Write brief answers to the following questions.

1. What are the different methods CGI uses for returning HTTP ? 3
CGI.pm has two methods for returning HTTP headers: header and redirect. They correspond to the two ways you can return data from CGI scripts: you can return a document, or you can redirect to another document.

2. Which are the file locks available in peri ? 3

A shared lock allows more than one program (or other process) to access the file at the same time. A program should use a shared lock when reading from a file. An exclusive lock allows only one program or process to access the file while the lock is held. A program should use an exclusive lock when writing to a file. File locking is accomplished in Perl using the Fcntl module, EG: use Fcntl qw(:flock);

3. How do you set the environmental variables manually? 3 4. What are the common errors in programming with Perl? 3
Problem Application permissions The pound-bang line Line endings Malformed header Typical Error Message 403 Forbidden 403 Forbidden 500 Internal Server Error 500 Internal Server Error

5. What are the advantages of XML? 3 The real power of XML comes from the fact that with XML, not only can you define your own set of tags, but the rules specified by those tags need not be limited to formatting rules. XML allows you to define all sorts of tags with all sorts of rules, such as tags representing business rules or tags representing data description or data relationships.

Some of the benefits are: With XML, the GUI is extracted. Thus, changes to display do not require futzing with the data. Instead, a separate style sheet will specify a table display or a list display.

Searching the data is easy and efficient. Search engines can simply parse the description bearing tags rather than muddling in the data. Tags provide the search engines with the intelligence they lack. Complex relationships like trees and inheritance can be communicated. The code is much more legible to a person coming into the environment with no prior knowledge. In the above example, it is obvious that <ID>002</ID> represents an ID whereas <LI>002 might not. XML is self-describing. Data is provided in a way that makes it easily transportable via HTTP. By and large, tags make up the majority of XML markup. A tag is pretty much anything between angular brackets < >

6. Explain the syntax of HTML template. 4 Example 7-1. current_time.tmpl <HTML> <HEAD> <TITLE>Current Time</TITLE> </HEAD> <BODY BGCOLOR=white> <H1>Current Time</H1> <P>Welcome. The current time is <TMPL_VAR NAME=current_time>.</P> </BODY> </HTML> 7. Explain the structure of CGI program. 3 Perl has three types of variables: Scalars: Scalar variables are variables that can hold only one value at a time. A scalar variable is defined in Perl by using $, Arrays: An array stores a list of values. While a scalar variable can only store one value, an array can store many. Perl array names are prefixed with an at-sign (@)

Hashes: A hash is a special kind of array - an associative array, or paired group of elements. Perl hash names are prefixed with a percent sign (%), and consist of pairs of elements - a key and a data value. --------1. What is CGI? Explain with a diagram. 5 Ans: The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers such as HTTP servers. A plain HTML document that the Web daemon retrieves is static, which means it exists in a constant state: a text file that doesn't change. A CGI program, on the other hand, is executed in real-time, so that it can output dynamic information . The interactions are illustrated in the following diagram: Web Web CGI Appl. Browser Internet Server Protocol Program HTTP Env. Var. request stdin Send --------------> Convert ----------> Process | HTTP | response stdout V Receive <----------- Convert <---------- Process There are several basic rules with CGI: Web server provides most of the input information to application programs through environment variables. Data send in the HTTP request with the GET method is converted to a special environment variable, QUERY_STRING. Data send in converted to Data printed converted to ---------1. What is Virtual Document
Virtual, or dynamic, document creation is in the heart of CGI. Virtual documents are created on the fly in response to a users information request. Virtual HTML, plain text, image and even audio documents can be created

the HTTP request with the POST method is the standard input (stdin) channel. to the standard output (stdout) channel is the HTTP response

