Fundamentals of CGI Programming Using Perl

Copyright © 2003 ProsoftTraining. All rights reserved.

Fundamentals of CGI Programming Using Perl


Lesson 1:Application

Development Fundamentals

Objectives

• Explain the application development process• Distinguish among various application

development environments• Identify common application development

platforms• Clarify various communication protocols• Determine when to use client-side or server-

side scripting

The ApplicationDevelopment Process

• Define a need for a solution

• Analyze the requirements

• Create an implementation plan and perform top-level design

• Perform in-depth design

• Create the application

• Test the system• Deploy the system• Maintain the system

Platforms,Languages and Protocols

• Development platforms• Server-side development technologies• Client-side development technologies• Communication protocols

Client-Side vs. Server-Side Scripting

• Performance issues• Security risks

HypertextTransfer Protocol

• Passing information with HTTP• HTTP methods

Summary

Explain the application development process Distinguish among various application

development environments Identify common application development

platforms Clarify various communication protocols Determine when to use client-side or server-

side scripting


Lesson 2:Introduction to

CGI and Perl

Objectives

• Explain how the Common Gateway Interface works

• Describe the GET and POST methods• Describe the benefits of CGI• Describe the benefits of choosing Perl as your

CGI scripting language

Web Architecture Overview

• Browser, server and script interaction• Common Gateway Interface

What Is CGI?

• Common– Supported on almost every platform

• Gateway– Gate or conduit that connects clients and

servers or server programs• Interface

– The manner in which the gateway is used

Why Use CGI?

• Two-directional communication• Storage of user-entered data• Portability of code• Browser independence

What Is Perl?

• Practical Extraction Report Language

Why Use Perl?

• Free license• Smooth installation• Pre-existing programs• Text and file processing capabilities• Strong points from other languages

Summary

Explain how the Common Gateway Interface works

Describe the GET and POST methods Describe the benefits of CGI Describe the benefits of choosing Perl as your

CGI scripting language


Lesson 3:Creating a

Simple Script

Objectives

• Discuss the advantages and disadvantages of client-side and server-side scripts

• Use scalar variables• Print HTML to the browser using the print

statement

Key Concepts and Syntax

• Client-side versus server-side scripting• Scalar variables in Perl• Built-in functions• Single and double quotation marks• Using variables in strings• User-defined functions

Key Concepts and Syntax (cont’d)

• Printing HTML from a Perl script• Including HTML after the _END_ keyword• Printing HTML using print <<ANYWORD• Printing HTML from a file

Summary

Discuss the advantages and disadvantages of client-side and server-side scripts

Use scalar variables Print HTML to the browser using the print

statement


Lesson 4:Perl Fundamentals

Objectives

• Use CGI.pm to examine environment variables• Use Perl arrays and associative arrays• Define list and scalar context• Use pattern matching operators• Write if statements• Create loops

Accessing Environment Variables

• Environment variables are stored in an associative array

Using CGI.pm to Access Environment Variables

• Simpler CGI.pm syntax• Environment access methods

If Statement

• Used exactly as it is used in JavaScript• Can also be used in a unique way at the end of

any statement

Logical Expressions

• Numeric and string operators

Pattern Matching

• Pattern matching operator

Perl Arrays

• Holds a list of scalars (numbers of strings)• List context versus scalar context

– Initializing scalar variables from an array

Passing Values to Functions

• Values that are passed to functions are held in arrays

Associative Arrays

• Converting associative arrays to arrays• Using join with arrays and associative arrays• Using split with arrays

Loops

• The while loop• The next and last statements• The for loop• The foreach loop• The sort function

Summary

Use CGI.pm to examine environment variables Use Perl arrays and associative arrays Define list and scalar context Use pattern matching operators Write if statements Create loops


Lesson 5:Perl File Input and Output Capabilities

Objectives

• Open and close files from within scripts• Read and write to sequential files• Read and write to random-access files• Define file modes• Use the diamond operator in scalar and list

contexts• Use file tests in conditional statements

File IO Using File Handles

• The unless statement• The die statement and the | | operator• The && operator

File Modes

• Reading a file• Writing to a file• Appending to a file• Reading and writing to a random-access file

Using Files in Scripts

• Writing to a file• Reading from a file using the diamond

operator <>• Reading from a file using the read function• Reading and writing to a random-access file• The seek function

Creating a Hit Counter

• Every time a page is called, a counter reads and increments the number in the file, and stores it back to the file

Summary

Open and close files from within scripts Read and write to sequential files Read and write to random-access files Define file modes Use the diamond operator in scalar and list

contexts Use file tests in conditional statements


Lesson 6:Controlling

Processing and Output

Objectives

• Use the HTML form generation methods of CGI.pm to create HTML pages

• Use the param method to retrieve form values• Create a dual-mode form that accepts and

generates data depending on how it is accessed

• Validate form data and print a missing fields page

• Test Perl scripts in offline mode

Incorporating HTML into Perl Using CGI.pm

• Methods of CGI.pm include– start_html– end_html– startform A,B,C– endform– submit A– textfield A,B,C,D– button A,B– hidden A,B– header A

Using CGI.pm to Access Form Data

• The POST method• Using CGI.pm for GET or POST

ProcessingUser-Entered Data

• Using the ReadParse method

Using One File to Createand Process an HTML Form

• Perl scripts can operate in two modes– Called from a hyperlink– Called from a form submission

