No Slide Title
Download
Report
Transcript No Slide Title
Fundamentals of
CGI Using Perl
Lesson 1:
Application
Development Fundamentals
Objectives
Explain the application development
process
Distinguish among various application
development environments
Identify common application development
platforms
Clarify various communication protocols
Determine when to use client-side or
server-side scripting
The Application
Development Process
Define a need for a
solution
Analyze the
requirements
Create an
implementation
plan and perform
top-level design
Perform in-depth
design
Create the
application
Test the system
Deploy the system
Maintain the
system
Platforms,
Languages and Protocols
Development platforms
Server-side development technologies
Client-side development technologies
Communication protocols
Client-Side vs.
Server-Side Scripting
Performance issues
Security risks
Hypertext
Transfer Protocol
Passing information with HTTP
HTTP methods
Summary
Explain the application development
process
Distinguish among various application
development environments
Identify common application development
platforms
Clarify various communication protocols
Determine when to use client-side or
server-side scripting
Lesson 2:
Introduction to
CGI and Perl
Objectives
Explain how the Common Gateway
Interface works
Describe the GET and POST methods
Describe the benefits of CGI
Describe the benefits of choosing Perl as
your CGI scripting language
Web
Architecture Overview
Browser, server and script interaction
Common Gateway Interface
What Is CGI?
Common
- Supported on almost every platform
Gateway
- Gate or conduit that connects clients
and servers or server programs
Interface
- The manner in which the gateway is
used
Why Use CGI?
Two-directional communication
Storage of user-entered data
Portability of code
Browser independence
What Is Perl?
Practical Extraction Report Language
Why Use Perl?
Free license
Smooth installation
Pre-existing programs
Text and file processing capabilities
Strong points from other languages
Summary
Explain how the Common Gateway
Interface works
Describe the GET and POST methods
Describe the benefits of CGI
Describe the benefits of choosing Perl as
your CGI scripting language
Lesson 3:
Creating a
Simple Script
Objectives
Discuss the advantages and disadvantages
of client-side and server-side scripts
Use scalar variables
Print HTML to the browser using the print
statement
Key Concepts
and Syntax
Client-side versus server-side scripting
Scalar variables in Perl
Built-in functions
Single and double quotation marks
Using variables in strings
User-defined functions
Key Concepts
and Syntax (cont’d)
Printing HTML from a Perl script
Including HTML after the _END_ keyword
Printing HTML using print <<ANYWORD
Printing HTML from a file
Summary
Discuss the advantages and disadvantages
of client-side and server-side scripts
Use scalar variables
Print HTML to the browser using the print
statement
Lesson 4:
Perl Fundamentals
Objectives
Use CGI.pm to examine environment
variables
Use Perl arrays and associative arrays
Define list and scalar context
Use pattern matching operators
Write if statements
Create loops
Accessing
Environment Variables
Environment variables are stored in an
associative array
Using CGI.pm to Access
Environment Variables
Simpler CGI.pm syntax
Environment access methods
The if Statement
Used exactly as it is used in JavaScript
Can also be used in a unique way at the
end of any statement
Logical Expressions
Numeric and string operators
Pattern Matching
Pattern matching operator
Perl Arrays
Holds a list of scalars (numbers of
strings)
List context versus scalar context
- Initializing scalar variables from an
array
Passing Values
to Functions
Values that are passed to functions are
held in arrays
Associative Arrays
Converting associative arrays to arrays
Using join with arrays and associative
arrays
Using split with arrays
Loops
The while loop
The next and last statements
The for loop
The foreach loop
The sort function
Summary
Use CGI.pm to examine environment
variables
Use Perl arrays and associative arrays
Define list and scalar context
Use pattern matching operators
Write if statements
Create loops
Lesson 5:
Perl File Input and
Output Capabilities
Objectives
Open and close files from within scripts
Read and write to sequential files
Read and write to random-access files
Define file modes
Use the diamond operator in scalar and list
contexts
Use file tests in conditional statements
File IO
Using File Handles
The unless statement
The die statement and the | | operator
The && operator
File Modes
Reading a file
Writing to a file
Appending to a file
Reading and writing to a random-access
file
Using Files
in Scripts
Writing to a file
Reading from a file using the diamond
operator <>
Reading from a file using the read
function
Reading and writing to a random-access
file
The seek function
Creating a
Hit Counter
Every time a page is called, a counter
reads and increments the number in the
file, and stores it back to the file
Summary
Open and close files from within scripts
Read and write to sequential files
Read and write to random-access files
Define file modes
Use the diamond operator in scalar and list
contexts
Use file tests in conditional statements
Lesson 6:
Controlling
Processing and Output
Objectives
Use the HTML form generation methods of
CGI.pm to create HTML pages
Use the param method to retrieve form
values
Create a dual-mode form that accepts and
generates data depending on how it is
accessed
Validate form data and print a missing
fields page
Test Perl scripts in offline mode
Incorporating HTML
into Perl Using CGI.pm
Methods of CGI.pm include:
- start_html
- end_html
- startform A,B,C
- endform
- submit A
- textfield A,B,C,D
- button A,B
- hidden A,B
- header A
Using CGI.pm
to Access Form Data
The POST method
Using CGI.pm for GET or POST
Processing
User-Entered Data
Using the ReadParse method
