ch05.htm

Web_Programming_with_Perl5,一个不错的Perl语言教程。

<DL>

	<DT></DT>

</DL>



<H3 ALIGN="CENTER">

<HR WIDTH="83%">

<BR>

<FONT COLOR="#000077">NOTE:</FONT></H3>





<BLOCKQUOTE>

	<P>Note that some of the methods described in Table 5.1 are not yet fully implemented

	in currently released browsers but are accessible by using CGI.pm or the HTTP::Request

	module. Fully elaborating on these methods is beyond the scope of this text. For

	more details on these methods, please consult the following URL:<FONT COLOR="#0066FF"><BR>

	</FONT>

<HR>





</BLOCKQUOTE>



<PRE><FONT COLOR="#0066FF">http://www.w3.org/pub/WWW/Protocols/HTTP/Methods.html

</FONT></PRE>

<H4><TT>Table 5.1. HTTP FullRequest methods.</TT></H4>

<P>

<TABLE BORDER="0">

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP">Method</TD>

		<TD ALIGN="LEFT">Description</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>GET</TT></TD>

		<TD ALIGN="LEFT">The <TT>GET</TT> method is used every time your browser requests a document. Variables

			may be sent using this method through URI Encoding (described in the &quot;<TT>GET</TT>

			Method&quot; section).</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>POST</TT></TD>

		<TD ALIGN="LEFT">The <TT>POST</TT> method is used most prominently to submit URI encoded data or text

			from an HTML form.</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>HEAD</TT></TD>

		<TD ALIGN="LEFT">The <TT>HEAD</TT> method is used in the same way as the <TT>GET</TT> method, but

			the server returns only the HTTP headers and no document body.</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>DELETE</TT></TD>

		<TD ALIGN="LEFT">This method instructs the server to attempt to delete the data referenced by the

			specified URI.</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>PUT</TT></TD>

		<TD ALIGN="LEFT">This method instructs the server to append data in the body section of the request

			to the specified URI.</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>LINK</TT></TD>

		<TD ALIGN="LEFT">By adding header meta-information to an object, this method can link an object to

			another specified object.</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>UNLINK</TT></TD>

		<TD ALIGN="LEFT">This method removes headers (meta-information) that are specified in the request

			for the specified object.</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>SHOWMETHOD</TT></TD>

		<TD ALIGN="LEFT">This method allows the client to request interface specifications for methods not

			covered in the current HTTP specification.</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>SPACEJUMP</TT></TD>

		<TD ALIGN="LEFT">Similar to the <TT>TEXTSEARCH</TT> method, this header is used to specify the coordinates

			of a mouse click on a gif image.</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><TT>TEXTSEARCH</TT></TD>

		<TD ALIGN="LEFT">This method takes the text from the body of the request and instructs the server

			to perform a simple search for the specified text.</TD>

	</TR>

</TABLE>

<B><TT>GET Method</TT></B> The <TT>GET</TT> method is used for all normal document

requests. In other words, a request with a <TT>GET</TT> method is what your Web browser

sends to the Web server to request a document. The <TT>GET</TT> method is very simple,

only requiring a single argument: which URI to get. Here's the syntax of the <TT>GET</TT>

method:</P>

<PRE><FONT COLOR="#0066FF">GET http://www.netsite.com/directory/filename CrLf

</FONT></PRE>

<P>The <TT>GET</TT> method can also be used to send name/value data back to the server.