2. Mention the programming language that are used for CGI Programming
Ans: Many languages are available for CGI programming, although certain languages are more suited for CGI programming than others, Some of the most popular languages for CGI programming include AppleScript, C/C++, C Shell, Perl, Tcl, and Visual Basic. Before choosing a language, one must consider the following features. Ease of text manipulation. Ability to interface with other software libraries and utilities. Ability to access environment variables (in UNIX). 3. What is the Acronym XML & CSS stands for a. Extensible Markup Language, Cascading Style sheet 4. What are the methods used for sending Form data to the server a. Get Method and Post Method 5. State SSI (Server Side Includes) environment variables

Environment Variable
DATE_GMT DATE_LOCAL DOCUMENT_NAME DOCUMENT_URI LAST_MODIFIED QUERY_STRING_UNESCAPED

Description
Current date and time in GMT (Greenwich Mean Time) Current date and time in the local time zone The current filename Virtual path (relative to the document root) to the file Last modification date and time for current file Un-decoded query string with all shell meta characters escaped with a \.

6. Mention any 2 image formats used on line Ans: GIF and JPEG 7. Give basis of CGI Program 8. Java Script is a Scripting Language 9. CGI.PM module has become standard tool for creating CGI scripts in Perl 10. To execute the external program SSI directive is used 11. TextArea tag is used to enter multiple lines of text 12. Hash is also called as Associative array 13. CGI Script is the module used for producing graphs 1. The common applications that are designed using CGI are Forms, gateways and virtual documents 2. Status code 200 indicates that the request is processed successfully and response is included in the content. 1

3. With GET method, the form data are sent as part of URL and are saved in the Query_String environment variable. 2 4. How do make the field hidden? 1 <Input type = Hidden, Name = ABS, size = 10 > 5. The SSI directive inserts the last modification date and time for a specified file. 6. CGI.Pm supports Standard interface and Object Oriented interface. 2 7. What are the two different methods CGI.pm uses for returning HTTP headers? 2 Header and Re-direct 8. Mention the reasons for using HTML templates. 3

Ans: Template is as useful as any other programming abstraction. It's a separation of roles between Form & Content
9. -wt Option is used to enable perls taint mode. 10. Grep command is used for Search ===================================================================== Part B b) Explain a Perl program to check the number of characters in a string. 7 define a string variable my $strVar = "A simple example of a string variable"; # get the length of the string my $strLength = length($strVar); # print the length print "Our string has $strLength characters\n"; # it prints: Our string has 37 characters ====================================================================== b) Why PERL is used for CGI programming? 7 Although CGI applications can be written in any almost any language, Perl and CGI scripting have become synonymous to many programmers. Perl is by far the most widely used language for CGI programming, and for many good reasons: Perl is easy to learn because it resembles other popular languages (such as C) Because when an error occurs it provides specific and detailed error messages to help you locate the problem quickly.

Perl allows rapid development because it is interpreted; the source code does not need to be compiled before execution. Perl is easily portable and available on many platforms. Perl contains extremely powerful string manipulation operators, with regular expression matching and substitution built right into the language. Perl handles and manipulates binary data just as easily as it handles text. Perl does not require strict variable types; numbers, strings, and Booleans are simply scalars. Perl interfaces with external applications very easily and provides its own file system functions.

2. What is meant by status code? List any four status code 8

The Status header consists of a three-digit numerical status code, indicating the status of the initiated operation, return status code helps the programmer to handle the situation accordingly
Status Code 200 204 301 401 403 404 500 501 Message Success No Response Document Moved Unauthorized Forbidden Not Found Internal Server Error Not Implemented

b) How form data is sent to servers? 7 There are two methods for sending form data: GET and POST. These methods determine how the form data is sent to the server. In the GET method, the input values from the form are sent as part of the URL, and saved in the QUERY_STRING environment variable. With POST, data is sent as an input stream to the program. If the GET method is used, the input values are simply appended to the URL of the program when the client issues the request to the server.

