Another CGI

Another CGI Python

Strings • Single and double quotes interchangeable • Triple quotes (""") allow multi-line literal quoting • Escaping of \n, %, etc by default • Prefix r can be used for regexps, r'[a-z].*' • Any variable can be converted to a string with str(v). Can go back with int(s), float(s) • Strings operations: • Concatenation with +, repeating with * • Length with len() • Substrings with []. Interesting index options. • Special boolean operator in

String Methods • count • find • isdigit • upper, lower • rjust, ljust • strip • replace

Tuples and Lists • Tuples store a set of elements. Syntax: • foo = ("Korn", "Jeff") • Lists also store elements but unlike tuples can be modified (thus cheaper). Syntax: • foo = ["Korn", "Jeff"] • foo[1] = "Jeffrey" • List operations: • append, extend, +, *, len, index, in, pop, sort, reverse, join, etc. • Be careful about references!

Dictionary • Dictionaries are associative arrays (arrays indexed by string or number). Values can be any object. • Syntax: • student = {'name' : 'Guido', 'score': 95 } • Operations: • has_key, keys, values, len, get, copy, update • Example: print student['name']

Statements • Standard if, then, else • While loops if person == 'Korn': status = 'teacher' elif person == 'Cano' status = 'yankee' else: status = 'unknown' print person, status while n <= 20: s.append(' ') n += 2 if magic: break a, b = 0, 1 while b < 100: print b a, b = b, a + b

for loops • Similar to shell: • To do c-style loops, use special function range: • Also: xrange for val in ["foo", "bar", "baz"]: print "Hello %s" % val for val in range(5, 20, 2): print val # prints 5, 7, 9 ... 19

Exceptions • Run-time errors are possible with Python, but they can be caught with try-except: • You can also use: raise, finally try: n = float(inputstring) m = n * 2 except ValueError, msg: print msg # will print: invalid literal for float(): foo

Functions • Defined with def: • Types not needed • Arguments can have defaults: • Variables in functions are local • global changes this • return used to return values def my_func(foo, bar): print foo + bar def my_func(foo, bar=12): print foo + bar my_func(3) 15 my_func(3, bar=3)

Modules • Python modules are libraries of reusable code with specific functionalities • Standard modules are distributed with Python to do a variety of things. • Modules names are unique, but functions in modules don't conflict with other modules. • Modules can have sub-modules.

Using Modules • Include modules in your program with use, e.g. import math incorporates the math module import math print math.log(4906, 2) 12.0 print math.sqrt(100) 10

Important modules • sys • sys.argv, sys.path, sys.platform, sys.exit, sys.stdin, sys.stderr, sys.stdout • os • os.getcwd, os.environ, os.chdir, os.listdir, os.mkdir, os.rmdir, os.remove, os.system, os.popen, os.getpid • os.path • os.path.abspath, os.path.dirname, os.path.basename, os.path.join, os.path.split, os.isfile, os.isdir

HTTP • Protocol for the Web • Client-server model • Client (user agent) is typically web browser (e.g. Firefox) • Server is web server (e.g. Apache) • Client request a resource identified by URLs • e.g. http://cs.nyu.edu/csweb/index.html

Apache HTTP Server • Open source HTTP (Web) server • Most popular web server since 1996 • The “A” in LAMP • Part of Apache Software Foundation • Other projects: Ant, Hadoop, Tomcat, SpamAssassin, …

HTTP Transactions • HTTP request to web server GET /v40images/nyu.gif HTTP/1.1 Host: www.nyu.edu • HTTP response to web client HTTP/1.1 200 OK Content-type: image/gif Content-length: 3210

HTML Example • <html> • <head> • <title>Some Document</title> • </head> • <body> • <h2>Some Topics</h2> • This is an HTML document • <p> • This is another paragraph • </body> • </html>

HTML • File format that describes a webpage • Can be written by hand, or generated by a program • A good way to generate a HTML file is by writing a shell or Perl script

Gateways • Interface between resource and a web server Web Server Gateway resource HTTP

CGI • Common Gateway Interface - a standard interface for running helper applications to generate dynamic contents • Specify the encoding of data passed to programs • Allow HTML documents to be created on the fly • Transparent to clients • Client sends regular HTTP request • Web server receives HTTP request, runs CGI program, and sends contents back in HTTP responses • CGI programs can be written in any language

How CGI Works HTTP request Web Server HTTP response spawn process Script Document

Forms • HTML forms are used to collect user input • Data sent via HTTP request • Server launches CGI script to process data <form method=POST action=“http://cs.nyu.edu/~unixtool/cgi-bin/search.cgi”> Enter your query: <input type=text name=Search> <input type=submit> </form>

