Dynamic Web Programming:

Application and Transfer

Active Server Pages (ASP)
 When a browser calls an ASP document,
the ASP Server reads the .asp document
and
1. Substitutes appropriate files for the (server-side)
include statements
2. Runs the ASP code (Visual Basic Script – see
the Tutorial and Language Reference, …)
3. Returns the resulting HTML code to the browser
 Example (code, copy of database)
ASP Key Points (1)
 ASP code enclosed in: <% VBScript code %>
 Everything outside is HTML
 The result of the combined HTML and ASP code
must be a “standard” HTML document, e.g.:
– <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Final//EN">
<html>
<head>
<title>Miracle Drug Study</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Description" content=""><meta name="Keywords" content="">
<link rel=STYLESHEET type="text/css" href="">
</head>
<body>
</body>
</html>
ASP Key Points (2)

 Connect with database:

– Create connection object:
 set conn = Server.CreateObject("ADODB.Connection")
– Open connection:
 conn.open("Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=f:\web\database\rescomp\study.mdb")
 Submit a (read-only) Query:
– Generate SQL statement:
 SQL = "SELECT FirstName, LastName, DOB, Gender FROM
Patients WHERE Gender = '" & Gender & "' ORDER BY
FirstName DESC"
– set Patients = conn.execute(SQL)
ASP Key Points (3)
 Move through the data records:
– do while NOT Patients.eof
Name = Patients(0) & " " & Patients(1)
Patients.MoveNext
loop
 Add to or edit table:
– Create and open Record Set object:
 set RS = Server.CreateObject("ADODB.Recordset")
RS.Open “table name", conn, , adLockOptimistic, adCmdTable
(where adLockOptimistic = 3, adCmdTable = 2)
ASP Key Points (4)
 Add to or edit table (continued):
– Create new record, Edit, & Update:
 RS.AddNew
RS(“Dosage”) = 200
RS.Update
– Or Find desired record, Edit, & Update :
 do while NOT RS.eof
if RS(“ID”) = 7 then
RS(“Dosage”) = 200
RS.Update
else
RS.MoveNext
end if
loop
ASP Key Points (5)
 Clean up (free server resources) when done:
– Queries:
 Patients.Close
set Patients = nothing
– Record Sets:
 RS.Close
set RS = nothing
– The Connection:
 conn.close
set conn = nothing
ASP Security

 Apart from various Internet Information

Services (IIS – Window’s Web service)
security holes (for viruses and worms),
security is quite good.
 Use https:// if you want to protect content
over the internet – provides Secure Socket
Layer (SSL) security
ASP Resources

ASP Introduction

 Microsoft’s
VBScript Tutorial & Language Reference
(also here)
 WebMonkey’s tutorial
ColdFusion
 Easy-to-learn Server-Side Scripting Language:
CFML, or Cold Fusion Markup Language, is
embedded in HTML code
 CF code is enclosed in or by CF tags:
– <CFtagname CF code >
– <Cftagname > CF Code </Cftagname >
 Documents must end in .cfm
 ColdFusion is Case Insensitive
 Example (code, copy of database)
ColdFusion Key Points (1)

 All #variables# are enclosed in # signs

 HTML output which includes of CF variables
must be surrounded by CF output tags; e.g.:
– <Cfset height = “tall”>
<CFoutput>
The <B>#height#</B> boy fell.
<Cfoutput>
ColdFusion Key Points (1)
 Connect with database and run query
simultaneously:
– <CFQUERY Name="Patients" dbtype="dynamic"
connectstring="#DBdriver# #DBfile#">
SELECT ID, FirstName, LastName
FROM Patients
ORDER BY FirstName
</CFQUERY>

Where the variables are defined beforehand:

– <CFset Dbdriver = "Driver={MICROSOFT ACCESS DRIVER (*.mdb)};
UID=admin; PWD=; dbq=">
– <CFset Dbfile = "f:\web\database\rescomp\study.mdb">
ColdFusion Key Points (2)
 Access Query Results
– <SELECT name="PatientID">
<CFoutput QUERY="Patients">
<OPTION value=#ID#>#FirstName# #LastName#
</CFoutput>
</SELECT>
 Insert Data from a Form
– If a HTML form submits variables to be inserted, do so directly
using CFinsert:
 <CFinsert tablename="Treatment" dbtype="dynamic"
connectstring="#DBdriver# #DBfile#">
All variables in the form object (e.g. Form.var1) that match
attributes in the table are inserted into the table automatically
ColdFusion Key Points (3)

 Insert Data using Cfquery (SQL):

– <CFquery name="Treatment" dbtype="dynamic"
connectstring="#DBdriver# #DBfile#">
INSERT into Treatment
VALUES (#PatientID#, #EventID#, Now(), #Dosage(mg)#, #Severity#,
#Time#)
</CFquery>

