Introduction to CGI: - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Introduction to CGI:

Description:

Carp module: Catches fatal calls and shows the messages in the browser ... use GET to get the data. strict and Carp are good for CGI. monitor your data with -T ... – PowerPoint PPT presentation

Number of Views:124
Avg rating:3.0/5.0
Slides: 25
Provided by: MK48
Category:
Tags: cgi | carp | introduction

less

Transcript and Presenter's Notes

Title: Introduction to CGI:


1
3.0.1.3 Introduction to CGI Session 1
  • Introduction to CGI
  • HTML elements
  • Sending Data GET vs POST
  • CGI.pm module
  • Setting up a cgi script

2
CGI Common Gateway Interface
NOT THIS CGI !
  • CGI definition
  • Dont get confused with other CGIs
  • CGI stands for common gateway interface
  • and is designed to allow Web To do things.

The other kind of CGI computer-generated image
(we are going to discuss totally different CGI
!!!)
3
Support of CGI for computer programming languages
  • Scripting Languages other than Perl may be used
    for CGI
  • Unix SH
  • KSH
  • CSH
  • C
  • Alternatives to CGI
  • ASP (Microsoft)
  • PHP
  • ColdFusion
  • Java Servlets/JSP
  • FastCGI
  • Mod_perl

4
Where you can see CGI at work
  • Wide range of government, scientific and
    commercial websites use CGI

5
HTML stuff
  • URLs
  • HTTP Request Methods
  • PUT Ask the server to create or replace a
    resource on the server
  • DELETE Ask the server to delete a resource on
    the server
  • CONNECT Used to allow secure SSL connection to
    tunnel through HTTP
  • OPTIONS Ask the server to list the request
    methods available for resource
  • TRACE Ask the server to echo back the request
    headers as it receives them
  • HEAD Used as GET, but returns only HTTP headers
  • GET Ask the server for a resource
  • POST Instructs the server to modify the
    information on the server

6
Forms on the Web
  • Form tags
  • ltFORM ACTION/cgi/register.cgi
    METHODPOSTgt Starts the Form
  • ltINPUT TYPEtext NAMEname VALUEvalue Text
    Field
  • SIZEsizegt
  • ltINPUT TYPEhidden NAMEname Hidden Field
  • VALUEvaluegt
  • ltINPUT TYPEcheckbox NAMEname Checkbox
  • VALUEvaluegt
  • ltINPUT TYPEsubmit NAMEname Submit Button
  • VALUEvaluegt

7
Two examples of using GET and POST
  • ltHTMLgt
  • ltHEADgt
  • ltTITLEgtTesting CGIlt/TITLEgt
  • lt/HEADgt
  • ltBODYgt
  • ltFORM NAMECustomer_id ACTION
    myURL/survey.cgi METHODPOSTgt
  • Your Name ltINPUT TYPETEXT NAMEf_namegtltBRgt
  • ltINPUT TYPESUBMIT NAMEsend VALUESend
    Infogt
  • ltFORMgt
  • lt/BODYgt
  • lt/HTMLgt

ltHTMLgt ltHEADgt ltTITLEgtTesting CGIlt/TITLEgt lt/HEADgt lt
BODYgt ltFORM NAMEweather_report ACTION
myURL/report.cgi METHODGETgt Weather Report
ltINPUT TYPERADIO NAMEcity
VALUEVancouvergtVancouverltBRgt ltINPUT
TYPERADIO NAMEcity VALUEBurnabygtBurnabyltB
Rgt ltINPUT TYPERADIO NAMEcity
VALUECoquitlamgtCoquitlamltBRgt ltINPUT
TYPESUBMIT NAMEsend VALUEGet
Infogt ltFORMgt lt/BODYgt lt/HTMLgt
8
GET vs POST
  • GET
  • Most common http request. Used to retrieve
    information from the server, does not have a body
    passes request inside URL
  • Clicking on hyperlink
  • typing location into browser URL box
  • clicking on bookmarks
  • POST
  • Used to submit information which alters data on
    the server (passes the data through STDIN)
  • May be used for just retrieving information
  • Post more secure than GET because it doesnt pass
    data inside URL and therefore, users can not
    modify this data not true as it is legal to
    construct URLs and pass information with POST
  • The resources received via POST cannot be
    bookmarked or hyperlinked (and this is preferred
    behaviour)

9
CGI.pm module Why Perl?
  • Why Perl is good for writing CGI applications?
  • Multiple OS support
  • Interpreted language no need to recompile
  • Great set of features (arguably the best reg.
    Expressions)
  • Short development time
  • May be used for full-scale backend support

