi-bin/greet_shell.cgi?name=Dannyhttp://eagle.acadiau.ca/demo/cgi-bin/greet_shell.cgi?name=Danny

The server reads the data following the “?” The server reads the data following the “?” and makes it available in the form of and makes it available in the form of environment variable, QUERY_STRINGenvironment variable, QUERY_STRING

The CGI application on the server must The CGI application on the server must read and parse this environment variable read and parse this environment variable



With the POST method, the browser creates a With the POST method, the browser creates a message containing the user entered FORM data. message containing the user entered FORM data.

The message is sent to the server and forwards it The message is sent to the server and forwards it on to the requested application in the form of an on to the requested application in the form of an “input stream”“input stream”

The CGI application on the server must read and The CGI application on the server must read and parse the input streamparse the input stream

An example: An example: RequestParamExample.htmlRequestParamExample.html, , RequestParamExample.javaRequestParamExample.java


POST versus Get MethodsPOST versus Get Methods

Advisable to use POSTAdvisable to use POST GET is limited to 1024 characters GET is limited to 1024 characters

(restricted by the environment variable size (restricted by the environment variable size limits) limits)

POST provides a first order level of securityPOST provides a first order level of security– Why?Why?


Other Data Available at ServerOther Data Available at Server

The server application that reads the FORM The server application that reads the FORM data can also access other information data can also access other information provided by the CGI standard:provided by the CGI standard:– REMOTE_ADDR – the IP address of the clientREMOTE_ADDR – the IP address of the client– REMOTE_HOST – fully qualified URL of hostREMOTE_HOST – fully qualified URL of host– CONTENT_LENGTH – length of FORM dataCONTENT_LENGTH – length of FORM data– Checkout Checkout “Request Info” and “Request Headers” :“Request Info” and “Request Headers” :

http://eagle.acadiau.ca:8080/examples/servlets/http://eagle.acadiau.ca:8080/examples/servlets/


CGI Server ApplicationsCGI Server Applications

A CGI Script can be any program that can A CGI Script can be any program that can execute on the serverexecute on the server– Shell script, Perl script, C, C++Shell script, Perl script, C, C++

– Perl Example: Perl Example: perl_greeting.htmlperl_greeting.html– Perl code: Perl code: perl_greeting.cgiperl_greeting.cgi

» NOTE: to see Perl code open in source viewNOTE: to see Perl code open in source view


Drawbacks of CGIDrawbacks of CGI

Each time a CGI application is requested by Each time a CGI application is requested by an HTML page the server is requested to an HTML page the server is requested to start a separate process start a separate process

This is true even if it is a Java program This is true even if it is a Java program doThis.cgi :doThis.cgi : #!/bin/sh#!/bin/sh

java doThis.classjava doThis.class

A new JVM is started each timeA new JVM is started each time– Takes time to set up and take downTakes time to set up and take down– Uses memory resources on the serverUses memory resources on the server


Forms and JavascriptForms and Javascript

Javascript was introduced by NetScapeJavascript was introduced by NetScape A client-side languageA client-side language Provides program logic embedded in HTML for Provides program logic embedded in HTML for

generation of dynamic webpages and minor generation of dynamic webpages and minor computationcomputation

Manipulation of objects in HTML page including Manipulation of objects in HTML page including the creation and the creation and movement of browser windowsmovement of browser windows

Most importantly allows validation of entered Most importantly allows validation of entered FORM data: FORM data: calculatorcalculator, greet_javascript, greet_javascript


CookiesCookies

Recall the problem of web sessions being Recall the problem of web sessions being connectionlessconnectionless

TCP/IP is connection oriented but each TCP/IP is connection oriented but each HTTP request/response uses one such HTTP request/response uses one such connection and then terminatesconnection and then terminates

State is not maintained from page to pageState is not maintained from page to page Each item you order is a separate request Each item you order is a separate request So how does a E-Comm site know how to So how does a E-Comm site know how to

accumulate orders for you?accumulate orders for you?


What’s a CookieWhat’s a Cookie

A Cookie is a small piece of data placed on a A Cookie is a small piece of data placed on a client system that is used by the server to identify client system that is used by the server to identify the clientthe client– Client, about to make a request to a server, checks to Client, about to make a request to a server, checks to

see if it has an associated cookiesee if it has an associated cookie» If cookie, then send it with the requestIf cookie, then send it with the request

– Server checks for cookie in requestServer checks for cookie in request» If cookie, then pass it to any applications calledIf cookie, then pass it to any applications called

– Server may create a new cookie and return it with the Server may create a new cookie and return it with the response to the clientresponse to the client

– Client receives response and checks for new cookieClient receives response and checks for new cookie» If cookie, then it saves it for this server URLIf cookie, then it saves it for this server URL


Cookies are not programs …Cookies are not programs …

Contain 4K of text or lessContain 4K of text or less There limits stored by a browser (default: There limits stored by a browser (default:

20 per site, 300 in total, oldest are deleted)20 per site, 300 in total, oldest are deleted) Only the originating domain can ever use Only the originating domain can ever use

the contents of their cookiesthe contents of their cookies Written with or without an expiry dateWritten with or without an expiry date Turn on your browser’s cookie warnings to Turn on your browser’s cookie warnings to

observe how frequent they are usedobserve how frequent they are used


Break down of a CookieBreak down of a Cookie

C:\Program Files\Netscape\ Users\defaultuser\cookies.txtC:\Program Files\Netscape\ Users\defaultuser\cookies.txt www.goto.com FALSE / FALSEwww.goto.com FALSE / FALSE 1293231196 UserID 1293231196 UserID

7481BA1DC3F68F71 7481BA1DC3F68F71 First First Boolean valueBoolean value ( (FALSEFALSE) indicates whether the cookie ) indicates whether the cookie

is available throughout the domain, the second denotes is available throughout the domain, the second denotes whether the cookie data should be transmitted only over whether the cookie data should be transmitted only over secure channelssecure channels

12932311961293231196 is the expiry date = milliseconds since 1970 is the expiry date = milliseconds since 1970 UserIDUserID is the cookie name is the cookie name 7481BA1DC3F68F717481BA1DC3F68F71 is the cookie data is the cookie data


Cookies are UsefulCookies are Useful

Saving user preferences and profileSaving user preferences and profile Remembering pages visited and whenRemembering pages visited and when Greeting people by name Greeting people by name Notifying visitor of changes since last visit Notifying visitor of changes since last visit Retaining data from one page (or frame) to Retaining data from one page (or frame) to

anotheranother Using server side code cookie data can be used Using server side code cookie data can be used

track user visits and movement patternstrack user visits and movement patterns


Cookie ExamplesCookie Examples

Javascript (client controlled) example: Javascript (client controlled) example: Samplecookie1.htmSamplecookie1.htm

Java servlet (server controled) example: Java servlet (server controled) example: Servercookies.htmlServercookies.html


Web ReferencesWeb References

http://http://www.jmarshall.com/easy/cgiwww.jmarshall.com/easy/cgi// http://www.library.uq.edu.au/quik-it/pub_adv.html#formshttp://www.library.uq.edu.au/quik-it/pub_adv.html#forms http://www.nlc-bnc.ca/pubs/netnotes/notes19.htmhttp://www.nlc-bnc.ca/pubs/netnotes/notes19.htm http://hoohoo.ncsa.uiuc.edu/cgi/http://hoohoo.ncsa.uiuc.edu/cgi/ http://www.cgidir.com/http://www.cgidir.com/ http://cgi.resourceindex.com/ http://cgi.resourceindex.com/

THE ENDTHE END

[email protected]@acadiau.ca

Documents

Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D