Slayt Başlığı Yok

greenbeansneedlesΛογισμικό & κατασκευή λογ/κού

13 Δεκ 2013 (πριν από 3 χρόνια και 7 μήνες)

69 εμφανίσεις

1

CGI

(Common Gateway Interface)


CmpE 587


Emir Bayraktar

Onur Bük

2

Overview


What is CGI ?


How it works


Perl Language


Cgi Environment Variables


Get & POST Methods


Server
-
Side Includes (SSI)


3

What is CGI ?


It stands for Common Gateway Interface


It is a way of programming for the web


It
is a server
-
side technology


It makes web
-
pages dynamic



4

Basics of CGI


CGI can be written with many languages


Most popular are PERL and C


Our choose is PERL because...


PERL is standard on UNIX systems


PERL is very easy and robust


It also runs on WindowsNT


5

How it works

?


CGI combines HTML tags with
program
statements


HTML tags are for appearance and
visual
it
y


PERL codes are for functionality


The result are functional and nice web
-
pages

6

Before we begin


PERL is an interpreted language


You write the script and it runs


But only if it is error
-
free


A simple text editor is enough


No additional software required


7

Let’s begin with the first script


We need to know where PERL runs


%>whereis perl or %> which perl


/usr/bin/perl


The first line of our script would be


#!/usr/bin/perl


As the result must be an HTML code


print “Content
-
type:text/html
\
n
\
n”;

8

Default First Script : “HELLO WORLD”

#!/usr/bin/perl

print “Content
-
type:text/html
\
n
\
n”;

print “<html><head><title>HELLO

</title></head>
\
n”;

print “<body>
\
n”;

print “<h2>HELLO WORLD</h2>
\
n”;

print “</body></html>
\
n”;

9

PERL Variables



Like many other programming languages
,

PERL has different kinds of variables


SCALAR VARIABLES ==>
$scalar


ARRAY VARIABLES ==>
@array


HASH VARIABLES ==>
%hash

10

Scalar Variables


A scalar variable stores a scalar value.
They have the prefix $. They can contain
any kind of data like numbers, characters
or a string.


$num=5; $name=“John”;


You can input data to a scalar variable
with


$name=<STDIN>;

11

Array Variables


An array stores list of information. They
have the prefix @. The arrays start with
the index 0. If you refer to a single
element of the array, you use the prefix $
with the index. For example


@city=(“ist”,“ankara”,“izmir”);


$city[0] =“ist” $city[2] =“izmir”

12

Hash Variables


Hash variables are a special kind of
arrays. They contain paired groups of
elements. Each pair consists of a key and
data value. They have the prefix %.


%pages = (

”Yahoo" => "http://www.yahoo.com",

”Mail" => "http://www.hotmail.com",

”Uni" => "http://www.boun.edu.tr“

);


13

CGI Environment Variables


These are a series of hidden values that
the web server sends to every CGI you
run. They are stored in a hash called
%ENV. Some of the
m

are…


DOCUMENT_ROOT:The root directory of your server


HTTP_HOST
:
The hostname of your server


REMOTE_ADDR
:
The IP address of the visitor


REMOTE_HOST
:
The hostname of the visitor


SERVER_NAME
:
Your server's qualified domain name

14

Properties of %ENV


The %ENV hash is set for every CGI, and
you can use any or all of it as needed
. For
example, you can write the IP address of
the visitor with the command:


print “
Your IP



=$ENV{‘
REMOTE_ADDR
'}
\
n";



print “Your Port
=$ENV{‘REMOTE_PORT’}
\
n”;


print “Your Browser
=$ENV{‘HTTP_USER_AGENT’}
\
n”;


15

Some examples using %ENV


Let’s find the IP address of the visitor...

#!usr/bin/perl

print “Content
-
type:text/html
\
n
\
n”;

print <<Finish

<html><head><title>IP</title></head>

<body>

Your IP address: $ENV{‘REMOTE_ADDR’}

</body></html>

Finish

16

GET and POST


We use GET and POST in order to send
data from an HTML document to a CGI
program.


GET: T
he input values are sent as part of
the URL, saved in the QUERY_STRING
environment variable.



