Internet / Intranet CIS-536 Class HTML Forms A Method to Allow Users to Pass Information to a CGI Script Forms Allow Information to Be Entered Via: Text Fields Selectable Lists Checkboxes Radio Buttons Submit / Reset Buttons Each Field Is Identified by a Name Optional Default Value E.g Example HTML Forms (2) Submit Button Sends Data to CGI Script Name/Value Pairs Separated By & METHOD = “GET” Uses HTTP Get Method Parameters are Sent in URL “Command Line” Arguments Data Follows “?” Easily Visible to Users Some Servers Truncate the URL Passed to Perl as QUERY_STRING Environment Variable METHOD = “POST” Data is Sent in HTTP Message Body Passed to Perl as stdin ACTION=“URL” Identifies the Target URL ACTION =“mailto:xxx” Data is Mailed to Target email Address Example Forms – Text Fields Text Box: Type=Text Size – Size of Text Box in Characters Maxlength – The Maximum Number of Characters Allowed Type=Password Same, Except User Input is Echoed as *’s Note: Password is Still Sent to Server in Plain Text Pwd Example Example Forms – Multiline Text Fields Multiline Text Rows, Cols – The Size of the Field in Characters Note: This Only Controls the Size of the Display Box Scroll Bars Allow More Data Wrap=Of No Wrapping Horizontal Scroll Bar for Additional Text Wrap=Virtual, Physical Wrap Text Based on Number of Columns Wrap=Virtual –Do Not Send Inserted Carriage Returns Wrap=Physical – Send Inserted Carriage Returns Example Forms – CheckBoxes and Radio Buttons Radio Buttons Allow Only One Option to Be Selected Checkboxes Allow Multiple Selections Pick1 Pick2 Name - Identifies the Grouping Value – The Value Passed to the Server if This Item is Selected For Multiple Selections, Values are Concatenated CHECKED – Indicates the Default Status is Checked Examples: If the User Checks Pick1: Sent to Server: CB1=A If the User Checks Pick1 and Pick2: Sent to Server: CB1=AB Example Forms – List Boxes First Choice Second Choice Size – The Number of Rows to Display Access Additional Rows Via Scroll Bar Size=1 Creates a Drop-Down List Multiple – The Maximum Number of Items That Can Be Selected From List Values are Concatenated When Sent to Server Value – If Specified, This is Sent to Server When Row is Selected Unspecified – Text in Row is Sent to Server as the Value Example Forms – Submit and Reset Buttons Submit Reset Sets all Fields to Their Default Values Example Forms –Uploading Files Allows a User to Upload Contents of a File Instead of Text Browser Displays a Text Field and a Browse Button to Allow User to Select a File If the Form has ENCTYPE=“multipart/form-data” Contents of File Are Uploaded in This Field Else The Filename is Uploaded in This Field BE CAREFUL! Can Be a Security Hole if Uploaded Files are Stored in Web Accessible Directories Accidentally Selecting a Large File Can Afect Performance Example Forms – Hidden Fields Allows You to Create “Variables” Passed to Server as if Entered By User Not Displayed to User in Form Fully Visible in the HTML Therefore, Not For Sensitive Info (e.g Passwords) Example Forms – Image Maps Similar to a Submit Button Graphic is Displayed as Button Also Passes the Coordinates Where User Clicks Server Can Process Coordinates (Server Side Image Maps) Example HTML Extensions for Forms “Tool Tips” TITLE Attribute on Form Tags Label Associated With Form Entry User Can Click On Label to Select Entry Field Enter Name: Shortcuts Alt-Character selects Entry Field ACCESSKEY=“X” Tab Order TABINDEX=3 Negative Number Excludes Field From Tab Order FieldSet Groups Controls Together (Outline Box) Adds Text To Outline Box Example Document Object Model: Forms Properties action – The URL Where Form Will be Submitted length – The Number of Elements in the Form method – “Get” or “Post” name – Name as Specified by Name Attribute target – If in a Frame, the Target Frame Name Methods reset() – Reset the Form submit() – Submit the Form Objects elements[] – Array of input elements in the form Events onReset onSubmit Return false to Prevent Submission Validating Forms Using JavaScript Example Server Side Includes shtml Extension By Convention Not Enabled on All Servers > Server Side Include Directives: echo – print certain variables DOCUMENT_NAME DOCUMENT_URI DATE_LOCAL DATE_GMT LAST_MODIFIED include – Include Another File fsize, flastmod – File Size, Last Modified Date of a Specified File exec – Execute a System Shell Command cgi – Execute a CGI script config – Adjust Error, Day/Time Formats Example CGI / Scripting Scripts are Programs Run By the Server CGI – Common Gateway Interface Methodology For Server/Script Communication Can Be Written in Any Language Supported By the Server UNIX Origins PERL is Most Common Script Output is Returned to the Browser Alternative Methodologies Exist CGI is the Most Portable PERL – Practical Extraction and Reporting Language UNIX Based Scripting Language Ported to Multiple Platforms How Does Browser Know to Execute a Program? Program is in a Script Directory Typically cgi-bin (Apache) Or By Extension (e.g .pl, cgi) Scripts Must Have Executable Permissions Scripting Features Scripts Can Have Input Parameters Passed as Part of URL : ? Argument (Query String) Special Characters Passed as % Ascii Hex Values Name/Value Pairs : Separated by & Variable Passed in HTTP Header Name/Value Pairs Method = Post HTML Forms Passed in Cookies Netscape Origins, Now Widely Adopted Name/Value Pairs Associated With a URL Stored on Client Computer Users May Turn of Cookies Scripts Must Be Aware of How Parameters are Being Passed Diferent Methodology to Access Each Method Parameters Also Used to Maintain State Information Help Track a “Session” Scripting Issues Security Concerns No Limits on What CGI Scripts May Access Potential to Execute Any System Command Hacker Can Cause Serious and Unforeseen Problems Potential to Afect More Than Just Your Web Site Many ISP’s Limit CGI Capabilities Performance Concerns CGI Scripts are Run as a Standalone Process E.g Interpreter is Loaded and Initialized Each Time Alternative to Posting Forms Mailto Option Perl Why Should I Learn Perl? S/W Engineers Need to Be Adept at Picking Up New Languages Need a “Comfort Level” of Expertise Ability to Write Basic Code Ability to View/Modify Existing Code Ability to Learn More as Needed Develop Reference “Library” Develop “Guru” Network Large Public Archives of Perl Scripts Perl Basics Interpreted Originally Used Primarily By UNIX Sys-Admins “Public Domain” The preferred language for CGI Scripts PERL is Relatively Portable Activestate ActivePerl (Windows / IIS) UNIX specific scripts dominate (Uses UNIX O/S Commands) In Class Exercise Create a Basic Form Use action=“mailto: xxx” to mail the form result to yourself ... Activestate ActivePerl (Windows / IIS) UNIX specific scripts dominate (Uses UNIX O/S Commands) In Class Exercise Create a Basic Form Use action=“mailto: xxx” to mail the form result to yourself