M.P. Johnson, DBMS, Stern/NYU, Sp20041 C : Database Management Systems Lecture #21 Matthew P. Johnson Stern School of Business, NYU Spring, 2004

M.P. Johnson, DBMS, Stern/NYU, Sp Agenda Previously: CGI, Perl Next: Scripting for SQL on the web  More Perl  PHP Security Project part 4 due today Project part 5 assigned today  Short hw?

M.P. Johnson, DBMS, Stern/NYU, Sp Review: CGI Program Client Server HTTP Request Data for program Generated HTML HTML Image from

M.P. Johnson, DBMS, Stern/NYU, Sp Perl and HTML headers Data sent to a browser is prefaced with a header describe type of data: Hand-generated html must print this before anything else: Or:  When use-ing CGI Content-type: text/html\n\n print “Content-type: text/html\n\n”; print CGI::header();

M.P. Johnson, DBMS, Stern/NYU, Sp Perl, HTML, and CGI.pm CGI.pm offers a “front-end” to HTML  Replaces mark-up language with an API Very simple example:  gipm.cgi gipm.cgi Somewhat simpler, but another thing to learn Mostly won’t cover Review: Hello, World

M.P. Johnson, DBMS, Stern/NYU, Sp New topic: HTML forms “Active” parts of HTML: forms Intuition for name: paper form  Fill in textboxes, check boxes or not, etc.  Turn it in HTML form  contains arb. # of INPUTs  Submits to somewhere (ACTION)  By GET or POST

M.P. Johnson, DBMS, Stern/NYU, Sp Form example (visible?) From On clicking Send, we go to script.php with “foo=bar”

M.P. Johnson, DBMS, Stern/NYU, Sp Perl and forms Obtain param number: Goal: display text and button;  On submit, tell user what was entered Improve: also print, say, double the input my $cgi = CGI->new(); $param = $cgi->param('number'); my $cgi = CGI->new(); $param = $cgi->param('number');

M.P. Johnson, DBMS, Stern/NYU, Sp Perl error-handling Many Perl scripts have lines of the form  some-statement OR die(“something happened”); What this means:  die exits with error message  Perl supports both || and OR as or operator  Perl supports boolean “short-circuiting” Boolean eval stops as fast as possible  Ftns often return 0/null/false for errors  if some-statement fails then we die

M.P. Johnson, DBMS, Stern/NYU, Sp Perl and databases DB connectivity is done through DBI  Database Interface  Analogous to Java’s JDBC Think of DBI as a Java class with static methods Use these to obtain a connection, prepare and execute queries, etc.

M.P. Johnson, DBMS, Stern/NYU, Sp Perl DBI 1. Open a connection: 2. Prepare and execute query: my $dbh = DBI-> connect("dbi:mysql:database=test;mysql2.st ern.nyu.edu;port=3306", user, pass); my $sth = $dbh->prepare($query); $sth->execute; my $sth = $dbh->prepare($query); $sth->execute;

M.P. Johnson, DBMS, Stern/NYU, Sp Perl DBI 3. Extract next row of data from statement results, if available:  What this means: row has two fields, whose values are put in $a and $b, in order  Other options, but this should suffice In general, want to scroll through results:  Braces { } are required! my ($a, $b) = $sth->fetchrow_array() while (my ($a, $b) = $sth->fetchrow_array()) { # print out $a and $b } while (my ($a, $b) = $sth->fetchrow_array()) { # print out $a and $b }

M.P. Johnson, DBMS, Stern/NYU, Sp Limit: Perl webpages that do something Semi-interesting Perl script:  Non-trivial but not huge: ~40 lines Works with two-column (a,b) table  Takes input from user  Returns rows whose a field contains value  If no/empty input, returns all rows Bad idea in general!

M.P. Johnson, DBMS, Stern/NYU, Sp lookup.cgi Two possible situations for running script: 1. Page opened for the first time 2. User entered parameter and pressed button Structure of file: 1. Print input box and button for next search  On button click, parameter is sent to this page’s url 2. (Try to) read input parameter 3. Open MySQL connection 4. Run query 5. Print results in a table 6. Disconnect from MySQL

M.P. Johnson, DBMS, Stern/NYU, Sp Higher-level structure As one page:  If we have params, display data based on them  Otherwise, prompt user for params, call self Could be:  Page 1: prompt for params, call page 2  Page 2: display data based on params In e.g.: always display data for convenience

M.P. Johnson, DBMS, Stern/NYU, Sp Tutorials on Perl Some material drawn from the following good tutorials: CGI backend programming using perl:  Perl Basics:  CGI Basics:  MySQL/Perl/CGI example: 

M.P. Johnson, DBMS, Stern/NYU, Sp That’s all, folks! Q: Is this enough to get a job coding Perl? A: Probably not! But: Don’t like Perl/CGI? Don’t want to run start a process for every user of your site? Next we’ll do PHP… a couple modified copies of lookup.cgi and cia.cgi + some HTML  fairly interesting site a couple modified copies of lookup.cgi and cia.cgi + some HTML  fairly interesting site

M.P. Johnson, DBMS, Stern/NYU, Sp Dynamic webpages Original prob: need webpages to respond to user inputs Soln 2:  create a an html file embedded with special non- html code  upon url request, execute embedded code to generate more html  Send back the modified html page to user  An incomplete html page exists on server  PHP, JSPs, ASPs, etc.