POST: D
ata
are

sent as input stream to
the program

17

A simple example with GET


We will write a simple CGI script which
takes data input from and sends the data
with the ‘QUERY_STRING’. The working
part of the code is as follows:

#!/usr/bin/perl

print “Content
-
type:text/html
\
n
\
n”

print <<Finish

<html><head><title>CMPE587</title></head>

<body>

18

A simple example with GET

(cont’d)

<h2>This page collects info about you</h2>

<form
action:“http://www.students.itu.edu.tr/~bayrakt
ara/cgi
-
bin/info.cgi” method=“GET”>

Name:<input type=“text” name=“name” size=20>

<p>

Surname:<input type=“text” name=“sname”
size=30><p>

<input type=“submit” value=“submit”>

Finish

19

A simple example with GET

(cont’d)

20

There are two important results


If we look at the %ENV variable we
would see that


$ENV{‘QUERY_STRING’}=
name=Ali+Veli&sname=Yilmaz


The second result is that the address bar
of the result page would look like

21

How to filter unwanted characters


There are some unwanted characters in
the string: “=” , “+” and “&”. “+”
stands for space and “&” separates input
values.


name=Ali+Veli&sname=Yilmaz


First we have to split “name” and
“sname”. Fortunately, PERL has
a
“split”
command.


@val=split(/&/,$ENV{‘QUERY_STRING’})


@val=(“name=Ali+Veli”,”sname=Yilmaz”)

22

How to filter unwanted characters

(cont’d)


We have now an array variable. We use
the split command for the second time in
order to filter “=“ character. As we have
many input values we use such a code:




foreach $ran (@val) {



($field, $value)=

split(/=/,$ran);



print “$field = $value
\
n”;}

23

Advantages and disadvantages of GET


It is very simple to collect data and
process it. You can make forms very
easily. This is an advantage.


It is not secure. The data that will be sent
is a part of the URL. It can be easily
obtained by others.

24

An example with POST


POST is another method of sending data
but it is much more secure than GET.
Data will be sent after encoding. It can
also send more data according to GET.
Encoding requires decoding and this
increases the complexity of the script.


The decoding tasks are performed by
PERL with some simple commands.

25

Decoding Commands


There are two basic decoding commands.
These are
substitute

and
t
ranslate
.


The syntax for
substitute
is:

$varia =~

s/pattern/replacement




An example clears all:


$greeting =

“Hello name.
\
n”;


$greeting =

~s/name/Ali/;


print $greeting;

26

Decoding Commands


The syntax for
translate
is:


$varia =~

tr/searchlist/replacelist


The
translate
command turns every
character in the searchlist to its
corresponding character in the replacelist


The upper&lower case transformation can
easily be done with


$lower =~ tr/[A
-
Z]/[a
-
z]


$upper =~ tr/[a
-
z]/[A
-
Z]

27

How to decode data streams


We have seen how to
split
a data stream.
Now , we have to decode the stream with
translate
and
substitute.

$value =~ tr/+/ /;

$value =~ s/%([a
-
fA
-
F0
-
9][a
-
fA
-
F0
-
9])/pack(“C”, hex($1))/eg;

28

How we get POST data

read (STDIN, $ENV{‘CONTENT_LENGTH’});

@pairs=split(/&/,$buffers);

Foreach $pair(@pairs){

($varname,$value)=split(/=/,$pair);,

$value =~ tr/+/ /;

$value =~ s/%([a
-
fA
-
F0
-
9][a
-
fA
-
F0
-
9])/pack(“C”, hex($1))/eg;

$FORM{$varname}=$value;

}

29

Server
-
Side Includes(SSI)


Embedded code section in an HTML
document.


Dependent on type of server


Server


parses SSI code


executes it


sends the results to the client

30

Server
-
Side Includes
(cont’d)


How does the server understand
that the HTML file contains SSI
code?


The file extension is converted to
shtml or


The access rights for the file is 755
(in UNIX environment)

31

SSI Structure


<!
--
#element property=value
property=value
--

>


Ex:


<!
--
#include file=“bodybar”
--

>


<!
--
#flatsmode
virtual=“/includes/flashes.inc”
--

>


<!
--
#exec cgi=“/cgi
-
bin/a.cgi”
--

>

32

Database Connectivity


Uses Perl’s DBI Module


Ex (pseudocode):

use DBI;

$dbh=DBI
-
>Connect(“dbi:mysql:dbname”,”username”,”pswd”);

$sth=$dbh
-
>prepare(“sql query”);

$sth.execute;

while(($var1,$var2,$var3)=$sth
-
>fetchrow){

use variables

$dbh
-
>disconnect

}

33

Thank You!


Please ask any
questions you may
have.

34

İyi Bayramlar!