Server-side Scripts & Database Connectivity
CIS311 Dr. Drew Hwang

Client-Server Interaction

This type of client-server interaction involves three steps:

Getting the data from the client to the server.

Processing the data on the server.

Sending the results from the server to the client.

CGI (Common Gateway Interface) scripts (or called server script) are the programs that run on the server to service client requests, and it is the standard for passing data from the browser to the server.
The only difference between a regular program and a CGI scripts is where the data comes from. Whereas normal programs get their input directly from the user, or by reading local files, CGI scripts must get their input over the Internet through HTTP protocol.

Form-Script Interaction

The <FORM> tag provides homepages with the most important script interaction. The complete syntax of the <FORM> tag when used for data input to the server is:
<FORM ACTION=cgiURL METHOD=method>. The ACTION attribute specifies which CGI program on the server will process the input. The cgiURL is the location where the CGI program resides. Note that the CGI program may not even reside on the same server from which the page with the form was requested.
When the user fills out the form and clicks the SUBMIT button (or sometimes called the "Search," the "Go", or the others), the user's browser then:

Picks the name of the script from the ACTION attribute.

Collects all the data from the various controls on the form and places them next to each other with the symbol & between them.

Generates the entire string that uses the format: cgiURL?data, where the data is a string that holds all the data entered by the user.

After the server receives the string, it passes the entire string following the ? to the CGI program. The CGI program then processes the data and creates a new homepage with the results on the fly and sends it back to the server. Finally, the server sends the page back to the user's browser.
The METHOD action specifies one of the two mechanisms for passing data to the server using GET or POST. With GET method, the string sent back from the client is stored in an HTTP server variable. With POST method, the data is presented as a name-value pair, where name is a control name on the form and value is its content (e.g., cgi-bin\orderin.exe?Itemno="COM244"&Orderqty="15"&...).
Through using the <FORM> tag, the Web's client-server architecture provides a uniform interface for database front ends that can be used equally well in a local network environment, on an intranet/extranet, and on the Internet.

Server Applications Development

Server-side applications can be written by using one of two supported interfaces, the server API (Application Programming Interface) or the CGI (Common Gateway Interface).
A server API is an published interface that lets software developers write programs that become part of the Web server itself. Applications that use API are compiled as dynamic-link libraries (DLLs) that are loaded by the WWW service at startup. Because the programs are resident in memory, API programs are significantly faster than applications written to the CGI specification. In contrast, CGI scripts must be loaded and unloaded each time they are used, making the server processing time-consuming. However, CGI scripts are simple and portable across different computing platforms.
There are three common-used server APIs including Microsoft's ISAPI, Netscape's NSAPI, and O'Reilly Web Site's WSAPI.

Internet Server Application Program Interface (ISAPI)

ISAPI for Windows NT IIS can be used to write applications that Web users can activate by filling out an HTML form or clicking a link in an HTML page on your Web site. The remote application can then take the user-supplied information and do almost anything with it that can be programmed, and then return the results in an HTML page or post the information in a database (see the following figure).

[08_i260b 3328 bytes ]

One example of the ISAPI application is Microsoft's Internet Database Connector. ISAPI extensions can also be combined with the Internet Database Connector (IDC) to create highly interactive sites. In this, Web browsers submit requests to the Internet server by using HTTP. The Internet server responds with a document formatted in HTML. Access to databases is accomplished through a component of Internet Information Server called the IDC. The Internet Database Connector, Httpodbc.dll, is an ISAPI DLL that uses ODBC to gain access to databases.

The IDC uses two types of files to control how the database is accessed and how the output Web page is constructed. These files are Internet Database Connector (.idc) files and HTML extension (.htx) files.

The .idc file can be placed into the <Form>
    tag (e.g., <FORM METHOD="POST"
    ACTION="/scripts/samples/sample2.idc">)or the <A> tag (e.g., <A
    HREF="http://webserver/samples/dbsamp/dbsamp1.idc">Click here to run
    query</A>

). A sample .idc file and a sample .htx file look like this:

.idc	.htx (only the portion that displays the results in table)
`Datasource: Web SQL Username: sa Template: sample.htx SQLStatement: + SELECT au_lname, ytd_sales + from pubs.dbo.titleview + where ytd_sales>5000`	<TABLE BORDER> <%begindetail%> <%if CurrentRecord EQ 0 %> <caption>Query results:</caption> <TR> <TH><B>Author</B></TH> <TH><B>YTD Sales<BR>(in dollars)</B></TH> </TR> <%endif%> <TR> <TD> <A HREF="/scripts/samples/sample3a.idc?lname= <%au_lname%>"><%au_lname%></A> </TD> <TD align="right">$<%ytd_sales%></TD> </TR> <%enddetail%> </TABLE>

On Internet Information Server, the entire process of using the Internet Database Connector for this example is performed in six steps, as shown in the following diagram.

