Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side.

Similar presentations


Presentation on theme: " Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side."— Presentation transcript:

1

2  Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side scripts  Programs that the web server runs in response to something done by a web client (browser)  Common server-side languages and extensions  Perl Common Gateway Interface (CGI) –.pl,.cgi  PHP –.php  Active Server Pages (ASP) –.asp  ASP.NET –.aspx  JavaServer Pages (JSP) –.jsp  ColdFusion –.cfm 2Server-Side Scripting

3  Client requests a page containing JavaScript code  GET ex0.html HTTP/1.1  Server returns an HTML file containing embedded JavaScript var iter = 0; while(iter < 1000) { document.write("G O N A V Y ! "); iter = iter + 1; }  Client renders the page  Includes executing the embedded JavaScript Server-Side Scripting3

4  Client requests a page containing JavaScript code  GET ex0.jsx? HTTP/1.1  Server executes the JavaScript code and generates the HTML content  Client receives HTML and renders it Server-Side Scripting4

5  Two mechanisms for sending arguments to server-side scripts  GET  POST  GET provides inputs to the server as part of the URL  Simpler  POST provides inputs to the server “behind the scenes” Server-Side Scripting5

6  Example URL http://.../f2c.jsx?fahrenheit=78  URL for script ends with “ ? ”  Designates the start of the querystring  Querystring consists of name=value pairs  name=value pairs are parameters the server-side script will use as inputs  Multiple name=value pairs separated by “ & ”  arg1=value1&arg2=value2  Specify the action and method attributes in the form element  action specifies the script to use  method specifies either GET or POST  Server-Side Scripting6

7  Server-side scripts execute on the remote server  Uses server resources  Can cause problems for a server administrator  Performance  Security  Validation and sanitization help ensure valid input is supplied to a program  Validation: checks if the input meets a set of criteria  Sanitization: modifies the input to ensure that it is valid Server-Side Scripting7

8  Testing for the length  Format  Range  Allowable characters  Example  Program expects positive integer input  Validate that any string input consists only of the digits 0 through 9 Server-Side Scripting8

9  Attempt to parse a valid value from the provided input  Strip the invalid content from the input  Re-format the input  Escape characters so they cannot be interpreted as code  Use a default value Server-Side Scripting9

10  Assume a script that writes “GO NAVY!” a user-specified number of times  gonavy.jsx?n=800  What if the user wants to print “GO NAVY” 100,000,000 times?  What if multiple users want to do so? Server-Side Scripting10

11  For performance reasons, we may want to limit users to N=5000  Validate the user input  A number  If not a number, set to a default value of 100  Less than 0  If < 0, set value to 0  Greater than (or equal to) 5000  If > 5000, set value to 5000 Server-Side Scripting11


Download ppt " Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side."

Similar presentations


Ads by Google