 Other Data editing features also available;

see documentation
Cold Fusion Resources
– Cold Fusion Introduction
 Allaire/Macromedia’s
Documentation Web page
– Developing CF Applications
– CFML Reference
– CFML Quick Reference
 WebMonkey’s tutorial
 Security links page
Practical Extraction and
Report Language (Perl)

 Ubiquitous
– Originally designed to be a better general purpose
tool than a Unix shell, it has grown and spread to
be supported from Windows to Macintosh to VMS.
 Powerful but Cryptic
 Example (code)
Perl Key Points (1)
 The file itself must end in “.cgi” or “.pl”
 First line must specify the location of the Perl
engine (The DBI module will not work for
“#!/usr/local/bin /perl[5]” – see below):
– #!/uva/bin/perl -w
 First printed line must be the following if you
want its response to go to a browser:
– print "Content-type: text/html\n\n";
Perl Key Points (3)

 Set the usual parameters:

– my $hostname = “lebec.tc.edu";
my $username = “gordie"; # "my" defines a local variable
my $password = “mine122";
my $database = $username . "_study"; # = dld5s_study
my $data_source = "DBI:mysql:$database:$hostname";
 Connect to the database:
– my $dbh = DBI->connect($data_source, $username,
$password)
or die "Can't connect to $data_source: $DBI::errstr\n";
Perl Key Points (4)

 Define the SQL statement and execute

– my $SQL = "SELECT FirstName, LastName, DOB, Gender
FROM Patients
WHERE Gender = '$Gender‘
ORDER BY FirstName DESC";
my $sth = $dbh->prepare($SQL)
or die "Unable to prepare $SQL: dbh->errstr\n";
$sth->execute or die "Unable to execute query: $dbh->errstr\n";
 Clean up
– $sth->finish;
$dbh->disconnect;
Perl Resources

– Perl Programming Introduction

– Perl Programming for the Web
 Perl Documentation
– Overview, Built-in functions, Data types, Regular expressions, …
– Modules: DBI(1), DBI(2), CGI
 WebMonkey’s Tutorial, etc.
 MySQL and PERL for the Web by DuBois (New Riders)
 Learning Perl by Schwartz & Christiansen (O’Reilly)
 Programming Perl by Wall, Orwant, & Christiansen (O’Reilly)
 Programming the Perl DBI: Database Programming with Perl by
Descartes, Bunce, & Mui (Editor) (O’Reilly)
PHP

 Example
 Add Source
 Index Source
PHP: Hypertext Preprocessor (PHP
)
 HTML embedding scripting language (see the
PHP online manual
 When a browser calls a PHP document, the
Server reads the PHP document and
– Runs the PHP code
– Returns the resulting HTML code to the browser
 Example (code)
PHP Key Points (1)

 Filename must end in .php or .phtml

 PHP code enclosed in <?php PHP code ?>
or <? PHP code ?>
 Everything outside is HTML
 Output is (generally) to a browser requiring
standard HTML
PHP Key Points (2)

Connecting with RDBMS and editing, adding, and

deleting databases therein are all done through PHP
functions
 Connect with MySQL RDBMS
– mysql_connect($hostName, $userName, $password) or
die("Unable to connect to host $hostName");
 Connect with database
– mysql_select_db($dbName) or die("Unable to select
database $dbName");
PHP Key Points (3)
Queries: Nearly all table interaction and management is
done through queries:
 Basic information searches
– $SQL = "SELECT FirstName, LastName, DOB, Gender
FROM Patients WHERE Gender = '$Gender‘ ORDER BY
FirstName DESC";
$Patients = mysql_query($SQL);
 Editing, adding, and deleting records and tables
– $SQL = "INSERT INTO Patients (FirstName, LastName)
VALUES('$firstName', '$lastName')";
$Patients = mysql_query($SQL);
PHP Key Points (4)

 Cleaning up: close the database connection

– mysql_close();
PHP/MySQL Security

 The same problems as PHP occur with

Perl if you run it as a Perl or CGI script.
– See the passwords link
PHP Resources
– PHP and MySQL
 PHP Documentation
 PHP’s Tutorial
 WebMonkey’s Tutorial
 PHP and MySQL Web Development by
Welling & Thomson (SAMS)
 Beginning PHP4 by Blan, Choi, et. al (Wrox)
 (Other) Books
 MySQL by DuBois (New Riders)
 MySQL and PERL for the Web by DuBois (New Riders)
 MySQL & mSQL byYarger, Reese, & King
 PHP and MySQL Web Development by Welling & Thomson (SAMS)
 Beginning PHP4 by Blan, Choi, et. al (Wrox)
 Learning Perl by Schwartz & Christiansen (O’Reilly)
 Programming Perl by Wall, Orwant, & Christiansen (O’Reilly)
 Programming the Perl DBI: Database Programming with Perl by
Descartes, Bunce, & Mui (Editor) (O’Reilly)
 SQL-99 Complete, Really by Gulutzan & Pelzer (R&D Books)
PHP
 PHP is a widely-used general-purpose scripting
language that is especially suited for Web
development and can be embedded into HTML.
 PHP is a project of the Apache Software Foundation.
 PHP stands for PHP: Hypertext Preprocessor.
Let’s get started.
 As we already said PHP can be embedded into
HTML:

#!/usr/local/bin/php

<html>
<body>
<?php
echo “Hello I am a PHP script”;
?>
</body>
</html>
First file
 Save the file with a PHP extension in your
public_html folder.
 Give the webserver execute permission
(chmod 755 hello.php is the easiest way to
do this)
 Point a webserver at the file
 Let’s look at the first line of the file
#!/usr/local/bin/php
Something more Useful

<?php
echo $_SERVER["REMOTE_ADDR”];
?>

What is echo(); ?
echo() is a PHP function which prints output to the webpage, php has
many functions that do this, print(), printf() are two examples.

What is $_SERVER?!
$_SERVER is a special reserved PHP variable that contains all web server
information. It's known as an Autoglobal (or Superglobal).
Mixin and matchin PHP & HTML

<?php
if (strstr($_SERVER["HTTP_USER_AGENT"], "MSIE")) {
?>
<h3>strstr must have returned true</h3>
<center><b>You are using Internet Explorer</b> </center>
<?php
} else { ?>
<h3>strstr must have returned false</h3> <center><b>You are not using Internet
Explorer</b></center>
<?php } ?>

Here we see you can mix and match HTML and PHP together, this is because PHP does the PHP bit
first, it’s output is HTML and then bangs all the HTML together.
PHP Forms
Forms are a useful part of any internet site, and I’m sure you’ve used
them in the past. Forms are part of HTML, however you can pass their
values to a PHP script. Here is a simple HTML form which you can put
in any HTML file:
<form action="action.php" method="POST">
Your name: <input type="text" name="name">
Your age: <input type="text" name="age">
<input type="submit">
</form>
This isn’t specific to PHP, the only thing to notice is how we pass the
values to “action.php”
Handling POST data

Now we edit action.php (of course this file can be called

whatever, as long as the form passes it on).

Hi <?php echo $_POST["name"]; ?>.

You are <?php echo $_POST["age"]; ?>
years old.
Handling POST data

$_POST[] is an autoglobal array which get’s

created at every webpage by the server.
Sample out put from our script would be:
Hi Joe. You are 22 years old
Data Types
There are eight data types in PHP (which isn’t a lot),
I’m going to cover three, the others are not used a lot
and would be considered advanced in the contexts
of PHP anyways. Data types in PHP, unlike, are
flexible or not strict, and are refrenced the same way,
so inter-chaging is simple.
Data Types
$bool = TRUE; // a boolean
$str = "foo"; // a string
$int = 12; // an integer

echo gettype($bool); // prints out"boolean"

echo gettype($str); // prints out "string"

// If this is an integer, increment it by four

if (is_int($int)) { $int += 4; }
/* If $bool is a string, print it out (does not print out anything) */
if (is_string($bool)) {
echo "String: $bool";
}
Manulipating Data Types

These types can be added, subtracted,

concatinated like they can be in C or Java
$a = 5;
$b = 4;
Echo ($a + $b); // prints 9!
$string = “touch”;
$end = “down”;
Echo $string.$end; //prints touchdown!
Control Structures

If:
$hey = TRUE;
If($hey) {
printf(“Hello\n”);
} else {
printf(“Never gona see this!\n”);
}
While

$a = 0;
While($a < 100) {
printf(“hello $a\n”);
a++;
}
Prints all the numbers from 0 to 99.
For & others
For($a = 0; $a < 100; $a++){
printf(“Hello $a\n”);
}
//prints all the numbers from 0 to 99 again

PHP has also all the other control structures you can think of, until, do,
switch, : ?
Global Variables
We’ve already seen the use of some global or Super variables in
$_POST and $_SERVER. There’s a good few of them which
can be useful to make your site more personal. To get a list of
them, create this PHP file.

#!/usr/local/bin/php

<?php phpinfo(); ?>

Resources

This helpdesk tutorial like the others is just geared to get you started at
PHP coding. PHP’s website is the best resource for consultation,
www.php.net it has a simple to follow tutorial (you might find striking
resemblances with tonite’s!), as well as a manual page for every
function in PHP. I recommend you go to the site for more detailed
descriptions of what we did tonite.
Why is PHP good?

Php is good for a number of reasons

 Easy to use
 Well documented
 Large library
 Good Database interaction
 Good for Projects!!
 See Paul Acquaro’s class this Summer.