C20 0046 database management systems lecture 20
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

C20.0046: Database Management Systems Lecture #20 PowerPoint PPT Presentation


  • 75 Views
  • Uploaded on
  • Presentation posted in: General

C20.0046: Database Management Systems Lecture #20. Matthew P. Johnson Stern School of Business, NYU Spring, 2004. Agenda. Previously: PL/SQL Next: Project part 3 really due now Bad date Project part 4 due next week Tuesday Scripting for SQL on the web CGI/Perl PHP Security.

Download Presentation

C20.0046: Database Management Systems Lecture #20

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


C20 0046 database management systems lecture 20

C20.0046: Database Management SystemsLecture #20

Matthew P. Johnson

Stern School of Business, NYU

Spring, 2004

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Agenda

Agenda

  • Previously: PL/SQL

  • Next:

  • Project part 3 really due now

    • Bad date

  • Project part 4 due next week

    • Tuesday

  • Scripting for SQL on the web

    • CGI/Perl

    • PHP

  • Security

M.P. Johnson, DBMS, Stern/NYU, Sp2004


New topic web apps

New topic: web apps

  • Goal: web front-end to database

    • Present dynamic content, on demand

    • Not canned (static) pages/not canned queries

    • (perhaps) modify DB on demand

  • Naïve soln: static webpage & HTTP

    • index.html written, stored, put on server, displayed when it’s url is requested

    • HTTP is stateless (so?)

    • This doesn’t solve our problem

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Dynamic webpages

Dynamic webpages

  • Soln 1: upon url request

    • somehow decide to dynamically generate an html page (from scratch)

    • send back new html page to user

    • No html file exists on server, just created on demand

    • CGI, Java servlets, etc.

M.P. Johnson, DBMS, Stern/NYU, Sp2004


New topic cgi

New topic: CGI

  • First, and still very popular, mechanism for first soln

  • CGI: Common Gateway Interface

    • Not a programming language!

    • Just an interface (connection) between the webserver and a program

    • Very simple basic idea: user chooses an url 

      webserver runs that url’s program, sends back the program’s output

M.P. Johnson, DBMS, Stern/NYU, Sp2004


On the fly content with cgi

Client

Program

HTTP Request

Data for program

HTML

Generated HTML

Server

On-the-fly content with CGI

  • Image from http://www.scit.wlv.ac.uk/~jphb/cp3024/

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Using cgi

Using CGI

  • CGI works with any prog./scripting lang.

  • Really?

  • Well, any language your server works with

    • I.e., the machine running your webserver program

      • pages/soho, not sales

    • And that the user the webserver is running as (e.g. nobody) can use and has env. vars. for

    • And whose jars/libaries are available

      • and whose permissions are set

    • And (for us) whose MySQL dependencies are installed

  • Plausible choices: Perl, Python, C

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Cgi admin

CGI admin

  • Most webservers: CGI program/script must either

    • End in .cgi or

    • Reside in cgi-bin

  • Ours: needs .cgi extention

  • If a program, the cgi file is just the name of the executable:

gcc -o myprog.cgi myproc.gcc

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Cgi admin1

CGI admin

  • If a script, first (“shebang”) line says which interpreter to use:

  • Either way, cgi file must be executable:

  • Make sure your cgi file runs at cmd prompt:

    • But not a guarantee!

#!/usr/local/bin/perl

sales% chmod +x *.cgi

sales% myprog.cgi

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Cgi input

CGI input

  • CGI programs must respond to input

  • Two mechanisms:

    • GET: read env. var. QUERY_STRING

    • POST: get length from env. var. CONTENT_LENGTH; read from STDIN

  • This diff. mostly invis. to Perl, PHP

  • Both send a sequence of name/value pairs, separated by &s:

name=a&submit=Search

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Cgi input1

CGI input

  • Appearance/security differences

  • GET: string is part of the URL, following a ?:

  • POST: string can be read by program from an environmental variable

    • Vars not visible to the browser user

    • Not automatically put in server log, etc.

http://pages.stern.nyu.edu/~mjohnson/dbms/perl/lookup.cgi?name=1&submit=Search

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Our use of cgi

Our use of CGI

  • We’ll discuss CGI and Perl

    • One option for your project

    • Can try C, C++, etc.

    • But not recommended!

  • For CGI, only Perl will be supported

    • Scripting languages v. programming languages

    • Development v. IT

    • Other languages are still not recommended especially if you don’t know Perl and PHP

M.P. Johnson, DBMS, Stern/NYU, Sp2004


New topic just enough perl

New topic: Just Enough Perl

  • Very popular, powerful scripting language

  • Very good at “regular expressions”, text manipulation, but not very relevant to us

  • Instead:

    • simple text/html production

    • Basic language constructs

    • MySQL connectivity

  • Perl = Practical Extraction and Report Language or

    = Pathologically Eclectic Rubbish Lister

perl -pi -e 's/tcsh/sh/' $HOME/.login

See http://perl.org.il/pipermail/perl/2003-February/001047.html

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Hello pl

hello.pl

  • Hello, World - hello.pl

  • Running at command prompt:

#! /usr/bin/perl -w

print "Hello World\n";

sales% perl hello.pl

Hello World

sales%

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Hello world hello pl

Hello, World - hello.pl

  • Run from browser:

    • http://pages.stern.nyu.edu/~mjohnson/dbms/perl/hello.pl

  • What’s wrong?

