No Slide Title

Download Report

Transcript No Slide Title

Fundamentals of
CGI Using Perl
Lesson 1:
Application
Development Fundamentals
Objectives





Explain the application development
process
Distinguish among various application
development environments
Identify common application development
platforms
Clarify various communication protocols
Determine when to use client-side or
server-side scripting
The Application
Development Process



Define a need for a
solution
Analyze the
requirements
Create an
implementation
plan and perform
top-level design





Perform in-depth
design
Create the
application
Test the system
Deploy the system
Maintain the
system
Platforms,
Languages and Protocols




Development platforms
Server-side development technologies
Client-side development technologies
Communication protocols
Client-Side vs.
Server-Side Scripting


Performance issues
Security risks
Hypertext
Transfer Protocol


Passing information with HTTP
HTTP methods
Summary
 Explain the application development
process
 Distinguish among various application
development environments
 Identify common application development
platforms
 Clarify various communication protocols
 Determine when to use client-side or
server-side scripting
Lesson 2:
Introduction to
CGI and Perl
Objectives




Explain how the Common Gateway
Interface works
Describe the GET and POST methods
Describe the benefits of CGI
Describe the benefits of choosing Perl as
your CGI scripting language
Web
Architecture Overview


Browser, server and script interaction
Common Gateway Interface
What Is CGI?



Common
- Supported on almost every platform
Gateway
- Gate or conduit that connects clients
and servers or server programs
Interface
- The manner in which the gateway is
used
Why Use CGI?




Two-directional communication
Storage of user-entered data
Portability of code
Browser independence
What Is Perl?

Practical Extraction Report Language
Why Use Perl?





Free license
Smooth installation
Pre-existing programs
Text and file processing capabilities
Strong points from other languages
Summary
 Explain how the Common Gateway
Interface works
 Describe the GET and POST methods
 Describe the benefits of CGI
 Describe the benefits of choosing Perl as
your CGI scripting language
Lesson 3:
Creating a
Simple Script
Objectives



Discuss the advantages and disadvantages
of client-side and server-side scripts
Use scalar variables
Print HTML to the browser using the print
statement
Key Concepts
and Syntax






Client-side versus server-side scripting
Scalar variables in Perl
Built-in functions
Single and double quotation marks
Using variables in strings
User-defined functions
Key Concepts
and Syntax (cont’d)




Printing HTML from a Perl script
Including HTML after the _END_ keyword
Printing HTML using print <<ANYWORD
Printing HTML from a file
Summary
 Discuss the advantages and disadvantages
of client-side and server-side scripts
 Use scalar variables
 Print HTML to the browser using the print
statement
Lesson 4:
Perl Fundamentals
Objectives






Use CGI.pm to examine environment
variables
Use Perl arrays and associative arrays
Define list and scalar context
Use pattern matching operators
Write if statements
Create loops
Accessing
Environment Variables

Environment variables are stored in an
associative array
Using CGI.pm to Access
Environment Variables


Simpler CGI.pm syntax
Environment access methods
The if Statement


Used exactly as it is used in JavaScript
Can also be used in a unique way at the
end of any statement
Logical Expressions

Numeric and string operators
Pattern Matching

Pattern matching operator
Perl Arrays


Holds a list of scalars (numbers of
strings)
List context versus scalar context
- Initializing scalar variables from an
array
Passing Values
to Functions

Values that are passed to functions are
held in arrays
Associative Arrays



Converting associative arrays to arrays
Using join with arrays and associative
arrays
Using split with arrays
Loops





The while loop
The next and last statements
The for loop
The foreach loop
The sort function
Summary
 Use CGI.pm to examine environment
variables
 Use Perl arrays and associative arrays
 Define list and scalar context
 Use pattern matching operators
 Write if statements
 Create loops
Lesson 5:
Perl File Input and
Output Capabilities
Objectives






Open and close files from within scripts
Read and write to sequential files
Read and write to random-access files
Define file modes
Use the diamond operator in scalar and list
contexts
Use file tests in conditional statements
File IO
Using File Handles



The unless statement
The die statement and the | | operator
The && operator
File Modes




Reading a file
Writing to a file
Appending to a file
Reading and writing to a random-access
file
Using Files
in Scripts





Writing to a file
Reading from a file using the diamond
operator <>
Reading from a file using the read
function
Reading and writing to a random-access
file
The seek function
Creating a
Hit Counter

Every time a page is called, a counter
reads and increments the number in the
file, and stores it back to the file
Summary
 Open and close files from within scripts
 Read and write to sequential files
 Read and write to random-access files
 Define file modes
 Use the diamond operator in scalar and list
contexts
 Use file tests in conditional statements
Lesson 6:
Controlling
Processing and Output
Objectives





Use the HTML form generation methods of
CGI.pm to create HTML pages
Use the param method to retrieve form
values
Create a dual-mode form that accepts and
generates data depending on how it is
accessed
Validate form data and print a missing
fields page
Test Perl scripts in offline mode
Incorporating HTML
into Perl Using CGI.pm

Methods of CGI.pm include:
- start_html
- end_html
- startform A,B,C
- endform
- submit A
- textfield A,B,C,D
- button A,B
- hidden A,B
- header A
Using CGI.pm
to Access Form Data