The query string is appended to the URL after the ? character. The server then takes this string and assigns it to the environment variable QUERY_STRING. The GET method has both advantages and disadvantages. The main advantage is that the CGI program can be accessed with a query without using a form. Basically, just passing the parameters to the program POST is more secure than GET, since the data isnt sent as part of the URL, and more data can be sent with POST. Also, browser, web server, or proxy server may cache GET queries, but posted data is resent each time. Web browser, when sending forms data, encodes the data being sent. Alphanumeric characters are sent as themselves; spaces are converted to plus signs (+); other characters like tabs, quotes, etc. are converted to %HH a percent sign and two hexadecimal digits representing the ASCII code of the character. This is called URL encoding. 6. a) What are the forms used for in CGI applications ? 8 HTML forms are the user interface that provides input to the CGI scripts. They are primarily used for two purposes: collecting data and accepting commands. Examples of data that may be collected are registration information, payment information, and online surveys. The commands that can be accepted via forms are using checkboxes, lists, and buttons to control various aspects of CGI application. Thus forms basic functions are data collection and interactive communication. The great advantage of HTML form is that user can use them to create a front end for numerous gateways (such as databases or other information servers) that can be accessed by any client without worrying about platform dependency. In order to process data from an HTML form, the browser must send the data via an HTTP request. A CGI script cannot check user input on the client side; the user must press the submit button and the input can only be validated once it has travelled to the server. JavaScript, on the other hand, can perform action in the browser. It can be used in conjunction with CGI script to provide a more responsive user interface.
A form is simply an area that can contain form fields for example text boxes, drop-down menus or radio buttons. When the visitor clicks a submit button, the content of the form is usually sent to a program that runs on the server <FORM ACTION=/cgi/sample.cgi METHOD=POST> . .

</FORM> The attributes of the <form> tag are: METHOD METHOD specifies the HTTP request method used when calling the CGI script. The options are GET and POST, ACTION ACTION specifies the URL of the CGI script that should receive the HTTP request made by the CGI script. By default, it is the same URL from which the browser retrieved the form. ENCTYPE ENCTYPE specifies the media type used to encode the content of the HTTP request. Because GET requests do not have a body, this attribute is only meaningful if the form has POST as its method. This attribute is rarely included. The only reason to specify another media type is when creating a form that accepts file uploads. File uploads must use multipart/form-data instead.

b) What does SSI mean? Explain with a neat diagram the working of SSI. 7 Server Side Includes (SSI) is a simple interpreted server-side scripting language used almost exclusively for the Web, SSI has a simple syntax: <!--#directive parameter=value parameter=value -->. Directives are placed in HTML comments so that if SSI is not enabled, users will not see the SSI directives on the page
Refer to 5.3.1

7. a) Write a note on Perl taint mode. 8 The purpose of taint mode is (to stop) / not to allow any outside application data affect the application in ay manner. Thus perl will not allow user inputted values to be used in an eval, passed through a shell or used in any of the Perl commands that affect files and process. It was created for situations when security is important such as writing perl programs that run as root or CGI scripts. You should always use taint mode in your CGI scripts.
When taint mode is enabled perl monitors every variable to see if it is tainted. Tainted data, according to Perl, is any data that comes from outside your code. Because this includes anything read from the STDIN (or any other file input) as well as all environment variables this covers everything your CGI script receives from the user. What is monitored by Taint Mode: The base rule as we have said, is that Perl considers any action that could modify resources outside the script subject to enforcement. Thus you may open a file using a tainted filename and read from it as long as you did so in read only mode. However if you try to open the file to write to it, using a tainted filename Perl will abort with an error. It is generally better to determine what characters to allow than to try determining what not to allow. Build your untaint regular expressions with this in mind

Explain the environment variable content length

One of the methods that the web server uses to pass information to a cgi script is through environmental variables. These are created and assigned appropriate values within the environment that the server spawns for the cgi script. They can be accessed as any other environmental variable The length, in bytes, of the input stream is being passed through standard input. This is needed when a script is processing input with the POST method, in order to read the correct number of bytes from the standard input. Some servers end the input string with EOF, but this is not guaranteed behavior, so, in order to be sure that you read the correct input length you can do something like read(STDIN,$input,$ENV{CONTENT_LENGTH})

