ch16.htm

Web_Programming_with_Perl5,一个不错的Perl语言教程。

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

<HTML>



<HEAD>

<!-- This document was created from RTF source by rtftohtml version 3.0.1 -->



	<META NAME="GENERATOR" Content="Symantec Visual Page 1.0">

	<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">

	<TITLE>Without a title - Title</TITLE>

</HEAD>



<BODY BACKGROUND="r2harch.gif" tppabs="http://210.32.137.15/ebook/Web%20Programming%20with%20Perl%205/r2harch.gif" TEXT="#000000" BGCOLOR="#FFFFFF">



<H2 ALIGN="CENTER"><A HREF="ch15.htm" tppabs="http://210.32.137.15/ebook/Web%20Programming%20with%20Perl%205/ch15.htm"><IMG SRC="blanprev.gif" tppabs="http://210.32.137.15/ebook/Web%20Programming%20with%20Perl%205/blanprev.gif" WIDTH="37" HEIGHT="37"

ALIGN="BOTTOM" BORDER="2"></A><A HREF="index-1.htm" tppabs="http://210.32.137.15/ebook/Web%20Programming%20with%20Perl%205/index-1.htm"><IMG SRC="blantoc.gif" tppabs="http://210.32.137.15/ebook/Web%20Programming%20with%20Perl%205/blantoc.gif" WIDTH="42"

HEIGHT="37" ALIGN="BOTTOM" BORDER="2"></A><A HREF="appa.htm" tppabs="http://210.32.137.15/ebook/Web%20Programming%20with%20Perl%205/appa.htm"><IMG SRC="blannext.gif" tppabs="http://210.32.137.15/ebook/Web%20Programming%20with%20Perl%205/blannext.gif"

WIDTH="45" HEIGHT="37" ALIGN="BOTTOM" BORDER="2"></A><BR>

<BR>

<FONT COLOR="#0000AA">16</FONT><BR>

<A NAME="Heading1"></A><FONT COLOR="#000077">Advanced CGI/HTML<BR>

</FONT>

<HR>

</H2>



<UL>

	<LI><A HREF="#Heading1">Advanced CGI/HTML</A>

	<UL>

		<LI><A HREF="#Heading2">Sessions</A>

		<UL>

			<LI><A HREF="#Heading3">The Need for an Extended Session</A>

		</UL>

		<LI><A HREF="#Heading4">Listing 16.1. A very simple calculator.</A>

		<LI><A HREF="#Heading5">Listing 16.2. A personal notepad.</A>

		<LI><A HREF="#Heading6">Listing 16.3. A Web-based command shell.</A>

		<UL>

			<LI><A HREF="#Heading7">Warning and Dangers of Multiple Persistent Servers</A>

		</UL>

		<LI><A HREF="#Heading8">Embedded ObjectsAn Internet Proposal</A>

		<LI><A HREF="#Heading9">Netscape Cookies and Other Netscape Feature Tags</A>

		<LI><A HREF="#Heading10">Summary</A>

	</UL>

</UL>



<P>

<HR>

</P>



<UL>

	<LI>Sessions

	<P>

	<LI>Embedded Objects--An Internet Proposal

	<P>

	<LI>Tags

</UL>



<P>This chapter will attempt to explain some of the more advanced aspects of CGI

programming and HTML in general. CGI programs, as you can probably tell, are very

simple transaction-based programs that might perform a simple task. Suppose that

you wanted to take that simple task further and do more heavy-duty type work. You

will find that the CGI paradigm itself cannot handle some of the basic needs of more

advanced applications without the help of some workarounds. There are also some new

proposals under way to enhance the capability of HTML. Hopefully, after reading this

chapter, you will have the necessary tools and information to perform robust operations

using CGI and HTML.

<H3 ALIGN="CENTER"><A NAME="Heading2"></A><FONT COLOR="#000077">Sessions</FONT></H3>

<P>As you have seen in previous chapters, one sorely missed concept in CGI programming

is that of a session or preserved state among transactions. A simple example of this

might be keeping track of items in a virtual shopping cart while the user happily

goes searching for more items to buy. Each visit to a page is a single transaction,

which means that once the CGI program is finished, it remembers nothing about what

it just did. You will see that the need for an extended session is essential when

you are implementing anything more than a simple fill-out form handler.

<H4 ALIGN="CENTER"><A NAME="Heading3"></A><FONT COLOR="#000077">The Need for an Extended

