Transcript Document

Fundamentals of CGI
Programming Using Perl
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 1:
Application
Development Fundamentals
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Explain the application development process
• Distinguish among various application
development environments
• Identify common application development
platforms
• Clarify various communication protocols
• Determine when to use client-side or serverside scripting
The Application
Development Process
• Define a need for a
solution
• Analyze the
requirements
• Create an
implementation plan
and perform toplevel design
• Perform in-depth
design
• Create the
application
• Test the system
• Deploy the system
• Maintain the system
Platforms,
Languages and Protocols
•
•
•
•
Development platforms
Server-side development technologies
Client-side development technologies
Communication protocols
Client-Side vs.
Server-Side Scripting
• Performance issues
• Security risks
Hypertext
Transfer Protocol
• Passing information with HTTP
• HTTP methods
Summary
 Explain the application development process
 Distinguish among various application
development environments
 Identify common application development
platforms
 Clarify various communication protocols
 Determine when to use client-side or serverside scripting
Lesson 2:
Introduction to
CGI and Perl
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Explain how the Common Gateway Interface
works
• Describe the GET and POST methods
• Describe the benefits of CGI
• Describe the benefits of choosing Perl as your
CGI scripting language
Web
Architecture Overview
• Browser, server and script interaction
• Common Gateway Interface
What Is CGI?
• Common
– Supported on almost every platform
• Gateway
– Gate or conduit that connects clients and
servers or server programs
• Interface
– The manner in which the gateway is used
Why Use CGI?
•
•
•
•
Two-directional communication
Storage of user-entered data
Portability of code
Browser independence
What Is Perl?
• Practical Extraction Report Language
Why Use Perl?
•
•
•
•
•
Free license
Smooth installation
Pre-existing programs
Text and file processing capabilities
Strong points from other languages
Summary
 Explain how the Common Gateway Interface
works
 Describe the GET and POST methods
 Describe the benefits of CGI
 Describe the benefits of choosing Perl as your
CGI scripting language
Lesson 3:
Creating a
Simple Script
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Discuss the advantages and disadvantages of
client-side and server-side scripts
• Use scalar variables
• Print HTML to the browser using the print
statement
Key Concepts
and Syntax
•
•
•
•
•
•
Client-side versus server-side scripting
Scalar variables in Perl
Built-in functions
Single and double quotation marks
Using variables in strings
User-defined functions
Key Concepts
and Syntax (cont’d)
•
•
•
•
Printing HTML from a Perl script
Including HTML after the _END_ keyword
Printing HTML using print <<ANYWORD
Printing HTML from a file
Summary
 Discuss the advantages and disadvantages of
client-side and server-side scripts
 Use scalar variables
 Print HTML to the browser using the print
statement
Lesson 4:
Perl Fundamentals
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
•
•
•
•
•
•
Use CGI.pm to examine environment variables
Use Perl arrays and associative arrays
Define list and scalar context
Use pattern matching operators
Write if statements
Create loops
Accessing
Environment Variables
• Environment variables are stored in an
associative array
Using CGI.pm to Access
Environment Variables
• Simpler CGI.pm syntax
• Environment access methods
If Statement
• Used exactly as it is used in JavaScript
• Can also be used in a unique way at the end of
any statement
Logical
Expressions
• Numeric and string operators
Pattern
Matching
• Pattern matching operator
Perl
Arrays
• Holds a list of scalars (numbers of strings)
• List context versus scalar context
– Initializing scalar variables from an array
Passing Values
to Functions
• Values that are passed to functions are held in
arrays
Associative Arrays
• Converting associative arrays to arrays
• Using join with arrays and associative arrays
• Using split with arrays
Loops
•
•
•
•
•
The while loop
The next and last statements
The for loop
The foreach loop
The sort function
Summary






Use CGI.pm to examine environment variables
Use Perl arrays and associative arrays
Define list and scalar context
Use pattern matching operators
Write if statements
Create loops
Lesson 5:
Perl File Input and
Output Capabilities
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
•
•
•
•
•
Open and close files from within scripts
Read and write to sequential files
Read and write to random-access files
Define file modes
Use the diamond operator in scalar and list
contexts
• Use file tests in conditional statements
File IO
Using File Handles
• The unless statement
• The die statement and the | | operator
• The && operator
File
Modes
•
•
•
•
Reading a file
Writing to a file
Appending to a file
Reading and writing to a random-access file
Using Files
in Scripts
• Writing to a file
• Reading from a file using the diamond
operator <>
• Reading from a file using the read function
• Reading and writing to a random-access file
• The seek function
Creating a
Hit Counter
• Every time a page is called, a counter reads
and increments the number in the file, and
stores it back to the file
Summary





