COMP3076 E-Commerce Technologies

Richard Henson University of Worcester October 2006

Week 4 - Developing Server-side Scripts for a Remote Server

Objectives:
Describe the server-side scripting model Explain how software tools can assist with integration of the four basic components of a client-server dynamic web pages application Create and use a simple database-linked server-script with Dreamweaver MX

Types of Web Application (1) Client-only

Why bother with server-scripts anyway why not do all the processing on the local browser?:
basic web pages provide the static content data and other files downloaded separately to provide some degree of dynamic content all applications software downloaded to the client and application runs on the client

Downside:
local editing of code possible, which may compromise security

Web Static Client-Server Model (simplified excluding the local server)

Types of Server Requests static content

Retrieve a web page via the Internet (web browsing - static content):
use http to send search string to local server local server converts domain name to IP address & uses http to send request to remote server remote server locates the web page and uses http to send it to the local server local server uses http to send the page to the browser browser display page as an exact copy of the original

Client-side Web Applications in practice

Until about 1997, MOST client browsers only requested and displayed data Increasing use of VB and JavaScript resulted in quite sophisticated client-end web applications
e.g: e-commerce systems such as shop@ssistant e.g: graphics-intensive gaming systems

Implemented via browser on a single machine

HTML files with <SCRIPT> code ... </SCRIPT>

If you dont like programming, tools can do it for you

Dreamweaver writes/embeds the code for you as client behaviours

Types of Web Application (2): Client-Server

Content is dynamic and readily communicable between client and server Typical process
Input screens (e.g. forms) collect information on the client browser & send it to the web server

script runs on the web server results displayed on client browser

http provides communication between client and server

performance therefore dependent on bandwidth!

Client-Server via the Web

Exactly the same principles apply as any other client-server applications running on two computers, and communicating data Same comms protocol (HTTP) used:
across a network [Intranet] through a secure outside line [Extranet]

Computer naming system more sophisticated across the net:

e.g. NetBIOS or WINS names local network Domain names world wide web

Types of Web Application (3)

Server scripts used in a more sophisticated way to interact with databases:

as with the static pages, the local server uses DNS to convert between domain name and IP address, and acts as a forwarding device as with local dynamic pages, processing takes place on a server database could be;
on the remote server containing the scripts on an entirely different remote server local, across the LAN

results of processing sent back to client and merged with a static web page to provide the display

Types of Server Requests dynamic content

Web application runs on the server:

data usually sent with program execution request e.g. query database on server server sends results back to browser (client) browser displays results results will depend on database contents as database contents change, so does the browser display

Web Dynamic Client-Server Model

Role of Server Scripts

Server-side scripting is required for any applications that require a dynamic input to the browser:
usually that will contain code that can extract data from or send data to a database whenever database updated:
updated data picked up by server-script when it runs
updated data displayed on client browser

whenever a browser form captures data

data transferred directly to relevant server then stored in specified database field(s)

Client-Server Web Applications v Client only applications

In an ideal world everything would be able to run via the browser on the client machine:
faster all data local more controlled

If
only small data sources, or infrequently changed data sources are used data wasnt being captured for a database that would be accessible by other clients, this could be the case

An example that shows all this: shop@ssistant

Shop@ssistant Client-end E-commerce Web Application

Small amount of product data held in a text or csv file Downloaded product data:
either easily integrated into an array within a compact, downloadable chunk of JavaScript functions embedded in a HTML file or easily converted into a client-side script written in JavaScript
e.g. use of a client-side script such as a GDIdb script to access a small downloadable database

Critical Look at Client-end Applications

Pitfalls:
what if a large, regularly updated centralised data store needs to be accessed?
Example: search engine:

whole database would have to be downloaded every time the application is to be used! client not powerful enough client wouldnt have the storage capacity bandwidth not sufficient local editing of code/data can compromise security

In many instances, server-scripting/interrogating a server-based database is the only way

Summary of components for a Client-Server Web Application

Browser to display HTML data:

form to collect data static & dynamic content from the server-script to present data

Web Server to communicate with browser Server-script(s) on the web server to process the form & send data to the database Database for the script to interact with and receive/send data from/to Connectivity software to link server-scripts and embedded SQL with the database

Making it easier!

Like other web development tools, Dreamweaver can manage all of these components
great for producing web pages with templates, style sheets, forms, tables, etc. deals with local/remote server, connectivity software, type of script (could be asp, cold fusion or java server pages) many server scripts available, either within Dreamweaver or via the web using Extension Manager
latter also supports more complex server behaviours such as shopping carts

Dreamweaver for
Developing & Managing Dynamic Websites

Individual pages:
can allow development in DHTML (fusion of HTML, style sheets, and JavaScript) dynamic client-side effects known as client behaviours

Local/Remote site
can manage links, features and effects (as site assets) over whole web sites can synchronise pages between pre-defined local site and www-based remote site Additional application server definition added to same remote site, or a further www-based site

When NOT to use a Web Applications tool for development

Dreamweaver has a tool to handle database design, implementation etc

BUT recommended that this part is done using the RDBMS itself Should use CASE tools, or at least entityrelationship diagrams Implementation of database should follow database design SQL queries and server scripts should follow database implementation

Variable Passing between Dynamic Web Pages

As the scope of the www became apparent, Tim Berners-Lee added several features to basic HTML syntax to allow data to be passed to server processes One method added is the GET function tagged on as a parameter to the URL e.g. Get <www address>/thetest.jsp?firstname=richard&pas sword=holidays&lastname=henson&action=t ransferbankfunds

Problem with GET: v. long URLs

Variable Passing between Dynamic Web Pages

POST
alternative method of sending data designed to be used within HTML forms

Example of syntax:
post /thetest.jsp firstname=richard&password=holiday s&lastname=henson&action=transfer bankfunds

How do Server Scripts work?

