Chapter 9

Using Perl for CGI

Programming

9.1 The Common Gateway Interface

Computation is required to support sophisticated web applications

Computation can be done by the server or the client (browser) or both

The Common Gateway Interface (CGI) is a protocol describing a standard way of providing server-side active web content Under circumstances determined by the server, an

HTTP request will cause a program to run The output from the program will be the response

returned to the client making the request Data from forms will be encoded in a request

sent do the server This data can be used by a CGI program

9.1 Other Approaches

ASP.NET from Microsoft Executable code embedded in web

pages Java Servlets and Java Server

Pages Servlets are executable code in Java Java server pages (JSP) are

executable code embedded in web pages

9.2 CGI Linkage

There are several common ways a web server can use to determine if a web request should cause a CGI program to execute

Usually, the determination is based on the target of the request Certain directories can be designated as

containing CGI programs Often cgi-bin is used

Certain file extensions can be designated as signifying a CGI program

.pl usually identifies a Perl script

9.2 CGI Linkage

A request for a CGI program to executed can be made with a simple link (<a> tag in HTML) This method is limited Any data sent must be hard-coded

into the link The usual way for invoking CGI

programs is through the action attribute of a form Data from the form is then encoded

and sent with the request

9.2 CGI Program Action

The CGI program generally creates the response by sending output to the standard output stream Using print in Perl

The CGI program will usually have to provide the content-type header Content-type: text/html This will be the last line of the response

headers and must be followed by a blank line The rest of the response is created by

printing the HTML code desired to standard output

9.3 Query String Format

Both GET and POST requests under HTTP can be used to carry form data from the browser to the server

The data is formatted into a query string Each form of request includes the

information in a different way In a GET request, the query string is appended to

the URL of the request, with a question mark used to separate it from the first part of the URL

In a POST request, the query string is sent as the data part of the request

In both cases, the query string is formatted the same

9.3 Query String Format

Each unit of data sent is encoded as name = value

The name is usually the value of a name attribute of a form widget

The value is the string representation of the widget value

Several units are combined by separating them with ampersands, &

Special characters in name and value are encoded The code is a percent sign, %, followed by the

hexadecimal code for the character A space is encoded as %20 Some browsers will encode spaces as +

9.3 Query String Access

When the POST method is used, the query string can be read from standard input The CONTENT_LENGTH

environment variable tells how many characters can be read

When The GET method is used, the query string is given by the value of the environment variable QUERY_STRING

9.4 The CGI.pm Module

Writing a CGI program from scratch is very tedious Creating HTML requires numerous print

statements Retrieving data from the query strings is

tricky One of the reasons for Perl’s popularity for CGI

programming is the powerful pattern matching facilities which greatly ease the task of parsing a query string

The Perl module CGI.pm provides numerous functions to help with both of these problems

9.4 Shortcut Functions in CGI.pm

Shortcut functions return string values containing HTML code Note, the string must be printed out to actually

become part of the response Some functions take no arguments print br; puts the tag <br/> into the response Some functions can be given a single argument

which becomes the content of the tag print h1(“A Header”) puts <h1>A Header</h1> into the response

9.4 Tag Attributes in Shortcut Functions

Attributes for tags are provided as attribute/value pairs in the argument list of the shortcut function The arguments are provided in the form of a literal

hash Attribute names are preceded by a hyphen, -

print textarea(-name => "Description", -rows => "2", -cols => "35"); produces this in the response <textarea name="Description"

rows="2" cols="35"> </textarea>

9.4 Attributes and Content

Attributes and content can both be provided to a shortcut by giving the attributes explicitly as a hash reference

print a({-href => "fruit.html"}, Press here for fruit descriptions"); produces this in the response <a href="fruit.html"> Press here

for fruit descriptions </a> If an array reference is provided for the

content, a tag is created for each item, giving the tag all the specified attributes

9.4 More Shortcuts

The head shortcut function provides a standard header

The start_html function provides the beginning part of an HTML document, through the <body> start tag The function takes one argument,

the document title

9.4 Accessing Form Data

The param function takes a name as an argument

The function returns the value associated to the name, if any, in the request

9.4 A Complete Form Example

The example includes an HTML page, popcorn.html, for placing an order

Also it includes a Perl CGI program for processing the data, popcorn.cgi

Note, to run this example, you must have a web server configured to run CGI programs, you cannot simply browse to the file on your local system

9.5 A Survey Example

The survey example is keeps track of data from a simple survey

There are three components conelec.html presents the form and

links conelec1.cgi processes a survey conelec2.cgi presents a summary of

the results

9.5 Saving the Data

A file is used to store a summary of the data

The file is updated by conelec1.cgi after each survey is submitted Care must be taken that two simultaneous

requests do not interfere with each other Both CGI programs will use the Perl flock

function that will allow only one program at a time access to the file

The file is accessed by coneclec2.cgi for each request for a summary

9.5 Table Shortcut Functions

The Tr function will create a sequence of table rows from an argument that is a reference to a list Tr is capitalized to distinguish it

from the transliterate function tr Similarly, the th and td functions

will produce a sequence of tags from a reference to a list

9.5 Table Example

Note the period between the th and td function calls, this concatenates the results in order to make a single row

table({-border => "border"},caption("Sales Figures"),Tr(

[th(["Salesperson", "Mon", "Tues", “Wed", "Thu", "Fri"]),

th("Mary").td(\@marysales), th("Freddie").td(\@freddiesales),

th("Spot").td(\@spotsales),]

));

9.5 Table Example Results

9.6 Cookies

HTTP is a stateless protocol, that is, the server treats each request as completely separate from any other

This, however, makes some applications difficult A shopping cart is an object that must be maintained

across numerous requests and responses The mechanism of cookies can be used to help

maintain state by storing some information on the browser system

A cookie is a key/value pair that is keyed to the domain of the server This key/value pair is sent along with any request made

by the browser of the same server A cookie has a lifetime which specifies a time at

which the cookie is deleted from the browser

9.6 Cookies and Security

Cookies are only returned to the server that created them

Cookies can be used to determine usage patterns that might not otherwise be ascertained by a server

Browsers generally allow users to limit how cookies are used Browsers usually allow users to remove all

cookies currently stored by the browser Systems that depend on cookies will

fail if the browser refuses to store them

9.6 Cookie Functions

The cookie function takes a hash with three keys for the name, value and expiration time of a cookie

The cookie value produced by this function must be passed to the header function using the –cookie key

header(-cookie => $a_cookie) Calling the cookie function with no

arguments produces a hash of all cookies from the current request

The day_cookie.pl example illustrates using a cookie to store the last time the page was visited