View
59
Download
1
Category
Tags:
Preview:
DESCRIPTION
Fundamentals of CGI Programming Using Perl. Lesson 1: Application Development Fundamentals. Objectives. Explain the application development process Distinguish among various application development environments Identify common application development platforms - PowerPoint PPT Presentation
Citation preview
Copyright © 2003 ProsoftTraining. All rights reserved.
Fundamentals of CGI Programming Using Perl
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 1:Application
Development Fundamentals
Objectives
• Explain the application development process• Distinguish among various application
development environments• Identify common application development
platforms• Clarify various communication protocols• Determine when to use client-side or server-
side scripting
The ApplicationDevelopment Process
• Define a need for a solution
• Analyze the requirements
• Create an implementation plan and perform top-level design
• Perform in-depth design
• Create the application
• Test the system• Deploy the system• Maintain the system
Platforms,Languages and Protocols
• Development platforms• Server-side development technologies• Client-side development technologies• Communication protocols
Client-Side vs. Server-Side Scripting
• Performance issues• Security risks
HypertextTransfer Protocol
• Passing information with HTTP• HTTP methods
Summary
Explain the application development process Distinguish among various application
development environments Identify common application development
platforms Clarify various communication protocols Determine when to use client-side or server-
side scripting
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 2:Introduction to
CGI and Perl
Objectives
• Explain how the Common Gateway Interface works
• Describe the GET and POST methods• Describe the benefits of CGI• Describe the benefits of choosing Perl as your
CGI scripting language
Web Architecture Overview
• Browser, server and script interaction• Common Gateway Interface
What Is CGI?
• Common– Supported on almost every platform
• Gateway– Gate or conduit that connects clients and
servers or server programs• Interface
– The manner in which the gateway is used
Why Use CGI?
• Two-directional communication• Storage of user-entered data• Portability of code• Browser independence
What Is Perl?
• Practical Extraction Report Language
Why Use Perl?
• Free license• Smooth installation• Pre-existing programs• Text and file processing capabilities• Strong points from other languages
Summary
Explain how the Common Gateway Interface works
Describe the GET and POST methods Describe the benefits of CGI Describe the benefits of choosing Perl as your
CGI scripting language
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 3:Creating a
Simple Script
Objectives
• Discuss the advantages and disadvantages of client-side and server-side scripts
• Use scalar variables• Print HTML to the browser using the print
statement
Key Concepts and Syntax
• Client-side versus server-side scripting• Scalar variables in Perl• Built-in functions• Single and double quotation marks• Using variables in strings• User-defined functions
Key Concepts and Syntax (cont’d)
• Printing HTML from a Perl script• Including HTML after the _END_ keyword• Printing HTML using print <<ANYWORD• Printing HTML from a file
Summary
Discuss the advantages and disadvantages of client-side and server-side scripts
Use scalar variables Print HTML to the browser using the print
statement
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 4:Perl Fundamentals
Objectives
• Use CGI.pm to examine environment variables• Use Perl arrays and associative arrays• Define list and scalar context• Use pattern matching operators• Write if statements• Create loops
Accessing Environment Variables
• Environment variables are stored in an associative array
Using CGI.pm to Access Environment Variables
• Simpler CGI.pm syntax• Environment access methods
If Statement
• Used exactly as it is used in JavaScript• Can also be used in a unique way at the end of
any statement
Logical Expressions
• Numeric and string operators
Pattern Matching
• Pattern matching operator
Perl Arrays
• Holds a list of scalars (numbers of strings)• List context versus scalar context
– Initializing scalar variables from an array
Passing Values to Functions
• Values that are passed to functions are held in arrays
Associative Arrays
• Converting associative arrays to arrays• Using join with arrays and associative arrays• Using split with arrays
Loops
• The while loop• The next and last statements• The for loop• The foreach loop• The sort function
Summary
Use CGI.pm to examine environment variables Use Perl arrays and associative arrays Define list and scalar context Use pattern matching operators Write if statements Create loops
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 5:Perl File Input and Output Capabilities
Objectives
• Open and close files from within scripts• Read and write to sequential files• Read and write to random-access files• Define file modes• Use the diamond operator in scalar and list
contexts• Use file tests in conditional statements
File IO Using File Handles
• The unless statement• The die statement and the | | operator• The && operator
File Modes
• Reading a file• Writing to a file• Appending to a file• Reading and writing to a random-access file
Using Files in Scripts
• Writing to a file• Reading from a file using the diamond
operator <>• Reading from a file using the read function• Reading and writing to a random-access file• The seek function
Creating a Hit Counter
• Every time a page is called, a counter reads and increments the number in the file, and stores it back to the file
Summary
Open and close files from within scripts Read and write to sequential files Read and write to random-access files Define file modes Use the diamond operator in scalar and list
contexts Use file tests in conditional statements
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 6:Controlling
Processing and Output
Objectives
• Use the HTML form generation methods of CGI.pm to create HTML pages
• Use the param method to retrieve form values• Create a dual-mode form that accepts and
generates data depending on how it is accessed
• Validate form data and print a missing fields page
• Test Perl scripts in offline mode
Incorporating HTML into Perl Using CGI.pm
• Methods of CGI.pm include– start_html– end_html– startform A,B,C– endform– submit A– textfield A,B,C,D– button A,B– hidden A,B– header A