The POST method
Using CGI.pm for GET or POST
Processing
User-Entered Data

Using the ReadParse method
Using One File to Create
and Process an HTML Form

Perl scripts can operate in two modes
- Called from a hyperlink
- Called from a form submission
Summary
 Use the HTML form generation methods of
CGI.pm to create HTML pages
 Use the param method to retrieve form
values
 Create a dual-mode form that accepts and
generates data depending on how it is
accessed
 Validate form data and print a missing
fields page
 Test Perl scripts in offline mode
Lesson 7:
Saving User-Supplied
Data to a File
Objectives






Use the named parameters syntax for
CGI.pm methods
Save data to a file in a tab-delimited format
Save data to a file using the save method
of the CGI.pm module
Delete and append name-value pairs
Use the substitution pattern-matching
operator
Use the &_ variable to simplify scripts
Saving Form
Data to a File

To save form data:
- Access the field data using the param
method
- Write (print) the field data to an open file
Modifying
Form Data




Named parameters syntax
Methods of CGI.pm with named
parameters
The delete method
The append method
Pattern Matching
Revisited


Pattern-matching operator revisited
Substitution operator
Summary
 Use the named parameters syntax for
CGI.pm methods
 Save data to a file in a tab-delimited format
 Save data to a file using the save method
of the CGI.pm module
 Delete and append name-value pairs
 Use the substitution pattern-matching
operator
 Use the &_ variable to simplify scripts
Lesson 8:
Reading a File
Objectives


Use regular expressions to match
patterns
Substitute characters from a string
using regular expressions
Pattern Matching with
Regular Expressions



Special characters
Quantifiers
Memory
Substitution

Contains four parts
- The character s
- The pattern match
- The replaced characters
- The character g
Summary
 Use regular expressions to match patterns
 Substitute characters from a string using
regular expressions
Lesson 9:
Introduction
to Databases
Objectives




Explain the need for databases
Use the DBI interface to access a database
using any DBD driver
Describe a four-step process for writing
database programs
Use the connect method to access a
database
Objectives




(cont’d)
Write simple and complex SQL statements
Use the q{} and qq{} quoting operators to
write simple SQL statements
Query the table names and table field
names of a database
Combine the CGI and DBI Perl modules to
create a Perl script that accesses and
formats data for presentation in the
browser
Introduction to
Database Programming



Benefits of database interaction
Database Interface (DBI) module
Database Driver (DBD) module
Four Steps to
Interacting with Databases




Connect to the database
Query the database
Display the results
Close the connection
Connecting
to Databases


The connect method
SQL SELECT statement
Quoting Revisited



q{}
qw{}
qq{}
Querying Table
and Field Names

If the query selects all the fields of a table,
you can retrieve a list of all the field names
Summary
 Explain the need for databases
 Use the DBI interface to access a database
using any DBD driver
 Describe a four-step process for writing
database programs
 Use the connect method to access a
database
Summary
(cont’d)
 Write simple and complex SQL statements
 Use the q{} and qq{} quoting operators to
write simple SQL statements
 Query the table names and table field
names of a database
 Combine the CGI and DBI Perl modules to
create a Perl script that accesses and
formats data for presentation in the
browser
Lesson 10:
Deleting and Inserting
Database Records
Objectives




Use the do method to quickly execute SQL
statements
Use the DELETE command to delete
records from a database
Use the INSERT command to insert records
in a database
Use the UPDATE command to modify
records in a database
Modifying Data
in a Database



DELETE command
INSERT command
UPDATE command
The do Method

Duplicates the function of the prepare and
execute methods
Summary
 Use the do method to quickly execute SQL
statements
 Use the DELETE command to delete
records from a database
 Use the INSERT command to insert records
in a database
 Use the UPDATE command to modify
records in a database
Lesson 11:
CGI Security Issues
Objectives





Describe how hackers gather information
about your system
Prevent unauthorized reading of CGI
scripts or data saved by CGI scripts
Use CGI wrappers to separate multiple
users on the same server
Discuss security issues introduced by Web
server extensions
Use four techniques to prevent shell
expansion of data passed to launched
programs
Type of Attacks

Hackers can gather information about your
system by:
- Exploiting bugs in server application
software
- Accessing demo CGI scripts
- Reading contents of poorly configured
CGI scripts
- Readings contents of data saved
improperly
- Passing data to your CGI scripts to
launch unexpected commands
Securing
the CGI Script




Reading CGI scripts
Writing CGI script data
Web server user ID
CGI wrappers
Securing the Server




FrontPage Extensions
ColdFusion
Active Server Pages
Web server and operating system bugs
Securing Form Data




Data as a file name
Maintaining state with hidden fields
Maintaining state with cookies
Cookies versus hidden fields
Securing Data
Passed to Commands



The eval method
The exec method
The system method
Summary
 Describe how hackers gather information
about your system
 Prevent unauthorized reading of CGI
scripts or data saved by CGI scripts
 Use CGI wrappers to separate multiple
users on the same server
 Discuss security issues introduced by Web
server extensions
 Use four techniques to prevent shell
expansion of data passed to launched
programs
Fundamentals of
CGI Using Perl
 Application Development Fundamentals
 Introduction to CGI and Perl
 Creating a Simple Script
 Perl Fundamentals
 Perl File Input and Output Capabilities
 Controlling Processing and Output
 Saving User-Supplied Data to a File
Fundamentals of
CGI Using Perl
 Reading a File
 Introduction to Databases
 Deleting and Inserting Database Records
 CGI Security Issues