10
Namespace of your script and CGI.pm
  • Use CGI qw(standard)
  • cgi
  • Import all CGI-handling methods, such as param(),
    path_info() and the like.
  • form
  • Import all fill-out form generating methods, such
    as textfield().
  • html2
  • Import all methods that generate HTML 2.0
    standard elements.
  • html3
  • Import all methods that generate HTML 3.0
    proposed elements (such as lttablegt,
  • ltsupergt and ltsubgt).
  • netscape
  • Import all methods that generate
    Netscape-specific HTML extensions.
  • html
  • Import all HTML-generating shortcuts (i.e.
    'html2' 'html3' 'netscape')...
  • standard
  • Import "standard" features, 'html2', 'html3',
    'form' and 'cgi'.
  • all
  • Import all the available methods. For the full
    list, see the CGI.pm code, where the

11
Ways to generate HTML code as always, more than
one
Using here printing
  • !/usr/local/bin/perl -wT
  • use strict
  • print HTMLltlt
  • ltHTMLgt
  • ltHEADgtltTITLEgtTest HTML pagelt/TITLEgt
  • lt/HEADgt
  • ltBODYgt
  • ltH1gtSome Really Huge Letterslt/H1gt
  • ltBRgt
  • lt/BODYgt
  • lt/HTMLgt
  • HTML

Or object-oriented CGI
!/usr/local/bin/perl -wT use strict use
CGI my q new CGI print q-gtheader(text/html
), q-gtstart_html(Test HTML page),
q-gth1(Some Really Huge Letters), q-gtbr,
q-gtend_html
12
Using CGI.pm basic syntax
  • Standard HTML elements
  • Printing tags without closing tags
  • Printing opening and closing tags
  • Setting attributes for HTML element

print q-gtbr
ltBRgt
print q-gtp( This is a paragraph) print
q-gtp(My homepage is, q-gtem(q-gtserver_name))
ltPgtThis is a paragraphlt/Pgt ltPgtMy homepage is
ltEMgtlocalhostlt/EMgtlt/Pgt
print q-gta(-href gt /downloads, Download
Area)
ltA HREF/downloadsgtDownload Arealt/Agt
13
Using CGI.pm basic syntax
  • Printing Lists
  • More complex example

ltOLgt ltLIgtFirstlt/LIgt ltLIgtSecondlt/LIgt
ltLIgtThirdlt/LIgt lt/OLgt
print q-gtol(q-gtli( First,Second,Third )
)
ltTABLE BORDER1 WIDTH100gt ltTRgt ltTH
BGCOLORccccccgtNamelt/THgt ltTH
BGCOLORccccccgtOccupationlt/THgt lt/TRgt ltTRgt
ltTDgtFrodolt/TDgt ltTDgtHobbitlt/TDgt lt/TRgt ltTRgt
ltTDgtGandalflt/TDgt ltTDgtWizardlt/TDgt lt/TRgt ltTRgt
ltTDgtGollumlt/TDgt ltTDgtFrodos friendlt/TDgt lt/TRgt lt/
TABLEgt
print q-gttable( -border gt 1,
-width gt 100 , q-gtTr( q-gtth(
-bgolor gt cccccc , Name,
Occupation ), q-gttd( Frodo,
Hobbit ), q-gttd( Gandalf, Wizard
), q-gttd( Gollum, Frodos friend )
) )
14
CGI syntax allows to do new things easily
  • Expandability
  • This will produce the following nonstandard HTTP
    header
  • HTTP/1.0 200 OK
  • Cost Three smackers
  • Annoyance-level high
  • Complaints-to bit bucket
  • Content-type text/html

print q-gtheader(-type gt 'text/html',
-cost gt 'Three smackers',
-annoyance_level gt 'high',
-complaints_to gt 'bit bucket')
15
Form tags in CGI.pm
  • Syntax for Forms in CGI is different from syntax
    for other elements
  • start_form ltFORMgt
  • end_form lt/FORMgt
  • textfield ltINPUT TYPETEXTgt
  • password_field ltINPUT TYPEPASSWORDgt
  • filefield ltINPUT TYPEFILEgt
  • button ltINPUT TYPEBUTTONgt
  • submit ltINPUT TYPESUBMITgt
  • radio_group ltINPUT TYPERADIOgt
  • textarea ltTEXTAREAgt

my qnew CGI print q-gttextfield(-name gt
username, -default gt Anonymous
) Generates ltINPUT TYPETEXT
NAMEusername VALUEAnanymousgt
16
Tainted data
  • Examples
  • Potentially dangerous things