Open and close files from within scripts
Read and write to sequential files
Read and write to random-access files
Define file modes
Use the diamond operator in scalar and list
contexts
 Use file tests in conditional statements
Lesson 6:
Controlling
Processing and Output
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Use the HTML form generation methods of
CGI.pm to create HTML pages
• Use the param method to retrieve form values
• Create a dual-mode form that accepts and
generates data depending on how it is
accessed
• Validate form data and print a missing fields
page
• Test Perl scripts in offline mode
Incorporating HTML
into Perl Using CGI.pm
• Methods of CGI.pm include
– start_html
– end_html
– startform A,B,C
– endform
– submit A
– textfield A,B,C,D
– button A,B
– hidden A,B
– header A
Using CGI.pm
to Access Form Data
• The POST method
• Using CGI.pm for GET or POST
Processing
User-Entered Data
• Using the ReadParse method
Using One File to Create
and Process an HTML Form
• Perl scripts can operate in two modes
– Called from a hyperlink
– Called from a form submission
Using Perl to
Validate Form Input
• Perl scripts commonly validate form data:
– Before saving the data
– Before processing the data
Summary
 Use the HTML form generation methods of
CGI.pm to create HTML pages
 Use the param method to retrieve form values
 Create a dual-mode form that accepts and
generates data depending on how it is
accessed
 Validate form data and print a missing fields
page
 Test Perl scripts in offline mode
Lesson 7:
Saving
User-Supplied Data to a File
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Use the named parameters syntax for CGI.pm
methods
• Save data to a file in a tab-delimited format
• Save data to a file using the save method of
the CGI.pm module
• Delete and append name-value pairs
• Use the substitution pattern-matching
operator
• Use the &_ variable to simplify scripts
Saving Form
Data to a File
• To save form data:
– Access the field data using the param
method
– Write (print) the field data to an open file
Modifying
Form Data
• Named parameters syntax
• Methods of CGI.pm with named
parameters
• The delete method
• The append method
Pattern Matching
Revisited
• Pattern-matching operator revisited
• Substitution operator
Summary
 Use the named parameters syntax for CGI.pm
methods
 Save data to a file in a tab-delimited format
 Save data to a file using the save method of
the CGI.pm module
 Delete and append name-value pairs
 Use the substitution pattern-matching
operator
 Use the &_ variable to simplify scripts
Lesson 8:
Reading a File
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Use regular expressions to match patterns
• Substitute characters from a string using
regular expressions
Pattern Matching with
Regular Expressions
• Special characters
• Quantifiers
• Memory
Substitution
• Contains four parts
– The character s
– The pattern match
– The replaced characters
– The character g
Summary
 Use regular expressions to match patterns
 Substitute characters from a string using
regular expressions
Lesson 9:
Introduction
to Databases
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Explain the need for databases
• Use the DBI interface to access a database
using any DBD driver
• Describe a four-step process for writing
database programs
• Use the connect method to access a
database
Objectives
(cont’d)
• Write simple and complex SQL statements
• Use the q{} and qq{} quoting operators to
write simple SQL statements
• Query the table names and table field names
of a database
• Combine the CGI and DBI Perl modules to
create a Perl script that accesses and formats
data for presentation in the browser
Introduction to
Database Programming
• Benefits of database interaction
• Database Interface (DBI) module
• Database Driver (DBD) module
Four Steps to
Interacting with Databases
•
•
•
•
Connect to the database
Query the database
Display the results
Close the connection
Connecting
to Databases
• The connect method
• SQL SELECT statement
Quoting
Revisited
• q{}
• qw{}
• qq{}
Querying Table
and Field Names
• If the query selects all the fields of a table, you
can retrieve a list of all the field names
Summary
 Explain the need for databases
 Use the DBI interface to access a database
using any DBD driver
 Describe a four-step process for writing
database programs
 Use the connect method to access a
database
Summary
(cont’d)
 Write simple and complex SQL statements
 Use the q{} and qq{} quoting operators to
write simple SQL statements
 Query the table names and table field names
of a database
 Combine the CGI and DBI Perl modules to
create a Perl script that accesses and formats
data for presentation in the browser
Lesson 10:
Deleting and
Inserting Database Records
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Use the do method to quickly execute SQL
statements
• Use the DELETE command to delete records
from a database
• Use the INSERT command to insert records in
a database
• Use the UPDATE command to modify records
in a database
Modifying Data
in a Database
• DELETE command
• INSERT command
• UPDATE command
The do Method
• Duplicates the function of the prepare and
execute methods
Summary
 Use the do method to quickly execute SQL
statements
 Use the DELETE command to delete records
from a database
 Use the INSERT command to insert records in
a database
 Use the UPDATE command to modify records
in a database
Lesson 11:
CGI Security Issues
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Describe how hackers gather information
about your system
• Prevent unauthorized reading of CGI scripts or
data saved by CGI scripts
• Use CGI wrappers to separate multiple users
on the same server
• Discuss security issues introduced by Web
server extensions
• Use four techniques to prevent shell
expansion of data passed to launched
programs
Type
of Attacks
• Hackers can gather information about your
system by
– Exploiting bugs in server application
software
– Accessing demo CGI scripts
– Reading contents of poorly configured CGI
scripts
– Readings contents of data saved
improperly
– Passing data to your CGI scripts to launch
unexpected commands
Securing
the CGI Script
•
•
•
•
Reading CGI scripts
Writing CGI script data
Web server user ID
CGI wrappers
Securing
the Server
•
•
•
•
FrontPage Extensions
ColdFusion
Active Server Pages
Web server and operating system bugs
Securing
Form Data
•
•
•
•
Data as a file name
Maintaining state with hidden fields
Maintaining state with cookies
Cookies versus hidden fields
Securing Data
Passed to Commands
• The eval method
• The exec method
• The system method
Summary
 Describe how hackers gather information
about your system
 Prevent unauthorized reading of CGI scripts or
data saved by CGI scripts
 Use CGI wrappers to separate multiple users
on the same server
 Discuss security issues introduced by Web
server extensions
 Use four techniques to prevent shell
expansion of data passed to launched
programs
Fundamentals of CGI
Programming Using Perl







Application Development Fundamentals
Introduction to CGI and Perl
Creating a Simple Script
Perl Fundamentals
Perl File Input and Output Capabilities
Controlling Processing and Output
Saving User-Supplied Data to a File
Fundamentals of CGI
Programming Using Perl




Reading a File
Introduction to Databases
Deleting and Inserting Database Records
CGI Security Issues