Transcript Document
Fundamentals of CGI
Programming Using Perl
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 1:
Application
Development Fundamentals
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Explain the application development process
• Distinguish among various application
development environments
• Identify common application development
platforms
• Clarify various communication protocols
• Determine when to use client-side or serverside scripting
The Application
Development Process
• Define a need for a
solution
• Analyze the
requirements
• Create an
implementation plan
and perform toplevel design
• Perform in-depth
design
• Create the
application
• Test the system
• Deploy the system
• Maintain the system
Platforms,
Languages and Protocols
•
•
•
•
Development platforms
Server-side development technologies
Client-side development technologies
Communication protocols
Client-Side vs.
Server-Side Scripting
• Performance issues
• Security risks
Hypertext
Transfer Protocol
• Passing information with HTTP
• HTTP methods
Summary
Explain the application development process
Distinguish among various application
development environments
Identify common application development
platforms
Clarify various communication protocols
Determine when to use client-side or serverside scripting
Lesson 2:
Introduction to
CGI and Perl
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Explain how the Common Gateway Interface
works
• Describe the GET and POST methods
• Describe the benefits of CGI
• Describe the benefits of choosing Perl as your
CGI scripting language
Web
Architecture Overview
• Browser, server and script interaction
• Common Gateway Interface
What Is CGI?
• Common
– Supported on almost every platform
• Gateway
– Gate or conduit that connects clients and
servers or server programs
• Interface
– The manner in which the gateway is used
Why Use CGI?
•
•
•
•
Two-directional communication
Storage of user-entered data
Portability of code
Browser independence
What Is Perl?
• Practical Extraction Report Language
Why Use Perl?
•
•
•
•
•
Free license
Smooth installation
Pre-existing programs
Text and file processing capabilities
Strong points from other languages
Summary
Explain how the Common Gateway Interface
works
Describe the GET and POST methods
Describe the benefits of CGI
Describe the benefits of choosing Perl as your
CGI scripting language
Lesson 3:
Creating a
Simple Script
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Discuss the advantages and disadvantages of
client-side and server-side scripts
• Use scalar variables
• Print HTML to the browser using the print
statement
Key Concepts
and Syntax
•
•
•
•
•
•
Client-side versus server-side scripting
Scalar variables in Perl
Built-in functions
Single and double quotation marks
Using variables in strings
User-defined functions
Key Concepts
and Syntax (cont’d)
•
•
•
•
Printing HTML from a Perl script
Including HTML after the _END_ keyword
Printing HTML using print <<ANYWORD
Printing HTML from a file
Summary
Discuss the advantages and disadvantages of
client-side and server-side scripts
Use scalar variables
Print HTML to the browser using the print
statement
Lesson 4:
Perl Fundamentals
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
•
•
•
•
•
•
Use CGI.pm to examine environment variables
Use Perl arrays and associative arrays
Define list and scalar context
Use pattern matching operators
Write if statements
Create loops
Accessing
Environment Variables
• Environment variables are stored in an
associative array
Using CGI.pm to Access
Environment Variables
• Simpler CGI.pm syntax
• Environment access methods
If Statement
• Used exactly as it is used in JavaScript
• Can also be used in a unique way at the end of
any statement
Logical
Expressions
• Numeric and string operators
Pattern
Matching
• Pattern matching operator
Perl
Arrays
• Holds a list of scalars (numbers of strings)
• List context versus scalar context
– Initializing scalar variables from an array
Passing Values
to Functions
• Values that are passed to functions are held in
arrays
Associative Arrays
• Converting associative arrays to arrays
• Using join with arrays and associative arrays
• Using split with arrays
Loops
•
•
•
•
•
The while loop
The next and last statements
The for loop
The foreach loop
The sort function
Summary
Use CGI.pm to examine environment variables
Use Perl arrays and associative arrays
Define list and scalar context
Use pattern matching operators
Write if statements
Create loops
Lesson 5:
Perl File Input and
Output Capabilities
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
•
•
•
•
•
Open and close files from within scripts
Read and write to sequential files
Read and write to random-access files
Define file modes
Use the diamond operator in scalar and list
contexts
• Use file tests in conditional statements
File IO
Using File Handles
• The unless statement
• The die statement and the | | operator
• The && operator
File
Modes
•
•
•
•
Reading a file
Writing to a file
Appending to a file
Reading and writing to a random-access file
Using Files
in Scripts
• Writing to a file
• Reading from a file using the diamond
operator <>
• Reading from a file using the read function
• Reading and writing to a random-access file
• The seek function
Creating a
Hit Counter
• Every time a page is called, a counter reads
and increments the number in the file, and
stores it back to the file
Summary
Open and close files from within scripts
Read and write to sequential files
Read and write to random-access files
Define file modes
Use the diamond operator in scalar and list
contexts
Use file tests in conditional statements
Lesson 6:
Controlling
Processing and Output
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Use the HTML form generation methods of
CGI.pm to create HTML pages
• Use the param method to retrieve form values
• Create a dual-mode form that accepts and
generates data depending on how it is
accessed
• Validate form data and print a missing fields
page
• Test Perl scripts in offline mode
Incorporating HTML
into Perl Using CGI.pm
• Methods of CGI.pm include
– start_html
– end_html
– startform A,B,C
– endform
– submit A
– textfield A,B,C,D
– button A,B
– hidden A,B
– header A
Using CGI.pm
to Access Form Data
• The POST method
• Using CGI.pm for GET or POST
Processing
User-Entered Data
• Using the ReadParse method