[08_i260n 4533 bytes ]

Common Gateway Interface (CGI)

Common Gateway Interface (CGI) is a set of specifications for passing information between a client Web browser, a Web server, and a CGI application. A client Web browser can start a CGI application by filling out an HTML form or clicking a link in an HTML page on your Web server. As with ISAPI, the CGI application can take the information the client Web browser supplies and do almost anything that can be programmed, then return the results of the application in an HTML page, or post the information to a database. Because simple CGI applications are often written using scripting languages such as Perl, CGI applications are sometimes referred to as "scripts." The following figure illustrates how a browser, a server, and a CGI application exchange information by using CGI. The rest of this section discusses this five-part process.

[08_i260e 3494 bytes ]

Server Scripts Development

For the most advanced Microsoft Web platform, server-side scripting using Active Server Pages uses the same VBScript language that is used in client-side scripting. The major difference is that with Active Server Pages, the script is placed in <%> tag and processed by the Web server before the Web page is sent to the client.

Client-side vs. Server-side Scripting

Client-side scripting is great for animating Web pages and performing local data validation and computations, but large-scale client-server applications need additional functionality that requires the Web server to perform more complicated tasks.
The advantages and disadvantages of client-side and server-side scripting*:

Client- Side	Adv.	Client-side scripts share the processing burden of the Web server and relax the bandwidth demand on the Internet. Client-side functionality is extended through using ActiveX controls. Client-side scripting creates interactive (or dynamic) Web pages. Client-side scripting creates interactive (or dynamic) dynamic forms. Client-side scripting adds flexibility in creating user interface. Client-side scripts provide instant feedback to users.
Client- Side	Disadv.	Client-side scripting is browser (brand and version)-dependent. Client-side scripting is computer platform dependent. Source code of client-side scripts is not secured. The client-side scripts make the pages bulky. Variable scope is limited to a single page. It takes longer to download pages with ActiveX controls. Client-side scripting has limited error handling and debugging support. Client-side scripting provides no direct access to system objects.
Server- side	Adv.	Server-side scripts are browser-independent. Global variables are available with server-side scripting. Web pages can be dynamically customized based on user input (e.g., browser identity, screen resolution, etc.) Server-side scripts are secured. Server-side scripts provide live data through interfacing with server database. ActiveX controls can be used on the server without being sent to the client. HTTP server variables are available for server-side scripts for more functionalities.
Server- side	Disadv.	No debugging tools available for server-side scripting No direct control over the user interface for server-side scripting. Server-side scripting is more difficult. It's hard to know when a session ends (i.e., the session variable cannot be cleared).

* Mike Morrison, et. al., "Using Microsoft Visual InterDev," QUE, 1997.

Sample HTTP Server Variables

Variable	Sample Value
AUTH_TYPE
CONTENT_LENGTH	0
CONTENT_TYPE
GATEWAY_INTERFACE	CGI/1.1
LOGON_USER
PATH_INFO	/ASPSamp/Samples/srvvar.asp
PATH_TRANSLATED	C:\inetpub\ASPSamp\Samples\srvvar.asp
QUERY_STRING
REMOTE_ADDR	134.71.244.49
REMOTE_HOST	134.71.244.49
REQUEST_METHOD	GET
SCRIPT_MAP
SCRIPT_NAME	/ASPSamp/Samples/srvvar.asp
SERVER_NAME	dhsystem
SERVER_PORT	80
SERVER_PORT_SECURE	0
SERVER_PROTOCOL	HTTP/1.0
SERVER_SOFTWARE	Microsoft-IIS/3.0
URL	/ASPSamp/Samples/srvvar.asp
HTTP_ACCEPT	image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, /
HTTP_ACCEPT_LANGUAGE	en
HTTP_CONNECTION	Keep-Alive
HTTP_HOST	dhsystem
HTTP_REFERER	http://dhsystem/ASPSamp/Samples/Samples.htm
HTTP_UA_PIXELS	640x480
HTTP_UA_COLOR	color8
HTTP_UA_OS	Windows NT
HTTP_UA_CPU	x86
HTTP_USER_AGENT	Mozilla/2.0 (compatible; MSIE 3.02; Windows NT)
HTTP_COOKIE	ASPSESSIONID=ZFHSRTKJPWCAHYRE