foo _at_ARGV bar foo file ltFOOgt foo
Hello
Tainted (came from outside) Tainted (because foo
is tainted) Tainted (obtained with ltgt
operator) Ok, as we set foo inside
unlink foo open(FOO, foo) exec cat
foo exec cat, foo
Insecure Ok as it is read-only access Insecure as
it uses sub-shell Ok, as we do not use the shell
17
Using Carp module your scripts will leave a
suicide note
  • Using Perl -T option
  • -T option instructs Perl to monitor data for
    potential use in code, modifying something
    outside the script. Data considered to be
    tainted
  • Command line arguments
  • File input
  • Various system calls
  • Environment variables
  • Carp module
  • Catches fatal calls and shows the messages in the
    browser
  • Use CGICarp qw( fatalsToBrowser )

18
Complaining in your browser window
  • No Carp
  • an error occurred while processing this
    directive
  • Internal Server Error
  • If you did not expect this error contact our
    webmaster. This error is due to either a script
    or server misconfiguration.
  • an error occurred while processing this
    directive
  • With CGICarp qw(fatalsToBrowser)
  • Software error
  • syntax error at /usr/local/web/apache/cgi-bin/intr
    anet/people/pruzanov/quicktests/test2.cgi line
    15, near "Name"
  • Execution of /usr/local/web/apache/cgi-bin/intrane
    t/people/pruzanov/quicktests/test2.cgi aborted
    due to compilation errors.
  • For help, please send mail to the webmaster
    (webmaster_at_bcgsc.ca), giving this error message
    and the time and date of the error.

19
Getting values into script param()
  • Source of a test.cgi script
  • param() takes an id for variable and returns the
    value of this variable

!/usr/bin/perl -wT use strict use CGI
qw(standard) use CGICarp qw(fatalsToBrowser)
print header print start_html(-titlegt"Testing
CGI") print "Your name is ".param('Y_name')."\ltBR
\gt" print end_html
20
Say Hello to World
  • Source of form_test.html
  • Output
  • lthtmlgt
  • ltheadgt
  • lttitlegtForm Testerlt/titlegt
  • lt/headgt
  • ltbodygt
  • ltbrgt
  • ltform name"test" action"../cgi-bin/quicktest
    s/test.cgi" method"POST"gt
  • Enter Your name
  • ltinput type"TEXT" name"Y_name" value"Enter
    Your name"gt
  • ltbrgt
  • ltbrgt
  • ltinput type"SUBMIT" name"Send_it"
    value"Send"gt
  • lt/formgt
  • lt/bodygt
  • lt/htmlgt

Note that we are using POST here. GET, however,
will work in this situation just as well
21
Using cgi to process HTML form
  • CGI.pm at work

Here we are typing in some name
At this point we are pressing Send
22
Self-processing script
That is what we see when the script first starts
  • Doing it all at once in one place

!/usr/bin/perl -wT use strict use CGI
qw(standard) use CGICarp qw(fatalsToBrowser)
print header print start_html(-titlegt"Testing
CGI") if(my name param('Y_name')) print
"Your name is ".name."\ltBR\gt" else print
start_form(-name gt"test",
-actiongt"", -methodgt"post"),
textfield(-name gt"Y_name",
-defaultgt"Enter Your name"),
submit(-name gt"Send_it",
-valuegt"Send"), end_form print
end_html
That is what we see when we pass a name to THE
VERY SAME script
23
HTML code produced by .cgi scripts
  • Output from test2.cgi
  • What we see in a browser

lt?xml version"1.0" encoding"iso-8859-1"?gt lt!DOCT
YPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http//www.w3.org/TR/xhtml1/D
TD/xhtml1-transitional.dtd"gt lthtml
xmlns"http//www.w3.org/1999/xhtml" lang"en-US"
xmllang"en-US"gtltheadgt lttitlegtTesting
CGIlt/titlegt lt/headgt ltbodygt ltform method"post"
action"" enctype"application/x-www-form-urlencod
ed" name"test"gt Enter Your Nameltinput
type"text" name"Y_name" /gt ltbr /gt ltinput
type"submit" name"Send_it" value"Send"
/gt ltdivgtlt/divgt lt/formgt lt/bodygt lt/htmlgt
24
3.0.1.3 Introduction to CGI Session 1
  • Common gateway interface
  • CGI.pm usage
  • use POST to change data on a server
  • use GET to get the data
  • strict and Carp are good for CGI
  • monitor your data with -T
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Introduction to CGI:" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!