Data is returned by URI encoding it and appending it to the end of the URI. URI encoding

refers to the replacement of special characters such as tabs, spaces, question marks,

and quotes with their HEX equivalents. All data passed from the browser to the Web

server must be URI encoded. URI encoding will be discussed in more depth in the next

section. The process of URI encoding the name/value pair data and then appending

it to the end of the URI is what happens when a browser submits a <TT>GET</TT> method

HTML form. In other words, a form called like this</P>

<PRE><FONT COLOR="#0066FF">&lt;FORM METHOD=&quot;GET&quot; ACTION=&quot;/cgi-bin/mycgi.cgi&quot;&gt;

</FONT></PRE>

<P>will cause the browser to URI encode the name/value pair form data (the names

and values of the fields you create in your form), then append it to the end of the

URI. Digital's AltaVista search engine uses the <TT>GET</TT> method. A search for

<TT>the best web site</TT> on AltaVista caused the following URI to be generated

and sent by Netscape:</P>

<PRE><FONT COLOR="#0066FF">http://altavista.digital.com/cgi-bin/query?pg=q&amp;what=web&amp;fmt=.&amp;q=the+best+web+site

</FONT></PRE>

<P>Breaking this URI down into its components, the first part of the URI calls a

CGI called <TT>query</TT> in the cgi-bin/ directory:</P>

<PRE><FONT COLOR="#0066FF">http://altavista.digital.com/cgi-bin/query

</FONT></PRE>

<P>This is followed by a <TT>?</TT>, indicating the presence of URI encoded data,

and four URI encoded name/value pairs:</P>

<PRE><FONT COLOR="#0066FF">?pg=q&amp;what=web&amp;fmt=.&amp;q=the+best+web+site

</FONT></PRE>

<P>The URI encoding of this string makes it look like a bunch of garbage at first

glance. URI encoded name/value pairs are separated by the <TT>&amp;</TT> character.

The <TT>+</TT> character represents whitespace. Thus, this string translates into

the following four name/value pairs once URI decoded: 

<TABLE BORDER="0">

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP">pg</TD>

		<TD ALIGN="LEFT" VALIGN="TOP">= q</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP">what</TD>

		<TD ALIGN="LEFT" VALIGN="TOP">= web</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP">fmt</TD>

		<TD ALIGN="LEFT" VALIGN="TOP">= .</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT" VALIGN="TOP"><FONT COLOR="#000000">q</FONT></TD>

		<TD ALIGN="LEFT" VALIGN="TOP"><FONT COLOR="#000000">= the best web site</FONT></TD>

	</TR>

</TABLE>

</P>

<P>Using the <TT>GET</TT> method in all cases is not recommended, as servers usually

have size limitations on the length of URIs due to operating system environment constraints.

For example, the size is 1240 bytes in the UNIX environment. The <TT>GET</TT> method

is useful, however, in cases where you need to send your script an argument from

a URI; for example, if you had written a script called classifieds.cgi, and you wanted

the script to support multiple product categories. A good way to do this would be

to send the category to the script as a variable in the URI. An HTML page could have

links to the different categories like this:</P>

<PRE><FONT COLOR="#0066FF">&lt;a href=http://mysite.com/cgi-bin/class.cgi?category=pets&gt;Pets&lt;/a&gt;

&lt;a href=http://mysite.com/cgi-bin/class.cgi?category=stuff&gt;Stuff&lt;/a&gt;

&lt;a href=http://mysite.com/cgi-bin/class.cgi?category=cars&gt;Cars&lt;/a&gt;

</FONT></PRE>

<P>When your script is called, you can use the category variable to create different

dynamic output based on what was specified in the category variable. Another advantage

to this method is that users can bookmark your script, and since the variables are

part of the URI, they can bookmark different categories.



<DL>

	<DT></DT>

</DL>



<CENTER>

<H3>

<HR WIDTH="83%">

<BR>

<FONT COLOR="#000077">CAUTION:</FONT></H3>

</CENTER>





<BLOCKQUOTE>

	<P>Be very careful when using <TT>GET</TT> requests to supply your script with input.

	A malicious user can easily change or modify the variables in the URI that calls

	your script. Depending on how you use the variables, this could easily cause undesirable

	and possibly dangerous results.<BR>

	

<HR>





</BLOCKQUOTE>



<P><B><TT>POST Method</TT></B> The <TT>POST</TT> method also URI encodes your data,

but instead of the data being tagged on to the URI, it is sent separately after all

of the other request headers and is available as STDIN to your script. CGI.pm provides

transparent access to the data in STDIN generated by a <TT>POST</TT> method request.