Using One File to Create
and Process an HTML Form
Perl scripts can operate in two modes
- Called from a hyperlink
- Called from a form submission
Summary
Use the HTML form generation methods of
CGI.pm to create HTML pages
Use the param method to retrieve form
values
Create a dual-mode form that accepts and
generates data depending on how it is
accessed
Validate form data and print a missing
fields page
Test Perl scripts in offline mode
Lesson 7:
Saving User-Supplied
Data to a File
Objectives
Use the named parameters syntax for
CGI.pm methods
Save data to a file in a tab-delimited format
Save data to a file using the save method
of the CGI.pm module
Delete and append name-value pairs
Use the substitution pattern-matching
operator
Use the &_ variable to simplify scripts
Saving Form
Data to a File
To save form data:
- Access the field data using the param
method
- Write (print) the field data to an open file
Modifying
Form Data
Named parameters syntax
Methods of CGI.pm with named
parameters
The delete method
The append method
Pattern Matching
Revisited
Pattern-matching operator revisited
Substitution operator
Summary
Use the named parameters syntax for
CGI.pm methods
Save data to a file in a tab-delimited format
Save data to a file using the save method
of the CGI.pm module
Delete and append name-value pairs
Use the substitution pattern-matching
operator
Use the &_ variable to simplify scripts
Lesson 8:
Reading a File
Objectives
Use regular expressions to match
patterns
Substitute characters from a string
using regular expressions
Pattern Matching with
Regular Expressions
Special characters
Quantifiers
Memory
Substitution
Contains four parts
- The character s
- The pattern match
- The replaced characters
- The character g
Summary
Use regular expressions to match patterns
Substitute characters from a string using
regular expressions
Lesson 9:
Introduction
to Databases
Objectives
Explain the need for databases
Use the DBI interface to access a database
using any DBD driver
Describe a four-step process for writing
database programs
Use the connect method to access a
database
Objectives
(cont’d)
Write simple and complex SQL statements
Use the q{} and qq{} quoting operators to
write simple SQL statements
Query the table names and table field
names of a database
Combine the CGI and DBI Perl modules to
create a Perl script that accesses and
formats data for presentation in the
browser
Introduction to
Database Programming
Benefits of database interaction
Database Interface (DBI) module
Database Driver (DBD) module
Four Steps to
Interacting with Databases
Connect to the database
Query the database
Display the results
Close the connection
Connecting
to Databases
The connect method
SQL SELECT statement
Quoting Revisited
q{}
qw{}
qq{}
Querying Table
and Field Names
If the query selects all the fields of a table,
you can retrieve a list of all the field names
Summary
Explain the need for databases
Use the DBI interface to access a database
using any DBD driver
Describe a four-step process for writing
database programs
Use the connect method to access a
database
Summary
(cont’d)
Write simple and complex SQL statements
Use the q{} and qq{} quoting operators to
write simple SQL statements
Query the table names and table field
names of a database
Combine the CGI and DBI Perl modules to
create a Perl script that accesses and
formats data for presentation in the
browser
Lesson 10:
Deleting and Inserting
Database Records
Objectives
Use the do method to quickly execute SQL
statements
Use the DELETE command to delete
records from a database
Use the INSERT command to insert records
in a database
Use the UPDATE command to modify
records in a database
Modifying Data
in a Database
DELETE command
INSERT command
UPDATE command
The do Method
Duplicates the function of the prepare and
execute methods
Summary
Use the do method to quickly execute SQL
statements
Use the DELETE command to delete
records from a database
Use the INSERT command to insert records
in a database
Use the UPDATE command to modify
records in a database
Lesson 11:
CGI Security Issues
Objectives
Describe how hackers gather information
about your system
Prevent unauthorized reading of CGI
scripts or data saved by CGI scripts
Use CGI wrappers to separate multiple
users on the same server
Discuss security issues introduced by Web
server extensions
Use four techniques to prevent shell
expansion of data passed to launched
programs
Type of Attacks
Hackers can gather information about your
system by:
- Exploiting bugs in server application
software
- Accessing demo CGI scripts
- Reading contents of poorly configured
CGI scripts
- Readings contents of data saved
improperly
- Passing data to your CGI scripts to
launch unexpected commands
Securing
the CGI Script
Reading CGI scripts
Writing CGI script data
Web server user ID
CGI wrappers
Securing the Server
FrontPage Extensions
ColdFusion
Active Server Pages
Web server and operating system bugs
Securing Form Data
Data as a file name
Maintaining state with hidden fields
Maintaining state with cookies
Cookies versus hidden fields
Securing Data
Passed to Commands
The eval method
The exec method
The system method
Summary
Describe how hackers gather information
about your system
Prevent unauthorized reading of CGI
scripts or data saved by CGI scripts
Use CGI wrappers to separate multiple
users on the same server
Discuss security issues introduced by Web
server extensions
Use four techniques to prevent shell
expansion of data passed to launched
programs
Fundamentals of
CGI Using Perl
Application Development Fundamentals
Introduction to CGI and Perl
Creating a Simple Script
Perl Fundamentals
Perl File Input and Output Capabilities
Controlling Processing and Output
Saving User-Supplied Data to a File
Fundamentals of
CGI Using Perl
Reading a File
Introduction to Databases
Deleting and Inserting Database Records
CGI Security Issues