What is DHTML? Explain. 9

Ans: Dynamic HTML (DHTML) is a set of innovative features which enables authors to dynamically change the rendering and content of a document. DHTML gives authors the ability to create visually outstanding HTML documents that interact with the user, without the burden of relying on serverside programs or complicated sets of HTML pages to achieve special effects. With DHTML, you can easily add effects to your documents that previously were difficult to achieve. For example, you can: Hide text and images in your document and keep this content hidden until a given time elapses or the user interacts with the page. Animate text and images in your document, independently moving each element from any starting point to any ending point, following a path that you choose or that you allow the user choose. Create a ticker that automatically refreshes its content with the latest news, stock quotes, or other data. Create a form and then instantly read, process, and respond to the data the user enters in the form.

Explain CGI.PM, How is input handled in CGI.PM / Explain http, https, self-url.

CGI.pm primarily handles two separate tasks: it reads and parses input from the user, and it provides a convenient way to return HTML output, inputs are accepted with help of Environment variables, Most of these CGI.pm methods take no arguments and return
that same value as the corresponding environment variable.

HTTP: If the http method is called without arguments, it returns the name of the environment variables available that contain an HTTP_ prefix. If you call http with an argument, then it will return the value of the corresponding HTTP_ environment variable. When passing an argument to http, the HTTP_ prefix is optional, capitalization does not matter, and hyphens and underscores are interpreted the same

HTTPS: The https method functions similarly to the http method when it is passed a parameter. It returns the corresponding HTTPS_ environment variable. These variables are set by your web server only if you are receiving a secure request via SSL. When https is called without arguments, it returns the value of the HTTPS environment variable, which indicates whether the connection is secure (its values are server-dependent). Self_URL: This method does not correspond to a standard CGI environment variable, although you could manually construct it from other environment variables. It provides you with a URL that can call your CGI with the same parameters. The path information is maintained and the query string is set to the value of the query_string method. Your CGI script may have been called because of an internal redirection by the web server. Also, because all of the parameters are moved to the query string, this new URL is built to be used with a GET request, even if the current request was a POST request.
What is CSS? How it works?
Cascading Style Sheets (CSS) are a collection of formatting rules that control the appearance of content in a web page. They are very useful for maintaining a web site since its appearance (controlled by properties of HTML tags) can be managed from just one file. CSS Styles also enhance your sites look, accessibility and reduces file size. Another main advantage is reusability - instead of defining the properties of fonts, backgrounds, borders, bullets, uniform tags, etc. each time you use them you can just assign the corresponding CSS style in the class property. You can store CSS styles directly in each document or, for more control and flexibility, in an external style sheet. There are 3 types of CSS Styles: Custom CSS (Class) styles: create a customized style with the set attributes. These class styles can be applied to any tag. HTML Tag styles: redefine the formatting for a particular tag, such as <h1>. All text formatted with the h1 tag is immediately updated. Advanced CSS Selector styles: redefine the formatting for: 1. A particular combination of tags (for example, td h2 applies whenever an h2 header appears inside a table cell) and pseudo-class styles (for example, a:link, a:hover, a:visited) 2. A specific ID attribute (for example, #myStyle applies to all tags that contain the attribute-value pair id=myStyle)

Or

External style sheet, which you use when you want to apply the same styles consistently across all the pages in your Web site that are linked to it. Also known as linked style sheet. Embedded style sheet, which you use when you want to define styles for the current page Inline style sheet, which you apply to individual elements on a page.

