M.P. Johnson, DBMS, Stern/NYU, Sp20041 C : Database Management Systems Lecture #20 Matthew P. Johnson Stern School of Business, NYU Spring, 2004

M.P. Johnson, DBMS, Stern/NYU, Sp Agenda Previously: PL/SQL Next: Project part 3 really due now  Bad date Project part 4 due next week  Tuesday Scripting for SQL on the web  CGI/Perl  PHP Security

M.P. Johnson, DBMS, Stern/NYU, Sp New topic: web apps Goal: web front-end to database  Present dynamic content, on demand  Not canned (static) pages/not canned queries  (perhaps) modify DB on demand Naïve soln: static webpage & HTTP  index.html written, stored, put on server, displayed when it’s url is requested  HTTP is stateless (so?)  This doesn’t solve our problem

M.P. Johnson, DBMS, Stern/NYU, Sp Dynamic webpages Soln 1: upon url request 1. somehow decide to dynamically generate an html page (from scratch) 2. send back new html page to user  No html file exists on server, just created on demand  CGI, Java servlets, etc.

M.P. Johnson, DBMS, Stern/NYU, Sp New topic: CGI First, and still very popular, mechanism for first soln CGI: Common Gateway Interface  Not a programming language!  Just an interface (connection) between the webserver and a program  Very simple basic idea: user chooses an url  webserver runs that url’s program, sends back the program’s output

M.P. Johnson, DBMS, Stern/NYU, Sp On-the-fly content with CGI Image from Program Client Server HTTP Request Data for program Generated HTML HTML

M.P. Johnson, DBMS, Stern/NYU, Sp Using CGI CGI works with any prog./scripting lang. Really? Well, any language your server works with  I.e., the machine running your webserver program pages/soho, not sales  And that the user the webserver is running as (e.g. nobody) can use and has env. vars. for  And whose jars/libaries are available and whose permissions are set  And (for us) whose MySQL dependencies are installed Plausible choices: Perl, Python, C

M.P. Johnson, DBMS, Stern/NYU, Sp CGI admin Most webservers: CGI program/script must either 1. End in.cgi or 2. Reside in cgi-bin Ours: needs.cgi extention If a program, the cgi file is just the name of the executable: gcc -o myprog.cgi myproc.gcc

M.P. Johnson, DBMS, Stern/NYU, Sp CGI admin If a script, first (“shebang”) line says which interpreter to use: Either way, cgi file must be executable: Make sure your cgi file runs at cmd prompt:  But not a guarantee! #!/usr/local/bin/perl sales% chmod +x *.cgi sales% myprog.cgi

M.P. Johnson, DBMS, Stern/NYU, Sp CGI input CGI programs must respond to input Two mechanisms:  GET: read env. var. QUERY_STRING  POST: get length from env. var. CONTENT_LENGTH; read from STDIN This diff. mostly invis. to Perl, PHP Both send a sequence of name/value pairs, separated by &s: name=a&submit=Search

M.P. Johnson, DBMS, Stern/NYU, Sp CGI input Appearance/security differences GET: string is part of the URL, following a ?: POST: string can be read by program from an environmental variable  Vars not visible to the browser user  Not automatically put in server log, etc. perl/lookup.cgi?name=1&submit=Search

M.P. Johnson, DBMS, Stern/NYU, Sp Our use of CGI We’ll discuss CGI and Perl  One option for your project  Can try C, C++, etc.  But not recommended! For CGI, only Perl will be supported  Scripting languages v. programming languages  Development v. IT  Other languages are still not recommended especially if you don’t know Perl and PHP

M.P. Johnson, DBMS, Stern/NYU, Sp New topic: Just Enough Perl Very popular, powerful scripting language Very good at “regular expressions”, text manipulation, but not very relevant to us Instead:  simple text/html production  Basic language constructs  MySQL connectivity Perl = Practical Extraction and Report Language or = Pathologically Eclectic Rubbish Lister perl -pi -e 's/tcsh/sh/' $HOME/.login See

M.P. Johnson, DBMS, Stern/NYU, Sp hello.pl Hello, World - hello.pl Running at command prompt: #! /usr/bin/perl -w print "Hello World\n"; #! /usr/bin/perl -w print "Hello World\n"; sales% perl hello.pl Hello World sales% sales% perl hello.pl Hello World sales%

M.P. Johnson, DBMS, Stern/NYU, Sp Hello, World - hello.pl Run from browser:  What’s wrong?  What’s wrong?  What’s wrong?

M.P. Johnson, DBMS, Stern/NYU, Sp Hello, World – hello3.cgi Script errors, w/ and w/o fatalsToBrowser:  #! /usr/bin/perl -w use CGI qw(:standard); use CGI::Carp qw( fatalsToBrowser warningsToBrowser ); print header(); pr int "Hello World\n"; #! /usr/bin/perl -w use CGI qw(:standard); use CGI::Carp qw( fatalsToBrowser warningsToBrowser ); print header(); pr int "Hello World\n";

M.P. Johnson, DBMS, Stern/NYU, Sp More on Perl Perl is mostly “C-like” Perl is case-sensitive Use # for rest-of-line comments Creation of functions are supported but optional Perl has “modules”/“packages” CGI module:  Provides header() function, access to params Mysql module: use CGI qw(:standard); use Mysql;

M.P. Johnson, DBMS, Stern/NYU, Sp Perl and strings Can use “ ” for strings Concatenate with. op: Print text with print function: Or, parentheses can be dropped! “Hi ”. “there\n” print (“Hi there”); print “Hi there”;

M.P. Johnson, DBMS, Stern/NYU, Sp Perl and strings Can compare numbers (as numbers) with usual operators  <=, etc.  3 < 5 These do not apply to strings String ops are based on initials of operations:  eq, ne, lt, gt, le, ge  “hi” ne “there”  “hi” le “hi there”

M.P. Johnson, DBMS, Stern/NYU, Sp Perl and variables Regular variables begin with $  $input, $query Declare vars with my: Q: What about var types? A: Perl is loosely typed! my $s = “hi”; my $query = “select …”; my $s = “hi”; my $query = “select …”; my $s = “hi”; $s = 10; $s = 3.5; my $s = “hi”; $s = 10; $s = 3.5;

M.P. Johnson, DBMS, Stern/NYU, Sp Perl, strings, and variables print takes var-many arguments: Variables are always “escaped” Vars may appear within strings: Prints out: Hello Dolly.  To prevent, use single quotes ‘ ‘ $name = “Dolly”; print (“Hello $name.\n”); print (“Hello ”, “Dolly”. “.\n”);

M.P. Johnson, DBMS, Stern/NYU, Sp Perl syntax examples Access member/field of object ::  object::member Access member pointed to by object ->  rowhash->field Can access array members with indices Can access hash members with strings perl/controlscgi.txt perl/controlscgi.txt

M.P. Johnson, DBMS, Stern/NYU, Sp Tutorials on Perl Some material drawn from the following good tutorials: CGI backend programming using perl:  Perl Basics:  CGI Basics:  MySQL/Perl/CGI example: 

M.P. Johnson, DBMS, Stern/NYU, Sp Tutorials on PHP Some material drawn from the following good tutorials: PHP introduction and examples:  Interactive PHP with database access:  Longer PHP/MySQL Tutorial from webmonkey:  Nice insert/update/delete example from webmonkey:  MySQL/Perl/PHP page from U-Wash: 

M.P. Johnson, DBMS, Stern/NYU, Sp Comparison of scripting languages PHP v. Perl:  PHP v. Perl v. Java servlets v. …:  -side-scripting-language/ -side-scripting-language/