The <TT>POST</TT> method uses the <TT>CONTENT_LENGTH</TT> environment variable to

indicate how many bytes of the standard input are used for the encoded input data.

The CGI script will keep reading input data until it has read <TT>CONTENT_LENGTH</TT>

bytes of data. The <TT>CONTENT_TYPE </TT>environment variable indicates to the script

what kind of data is being sent. The content-type for HTML forms returning name/value

data with the <TT>POST</TT> method should always be <TT>application/x-www-form-urlencoded</TT>.</P>

<P>To use the <TT>POST</TT> method in an HTML form, simply specify <TT>POST</TT>

as the method:</P>

<PRE><FONT COLOR="#0066FF">

&lt;FORM METHOD=&quot;POST&quot; ACTION=&quot;/cgi-bin/mycgi.cgi&quot;&gt;

</FONT></PRE>

<P>Later, you will see how CGI.pm or the HTTP::Request module can be used to construct

headers with these methods from within your scripts and decode URI encoded form data.

The ability to easily generate <TT>GET</TT>, <TT>POST</TT>, and other headers makes

the following tasks possible:



<UL>

	<LI>Retrieving a document off the Net with a single line of Perl

	<P>

	<LI>Accessing and controlling form-based CGI applications on other systems from within

	your Perl script

</UL>





<UL>

	<LI>Requesting information about a document on another server without actually retrieving

	it

</UL>



<P><B><TT>URI Encoding</TT></B> Why should you care about URI encoding? Here are

three reasons:



<OL>

	<LI>All data contained in HTML forms passed from the browser to the Web server (your

	CGI) is URI encoded. This data must be decoded.

	<P>

	<LI>Data that is sent to your CGI attached to the URI using the <TT>GET</TT> method

	must be encoded.

	<P>

	<LI>CGI.pm and the CGI::Base module transparently handle URI encoding and decoding.

	<P>

	<LI>Because all of your data passed between the browser and the server is being encoded

	and decoded, you should understand how and why.

</OL>



<P>URI encoded data is introduced in two instances. First, data contained in HTML

forms (using <TT>GET</TT> or <TT>POST</TT> methods) will be automatically URI encoded

by the browser before being sent to your script. Second, if you want to send input

to your script, you must know how to encode the data when you append it to the URI

if the browser is not doing it for you.</P>

<P>URI encoded data is appended to the URI in the following manner:</P>

<PRE><FONT COLOR="#0066FF">http://www.netsite.com/mycgi?query_string

</FONT></PRE>

<P>where <TT>query_string</TT> represents a string of URI encoded name/value pairs.

Here's a typical <TT>query_string</TT>:</P>

<PRE><FONT COLOR="#0066FF">name=John+Doe&amp;age=30&amp;grade=96%25

</FONT></PRE>

<P>Each name/value pair is separated by the ampersand character (<TT>&amp;</TT>).

In this example <TT>%25</TT> represents the <TT>%</TT> character. In addition, the

plus symbol (<TT>+</TT>) represents a space. When decoded, this example contains

the following name/value pairs: name = John Doe</P>

<P>age= 30<FONT COLOR="#0066FF"><BR>

</FONT><FONT COLOR="#000000">grade = 96%</FONT></P>

<PRE><FONT COLOR="#000000"></FONT></PRE>

<P>There are many ASCII characters that must be URI encoded. Use the following table

to determine which HEX values you must use to represent the characters shown in Table

5.2.

<H4>Table 5.2. URI Characters That Must Be Encoded.</H4>

<P>

<TABLE BORDER="0">

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT"><B>Character</B></TD>

		<TD ALIGN="LEFT"><B>URI Encoded HEX Equivalent</B></TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT">Tab</TD>

		<TD ALIGN="LEFT">%09</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT">Space</TD>

		<TD ALIGN="LEFT">%20</TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">