CSS styles are defined within the <style> tag. If you define the styles embedded within your current document you will find code similar to the following in your head content: <style type=text/css> <! .bluetext .. > </style>

Explain the different applications of SSI

SSI (Server Side Includes) is directives that are placed in HTML pages, and evaluated on the server while the pages are being served. They let you add dynamically generated content to an existing HTML page, without having to serve the entire page via a CGI program, or other dynamic technology. SSI is certainly not a replacement for CGI, or other technologies used for generating dynamic web pages. But it is a great way to add small amounts of dynamic content to pages, without doing a lot of extra work

Basic SSI directives

Today's date
Today is <!--#echo var="DATE_LOCAL" -->

Modification date of the file

This document last modified <!--#flastmod file="index.html" -->

Including the results of a CGI program

This is one of the more common uses of SSI - to output the results of a CGI program, such as everybody's favorite, a ``hit counter.''
<!--#include virtual="/cgi-bin/counter.pl" -->

Executing commands

You can actually have SSI execute a command using the shell (/bin/sh, to be precise or the DOS shell, if you're on Win32). The following, for example, will give you a directory listing.
<pre> <!--#exec cmd="ls" --> </pre>

1. Explain loops and conditionals in HTML:: Template 2. Explain the following SSI directives. 8 3. i) fsize ii) flastmod
The #flastmod and #fsize server-side includes provide important information on web pages hosted by classic ASP web sites. The #flastmod include prints the date when the file was last modified. The #fsize include prints the size of the specified file. When you apply these includes to a web site that allows users to download files, they allow users to check and see whether a file is new, and also the size, so that the user can estimate how long the download will take. Also, these commands are dynamic. This means that if the file size changes or the last modified date changes, the files are updated automatically.
<html> <head> <Title>SSI Include</title> </head> <body> The file available for download is <a href="download.zip">Download.zip</a>, its size is <!--#fsize file="download.zip"-->. The file was last updated on <!--#flastmod file="download.zip"--> </body> </html>

4. What are the different modules available for creating graphs?

5. Explain how to prevent catching of images a. Expires HTTP header is one of the option however this is not supported by many browsers b. Alternately we can use generate the file name dynamically along with the tag name as well in order not to have the same cached, this approach needs to be used sparingly
my $time = time; print $q->img( { -src => /cgi/survey_graph.cgi/$time/survey.png } );

6. What are gateways

Ans : Gateways, are programs or scripts used to access information that is not directly readable by the client, CGI provides solution to this in the form of a gateway. To read the information contained within the database, a language such as oraperl or a DBI extension to perl to form SQL queries can be used. In these cases, the CGI program serves as a gateway to the database, as shown in Figure

7. b) What is the security threats associated with browser? 7 8. b) What do you mean by dynamic web pages? 7 9. a) Explain the internal working of CGI with architecture. 8 10. With a neat diagram, explain the steps involved in form interaction with CGI. 8 11. b) What are the benefits of server redirections? Explain with diagram. 7 12. What are environment variables? Explain any four with suitable example. 8 13. What programming language features are required for CGI programming? 5 14. Mention two coding techniques used in perl to develop stable applications, Explain one of them. 5 15. Which are the applications that are designed in CGI 16. Explain any two control structures in Perl. 8 17. Explain the basic structure of Perl program 8 18. Explain the variable type hash with the functions to access the contents of the hash. 8
Ans: A hash is a special kind of array - an associative array, or paired group of elements. Perl hash names are prefixed with a percent sign (%), and consist of pairs of elements - a key and a data value. Heres how to define a hash: The exists function can be used to see if a particular key/value pair exists in the hash: exists $hashname{key} To empty out the entire hash, do: %hashname = ();

19. Explain the different image file formats. 7 20. What are the design goals of XML ? 8 21. Explain the added features of PNG over GIF. 7 22. Explain the importance of web security. 7 23. Explain the methods of developing scheme solution. 8

24. Write a perl program which does the same as the UNIX cat command on text file. 7
$file = /abcd; # Name the file open(INFO, $file); # Open the file @lines = <INFO>; # Read it into an array close(INFO); # Close the file print @lines; # Print the array