    • http://pages.stern.nyu.edu/~mjohnson/dbms/perl/hello.cgi

  • What’s wrong?

    • http://pages.stern.nyu.edu/~mjohnson/dbms/perl/hello2.cgi

  • What’s wrong?

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Hello world hello3 cgi

Hello, World – hello3.cgi

  • Script errors, w/ and w/o fatalsToBrowser:

    • http://pages.stern.nyu.edu/~mjohnson/dbms/perl/hello3.cgi

#! /usr/bin/perl -w

use CGI qw(:standard);

use CGI::Carp qw( fatalsToBrowser

warningsToBrowser );

print header();

pr int "Hello World\n";

M.P. Johnson, DBMS, Stern/NYU, Sp2004


More on perl

More on Perl

  • Perl is mostly “C-like”

  • Perl is case-sensitive

  • Use # for rest-of-line comments

  • Creation of functions are supported but optional

  • Perl has “modules”/“packages”

  • CGI module:

    • Provides header() function, access to params

  • Mysql module:

use CGI qw(:standard);

use Mysql;

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Perl and strings

Perl and strings

  • Can use “ ” for strings

  • Concatenate with . op:

  • Print text with print function:

  • Or, parentheses can be dropped!

“Hi ” . “there\n”

print (“Hi there”);

print “Hi there”;

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Perl and strings1

Perl and strings

  • Can compare numbers (as numbers) with usual operators

    • < > <=, etc.

    • 3 < 5

  • These do not apply to strings

  • String ops are based on initials of operations:

    • eq, ne, lt, gt, le, ge

    • “hi” ne “there”

    • “hi” le “hi there”

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Perl and variables

Perl and variables

  • Regular variables begin with $

    • $input, $query

  • Declare vars with my:

  • Q: What about var types?

  • A: Perl is loosely typed!

my $s = “hi”;

my $query = “select …”;

my $s = “hi”;

$s = 10;

$s = 3.5;

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Perl strings and variables

Perl, strings, and variables

  • print takes var-many arguments:

  • Variables are always “escaped”

  • Vars may appear within strings:

  • Prints out: Hello Dolly.

    • To prevent, use single quotes ‘ ‘

print (“Hello ”, “Dolly”. “.\n”);

$name = “Dolly”;

print (“Hello $name.\n”);

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Perl syntax examples

Perl syntax examples

  • Access member/field of object ::

    • object::member

  • Access member pointed to by object ->

    • rowhash->field

  • Can access array members with indices

  • Can access hash members with strings

  • http://pages.stern.nyu.edu/~mjohnson/dbms/perl/controlscgi.txt

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Tutorials on perl

Tutorials on Perl

  • Some material drawn from the following good tutorials:

  • http://perl.com

  • CGI backend programming using perl:

    • http://www.scit.wlv.ac.uk/~jphb/sst/perl/

  • Perl Basics:

    • http://www.cs.wcupa.edu/~rkline/csc417/perl-basics-1.html

  • CGI Basics:

    • http://www.cs.wcupa.edu/~rkline/csc417/cgi-basics-1.html

  • MySQL/Perl/CGI example:

    • http://www.scit.wlv.ac.uk/~jphb/sst/perl/ex3d.html

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Tutorials on php

Tutorials on PHP

  • Some material drawn from the following good tutorials:

  • http://php.net

  • PHP introduction and examples:

    • http://www.scit.wlv.ac.uk/~jphb/sst/php/

  • Interactive PHP with database access:

    • http://www.scit.wlv.ac.uk/~jphb/sst/php/gazdb.html

  • Longer PHP/MySQL Tutorial from webmonkey:

    • http://hotwired.lycos.com/webmonkey/99/21/index2a.html

  • Nice insert/update/delete example from webmonkey:

    • http://hotwired.lycos.com/webmonkey/99/21/index3a.html

  • MySQL/Perl/PHP page from U-Wash:

    • http://www.washington.edu/computing/web/publishing/mysql-script.html

M.P. Johnson, DBMS, Stern/NYU, Sp2004


Comparison of scripting languages

Comparison of scripting languages

  • PHP v. Perl:

    • http://php.weblogs.com/php_versus_perl

  • PHP v. Perl v. Java servlets v. …:

    • http://www.developerspot.com/tutorials/php/server-side-scripting-language/

M.P. Johnson, DBMS, Stern/NYU, Sp2004


  • Login