M.P. Johnson, DBMS, Stern/NYU, Sp New topic: PHP First option: for each request: run program, produce whole page, send back  CGI and some host language Second option: create html page with missing parts; for each response, fill in the wholes and send back  Embedded scripting  PHP and others  PHP = Personal Home Page or = PHP Hypertext Processor

M.P. Johnson, DBMS, Stern/NYU, Sp hello.php Q: What the difference between and \n? Hello from PHP Here is the PHP part: \n“; ?> That's it! Hello from PHP Here is the PHP part: \n“; ?> That's it!

M.P. Johnson, DBMS, Stern/NYU, Sp hello2.php Script errors, w/ and w/o display_errors on:   Local dir must contain.htaccess:  Automatically load GET/POST params as vars  php_flag display_errors on php_flag register_globals on php_flag display_errors on php_flag register_globals on

M.P. Johnson, DBMS, Stern/NYU, Sp More on PHP Somewhat C-like, somewhat Perl-like Case-sensitive Comments:  # Unix shell-style  /* */ C-style  // C++-style Output:  echo(“hi there”);  C’s printf

M.P. Johnson, DBMS, Stern/NYU, Sp PHP vars Similar to those of Perl  <? $num1 = 58; $num2 = 67; print "First number ". $num1. " "; print "Second number ". $num2. " "; $total = $num1 + $num2; print "The sum is ". $total. " "; ?> <? $num1 = 58; $num2 = 67; print "First number ". $num1. " "; print "Second number ". $num2. " "; $total = $num1 + $num2; print "The sum is ". $total. " "; ?>

M.P. Johnson, DBMS, Stern/NYU, Sp Combining PHP and HTML <?php for($z=0;$z<=5;$z++) { ?> Iteration number <? } ?> <?php for($z=0;$z<=5;$z++) { ?> Iteration number <? } ?>

M.P. Johnson, DBMS, Stern/NYU, Sp PHP info PHP does not have both string and number ops like Perl Number ops treat (number) strings as numbers, regular strings as strings  Info function displays lots of PHP/HTML info: 

M.P. Johnson, DBMS, Stern/NYU, Sp PHP & MySQL 1. Open a connection and open our DB: 2. Run query: $db = mysql_connect("mysql2.stern.nyu.edu:3306", user, pass); mysql_select_db("test", $db); $db = mysql_connect("mysql2.stern.nyu.edu:3306", user, pass); mysql_select_db("test", $db); $result = mysql_query($query,$db);

M.P. Johnson, DBMS, Stern/NYU, Sp PHP & MySQL 3. Extract next row of data from statement, if available:  What this means: myrow is an array that can then be accessed  Other options, but this should suffice In general, want to scroll through results: $myrow = mysql_fetch_row($result) while ($myrow = mysql_fetch_row($result)) # print row’s data while ($myrow = mysql_fetch_row($result)) # print row’s data

M.P. Johnson, DBMS, Stern/NYU, Sp Limit: PHP webpages that do something Semi-interesting Perl script:   Non-trivial but not huge: ~60 lines, but much plain html Works with two-column (a,b) table Takes input from user Returns rows whose a field contains value If no/empty input, returns all rows  Bad idea in general!

M.P. Johnson, DBMS, Stern/NYU, Sp lookup.php: port of lookup.cgi Two possible situations for running script: 1. Page opened for the first time 2. User entered parameter and pressed button Structure of file: 1. Print input box and button for next search  On button click, parameter is sent to this page’s url 2. (Try to) read input parameter 3. Open MySQL connection 4. Run query 5. Print results in a table 6. Disconnect from MySQL

M.P. Johnson, DBMS, Stern/NYU, Sp Insert/delete Perl/PHP example Similar to search example NB: form has two buttons t t

M.P. Johnson, DBMS, Stern/NYU, Sp Master-detail Perl/PHP example Idea: display list of regions;  When region clicked on, display its countries Mechanism: pass GET param in link, not with a FORM s/cia.pl s/cia.pl s/cia.php.txt s/cia.php.txt

M.P. Johnson, DBMS, Stern/NYU, Sp Tutorials on PHP Some material drawn from the following good tutorials: PHP introduction and examples:  Interactive PHP with database access:  Longer PHP/MySQL Tutorial from webmonkey:  Nice insert/update/delete example from webmonkey:  MySQL/Perl/PHP page from U-Wash: 

M.P. Johnson, DBMS, Stern/NYU, Sp Comparison of scripting languages PHP v. Perl:  PHP v. Perl v. Java servlets v. …:  -side-scripting-language/ -side-scripting-language/

M.P. Johnson, DBMS, Stern/NYU, Sp Advice for use of novel languages 1. Rerun often  don’t wait until end to try 2. Use frequent prints to be sure of var vals 3. When stuck, picture continuum from your current program to some other program  other prog. works but doesn’t do what you want  change either/both, step by step, until they meet in the middle

M.P. Johnson, DBMS, Stern/NYU, Sp That’s really all, folks! Q: Is this enough to get a job coding PHP? A: Again, probably not. But: again pretty easy to produce a semi-interested site with a few copies of lookup.php and cia.php. Don’t like PHP either? Lots of other choices, but again, you’re strongly discouraged from using something else for your project unless you know what you’re doing.