Mediascripting on the Web (CSC 195 2014F) : Outlines
Held: Thursday, 17 April 2014
Back to Outline 10 - Server-Side Programming with PHP.
On to Outline 12 - SQL.
We continue our explorations of PHP, considering mostly conceptual issues.
- The client-server model, revisited.
- Detour: CGI scripts.
- Why write server-side scripts, anyway?
- Dangers of server-side scripts.
- Storing and retrieving data, a simple approach.
- We'll look at some of the things you built.
- Remember: Pioneer Weekend is this weekend!
- Next homework: Find an online SQL Tutorial, do the tutorial, and enter
a few key points you learned.
- Serves pages
- Serves data
- Holds resources
- Does computation (with PHP or other server-side language)
- Shows content
- Sends requests to server (for pages
Detour: CGI Scripts
- On many servers, you can write server-side scripts in essentially
any programming language.
- Issue one: You need a short header that includes at least a
Content-type declaration. Follow the header with a blank line.
- Issue two: Suffix should be .cgi.
- Issue three: How do you get form data? (Do you need form data?)
- We'll look at a few examples.
Server-Side vs. Client-Side, Revisited
- Why write client-side scripts?
- So far, the only thing we've come up with was "large amounts of data".
- But an interactive client might be able to query a good database
server for the subset of the data it needs.
- So why else?
- Changing a database should need password. Don't want to provide password
- Some kinds of computation may be more natural.
- Other resources available on the client (what?)
- Sam's standard search feature.
Dangers of Client-Side Scripting
- Places a burden on your servers
- Web server: Additional computation (vector for DoS)
- File server: Additional file requests (vector for frustration)
- Potential security leaks
- Can someone abuse your feature by giving unexpected input?
- MathLAN specific: Difficult (impossible) to have private passwords.
- Suppose you want to store some simple data for your script. How
might you do it? (No database server; all you get is the filesystem.)