Using CGI.pm to Access Form Data
• The POST method• Using CGI.pm for GET or POST
ProcessingUser-Entered Data
• Using the ReadParse method
Using One File to Createand Process an HTML Form
• Perl scripts can operate in two modes– Called from a hyperlink– Called from a form submission
Using Perl toValidate Form Input
• Perl scripts commonly validate form data:– Before saving the data– Before processing the data
Summary
Use the HTML form generation methods of CGI.pm to create HTML pages
Use the param method to retrieve form values Create a dual-mode form that accepts and
generates data depending on how it is accessed
Validate form data and print a missing fields page
Test Perl scripts in offline mode
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 7:Saving
User-Supplied Data to a File
Objectives
• Use the named parameters syntax for CGI.pm methods
• Save data to a file in a tab-delimited format• Save data to a file using the save method of
the CGI.pm module• Delete and append name-value pairs• Use the substitution pattern-matching
operator• Use the &_ variable to simplify scripts
Saving Form Data to a File
• To save form data:– Access the field data using the param
method– Write (print) the field data to an open file
Modifying Form Data
• Named parameters syntax• Methods of CGI.pm with named
parameters• The delete method• The append method
Pattern Matching Revisited
• Pattern-matching operator revisited• Substitution operator
Summary
Use the named parameters syntax for CGI.pm methods
Save data to a file in a tab-delimited format Save data to a file using the save method of
the CGI.pm module Delete and append name-value pairs Use the substitution pattern-matching
operator Use the &_ variable to simplify scripts
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 8:Reading a File
Objectives
• Use regular expressions to match patterns• Substitute characters from a string using
regular expressions
Pattern Matching withRegular Expressions
• Special characters• Quantifiers• Memory
Substitution
• Contains four parts– The character s– The pattern match– The replaced characters– The character g
Summary
Use regular expressions to match patterns Substitute characters from a string using
regular expressions
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 9:Introduction to Databases
Objectives
• Explain the need for databases• Use the DBI interface to access a database
using any DBD driver• Describe a four-step process for writing
database programs• Use the connect method to access a database
Objectives (cont’d)
• Write simple and complex SQL statements• Use the q{} and qq{} quoting operators to
write simple SQL statements• Query the table names and table field names
of a database• Combine the CGI and DBI Perl modules to
create a Perl script that accesses and formats data for presentation in the browser
Introduction toDatabase Programming
• Benefits of database interaction• Database Interface (DBI) module• Database Driver (DBD) module
Four Steps to Interacting with Databases
• Connect to the database• Query the database• Display the results• Close the connection
Connecting to Databases
• The connect method• SQL SELECT statement
Quoting Revisited
• q{}• qw{}• qq{}
Querying Table and Field Names
• If the query selects all the fields of a table, you can retrieve a list of all the field names
Summary
Explain the need for databases Use the DBI interface to access a database
using any DBD driver Describe a four-step process for writing
database programs Use the connect method to access a database
Summary (cont’d)
Write simple and complex SQL statements Use the q{} and qq{} quoting operators to
write simple SQL statements Query the table names and table field names
of a database Combine the CGI and DBI Perl modules to
create a Perl script that accesses and formats data for presentation in the browser
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 10:Deleting and
Inserting Database Records
Objectives
• Use the do method to quickly execute SQL statements
• Use the DELETE command to delete records from a database
• Use the INSERT command to insert records in a database
• Use the UPDATE command to modify records in a database
Modifying Data in a Database
• DELETE command• INSERT command• UPDATE command
The do Method
• Duplicates the function of the prepare and execute methods
Summary
Use the do method to quickly execute SQL statements
Use the DELETE command to delete records from a database
Use the INSERT command to insert records in a database
Use the UPDATE command to modify records in a database
Copyright © 2003 ProsoftTraining. All rights reserved.
Lesson 11:CGI Security Issues
Objectives
• Describe how hackers gather information about your system
• Prevent unauthorized reading of CGI scripts or data saved by CGI scripts
• Use CGI wrappers to separate multiple users on the same server
• Discuss security issues introduced by Web server extensions
• Use four techniques to prevent shell expansion of data passed to launched programs
Type of Attacks
• Hackers can gather information about your system by– Exploiting bugs in server application
software– Accessing demo CGI scripts– Reading contents of poorly configured CGI
scripts– Readings contents of data saved
improperly– Passing data to your CGI scripts to launch
unexpected commands
Securing the CGI Script
• Reading CGI scripts• Writing CGI script data• Web server user ID• CGI wrappers
Securing the Server
• FrontPage Extensions• ColdFusion• Active Server Pages• Web server and operating system bugs
Securing Form Data
• Data as a file name• Maintaining state with hidden fields• Maintaining state with cookies• Cookies versus hidden fields
Securing DataPassed to Commands
• The eval method• The exec method• The system method
Summary
Describe how hackers gather information about your system
Prevent unauthorized reading of CGI scripts or data saved by CGI scripts
Use CGI wrappers to separate multiple users on the same server
Discuss security issues introduced by Web server extensions
Use four techniques to prevent shell expansion of data passed to launched programs
Fundamentals of CGI Programming Using Perl
Application Development Fundamentals Introduction to CGI and Perl Creating a Simple Script Perl Fundamentals Perl File Input and Output Capabilities Controlling Processing and Output Saving User-Supplied Data to a File
Fundamentals of CGI Programming Using Perl
Reading a File Introduction to Databases Deleting and Inserting Database Records CGI Security Issues
Recommended