Browser uses http to:

make a request to run a particular script on the server pass appropriately formatted html captured data to that server process

Server running the script:

uses data from browser as input to its process
EITHER saves results somewhere (on a database?) OR uses http to pass results (as html) back to the browser OR both!

sends HTML info back to the browser to format and display results of processing as it wishes

Early Server Scripts (pre-asp)

CGI (Common Gateway Interface)

first use of http for a client-server application so called because different types of clients and server communicate using a common protocol (ie TCP/IP) code written in C ran on Unix servers fairly primitive client browser

Relative Merits of CGI and current scripts

CGIs: free-standing programs connected to the Web server only through a few invocation parameters and environment variables
each cgi process
takes quite a lot of server memory has to be loaded in and out of memory before/after use

By contrast, e.g. asp, cf or php scripts:

very tightly integrated with web server can be configured to share the same web server process space in memory

Features of Embedded Server Scripts

Must run server-side therefore no point downloading code to client Must be of an appropriate type for the web server that is to execute the code Have built-in technologies for:
accessing large databases held on remote web servers anywhere on the world wide web, security restrictions permitting performing many queries per second on such databases

Script/HTML code combined according to clear syntax rules and saved with approp suffix

off the shelf server-side code

Packages like Dreamweaver have a

library of existing server-scripts ready for use the term server scripts becomes server behaviours Menu driven
"Live Objects" menu option enabling quick creation of:
Master-Detail

Pages

Insert

Pages Update pages

Creating new Server behaviours

Dreamweaver also includes a Server Behaviour Builder

very popular with experienced developers significantly improves the ability for end users and third parties to create additional Server Behaviours allows programmers to incorporate advanced coding and database interaction into graphically well-designed Web pages

Which to use ASP, CF or ASP

ASP was based on VBScript

the first popular scripting language to embed with HTML Once VERY popular Still good, but Microsoft muddied the waters when they introduced ASP.NET

CF and PHP:
both scripting languages both designed to integrate with HTML and database systems CF was designed for Windows NT/IIS platforms PHP originally designed for Linux; now runs on Windows

Features of ASP
Syntax designed to mix plain HTML and script code into a single file
hybrid approach between static content and dynamically created content dynamic portions appear between special ASP markers:

<% at the beginning of a script segment %> at the end of a script segment text outside markers downloaded as it is text inside the ASP markers executed as a script, output of the script code is downloaded

The Database

Whole point of a server-script is usually to query a web based database When planning a new web-based system, it may be that the required database already exists The choices are:
EITHER to convert/port data into a new DBMS OR, assuming the existing database is relational, make use of the existing DBMS as it stands

Choice of DBMS entry level

Access or MySQL - small databases Both have their limitations:

Access cant support more than 10 concurrent users/queries MySQL falls short of full SQL capability in other ways:
http://www.borland.com/resources/en/p df/white_papers/ib_vs_MySQL.pdf

Beware Earlier versions of Access!

Still integrate well with server-side scripting However, use a slightly different SQL syntax:
not automatically transferable to enterprise databases if an organisation subsequently need to move up to a more powerful system

Enterprise databases like SQL Server and Oracle give you full-blown programming and business logic within the database

Choice of DBMS - Larger systems

Realistically, two alternatives:

SQL Server Oracle

Alternatively, create an Access Project file that uses the SQL Server database engine (e.g. Access XP)

Developing a Database with Dreamweaver?

Dreamweaver has an excellent facility to allow database development from within However, it is generally recommended that database code be written in the databases own environment Reasoning: all database logic is encapsulated where it belongs:
i.e. in the database not on an ASP, CF, or PHP page

Developing the Database Independently

Field link programming etc. resides within the database rather than on a specific Web page
consequently, when something needs to be changed in the database: simply have to change the Stored Procedure or View not all your UD pages

Previous investment in programming will still remain even if the developer changes platform/scripting language

Linking the Database with the Web Server

Using IIS:
All Microsoft components (MDAC) Freely available on the web MDAC enables any database system to link to IIS MDAC more vulnerable to viruses, etc.

Using Apache:
No MDAC vulnerabilities Can still use ODBC if on Windows platform

Summary of popular Web Server/Scripting/OS combinations

ASP/IIS/Windows CF/IIS/Windows PHP/Apache/Windows PHP/Apache/Unix Software freely available to support most environments running on Windows For development purposes, Dreamweaver server behaviours for all three server scripting languages

Which to Use?

All have their adherents All can easily go pear shaped! Most reliable:
all Microsoft? no Microsoft!

All Microsoft options means using existing skills rather than learning new ones:
asp programming code - Visual BASIC skills creating a relational database Access a popular platform

But some like a challenge

Linux, Apache & PHP all open source software

SQL

Developed by IBM in 1974 as Structured Query Language

took a lot of the tedium out of database programming based on a small number of commands one line of SQL could replace 100 lines of COBOL!

Popularised by:
ORACLE on mid-range systems DB2 on IBM mainframes

Now the industry standard for databases

Benefits of knowing SQL when creating server-scripts

When developing asps:

writing VB code is obviously important for the server-scripts
input/output knowledge of VB syntax assumed

but the embedded database queries also have to be right...

It figures that:
the more a developer is competent with SQL syntax the more elaborate interaction they will be able to achieve with database data

Learning SQL?

Have a go! Dreamweaver has ready made server behaviours with SQL queries built-in Possible to practice modifying queries using Dreamweavers SQL query writing tool
gives you experience of server behaviours, databases, and SQL queries all at the same time Will also come in very handy when you come to design that shopping cart system