Using One File to Create
and Process an HTML Form
• Perl scripts can operate in two modes
– Called from a hyperlink
– Called from a form submission
Using Perl to
Validate Form Input
• Perl scripts commonly validate form data:
– Before saving the data
– Before processing the data
Summary
Use the HTML form generation methods of
CGI.pm to create HTML pages
Use the param method to retrieve form values
Create a dual-mode form that accepts and
generates data depending on how it is
accessed
Validate form data and print a missing fields
page
Test Perl scripts in offline mode
Lesson 7:
Saving
User-Supplied Data to a File
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Use the named parameters syntax for CGI.pm
methods
• Save data to a file in a tab-delimited format
• Save data to a file using the save method of
the CGI.pm module
• Delete and append name-value pairs
• Use the substitution pattern-matching
operator
• Use the &_ variable to simplify scripts
Saving Form
Data to a File
• To save form data:
– Access the field data using the param
method
– Write (print) the field data to an open file
Modifying
Form Data
• Named parameters syntax
• Methods of CGI.pm with named
parameters
• The delete method
• The append method
Pattern Matching
Revisited
• Pattern-matching operator revisited
• Substitution operator
Summary
Use the named parameters syntax for CGI.pm
methods
Save data to a file in a tab-delimited format
Save data to a file using the save method of
the CGI.pm module
Delete and append name-value pairs
Use the substitution pattern-matching
operator
Use the &_ variable to simplify scripts
Lesson 8:
Reading a File
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Use regular expressions to match patterns
• Substitute characters from a string using
regular expressions
Pattern Matching with
Regular Expressions
• Special characters
• Quantifiers
• Memory
Substitution
• Contains four parts
– The character s
– The pattern match
– The replaced characters
– The character g
Summary
Use regular expressions to match patterns
Substitute characters from a string using
regular expressions
Lesson 9:
Introduction
to Databases
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Explain the need for databases
• Use the DBI interface to access a database
using any DBD driver
• Describe a four-step process for writing
database programs
• Use the connect method to access a
database
Objectives
(cont’d)
• Write simple and complex SQL statements
• Use the q{} and qq{} quoting operators to
write simple SQL statements
• Query the table names and table field names
of a database
• Combine the CGI and DBI Perl modules to
create a Perl script that accesses and formats
data for presentation in the browser
Introduction to
Database Programming
• Benefits of database interaction
• Database Interface (DBI) module
• Database Driver (DBD) module
Four Steps to
Interacting with Databases
•
•
•
•
Connect to the database
Query the database
Display the results
Close the connection
Connecting
to Databases
• The connect method
• SQL SELECT statement
Quoting
Revisited
• q{}
• qw{}
• qq{}
Querying Table
and Field Names
• If the query selects all the fields of a table, you
can retrieve a list of all the field names
Summary
Explain the need for databases
Use the DBI interface to access a database
using any DBD driver
Describe a four-step process for writing
database programs
Use the connect method to access a
database
Summary
(cont’d)
Write simple and complex SQL statements
Use the q{} and qq{} quoting operators to
write simple SQL statements
Query the table names and table field names
of a database
Combine the CGI and DBI Perl modules to
create a Perl script that accesses and formats
data for presentation in the browser
Lesson 10:
Deleting and
Inserting Database Records
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Use the do method to quickly execute SQL
statements
• Use the DELETE command to delete records
from a database
• Use the INSERT command to insert records in
a database
• Use the UPDATE command to modify records
in a database
Modifying Data
in a Database
• DELETE command
• INSERT command
• UPDATE command
The do Method
• Duplicates the function of the prepare and
execute methods
Summary
Use the do method to quickly execute SQL
statements
Use the DELETE command to delete records
from a database
Use the INSERT command to insert records in
a database
Use the UPDATE command to modify records
in a database
Lesson 11:
CGI Security Issues
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Describe how hackers gather information
about your system
• Prevent unauthorized reading of CGI scripts or
data saved by CGI scripts
• Use CGI wrappers to separate multiple users
on the same server
• Discuss security issues introduced by Web
server extensions
• Use four techniques to prevent shell
expansion of data passed to launched
programs
Type
of Attacks
• Hackers can gather information about your
system by
– Exploiting bugs in server application
software
– Accessing demo CGI scripts
– Reading contents of poorly configured CGI
scripts
– Readings contents of data saved
improperly
– Passing data to your CGI scripts to launch
unexpected commands
Securing
the CGI Script
•
•
•
•
Reading CGI scripts
Writing CGI script data
Web server user ID
CGI wrappers
Securing
the Server
•
•
•
•
FrontPage Extensions
ColdFusion
Active Server Pages
Web server and operating system bugs
Securing
Form Data
•
•
•
•
Data as a file name
Maintaining state with hidden fields
Maintaining state with cookies
Cookies versus hidden fields
Securing Data
Passed to Commands
• The eval method
• The exec method
• The system method
Summary
Describe how hackers gather information
about your system
Prevent unauthorized reading of CGI scripts or
data saved by CGI scripts
Use CGI wrappers to separate multiple users
on the same server
Discuss security issues introduced by Web
server extensions
Use four techniques to prevent shell
expansion of data passed to launched
programs
Fundamentals of CGI
Programming Using Perl
Application Development Fundamentals
Introduction to CGI and Perl
Creating a Simple Script
Perl Fundamentals
Perl File Input and Output Capabilities
Controlling Processing and Output
Saving User-Supplied Data to a File
Fundamentals of CGI
Programming Using Perl
Reading a File
Introduction to Databases
Deleting and Inserting Database Records
CGI Security Issues