Session</FONT></H4>

<P>Sessions can be thought of as a combination of one or more transactions. As we

have seen, CGI programs are capable of nothing more than a single transaction. The

shopping cart is a good example of this need. Another might be keeping track of the

user information while the user is visiting your sight. Perhaps the .htaccess security

on your Web pages isn't quite enough. Maybe you'd like the user to login to your

site through a login CGI script. Another example might be to keep track of what the

user is searching for if you are providing a search engine on the Web.</P>

<P>All of these examples show that there is a crucial need for maintaining an extended

session across invocations of your CGI program. There are certain tricks that one

can play to maintain a state across separate and distinct CGI transactions. One of

these tricks has already been discussed in Chapter 4, &quot;HTML Forms--The Foundation

of an Interactive Web.&quot; Another trick is a bit more expensive in terms of performance

although it is a more secure approach. We will show you the techniques as well as

use them in some, hopefully, useful examples. <B><TT>Data and State Preservation

Between Transactions</TT></B> As we have seen in Chapter 4, there exists in the HTML

form specification the concept of a hidden field. Obviously a hidden field serves

no purpose other than to pass data from the HTML form back to the CGI script. In

fact, all fields are for this general purpose. The main difference with the hidden

field is that the user cannot alter this data and therefore it is a means by which

you can send data back to yourself. This is the first and most obvious way to maintain

a state across sessions. What you would do is simply put the data you wish to retain

across transactions into a hidden field and then examine the contents of the hidden

field the next time your CGI script is called. This is a neat trick, but remember

that each transaction causes this data to travel across the wire for everyone to

see! This is obviously not a good place to keep track of passwords and credit-card

numbers.</P>

<P>Another way of preserving state between transactions is by using files on the

server. What you can do is create a unique file instance perhaps based on either

the <TT>REMOTE_HOST</TT> environment variable or the <TT>REMOTE_ADDR</TT> environment

variable if <TT>REMOTE_HOST</TT> is not available. By definition of the CGI specification,

at least <TT>REMOTE_ADDR</TT> should be set by the server prior to execution of the

CGI program. You may also want to include the current date or time with this file

as you may wish to control the expiration of a user's session. As you might guess,

this method will most likely be slower due to the fact that you must always open

the session file upon each script invocation. The overhead of doing this might be

worthwhile depending on the amount of data you wish to preserve. Disk access is still

faster than network transmission. There are other dangers of using a server-based

session file that we will discuss.</P>

<P>A third approach is to use a combination of the first two approaches. You may

wish to provide a login screen or use a protected script to obtain a userid when

the user first enters your CGI session. You can then create a one-way hash of the

userid perhaps again with the current date or time and pass this hash value back

in a hidden field for continuous authentication between transactions.</P>

<P>Let's now take a look at a few examples using these methods of state preservation.

Our first example will be a simple calculator, shown in Listing 16.1. We will maintain

the current value and allow add, subtract, multiply, and divide operations. The data

we will want to retain across transactions is the current value.

<H3 ALIGN="CENTER"><A NAME="Heading4"></A><FONT COLOR="#000077">Listing 16.1. A very

simple calculator</FONT></H3>

<PRE><FONT COLOR="#0066FF">#!/usr/local/bin/perl



use CGI::Form;

$q = new CGI::Form;

print $q-&gt;header();

print $q-&gt;start_html(-title=&gt;`A Very Simple Calculator');

print &quot;&lt;H1&gt;A Very Simple Calculator&lt;/H1&gt;\n&quot;;



if ($q-&gt;cgi-&gt;var(`REQUEST_METHOD') eq `GET') {

   $val=0;

   &amp;printForm($q,$val);

} else {

   $val=$q-&gt;param(`hiddenValue');

   $modifier=$q-&gt;param(`Modifier');

   if ($modifier=~/^[\d]+$/) {

      $op=$q-&gt;param(`Action');

      if ($op eq &quot;Add&quot;) {

         $val+=$modifier;

      } elsif ($op eq &quot;Subtract&quot;) {

         $val-=$modifier;

      } elsif ($op eq &quot;Multiply&quot;) {

         $val*=$modifier;

      } elsif ($op eq &quot;Divide&quot;) {

         $val/=$modifier;

      }

   } else {

      print &quot;&lt;P&gt;&lt;STRONG&gt;Please enter a numeric value!&lt;/STRONG&gt;&lt;BR&gt;&lt;BR&gt;\n&quot;;

   }

   $q-&gt;param(`hiddenValue',$val);

   &amp;printForm($q,$val);

}

print $q-&gt;end_html();



sub printForm {

   my($q,$val)=@_;

   print &quot;&lt;P&gt;The current value is: $val\n&quot;;

   print &quot;&lt;P&gt;Please enter a value and select an operation.\n&lt;BR&gt;&quot;;

   print $q-&gt;start_multipart_form();

   print $q-&gt;hidden(-name=&gt;`hiddenValue',-value=&gt;$val);

   print &quot;&lt;TABLE&gt;&lt;TR&gt;&lt;TD COLSPAN=4&gt;\n&quot;;

   print $q-&gt;textfield(-name=&gt;`Modifier',-size=&gt;12,-maxlength=&gt;5);

   print &quot;&lt;/TD&gt;&lt;/TR&gt;\n&lt;TR&gt;&lt;TD&gt;\n&quot;;

   print $q-&gt;submit(-name=&gt;`Action',-value=&gt;`Add');

   print &quot;\n&lt;/TD&gt;&lt;TD&gt;\n&quot;;

   print $q-&gt;submit(-name=&gt;`Action',-value=&gt;`Subtract');

   print &quot;\n&lt;/TD&gt;&lt;TD&gt;\n&quot;;

   print $q-&gt;submit(-name=&gt;`Action',-value=&gt;`Multiply');

   print &quot;\n&lt;/TD&gt;&lt;TD&gt;\n&quot;;