Input Types • Text Field <input type=text name=zipcode> • Radio Buttons <input type=radio name=size value=“S”> Small <input type=radio name=size value=“M”> Medium <input type=radio name=size value=“L”> Large • Checkboxes <input type=checkbox name=extras value=“lettuce”> Lettuce <input type=checkbox name=extras value=“tomato”> Tomato • Text Area <textarea name=address cols=50 rows=4> … </textarea>

Submit Button • Submits the form for processing by the CGI script specified in the form tag <input type=submit value=“Submit Order”>

HTTP Methods • Determine how form data are sent to web server • Two methods: • GET • Form variables stored in URL • POST • Form variables sent as content of HTTP request

Encoding Form Values • Browser sends form variable as name-value pairs • name1=value1&name2=value2&name3=value3 • Names are defined in form elements • <input type=text name=ssn maxlength=9> • Special characters are replaced with %## (2-digit hex number), spaces replaced with + • e.g. “10/20 Wed” is encoded as “10%2F20+Wed”

GET/POST examples GET: GET /cgi-bin/myscript.pl?name=Bill%20Gates&company=Microsoft HTTP/1.1 HOST: www.cs.nyu.edu POST: POST /cgi-bin/myscript.pl HTTP/1.1 HOST: www.cs.nyu.edu …other headers… name=Bill%20Gates&company=Microsoft

GET or POST? • GET method for • Retrieving information, e.g. from a database • A “safe” method - no action taken other than retrieval • Embedding data in URL without form element • POST method for • Forms with many fields or long fields • Sending data for updating database, posting to bulletin board, etc. • GET requests may be cached by clients browsers or proxies, but not POST requests

Parsing Form Input • Method stored in HTTP_METHOD • GET: Data encoded into QUERY_STRING • POST: Data in standard input (from body of request) • Most scripts parse input into an associative array • Parse it yourself, or • Use available libraries (e.g. Perl CGI module)

CGI Environment Variables • DOCUMENT_ROOT • HTTP_HOST • HTTP_REFERER • HTTP_USER_AGENT • HTTP_COOKIE • REMOTE_ADDR • REMOTE_HOST • REMOTE_USER • REQUEST_METHOD • SERVER_NAME • SERVER_PORT

Example: Comment Form

Part 1: HTML Form <html> <center> <H1>Anonymous Comment Submission</H1> </center> Please enter your comment below which will be sent anonymously to <tt>kornj@cs.nyu.edu</tt>. If you want to be extra cautious, access this page through <a href="http://www.anonymizer.com">Anonymizer</a>. <p> <form action=cgi-bin/comment.cgi method=post> <textarea name=comment rows=20 cols=80> </textarea> <input type=submit value="Submit Comment"> </form> </html>

Part 2: CGI Script (ksh) #!/home/unixtool/bin/ksh . cgi-lib.ksh # Read special functions to help parse ReadParse PrintHeader print -r -- "${Cgi.comment}" | /bin/mailx -s "COMMENT" kornj print "<H2>You submitted the comment</H2>" print "<pre>" print -r -- "${Cgi.comment}" print "</pre>"

Example: Find words in Dictionary <form action=dict.cgi> Regular expression: <input type=“text” name=re value=".*"> <input type=submit> </form>

Example: CGI Script (ksh) #!/home/unixtool/bin/ksh PATH=$PATH:. . cgi-lib.ksh ReadParse PrintHeader print "<H1> Words matching <tt>${Cgi.re}</tt> in the dictionary </H1>\n"; print "<OL>" grep "${Cgi.re}" /usr/dict/words | while read word do print "<LI> $word" done print "</OL>"

Debugging • Debugging can be tricky, since error messages don't always print well as HTML • One method: run interactively $ QUERY_STRING='birthday=10/15/03'$ ./birthday.cgi Content-type: text/html <html>Your birthday is <tt>10/15/02</tt>.</html>

A Python CGI Script #!/usr/bin/python import cgi import cgitb cgitb.enable() form = cgi.FieldStorage() bday = form['birthday'].value # Print header print 'Content-Type: text/html' print # Your HTML body print "Your birthday is %s.\n" % bday

Debugging Python CGI Scripts • Debugging CGI script is tricky - error messages don’t always come up on your browser • Run script with test data • python cgiScript prod=“MacBook” price=“1800” Content-Type: text/html <html> … </html>

CGI Benefits • Simple • Language independent • UNIX tools are good for this because • Work well with text • Integrate programs well • Easy to prototype • No compilation (CGI scripts)

Another CGI

Another CGI

Presentation Transcript

CGI programming

CGI

CGI

. cgi  . irev

CGI

CGI Programming

CGI Security

CGI

CGI

CGI

CGI-SQL

CGI

CGI Programming

CGI::Panel

CGI

CGI#2

CGI

CGI programming

Perl/CGI

CGI Programming

Another CGI

CGI