Using Perl toValidate Form Input

• Perl scripts commonly validate form data:– Before saving the data– Before processing the data

Summary

Use the HTML form generation methods of CGI.pm to create HTML pages

Use the param method to retrieve form values Create a dual-mode form that accepts and

generates data depending on how it is accessed

Validate form data and print a missing fields page

Test Perl scripts in offline mode


Lesson 7:Saving

User-Supplied Data to a File

Objectives

• Use the named parameters syntax for CGI.pm methods

• Save data to a file in a tab-delimited format• Save data to a file using the save method of

the CGI.pm module• Delete and append name-value pairs• Use the substitution pattern-matching

operator• Use the &_ variable to simplify scripts

Saving Form Data to a File

• To save form data:– Access the field data using the param

method– Write (print) the field data to an open file

Modifying Form Data

• Named parameters syntax• Methods of CGI.pm with named

parameters• The delete method• The append method

Pattern Matching Revisited

• Pattern-matching operator revisited• Substitution operator

Summary

Use the named parameters syntax for CGI.pm methods

Save data to a file in a tab-delimited format Save data to a file using the save method of

the CGI.pm module Delete and append name-value pairs Use the substitution pattern-matching

operator Use the &_ variable to simplify scripts


Lesson 8:Reading a File

Objectives

• Use regular expressions to match patterns• Substitute characters from a string using

regular expressions

Pattern Matching withRegular Expressions

• Special characters• Quantifiers• Memory

Substitution

• Contains four parts– The character s– The pattern match– The replaced characters– The character g

Summary

Use regular expressions to match patterns Substitute characters from a string using

regular expressions


Lesson 9:Introduction to Databases

Objectives

• Explain the need for databases• Use the DBI interface to access a database

using any DBD driver• Describe a four-step process for writing

database programs• Use the connect method to access a database

Objectives (cont’d)

• Write simple and complex SQL statements• Use the q{} and qq{} quoting operators to

write simple SQL statements• Query the table names and table field names

of a database• Combine the CGI and DBI Perl modules to

create a Perl script that accesses and formats data for presentation in the browser

Introduction toDatabase Programming

• Benefits of database interaction• Database Interface (DBI) module• Database Driver (DBD) module

Four Steps to Interacting with Databases

• Connect to the database• Query the database• Display the results• Close the connection

Connecting to Databases

• The connect method• SQL SELECT statement

Quoting Revisited

• q{}• qw{}• qq{}

Querying Table and Field Names

• If the query selects all the fields of a table, you can retrieve a list of all the field names

Summary

Explain the need for databases Use the DBI interface to access a database

using any DBD driver Describe a four-step process for writing

database programs Use the connect method to access a database

Summary (cont’d)

Write simple and complex SQL statements Use the q{} and qq{} quoting operators to

write simple SQL statements Query the table names and table field names

of a database Combine the CGI and DBI Perl modules to

create a Perl script that accesses and formats data for presentation in the browser


Lesson 10:Deleting and

Inserting Database Records

Objectives

• Use the do method to quickly execute SQL statements

• Use the DELETE command to delete records from a database

• Use the INSERT command to insert records in a database

• Use the UPDATE command to modify records in a database

Modifying Data in a Database

• DELETE command• INSERT command• UPDATE command

The do Method

• Duplicates the function of the prepare and execute methods

Summary

Use the do method to quickly execute SQL statements

Use the DELETE command to delete records from a database

Use the INSERT command to insert records in a database

Use the UPDATE command to modify records in a database


Lesson 11:CGI Security Issues

Objectives

• Describe how hackers gather information about your system

• Prevent unauthorized reading of CGI scripts or data saved by CGI scripts

• Use CGI wrappers to separate multiple users on the same server

• Discuss security issues introduced by Web server extensions

• Use four techniques to prevent shell expansion of data passed to launched programs

Type of Attacks

• Hackers can gather information about your system by– Exploiting bugs in server application

software– Accessing demo CGI scripts– Reading contents of poorly configured CGI

scripts– Readings contents of data saved

improperly– Passing data to your CGI scripts to launch

unexpected commands

Securing the CGI Script

• Reading CGI scripts• Writing CGI script data• Web server user ID• CGI wrappers

Securing the Server

• FrontPage Extensions• ColdFusion• Active Server Pages• Web server and operating system bugs

Securing Form Data

• Data as a file name• Maintaining state with hidden fields• Maintaining state with cookies• Cookies versus hidden fields

Securing DataPassed to Commands

• The eval method• The exec method• The system method

Summary

Describe how hackers gather information about your system

Prevent unauthorized reading of CGI scripts or data saved by CGI scripts

Use CGI wrappers to separate multiple users on the same server

Discuss security issues introduced by Web server extensions

Use four techniques to prevent shell expansion of data passed to launched programs


Application Development Fundamentals Introduction to CGI and Perl Creating a Simple Script Perl Fundamentals Perl File Input and Output Capabilities Controlling Processing and Output Saving User-Supplied Data to a File


Reading a File Introduction to Databases Deleting and Inserting Database Records CGI Security Issues

Fundamentals of CGI Programming Using Perl

Documents

Transcript of Fundamentals of CGI Programming Using Perl